From 56a779987a0f6c19c6e4276efbe9f0717eadfc2f Mon Sep 17 00:00:00 2001
From: robiscool <robrob2626@yahoo.com>
Date: Sun, 5 Sep 2010 21:28:42 -0700
Subject: snort, fix so rules on 64 bit pfsense

---
 config/snort/snort.inc                           |  8 +++-
 config/snort/snort_download_rules.php            | 58 ++++++++++++++----------
 config/snort/snort_interfaces_whitelist_edit.php |  8 +++-
 config/snort/snort_rulesets.php                  |  2 +-
 4 files changed, 48 insertions(+), 28 deletions(-)

(limited to 'config')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 0094cff3..409d1230 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -37,7 +37,7 @@ require_once("functions.inc");
 require_once("filter.inc");
 
 /* package version */
-$snort_package_version = 'Snort 2.8.6.1 pkg v. 1.33';
+$snort_package_version = 'Snort 2.8.6.1 pkg v. 1.34';
 
 /* find out if were in 1.2.3-RELEASE */
 $pfsense_ver_chk = exec('/bin/cat /etc/version');
@@ -546,6 +546,7 @@ if($snort_arch_ck[0] == 'i386') {
 	{
 		exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
 	}
+	
 
 	/* add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0 */
 	exec('/usr/sbin/pw groupadd snort -g 920');
@@ -577,6 +578,11 @@ if($snort_arch_ck[0] == 'i386') {
 	{
 		exec('/bin/mkdir -p /var/log/snort/barnyard2/');
 	}
+
+	if(!file_exists('/usr/local/lib/snort/dynamicrules/'))
+	{
+		exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+	}
 	
 	if(!file_exists('/var/db/whitelist'))
 	{
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index bb71e049..dc093015 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -526,12 +526,15 @@ if ($snortdownload == 'on')
 		chdir ("/usr/local/etc/snort/rules");
 		sleep(2);
 		exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
-		/* extract so rules */
-		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/");
-		exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
-		exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/");
-		/* extract so rules none bin and rename */
-		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+		
+		/* extract so rules on for x86 for now */
+		/* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */
+		if($snort_arch == 'x86'){
+			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/");
+			exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+			exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/");
+			/* extract so rules none bin and rename */
+			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
 			" so_rules/chat.rules/" .
 			" so_rules/dos.rules/" .
 			" so_rules/exploit.rules/" .
@@ -549,24 +552,25 @@ if ($snortdownload == 'on')
 			" so_rules/web-iis.rules/" .
 			" so_rules/web-misc.rules/");
 		
-		exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
-		exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
-		exec("/bin/rm -r {$snortdir}/so_rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+			exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
+			exec("/bin/rm -r {$snortdir}/so_rules");
+		}
 		
 		/* extract base etc files */
 		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
@@ -824,6 +828,12 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
 
 		/*  might have to add a sleep for 3sec for flash drives or old drives */
 		exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+
+			/* TODO: Remove this code when x64 so rules are ready */
+			if($snort_arch == 'x64'){
+				exec("/bin/rm -r /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.so.rules");
+			}
+		
 		}
 	}
 }
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index 5ccc9965..6723ec8a 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -106,13 +106,16 @@ if (isset($id) && $a_whitelist[$id]) {
 		
 		if (file_exists("$d_snort_whitelist_dirty_path")) {
 			conf_mount_rw();
-			write_config();
 			
-			sync_snort_package_config();
+			/* create whitelist and homenet file  then sync files */
+			sync_snort_package_empty();
 			sync_snort_package();
 
 			unlink("$d_snort_whitelist_dirty_path");
 			
+			write_config();
+			conf_mount_ro();
+			
 		}
 		
 	}
@@ -233,6 +236,7 @@ if ($_POST['submit']) {
                 $pconfig['address'] = $address;
 				$pconfig['detail'] = $final_address_details;
 	}
+	
 }
 
 $pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 29e4b51a..e7838c9f 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -260,7 +260,7 @@ echo '</div>' . "\n";
 						<table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
 						    <tr id="frheader">
 								<td width="5%" class="listhdrr">Enabled</td>
-								<td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td>
+								<td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on Pfsense 2.0 64 bit.';}?></td>
 								<!-- <td class="listhdrr">Description</td> -->
 							</tr>
 <?php
-- 
cgit v1.2.3