From 1cea649e3183da64201ea9a8dc00b65bbd209a72 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Fri, 6 Oct 2006 22:30:59 +0000 Subject: Add automatic whitelist feature for VPNs --- packages/snort/snort.inc | 19 ++++++++++++++++--- packages/snort/snort.xml | 8 +++++++- 2 files changed, 23 insertions(+), 4 deletions(-) (limited to 'packages') diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index fa55b735..ba0d53fb 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -121,7 +121,7 @@ function snort_deinstall() { /* remove auto rules update helper */ remove_text_from_file($filenamea, $text_ww); /* remove custom sysctl */ - remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); + remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); /* decrease bpf buffers back to 4096, from 20480 */ exec("/sbin/sysctl net.bpf.bufsize=4096"); } @@ -133,6 +133,7 @@ function generate_snort_conf() { /* XXX: make multi wan friendly */ $snort_ext_int = $config['installedpackages']['snort']['config'][0]['iface_array'][0]; + /* add auto update scripts to /etc/crontab */ $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php"; $filenamea = "/etc/crontab"; remove_text_from_file($filenamea, $text_ww); @@ -221,6 +222,18 @@ function generate_snort_conf() { if(trim($wl)) fwrite($whitelist, trim($wl) . "\n"); + /* should we whitelist vpns? */ + $whitelistvpns = $config['installedpackages']['snort']['config'][0]['whitelistvpns']; + + /* grab a list of vpns and whitelist if user desires */ + if($whitelistvpns) { + $vpns_list = get_vpns_list(); + $whitelist_vpns = split(" ", $vpns_list); + foreach($whitelist_split as $wl) + if(trim($wl)) + fwrite($whitelist, trim($wl) . "\n"); + } + /* close file */ fclose($whitelist); @@ -341,7 +354,7 @@ EOD; } /* check downloaded text from snort.org to make sure that an error did not occur - * for example, if you are not a premium subscriber you can only download rules + * for example, if you are not a premium subscriber you can only download rules * so often, etc. */ function check_for_common_errors($filename) { @@ -393,7 +406,7 @@ function scroll_down_to_bottom_of_page() { function verify_downloaded_file($filename) { global $snort_filename, $snort_filename_md5, $console_mode; ob_flush(); - if(filesize($filename)<99500) { + if(filesize($filename)<9500) { if(!$console_mode) { update_all_status("Checking {$filename}..."); check_for_common_errors($filename); diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml index fe8bdbb7..0248d087 100644 --- a/packages/snort/snort.xml +++ b/packages/snort/snort.xml @@ -155,6 +155,12 @@ Automatically check for and update rules once a week from snort.org. checkbox + + Whitelist VPNS automatically + whitelistvpns + Checking this option will install whitelists for all VPNs + checkbox + sync_package_snort_reinstall(); @@ -167,5 +173,5 @@ snort_deinstall(); - + -- cgit v1.2.3