' . $pgtitle . '

';}?>
/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />

0) { update_status(gettext("snort.org md5 temp file exists...")); } else { update_status(gettext("Downloading snort.org md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image); update_status(gettext("Done downloading snort.org md5")); } } /* download md5 sig from emergingthreats.net */ if ($emergingthreats == 'on') { update_status(gettext("Downloading emergingthreats md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5'); @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); update_status(gettext("Done downloading emergingthreats md5")); } /* download md5 sig from pfsense.org */ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { update_status(gettext("pfsense md5 temp file exists...")); } else { update_status(gettext("Downloading pfsense md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image); update_status(gettext("Done downloading pfsense md5.")); } /* If md5 file is empty wait 15min exit */ if ($snortdownload == 'on') { if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) { update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); hide_progress_bar_status(); $snortdownload = 'off'; } } /* If pfsense md5 file is empty wait 15min exit */ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); update_output_window(gettext("Rules are released to support Pfsense packages.")); hide_progress_bar_status(); $pfsensedownload = 'off'; } /* Check if were up to date snort.org */ if ($snortdownload == 'on') { if (file_exists("{$snortdir}/{$snort_filename_md5}")) { $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; if ($md5_check_new == $md5_check_old) { update_status(gettext("Your rules are up to date...")); update_output_window(gettext("You may start Snort now, check update.")); hide_progress_bar_status(); $snort_md5_check_ok = 'on'; } else { update_status(gettext("Your rules are not up to date...")); $snort_md5_check_ok = 'off'; } } } /* Check if were up to date emergingthreats.net */ if ($emergingthreats == 'on') { if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}")) { $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; if ($emerg_md5_check_new == $emerg_md5_check_old) { hide_progress_bar_status(); $emerg_md5_check_ok = 'on'; } else $emerg_md5_check_ok = 'off'; } } /* Check if were up to date pfsense.org */ if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) { $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; if ($pfsense_md5_check_new == $pfsense_md5_check_old) { hide_progress_bar_status(); $pfsense_md5_check_ok = 'on'; } else $pfsense_md5_check_ok = 'off'; } if ($snortdownload == 'on') { if ($snort_md5_check_ok == 'on') { update_status(gettext("Your snort.org rules are up to date...")); update_output_window(gettext("You may start Snort now...")); $snortdownload = 'off'; } } if ($emergingthreats == 'on') { if ($emerg_md5_check_ok == 'on') { update_status(gettext("Your Emergingthreats rules are up to date...")); update_output_window(gettext("You may start Snort now...")); $emergingthreats = 'off'; } } /* download snortrules file */ if ($snortdownload == 'on') { if ($snort_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { update_status(gettext("Snortrule tar file exists...")); } else { unhide_progress_bar_status(); update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); update_output_window(gettext("May take 4 to 10 min...")); download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}"); update_all_status($static_output); update_status(gettext("Done downloading rules file.")); if (150000 > filesize("{$tmpfname}/$snort_filename")){ update_status(gettext("Error with the snort rules download...")); update_output_window(gettext("Snort rules file downloaded failed...")); $snortdownload = 'off'; } } } } /* download emergingthreats rules file */ if ($emergingthreats == "on") { if ($emerg_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { update_status(gettext('Emergingthreats tar file exists...')); }else{ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); update_output_window(gettext("May take 4 to 10 min...")); download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}"); update_status(gettext('Done downloading Emergingthreats rules file.')); } } } /* download pfsense rules file */ if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { update_status(gettext("Snortrule tar file exists...")); } else { unhide_progress_bar_status(); update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); update_output_window(gettext("May take 4 to 10 min...")); download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}"); update_all_status($static_output); update_status(gettext("Done downloading rules file.")); } } /* Compair md5 sig to file sig */ //$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; //if ($premium_url_chk == on) { //$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); //$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; // if ($md5 == $file_md5_ondisk) { // update_status(gettext("Valid md5 checksum pass...")); //} else { // update_status(gettext("The downloaded file does not match the md5 file...P is ON")); // update_output_window(gettext("Error md5 Mismatch...")); // return; // } //} //$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; //if ($premium_url_chk != on) { //$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; //$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; // if ($md55 == $file_md5_ondisk2) { // update_status(gettext("Valid md5 checksum pass...")); //} else { // update_status(gettext("The downloaded file does not match the md5 file...Not P")); // update_output_window(gettext("Error md5 Mismatch...")); // return; // } //} /* Untar snort rules file individually to help people with low system specs */ if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { // find out if were in 1.2.3-RELEASE $pfsense_ver_chk = exec('/bin/cat /etc/version'); if ($pfsense_ver_chk === '1.2.3-RELEASE') { $pfsense_stable = 'yes'; }else{ $pfsense_stable = 'no'; } // get the system arch $snort_arch_ck = exec('/usr/bin/uname -m'); if ($snort_arch_ck === 'i386') { $snort_arch = 'i386'; }else{ $snort_arch = 'x86-64'; // amd64 } if ($pfsense_stable === 'yes') { $freebsd_version_so = 'FreeBSD-7-3'; }else{ $freebsd_version_so = 'FreeBSD-8-1'; } update_status(gettext("Extracting Snort.org rules...")); update_output_window(gettext("May take a while...")); /* extract snort.org rules and add prefix to all snort.org files*/ exec("/bin/rm -r {$snortdir}/rules"); sleep(2); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); chdir ("/usr/local/etc/snort/rules"); sleep(2); $snort_dirList = scandir("{$snortdir}/rules"); // Waning: only in php 5 $snortrules_filterList = snortscandirfilter($snort_dirList, '/.*\.rules/', '/\.rules/', ''); if (!empty($snortrules_filterList)) { foreach ($snortrules_filterList as $snort_rule_move) { exec("/bin/mv -f {$snortdir}/rules/{$snort_rule_move}.rules {$snortdir}/rules/snort_{$snort_rule_move}.rules"); } } /* extract so_rules */ // list so_rules and exclude dir exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list); $so_rulesPattr = array('/\//', '/\.rules/'); $so_rulesPattw = array('', ''); // build list of so_rules $so_rules_filterList = snortscandirfilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw); if (!empty($so_rules_filterList)) { // cp rule to so tmp dir foreach ($so_rules_filterList as $so_rule) { exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/{$so_rule}.rules"); } // mv and rename so rules foreach ($so_rules_filterList as $so_rule_move) { exec("/bin/mv -f {$snortdir}/so_rules/{$so_rule_move}.rules {$snortdir}/rules/snort_{$so_rule_move}.so.rules"); } } /* extract preproc_rules */ // list so_rules and exclude dir exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} preproc_rules", $preproc_rules_list); $preproc_rules_filterList = snortscandirfilter($preproc_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw); if (!empty($preproc_rules_filterList)) { // cp rule to so tmp dir foreach ($preproc_rules_filterList as $preproc_rule) { exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} preproc_rules/{$preproc_rule}.rules"); } // mv and rename preproc_rules foreach ($preproc_rules_filterList as $preproc_rule_move) { exec("/bin/mv -f {$snortdir}/preproc_rules/{$preproc_rule_move}.rules {$snortdir}/rules/snort_{$preproc_rule_move}.preproc.rules"); } } /* extract base etc files */ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); exec("/bin/rm -r {$snortdir}/etc"); update_status(gettext("Done extracting Snort.org Rules.")); }else{ update_status(gettext("Error extracting Snort.org Rules...")); update_output_window(gettext("Error Line 755")); $snortdownload = 'off'; } } /* Untar emergingthreats rules to tmp */ if ($emergingthreats == 'on') { if ($emerg_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { update_status(gettext("Extracting rules...")); update_output_window(gettext("May take a while...")); exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); } } } /* Untar Pfsense rules to tmp */ if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { update_status(gettext("Extracting Pfsense rules...")); update_output_window(gettext("May take a while...")); exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); } } /* Untar snort signatures */ if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; if ($premium_url_chk == 'on') { update_status(gettext("Extracting Signatures...")); update_output_window(gettext("May take a while...")); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); update_status(gettext("Done extracting Signatures.")); } } } /* Copy md5 sig to snort dir */ if ($snortdownload == 'on') { if ($snort_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/$snort_filename_md5")) { update_status(gettext("Copying md5 sig to snort directory...")); exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); }else{ update_status(gettext("The md5 file does not exist...")); update_output_window(gettext("Error copying config...")); $snortdownload = 'off'; } } } /* Copy emergingthreats md5 sig to snort dir */ if ($emergingthreats == "on") { if ($emerg_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { update_status(gettext("Copying md5 sig to snort directory...")); exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); }else{ update_status(gettext("The emergingthreats md5 file does not exist...")); update_output_window(gettext("Error copying config...")); $emergingthreats = 'off'; } } } /* Copy Pfsense md5 sig to snort dir */ if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { update_status(gettext("Copying Pfsense md5 sig to snort directory...")); exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); } else { update_status(gettext("The Pfsense md5 file does not exist...")); update_output_window(gettext("Error copying config...")); $pfsensedownload = 'off'; } } /* Copy signatures dir to snort dir */ if ($snortdownload == 'on') { if ($snort_md5_check_ok != 'on') { $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; if ($premium_url_chk == 'on') { if (file_exists("{$snortdir}/doc/signatures")) { update_status(gettext("Copying signatures...")); update_output_window(gettext("May take a while...")); exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); exec("/bin/rm -r {$snortdir}/doc/signatures"); update_status(gettext("Done copying signatures.")); }else{ update_status(gettext("Directory signatures exist...")); update_output_window(gettext("Error copying signature...")); $snortdownload = 'off'; } } } } /* double make shure cleanup emerg rules that dont belong */ if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { apc_clear_cache(); @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules"); @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); } if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); } /* make shure default rules are in the right format */ exec("/usr/bin/sed -i '' 's/^[ \t]*//' /usr/local/etc/snort/rules/*.rules"); // remove white spaces from begining of line exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); /* create a msg-map for snort */ update_status(gettext("Updating Alert Messages...")); update_output_window(gettext("Please Wait...")); exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); ////////////////// /* open oinkmaster_conf for writing" function */ function oinkmaster_conf($id, $if_real, $iface_uuid) { global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf"); /* enable disable setting will carry over with updates */ /* TODO carry signature changes with the updates */ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { $selected_sid_on_sections = ""; $selected_sid_off_sections = ""; if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']); $enabled_sid_on_array = split('\|\|', $enabled_sid_on); foreach($enabled_sid_on_array as $enabled_item_on) $selected_sid_on_sections .= "$enabled_item_on\n"; } if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']); $enabled_sid_off_array = split('\|\|', $enabled_sid_off); foreach($enabled_sid_off_array as $enabled_item_off) $selected_sid_off_sections .= "$enabled_item_off\n"; } if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) { $snort_sid_text = << /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); } } } /* Start the proccess for every interface rule */ /* TODO: try to make the code smother */ if (is_array($config['installedpackages']['snortglobal']['rule'])) { foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { $result_lan = $value['interface']; $if_real = snort_get_real_interface($result_lan); $iface_uuid = $value['uuid']; /* make oinkmaster.conf for each interface rule */ oinkmaster_conf($id, $if_real, $iface_uuid); /* run oinkmaster for each interface rule */ oinkmaster_run($id, $if_real, $iface_uuid); } } ////////////// /* mark the time update finnished */ $config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); /* remove old $tmpfname files */ if (is_dir('/usr/local/etc/snort/tmp')) { update_status(gettext("Cleaning up...")); exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); sleep(2); exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); } /* XXX: These are needed if snort is run as snort user mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); */ /* make all dirs snorts */ mwexec("/bin/chmod -R 755 /var/log/snort", true); mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); /* hide progress bar and lets end this party */ hide_progress_bar_status(); if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off') update_output_window(gettext("Finished...")); else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on') update_output_window(gettext("Finished...")); else { /* You are Not Up to date, always stop snort when updating rules for low end machines */; update_status(gettext("You are NOT up to date...")); exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); update_status(gettext("The Rules update finished...")); update_output_window(gettext("Snort has restarted with your new set of rules...")); exec("/bin/rm /tmp/snort_download_halt.pid"); } update_status(gettext("The Rules update finished...")); conf_mount_ro(); ?>