From 96616c4b3caaaeefe31c58973e71fc9ab287a475 Mon Sep 17 00:00:00 2001
From: robiscool <robrob2626@yahoo.com>
Date: Mon, 7 Dec 2009 19:27:05 -0800
Subject: snort-dev, download rules code

---
 config/snort-dev/snort_check_for_rule_updates.php | 24 ++++++++++++++++++-----
 config/snort-dev/snort_download_rules.php         | 20 ++++++++++++++++++-
 config/snort-dev/snort_interfaces.php             |  2 +-
 3 files changed, 39 insertions(+), 7 deletions(-)

(limited to 'config/snort-dev')

diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php
index 48a2ee73..1bc48a28 100644
--- a/config/snort-dev/snort_check_for_rule_updates.php
+++ b/config/snort-dev/snort_check_for_rule_updates.php
@@ -67,6 +67,7 @@ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-
 
 /* send current buffer */
 ob_flush();
+conf_mount_rw();
 
 /* define oinkid */
 if($config['installedpackages']['snortglobal'])
@@ -101,6 +102,7 @@ if ($premium_url_chk == "premium") {
 
 /* send current buffer */
 ob_flush();
+conf_mount_rw();
 
 /*  remove old $tmpfname files */
 if (file_exists("{$tmpfname}")) {
@@ -116,6 +118,7 @@ exec("/bin/mkdir -p {$snortdir}/signatures");
 
 /* send current buffer */
 ob_flush();
+conf_mount_rw();
 
 /* If tmp dir does not exist create it */
 if (file_exists($tmpfname)) {
@@ -263,15 +266,19 @@ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULES ARE OUT OF
 exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Stopping All Snort Package Services...'");
 $chk_if_snort_up = exec("pgrep -x snort");
 if ($chk_if_snort_up != "") {
-	exec("/usr/bin/touch /tmp/snort_download_halt.pid");
+			
+			
+			exec("/usr/bin/touch /tmp/snort_download_halt.pid");
 		
 			/* dont flood the syslog code */
 			exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
 			sleep(3);
 			
 			exec("/usr/bin/killall snort");
+			exec("/bin/rm /var/run/snort*");
 			sleep(2);
 			exec("/usr/bin/killall barnyard2");
+			exec("/bin/rm /var/run/barnyard2*");
 			
 			/* stop syslog flood code */		
 			exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_rules_update.log");
@@ -679,8 +686,8 @@ if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_c
 	if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) || empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
 	echo "Your first set of rules are being copied...\n";
 	echo "May take a while...\n";
-	exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug");
-    exec("/bin/cp {$snortdir}/rules/\* {$snortdir_wan}/snort_$id$if_real/rules/");
+	exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" >> /root/debug");
+    exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
 	exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
 	exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
 	exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
@@ -693,7 +700,7 @@ if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_c
 		echo "Your enable and disable changes are being applied to your fresh set of rules...\n";
 		echo "May take a while...\n";
 		exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug");
-		exec("/bin/cp {$snortdir}/rules/\* {$snortdir_wan}/snort_$id$if_real/rules/");
+		exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/");
 		exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real");
 		exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real");
 		exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real");
@@ -727,10 +734,17 @@ sleep(2);
 apc_clear_cache();
 exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
 
+	/* make snort the owner */
+	exec("/usr/sbin/chown -R snort:snort /var/log/snort");
+	exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
+	exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
+	exec("/bin/chmod -R 755  /var/log/snort");
+	exec("/bin/chmod -R 755  /usr/local/etc/snort");
+	exec("/bin/chmod -R 755  /usr/local/lib/snort");
+
 /* if snort is running hardrestart, if snort is not running do nothing */
 if (file_exists("/tmp/snort_download_halt.pid")) {
 	exec("/bin/sh /usr/local/etc/rc.d/snort* start");
-	start_service("snort");
 	echo "The Rules update finished...\n";
 	echo "Snort has restarted with your new set of rules...\n";
 	exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'");
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php
index d7b58c39..952a4d4d 100644
--- a/config/snort-dev/snort_download_rules.php
+++ b/config/snort-dev/snort_download_rules.php
@@ -53,8 +53,22 @@ if (isset($_POST['id_d']))
 $last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
 $last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
 
+$snort_rule_d_chk = $config['installedpackages']['snortglobal']['snortdownload'];
+$emrging_rule_d_chk = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snort_rule_d_chk != premium || $snort_rule_d_chk == "" )
+	$snort_rule_d_info = "no";
+
+if ($emrging_rule_d_chk != on || $emrging_rule_d_chk == "" )
+	$emrging_rule_d_info = "no";
+
+if ($snort_rule_d_info == "no" && $emrging_rule_d_info = "no")
+	$snort_$emrging_info = "stop";
+
+
+
 /* If no id show the user a button */	
-if ($id_d == "") {
+if ($id_d == "" || $snort_$emrging_info = "stop") {
 
 $pgtitle = "Services: Snort: Update Rules";
 
@@ -117,8 +131,12 @@ echo  		"</td>\n
 \n
 <p>\n\n";
 
+if ($id_d == "")
 echo "Click on the <strong>\"Update Rules\"</strong> button to start the updates. <br><br> \n";
 
+if ($snort_$emrging_info = "stop")
+echo "Click on the <strong>\"Global Settings\"</strong> TAB and select ether snort.org or enmergingthreats.net rules to download. <br><br> \n";
+
 if ($config['installedpackages']['snortglobal']['last_md5_download'] != "")
 echo "The last time the updates were started <strong>$last_md5_download</strong>. <br><br> \n";
 
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index f358e6c6..fc7d2c6e 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -275,7 +275,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "")
 
 }	
 
-$pgtitle = "Services: Snort 2.8.4.1_6 pkg v. 1.8 RC2";
+$pgtitle = "Services: Snort 2.8.4.1_6 pkg v. 1.8 RC1";
 include("head.inc");
 
 ?>
-- 
cgit v1.2.3