unset($natent["def_{$key}"]); } } foreach ($snort_ports as $key => $server) { if ($_POST["def_{$key}"]) { $natent["def_{$key}"] = $_POST["def_{$key}"]; } else { unset($natent["def_{$key}"]); } } $a_nat[$id] = $natent; write_config("Snort pkg: modified settings for VARIABLES tab."); /* Update the snort conf file for this interface. */ $rebuild_rules = false; conf_mount_rw(); snort_generate_conf($a_nat[$id]); conf_mount_ro(); /* Soft-restart Snort to live-load new variables. */ snort_reload_config($a_nat[$id]); /* after click go to this page */ header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header("Location: snort_define_servers.php?id={$id}"); exit; } else { $pconfig = $_POST; } }
$natent['stream5_track_tcp'] = $_POST['stream5_track_tcp'] ? 'on' : 'off'; $natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off'; $natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off'; $natent['appid_preproc'] = $_POST['appid_preproc'] ? 'on' : 'off'; $natent['sf_appid_statslog'] = $_POST['sf_appid_statslog'] ? 'on' : 'off'; if (isset($id) && isset($a_nat[$id])) { $a_nat[$id] = $natent; write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}."); } /*************************************************/ /* Update the snort.conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($natent); conf_mount_ro(); $rebuild_rules = false; /* If 'preproc_auto_rule_disable' is off, then clear log file */ if ($natent['preproc_auto_rule_disable'] == 'off') { unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}"); } /*******************************************************/ /* Signal Snort to reload Host Attribute Table if one */ /* is configured and saved. */ /*******************************************************/ if ($natent['host_attribute_table'] == "on" && !empty($natent['host_attribute_data'])) { snort_reload_config($natent, "SIGURG"); } /* Sync to configured CARP slaves if any are enabled */ snort_sync_on_changes();
$savemsg = gettext("Custom rules validated successfully and any active Snort process on this interface has been signalled to live-load the new rules."); } clear_subsystem_dirty('snort_rules'); // Sync to configured CARP slaves if any are enabled snort_sync_on_changes(); } else { if ($_POST['apply']) { /* Save new configuration */ write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($a_rule[$id]); conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); // We have saved changes and done a soft restart, so clear "dirty" flag clear_subsystem_dirty('snort_rules'); // Sync to configured CARP slaves if any are enabled snort_sync_on_changes(); if (snort_is_running($snort_uuid, $if_real)) { $savemsg = gettext("Snort is 'live-reloading' the new rule set."); } } } } include_once "head.inc";
} $tmp = rtrim($tmp, "||"); if (!empty($tmp)) { $a_instance[$instanceid]['rule_sid_off'] = $tmp; } else { unset($a_instance[$instanceid]['rule_sid_off']); } /* Update the config.xml file. */ write_config("Snort pkg: modified state for rule {$gid}:{$sid}"); /*************************************************/ /* Update the snort.conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($a_instance[$instanceid]); conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load the new rules */ snort_reload_config($a_instance[$instanceid]); /* Give Snort a couple seconds to reload the configuration */ sleep(2); $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules."); } if ($_POST['delete']) { snort_post_delete_logs($snort_uuid); file_put_contents("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert", ""); /* XXX: This is needed if snort is run as snort user */ mwexec("/bin/chmod 660 {$snortlogdir}/*", true); if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
unset($a_nat[$k]['modify_sid_file']); continue; } $a_nat[$k]['modify_sid_file'] = $v; } // Write the new configuration write_config("Snort pkg: updated automatic SID management settings."); $intf_msg = ""; // If any interfaces were marked for restart, then do it if (is_array($_POST['torestart'])) { foreach ($_POST['torestart'] as $k) { // Update the snort.conf file and // rebuild rules for this interface. $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($a_nat[$k]); conf_mount_ro(); $rebuild_rules = false; // Signal Snort to "live reload" the rules snort_reload_config($a_nat[$k]); $intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", "; } $savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Snort signaled to live-load the new rules."); // Sync to configured CARP slaves if any are enabled snort_sync_on_changes(); } } if (isset($_POST['sidlist_dnload']) && isset($_POST['sidlist_fname'])) { $file = $sidmods_path . basename($_POST['sidlist_fname']); if (file_exists($file)) { ob_start();
include '/usr/local/pkg/snort/snort_migrate_config.php'; update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); log_error(gettext("[Snort] Downloading and updating configured rule types...")); update_output_window(gettext("Please wait... downloading and updating configured rule types...")); if ($pkg_interface != "console") { $snort_gui_include = true; } include '/usr/local/pkg/snort/snort_check_for_rule_updates.php'; update_status(gettext("Generating snort.conf configuration file from saved settings...")); $rebuild_rules = true; /* Create the snort.conf files for each enabled interface */ $snortconf = $config['installedpackages']['snortglobal']['rule']; foreach ($snortconf as $value) { $if_real = get_real_interface($value['interface']); /* create a snort.conf file for interface */ snort_generate_conf($value); /* create barnyard2.conf file for interface */ if ($value['barnyard_enable'] == 'on') { snort_generate_barnyard2_conf($value, $if_real); } } /* create snort bootup file snort.sh */ snort_create_rc(); /* Set Log Limit, Block Hosts Time and Rules Update Time */ snort_snortloglimit_install_cron(true); snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false); snort_rules_up_install_cron($config['installedpackages']['snortglobal']['autorulesupdate7'] != "never_up" ? true : false); /* Add the recurring jobs created above to crontab */ configure_cron(); /* Restore the last Snort Dashboard Widget setting if none is set */ if (!empty($config['installedpackages']['snortglobal']['dashboard_widget']) && stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) {