From 09d8b2fd5028ce1b58ecafc57c11e8336db2a5ae Mon Sep 17 00:00:00 2001 From: robiscool Date: Wed, 31 Mar 2010 04:04:56 -0700 Subject: snort-dev, final test --- config/snort-dev/images/icon_excli.png | Bin 0 -> 5280 bytes config/snort-dev/snort.inc | 41 +++++---- config/snort-dev/snort_barnyard.php | 66 +++++++++++-- config/snort-dev/snort_define_servers.php | 72 +++++++++++++-- config/snort-dev/snort_download_rules.php | 33 ++++++- config/snort-dev/snort_fbegin.inc | 0 config/snort-dev/snort_gui.inc | 4 +- config/snort-dev/snort_help_info.php | 86 ++++++++++++++++- config/snort-dev/snort_interfaces.php | 106 +++++++++++++-------- config/snort-dev/snort_interfaces_edit.php | 133 +++++++++++++++++---------- config/snort-dev/snort_interfaces_global.php | 6 +- config/snort-dev/snort_preprocessors.php | 66 +++++++++++-- config/snort-dev/snort_rulesets.php | 62 +++++++++++-- 13 files changed, 529 insertions(+), 146 deletions(-) create mode 100644 config/snort-dev/images/icon_excli.png mode change 100755 => 100644 config/snort-dev/snort_fbegin.inc (limited to 'config/snort-dev') diff --git a/config/snort-dev/images/icon_excli.png b/config/snort-dev/images/icon_excli.png new file mode 100644 index 00000000..4b54fa31 Binary files /dev/null and b/config/snort-dev/images/icon_excli.png differ diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index b6012e51..cd8ba9a2 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -58,19 +58,23 @@ if ($pfsense_ver_chk == '1.2.3-RELEASE') } if(snort_up_ck != ''){ - - $snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); - $snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); - $snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); - if ($snort_up_s != '' || $snort_up_r != '') { - $snort_up = 'yes'; + //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); + //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); + //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); + + /* use ob_clean to clear output buffer, this code needs to be watched */ + ob_clean(); + $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'", $retval); + + if ($snort_up_prell != "") { + $snort_uph = 'yes'; }else{ - $snort_up = 'no'; + $snort_uph = 'no'; } } - return $snort_up; + return $snort_uph; } /* checks to see if barnyard2 is running yes/no */ @@ -86,11 +90,15 @@ if ($pfsense_ver_chk == '1.2.3-RELEASE') if(snort_up_ck_b != ''){ + //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); + //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); + //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); + + /* use ob_clean to clear output buffer, this code needs to be watched */ + ob_clean(); $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); - $snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); - $snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); - if ($snort_up_s_b != '' || $snort_up_r != '') { + if ($snort_up_pre_b != '') { $snort_up_b = 'yes'; }else{ $snort_up_b = 'no'; @@ -288,6 +296,7 @@ function snort_postinstall() exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer2.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png'); chdir ("/usr/local/www/snort/javascript/"); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.blockUI.js'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.3.2.js'); @@ -592,7 +601,6 @@ $snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_lis foreach ($snort_dir_filter_search_result as $value) { exec("rm -r /usr/local/etc/snort/$value"); - exec("echo \"rm -r /usr/local/etc/snort/$value\" >> /root/test.log"); } } @@ -661,7 +669,6 @@ if ($id != '' && $if_real != '') //new sync_snort_package(); - exec("echo \"Funtion sync all $id $if_real $snort_uuid....\" >> /root/test.log"); conf_mount_ro(); } } @@ -1062,8 +1069,6 @@ function snort_deinstall() global $config, $g, $id, $if_real; conf_mount_rw(); -exec("echo \"Snort Deinstall $if_real $id....\" >> /root/test.log"); - /* remove custom sysctl */ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); /* decrease bpf buffers back to 4096, from 20480 */ @@ -1092,8 +1097,6 @@ function snort_rm_blocked_deinstall_cron($should_install) global $config, $g; conf_mount_rw(); -exec("echo \"Deinstall cron block....\" >> /root/test.log"); - $is_installed = false; if(!$config['cron']['item']) @@ -1131,8 +1134,6 @@ exec("echo \"Deinstall cron block....\" >> /root/test.log"); { global $config, $g; conf_mount_rw(); - -exec("echo \"Deinstall rules up ....\" >> /root/test.log"); $is_installed = false; @@ -1170,6 +1171,7 @@ snort_rules_up_deinstall_cron(""); exec("rm -r /usr/local/www/snort"); exec("rm -r /usr/local/pkg/snort"); exec("rm -r /usr/local/lib/snort/"); + exec("rm -r /var/log/snort/"); conf_mount_ro(); @@ -2103,7 +2105,6 @@ function check_for_common_errors($filename) { hide_progress_bar_status(); } else { log_error("An error occured. Scroll down to inspect it's contents."); - echo "An error occured. Scroll down to inspect it's contents."; } if(!$console_mode) { update_output_window(strip_tags("$contents")); diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index 8189e414..b8f05c47 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -41,6 +41,7 @@ Important add error checking require_once("globals.inc"); require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); @@ -130,7 +131,28 @@ if (isset($_GET['dup'])) $if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; -if ($_POST) { + + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all(); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + + + if ($_POST["Submit"]) { /* check for overlaps */ foreach ($a_nat as $natent) { @@ -215,13 +237,16 @@ if ($_POST) { $a_nat[] = $natent; } - /* enable this if you want the user to aprove changes */ - // touch($d_natconfdirty_path); - sync_snort_package_all(); - write_config(); /* after click go to this page */ + touch($d_snortconfdirty_path); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); header("Location: snort_barnyard.php?id=$id"); exit; } @@ -272,9 +297,34 @@ echo " //--> - -
+ +'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.
+ You must apply the changes in order for them to take effect.
+ '); + } + } + +?> +
  - + diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php index 2d1f1f1d..dfda630b 100644 --- a/config/snort-dev/snort_define_servers.php +++ b/config/snort-dev/snort_define_servers.php @@ -41,10 +41,12 @@ Important add error checking require_once("globals.inc"); require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); } + //nat_rules_sort(); $a_nat = &$config['installedpackages']['snortglobal']['rule']; @@ -57,6 +59,7 @@ if (isset($_GET['dup'])) { $after = $_GET['dup']; } + if (isset($id) && $a_nat[$id]) { /* old options */ @@ -125,7 +128,8 @@ if (isset($_GET['dup'])) /* convert fake interfaces to real */ $if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); -if ($_POST) { + + if ($_POST["Submit"]) { /* check for overlaps */ @@ -204,18 +208,45 @@ if ($_POST) { $a_nat[] = $natent; } - /* enable this if you want the user to aprove changes */ - // touch($d_natconfdirty_path); - sync_snort_package_all(); - write_config(); /* after click go to this page */ + + touch($d_snortconfdirty_path); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: snort_define_servers.php?id=$id"); + exit; } } + + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$pconfig['uuid']}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all(); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + $pgtitle = "Snort: Interface $id$if_real Define Servers"; include("head.inc"); @@ -241,9 +272,36 @@ padding: 15px 10px 85% 50px; - - + + +'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.
+ You must apply the changes in order for them to take effect.
+ '); + } + } + +?> +
"; if($pfsense_stable == 'yes'){echo $pgtitle;} echo "

\n"; + + echo "\n"; + echo " \n"; + echo " \n"; + echo "
\n"; + echo "
\n"; + echo " \n"; + echo " "; + echo "
\n"; + echo "    \n"; + echo " NOTE:  Snort.org and Emergingthreats.net will go down from time to time. Please be patient.\n"; + echo "
\n"; + echo "
\n"; + echo "
\n"; + echo "\n"; + echo "\n
\n"; + /* make sure user has javascript on */ echo " + +
+ \"Apps\" + Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, + Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com +
\n"; +} + +if ($pfsense_stable != 'yes') { +$footer3 = " + + + +
+ Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, + Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com +
\n"; +} +?> + +
-
- Snort is a registered trademark of Sourcefire, Inc., Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, - Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com. -
+ + + + + +