From 133346ae0c1ee2a801d5b7ebbe0a91e061587104 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sun, 8 Oct 2006 19:31:15 +0000 Subject: * Add snort advanced tab that allows tuning of bpf values * Remove hard coded BPF assumptions --- packages/snort/snort.inc | 22 +++++++++--- packages/snort/snort.xml | 5 +++ packages/snort/snort_advanced.xml | 60 +++++++++++++++++++++++++++++++++ packages/snort/snort_alerts.php | 1 + packages/snort/snort_blocked.php | 1 + packages/snort/snort_download_rules.php | 1 + packages/snort/snort_rulesets.php | 3 +- packages/snort/snort_whitelist.xml | 6 +++- 8 files changed, 93 insertions(+), 6 deletions(-) create mode 100644 packages/snort/snort_advanced.xml (limited to 'packages/snort') diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index 88fef66a..6119d4c8 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -44,6 +44,12 @@ function sync_package_snort_reinstall() { function sync_package_snort() { global $config, $g; + + /* snort -> advanced features */ + $bpfbufsize = $config['installedpackages']['snort']['config'][0]['bpfbufsize']; + $bpfmaxbufsize = $config['installedpackages']['snort']['config'][0]['bpfmaxbufsize']; + $bpfmaxinsns = $config['installedpackages']['snort']['config'][0]['bpfmaxinsns']; + conf_mount_rw(); /* create a few directories and ensure the sample files are in place */ exec("/bin/mkdir -p /usr/local/etc/snort"); @@ -77,6 +83,14 @@ function sync_package_snort() { /* create log directory */ $start = "/bin/mkdir -p /var/log/snort"; + /* snort advanced features - bpf tuning */ + if($bpfbufsize) + $start .= ";sysctl net.bpf.bufsize={$bpfbufsize}"; + if($bpfmaxbufsize) + $start .= ";sysctl net.bpf.maxbufsize={$bpfmaxbufsize}"; + if($bpfmaxinsns) + $start .= ";sysctl net.bpf.maxinsns={$bpfmaxinsns}"; + /* start snort */ $start .= ";snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort {$ifaces_final} -A full -D"; @@ -140,10 +154,6 @@ function generate_snort_conf() { add_text_to_file($filenamea, $text_ww); exec("killall -HUP cron"); - /* increase bpf buffers to 20480, 5 times the normal 4096 */ - add_text_to_file("/etc/sysctl.conf", "net.bpf.bufsize=20480"); - exec("/sbin/sysctl net.bpf.bufsize=20480"); - /* should we install a automatic update crontab entry? */ $automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate']; @@ -550,5 +560,9 @@ function write_snort_config_cache($snort_config) { return true; } +function snort_advanced() { + global $g, $config; + +} ?> \ No newline at end of file diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml index d081dca1..75c7b744 100644 --- a/packages/snort/snort.xml +++ b/packages/snort/snort.xml @@ -59,6 +59,11 @@ 077 http://www.pfsense.com/packages/config/snort/snort_xmlrpc_sync.php + + /usr/local/www/ + 077 + http://www.pfsense.com/packages/config/snort/snort_advanced.php + snort snort.sh diff --git a/packages/snort/snort_advanced.xml b/packages/snort/snort_advanced.xml new file mode 100644 index 00000000..b6c4603d --- /dev/null +++ b/packages/snort/snort_advanced.xml @@ -0,0 +1,60 @@ + + + Services: Snort Advanced + Snort + /usr/local/pkg/snort.inc + + + Snort Settings + /pkg_edit.php?xml=snort.xml&id=0 + + + Update Snort Rules + /snort_download_rules.php + + + Snort Rulesets + /snort_rulesets.php + + + Snort Blocked + /snort_blocked.php + + + Snort Whitelist + /pkg.php?xml=snort_whitelist.xml + + + Snort Alerts + /snort_alerts.php + + + Snort Advanced + /pkg_edit.php?xml=snort_advanced.xml&id=0 + + + + + + BPF Buffer size + bpfbufsize + Changing this option adjusts the system BPF buffer size. Leave blank if you do not know what this does. + checkbox + + + Maximum BPF buffer size + bpfmaxbufsize + Changing this option adjusts the system maximum BPF buffer size. Leave blank if you do not know what this does. + checkbox + + + Maximum BPF inserts + bpfmaxinsns + Changing this option adjusts the system maximum BPF insert size. Leave blank if you do not know what this does. + checkbox + + + + snort_advanced(); + + diff --git a/packages/snort/snort_alerts.php b/packages/snort/snort_alerts.php index dfa20b68..ca3c8bdd 100644 --- a/packages/snort/snort_alerts.php +++ b/packages/snort/snort_alerts.php @@ -67,6 +67,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), true, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); display_top_tabs($tab_array); ?> diff --git a/packages/snort/snort_blocked.php b/packages/snort/snort_blocked.php index 67bd1f90..bab607ba 100644 --- a/packages/snort/snort_blocked.php +++ b/packages/snort/snort_blocked.php @@ -63,6 +63,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Blocked"), true, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); display_top_tabs($tab_array); ?> diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php index 872bafe9..ae2ba540 100644 --- a/packages/snort/snort_download_rules.php +++ b/packages/snort/snort_download_rules.php @@ -75,6 +75,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); display_top_tabs($tab_array); ?> diff --git a/packages/snort/snort_rulesets.php b/packages/snort/snort_rulesets.php index 9950c96b..3d14dce6 100644 --- a/packages/snort/snort_rulesets.php +++ b/packages/snort/snort_rulesets.php @@ -27,7 +27,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -if(!is_dir("/usr/local/etc/snort/rules")) +if(!is_dir("/usr/local/etc/snort/rules")) Header("Location: snort_download_rules.php"); require("guiconfig.inc"); @@ -81,6 +81,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); display_top_tabs($tab_array); ?> diff --git a/packages/snort/snort_whitelist.xml b/packages/snort/snort_whitelist.xml index 902bf299..1e820722 100644 --- a/packages/snort/snort_whitelist.xml +++ b/packages/snort/snort_whitelist.xml @@ -30,7 +30,11 @@ Snort Alerts /snort_alerts.php - + + + Snort Advanced + /pkg_edit.php?xml=snort_advanced.xml&id=0 + -- cgit v1.2.3