From b3690f7345eb7f2dc0b5832972f9793eeb63c5c5 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 18 Sep 2014 21:13:23 -0400 Subject: Add new shell script for starting Snort package. --- config/snort/snort.inc | 10 ++++++++-- config/snort/snort.xml | 5 +++++ config/snort/snort_pkg.sh | 29 +++++++++++++++++++++++++++++ config/snort/snort_post_install.php | 3 +++ config/snort/snort_service_utils.php | 6 ++++++ 5 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 config/snort/snort_pkg.sh (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index c4f01e1d..ca527b31 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -2996,10 +2996,16 @@ function snort_deinstall() { log_error(gettext("[Snort] Snort package uninstall in progress...")); + /* Remove our rc.d startup shell script */ + unlink_if_exists("{$rcdir}snort_pkg.sh"); + /* Make sure all active Snort processes are terminated */ /* Log a message only if a running process is detected */ - if (is_service_running("snort")) + if (is_process_running("snort")) { log_error(gettext("[Snort] Snort STOP for all interfaces...")); + snort_stop_all_interfaces(); + } + sleep(2); mwexec('/usr/bin/killall -z snort', true); sleep(2); mwexec('/usr/bin/killall -9 snort', true); @@ -3009,7 +3015,7 @@ function snort_deinstall() { /* Make sure all active Barnyard2 processes are terminated */ /* Log a message only if a running process is detected */ - if (is_service_running("barnyard2")) + if (is_process_running("barnyard2")) log_error(gettext("[Snort] Barnyard2 STOP for all interfaces...")); mwexec('/usr/bin/killall -z barnyard2', true); sleep(2); diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 573f8914..dcad30f3 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -89,6 +89,11 @@ 077 https://packages.pfsense.org/packages/config/snort/snort_service_utils.php + + /usr/local/pkg/snort/ + 755 + https://packages.pfsense.org/packages/config/snort/snort_pkg.sh + /usr/local/pkg/snort/ 077 diff --git a/config/snort/snort_pkg.sh b/config/snort/snort_pkg.sh new file mode 100644 index 00000000..a19adf4d --- /dev/null +++ b/config/snort/snort_pkg.sh @@ -0,0 +1,29 @@ +#!/usr/local/bin/php -f + diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index f84cfc55..a7693f1a 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -305,6 +305,9 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { } } +/* Move our startup shell script to the RC directory (usually /usr/local/etc/rc.d) */ +@rename("/usr/local/pkg/snort/snort_pkg.sh", "{$rcdir}snort_pkg.sh" ); + /* We're finished with conf partition mods, return to read-only */ conf_mount_ro(); diff --git a/config/snort/snort_service_utils.php b/config/snort/snort_service_utils.php index f04987b2..a40260d3 100644 --- a/config/snort/snort_service_utils.php +++ b/config/snort/snort_service_utils.php @@ -65,6 +65,12 @@ foreach ($config['installedpackages']['snortglobal']['rule'] as $rule) { if ($rule['uuid'] == $uuid) { $if_real = get_real_interface($rule['interface']); + // Block changes when package is being started from shell script + if (file_exists("{$g['varrun_path']}/snort_pkg_starting.lck") { + log_error(gettext("[Snort] interface service start/stop commands locked-out during package start/restart.")); + return TRUE; + } + // If interface is manually stopped, then don't try to start it if (($action == 'start' || $action == 'restart') && file_exists("{$g['varrun_path']}/{$service}_{$uuid}.disabled")) { log_error(gettext("[Snort] auto-start locked out by previous manual shutdown...must be started using Snort INTERFACES tab.")); -- cgit v1.2.3