# # old_revision [54c13c3b3b2d4c2f4035d84fe8f3ced73bb882e0] # # add_file "pf/lib/pf/services/snort.pm" # content [818116e197672aeedd70e51abc1ca63fa85c3196] # # patch "pf/conf/snort.conf" # from [725e17a9ea9c093d2142111f017a71ced025d889] # to [035be6c9ef52ae71515f74157b3a1c68bc345bca] # # patch "pf/lib/pf/services.pm" # from [16379379268596725952eb7e3844b393a3684905] # to [7007e88f8050c779549849d7d440b9940ee13dfd] # ============================================================ --- pf/conf/snort.conf 725e17a9ea9c093d2142111f017a71ced025d889 +++ pf/conf/snort.conf 035be6c9ef52ae71515f74157b3a1c68bc345bca @@ -1,7 +1,7 @@ var INTERNAL_IPS [%%internal-ips%%] # Snort configuration # This file is manipulated on PacketFence's startup before being given to snort var INTERNAL_IPS [%%internal-ips%%] -var HOME_NET [%%internal-nets%%] +var HOME_NET [%%trapping-range%%] var EXTERNAL_NET !$HOME_NET var GATEWAYS [%%gateways%%] ============================================================ --- pf/lib/pf/services.pm 16379379268596725952eb7e3844b393a3684905 +++ pf/lib/pf/services.pm 7007e88f8050c779549849d7d440b9940ee13dfd @@ -39,6 +39,7 @@ use pf::services::named qw(generate_name use pf::services::apache; use pf::services::dhcpd qw(generate_dhcpd_conf); use pf::services::named qw(generate_named_conf); +use pf::services::snort qw(generate_snort_conf); use pf::SwitchFactory; Readonly our @ALL_SERVICES => ( @@ -289,47 +290,6 @@ sub manage_Static_Route { } } -=item * generate_snort_conf - -=cut - -sub generate_snort_conf { - my $logger = Log::Log4perl::get_logger('pf::services'); - my %tags; - $tags{'template'} = "$conf_dir/snort.conf"; - $tags{'internal-ips'} = join( ",", get_internal_ips() ); - $tags{'internal-nets'} = join( ",", get_internal_nets() ); - $tags{'gateways'} = join( ",", get_gateways() ); - $tags{'dhcp_servers'} = $Config{'general'}{'dhcpservers'}; - $tags{'dns_servers'} = $Config{'general'}{'dnsservers'}; - $tags{'install_dir'} = $install_dir; - my %violations_conf; - tie %violations_conf, 'Config::IniFiles', - ( -file => "$conf_dir/violations.conf" ); - my @errors = @Config::IniFiles::errors; - if ( scalar(@errors) ) { - $logger->error( "Error reading violations.conf: " - . join( "\n", @errors ) . "\n" ); - return 0; - } - - my @rules; - - foreach my $rule ( - split( /\s*,\s*/, $violations_conf{'defaults'}{'snort_rules'} ) ) - { - - #append install_dir if the path doesn't start with / - $rule = "\$RULE_PATH/$rule" if ( $rule !~ /^\// ); - push @rules, "include $rule"; - } - $tags{'snort_rules'} = join( "\n", @rules ); - $logger->info("generating $conf_dir/snort.conf"); - parse_template( \%tags, "$conf_dir/snort.conf", - "$generated_conf_dir/snort.conf" ); - return 1; -} - =item * generate_snmptrapd_conf =cut ============================================================ --- /dev/null +++ pf/lib/pf/services/snort.pm 818116e197672aeedd70e51abc1ca63fa85c3196 @@ -0,0 +1,112 @@ +package pf::services::snort; + +=head1 NAME + +pf::services::snort - helper configuration module for supported snortd + +=head1 DESCRIPTION + +This module contains some functions that generates snortd configuration +according to what PacketFence needs to accomplish. + +=head1 CONFIGURATION AND ENVIRONMENT + +Read the following configuration files: F. + +Generates the following configuration files: F. + +=cut + +use strict; +use warnings; +use Log::Log4perl; +use POSIX; +use Readonly; + +use pf::config; +use pf::util; + +BEGIN { + use Exporter (); + our ( @ISA, @EXPORT_OK ); + @ISA = qw(Exporter); + @EXPORT_OK = qw( + generate_snort_conf + ); +} + +=head1 SUBROUTINES + +=over + +=item * generate_snort_conf + +=cut + +sub generate_snort_conf { + my $logger = Log::Log4perl::get_logger('pf::services'); + my %tags; + $tags{'template'} = "$conf_dir/snort.conf"; + $tags{'internal-ips'} = join( ",", get_internal_ips() ); + $tags{'trapping-range'} = $Config{'trapping'}{'range'}; + $tags{'gateways'} = join( ",", get_gateways() ); + $tags{'dhcp_servers'} = $Config{'general'}{'dhcpservers'}; + $tags{'dns_servers'} = $Config{'general'}{'dnsservers'}; + $tags{'install_dir'} = $install_dir; + my %violations_conf; + tie %violations_conf, 'Config::IniFiles', + ( -file => "$conf_dir/violations.conf" ); + my @errors = @Config::IniFiles::errors; + if ( scalar(@errors) ) { + $logger->error( "Error reading violations.conf: " + . join( "\n", @errors ) . "\n" ); + return 0; + } + + my @rules; + + foreach my $rule ( + split( /\s*,\s*/, $violations_conf{'defaults'}{'snort_rules'} ) ) + { + + #append install_dir if the path doesn't start with / + $rule = "\$RULE_PATH/$rule" if ( $rule !~ /^\// ); + push @rules, "include $rule"; + } + $tags{'snort_rules'} = join( "\n", @rules ); + $logger->info("generating $conf_dir/snort.conf"); + parse_template( \%tags, "$conf_dir/snort.conf", + "$generated_conf_dir/snort.conf" ); + return 1; +} + +=back + +=head1 AUTHOR + +Francois Gaudreault + +=head1 COPYRIGHT + +Copyright (C) 2011 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1;