From 43a1843df119d61e23a2026f3f7723461c83b043 Mon Sep 17 00:00:00 2001 From: Ermal Date: Sun, 22 Jul 2012 13:27:55 +0000 Subject: Extract emerging threats before snort and copy even ip lists into rules file --- config/snort/snort_check_for_rule_updates.php | 72 ++++++++++++++++----------- 1 file changed, 42 insertions(+), 30 deletions(-) (limited to 'config') diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 89039f9f..112682d2 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -164,6 +164,42 @@ $sedcmd .= "s/^\\talert/alert/g\n"; $sedcmd .= "s/^[ \\t]*alert/alert/g\n"; @file_put_contents("{$snortdir}/tmp/sedcmd", $sedcmd); +/* Untar emergingthreats rules to tmp */ +if ($emergingthreats == 'on') { + safe_mkdir("{$snortdir}/tmp/emerging"); + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { + update_status(gettext("Extracting rules...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/"); + + $files = glob("{$snortdir}/tmp/emerging/rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$snortdir}/rules/{$newfile}"); + } + /* IP lists */ + $files = glob("{$snortdir}/tmp/emerging/rules/*.txt"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$snortdir}/rules/{$newfile}"); + } + if ($snortdownload == 'off') { + foreach (array("classification.config", "reference.config", "sid-msg.map", "unicode.map") as $file) { + if (file_exists("{$snortdir}/tmp/emerging/rules/{$file}")) + @copy("{$snortdir}/tmp/emerging/rules/{$file}", "{$snortdir}/{$file}"); + } + } + + /* make shure default rules are in the right format */ + exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/emerging*.rules"); + + /* Copy emergingthreats md5 sig to snort dir */ + if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { + update_status(gettext("Copying md5 sig to snort directory...")); + @copy("{$tmpfname}/$emergingthreats_filename_md5", "{$snortdir}/$emergingthreats_filename_md5"); + } + } +} + /* Untar snort rules file individually to help people with low system specs */ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { @@ -181,6 +217,12 @@ if ($snortdownload == 'on') { $newfile = basename($file); @copy($file, "{$snortdir}/rules/snort_{$newfile}"); } + /* IP lists */ + $files = glob("{$snortdir}/tmp/snortrules/rules/*.txt"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$snortdir}/rules/{$newfile}"); + } exec("rm -r {$snortdir}/tmp/snortrules"); /* extract so rules */ @@ -245,36 +287,6 @@ if ($snortdownload == 'on') { } } -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats == 'on') { - safe_mkdir("{$snortdir}/tmp/emerging"); - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - update_status(gettext("Extracting rules...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/"); - - $files = glob("{$snortdir}/tmp/emerging/rules/*.rules"); - foreach ($files as $file) { - $newfile = basename($file); - @copy($file, "{$snortdir}/rules/{$newfile}"); - } - if ($snortdownload == 'off') { - foreach (array("classification.config", "reference.config", "sid-msg.map", "unicode.map") as $file) { - if (file_exists("{$snortdir}/tmp/emerging/rules/{$file}")) - @copy("{$snortdir}/tmp/emerging/rules/{$file}", "{$snortdir}/{$file}"); - } - } - - /* make shure default rules are in the right format */ - exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/emerging*.rules"); - - /* Copy emergingthreats md5 sig to snort dir */ - if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - @copy("{$tmpfname}/$emergingthreats_filename_md5", "{$snortdir}/$emergingthreats_filename_md5"); - } - } -} - /* remove old $tmpfname files */ if (is_dir("{$snortdir}/tmp")) { update_status(gettext("Cleaning up...")); -- cgit v1.2.3