From fe6e3540fc404058b664b19fb7c0303c1b528f4a Mon Sep 17 00:00:00 2001 From: robiscool Date: Thu, 29 Jul 2010 19:58:32 -0700 Subject: snort, update download and auto download rule sscript, change gen settings --- config/snort/snort_check_for_rule_updates.php | 339 ++++++++++++++------------ config/snort/snort_download_rules.php | 79 +++--- config/snort/snort_interfaces.php | 2 +- config/snort/snort_interfaces_global.php | 52 ++-- 4 files changed, 234 insertions(+), 238 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 9bc2d5b8..31cdc42d 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -29,49 +29,15 @@ */ /* Setup enviroment */ -$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; -$snortdir = "/usr/local/etc/snort"; -$snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; -$snort_filename = "snortrules-snapshot-2.8.tar.gz"; -$emergingthreats_filename_md5 = "version.txt"; -$emergingthreats_filename = "emerging.rules.tar.gz"; -$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; -$pfsense_rules_filename = "pfsense_rules.tar.gz"; +/* TODO: review if include files are needed */ require_once("globals.inc"); +require_once("functions.inc"); +require_once("service-utils.inc"); require_once("/usr/local/pkg/snort/snort.inc"); ////////////////////////////// - -function download_file_with_progress_bar2($url_file, $destination_file) { - global $ch, $fout, $file_size, $downloaded, $pkg_interface; - $file_size = 1; - $downloaded = 1; - /* open destination file */ - $fout = fopen($destination_file, "wb"); - - /* - * Originally by Author: Keyvan Minoukadeh - * Modified by Scott Ullrich to return Content-Length size - */ - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url_file); - curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header2'); - curl_setopt($ch, CURLOPT_WRITEFUNCTION, 'read_body2'); - curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_TIMEOUT, 0); - - curl_exec($ch); - $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if($fout) - fclose($fout); - curl_close($ch); - return ($http_code == 200) ? true : $http_code; -} - function read_header2($ch, $string) { global $file_size, $fout; $length = strlen($string); @@ -107,14 +73,80 @@ function read_body2($ch, $string) { return $length; } +////////////////////////////////>>>>>>>>>> + +function read_body_firmware($ch, $string) { + global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; + $length = strlen($string); + $downloaded += intval($length); + $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); + $downloadProgress = 100 - $downloadProgress; + $a = $file_size; + $b = $downloaded; + $c = $downloadProgress; + $text = " Snort download in progress\\n"; + $text .= "----------------------------------------------------\\n"; + $text .= " Downloaded : {$b}\\n"; + $text .= "----------------------------------------------------\\n"; + $counter++; + if($counter > 150) { + update_output_window($text); + update_progress_bar($downloadProgress); + flush(); + $counter = 0; + } + fwrite($fout, $string); + return $length; +} + +function download_file_with_progress_bar2($url_file, $destination_file, $readbody = 'read_body') { + global $ch, $fout, $file_size, $downloaded; + $file_size = 1; + $downloaded = 1; + /* open destination file */ + $fout = fopen($destination_file, "wb"); + + /* + * Originally by Author: Keyvan Minoukadeh + * Modified by Scott Ullrich to return Content-Length size + */ + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); + curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); + curl_setopt($ch, CURLOPT_TIMEOUT, 0); + + curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + if($fout) + fclose($fout); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; +} + ////////////////////////////// +$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; +$snortdir = "/usr/local/etc/snort"; +$snortdir_wan = "/usr/local/etc/snort"; +$snort_filename_md5 = "snortrules-snapshot-2860.tar.gz.md5"; +$snort_filename = "snortrules-snapshot-2860.tar.gz"; +$emergingthreats_filename_md5 = "version.txt"; +$emergingthreats_filename = "emerging.rules.tar.gz"; +$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; +$pfsense_rules_filename = "pfsense_rules.tar.gz"; + /* define checks */ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; -if ($oinkid == "" && $snortdownload != "off") +if ($oinkid == '' && $snortdownload == 'on') { echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab.\n"; exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'"); @@ -150,7 +182,7 @@ if (!file_exists('/usr/local/etc/snort/tmp')) { /* Set user agent to Mozilla */ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","125M"); +ini_set("memory_limit","150M"); /* mark the time update started */ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); @@ -159,28 +191,13 @@ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS- ob_flush(); conf_mount_rw(); -$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload']; - -if ($premium_subscriber_chk == "premium") { - $premium_subscriber = "_s"; -}else{ - $premium_subscriber = ""; -} - -$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload']; -if ($premium_url_chk == "premium") { - $premium_url = "sub-rules"; -}else{ - $premium_url = "reg-rules"; -} - /* send current buffer */ ob_flush(); conf_mount_rw(); /* remove old $tmpfname files */ if (file_exists("{$tmpfname}")) { - echo "Removing old tmp files...\n"; + echo 'Removing old tmp files...' . "\n"; exec("/bin/rm -r {$tmpfname}"); apc_clear_cache(); } @@ -197,63 +214,62 @@ conf_mount_rw(); /* If tmp dir does not exist create it */ if (file_exists($tmpfname)) { - echo "The directory tmp exists...\n"; + echo 'The directory tmp exists...' . "\n"; } else { mkdir("{$tmpfname}", 700); } /* download md5 sig from snort.org */ -if ($snortdownload == "basic" || $snortdownload == "premium") +if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename_md5}") && filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { - echo "snort.org md5 temp file exists...\n"; + echo 'snort.org md5 temp file exists...' . "\n"; } else { - echo "Downloading snort.org md5 file...\n"; + echo 'Downloading snort.org md5 file...' . "\n"; ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2860{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); + $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); + $f = fopen("{$tmpfname}/{$snort_filename_md5}", 'w'); fwrite($f, $image); fclose($f); - echo "Done downloading snort.org md5\n"; + echo 'Done downloading snort.org md5' . "\n"; } } /* download md5 sig from emergingthreats.net */ if ($emergingthreats == "on") { - echo "Downloading emergingthreats md5 file...\n"; + echo 'Downloading emergingthreats md5 file...' . "\n"; ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); $f = fopen("{$tmpfname}/version.txt", 'w'); fwrite($f, $image); fclose($f); - echo "Done downloading emergingthreats md5\n"; + echo 'Done downloading emergingthreats md5' . "\n"; } /* download md5 sig from pfsense.org */ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - echo "pfsense md5 temp file exists...\n"; + echo 'Pfsense md5 temp file exists...' . "\n"; } else { - echo "Downloading pfsense md5 file...\n"; + echo 'Downloading pfsense md5 file...' . "\n"; ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); fwrite($f, $image); fclose($f); - echo "Done downloading pfsense md5.\n"; + echo 'Done downloading pfsense md5.' . "\n"; } /* If md5 file is empty wait 15min exit */ -if ($snortdownload != "off") +if ($snortdownload == 'on') { - if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")) + if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) { - echo "Please wait... You may only check for New Rules every 15 minutes...\n"; - echo "Rules are released every month from snort.org. You may download the Rules at any time.\n"; + echo 'Please wait... You may only check for New Rules every 15 minutes...' . "\n"; + echo 'Rules are released every month from snort.org. You may download the Rules at any time.' . "\n"; conf_mount_ro(); exit(0); } @@ -263,16 +279,16 @@ if ($snortdownload != "off") /* If pfsense md5 file is empty wait 15min exit */ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - echo "Please wait... You may only check for New Pfsense Rules every 15 minutes...\n"; - echo "Rules are released to support Pfsense packages.\n"; -conf_mount_ro(); + echo 'Please wait... You may only check for New Pfsense Rules every 15 minutes...' . "\n"; + echo 'Rules are released to support Pfsense packages.' . "\n"; + conf_mount_ro(); exit(0); } /* Check if were up to date snort.org */ -if ($snortdownload != "off") +if ($snortdownload == 'on') { - if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")) + if (file_exists("{$snortdir}/{$snort_filename_md5}")) { $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; @@ -283,9 +299,9 @@ if ($snortdownload != "off") conf_mount_rw(); if ($md5_check_new == $md5_check_old) { - echo "Your rules are up to date...\n"; - echo "You may start Snort now, check update.\n"; - $snort_md5_check_ok = on; + echo 'Your rules are up to date...' . "\n"; + echo 'You may start Snort now, check update.' . "\n"; + $snort_md5_check_ok = on; } } } @@ -305,7 +321,7 @@ if ($emergingthreats == "on") conf_mount_rw(); if ($emerg_md5_check_new == $emerg_md5_check_old) { - $emerg_md5_check_ok = on; + $emerg_md5_check_ok = on; } } } @@ -323,48 +339,48 @@ if ($emergingthreats == "on") conf_mount_rw(); if ($pfsense_md5_check_new == $pfsense_md5_check_old) { - $pfsense_md5_check_ok = on; + $pfsense_md5_check_ok = on; } } /* Check if were up to date is so, exit */ /* WARNING This code needs constant checks */ -if ($snortdownload != "off" && $emergingthreats != "off") +if ($snortdownload == 'on' && $emergingthreats == 'on') { - if ($snort_md5_check_ok == "on" && $emerg_md5_check_ok == "on") + if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on') { - echo "All your rules are up to date...\n"; - echo "You may start Snort now...\n"; + echo 'All your rules are up to date...' . "\n"; + echo 'You may start Snort now...' . "\n"; conf_mount_ro(); exit(0); } } -if ($snortdownload == "on" && $emergingthreats == "off") +if ($snortdownload == 'on' && $emergingthreats == 'off') { - if ($snort_md5_check_ok == "on") + if ($snort_md5_check_ok == 'on') { - echo "Your snort.org rules are up to date...\n"; - echo "You may start Snort now...\n"; + echo 'Your snort.org rules are up to date...' . "\n"; + echo 'You may start Snort now...' . "\n"; conf_mount_ro(); exit(0); } } -if ($snortdownload == "off" && $emergingthreats == "on") +if ($snortdownload == 'off' && $emergingthreats == 'on') { - if ($emerg_md5_check_ok == "on") + if ($emerg_md5_check_ok == 'on') { - echo "Your Emergingthreats rules are up to date...\n"; - echo "You may start Snort now...\n"; + echo 'Your Emergingthreats rules are up to date...' . "\n"; + echo 'You may start Snort now...' . "\n"; conf_mount_ro(); exit(0); } } /* You are Not Up to date, always stop snort when updating rules for low end machines */; -echo "You are NOT up to date...\n"; -echo "Stopping Snort service...\n"; +echo 'You are NOT up to date...' . "\n"; +echo 'Stopping Snort service...' . "\n"; $chk_if_snort_up = exec("pgrep -x snort"); if ($chk_if_snort_up != "") { exec("/usr/bin/touch /tmp/snort_download_halt.pid"); @@ -373,21 +389,22 @@ if ($chk_if_snort_up != "") { } /* download snortrules file */ -if ($snortdownload != "off") +if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { - echo "Snortrule tar file exists...\n"; + echo 'Snortrule tar file exists...' . "\n"; } else { - echo "There is a new set of Snort.org rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - download_file_with_progress_bar2("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2860{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}"); - echo "Done downloading rules file.\n"; - if (150000 > filesize("{$tmpfname}/{$snort_filename}")){ - echo "Error with the snort rules download...\n"; - echo "Snort rules file downloaded failed...\n"; - conf_mount_ro(); - exit(0); + echo 'There is a new set of Snort.org rules posted. Downloading...' . "\n"; + echo 'May take 4 to 10 min...' . "\n"; + conf_mount_rw(); + download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); + echo 'Done downloading rules file.' . "\n"; + if (150000 > filesize("{$tmpfname}/$snort_filename")){ + echo 'Error with the snort rules download...' . "\n"; + echo 'Snort rules file downloaded failed...' . "\n"; + conf_mount_ro(); + exit(0); } } } @@ -400,12 +417,12 @@ if ($emergingthreats == "on") { if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - echo "Emergingthreats tar file exists...\n"; + echo 'Emergingthreats tar file exists...' . "\n"; }else{ - echo "There is a new set of Emergingthreats rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - download_file_with_progress_bar2("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}"); - echo "Done downloading Emergingthreats rules file.\n"; + echo 'There is a new set of Emergingthreats rules posted. Downloading...' . "\n"; + echo 'May take 4 to 10 min...' . "\n"; + download_file_with_progress_bar2("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); + echo 'Done downloading Emergingthreats rules file.' . "\n"; } } } @@ -413,12 +430,12 @@ if ($emergingthreats == "on") /* download pfsense rules file */ if ($pfsense_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - echo "Snortrule tar file exists...\n"; + echo 'Snortrule tar file exists...' . "\n"; } else { - echo "There is a new set of Pfsense rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}"); - echo "Done downloading rules file.\n"; + echo 'There is a new set of Pfsense rules posted. Downloading...' . "\n"; + echo 'May take 4 to 10 min...' . "\n"; + download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); + echo 'Done downloading rules file.' . "\n"; } } @@ -451,7 +468,7 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { //} /* Untar snort rules file individually to help people with low system specs */ -if ($snortdownload != "off") +if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { @@ -463,8 +480,8 @@ if ($snortdownload != "off") $freebsd_version_so = 'FreeBSD-8-0'; } - echo "Extracting Snort.org rules...\n"; - echo "May take a while...\n"; + echo 'Extracting Snort.org rules...' . "\n"; + echo 'May take a while...' . "\n"; /* extract snort.org rules and add prefix to all snort.org files*/ exec("/bin/rm -r {$snortdir}/rules"); sleep(2); @@ -519,10 +536,10 @@ if ($snortdownload != "off") exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); exec("/bin/rm -r {$snortdir}/etc"); - echo "Done extracting Snort.org Rules.\n"; + echo 'Done extracting Snort.org Rules.' . "\n"; }else{ - echo "Error extracting Snort.org Rules...\n"; - echo "Error Line 453\n"; + echo 'Error extracting Snort.org Rules...' . "\n"; + echo 'Error Line 755' . "\n"; conf_mount_ro(); exit(0); } @@ -536,8 +553,8 @@ if ($emergingthreats == "on") { if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - echo "Extracting rules...\n"; - echo "May take a while...\n"; + echo 'Extracting rules...' . "\n"; + echo 'May take a while...' . "\n"; exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); } } @@ -546,8 +563,8 @@ if ($emergingthreats == "on") /* Untar Pfsense rules to tmp */ if ($pfsense_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - echo "Extracting Pfsense rules...\n"; - echo "May take a while...\n"; + echo 'Extracting Pfsense rules...' . "\n"; + echo 'May take a while...' . "\n"; exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); } } @@ -557,24 +574,24 @@ if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; if ($premium_url_chk == on) { - echo "Extracting Signatures...\n"; - echo "May take a while...\n"; + echo 'Extracting Signatures...' . "\n"; + echo 'May take a while...' . "\n"; exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - echo "Done extracting Signatures.\n"; + echo 'Done extracting Signatures.' . "\n"; } } } /* Copy md5 sig to snort dir */ -if ($snortdownload != "off") +if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/$snort_filename_md5")) { - echo "Copying md5 sig to snort directory...\n"; + echo 'Copying md5 sig to snort directory...' . "\n"; exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); }else{ - echo "The md5 file does not exist...\n"; - echo "Error copying config...\n"; + echo 'The md5 file does not exist...' . "\n"; + echo 'Error copying config...' . "\n"; conf_mount_ro(); exit(0); } @@ -588,11 +605,11 @@ if ($emergingthreats == "on") { if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { - echo "Copying md5 sig to snort directory...\n"; + echo 'Copying md5 sig to snort directory...' . "\n"; exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); }else{ - echo "The emergingthreats md5 file does not exist...\n"; - echo "Error copying config...\n"; + echo 'The emergingthreats md5 file does not exist...' . "\n"; + echo 'Error copying config...' . "\n"; conf_mount_ro(); exit(0); } @@ -602,18 +619,19 @@ if ($emergingthreats == "on") /* Copy Pfsense md5 sig to snort dir */ if ($pfsense_md5_check_ok != on) { if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - echo "Copying Pfsense md5 sig to snort directory...\n"; + echo 'Copying Pfsense md5 sig to snort directory...' . "\n"; exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); } else { - echo "The Pfsense md5 file does not exist...\n"; - echo "Error copying config...\n"; + update_status(gettext("")); + echo 'The Pfsense md5 file does not exist...' . "\n"; + echo 'Error copying config...' . "\n"; conf_mount_ro(); exit(0); } } /* Copy signatures dir to snort dir */ -if ($snortdownload != "off") +if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { @@ -621,14 +639,14 @@ if ($snortdownload != "off") if ($premium_url_chk == on) { if (file_exists("{$snortdir}/doc/signatures")) { - echo "Copying signatures...\n"; - echo "May take a while...\n"; + echo 'Copying signatures...' . "\n"; + echo 'May take a while...' . "\n"; exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); exec("/bin/rm -r {$snortdir}/doc/signatures"); - echo "Done copying signatures.\n"; + echo 'Done copying signatures.' . "\n"; }else{ - echo "Directory signatures exist...\n"; - echo "Error copying signature...\n"; + echo 'Directory signatures exist...' . "\n"; + echo 'Error copying signature...' . "\n"; conf_mount_ro(); exit(0); } @@ -659,11 +677,10 @@ exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rule exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); /* create a msg-map for snort */ -echo "Updating Alert Messages...\n"; -echo "Please Wait...\n"; +echo 'Updating Alert Messages...' . "\n"; +echo 'Please Wait...' . "\n"; exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); - ////////////////// /* open oinkmaster_conf for writing" function */ @@ -736,8 +753,8 @@ function oinkmaster_run($id, $if_real, $iface_uuid) if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '') { - echo "Your first set of rules are being copied...\n"; - echo "May take a while...\n"; + echo 'Your first set of rules are being copied...' . "\n"; + echo 'May take a while...' . "\n"; exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); @@ -747,8 +764,8 @@ function oinkmaster_run($id, $if_real, $iface_uuid) exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); }else{ - echo "Your enable and disable changes are being applied to your fresh set of rules...\n"; - echo "May take a while...\n"; + echo 'Your enable and disable changes are being applied to your fresh set of rules...' . "\n"; + echo 'May take a while...' . "\n"; exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); @@ -797,7 +814,7 @@ $config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS /* remove old $tmpfname files */ if (file_exists('/usr/local/etc/snort/tmp')) { - echo "Cleaning up...\n"; + echo 'Cleaning up...' . "\n"; exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); sleep(2); exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); @@ -821,17 +838,15 @@ exec("/bin/chmod -R 755 /usr/local/lib/snort"); /* if snort is running hardrestart, if snort is not running do nothing */ if (file_exists("/tmp/snort_download_halt.pid")) { exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); - echo "The Rules update finished...\n"; - echo "Snort has restarted with your new set of rules...\n"; + echo 'The Rules update finished...' . "\n"; + echo 'Snort has restarted with your new set of rules...' . "\n"; exec("/bin/rm /tmp/snort_download_halt.pid"); } else { - echo "The Rules update finished...\n"; - echo "You may start snort now...\n"; + echo 'The Rules update finished...' . "\n"; + echo 'You may start snort now...' . "\n\n"; } -/* copy log to snortdir */ -exec('/bin/cp /tmp/snort_update.log /usr/local/etc/snort/snort_update.log'); - +/* script finnished make system read only again */ conf_mount_ro(); -?> +?> \ No newline at end of file diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index b299bed8..86640a57 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -39,8 +39,8 @@ require_once("/usr/local/pkg/snort/snort.inc"); $tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; $snortdir = "/usr/local/etc/snort"; $snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; -$snort_filename = "snortrules-snapshot-2.8.tar.gz"; +$snort_filename_md5 = "snortrules-snapshot-2860.tar.gz.md5"; +$snort_filename = "snortrules-snapshot-2860.tar.gz"; $emergingthreats_filename_md5 = "version.txt"; $emergingthreats_filename = "emerging.rules.tar.gz"; $pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; @@ -59,15 +59,14 @@ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - - if ($snortdownload == "off" && $emergingthreats != "on") + if ($snortdownload == 'off' && $emergingthreats != 'on') { - $snort_emrging_info = "stop"; + $snort_emrging_info = 'stop'; } - if ($oinkid == "" && $snortdownload != "off") + if ($oinkid == "" && $snortdownload != 'off') { - $snort_oinkid_info = "stop"; + $snort_oinkid_info = 'stop'; } @@ -324,7 +323,7 @@ if (!file_exists('/usr/local/etc/snort/tmp')) { /* Set user agent to Mozilla */ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","125M"); +ini_set("memory_limit","150M"); /* mark the time update started */ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); @@ -333,21 +332,6 @@ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS- ob_flush(); conf_mount_rw(); -$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload']; - -if ($premium_subscriber_chk == "premium") { - $premium_subscriber = "_s"; -}else{ - $premium_subscriber = ""; -} - -$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload']; -if ($premium_url_chk == "premium") { - $premium_url = "sub-rules"; -}else{ - $premium_url = "reg-rules"; -} - /* hide progress bar */ hide_progress_bar_status(); @@ -382,8 +366,10 @@ if (file_exists($tmpfname)) { /* unhide progress bar and lets end this party */ unhide_progress_bar_status(); + + /* download md5 sig from snort.org */ -if ($snortdownload == "basic" || $snortdownload == "premium") +if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename_md5}") && filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { @@ -391,9 +377,8 @@ if ($snortdownload == "basic" || $snortdownload == "premium") } else { update_status(gettext("Downloading snort.org md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.snort.org/{$premium_url}/snortrules-snapshot-2860.tar.gz.md5/{$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); + $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); + $f = fopen("{$tmpfname}/{$snort_filename_md5}", 'w'); fwrite($f, $image); fclose($f); update_status(gettext("Done downloading snort.org md5")); @@ -428,9 +413,9 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { } /* If md5 file is empty wait 15min exit */ -if ($snortdownload != "off") +if ($snortdownload == 'on') { - if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")) + if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) { update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); @@ -472,9 +457,9 @@ conf_mount_ro(); } /* Check if were up to date snort.org */ -if ($snortdownload != "off") +if ($snortdownload == 'on') { - if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")) + if (file_exists("{$snortdir}/{$snort_filename_md5}")) { $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; @@ -535,9 +520,9 @@ if ($emergingthreats == "on") /* Check if were up to date is so, exit */ /* WARNING This code needs constant checks */ -if ($snortdownload != "off" && $emergingthreats != "off") +if ($snortdownload == 'on' && $emergingthreats == 'on') { - if ($snort_md5_check_ok == "on" && $emerg_md5_check_ok == "on") + if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on') { update_status(gettext("All your rules are up to date...")); update_output_window(gettext("You may start Snort now...")); @@ -554,9 +539,9 @@ if ($snortdownload != "off" && $emergingthreats != "off") } } -if ($snortdownload == "on" && $emergingthreats == "off") +if ($snortdownload == 'on' && $emergingthreats == 'off') { - if ($snort_md5_check_ok == "on") + if ($snort_md5_check_ok == 'on') { update_status(gettext("Your snort.org rules are up to date...")); update_output_window(gettext("You may start Snort now...")); @@ -573,9 +558,9 @@ if ($snortdownload == "on" && $emergingthreats == "off") } } -if ($snortdownload == "off" && $emergingthreats == "on") +if ($snortdownload == 'off' && $emergingthreats == 'on') { - if ($emerg_md5_check_ok == "on") + if ($emerg_md5_check_ok == 'on') { update_status(gettext("Your Emergingthreats rules are up to date...")); update_output_window(gettext("You may start Snort now...")); @@ -603,7 +588,7 @@ if ($chk_if_snort_up != "") { } /* download snortrules file */ -if ($snortdownload != "off") +if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { @@ -612,12 +597,13 @@ if ($snortdownload != "off") unhide_progress_bar_status(); update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); update_output_window(gettext("May take 4 to 10 min...")); -// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - snort_download_file_with_progress_bar("http://www.snort.org/{$premium_url}/snortrules-snapshot-2860.tar.gz/{$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); + conf_mount_rw(); + snort_download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); update_all_status($static_output); update_status(gettext("Done downloading rules file.")); if (150000 > filesize("{$tmpfname}/$snort_filename")){ update_status(gettext("Error with the snort rules download...")); + update_output_window(gettext("Snort rules file downloaded failed...")); echo '