From 0497e75a950869bff748b336bfe21bd8b5ef006a Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 10 Jul 2012 13:36:03 +0000 Subject: Correct barnyard2 config so pidfile name is correct. Some variable name fixes allover to not be hard to follow. Also trim some useless code --- config/snort/snort.inc | 6 ++-- config/snort/snort_alerts.php | 48 ++++++++++++++++---------------- config/snort/snort_interfaces_global.php | 32 +++++++-------------- 3 files changed, 37 insertions(+), 49 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 814cd017..5eb20ff9 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -246,7 +246,7 @@ function Running_Stop($snort_uuid, $if_real, $id) { if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); - exec("/bin/rm {$g['varrun_path']}/barnyard2_{$snort_uuid}_{$if_real}*"); + @unlink("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } $snortconf = $config['installedpackages']['snortglobal']['rule'][$id]; @@ -1003,7 +1003,7 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { /* TODO: add support for the other 5 output plugins */ $snortconf = $config['installedpackages']['snortglobal']['rule'][$id]; $snortbarnyardlog_database_info_chk = $snortconf['barnyard_mysql']; - $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); + $snortbarnyardlog_hostname_info_chk = php_uname("n"); /* user add arguments */ $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($snortconf['barnconfigpassthru'])); @@ -1020,7 +1020,7 @@ config gen_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.m config sid_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map config hostname: $snortbarnyardlog_hostname_info_chk -config interface: {$snort_uuid}_{$if_real} +config interface: {$if_real} config decode_data_link config waldo_file: /var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 645a3f8d..806d4738 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -121,8 +121,8 @@ if ($_POST['download']) { function get_snort_alert_date($fileline) { /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */ - if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1)) - $alert_date = "$matches1[0]"; + if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches)) + $alert_date = "$matches[0]"; return $alert_date; } @@ -139,8 +139,8 @@ function get_snort_alert_disc($fileline) function get_snort_alert_class($fileline) { /* class */ - if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2)) - $alert_class = "$matches2[0]"; + if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches)) + $alert_class = "$matches[0]"; return $alert_class; } @@ -148,8 +148,8 @@ function get_snort_alert_class($fileline) function get_snort_alert_priority($fileline) { /* Priority */ - if (preg_match('/Priority:\s\d/', $fileline, $matches3)) - $alert_priority = "$matches3[0]"; + if (preg_match('/Priority:\s\d/', $fileline, $matches)) + $alert_priority = "$matches[0]"; return $alert_priority; } @@ -157,8 +157,8 @@ function get_snort_alert_priority($fileline) function get_snort_alert_proto($fileline) { /* Priority */ - if (preg_match('/\{.+\}/', $fileline, $matches3)) - $alert_proto = "$matches3[0]"; + if (preg_match('/\{.+\}/', $fileline, $matches)) + $alert_proto = "$matches[0]"; return $alert_proto; } @@ -166,8 +166,8 @@ function get_snort_alert_proto($fileline) function get_snort_alert_proto_full($fileline) { /* Protocal full */ - if (preg_match('/.+\sTTL/', $fileline, $matches2)) - $alert_proto_full = "$matches2[0]"; + if (preg_match('/.+\sTTL/', $fileline, $matches)) + $alert_proto_full = "$matches[0]"; return $alert_proto_full; } @@ -178,8 +178,8 @@ function get_snort_alert_ip_src($fileline) $re1='.*?'; # Non-greedy match on filler $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) - $alert_ip_src = $matches4[1][0]; + if (preg_match_all ("/".$re1.$re2."/is", $fileline, $matches)) + $alert_ip_src = $matches[1][0]; return $alert_ip_src; } @@ -187,8 +187,8 @@ function get_snort_alert_ip_src($fileline) function get_snort_alert_src_p($fileline) { /* source port */ - if (preg_match('/:\d+\s-/', $fileline, $matches5)) - $alert_src_p = "$matches5[0]"; + if (preg_match('/:\d+\s-/', $fileline, $matches)) + $alert_src_p = "$matches[0]"; return $alert_src_p; } @@ -196,8 +196,8 @@ function get_snort_alert_src_p($fileline) function get_snort_alert_flow($fileline) { /* source port */ - if (preg_match('/(->|<-)/', $fileline, $matches5)) - $alert_flow = "$matches5[0]"; + if (preg_match('/(->|<-)/', $fileline, $matches)) + $alert_flow = "$matches[0]"; return $alert_flow; } @@ -210,8 +210,8 @@ function get_snort_alert_ip_dst($fileline) $re3dp='.*?'; # Non-greedy match on filler $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6)) - $alert_ip_dst = $matches6[1][0]; + if (preg_match_all("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches)) + $alert_ip_dst = $matches[1][0]; return $alert_ip_dst; } @@ -219,8 +219,8 @@ function get_snort_alert_ip_dst($fileline) function get_snort_alert_dst_p($fileline) { /* dst port */ - if (preg_match('/:\d+$/', $fileline, $matches7)) - $alert_dst_p = "$matches7[0]"; + if (preg_match('/:\d+$/', $fileline, $matches)) + $alert_dst_p = "$matches[0]"; return $alert_dst_p; } @@ -228,8 +228,8 @@ function get_snort_alert_dst_p($fileline) function get_snort_alert_dst_p_full($fileline) { /* dst port full */ - if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7)) - $alert_dst_p = "$matches7[0]"; + if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches)) + $alert_dst_p = "$matches[0]"; return $alert_dst_p; } @@ -237,8 +237,8 @@ function get_snort_alert_dst_p_full($fileline) function get_snort_alert_sid($fileline) { /* SID */ - if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8)) - $alert_sid = "$matches8[0]"; + if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches)) + $alert_sid = "$matches[0]"; return $alert_sid; } diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index a328012a..3131f774 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -41,8 +41,6 @@ global $g; $snortdir = SNORTDIR; -$d_snort_global_dirty_path = '/var/run/snort_global.dirty'; - /* make things short */ $pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; @@ -172,21 +170,11 @@ include_once("fbegin.inc"); if($pfsense_stable == 'yes') echo '

' . $pgtitle . '

'; -?> - - You must apply the changes in order for them to take effect.
- '); - } - } +/* Display Alert message, under form tag or no refresh */ +if ($input_errors) + print_input_errors($input_errors); // TODO: add checks + ?>
@@ -345,12 +333,12 @@ if($pfsense_stable == 'yes')
Please choose the type of Alert logging you will like see in your alert file.
-- cgit v1.2.3