filesize("{$tmpfname}/$snort_filename")){ update_output_window(gettext("Snort rules file downloaded failed...")); log_error(gettext("Snort rules file downloaded failed...")); $snortdownload = 'off'; } } /* download md5 sig from */ if ($emergingthreats == 'on') { update_status(gettext("Downloading emergingthreats md5 file...")); $image = @file_get_contents("{$emerging_threats_version}/emerging.rules.tar.gz.md5"); /* XXX: error checking */ @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); update_status(gettext("Done downloading emergingthreats md5")); if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}")) { /* Check if were up to date */ $emerg_md5_check_new = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); $emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); if ($emerg_md5_check_new == $emerg_md5_check_old) { update_status(gettext("Emerging threat rules are up to date...")); log_error(gettext("Emerging threat rules are up to date...")); $emergingthreats = 'off'; } } } /* download emergingthreats rules file */ if ($emergingthreats == "on") { update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); log_error(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); download_file_with_progress_bar("{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}"); update_status(gettext('Done downloading Emergingthreats rules file.')); log_error("Emergingthreats rules file update downloaded succsesfully"); } /* XXX: need to be verified */ /* Compair md5 sig to file sig */ //$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; //if ($premium_url_chk == on) { //$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); //$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; // if ($md5 == $file_md5_ondisk) { // update_status(gettext("Valid md5 checksum pass...")); //} else { // update_status(gettext("The downloaded file does not match the md5 file...P is ON")); // update_output_window(gettext("Error md5 Mismatch...")); // return; // } //} /* Normalize rulesets */ $sedcmd = "s/^#alert/# alert/g\n"; $sedcmd .= "s/^##alert/# alert/g\n"; $sedcmd .= "s/^# alert/# alert/g\n"; $sedcmd .= "s/^#\talert/# alert/g\n"; $sedcmd .= "s/^##\talert/# alert/g\n"; $sedcmd .= "s/^\talert/alert/g\n"; $sedcmd .= "s/^ alert/alert/g\n"; $sedcmd .= "s/^ alert/alert/g\n"; @file_put_contents("{$snortdir}/tmp/sedcmd", $sedcmd); /* Untar snort rules file individually to help people with low system specs */ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { if ($pfsense_stable == 'yes') $freebsd_version_so = 'FreeBSD-7-2'; else $freebsd_version_so = 'FreeBSD-8-1'; update_status(gettext("Extracting rules...")); /* extract rules and add prefix to all files*/ safe_mkdir("{$snortdir}/snortrules"); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/snortrules rules/"); chdir("{$snortdir}/snortrules"); exec('/usr/local/bin/perl /usr/local/bin/ s/^/snort_/ *.rules'); exec("cp {$snortdir}/snortrules/* {$snortdir}/rules; rm -r {$snortdir}/snortrules"); /* extract so rules */ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); $snort_arch = php_uname("m"); if ($snort_arch == 'i386'){ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/"); exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/* /usr/local/lib/snort/dynamicrules/"); } else if ($snort_arch == 'amd64') { exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/"); exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/* /usr/local/lib/snort/dynamicrules/"); } else $snortdownload = 'off'; if ($snortdownload == 'on') { /* extract so rules none bin and rename */ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/"); chdir ("{$snortdir}/so_rules"); exec('/usr/local/bin/perl /usr/local/bin/ s/^/snort_/ *.rules'); exec("cp {$snortdir}/so_rules/* {$snortdir}/rules; rm -r {$snortdir}/so_rules"); /* extract base etc files */ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); exec("/bin/rm -r {$snortdir}/etc"); /* Untar snort signatures */ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; if ($premium_url_chk == 'on') { update_status(gettext("Extracting Signatures...")); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); update_status(gettext("Done extracting Signatures.")); if (file_exists("{$snortdir}/doc/signatures")) { update_status(gettext("Copying signatures...")); exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); update_status(gettext("Done copying signatures.")); } else { update_status(gettext("Directory signatures exist...")); update_output_window(gettext("Error copying signature...")); $snortdownload = 'off'; } } if (file_exists("/usr/local/lib/snort/dynamicrules/")) { exec("/bin/rm /usr/local/lib/snort/dynamicrules/"); exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); } /* make shure default rules are in the right format */ exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/*.rules"); /* create a msg-map for snort */ update_status(gettext("Updating Alert Messages...")); exec("/usr/local/bin/perl /usr/local/bin/ {$snortdir}/rules > {$snortdir}/"); if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { update_status(gettext("Copying md5 sig to snort directory...")); exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); } } } } /* Untar emergingthreats rules to tmp */ if ($emergingthreats == 'on') { if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { update_status(gettext("Extracting rules...")); exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); } /* make shure default rules are in the right format */ exec("/usr/bin/sed -I '' -f {$snortdir}/tmp/sedcmd {$snortdir}/rules/*.rules"); /* Copy emergingthreats md5 sig to snort dir */ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { update_status(gettext("Copying md5 sig to snort directory...")); exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); } } /* remove old $tmpfname files */ if (is_dir($tmpfname)) { update_status(gettext("Cleaning up...")); exec("/bin/rm -r {$tmpfname}"); } function snort_apply_customizations($snortcfg, $if_real) { global $config, $g, $snortdir; if (empty($snortcfg['rulesets'])) return; else { update_status(gettext("Your set of configured rules are being copied...")); log_error(gettext("Your set of configured rules are being copied...")); $files = explode("||", $snortcfg['rulesets']); foreach ($files as $file) @copy("{$snortdir}/rules/{$file}", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$file}"); @copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config"); @copy("{$snortdir}/", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/"); if (is_dir("{$snortdir}/generators")) exec("/bin/cp -r {$snortdir}/generators {$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}"); @copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/reference.config"); @copy("{$snortdir}/sid", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/sid"); @copy("{$snortdir}/", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/"); @copy("{$snortdir}/", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/"); } if (!empty($snortcfg['rule_sid_on']) || !empty($snortcfg['rule_sid_off'])) { if (!empty($snortcfg['rule_sid_on'])) { $enabled_sid_on_array = explode("||", trim($snortcfg['rule_sid_on'])); $enabled_sids = array_flip($enabled_sid_on_array); } if (!empty($snortcfg['rule_sid_off'])) { $enabled_sid_off_array = explode("||", trim($snortcfg['rule_sid_off'])); $disabled_sids = array_flip($enabled_sid_off_array); } $files = glob("{$snortdir}/snort_{$snortcfg}_{$if_real}/rules/*"); foreach ($files as $file) { $splitcontents = file($file); $changed = false; foreach ( $splitcontents as $counter => $value ) { $sid = snort_get_rule_part($value, 'sid:', ';', 0); if (!is_numeric($sid)) continue; if (isset($enabled_sids["enablesid {$sid}"])) { if (substr($value, 0, 5) == "alert") /* Rule is already enabled */ continue; if (substr($value, 0, 7) == "# alert") { /* Rule is disabled, change */ $splitcontents[$counter] = substr($value, 2); $changed = true; } else if (substr($splitcontents[$counter - 1], 0, 5) == "alert") { /* Rule is already enabled */ continue; } else if (substr($splitcontents[$counter - 1], 0, 7) == "# alert") { /* Rule is disabled, change */ $splitcontents[$counter - 1] = substr($value, 2); $changed = true; } } else if (isset($disabled_sids["disablesid {$sid}"])) { if (substr($value, 0, 7) == "# alert") /* Rule is already disabled */ continue; if (substr($value, 0, 5) == "alert") { /* Rule is enabled, change */ $splitcontents[$counter] = "# {$value}"; $changed = true; } else if (substr($splitcontents[$counter - 1], 0, 7) == "# alert") { /* Rule is already disabled */ continue; } else if (substr($splitcontents[$counter - 1], 0, 5) == "alert") { /* Rule is enabled, change */ $splitcontents[$counter - 1] = "# {$value}"; $changed = true; } } } if ($changed == true) @file_put_contents($file, implode("\n", $splitcontents)); } } } if ($snortdownload == 'on' || $emergingthreats == 'on') { /* You are Not Up to date, always stop snort when updating rules for low end machines */; /* Start the proccess for every interface rule */ if (is_array($config['installedpackages']['snortglobal']['rule'])) { foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { $if_real = snort_get_real_interface($value['interface']); /* make oinkmaster.conf for each interface rule */ snort_apply_customizations($value, $if_real); } } if (is_process_running("snort")) { exec("/bin/sh /usr/local/etc/rc.d/ restart"); update_output_window(gettext("Snort has restarted with your new set of rules...")); log_error(gettext("Snort has restarted with your new set of rules...")); } else log_error(gettext("Snort Rules update finished...")); } update_status(gettext("The Rules update finished...")); conf_mount_ro(); ?>