From b22bb5316cdb530fb3dcd106c538ac944179cd0a Mon Sep 17 00:00:00 2001 From: robiscool Date: Sun, 31 May 2009 13:58:52 -0700 Subject: changes to snort.inc, snort_downloads_rules.php, pkg_config.7.xml. libdnet-1.11_3.tbz still missing --- config/snort/snort.inc | 14 +- config/snort/snort_download_rules.php | 409 +++++++++++++++++----------------- 2 files changed, 217 insertions(+), 206 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 6fa3fcca..1b8d5571 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -778,9 +778,11 @@ function verify_snort_rules_md5($tmpfname) { $static_output = gettext("Verifying md5 signature..."); update_all_status($static_output); } - $md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + + $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + $md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if($md5 <> $file_md5_ondisk) { + if($md5 == $file_md5_ondisk) { if(!$console_mode) { $static_output = gettext("snort rules: md5 signature of rules mismatch."); update_all_status($static_output); @@ -801,6 +803,14 @@ function hide_progress_bar_status() { echo "\n"; } +/* unhide progress bar */ +function unhide_progress_bar_status() { + global $snort_filename, $snort_filename_md5, $console_mode; + ob_flush(); + if(!$console_mode) + echo "\n"; +} + /* update both top and bottom text box during an operation */ function update_all_status($status) { global $snort_filename, $snort_filename_md5, $console_mode; diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index a378a2b2..259bcf86 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -1,9 +1,11 @@ . + Copyright (C) 2003-2004 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,46 +28,33 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* do not require all of this if we already have. */ -if(!$start_me_up) { - require_once("guiconfig.inc"); - require_once("functions.inc"); - require_once("service-utils.inc"); - require("/usr/local/pkg/snort.inc"); -} +/* Setup enviroment */ +$tmpfname = "/tmp/snort_rules_up"; +$snortdir = "/usr/local/etc/snort"; +$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; +$snort_filename = "snortrules-snapshot-2.8.tar.gz"; -/* Allow additional execution time 0 = no limit. */ -ini_set('max_execution_time', '9999'); -ini_set('max_input_time', '9999'); +require_once("guiconfig.inc"); +require_once("functions.inc"); +require_once("service-utils.inc"); +require("/usr/local/pkg/snort.inc"); $pgtitle = "Services: Snort: Update Rules"; -/* define oinkid */ -if($config['installedpackages']['snort']) - $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; - -if($_GET['start'] or $_POST['start']) - $start_me_up = true; -else - $start_me_up = false; - -if(!is_dir("/usr/local/etc/snort/rules")) - $start_me_up = true; - -include("head.inc"); +include("/usr/local/www/head.inc"); ?> + - +

"; + echo "

"; ?>
@@ -75,225 +64,237 @@ if(!$pgtitle_output) -\n"; - echo "\n"; - echo "
\n"; - echo "\n"; - echo "\n"; - echo "\n"; - if($last_ruleset_download) - echo "\n"; - else - echo "\n"; - echo "
\n"; - $last_ruleset_download = $config['installedpackages']['snort']['last_ruleset_download']; - echo "
\n"; - echo " Getting release information from snort.org...\n"; - echo "
\n"; - ob_flush(); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $text = file_get_contents("http://www.snort.org/pub-bin/downloads.cgi"); - echo "\n"; - if (preg_match_all("/.*RELEASED\: (.*)\\n"; - if($last_update_date) - echo "
Last snort.org rule update:{$last_update_date}
You last updated the ruleset:{$last_ruleset_download}
You last updated the ruleset:NEVER
"; - if(!$oinkid) { - echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab in order to start the download process.\n"; - } else { - /* get time stamps for comparison operations */ - $date1ts = strtotime($last_update_date); - $date2ts = strtotime($last_ruleset_download); - /* is there a newer ruleset available? */ - if($date1ts > $date2ts or !$last_ruleset_download) - echo "Press here to start download.\n"; - else - echo "Your snort rulesets are up to date.\n"; - } - echo "\n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo "\n"; - echo "\n"; - echo "\n"; - include("fend.inc"); - exit; - } -?> - - -
- - - +
- - + + + - +
+ + + + + + +
+
+ + + - -
+ +
/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />
-
- - - - -
-
-
+ +
+ + \n\n", update_status(gettext("Your rules are up to date...")), update_output_window(gettext("You may start Snort now.")), hide_progress_bar_status(), exit(0); +} -/* multi user system, request new filename and create directory */ -$tmpfname = tempnam("/tmp", "snortRules"); -exec("/bin/rm -rf {$tmpfname};/bin/mkdir -p {$tmpfname}"); +/* echo "You are Not Up to date!\n"; */ +update_status(gettext("You are NOT up to date...")); -/* download snort rules */ -$static_output = gettext("Downloading current snort rules... "); +/* remove old {$snortdir} files */ +if (file_exists("{$snortdir}")) { + /* echo "removing old {$snortdir} files\n"; */ + update_status(gettext("Removing old snort rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/rm -r {$snortdir}/*"); +} -/* Set URL we are downloading in bottom textarea and - * download snort rules - */ -update_all_status($static_output); -update_output_window("{$dl}"); -download_file_with_progress_bar($dl, $tmpfname . "/{$snort_filename}", "read_body_firmware"); -verify_downloaded_file($tmpfname . "/{$snort_filename}"); +/* download snortrules file */ +if (file_exists("{$tmpfname}/{$snort_filename}")) { + /* echo "{$snort_filename} does exists\n"; */ + update_status(gettext("Snortrule tar file exists...")); +} else { + /* echo "downloading rules\n"; */ + update_status(gettext("Downloading rules...")); + update_output_window(gettext("May take 4 to 10 min...")); -/* download snort rules md5 file */ -$static_output = gettext("Downloading current snort rules md5... "); +update_output_window("{$snort_filename}"); +download_file_with_progress_bar("http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=658d6fe74f30ac3efd01e7ff551f63d91a926430", $tmpfname . "/{$snort_filename}", "read_body_firmware"); update_all_status($static_output); -update_output_window("{$dl_md5}"); -download_file_with_progress_bar($dl_md5, $tmpfname . "/{$snort_filename_md5}", "read_body_firmware"); -verify_downloaded_file($tmpfname . "/{$snort_filename_md5}"); + /* echo "done\n"; */ + update_status(gettext("Done.")); +} -/* verify downloaded rules signature */ -update_status(gettext("Verifying MD5 Signature...")); -verify_snort_rules_md5($tmpfname); -/* extract rules */ -update_status(gettext("Extracting rules...")); -extract_snort_rules_md5($tmpfname); +/* Compair md5 sigs */ +$md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); +$md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; +$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -$static_output = gettext("Your snort rules are now up to date."); -update_all_status($static_output); + if ($md5 == $file_md5_ondisk) + /* echo "Valid checksum pass\n"; */ + update_status(gettext("Valid checksum pass")); -$config['installedpackages']['snort']['last_ruleset_download'] = date("Y-m-d"); -write_config(); +/* Untar snort rules file */ +if (file_exists("{$tmpfname}/rules")) { + /* echo "The directory {$tmpfname}/rules exists\n"; */ + update_status(gettext("The directory rules exists...")); +} else { + /* echo "extracting rules\n"; */ + update_status(gettext("Extracting rules...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}"); + update_status(gettext("Done.")); +} -update_status(gettext("Stopping Snort...")); -update_output_window(gettext("One moment please...")); -stop_service("snort"); -update_status(gettext("Starting Snort...")); -update_output_window(gettext("One moment please...")); -start_service("snort"); +/* Copy rules dir to snort dir */ +if (file_exists("{$snortdir}/rules")) { + /* echo "The directory {$snortdir}/rules exists\n"; */ + update_status(gettext("Directory rules exists...")); +} else { + /* echo "copying rules to {$snortdir}\n"; */ + update_status(gettext("Copying rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp -r {$tmpfname}/rules {$snortdir}/rules"); + update_status(gettext("Done.")); +} -/* cleanup temporary directory */ -update_status(gettext("Cleaning up...")); -update_output_window(gettext("One moment please...")); -exec("/bin/rm -rf {$tmpfname};"); +/* Copy md5 sig to snort dir */ +if (file_exists("{$snortdir}/$snort_filename_md5")) { + /* echo "The {$snort_filename_md5} exists in the {$snortdir} exists\n"; */ + update_status(gettext("The md5 file exists...")); +} else { + /* echo "copying sig to {$snortdir}\n"; */ + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); +} + +/* Copy configs to snort dir */ +if (file_exists("{$snortdir}/Makefile.am")) { + /* echo "The Snort configs exists in the {$snortdir} exists\n"; */ + update_status(gettext("The snort configs exists...")); +} else { + /* echo "copying sig to {$snortdir}\n"; */ + update_status(gettext("Copying configs to snort directory...")); + exec("/bin/cp {$tmpfname}/etc/* {$snortdir}"); +} + +/* Copy signatures dir to snort dir */ +if (file_exists("{$snortdir}/doc/signatures")) { + /* echo "The directory {$snortdir}/signatures exists\n"; */ + update_status(gettext("Directory signatures exists...")); +} else { + /* echo "copying signatures to {$snortdir}\n"; */ + update_status(gettext("Copying signatures...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp -r {$tmpfname}/doc/signatures {$snortdir}/signatures"); + update_status(gettext("Done.")); +} + +/* echo "done finnal\n"; */ +update_status(gettext("Rules update finished...")); +update_output_window(gettext("You may start Snort now.")); /* hide progress bar and lets end this party */ hide_progress_bar_status(); ?> - - - - - 150) { - update_output_window($text); - update_progress_bar($downloadProgress); - flush(); - $counter = 0; - } - fwrite($fout, $string); - return $length; + global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; + $length = strlen($string); + $downloaded += intval($length); + $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); + $downloadProgress = 100 - $downloadProgress; + $a = $file_size; + $b = $downloaded; + $c = $downloadProgress; + $text = " Snort download in progress\\n"; + $text .= "----------------------------------------------------\\n"; + $text .= " Downloaded : {$b}\\n"; + $text .= "----------------------------------------------------\\n"; + $counter++; + if($counter > 150) { + update_output_window($text); + update_progress_bar($downloadProgress); + flush(); + $counter = 0; + } + fwrite($fout, $string); + return $length; } -?> \ No newline at end of file +?> -- cgit v1.2.3