From 0f5d0864bde099ef8e1e4163c65b3baa8852e7f1 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Thu, 16 May 2013 19:38:49 -0400
Subject: Refine new Snort XMLRPC pkg sync functions.

---
 config/snort/snort.inc | 96 +++++++++++++++++++++++++++++++-------------------
 1 file changed, 60 insertions(+), 36 deletions(-)

(limited to 'config')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index c3381c66..726d7846 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -847,7 +847,7 @@ function snort_rules_up_install_cron($should_install) {
 }
 
 /* Only run when all ifaces needed to sync. Expects filesystem rw */
-function sync_snort_package_config($via_rpc=false) {
+function sync_snort_package_config() {
 	global $config, $g, $flowbit_rules_file, $snort_enforcing_rules_file;
 	global $snort_version, $rebuild_rules;
 
@@ -891,11 +891,6 @@ function sync_snort_package_config($via_rpc=false) {
 	
 	snort_sync_on_changes();
 	
-	if ($via_rpc==true){
-
-		// include here all function calls snort need after xml rpc sync code on backup server
-
-	}
 	conf_mount_ro();
 }
 
@@ -3061,11 +3056,11 @@ function snort_sync_on_changes() {
 			case "manual":
 				if (is_array($snort_sync[row])){
 					$rs=$snort_sync[row];
-					}
+				}
 				else{
-					log_error("[snort] xmlrpc sync is enabled but there is no hosts to push snort config.");
+					log_error("[snort] xmlrpc sync is enabled but there are no hosts to push snort config.");
 					return;
-					}
+				}
 				break;
 			case "auto":
 					if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
@@ -3074,12 +3069,12 @@ function snort_sync_on_changes() {
 						$rs[0]['varsyncusername']=$system_carp['username'];
 						$rs[0]['varsyncpassword']=$system_carp['password'];
 						if ($system_carp['synchronizetoip'] ==""){
-							log_error("[snort] xmlrpc sync is enabled but there is no system backup hosts to push snort config.");
+							log_error("[snort] xmlrpc sync is enabled but there are no system backup hosts to push snort config.");
 							return;
 						}
 					}
 					else{
-						log_error("[snort] xmlrpc sync is enabled but there is no system backup hosts to push snort config.");
+						log_error("[snort] xmlrpc sync is enabled but there are no system backup hosts to push snort config.");
 						return;
 					}
 				break;			
@@ -3088,7 +3083,7 @@ function snort_sync_on_changes() {
 			break;
 		}
 		if (is_array($rs)){
-			log_error("[snort] xmlrpc sync is starting.");
+			log_error("[snort] Snort pkg xmlrpc sync is starting.");
 			foreach($rs as $sh){
 				$sync_to_ip = $sh['varsyncipaddress'];
 				$password = $sh['varsyncpassword'];
@@ -3097,42 +3092,38 @@ function snort_sync_on_changes() {
 				else
 					$username = 'admin';
 				if($password && $sync_to_ip)
-					snort_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout);
-				}
-			log_error("[snort] xmlrpc sync is ending.");
+					snort_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout);
 			}
- 		}
+			log_error("[snort] Snort pkg xmlrpc sync completed.");
+		}
+ 	}
 }
+
 /* Do the actual XMLRPC sync */
 function snort_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
 	global $config, $g;
 
-	if(!$username)
-		return;
-		
-	if(!$password)
-		return;
-
-	if(!$sync_to_ip)
+	if(!$username || !$password || !$sync_to_ip) {
+		log_error("[snort] A required XMLRPC sync parameter (user, host IP or password) is empty ... aborting pkg sync");
 		return;
+	}
 
 	if(!$synctimeout)
 		$synctimeout=150;
 		
-		
 	$xmlrpc_sync_neighbor = $sync_to_ip;
-    if($config['system']['webgui']['protocol'] != "") {
+	if($config['system']['webgui']['protocol'] != "") {
 		$synchronizetoip = $config['system']['webgui']['protocol'];
 		$synchronizetoip .= "://";
-    }
-    $port = $config['system']['webgui']['port'];
-    /* if port is empty lets rely on the protocol selection */
-    if($port == "") {
+	}
+	$port = $config['system']['webgui']['port'];
+	/* if port is empty lets rely on the protocol selection */
+	if($port == "") {
 		if($config['system']['webgui']['protocol'] == "http") 
 			$port = "80";
 		else 
 			$port = "443";
-    }
+	}
 	$synchronizetoip .= $sync_to_ip;
 
 	/* xml will hold the sections to sync */
@@ -3146,7 +3137,7 @@ function snort_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
 
 	/* set a few variables needed for sync code borrowed from filter.inc */
 	$url = $synchronizetoip;
-	log_error("Beginning snort XMLRPC sync to {$url}:{$port}.");
+	log_error("[snort] Beginning Snort pkg XMLRPC sync to {$url}:{$port}.");
 	$method = 'pfsense.merge_installedpackages_section_xmlrpc';
 	$msg = new XML_RPC_Message($method, $params);
 	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -3166,20 +3157,20 @@ function snort_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
 		log_error($error);
 		file_notice("sync_settings", $error, "snort Settings Sync", "");
 	} else {
-		log_error("snort XMLRPC sync successfully completed with {$url}:{$port}.");
+		log_error("[snort] Snort pkg XMLRPC sync successfully completed with {$url}:{$port}.");
 	}
 	
 	/* tell snort to reload our settings on the destination sync host. */
 	$method = 'pfsense.exec_php';
 	$execcmd  = "require_once('/usr/local/pkg/snort/snort.inc');\n";
-	$execcmd .= "sync_snort_package_config(true);";
+	$execcmd .= "snort_sync_build_slave_conf();";
 	/* assemble xmlrpc payload */
 	$params = array(
 		XML_RPC_encode($password),
 		XML_RPC_encode($execcmd)
 	);
 	
-	log_error("snort XMLRPC reload data {$url}:{$port}.");
+	log_error("[snort] Snort XMLRPC sending reload configuration cmds to {$url}:{$port}.");
 	$msg = new XML_RPC_Message($method, $params);
 	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
 	$cli->setCredentials($username, $password);
@@ -3195,8 +3186,41 @@ function snort_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
 		log_error($error);
 		file_notice("sync_settings", $error, "snort Settings Sync", "");
 	} else {
-		log_error("snort XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+		log_error("[snort] Snort pkg XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php).");
 	}
-	
 }
+
+function snort_sync_build_slave_conf() {
+
+	/*************************************************/
+	/* This function is called by the XMLRPC package */
+	/* sync process on the master host and is used   */
+	/* to build the initial Snort configuration on   */
+	/* a slave (or secondary) host after the push    */
+	/* of the config.xml data.                       */
+	/*************************************************/
+
+	global $g, $rebuild_rules, $snort_gui_include, $is_postinstall;
+
+	// First download fresh rules if necessary
+	unset($snort_gui_include);
+	$is_postinstall = true;
+	log_error(gettext("[snort] XMLRPC pkg sync: Downloading and updating configured rule types..."));
+
+	// Suppress all PHP output by swallowing it in the output buffer and then discarding it
+	ob_start();
+
+	// Now start the actual configuration build on the remote slave
+	@include_once("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
+	$is_postinstall = false;
+	log_error(gettext("[snort] XMLRPC pkg sync: Generating snort.conf file using Master Host's settings..."));
+	$rebuild_rules = "on";
+	sync_snort_package_config();
+	$rebuild_rules = "off";
+	log_error(gettext("[snort] XMLRPC pkg sync process on this host is complete..."));
+
+	// Finally, discard any buffered PHP output and return
+	ob_end_clean();
+}
+
 ?>
-- 
cgit v1.2.3