From f921a5945e026e6cadce57619ff6064878fd167e Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Sun, 21 Apr 2013 19:37:42 -0400
Subject: Make Snort rc.d shell script more reliable for restarts.

---
 config/snort/snort.inc | 73 ++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 56 insertions(+), 17 deletions(-)

(limited to 'config')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index ff822085..9988ad48 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -44,7 +44,7 @@ global $snort_community_rules_filename, $snort_community_rules_url, $emergingthr
 
 /* package version */
 $snort_version = "2.9.4.1";
-$pfSense_snort_version = "2.5.5";
+$pfSense_snort_version = "2.5.6";
 $snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}";
 
 // Define SNORTDIR and SNORTLIBDIR constants according to FreeBSD version (PBI support or no PBI)
@@ -1572,8 +1572,9 @@ function snort_create_rc() {
 
 	if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
 		/bin/pgrep -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' > {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid
+	else
+		/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid
 	fi
-	/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid
 	if [ $? = 0 ]; then
 		/bin/pkill -HUP -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a
 	else
@@ -1584,10 +1585,30 @@ EOE;
 		$stop_barnyard2 = <<<EOE
 
 	if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
+		pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid`
                 /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a
-		/bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid
+		time=0 timeout=30
+		while kill -0 \$pid 2>/dev/null; do
+			sleep 1
+			time=\$((time+1))
+			if [ \$time -gt \$timeout ]; then
+				break
+			fi
+		done
+		if [ -f /var/run/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
+			/bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid
+		fi
 	else
+		pid=`/bin/pgrep -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q'`
 		/bin/pkill -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q'
+		time=0 timeout=30
+		while kill -0 \$pid 2>/dev/null; do
+			sleep 1
+			time=\$((time+1))
+			if [ \$time -gt \$timeout ]; then
+				break
+			fi
+		done
         fi
 
 EOE;
@@ -1599,20 +1620,12 @@ EOE;
 		$start_snort_iface_start[] = <<<EOE
 
 ###### For Each Iface
-#### Only try to restart if snort is running on Iface
-	if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
-		/bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' > {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
-	fi
-	/bin/pgrep -nF {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
-	if [ $? = 0 ]; then
-		/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
-		/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort SOFT START For {$value['descr']}({$snort_uuid}_{$if_real})..."
-	else
-		# Start snort and barnyard2
+	# Start snort and barnyard2
+	if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
 		/bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
-		/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
-		/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START For {$value['descr']}({$snort_uuid}_{$if_real})..."
 	fi
+	/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+	/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START For {$value['descr']}({$snort_uuid}_{$if_real})..."
 
 	sleep 2
 	{$start_barnyard2}
@@ -1623,10 +1636,30 @@ EOE;
 
 	/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP For {$value['descr']}({$snort_uuid}_{$if_real})..."
 	if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
+		pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`
 		/bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
-		/bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid
-	else 
+		time=0 timeout=30
+		while kill -0 \$pid 2>/dev/null; do
+			sleep 1
+			time=\$((time+1))
+			if [ \$time -gt \$timeout ]; then
+				break
+			fi
+		done
+		if [ -f /var/run/snort_{$if_real}{$snort_uuid}.pid ]; then
+			/bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid
+		fi
+	else
+		pid=`/bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}'`
 		/bin/pkill -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}'
+		time=0 timeout=30
+		while kill -0 \$pid 2>/dev/null; do
+			sleep 1
+			time=\$((time+1))
+			if [ \$time -gt \$timeout ]; then
+				break
+			fi
+		done
 	fi
 
 	sleep 2
@@ -1728,6 +1761,9 @@ config interface:      {$if_real}
 config decode_data_link
 config waldo_file: /var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo
 
+# Show year in timestamps
+config show_year
+
 ## START user pass through ##
 
 	{$snortbarnyardlog_config_pass_thru}
@@ -2626,6 +2662,9 @@ config pcre_match_limit_recursion: 1500
 config detection: search-method {$snort_performance} search-optimize max-pattern-len 20 max_queue_events 5
 config event_queue: max_queue 8 log 5 order_events content_length
 
+# Configure to show year in timestamps
+config show_year
+
 # Configure protocol aware flushing  #
 # For more information see README.stream5  #
 config paf_max: 16000
-- 
cgit v1.2.3


From 294b5c4272e52334972b438518ec60c4310b33d6 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Sun, 21 Apr 2013 19:39:00 -0400
Subject: Fix missing HTML closure tags interfering with text box content
 rendering.

---
 config/snort/snort_interfaces_global.php | 52 ++++++++++++++------------------
 1 file changed, 23 insertions(+), 29 deletions(-)

(limited to 'config')

diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 9c63ac04..46ee57ab 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -244,35 +244,29 @@ function enable_snort_vrt(btn) {
 	<span class="red"><strong><?php echo gettext("Note"); ?></span>:</strong><br>
 	<?php echo gettext("Available space is"); ?> <strong><?php echo $snortlogCurrentDSKsize; ?>&nbsp;MB</strong></td>
 	<td width="78%" class="vtable">
-	<table cellpadding="0" cellspacing="0">
-		<tr>
-			<td colspan="2"><input name="snortloglimit" type="radio"
-				id="snortloglimit" value="on" 
-<?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>><span class="vexpl">
-		<strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</span></td>
-		</tr>
-		<tr>
-			<td colspan="2"><input name="snortloglimit" type="radio"
-				id="snortloglimit" value="off" 
-<?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <span class="vexpl"><strong><?php echo gettext("Disable"); ?></strong>
-			<?php echo gettext("directory size limit"); ?></span><br>
-			<br>
-			<span class="red"><strong><?php echo gettext("Warning"); ?></span>:</strong> <?php echo gettext("Nanobsd " .
-			"should use no more than 10MB of space."); ?></td>
-		</tr>
-		<tr>
-			<td>&nbsp;</td>
-		</tr>
-	</table>
-	<table width="100%" border="0" cellpadding="2" cellspacing="0">
-		<tr>
-			<td><span class="vexpl"><?php echo gettext("Size in"); ?> <strong>MB</strong><span></td>
-			<td><input name="snortloglimitsize" type="text" class="formfld" id="snortloglimitsize" size="7" value="
-			<?=htmlspecialchars($pconfig['snortloglimitsize']);?>">&nbsp;&nbsp;
-			<?php printf(gettext("Default is %s20%%%s of available space."), '<strong>', '</strong>'); ?></td>
-		</tr>
-	</table>
-
+		<table cellpadding="0" cellspacing="0">
+			<tr>
+				<td colspan="2"><input name="snortloglimit" type="radio" id="snortloglimit" value="on" 
+					<?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>><span class="vexpl">
+					<strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</span></td>
+			</tr>
+			<tr>
+				<td colspan="2"><input name="snortloglimit" type="radio" id="snortloglimit" value="off" 
+					<?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <span class="vexpl"><strong><?php echo gettext("Disable"); ?></strong>
+					<?php echo gettext("directory size limit"); ?></span><br>
+				<br>
+				<span class="red"><strong><?php echo gettext("Warning"); ?></span>:</strong> <?php echo gettext("Nanobsd " .
+				"should use no more than 10MB of space."); ?></td>
+			</tr>
+		</table>
+		<table width="100%" border="0" cellpadding="2" cellspacing="0">
+			<tr>
+				<td><span class="vexpl"><?php echo gettext("Size in"); ?> <strong>MB</strong></span></td>
+				<td><input name="snortloglimitsize" type="text" class="formfld" id="snortloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>">
+				&nbsp;&nbsp;<?php printf(gettext("Default is %s20%%%s of available space."), '<strong>', '</strong>'); ?></td>
+			</tr>
+		</table>
+	</td>
 </tr>
 <tr>
 	<td width="22%" valign="top" class="vncell"><?php echo gettext("Remove blocked hosts " .
-- 
cgit v1.2.3


From 54598e719b4742c267ba47ee1686bc980ae2902c Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Sun, 21 Apr 2013 19:41:55 -0400
Subject: Bump Snort package version to 2.5.6.

---
 config/snort/snort.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index fff8d251..1419e3bd 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
 	<faq>Currently there are no FAQ items provided.</faq>
 	<name>Snort</name>
 	<version>2.9.4.1</version>
-	<title>Services:2.9.4.1 pkg v. 2.5.5</title>
+	<title>Services:2.9.4.1 pkg v. 2.5.6</title>
 	<include_file>/usr/local/pkg/snort/snort.inc</include_file>
 	<menu>
 		<name>Snort</name>
-- 
cgit v1.2.3