= 0) { log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package.")); unset($config['installedpackages']['package'][$pkgid]); unlink_if_exists("/usr/local/pkg/widget-snort.xml"); write_config("Snort pkg: removed legacy Snort Dashboard Widget."); } /* Define a default Dashboard Widget Container for Snort */ $snort_widget_container = "snort_alerts-container:col2:close"; /* remake saved settings */ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); /****************************************************************/ /* Do test and fix for duplicate UUIDs if this install was */ /* impacted by the DUP (clone) bug that generated a duplicate */ /* UUID for the cloned interface. */ /****************************************************************/ if (count($config['installedpackages']['snortglobal']['rule']) > 0) { $uuids = array(); $fixed_duplicate = FALSE; $snortconf = &$config['installedpackages']['snortglobal']['rule']; foreach ($snortconf as &$snortcfg) { // Check for and fix a duplicate UUID $if_real = get_real_interface($snortcfg['interface']); if (!isset($uuids[$snortcfg['uuid']])) { $uuids[$snortcfg['uuid']] = $if_real; continue; } else { // Found a duplicate UUID, so generate a // new one for the affected interface. $old_uuid = $snortcfg['uuid']; $new_uuid = snort_generate_id(); if (file_exists("{$snortlogdir}snort_{$if_real}{$old_uuid}/")) @rename("{$snortlogdir}snort_{$if_real}{$old_uuid}/", "{$snortlogdir}snort_{$if_real}{$new_uuid}/"); $snortcfg['uuid'] = $new_uuid; $uuids[$new_uuid] = $if_real; log_error(gettext("[Snort] updated UUID for interface " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . " from {$old_uuid} to {$new_uuid}.")); $fixed_duplicate = TRUE; } } if ($fixed_duplicate) write_config("Snort pkg: updated interface UUIDs to eliminate duplicates."); unset($uuids); } /****************************************************************/ /* End of duplicate UUID bug fix. */ /****************************************************************/ /* Do one-time settings migration for new multi-engine configurations */ update_output_window(gettext("Please wait... migrating settings to new configuration...")); include('/usr/local/pkg/snort/snort_migrate_config.php'); update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); log_error(gettext("[Snort] Downloading and updating configured rule types...")); update_output_window(gettext("Please wait... downloading and updating configured rule sets...")); if ($pkg_interface <> "console") $snort_gui_include = true; include('/usr/local/pkg/snort/snort_check_for_rule_updates.php'); update_status(gettext("Generating snort.conf configuration file from saved settings...")); $rebuild_rules = true; /* Create the snort.conf files for each enabled interface */ $snortconf = $config['installedpackages']['snortglobal']['rule']; foreach ($snortconf as $snortcfg) { $if_real = get_real_interface($snortcfg['interface']); $snort_uuid = $snortcfg['uuid']; $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; update_output_window(gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); // Pull in the PHP code that generates the snort.conf file // variables that will be substituted further down below. include("/usr/local/pkg/snort/snort_generate_conf.php"); // Pull in the boilerplate template for the snort.conf // configuration file. The contents of the template along // with substituted variables are stored in $snort_conf_text // (which is defined in the included file). include("/usr/local/pkg/snort/snort_conf_template.inc"); // Now write out the conf file using $snort_conf_text contents @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); unset($snort_conf_text); // Create the actual rules files and save them in the interface directory snort_prepare_rule_files($snortcfg, $snortcfgdir); // Clean up variables we no longer need and free memory unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); unset($home_net, $external_net, $ipvardef, $portvardef); // create barnyard2.conf file for interface if ($snortcfg['barnyard_enable'] == 'on') snort_generate_barnyard2_conf($snortcfg, $if_real); } /* create snort bootup file snort.sh */ snort_create_rc(); /* Set Log Limit, Block Hosts Time and Rules Update Time */ snort_snortloglimit_install_cron(true); snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false); snort_rules_up_install_cron($config['installedpackages']['snortglobal']['autorulesupdate7'] != "never_up" ? true : false); /* Add the recurring jobs created above to crontab */ configure_cron(); /* Restore the last Snort Dashboard Widget setting if none is set */ if (!empty($config['installedpackages']['snortglobal']['dashboard_widget']) && stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= "," . $config['installedpackages']['snortglobal']['dashboard_widget']; $rebuild_rules = false; update_output_window(gettext("Finished rebuilding Snort configuration files...")); log_error(gettext("[Snort] Finished rebuilding installation from saved settings...")); /* Only try to start Snort if not in reboot */ if (!($g['booting'])) { update_status(gettext("Starting Snort using rebuilt configuration...")); update_output_window(gettext("Please wait... while Snort is started...")); log_error(gettext("[Snort] Starting Snort using rebuilt configuration...")); mwexec_bg("{$rcdir}snort.sh start"); update_output_window(gettext("Snort is starting using the rebuilt configuration...")); } } /* We're finished with conf partition mods, return to read-only */ conf_mount_ro(); /* If an existing Snort Dashboard Widget container is not found, */ /* then insert our default Widget Dashboard container. */ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.3"; write_config("Snort pkg: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); log_error(gettext("[Snort] Package post-installation tasks completed...")); return true; ?>