From e65fce8237476ef658e15ade14f2f711de63f489 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Mon, 25 Sep 2006 22:05:00 +0000
Subject: * Add file that allows Snort rule selection * Use rule selection
 items

---
 packages/snort/snort.inc | 118 ++++++-----------------------------------------
 1 file changed, 13 insertions(+), 105 deletions(-)

(limited to 'packages/snort/snort.inc')

diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc
index da78cf15..1d91b59f 100644
--- a/packages/snort/snort.inc
+++ b/packages/snort/snort.inc
@@ -44,6 +44,13 @@ function sync_package_snort() {
 			"stop" => "/usr/bin/killall snort; killall snort2c"
 		)
 	);
+
+	create_snort_conf();
+
+	start_service("snort");
+}
+
+function create_snort_conf() {
 	/* write out snort.conf */
 	$snort_conf = generate_snort_conf();
 	$conf = fopen("/usr/local/etc/snort/snort.conf","w");
@@ -53,7 +60,6 @@ function sync_package_snort() {
 	}
 	fwrite($conf, $snort_conf);
 	fclose($conf);
-	start_service("snort");
 }
 
 function generate_snort_conf() {
@@ -103,6 +109,12 @@ function generate_snort_conf() {
 	/* XXX: generate rule section dynamically from config.xml information
 	 */
 	$selected_rules_sections = "";
+	$enabled_rulesets = $config['installedpackages']['snort']['config'][0]['rulesets'];
+	if($enabled_rulesets)
+		$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+
+	foreach($enabled_rulesets_array as $enabled_item)
+		$selected_rules_sections  .= "include \$RULE_PATH/{$enabled_item}\n";
 
 	/* build snort configuration file */
 	$snort_conf = <<<EOD
@@ -195,112 +207,8 @@ include classification.config
 include reference.config
 
 #Rulesets, all optional
-
 {$selected_rules_sections}
 
-# XXX: axe below, use $selected_rules_sections
-
-#General
-#include \$RULE_PATH/bleeding.rules
-include \$RULE_PATH/ftp.rules
-include \$RULE_PATH/telnet.rules
-include \$RULE_PATH/dns.rules
-include \$RULE_PATH/tftp.rules
-include \$RULE_PATH/x11.rules
-include \$RULE_PATH/misc.rules
-include \$RULE_PATH/nntp.rules
-include \$RULE_PATH/other-ids.rules
-# include $RULE_PATH/shellcode.rules
-#include \$RULE_PATH/community-ftp.rules
-#include \$RULE_PATH/community-misc.rules
-
-#Mostly Spyware
-#include \$RULE_PATH/bleeding-malware.rules
-
-#Network issues
-include \$RULE_PATH/bad-traffic.rules
-include \$RULE_PATH/snmp.rules
-
-#Exploits and direct attacks
-include \$RULE_PATH/exploit.rules
-
-#Scans and recon
-include \$RULE_PATH/scan.rules
-#include \$RULE_PATH/bleeding-scan.rules
-
-#Unusual stuff
-include \$RULE_PATH/finger.rules
-
-#R-services, etc
-include \$RULE_PATH/rpc.rules
-include \$RULE_PATH/rservices.rules
-
-#DOS
-include \$RULE_PATH/dos.rules
-include \$RULE_PATH/ddos.rules
-#include \$RULE_PATH/bleeding-dos.rules
-
-#Web issues
-include \$RULE_PATH/web-cgi.rules
-include \$RULE_PATH/web-coldfusion.rules
-include \$RULE_PATH/web-iis.rules
-include \$RULE_PATH/web-frontpage.rules
-include \$RULE_PATH/web-misc.rules
-include \$RULE_PATH/web-client.rules
-include \$RULE_PATH/web-php.rules
-include \$RULE_PATH/web-attacks.rules
-#include \$RULE_PATH/bleeding-web.rules
-#include \$RULE_PATH/community-web-cgi.rules
-#include \$RULE_PATH/community-web-client.rules
-#include \$RULE_PATH/community-web-dos.rules
-#include \$RULE_PATH/community-web-misc.rules
-
-#SQL and DB sigs
-include \$RULE_PATH/sql.rules
-include \$RULE_PATH/oracle.rules
-include \$RULE_PATH/mysql.rules
-#include \$RULE_PATH/community-sql-injection.rules
-
-#Informational stuff
-#include $RULE_PATH/icmp.rules
-include \$RULE_PATH/info.rules
-# include $RULE_PATH/icmp-info.rules
-
-#Windows stuff
-include \$RULE_PATH/netbios.rules
-
-#Compromise responses
-include \$RULE_PATH/attack-responses.rules
-#include \$RULE_PATH/bleeding-attack_response.rules
-
-#Mail sigs
-include \$RULE_PATH/smtp.rules
-include \$RULE_PATH/imap.rules
-include \$RULE_PATH/pop2.rules
-include \$RULE_PATH/pop3.rules
-#include \$RULE_PATH/community-mail-client.rules
-
-#Trojans, Viruses, and spyware
-include \$RULE_PATH/backdoor.rules
-include \$RULE_PATH/virus.rules
-#include \$RULE_PATH/bleeding-virus.rules
-#include \$RULE_PATH/community-virus.rules
-
-#Policy Sigs
-include \$RULE_PATH/policy.rules
-include \$RULE_PATH/porn.rules
-include \$RULE_PATH/chat.rules
-include \$RULE_PATH/p2p.rules
-include \$RULE_PATH/multimedia.rules
-#include \$RULE_PATH/bleeding-policy.rules
-#include \$RULE_PATH/bleeding-p2p.rules
-#include \$RULE_PATH/bleeding-inappropriate.rules
-#include \$RULE_PATH/community-game.rules
-#include \$RULE_PATH/community-inappropriate.rules
-
-#Experimental
-include \$RULE_PATH/experimental.rules
-
 EOD;
 
 	return $snort_conf;
-- 
cgit v1.2.3