From 834c580f3bcfea9b8c23e61fc00a8250cfa0dabf Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 17 Sep 2014 14:37:13 -0400 Subject: Report each enabled Snort/BY2 interface as a separate service entry. --- config/snort/snort.inc | 217 ++++++++++++++++++++++++++------- config/snort/snort.priv.inc | 1 + config/snort/snort.xml | 9 +- config/snort/snort_interfaces.php | 33 +++-- config/snort/snort_interfaces_edit.php | 5 +- config/snort/snort_post_install.php | 58 ++++++++- config/snort/snort_service_utils.php | 121 ++++++++++++++++++ 7 files changed, 380 insertions(+), 64 deletions(-) create mode 100644 config/snort/snort_service_utils.php (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index fbeea89f..466efac1 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -551,7 +551,7 @@ function snort_barnyard_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { - log_error("[Snort] Barnyard2 STOP for {$snortcfg['descr']}({$if_real})..."); + log_error("[Snort] Barnyard2 STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } } @@ -561,28 +561,35 @@ function snort_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { - log_error("[Snort] Snort STOP for {$snortcfg['descr']}({$if_real})..."); + log_error("[Snort] Snort STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); } snort_barnyard_stop($snortcfg, $if_real); } -function snort_barnyard_start($snortcfg, $if_real) { +function snort_barnyard_start($snortcfg, $if_real, $background=FALSE) { global $config, $g; $snortdir = SNORTDIR; $snortlogdir = SNORTLOGDIR; $snort_uuid = $snortcfg['uuid']; - /* define snortbarnyardlog_chk */ if ($snortcfg['barnyard_enable'] == 'on') { - log_error("[Snort] Barnyard2 START for {$snortcfg['descr']}({$if_real})..."); - mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); + if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { + snort_barnyard_reload_config($snortcfg, "HUP"); + } + else { + log_error("[Snort] Barnyard2 START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); + if ($background) + mwexec_bg("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); + else + mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); + } } } -function snort_start($snortcfg, $if_real) { +function snort_start($snortcfg, $if_real, $background=FALSE) { global $config, $g; $snortdir = SNORTDIR; @@ -590,27 +597,56 @@ function snort_start($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if ($snortcfg['enable'] == 'on') { - log_error("[Snort] Snort START for {$snortcfg['descr']}({$if_real})..."); - mwexec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + snort_reload_config($snortcfg, "SIGHUP"); + snort_barnyard_start($snortcfg, $if_real, $background); + } + else { + log_error("[Snort] Snort START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); + if ($background) + mwexec_bg("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + else + mwexec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + snort_barnyard_start($snortcfg, $if_real, $background); + } } else return; +} + +function snort_start_all_interfaces($background=FALSE) { + + /*************************************************************/ + /* This function starts all configured and enabled Snort */ + /* interfaces. */ + /*************************************************************/ + + global $g, $config; + + /* do nothing if no Snort interfaces active */ + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; - snort_barnyard_start($snortcfg, $if_real); + foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) { + if ($snortcfg['enable'] != 'on') + continue; + snort_start($snortcfg, get_real_interface($snortcfg['interface']), $background); + } } -/**************************************************************/ -/* This function sends the passed SIGNAL to the Snort */ -/* instance on the passed interface to cause Snort to reload */ -/* and parse the running configuration without stopping */ -/* packet processing. It also executes the reload as a */ -/* background process and returns control immediately to the */ -/* caller. */ -/* */ -/* $signal = SIGHUP (default) parses and reloads config. */ -/* SIGURG updates Host Attribute Table. */ -/**************************************************************/ function snort_reload_config($snortcfg, $signal="SIGHUP") { + + /*************************************************************/ + /* This function sends the passed SIGNAL to the Snort */ + /* instance on the passed interface to cause Snort to */ + /* reload and parse the running configuration without */ + /* stopping packet processing. It also executes the */ + /* the reload as a background process and returns control */ + /* immediately to the caller. */ + /* */ + /* $signal = SIGHUP (default) parses and reloads config. */ + /* SIGURG updates Host Attribute Table. */ + /*************************************************************/ global $config, $g; $snortdir = SNORTDIR; @@ -622,23 +658,23 @@ function snort_reload_config($snortcfg, $signal="SIGHUP") { /* can find a valid PID for the process. */ /******************************************************/ if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { - log_error("[Snort] Snort RELOAD CONFIG for {$snortcfg['descr']} ({$if_real})..."); + log_error("[Snort] Snort RELOAD CONFIG for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); } } function snort_barnyard_reload_config($snortcfg, $signal="HUP") { - /**************************************************************/ - /* This function sends the passed SIGNAL to the Barnyard2 */ - /* instance on the passed interface to cause Barnyard to */ - /* reload and parse the running configuration without */ - /* impacting packet processing. It also executes the reload */ - /* as a background process and returns control immediately */ - /* to the caller. */ - /* */ - /* $signal = HUP (default) parses and reloads config. */ - /**************************************************************/ + /*************************************************************/ + /* This function sends the passed SIGNAL to the Barnyard2 */ + /* instance on the passed interface to cause Barnyard to */ + /* reload and parse the running configuration without */ + /* impacting packet processing. It also executes the reload */ + /* as a background process and returns control immediately */ + /* to the caller. */ + /* */ + /* $signal = HUP (default) parses and reloads config. */ + /*************************************************************/ global $g; $snortdir = SNORTDIR; @@ -650,7 +686,7 @@ function snort_barnyard_reload_config($snortcfg, $signal="HUP") { /* we can find a valid PID for the process. */ /******************************************************/ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { - log_error("[Snort] Barnyard2 CONFIG RELOAD initiated for {$snortcfg['descr']} ({$if_real})..."); + log_error("[Snort] Barnyard2 CONFIG RELOAD initiated for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } } @@ -971,25 +1007,104 @@ function sync_snort_package_config() { /* do not start config build if rules is empty or there are no Snort settings */ if (!is_array($config['installedpackages']['snortglobal']) || !is_array($config['installedpackages']['snortglobal']['rule'])) { - @unlink("{$rcdir}snort.sh"); conf_mount_ro(); + + // Make sure no lingering entries exist for Snort interfaces + $is_dirty = FALSE; + if (!is_array($config['installedpackges']['service'])) + $config['installedpackages']['service'] = array(); + foreach ($config['installedpackages']['service'] as $key => $service) { + if (strpos($service['name'], "snort_") !== FALSE) { + unset($config['installedpackages']['service'][$key]); + $is_dirty = TRUE; + } + if (strpos($service['name'], "barnyard2_") !== FALSE) { + unset($config['installedpackages']['service'][$key]); + $is_dirty = TRUE; + } + } + if ($is_dirty) + write_config("Snort pkg: removed snort interface service entry."); return; } $snortconf = $config['installedpackages']['snortglobal']['rule']; + $is_dirty = FALSE; foreach ($snortconf as $value) { + /* Skip configuration of any disabled interface */ + /* after removing its custom service entry. */ + if ($value['enable'] != 'on') { + foreach ($config['installedpackages']['service'] as $key => $service) { + if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && + $service['name'] == "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']))) { + unset($config['installedpackages']['service'][$key]); + unlink_if_exists("{$g['varrun_path']}/snort_{$uuid}.disabled"); + $is_dirty = TRUE; + } + if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && + $service['name'] == "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']))) { + unset($config['installedpackages']['service'][$key]); + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$uuid}.disabled"); + $is_dirty = TRUE; + } + } + continue; + } + $if_real = get_real_interface($value['interface']); - /* create a snort.conf file for interface */ + /* create a snort.conf file for interface */ snort_generate_conf($value); - /* create barnyard2.conf file for interface */ + /* create barnyard2.conf file for interface */ if ($value['barnyard_enable'] == 'on') snort_generate_barnyard2_conf($value, $if_real); + + /* create a entry for interface */ + $snort_found = FALSE; + $barnyard_found = FALSE; + foreach ($config['installedpackages']['service'] as $service) { + if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && + $service['name'] == "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']))) { + $snort_found = TRUE; + } + if (isset($service['uuid']) && $service['uuid'] == $value['uuid'] && + $service['name'] == "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface']))) { + $barnyard_found = TRUE; + } + } + if (!$snort_found) { + $service = array(); + $service['name'] = "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface'])); + $service['description'] = "Snort IDS/IPS - " . convert_friendly_interface_to_friendly_descr($value['interface']); + $service['uuid'] = $value['uuid']; + $service['startcmd'] = "\$action='start';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['stopcmd'] = "\$action='stop';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['restartcmd'] = "\$action='restart';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['custom_php_service_status_command'] = "\$action='status';\$service='snort';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $config['installedpackages']['service'][] = $service; + $is_dirty = TRUE; + } + if (!$barnyard_found && $value['barnyard_enable'] == 'on') { + $service = array(); + $service['name'] = "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($value['interface'])); + $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($value['interface']); + $service['uuid'] = $value['uuid']; + $service['startcmd'] = "\$action='start';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['stopcmd'] = "\$action='stop';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['restartcmd'] = "\$action='restart';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['custom_php_service_status_command'] = "\$action='status';\$service='barnyard2';\$uuid={$value['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $config['installedpackages']['service'][] = $service; + $is_dirty = TRUE; + } } + // Call write_config() if we made any updates up above + if ($is_dirty) + write_config("Snort pkg: updated snort service entry configuration."); + /* create snort bootup file snort.sh only create once */ - snort_create_rc(); +// snort_create_rc(); $snortglob = $config['installedpackages']['snortglobal']; @@ -3067,6 +3182,26 @@ function snort_deinstall() { /* Remove the snort user and group */ mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true); + /* Remove our custom entries from config */ + $is_dirty = FALSE; + if (!is_array($config['installedpackges']['service'])) + $config['installedpackages']['service'] = array(); + foreach ($config['installedpackages']['service'] as $key => $service) { + if (strpos($service['name'], "snort_") !== FALSE) { + unset($config['installedpackages']['service'][$key]); + unlink_if_exists("{$g['varrun_path']}/snort_{$service['uuid']}.disabled"); + $is_dirty = TRUE; + continue; + } + if (strpos($service['name'], "barnyard2_") !== FALSE) { + unset($config['installedpackages']['service'][$key]); + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$service['uuid']}.disabled"); + $is_dirty = TRUE; + } + } + if ($is_dirty) + write_config("Snort pkg: removed all snort interface services."); + /* Remove all the existing Snort cron jobs. */ if (snort_cron_job_exists("snort2c", FALSE)) install_cron_job("snort2c", false); @@ -3765,12 +3900,8 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, } $snortstart = ""; if ($syncstartsnort == "ON") { - $snortstart = "log_error(gettext(\"[snort] XMLRPC pkg sync: Checking Snort status...\"));\n"; - $snortstart .= "\tif (!is_process_running(\"snort\")) {\n"; - $snortstart .= "\t\tlog_error(gettext(\"[snort] XMLRPC pkg sync: Snort not running. Sending a start command...\"));\n"; - $snortstart .= "\t\t\$sh_script = RCFILEPREFIX . \"snort.sh\";\n"; - $snortstart .= "\t\tmwexec_bg(\"{\$sh_script} start\");\n\t}\n"; - $snortstart .= "\telse {\n\t\tlog_error(gettext(\"[snort] XMLRPC pkg CARP sync: Snort is running...\"));\n\t}\n"; + $snortstart = "log_error(gettext(\"[snort] XMLRPC pkg sync: Starting Snort if not running...\"));\n"; + $snortstart .= "\tsnort_start_all_interfaces(TRUE);\n"; } /*************************************************/ diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc index 1af0e783..7376a1b2 100644 --- a/config/snort/snort.priv.inc +++ b/config/snort/snort.priv.inc @@ -43,6 +43,7 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.p $priv_list['page-services-snort']['match'][] = "snort/snort_generate_conf.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_interface_logs.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_log_mgmt.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_service_utils.php*"; $priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*"; $priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*"; $priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*"; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index b52a1b7e..573f8914 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -56,10 +56,6 @@ /snort/snort_interfaces.php - snort - snort.sh - snort - Snort IDS/IPS Daemon @@ -88,6 +84,11 @@ 077 https://packages.pfsense.org/packages/config/snort/snort_post_install.php + + /usr/local/pkg/snort/ + 077 + https://packages.pfsense.org/packages/config/snort/snort_service_utils.php + /usr/local/pkg/snort/ 077 diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 697e611e..7903eba7 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -55,6 +55,18 @@ if (isset($_POST['del_x'])) { foreach ($_POST['rule'] as $rulei) { $if_real = get_real_interface($a_nat[$rulei]['interface']); $snort_uuid = $a_nat[$rulei]['uuid']; + foreach ($config['installedpackages']['service'] as $key => $service) { + if (isset($service['uuid']) && $service['uuid'] == $snort_uuid && + $service['name'] == "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($a_nat[$rulei]['interface']))) { + unset($config['installedpackages']['service'][$key]); + unlink_if_exists("{$g['varrun_path']}/snort_{$snort_uuid}.disabled"); + } + if (isset($service['uuid']) && $service['uuid'] == $snort_uuid && + $service['name'] == "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($a_nat[$rulei]['interface']))) { + unset($config['installedpackages']['service'][$key]); + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snort_uuid}.disabled"); + } + } snort_stop($a_nat[$rulei], $if_real); exec("/bin/rm -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}"); exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}"); @@ -71,15 +83,6 @@ if (isset($_POST['del_x'])) { write_config("Snort pkg: deleted one or more Snort interfaces."); sleep(2); - /* if there are no ifaces remaining do not create snort.sh */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - snort_create_rc(); - else { - conf_mount_rw(); - @unlink("{$rcdir}snort.sh"); - conf_mount_ro(); - } - sync_snort_package_config(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -100,11 +103,13 @@ if ($_POST['bartoggle'] && is_numericint($_POST['id'])) { $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) { - log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (barnyard starting) for {$if_friendly}({$if_real})..."); sync_snort_package_config(); snort_barnyard_start($snortcfg, $if_real); + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled"); } else { - log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (barnyard stopping) for {$if_friendly}({$if_real})..."); + touch("{$g['varrun_path']}/barnyard2_{$snortcfg['uuid']}.disabled"); snort_barnyard_stop($snortcfg, $if_real); } sleep(3); // So the GUI reports correctly @@ -117,16 +122,18 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) { $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); if (snort_is_running($snortcfg['uuid'], $if_real)) { - log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (snort stopping) for {$if_friendly}({$if_real})..."); + touch("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled"); snort_stop($snortcfg, $if_real); } else { - log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (snort starting) for {$if_friendly}({$if_real})..."); /* set flag to rebuild interface rules before starting Snort */ $rebuild_rules = true; sync_snort_package_config(); $rebuild_rules = false; snort_start($snortcfg, $if_real); + unlink_if_exists("{$g['varrun_path']}/snort_{$snortcfg['uuid']}.disabled"); } sleep(3); // So the GUI reports correctly } diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index a49d6198..aff9b4f7 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -224,6 +224,7 @@ if ($_POST["save"] && !$input_errors) { if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) { + touch("{$g['varrun_path']}/snort_{$a_rule[$id]['uuid']}.disabled"); snort_stop($a_rule[$id], $oif_real); $snort_start = true; } @@ -378,8 +379,10 @@ if ($_POST["save"] && !$input_errors) { sync_snort_package_config(); /* See if we need to restart Snort after an interface re-assignment */ - if ($snort_start == true) + if ($snort_start == true) { snort_start($natent, $if_real); + unlink_if_exists("{$g['varrun_path']}/snort_{$natent['uuid']}.disabled"); + } /*******************************************************/ /* Signal Snort to reload configuration if we changed */ diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 715adae2..5c47e151 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -220,10 +220,51 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { // create barnyard2.conf file for interface if ($snortcfg['barnyard_enable'] == 'on') snort_generate_barnyard2_conf($snortcfg, $if_real); + + if ($snortcfg['enable'] != 'on') + continue; + + // Create a custom entry for each enabled interface + $snort_found = FALSE; + $barnyard_found = FALSE; + foreach ($config['installedpackages']['service'] as $service) { + if (isset($service['uuid']) && $service['uuid'] == $snortcfg['uuid'] && + $service['name'] == "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($snortcfg['interface']))) { + $snort_found = TRUE; + } + if (isset($service['uuid']) && $service['uuid'] == $snortcfg['uuid'] && + $service['name'] == "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($snortcfg['interface']))) { + $barnyard_found = TRUE; + } + } + if (!$snort_found) { + $service = array(); + $service['name'] = "snort_" . strtolower(convert_friendly_interface_to_friendly_descr($snortcfg['interface'])); + $service['description'] = "Snort IDS/IPS - " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']); + $service['uuid'] = $snortcfg['uuid']; + $service['startcmd'] = "\$action='start';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['stopcmd'] = "\$action='stop';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['restartcmd'] = "\$action='restart';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['custom_php_service_status_command'] = "\$action='status';\$service='snort';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $config['installedpackages']['service'][] = $service; + $is_dirty = TRUE; + } + if (!$barnyard_found && $snortcfg['barnyard_enable'] == 'on') { + $service = array(); + $service['name'] = "barnyard2_" . strtolower(convert_friendly_interface_to_friendly_descr($snortcfg['interface'])); + $service['description'] = "Barnyard2 Logging - " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']); + $service['uuid'] = $snortcfg['uuid']; + $service['startcmd'] = "\$action='start';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['stopcmd'] = "\$action='stop';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['restartcmd'] = "\$action='restart';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $service['custom_php_service_status_command'] = "\$action='status';\$service='barnyard2';\$uuid={$snortcfg['uuid']};\$rc = include '/usr/local/pkg/snort/snort_service_utils.php';"; + $config['installedpackages']['service'][] = $service; + $is_dirty = TRUE; + } } /* create snort bootup file snort.sh */ - snort_create_rc(); +// snort_create_rc(); /* Set Log Limit, Block Hosts Time and Rules Update Time */ snort_snortloglimit_install_cron(true); @@ -244,8 +285,19 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { update_status(gettext("Starting Snort using rebuilt configuration...")); update_output_window(gettext("Please wait... while Snort is started...")); log_error(gettext("[Snort] Starting Snort using rebuilt configuration...")); - mwexec_bg("{$rcdir}snort.sh start"); - update_output_window(gettext("Snort is starting using the rebuilt configuration...")); +// mwexec_bg("{$rcdir}snort.sh start"); + foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) { + if ($snortcfg['enable'] != 'on') + continue; + $if_real = get_real_interface($snortcfg['interface']); + $snort_uuid = $snortcfg['uuid']; + update_output_window(gettext("Snort starting on " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + log_error("[Snort] Snort START for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "({$if_real})..."); + mwexec_bg("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + if ($snortcfg['barnyard_enable'] == 'on') + mwexec_bg("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); + } + update_output_window(gettext("Snort has started using the rebuilt configuration...")); } } diff --git a/config/snort/snort_service_utils.php b/config/snort/snort_service_utils.php new file mode 100644 index 00000000..f04987b2 --- /dev/null +++ b/config/snort/snort_service_utils.php @@ -0,0 +1,121 @@ + -- cgit v1.2.3