From 10cab278e653f00bd8ec0ee0e82d30e5c7798042 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 19 Feb 2014 14:08:14 -0500 Subject: BETA version of Suricata 1.4.6 IDS package v0.1 for pfSense. --- .../suricata/suricata_check_for_rule_updates.php | 683 +++++++++++++++++++++ 1 file changed, 683 insertions(+) create mode 100644 config/suricata/suricata_check_for_rule_updates.php (limited to 'config/suricata/suricata_check_for_rule_updates.php') diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php new file mode 100644 index 00000000..ec39c203 --- /dev/null +++ b/config/suricata/suricata_check_for_rule_updates.php @@ -0,0 +1,683 @@ + "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content", + 206 => "Partial Content", 301 => "Moved Permanently", 302 => "Found", + 305 => "Use Proxy", 307 => "Temporary Redirect", 400 => "Bad Request", + 401 => "Unauthorized", 402 => "Payment Required", 403 => "Forbidden", + 404 => "Not Found", 405 => "Method Not Allowed", 407 => "Proxy Authentication Required", + 408 => "Request Timeout", 410 => "Gone", 500 => "Internal Server Error", + 501 => "Not Implemented", 502 => "Bad Gateway", 503 => "Service Unavailable", + 504 => "Gateway Timeout", 505 => "HTTP Version Not Supported" ); + + $last_curl_error = ""; + + $fout = fopen($file_out, "wb"); + if ($fout) { + $ch = curl_init($url); + if (!$ch) + return false; + curl_setopt($ch, CURLOPT_FILE, $fout); + + // NOTE: required to suppress errors from XMLRPC due to progress bar output + if ($g['suricata_sync_in_progress']) + curl_setopt($ch, CURLOPT_HEADER, false); + else { + curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); + curl_setopt($ch, CURLOPT_WRITEFUNCTION, 'read_body'); + } + + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)"); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); + curl_setopt($ch, CURLOPT_TIMEOUT, 0); + + // Use the system proxy server setttings if configured + if (!empty($config['system']['proxyurl'])) { + curl_setopt($ch, CURLOPT_PROXY, $config['system']['proxyurl']); + if (!empty($config['system']['proxyport'])) + curl_setopt($ch, CURLOPT_PROXYPORT, $config['system']['proxyport']); + if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) { + @curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_ANY | CURLAUTH_ANYSAFE); + curl_setopt($ch, CURLOPT_PROXYUSERPWD, "{$config['system']['proxyuser']}:{$config['system']['proxypass']}"); + } + } + + $counter = 0; + $rc = true; + // Try up to 4 times to download the file before giving up + while ($counter < 4) { + $counter++; + $rc = curl_exec($ch); + if ($rc === true) + break; + log_error(gettext("[Suricata] Rules download error: " . curl_error($ch))); + log_error(gettext("[Suricata] Will retry in 15 seconds...")); + sleep(15); + } + if ($rc === false) + $last_curl_error = curl_error($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + if (isset($http_resp_msg[$http_code])) + $last_curl_error = $http_resp_msg[$http_code]; + curl_close($ch); + fclose($fout); + + // If we had to try more than once, log it + if ($counter > 1) + log_error(gettext("File '" . basename($file_out) . "' download attempts: {$counter} ...")); + return ($http_code == 200) ? true : $http_code; + } + else { + $last_curl_error = gettext("Failed to create file " . $file_out); + log_error(gettext("[Suricata] Failed to create file {$file_out} ...")); + return false; + } +} + +function suricata_check_rule_md5($file_url, $file_dst, $desc = "") { + + /**********************************************************/ + /* This function attempts to download the passed MD5 hash */ + /* file and compare its contents to the currently stored */ + /* hash file to see if a new rules file has been posted. */ + /* */ + /* On Entry: $file_url = URL for md5 hash file */ + /* $file_dst = Temp destination to store the */ + /* downloaded hash file */ + /* $desc = Short text string used to label */ + /* log messages with rules type */ + /* */ + /* Returns: TRUE if new rule file download required. */ + /* FALSE if rule download not required or an */ + /* error occurred. */ + /**********************************************************/ + + global $pkg_interface, $suricata_rules_upd_log, $last_curl_error; + + $suricatadir = SURICATADIR; + $filename_md5 = basename($file_dst); + + if ($pkg_interface <> "console") + update_status(gettext("Downloading {$desc} md5 file...")); + error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, $suricata_rules_upd_log); + $rc = suricata_download_file_url($file_url, $file_dst); + + // See if download from URL was successful + if ($rc === true) { + if ($pkg_interface <> "console") + update_status(gettext("Done downloading {$filename_md5}.")); + error_log("\tChecking {$desc} md5 file...\n", 3, $suricata_rules_upd_log); + + // check md5 hash in new file against current file to see if new download is posted + if (file_exists("{$suricatadir}{$filename_md5}")) { + $md5_check_new = file_get_contents($file_dst); + $md5_check_old = file_get_contents("{$suricatadir}{$filename_md5}"); + if ($md5_check_new == $md5_check_old) { + if ($pkg_interface <> "console") + update_status(gettext("{$desc} are up to date...")); + log_error(gettext("[Suricata] {$desc} are up to date...")); + error_log(gettext("\t{$desc} are up to date.\n"), 3, $suricata_rules_upd_log); + return false; + } + else + return true; + } + return true; + } + else { + error_log(gettext("\t{$desc} md5 download failed.\n"), 3, $suricata_rules_upd_log); + $suricata_err_msg = gettext("Server returned error code {$rc}."); + if ($pkg_interface <> "console") { + update_status(gettext("{$desc} md5 error ... Server returned error code {$rc} ...")); + update_output_window(gettext("{$desc} will not be updated.\n\t{$suricata_err_msg}")); + } + log_error(gettext("[Suricata] {$desc} md5 download failed...")); + log_error(gettext("[Suricata] Server returned error code {$rc}...")); + error_log(gettext("\t{$suricata_err_msg}\n"), 3, $suricata_rules_upd_log); + if ($pkg_interface == "console") + error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, $suricata_rules_upd_log); + return false; + } +} + +function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { + + /**********************************************************/ + /* This function downloads the passed rules file and */ + /* compares its computed md5 hash to the passed md5 hash */ + /* to verify the file's integrity. */ + /* */ + /* On Entry: $file_url = URL of rules file */ + /* $file_dst = Temp destination to store the */ + /* downloaded rules file */ + /* $file_md5 = Expected md5 hash for the new */ + /* downloaded rules file */ + /* $desc = Short text string for use in */ + /* log messages */ + /* */ + /* Returns: TRUE if download was successful. */ + /* FALSE if download was not successful. */ + /**********************************************************/ + + global $pkg_interface, $suricata_rules_upd_log, $last_curl_error; + + $suricatadir = SURICATADIR; + $filename = basename($file_dst); + + if ($pkg_interface <> "console") + update_status(gettext("There is a new set of {$desc} posted. Downloading...")); + log_error(gettext("[Suricata] There is a new set of {$desc} posted. Downloading {$filename}...")); + error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, $suricata_rules_upd_log); + $rc = suricata_download_file_url($file_url, $file_dst); + + // See if the download from the URL was successful + if ($rc === true) { + if ($pkg_interface <> "console") + update_status(gettext("Done downloading {$desc} file.")); + log_error("[Suricata] {$desc} file update downloaded successfully"); + error_log(gettext("\tDone downloading rules file.\n"),3, $suricata_rules_upd_log); + + // Test integrity of the rules file. Turn off update if file has wrong md5 hash + if ($file_md5 != trim(md5_file($file_dst))){ + if ($pkg_interface <> "console") + update_output_window(gettext("{$desc} file MD5 checksum failed...")); + log_error(gettext("[Suricata] {$desc} file download failed. Bad MD5 checksum...")); + log_error(gettext("[Suricata] Downloaded File MD5: " . md5_file($file_dst))); + log_error(gettext("[Suricata] Expected File MD5: {$file_md5}")); + error_log(gettext("\t{$desc} file download failed. Bad MD5 checksum.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $suricata_rules_upd_log); + return false; + } + return true; + } + else { + if ($pkg_interface <> "console") + update_output_window(gettext("{$desc} file download failed...")); + log_error(gettext("[Suricata] {$desc} file download failed... server returned error '{$rc}'...")); + error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, $suricata_rules_upd_log); + if ($pkg_interface == "console") + error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, $suricata_rules_upd_log); + return false; + } + +} + +/* Start of main code */ +conf_mount_rw(); + +/* remove old $tmpfname files if present */ +if (is_dir("{$tmpfname}")) + exec("/bin/rm -r {$tmpfname}"); + +/* Make sure required suricatadirs exsist */ +exec("/bin/mkdir -p {$suricatadir}rules"); +exec("/bin/mkdir -p {$tmpfname}"); +exec("/bin/mkdir -p {$suricatalogdir}"); + +/* See if we need to automatically clear the Update Log based on 1024K size limit */ +if (file_exists($suricata_rules_upd_log)) { + if (1048576 < filesize($suricata_rules_upd_log)) + exec("/bin/rm -r {$suricata_rules_upd_log}"); +} + +/* Log start time for this rules update */ +error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $suricata_rules_upd_log); +$last_curl_error = ""; + +/* Check for and download any new Emerging Threats Rules sigs */ +if ($emergingthreats == 'on') { + if (suricata_check_rule_md5("{$emergingthreats_url}{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}", "{$et_name} rules")) { + /* download Emerging Threats rules file */ + $file_md5 = trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")); + if (!suricata_fetch_new_rules("{$emergingthreats_url}{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}", $file_md5, "{$et_name} rules")) + $emergingthreats = 'off'; + } + else + $emergingthreats = 'off'; +} + +/* Check for and download any new Snort VRT sigs */ +if ($snortdownload == 'on') { + if (suricata_check_rule_md5("{$snort_rule_url}{$snort_filename_md5}/{$oinkid}/", "{$tmpfname}/{$snort_filename_md5}", "Snort VRT rules")) { + /* download snortrules file */ + $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_filename_md5}")); + if (!suricata_fetch_new_rules("{$snort_rule_url}{$snort_filename}/{$oinkid}/", "{$tmpfname}/{$snort_filename}", $file_md5, "Snort VRT rules")) + $snortdownload = 'off'; + } + else + $snortdownload = 'off'; +} + +/* Check for and download any new Snort GPLv2 Community Rules sigs */ +if ($snortcommunityrules == 'on') { + if (suricata_check_rule_md5("{$snort_community_rules_url}{$snort_community_rules_filename_md5}", "{$tmpfname}/{$snort_community_rules_filename_md5}", "Snort GPLv2 Community Rules")) { + /* download Snort GPLv2 Community Rules file */ + $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")); + if (!suricata_fetch_new_rules("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}", $file_md5, "Snort GPLv2 Community Rules")) + $snortcommunityrules = 'off'; + } + else + $snortcommunityrules = 'off'; +} + +/* Untar Emerging Threats rules file to tmp if downloaded */ +if ($emergingthreats == 'on') { + safe_mkdir("{$tmpfname}/emerging"); + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { + if ($pkg_interface <> "console") { + update_status(gettext("Extracting {$et_name} rules...")); + update_output_window(gettext("Installing {$et_name} rules...")); + } + error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $suricata_rules_upd_log); + exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname}/emerging rules/"); + + /* Remove the old Emerging Threats rules files */ + $eto_prefix = ET_OPEN_FILE_PREFIX; + $etpro_prefix = ET_PRO_FILE_PREFIX; + array_map('unlink', glob("{$suricatadir}rules/{$eto_prefix}*.rules")); + array_map('unlink', glob("{$suricatadir}rules/{$etpro_prefix}*.rules")); + array_map('unlink', glob("{$suricatadir}rules/{$eto_prefix}*ips.txt")); + array_map('unlink', glob("{$suricatadir}rules/{$etpro_prefix}*ips.txt")); + + // The code below renames ET-Pro files with a prefix, so we + // skip renaming the Suricata default events rule files + // that are also bundled in the ET-Pro rules. + $default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules" ); + $files = glob("{$tmpfname}/emerging/rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file); + if ($etpro == "on" && !in_array($newfile, $default_rules)) + @copy($file, "{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "{$newfile}"); + else + @copy($file, "{$suricatadir}rules/{$newfile}"); + } + /* IP lists for Emerging Threats rules */ + $files = glob("{$tmpfname}/emerging/rules/*ips.txt"); + foreach ($files as $file) { + $newfile = basename($file); + if ($etpro == "on") + @copy($file, "{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "{$newfile}"); + else + @copy($file, "{$suricatadir}rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}"); + } + /* base etc files for Emerging Threats rules */ + foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { + if (file_exists("{$tmpfname}/emerging/rules/{$file}")) + @copy("{$tmpfname}/emerging/rules/{$file}", "{$tmpfname}/ET_{$file}"); + } + + /* Copy emergingthreats md5 sig to Suricata dir */ + if (file_exists("{$tmpfname}/{$emergingthreats_filename_md5}")) { + if ($pkg_interface <> "console") + update_status(gettext("Copying md5 signature to Suricata directory...")); + @copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$suricatadir}{$emergingthreats_filename_md5}"); + } + if ($pkg_interface <> "console") { + update_status(gettext("Extraction of {$et_name} rules completed...")); + update_output_window(gettext("Installation of {$et_name} rules completed...")); + } + error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $suricata_rules_upd_log); + exec("rm -r {$tmpfname}/emerging"); + } +} + +/* Untar Snort rules file to tmp */ +if ($snortdownload == 'on') { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + /* Remove the old Snort rules files */ + $vrt_prefix = VRT_FILE_PREFIX; + array_map('unlink', glob("{$suricatadir}rules/{$vrt_prefix}*.rules")); + + if ($pkg_interface <> "console") { + update_status(gettext("Extracting Snort VRT rules...")); + update_output_window(gettext("Installing Sourcefire VRT rules...")); + } + error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $suricata_rules_upd_log); + + /* extract snort.org rules and add prefix to all snort.org files */ + safe_mkdir("{$tmpfname}/snortrules"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}/snortrules rules/"); + $files = glob("{$tmpfname}/snortrules/rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$suricatadir}rules/" . VRT_FILE_PREFIX . "{$newfile}"); + } + + /* IP lists */ + $files = glob("{$tmpfname}/snortrules/rules/*.txt"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$suricatadir}rules/{$newfile}"); + } + exec("rm -r {$tmpfname}/snortrules"); + + /* extract base etc files */ + if ($pkg_interface <> "console") { + update_status(gettext("Extracting Snort VRT config and map files...")); + update_output_window(gettext("Copying config and map files...")); + } + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} etc/"); + foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { + if (file_exists("{$tmpfname}/etc/{$file}")) + @copy("{$tmpfname}/etc/{$file}", "{$tmpfname}/VRT_{$file}"); + } + exec("rm -r {$tmpfname}/etc"); + if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { + if ($pkg_interface <> "console") + update_status(gettext("Copying md5 signature to Suricata directory...")); + @copy("{$tmpfname}/{$snort_filename_md5}", "{$suricatadir}{$snort_filename_md5}"); + } + if ($pkg_interface <> "console") { + update_status(gettext("Extraction of Snort VRT rules completed...")); + update_output_window(gettext("Installation of Sourcefire VRT rules completed...")); + } + error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $suricata_rules_upd_log); + } +} + +/* Untar Snort GPLv2 Community rules file to tmp */ +if ($snortcommunityrules == 'on') { + safe_mkdir("{$tmpfname}/community"); + if (file_exists("{$tmpfname}/{$snort_community_rules_filename}")) { + if ($pkg_interface <> "console") { + update_status(gettext("Extracting Snort GPLv2 Community Rules...")); + update_output_window(gettext("Installing Snort GPLv2 Community Rules...")); + } + error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, $suricata_rules_upd_log); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$tmpfname}/community/"); + + $files = glob("{$tmpfname}/community/community-rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$suricatadir}rules/" . GPL_FILE_PREFIX . "{$newfile}"); + } + /* base etc files for Snort GPLv2 Community rules */ + foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { + if (file_exists("{$tmpfname}/community/community-rules/{$file}")) + @copy("{$tmpfname}/community/community-rules/{$file}", "{$tmpfname}/" . GPL_FILE_PREFIX . "{$file}"); + } + /* Copy snort community md5 sig to suricata dir */ + if (file_exists("{$tmpfname}/{$snort_community_rules_filename_md5}")) { + if ($pkg_interface <> "console") + update_status(gettext("Copying md5 signature to suricata directory...")); + @copy("{$tmpfname}/{$snort_community_rules_filename_md5}", "{$suricatadir}{$snort_community_rules_filename_md5}"); + } + if ($pkg_interface <> "console") { + update_status(gettext("Extraction of Snort GPLv2 Community Rules completed...")); + update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed...")); + } + error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $suricata_rules_upd_log); + exec("rm -r {$tmpfname}/community"); + } +} + +function suricata_apply_customizations($suricatacfg, $if_real) { + + global $vrt_enabled, $rebuild_rules; + $suricatadir = SURICATADIR; + + suricata_prepare_rule_files($suricatacfg, "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}"); + + /* Copy the master config and map files to the interface directory */ + @copy("{$suricatadir}classification.config", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/classification.config"); + @copy("{$suricatadir}reference.config", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/reference.config"); + @copy("{$suricatadir}gen-msg.map", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/gen-msg.map"); + @copy("{$suricatadir}unicode.map", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/unicode.map"); +} + +if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules == 'on') { + + if ($pkg_interface <> "console") + update_status(gettext('Copying new config and map files...')); + error_log(gettext("\tCopying new config and map files...\n"), 3, $suricata_rules_upd_log); + + /******************************************************************/ + /* Build the classification.config and reference.config files */ + /* using the ones from all the downloaded rules plus the default */ + /* files installed with Suricata. */ + /******************************************************************/ + $cfgs = glob("{$tmpfname}/*reference.config"); + $cfgs[] = "{$suricatadir}reference.config"; + suricata_merge_reference_configs($cfgs, "{$suricatadir}reference.config"); + $cfgs = glob("{$tmpfname}/*classification.config"); + $cfgs[] = "{$suricatadir}classification.config"; + suricata_merge_classification_configs($cfgs, "{$suricatadir}classification.config"); + + /* Determine which map files to use for the master copy. */ + /* The Snort VRT ones are preferred, if available. */ + if ($snortdownload == 'on') + $prefix = "VRT_"; + elseif ($emergingthreats == 'on') + $prefix = "ET_"; + elseif ($snortcommunityrules == 'on') + $prefix = GPL_FILE_PREFIX; + if (file_exists("{$tmpfname}/{$prefix}unicode.map")) + @copy("{$tmpfname}/{$prefix}unicode.map", "{$suricatadir}unicode.map"); + if (file_exists("{$tmpfname}/{$prefix}gen-msg.map")) + @copy("{$tmpfname}/{$prefix}gen-msg.map", "{$suricatadir}gen-msg.map"); + + /* Start the rules rebuild proccess for each configured interface */ + if (is_array($config['installedpackages']['suricata']['rule']) && + !empty($config['installedpackages']['suricata']['rule'])) { + + /* Set the flag to force rule rebuilds since we downloaded new rules */ + $rebuild_rules = true; + + /* Create configuration for each active Suricata interface */ + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + $if_real = suricata_get_real_interface($value['interface']); + // Make sure the interface subdirectory exists. We need to re-create + // it during a pkg reinstall on the intial rules set download. + if (!is_dir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}")) + safe_mkdir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}"); + if (!is_dir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}/rules")) + safe_mkdir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}/rules"); + $tmp = "Updating rules configuration for: " . suricata_get_friendly_interface($value['interface']) . " ..."; + if ($pkg_interface <> "console"){ + update_status(gettext($tmp)); + update_output_window(gettext("Please wait while Suricata interface files are being updated...")); + } + suricata_apply_customizations($value, $if_real); + $tmp = "\t" . $tmp . "\n"; + error_log($tmp, 3, $suricata_rules_upd_log); + } + } + else { + if ($pkg_interface <> "console") { + update_output_window(gettext("Warning: No interfaces configured for Suricata were found...")); + update_output_window(gettext("No interfaces currently have Suricata configured and enabled on them...")); + } + error_log(gettext("\tWarning: No interfaces configured for Suricata were found...\n"), 3, $suricata_rules_upd_log); + } + + /* Clear the rebuild rules flag. */ + $rebuild_rules = false; + + /* Restart Suricata if already running and we are not rebooting to pick up the new rules. */ + if (is_process_running("suricata") && !$g['booting']) { + if ($pkg_interface <> "console") { + update_status(gettext('Restarting Suricata to activate the new set of rules...')); + update_output_window(gettext("Please wait ... restarting Suricata will take some time...")); + } + error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, $suricata_rules_upd_log); + restart_service("suricata"); + if ($pkg_interface <> "console") + update_output_window(gettext("Suricata has restarted with your new set of rules...")); + log_error(gettext("[Suricata] Suricata has restarted with your new set of rules...")); + error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, $suricata_rules_upd_log); + } + else { + if ($pkg_interface <> "console") + update_output_window(gettext("The rules update task is complete...")); + } +} + +// Remove old $tmpfname files +if (is_dir("{$tmpfname}")) { + if ($pkg_interface <> "console") + update_status(gettext("Cleaning up after rules extraction...")); + exec("/bin/rm -r {$tmpfname}"); +} + +if ($pkg_interface <> "console") + update_status(gettext("The Rules update has finished...")); +log_error(gettext("[Suricata] The Rules update has finished.")); +error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $suricata_rules_upd_log); +conf_mount_ro(); + +// Restore the state of $pkg_interface +$pkg_interface = $pkg_interface_orig; + +?> -- cgit v1.2.3 From a5c40093adcb507d8d5991568a36702fcc649cdb Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 19 Feb 2014 23:10:40 -0500 Subject: Use system calls instead of wrappers for getting interface names. --- config/suricata/suricata_check_for_rule_updates.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config/suricata/suricata_check_for_rule_updates.php') diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php index ec39c203..9aa14f6e 100644 --- a/config/suricata/suricata_check_for_rule_updates.php +++ b/config/suricata/suricata_check_for_rule_updates.php @@ -617,14 +617,14 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* Create configuration for each active Suricata interface */ foreach ($config['installedpackages']['suricata']['rule'] as $value) { - $if_real = suricata_get_real_interface($value['interface']); + $if_real = get_real_interface($value['interface']); // Make sure the interface subdirectory exists. We need to re-create // it during a pkg reinstall on the intial rules set download. if (!is_dir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}")) safe_mkdir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}"); if (!is_dir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}/rules")) safe_mkdir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}/rules"); - $tmp = "Updating rules configuration for: " . suricata_get_friendly_interface($value['interface']) . " ..."; + $tmp = "Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($value['interface']) . " ..."; if ($pkg_interface <> "console"){ update_status(gettext($tmp)); update_output_window(gettext("Please wait while Suricata interface files are being updated...")); -- cgit v1.2.3