From 595c831d2768547d49e6daf147889c6aee15f9a4 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 18 Nov 2013 18:59:41 -0500 Subject: Snort 2.9.5.5 pkg v3.0.0 update --- config/snort/snort_check_for_rule_updates.php | 441 +++++++++++--------------- 1 file changed, 191 insertions(+), 250 deletions(-) (limited to 'config/snort/snort_check_for_rule_updates.php') diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index e7263330..2afae663 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -53,6 +53,14 @@ if (!defined("GPLV2_DNLD_URL")) define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/"); if (!defined("RULES_UPD_LOGFILE")) define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); +if (!defined("VRT_FILE_PREFIX")) + define("VRT_FILE_PREFIX", "snort_"); +if (!defined("GPL_FILE_PREFIX")) + define("GPL_FILE_PREFIX", "GPLv2_"); +if (!defined("ET_OPEN_FILE_PREFIX")) + define("ET_OPEN_FILE_PREFIX", "emerging-"); +if (!defined("ET_PRO_FILE_PREFIX")) + define("ET_PRO_FILE_PREFIX", "etpro-"); $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; @@ -118,7 +126,6 @@ $snort_community_rules_filename = GPLV2_DNLD_FILENAME; $snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5"; $snort_community_rules_url = GPLV2_DNLD_URL; -/* Custom function for rules file download via URL */ function snort_download_file_url($url, $file_out) { /************************************************/ @@ -127,18 +134,21 @@ function snort_download_file_url($url, $file_out) { /* saves the content to the file specified by */ /* $file. */ /* */ + /* This is needed so console output can be */ + /* suppressed to prevent XMLRPC sync errors. */ + /* */ /* It provides logging of returned CURL errors. */ /************************************************/ global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update; - // Initialize required variables for pfSense "read_body()" function + // Initialize required variables for the pfSense "read_body()" function $file_size = 1; $downloaded = 1; $first_progress_update = TRUE; - /* Array of message strings for HTTP Response Codes */ + // Array of message strings for HTTP Response Codes $http_resp_msg = array( 200 => "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content", 206 => "Partial Content", 301 => "Moved Permanently", 302 => "Found", 305 => "Use Proxy", 307 => "Temporary Redirect", 400 => "Bad Request", @@ -157,7 +167,7 @@ function snort_download_file_url($url, $file_out) { return false; curl_setopt($ch, CURLOPT_FILE, $fout); - /* NOTE: required to suppress errors from XMLRPC due to progress bar output */ + // NOTE: required to suppress errors from XMLRPC due to progress bar output if ($g['snort_sync_in_progress']) curl_setopt($ch, CURLOPT_HEADER, false); else { @@ -167,7 +177,6 @@ function snort_download_file_url($url, $file_out) { curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)"); - /* Don't verify SSL peers since we don't have the certificates to do so. */ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_TIMEOUT, 0); @@ -185,7 +194,7 @@ function snort_download_file_url($url, $file_out) { $counter = 0; $rc = true; - /* Try up to 4 times to download the file before giving up */ + // Try up to 4 times to download the file before giving up while ($counter < 4) { $counter++; $rc = curl_exec($ch); @@ -202,7 +211,8 @@ function snort_download_file_url($url, $file_out) { $last_curl_error = $http_resp_msg[$http_code]; curl_close($ch); fclose($fout); - /* If we had to try more than once, log it */ + + // If we had to try more than once, log it if ($counter > 1) log_error(gettext("File '" . basename($file_out) . "' download attempts: {$counter} ...")); return ($http_code == 200) ? true : $http_code; @@ -214,7 +224,140 @@ function snort_download_file_url($url, $file_out) { } } -/* Start of code */ +function snort_check_rule_md5($file_url, $file_dst, $desc = "") { + + /**********************************************************/ + /* This function attempts to download the passed MD5 hash */ + /* file and compare its contents to the currently stored */ + /* hash file to see if a new rules file has been posted. */ + /* */ + /* On Entry: $file_url = URL for md5 hash file */ + /* $file_dst = Temp destination to store the */ + /* downloaded hash file */ + /* $desc = Short text string used to label */ + /* log messages with rules type */ + /* */ + /* Returns: TRUE if new rule file download required. */ + /* FALSE if rule download not required or an */ + /* error occurred. */ + /**********************************************************/ + + global $pkg_interface, $snort_rules_upd_log, $last_curl_error; + + $snortdir = SNORTDIR; + $filename_md5 = basename($file_dst); + + if ($pkg_interface <> "console") + update_status(gettext("Downloading {$desc} md5 file...")); + error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, $snort_rules_upd_log); + $rc = snort_download_file_url($file_url, $file_dst); + + // See if download from URL was successful + if ($rc === true) { + if ($pkg_interface <> "console") + update_status(gettext("Done downloading {$filename_md5}.")); + error_log("\tChecking {$desc} md5 file...\n", 3, $snort_rules_upd_log); + + // check md5 hash in new file against current file to see if new download is posted + if (file_exists("{$snortdir}/{$filename_md5}")) { + $md5_check_new = file_get_contents($file_dst); + $md5_check_old = file_get_contents("{$snortdir}/{$filename_md5}"); + if ($md5_check_new == $md5_check_old) { + if ($pkg_interface <> "console") + update_status(gettext("{$desc} are up to date...")); + log_error(gettext("[Snort] {$desc} are up to date...")); + error_log(gettext("\t{$desc} are up to date.\n"), 3, $snort_rules_upd_log); + return false; + } + else + return true; + } + return true; + } + else { + error_log(gettext("\t{$desc} md5 download failed.\n"), 3, $snort_rules_upd_log); + $snort_err_msg = gettext("Server returned error code {$rc}."); + if ($pkg_interface <> "console") { + update_status(gettext("{$desc} md5 error ... Server returned error code {$rc} ...")); + update_output_window(gettext("{$desc} will not be updated.\n\t{$snort_err_msg}")); + } + log_error(gettext("[Snort] {$desc} md5 download failed...")); + log_error(gettext("[Snort] Server returned error code {$rc}...")); + error_log(gettext("\t{$snort_err_msg}\n"), 3, $snort_rules_upd_log); + if ($pkg_interface == "console") + error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + return false; + } +} + +function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { + + /**********************************************************/ + /* This function downloads the passed rules file and */ + /* compares its computed md5 hash to the passed md5 hash */ + /* to verify the file's integrity. */ + /* */ + /* On Entry: $file_url = URL of rules file */ + /* $file_dst = Temp destination to store the */ + /* downloaded rules file */ + /* $file_md5 = Expected md5 hash for the new */ + /* downloaded rules file */ + /* $desc = Short text string for use in */ + /* log messages */ + /* */ + /* Returns: TRUE if download was successful. */ + /* FALSE if download was not successful. */ + /**********************************************************/ + + global $pkg_interface, $snort_rules_upd_log, $last_curl_error; + + $snortdir = SNORTDIR; + $filename = basename($file_dst); + + if ($pkg_interface <> "console") + update_status(gettext("There is a new set of {$desc} posted. Downloading...")); + log_error(gettext("[Snort] There is a new set of {$desc} posted. Downloading {$filename}...")); + error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, $snort_rules_upd_log); + $rc = snort_download_file_url($file_url, $file_dst); + + // See if the download from the URL was successful + if ($rc === true) { + if ($pkg_interface <> "console") + update_status(gettext("Done downloading {$desc} file.")); + log_error("[Snort] {$desc} file update downloaded successfully"); + error_log(gettext("\tDone downloading rules file.\n"),3, $snort_rules_upd_log); + + // Test integrity of the rules file. Turn off update if file has wrong md5 hash + if ($file_md5 != trim(md5_file($file_dst))){ + if ($pkg_interface <> "console") + update_output_window(gettext("{$desc} file MD5 checksum failed...")); + log_error(gettext("[Snort] {$desc} file download failed. Bad MD5 checksum...")); + log_error(gettext("[Snort] Downloaded File MD5: " . md5_file($file_dst))); + log_error(gettext("[Snort] Expected File MD5: {$file_md5}")); + error_log(gettext("\t{$desc} file download failed. Bad MD5 checksum.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + return false; + } + return true; + } + else { + if ($pkg_interface <> "console") + update_output_window(gettext("{$desc} file download failed...")); + log_error(gettext("[Snort] {$desc} file download failed... server returned error '{$rc}'...")); + error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, $snort_rules_upd_log); + if ($pkg_interface == "console") + error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + return false; + } + +} + +/* Start of main code */ conf_mount_rw(); /* remove old $tmpfname files */ @@ -239,171 +382,43 @@ if (file_exists($snort_rules_upd_log)) { error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $snort_rules_upd_log); $last_curl_error = ""; -/* download md5 sig from snort.org */ -if ($snortdownload == 'on') { - if ($pkg_interface <> "console") - update_status(gettext("Downloading Snort VRT md5 file {$snort_filename_md5}...")); - error_log(gettext("\tDownloading Snort VRT md5 file '{$snort_filename_md5}'...\n"), 3, $snort_rules_upd_log); - $rc = snort_download_file_url("{$snort_rule_url}{$snort_filename_md5}/{$oinkid}/", "{$tmpfname}/{$snort_filename_md5}"); - if ($rc === true) { - if ($pkg_interface <> "console") - update_status(gettext("Done downloading {$snort_filename_md5}.")); - error_log("\tChecking Snort VRT md5 file...\n", 3, $snort_rules_upd_log); - } - else { - error_log(gettext("\tSnort VRT md5 download failed.\n"), 3, $snort_rules_upd_log); - if ($rc == 403) { - $snort_err_msg = gettext("Too many attempts or Oinkcode not authorized for this Snort version.\n"); - $snort_err_msg .= gettext("\tFree Registered Users may download VRT Rules once every 15 minutes.\n"); - $snort_err_msg .= gettext("\tPaid Subscribers have no download limits.\n"); - } - else - $snort_err_msg = gettext("Server returned error code '{$rc}'."); - if ($pkg_interface <> "console") { - update_status(gettext("Snort VRT md5 error ... Server returned error code {$rc} ...")); - update_output_window(gettext("Snort VRT rules will not be updated.\n\t{$snort_err_msg}")); - } - log_error(gettext("[Snort] Snort VRT md5 download failed...")); - log_error(gettext("[Snort] Server returned error code '{$rc}'...")); - error_log(gettext("\t{$snort_err_msg}\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tServer error message was '{$last_curl_error}'\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tSnort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log); - $snortdownload = 'off'; - } -} - -/* Check if were up to date snort.org */ +/* Check for and download any new Snort VRT sigs */ if ($snortdownload == 'on') { - if (file_exists("{$snortdir}/{$snort_filename_md5}")) { - $md5_check_new = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5_check_old = file_get_contents("{$snortdir}/{$snort_filename_md5}"); - if ($md5_check_new == $md5_check_old) { - if ($pkg_interface <> "console") - update_status(gettext("Snort VRT rules are up to date...")); - log_error(gettext("[Snort] Snort VRT rules are up to date...")); - error_log(gettext("\tSnort VRT rules are up to date.\n"), 3, $snort_rules_upd_log); - $snortdownload = 'off'; - } - } -} - -/* download snortrules file */ -if ($snortdownload == 'on') { - if ($pkg_interface <> "console") - update_status(gettext("There is a new set of Snort VRT rules posted. Downloading {$snort_filename}...")); - log_error(gettext("[Snort] There is a new set of Snort VRT rules posted. Downloading...")); - error_log(gettext("\tThere is a new set of Snort VRT rules posted.\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tDownloading file '{$snort_filename}'...\n"), 3, $snort_rules_upd_log); - $rc = snort_download_file_url("{$snort_rule_url}{$snort_filename}/{$oinkid}/", "{$tmpfname}/{$snort_filename}"); - if ($rc === true) { - if ($pkg_interface <> "console") - update_status(gettext("Done downloading Snort VRT rules file.")); - log_error("[Snort] Snort VRT rules file update downloaded successfully"); - error_log(gettext("\tDone downloading rules file.\n"),3, $snort_rules_upd_log); - if (trim(file_get_contents("{$tmpfname}/{$snort_filename_md5}")) != trim(md5_file("{$tmpfname}/{$snort_filename}"))){ - if ($pkg_interface <> "console") - update_output_window(gettext("Snort VRT rules file MD5 checksum failed...")); - log_error(gettext("[Snort] Snort VRT rules file download failed. Bad MD5 checksum...")); - log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$snort_filename}"))); - log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$snort_filename_md5}"))); - error_log(gettext("\tSnort VRT rules file download failed. Bad MD5 checksum.\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tDownloaded Snort VRT file MD5: " . md5_file("{$tmpfname}/{$snort_filename}") . "\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tExpected Snort VRT file MD5: " . file_get_contents("{$tmpfname}/{$snort_filename_md5}") . "\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tSnort VRT rules file download failed. Snort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log); + if (snort_check_rule_md5("{$snort_rule_url}{$snort_filename_md5}/{$oinkid}/", "{$tmpfname}/{$snort_filename_md5}", "Snort VRT rules")) { + /* download snortrules file */ + $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_filename_md5}")); + if (!snort_fetch_new_rules("{$snort_rule_url}{$snort_filename}/{$oinkid}/", "{$tmpfname}/{$snort_filename}", $file_md5, "Snort VRT rules")) $snortdownload = 'off'; - } } - else { - if ($pkg_interface <> "console") - update_output_window(gettext("Snort VRT rules file download failed...")); - log_error(gettext("[Snort] Snort VRT rules file download failed... server returned error '{$rc}'...")); - error_log(gettext("\tSnort VRT rules file download failed. Server returned error {$rc}.\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tThe error text was '{$last_curl_error}'\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tSnort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log); + else $snortdownload = 'off'; - } } -/* download md5 sig from Snort GPLv2 Community Rules */ +/* Check for and download any new Snort GPLv2 Community Rules sigs */ if ($snortcommunityrules == 'on') { - if ($pkg_interface <> "console") - update_status(gettext("Downloading Snort GPLv2 Community Rules md5 file {$snort_community_rules_filename_md5}...")); - error_log(gettext("\tDownloading Snort GPLv2 Community Rules md5 file '{$snort_community_rules_filename_md5}'...\n"), 3, $snort_rules_upd_log); - $rc = snort_download_file_url("{$snort_community_rules_url}{$snort_community_rules_filename_md5}", "{$tmpfname}/{$snort_community_rules_filename_md5}"); - if ($rc === true) { - if ($pkg_interface <> "console") - update_status(gettext("Done downloading Snort GPLv2 Community Rules md5")); - error_log(gettext("\tChecking Snort GPLv2 Community Rules md5.\n"), 3, $snort_rules_upd_log); - if (file_exists("{$snortdir}/{$snort_community_rules_filename_md5}") && $snortcommunityrules == "on") { - /* Check if were up to date Snort GPLv2 Community Rules */ - $snort_comm_md5_check_new = file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}"); - $snort_comm_md5_check_old = file_get_contents("{$snortdir}/{$snort_community_rules_filename_md5}"); - if ($snort_comm_md5_check_new == $snort_comm_md5_check_old) { - if ($pkg_interface <> "console") - update_status(gettext("Snort GPLv2 Community Rules are up to date...")); - log_error(gettext("[Snort] Snort GPLv2 Community Rules are up to date...")); - error_log(gettext("\tSnort GPLv2 Community Rules are up to date.\n"), 3, $snort_rules_upd_log); - $snortcommunityrules = 'off'; - } - } + if (snort_check_rule_md5("{$snort_community_rules_url}{$snort_community_rules_filename_md5}", "{$tmpfname}/{$snort_community_rules_filename_md5}", "Snort GPLv2 Community Rules")) { + /* download Snort GPLv2 Community Rules file */ + $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")); + if (!snort_fetch_new_rules("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}", $file_md5, "Snort GPLv2 Community Rules")) + $snortcommunityrules = 'off'; } - else { - if ($pkg_interface <> "console") - update_output_window(gettext("Snort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated.")); - log_error(gettext("[Snort] Snort GPLv2 Community Rules md5 file download failed. Server returned error code '{$rc}'.")); - error_log(gettext("\tSnort GPLv2 Community Rules md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tSnort GPLv2 Community Rules will not be updated.\n"), 3, $snort_rules_upd_log); + else $snortcommunityrules = 'off'; - } } -/* download Snort GPLv2 Community rules file */ -if ($snortcommunityrules == "on") { - if ($pkg_interface <> "console") - update_status(gettext("There is a new set of Snort GPLv2 Community Rules posted. Downloading {$snort_community_rules_filename} ...")); - log_error(gettext("[Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading...")); - error_log(gettext("\tThere is a new set of Snort GPLv2 Community Rules posted.\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tDownloading file '{$snort_community_rules_filename}'...\n"), 3, $snort_rules_upd_log); - $rc = snort_download_file_url("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}"); - - /* Test for a valid rules file download. Turn off Snort Community update if download failed. */ - if ($rc === true) { - if (trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")) != trim(md5_file("{$tmpfname}/{$snort_community_rules_filename}"))){ - if ($pkg_interface <> "console") - update_output_window(gettext("Snort GPLv2 Community Rules file MD5 checksum failed...")); - log_error(gettext("[Snort] Snort GPLv2 Community Rules file download failed. Bad MD5 checksum...")); - log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}"))); - log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}"))); - error_log(gettext("\tSnort GPLv2 Community Rules file download failed. Community Rules will not be updated.\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tDownloaded Snort GPLv2 file MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}") . "\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tExpected Snort GPLv2 file MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}") . "\n"), 3, $snort_rules_upd_log); - $snortcommunityrules = 'off'; - } - else { - if ($pkg_interface <> "console") - update_status(gettext('Done downloading Snort GPLv2 Community Rules file.')); - log_error("[Snort] Snort GPLv2 Community Rules file update downloaded successfully"); - error_log(gettext("\tDone downloading Snort GPLv2 Community Rules file.\n"), 3, $snort_rules_upd_log); - } - } - else { - if ($pkg_interface <> "console") { - update_status(gettext("The server returned error code {$rc} ... skipping GPLv2 Community Rules...")); - update_output_window(gettext("Snort GPLv2 Community Rules file download failed...")); - } - log_error(gettext("[Snort] Snort GPLv2 Community Rules file download failed. Server returned error '{$rc}'...")); - error_log(gettext("\tSnort GPLv2 Community Rules download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log); - $snortcommunityrules = 'off'; +/* Check for and download any new Emerging Threats Rules sigs */ +if ($emergingthreats == 'on') { + if (snort_check_rule_md5("{$emergingthreats_url}{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}", "{$et_name} rules")) { + /* download Emerging Threats rules file */ + $file_md5 = trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")); + if (!snort_fetch_new_rules("{$emergingthreats_url}{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}", $file_md5, "{$et_name} rules")) + $emergingthreats = 'off'; } + else + $emergingthreats = 'off'; } -/* Untar Snort GPLv2 Community rules to tmp */ +/* Untar Snort GPLv2 Community rules file to tmp */ if ($snortcommunityrules == 'on') { safe_mkdir("{$snortdir}/tmp/community"); if (file_exists("{$tmpfname}/{$snort_community_rules_filename}")) { @@ -417,12 +432,12 @@ if ($snortcommunityrules == 'on') { $files = glob("{$snortdir}/tmp/community/community-rules/*.rules"); foreach ($files as $file) { $newfile = basename($file); - @copy($file, "{$snortdir}/rules/GPLv2_{$newfile}"); + @copy($file, "{$snortdir}/rules/" . GPL_FILE_PREFIX . "{$newfile}"); } /* base etc files for Snort GPLv2 Community rules */ foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { if (file_exists("{$snortdir}/tmp/community/community-rules/{$file}")) - @copy("{$snortdir}/tmp/community/community-rules/{$file}", "{$snortdir}/tmp/GPLv2_{$file}"); + @copy("{$snortdir}/tmp/community/community-rules/{$file}", "{$snortdir}/tmp/" . GPL_FILE_PREFIX . "{$file}"); } /* Copy snort community md5 sig to snort dir */ if (file_exists("{$tmpfname}/{$snort_community_rules_filename_md5}")) { @@ -439,84 +454,7 @@ if ($snortcommunityrules == 'on') { } } -/* download md5 sig from emergingthreats.net */ -if ($emergingthreats == 'on') { - if ($pkg_interface <> "console") - update_status(gettext("Downloading {$et_name} md5 file...")); - error_log(gettext("\tDownloading {$et_name} md5 file '{$emergingthreats_filename_md5}'...\n"), 3, $snort_rules_upd_log); - $rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}"); - if ($rc === true) { - if ($pkg_interface <> "console") - update_status(gettext("Done downloading {$et_name} md5 file {$emergingthreats_filename_md5}")); - error_log(gettext("\tChecking {$et_name} md5.\n"), 3, $snort_rules_upd_log); - if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}") && $emergingthreats == "on") { - /* Check if were up to date emergingthreats.net */ - $emerg_md5_check_new = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); - if ($emerg_md5_check_new == $emerg_md5_check_old) { - if ($pkg_interface <> "console") - update_status(gettext("{$et_name} rules are up to date...")); - log_error(gettext("[Snort] {$et_name} rules are up to date...")); - error_log(gettext("\t{$et_name} rules are up to date.\n"), 3, $snort_rules_upd_log); - $emergingthreats = 'off'; - } - } - } - else { - if ($pkg_interface <> "console") - update_output_window(gettext("{$et_name} md5 file download failed. {$et_name} rules will not be updated.")); - log_error(gettext("[Snort] {$et_name} md5 file download failed. Server returned error code '{$rc}'.")); - error_log(gettext("\t{$et_name} md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log); - error_log(gettext("\t{$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log); - $emergingthreats = 'off'; - } -} - -/* download emergingthreats rules file */ -if ($emergingthreats == "on") { - if ($pkg_interface <> "console") - update_status(gettext("There is a new set of {$et_name} rules posted. Downloading {$emergingthreats_filename}...")); - log_error(gettext("[Snort] There is a new set of {$et_name} rules posted. Downloading...")); - error_log(gettext("\tThere is a new set of {$et_name} rules posted.\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tDownloading file '{$emergingthreats_filename}'...\n"), 3, $snort_rules_upd_log); - $rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}"); - - /* Test for a valid rules file download. Turn off ET update if download failed. */ - if ($rc === true) { - if (trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")) != trim(md5_file("{$tmpfname}/{$emergingthreats_filename}"))){ - if ($pkg_interface <> "console") - update_output_window(gettext("{$et_name} rules file MD5 checksum failed...")); - log_error(gettext("[Snort] {$et_name} rules file download failed. Bad MD5 checksum...")); - log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}"))); - log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"))); - error_log(gettext("\t{$et_name} rules file download failed. {$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tDownloaded ET file MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}") . "\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tExpected ET file MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}") . "\n"), 3, $snort_rules_upd_log); - $emergingthreats = 'off'; - } - else { - if ($pkg_interface <> "console") - update_status(gettext('Done downloading {$et_name} rules file.')); - log_error("[Snort] {$et_name} rules file update downloaded successfully"); - error_log(gettext("\tDone downloading {$et_name} rules file.\n"), 3, $snort_rules_upd_log); - } - } - else { - if ($pkg_interface <> "console") { - update_status(gettext("The server returned error code {$rc} ... skipping {$et_name} update...")); - update_output_window(gettext("{$et_name} rules file download failed...")); - } - log_error(gettext("[Snort] {$et_name} rules file download failed. Server returned error '{$rc}'...")); - error_log(gettext("\t{$et_name} rules file download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log); - $emergingthreats = 'off'; - } -} - -/* Untar emergingthreats rules to tmp */ +/* Untar Emerging Threats rules file to tmp */ if ($emergingthreats == 'on') { safe_mkdir("{$snortdir}/tmp/emerging"); if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { @@ -528,16 +466,18 @@ if ($emergingthreats == 'on') { exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/"); /* Remove the old Emerging Threats rules files */ - array_map('unlink', glob("{$snortdir}/rules/emerging-*.rules")); - array_map('unlink', glob("{$snortdir}/rules/etpro-*.rules")); - array_map('unlink', glob("{$snortdir}/rules/emerging-*ips.txt")); - array_map('unlink', glob("{$snortdir}/rules/etpro-*ips.txt")); + $eto_prefix = ET_OPEN_FILE_PREFIX; + $etpro_prefix = ET_PRO_FILE_PREFIX; + array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*.rules")); + array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*.rules")); + array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*ips.txt")); + array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*ips.txt")); $files = glob("{$snortdir}/tmp/emerging/rules/*.rules"); foreach ($files as $file) { $newfile = basename($file); if ($etpro == "on") - @copy($file, "{$snortdir}/rules/etpro-{$newfile}"); + @copy($file, "{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "{$newfile}"); else @copy($file, "{$snortdir}/rules/{$newfile}"); } @@ -546,9 +486,9 @@ if ($emergingthreats == 'on') { foreach ($files as $file) { $newfile = basename($file); if ($etpro == "on") - @copy($file, "{$snortdir}/rules/etpro-{$newfile}"); + @copy($file, "{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "{$newfile}"); else - @copy($file, "{$snortdir}/rules/emerging-{$newfile}"); + @copy($file, "{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}"); } /* base etc files for Emerging Threats rules */ foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { @@ -571,7 +511,7 @@ if ($emergingthreats == 'on') { } } -/* Untar snort rules file individually to help people with low system specs */ +/* Untar Snort rules file to tmp */ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { /* Currently, only FreeBSD-8-1 and FreeBSD-9-0 precompiled SO rules exist from Snort.org */ @@ -581,7 +521,8 @@ if ($snortdownload == 'on') { $freebsd_version_so = 'FreeBSD-9-0'; /* Remove the old Snort rules files */ - array_map('unlink', glob("{$snortdir}/rules/snort_*.rules")); + $vrt_prefix = VRT_FILE_PREFIX; + array_map('unlink', glob("{$snortdir}/rules/{$vrt_prefix}*.rules")); if ($pkg_interface <> "console") { update_status(gettext("Extracting Snort VRT rules...")); @@ -594,7 +535,7 @@ if ($snortdownload == 'on') { $files = glob("{$snortdir}/tmp/snortrules/rules/*.rules"); foreach ($files as $file) { $newfile = basename($file); - @copy($file, "{$snortdir}/rules/snort_{$newfile}"); + @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}"); } /* IP lists */ $files = glob("{$snortdir}/tmp/snortrules/rules/*.txt"); @@ -629,7 +570,7 @@ if ($snortdownload == 'on') { $files = glob("{$snortdir}/tmp/so_rules/*.rules"); foreach ($files as $file) { $newfile = basename($file, ".rules"); - @copy($file, "{$snortdir}/rules/snort_{$newfile}.so.rules"); + @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}.so.rules"); } exec("rm -r {$snortdir}/tmp/so_rules"); } -- cgit v1.2.3