From 8b2f1c7498469af7ca5926ff8025e1a93fd3579d Mon Sep 17 00:00:00 2001
From: robiscool <robrob2626@yahoo.com>
Date: Thu, 9 Sep 2010 21:31:10 -0700
Subject: snort, add log rotation, fix bugs

---
 config/snort/snort_check_cron_misc.inc | 80 ++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 config/snort/snort_check_cron_misc.inc

(limited to 'config/snort/snort_check_cron_misc.inc')

diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
new file mode 100644
index 00000000..d5d5e095
--- /dev/null
+++ b/config/snort/snort_check_cron_misc.inc
@@ -0,0 +1,80 @@
+<?php
+/* $Id$ */
+/*
+	snort_chk_log_dir_size.php
+	part of pfSense
+	
+	Modified for the Pfsense snort package v. 1.8+
+	Copyright (C) 2009-2010 Robert Zelaya Developer
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("/usr/local/pkg/snort/snort.inc");
+
+//        'B' => 1,
+//        'KB' => 1024,
+//        'MB' => 1024 * 1024,
+//        'GB' => 1024 * 1024 * 1024,
+//        'TB' => 1024 * 1024 * 1024 * 1024,
+//        'PB' => 1024 * 1024 * 1024 * 1024 * 1024,
+
+
+/* chk if snort log dir is full if so clear it */
+$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit']; 
+$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
+
+if ($g['booting']==true) {
+	exit(0);
+}
+
+if ($snortloglimit == 'off') {
+	exit(0);
+}
+
+$snortloglimitDSKsize = exec('df -k /var | grep -v "Filesystem" | awk \'{print \$4}\'');
+
+$snortlogAlertsizeKB = snort_Getdirsize('/var/log/snort/alert'); 
+$snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70);
+$snortloglimitsizeKB = round($snortloglimitsize * 1024);
+
+/* do I need HUP kill ? */
+if (snort_Getdirsize('/var/log/snort/') >= $snortloglimitsizeKB ) {
+
+        conf_mount_rw();
+        if(file_exists('/var/log/snort/alert')) {
+        		if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) {
+        			exec('/bin/echo "" > /var/log/snort/alert');
+        		}
+                post_delete_logs();
+                exec('/usr/sbin/chown snort:snort /var/log/snort/*');
+                exec('/bin/chmod 660 /var/log/snort/*');
+                //sleep(2);
+                //exec('/usr/bin/killall -HUP snort');
+        }
+        conf_mount_ro();
+
+}
+
+
+?>
\ No newline at end of file
-- 
cgit v1.2.3