diff options
author | robiscool <robrob2626@yahoo.com> | 2010-03-31 04:04:56 -0700 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2010-03-31 04:05:33 -0700 |
commit | 09d8b2fd5028ce1b58ecafc57c11e8336db2a5ae (patch) | |
tree | 203455f0dbfc8b14e464b66b4c474e8b9dd93f75 | |
parent | 8e97b1d4fff0b09864e53f18ed6da606f0aca148 (diff) | |
download | pfsense-packages-09d8b2fd5028ce1b58ecafc57c11e8336db2a5ae.tar.gz pfsense-packages-09d8b2fd5028ce1b58ecafc57c11e8336db2a5ae.tar.bz2 pfsense-packages-09d8b2fd5028ce1b58ecafc57c11e8336db2a5ae.zip |
snort-dev, final test
-rw-r--r-- | config/snort-dev/images/icon_excli.png | bin | 0 -> 5280 bytes | |||
-rw-r--r-- | config/snort-dev/snort.inc | 41 | ||||
-rw-r--r-- | config/snort-dev/snort_barnyard.php | 66 | ||||
-rw-r--r-- | config/snort-dev/snort_define_servers.php | 72 | ||||
-rw-r--r-- | config/snort-dev/snort_download_rules.php | 33 | ||||
-rw-r--r--[-rwxr-xr-x] | config/snort-dev/snort_fbegin.inc | 0 | ||||
-rw-r--r-- | config/snort-dev/snort_gui.inc | 4 | ||||
-rw-r--r-- | config/snort-dev/snort_help_info.php | 86 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces.php | 106 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces_edit.php | 133 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces_global.php | 6 | ||||
-rw-r--r-- | config/snort-dev/snort_preprocessors.php | 66 | ||||
-rw-r--r-- | config/snort-dev/snort_rulesets.php | 62 |
13 files changed, 529 insertions, 146 deletions
diff --git a/config/snort-dev/images/icon_excli.png b/config/snort-dev/images/icon_excli.png Binary files differnew file mode 100644 index 00000000..4b54fa31 --- /dev/null +++ b/config/snort-dev/images/icon_excli.png diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index b6012e51..cd8ba9a2 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -58,19 +58,23 @@ if ($pfsense_ver_chk == '1.2.3-RELEASE') } if(snort_up_ck != ''){ - - $snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); - $snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); - $snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); - if ($snort_up_s != '' || $snort_up_r != '') { - $snort_up = 'yes'; + //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); + //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); + //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); + + /* use ob_clean to clear output buffer, this code needs to be watched */ + ob_clean(); + $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'", $retval); + + if ($snort_up_prell != "") { + $snort_uph = 'yes'; }else{ - $snort_up = 'no'; + $snort_uph = 'no'; } } - return $snort_up; + return $snort_uph; } /* checks to see if barnyard2 is running yes/no */ @@ -86,11 +90,15 @@ if ($pfsense_ver_chk == '1.2.3-RELEASE') if(snort_up_ck_b != ''){ + //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); + //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); + //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); + + /* use ob_clean to clear output buffer, this code needs to be watched */ + ob_clean(); $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); - $snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); - $snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); - if ($snort_up_s_b != '' || $snort_up_r != '') { + if ($snort_up_pre_b != '') { $snort_up_b = 'yes'; }else{ $snort_up_b = 'no'; @@ -288,6 +296,7 @@ function snort_postinstall() exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer2.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png'); chdir ("/usr/local/www/snort/javascript/"); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.blockUI.js'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.3.2.js'); @@ -592,7 +601,6 @@ $snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_lis foreach ($snort_dir_filter_search_result as $value) { exec("rm -r /usr/local/etc/snort/$value"); - exec("echo \"rm -r /usr/local/etc/snort/$value\" >> /root/test.log"); } } @@ -661,7 +669,6 @@ if ($id != '' && $if_real != '') //new sync_snort_package(); - exec("echo \"Funtion sync all $id $if_real $snort_uuid....\" >> /root/test.log"); conf_mount_ro(); } } @@ -1062,8 +1069,6 @@ function snort_deinstall() global $config, $g, $id, $if_real; conf_mount_rw(); -exec("echo \"Snort Deinstall $if_real $id....\" >> /root/test.log"); - /* remove custom sysctl */ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); /* decrease bpf buffers back to 4096, from 20480 */ @@ -1092,8 +1097,6 @@ function snort_rm_blocked_deinstall_cron($should_install) global $config, $g; conf_mount_rw(); -exec("echo \"Deinstall cron block....\" >> /root/test.log"); - $is_installed = false; if(!$config['cron']['item']) @@ -1131,8 +1134,6 @@ exec("echo \"Deinstall cron block....\" >> /root/test.log"); { global $config, $g; conf_mount_rw(); - -exec("echo \"Deinstall rules up ....\" >> /root/test.log"); $is_installed = false; @@ -1170,6 +1171,7 @@ snort_rules_up_deinstall_cron(""); exec("rm -r /usr/local/www/snort"); exec("rm -r /usr/local/pkg/snort"); exec("rm -r /usr/local/lib/snort/"); + exec("rm -r /var/log/snort/"); conf_mount_ro(); @@ -2103,7 +2105,6 @@ function check_for_common_errors($filename) { hide_progress_bar_status(); } else { log_error("An error occured. Scroll down to inspect it's contents."); - echo "An error occured. Scroll down to inspect it's contents."; } if(!$console_mode) { update_output_window(strip_tags("$contents")); diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index 8189e414..b8f05c47 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -41,6 +41,7 @@ Important add error checking require_once("globals.inc"); require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); @@ -130,7 +131,28 @@ if (isset($_GET['dup'])) $if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; -if ($_POST) { + + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all(); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + + + if ($_POST["Submit"]) { /* check for overlaps */ foreach ($a_nat as $natent) { @@ -215,13 +237,16 @@ if ($_POST) { $a_nat[] = $natent; } - /* enable this if you want the user to aprove changes */ - // touch($d_natconfdirty_path); - sync_snort_package_all(); - write_config(); /* after click go to this page */ + touch($d_snortconfdirty_path); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); header("Location: snort_barnyard.php?id=$id"); exit; } @@ -272,9 +297,34 @@ echo " //--> </script> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> <form action="snort_barnyard.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php + + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + if (file_exists($d_snortconfdirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php @@ -365,7 +415,7 @@ if($id != "") <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <input name="Submit" type="submit" class="formbtn" value="Save"><input type="button" class="formbtn" value="Cancel" onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?> diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php index 2d1f1f1d..dfda630b 100644 --- a/config/snort-dev/snort_define_servers.php +++ b/config/snort-dev/snort_define_servers.php @@ -41,10 +41,12 @@ Important add error checking require_once("globals.inc"); require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); } + //nat_rules_sort(); $a_nat = &$config['installedpackages']['snortglobal']['rule']; @@ -57,6 +59,7 @@ if (isset($_GET['dup'])) { $after = $_GET['dup']; } + if (isset($id) && $a_nat[$id]) { /* old options */ @@ -125,7 +128,8 @@ if (isset($_GET['dup'])) /* convert fake interfaces to real */ $if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); -if ($_POST) { + + if ($_POST["Submit"]) { /* check for overlaps */ @@ -204,18 +208,45 @@ if ($_POST) { $a_nat[] = $natent; } - /* enable this if you want the user to aprove changes */ - // touch($d_natconfdirty_path); - sync_snort_package_all(); - write_config(); /* after click go to this page */ + + touch($d_snortconfdirty_path); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: snort_define_servers.php?id=$id"); + exit; } } + + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$pconfig['uuid']}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all(); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + $pgtitle = "Snort: Interface $id$if_real Define Servers"; include("head.inc"); @@ -241,9 +272,36 @@ padding: 15px 10px 85% 50px; <noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> + <form action="snort_define_servers.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php + + /* Display message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + if (file_exists($d_snortconfdirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php index dd2a22e8..b2bcb748 100644 --- a/config/snort-dev/snort_download_rules.php +++ b/config/snort-dev/snort_download_rules.php @@ -75,8 +75,15 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats' $if_mrule_dir = "/usr/local/etc/snort/rules"; $mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; + +if (file_exists('/var/run/snort.conf.dirty')) { + $snort_dirty_d = 'stop'; +} + + + /* If no id show the user a button */ -if ($id_d == "" || $snort_emrging_info == "stop" || $snort_oinkid_info == "stop") { +if ($id_d == "" || $snort_emrging_info == "stop" || $snort_oinkid_info == "stop" || $snort_dirty_d == 'stop') { $pgtitle = "Services: Snort: Rule Updates"; @@ -85,6 +92,27 @@ include("./snort_fbegin.inc"); echo "<p class=\"pgtitle\">"; if($pfsense_stable == 'yes'){echo $pgtitle;} echo "</p>\n"; + + echo "<table height=\"32\" width=\"100%\">\n"; + echo " <tr>\n"; + echo " <td>\n"; + echo " <div style='background-color:#E0E0E0' id='redbox'>\n"; + echo " <table width='100%'><tr><td width='8%'>\n"; + echo " <img style='vertical-align:middle' src=\"/snort/images/icon_excli.png\" width=\"40\" height=\"32\">\n"; + echo " </td>\n"; + echo " <td width='70%'><font color='#FF850A'><b>NOTE:</b></font><font color='#000000'> Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</font>\n"; + echo " </td>"; + echo " </tr></table>\n"; + echo " </div>\n"; + echo " </td>\n"; + echo "</table>\n"; + echo "<script type=\"text/javascript\">\n"; + echo "NiftyCheck();\n"; + echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#E0E0E0\",\"smooth\");\n"; + echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n"; + echo "</script>\n"; + echo "\n<br>\n"; + /* make sure user has javascript on */ echo "<style type=\"text/css\"> .alert { @@ -146,6 +174,9 @@ if ($snort_oinkid_info == "stop") { echo "<span class=\"red\"><strong>WARNING:</strong></span> Click on the <strong>\"Global Settings\"</strong> tab and enter a <strong>oinkmaster</strong> code. <br><br> \n"; } +if ($snort_dirty_d == "stop") { +echo "<span class=\"red\"><strong>WARNING:</span> CHANGES HAVE NOT BEEN APPLIED</strong> Click on the <strong>\"Apply Settings\"</strong> button at the main interface tab.<br><br> \n"; +} echo " </td>\n </tr>\n diff --git a/config/snort-dev/snort_fbegin.inc b/config/snort-dev/snort_fbegin.inc index b8faff09..b8faff09 100755..100644 --- a/config/snort-dev/snort_fbegin.inc +++ b/config/snort-dev/snort_fbegin.inc diff --git a/config/snort-dev/snort_gui.inc b/config/snort-dev/snort_gui.inc index c485d1ac..95a0e597 100644 --- a/config/snort-dev/snort_gui.inc +++ b/config/snort-dev/snort_gui.inc @@ -59,10 +59,8 @@ function print_info_box_np2($msg) { echo "</script>\n"; echo "\n<br>\n"; - exec("echo \"Funtion print info ....\" >> /root/test.log"); - } -?>
\ No newline at end of file +?> diff --git a/config/snort-dev/snort_help_info.php b/config/snort-dev/snort_help_info.php index c3724b44..5355ec77 100644 --- a/config/snort-dev/snort_help_info.php +++ b/config/snort-dev/snort_help_info.php @@ -33,6 +33,7 @@ */ require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); header("snort_help_info.php"); header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); @@ -92,15 +93,92 @@ clear: both; </td> </tr> </table> + +<?php +/* TODO: remove when 2.0 stable */ +if ($pfsense_stable == 'yes') { + +$footer2 = " + +<style type=\"text/css\"> + +#footer2 +{ + position: relative; + top: 27px; + background-color: #cccccc; + background-image: none; + background-repeat: repeat; + background-attachment: scroll; + background-position: 0% 0%; + width: 810px; + right: 15px; + font-size: 0.8em; + text-align: center; + padding-top: 0px; + padding-right: 0px; + padding-bottom: 0px; + padding-left: 0px; + clear: both; +} + +</style> + + <div id=\"footer2\"> + <IMG SRC=\"./images/footer2.jpg\" width=\"800px\" height=\"35\" ALT=\"Apps\"> + Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, + Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com + </div>\n"; +} + +if ($pfsense_stable != 'yes') { +$footer3 = " + +<style type=\"text/css\"> + +#footer3 +{ + +top: 105px; +position: relative; +background-color: #FFFFFF; +background-image: url(\"./images/footer2.jpg\"); +background-repeat: no-repeat; +background-attachment: scroll; +background-position: 0px 0px; +bottom: 0px; +width: 770px; +height: 35px; +color: #000000; +text-align: center; +font-size: 0.8em; +padding-top: 35px; +padding-left: 0px; +clear: both; + +} + +</style> + + <div id=\"footer3\"> + Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, + Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com + </div>\n"; +} +?> + + <div> <iframe style="width: 780px; height: 600px; overflow-x: hidden;" src='/snort/help_and_info.php'></iframe> </div> - <div id="footer2"> - Snort is a registered trademark of Sourcefire, Inc., Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, - Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com. - </div> + +<?php echo $footer2;?> + </div> </div> + +<?php //echo $footer3;?> + <div id="footer"> <a target="_blank" href="http://www.pfsense.org/?gui12" class="redlnk">pfSense</a> is © 2004 - 2009 by <a href="http://www.bsdperimeter.com" class="tblnk">BSD Perimeter LLC</a>. All Rights Reserved. diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index 44e8aa3d..b2f72aad 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -50,40 +50,38 @@ $id_gen = count($config['installedpackages']['snortglobal']['rule']); $id_gen = '0'; } -/* if a custom message has been passed along, lets process it */ -if ($_GET['savemsg']) - $savemsg = $_GET['savemsg']; - -if ($_POST) { - - $pconfig = $_POST; +/* alert file */ +$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); + + /* this will exec when alert says apply */ if ($_POST['apply']) { - - write_config(); - - $retval = 0; - - if(stristr($retval, "error") <> true) - $savemsg = get_std_save_message($retval); - else - $savemsg = $retval; - - unlink_if_exists("/tmp/config.cache"); - $retval |= filter_configure(); - - if ($retval == 0) { - if (file_exists($d_natconfdirty_path)) - unlink($d_natconfdirty_path); - if (file_exists($d_filterconfdirty_path)) - unlink($d_filterconfdirty_path); + + if ($d_snortconfdirty_path_ls != '') { + + write_config(); + + sync_snort_package_empty(); + sync_snort_package(); + + exec('/bin/rm /var/run/snort_conf_*.dirty'); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + + exit; + } - - exec("echo \"Sync Empty on POST on interfaces.php....\" >> /root/test.log"); - + } -} - + + + if (isset($_POST['del_x'])) { /* delete selected rules */ if (is_array($_POST['rule']) && count($_POST['rule'])) { @@ -162,14 +160,21 @@ if (isset($_POST['del_x'])) { unset($a_nat[$rulei]); } - exec("echo \"Removing old files ....\" >> /root/test.log"); conf_mount_rw(); exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); conf_mount_ro(); write_config(); - //touch($d_natconfdirty_path); + + touch("/var/run/snort_conf_delete.dirty"); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); header("Location: /snort/snort_interfaces.php"); exit; } @@ -272,19 +277,40 @@ padding: 15px 10px 50% 50px; <noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> <form action="/snort/snort_interfaces.php" method="post" name="iform"> -<?php if (file_exists($d_natconfdirty_path)): ?><p> + <?php - if($savemsg) - print_info_box_np2("{$savemsg}<br>The Snort configuration has been changed.<br>You must apply the changes in order for them to take effect."); - else - print_info_box_np2("The Snort configuration has been changed.<br>You must apply the changes in order for them to take effect."); + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + //if (file_exists($d_snortconfdirty_path)) { + if ($d_snortconfdirty_path_ls != '') { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed for one or more interfaces.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + ?> -<?php endif; ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php $tab_array = array(); - $tab_array[] = array("Snort Inertfaces", true, "/snort/snort_interfaces.php"); + $tab_array[] = array("Snort Interfaces", true, "/snort/snort_interfaces.php"); $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); @@ -299,7 +325,7 @@ padding: 15px 10px 50% 50px; <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr id="frheader"> - <td width="4%" class="list"> </td> + <td width="5%" class="list"> </td> <td width="1%" class="list"> </td> <td width="10%" class="listhdrr">If</td> <td width="10%" class="listhdrr">Snort</td> diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 960da061..164f154a 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -32,6 +32,8 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); @@ -48,6 +50,7 @@ if (isset($_GET['dup'])) { $after = $_GET['dup']; } + /* always have a limit of (65535) numbers only or snort will not start do to id limits */ /* TODO: When inline gets added make the uuid the port number lisstening */ //function gen_snort_uuid($fileline) @@ -149,10 +152,40 @@ if (isset($id) && $a_nat[$id]) { if (isset($_GET['dup'])) unset($id); +/* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + + write_config(); + + sync_snort_package_empty(); + sync_snort_package(); + + unlink("/var/run/snort_conf_{$snort_uuid}_.dirty"); + + } + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all(); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } if ($_POST["Submit"]) { - + + // if ($config['installedpackages']['snortglobal']['rule']) { if ($_POST['descr'] == '' && $pconfig['descr'] == '') { $input_errors[] = "Please enter a description for your reference."; @@ -264,12 +297,9 @@ if ($_POST["Submit"]) { } write_config(); - - if ($pconfig['interface'] != "") { - sync_snort_package_all(); - } - //touch($d_natconfdirty_path); + touch("$d_snortconfdirty_path"); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -281,20 +311,6 @@ if ($_POST["Submit"]) { exit; } } - - if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface'])) - { - $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id); - if ($snort_up_ck2_info == 'no') - { - $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">'; - }else{ - $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">'; - } - }else{ - $snort_up_ck = ''; - } - if ($_POST["Submit2"]) { @@ -327,34 +343,22 @@ if ($_POST["Submit"]) { header("Location: /snort/snort_interfaces_edit.php?id=$id"); } - - if ($_POST["Reset"]) - { - conf_mount_rw(); + /* This code needs to be below headers */ + if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface'])) + { + + $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id); - Running_Stop($snort_uuid, $if_real, $id); - sleep(2); - - /* remove all snort iface dir */ - exec('rm -r /usr/local/etc/snort/snort_*'); - exec('rm /var/log/snort/*'); - - unset($config['installedpackages']['snortglobal']['rule'][$id]); - write_config(); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); + if ($snort_up_ck2_info == 'no') { + $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">'; + }else{ + $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">'; + } - conf_mount_ro(); - - } - + }else{ + $snort_up_ck = ''; + } $pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; @@ -407,9 +411,37 @@ echo " </script> <p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> + <form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + //if (file_exists($d_snortconfdirty_path)) { + if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php @@ -444,16 +476,20 @@ if ($a_nat[$id]['interface'] != '') { } $tab_array = array(); + if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + } $tab_array[] = array("If Settings", true, "/snort/snort_interfaces_edit.php?id={$id}"); /* hide user tabs when no settings have be saved */ if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') { + if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { //$tab_array[] = array("upload", false, "/snort/snort_conf_upload.php?id={$id}"); $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); + } } display_top_tabs($tab_array); @@ -543,8 +579,7 @@ if ($a_nat[$id]['interface'] != '') { Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td> </tr> <tr> - <td width="22%" valign="top"><input name="Reset" type="submit" class="formbtn" value="Reset" onclick="return confirm('Do you really want to reset this Snort Interface?')" ><span class="red"><strong> WARNING:</strong><br> - This will reset this interface.</span> </td> + <td width="22%" valign="top"></td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <?php echo $snort_up_ck; ?> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?> diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php index e3d0daf5..ff3620a3 100644 --- a/config/snort-dev/snort_interfaces_global.php +++ b/config/snort-dev/snort_interfaces_global.php @@ -111,7 +111,11 @@ if ($_POST) { $savemsg = get_std_save_message($retval); } - } + + sync_snort_package_all(); + sync_snort_package(); + +} if ($_POST["Reset"]) { diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php index 6e634891..c522a643 100644 --- a/config/snort-dev/snort_preprocessors.php +++ b/config/snort-dev/snort_preprocessors.php @@ -33,6 +33,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); @@ -120,7 +121,29 @@ if (isset($_GET['dup'])) /* convert fake interfaces to real */ $if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); -if ($_POST) { + + + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$pconfig['uuid']}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all(); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + + + if ($_POST["Submit"]) { /* check for overlaps */ @@ -198,13 +221,16 @@ if ($_POST) { $a_nat[] = $natent; } - /* enable this if you want the user to aprove changes */ - // touch($d_natconfdirty_path); - sync_snort_package_all(); - write_config(); /* after click go to this page */ + touch($d_snortconfdirty_path); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); header("Location: snort_preprocessors.php?id=$id"); exit; } @@ -235,9 +261,35 @@ padding: 15px 10px 85% 50px; <noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> <form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + if (file_exists($d_snortconfdirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php index 53c5d379..ece409e1 100644 --- a/config/snort-dev/snort_rulesets.php +++ b/config/snort-dev/snort_rulesets.php @@ -29,9 +29,10 @@ */ require("guiconfig.inc"); -require_once("filter.inc"); -require_once("service-utils.inc"); +//require_once("filter.inc"); +//require_once("service-utils.inc"); include_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { @@ -122,7 +123,26 @@ exit(0); } -if($_POST) { + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all(); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + + if ($_POST["Submit"]) { $enabled_items = ""; $isfirst = true; if (is_array($_POST['toenable'])) { @@ -136,7 +156,11 @@ if($_POST) { $enabled_items = $_POST['toenable']; } $a_nat[$id]['rulesets'] = $enabled_items; + write_config(); + + touch($d_snortconfdirty_path); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -145,7 +169,7 @@ if($_POST) { sleep(2); sync_snort_package_all(); header("Location: /snort/snort_rulesets.php?id=$id"); - $savemsg = "The snort ruleset selections have been saved."; + } $enabled_rulesets = $a_nat[$id]['rulesets']; @@ -165,7 +189,33 @@ echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\ ?> -<?php if ($savemsg) print_info_box($savemsg); ?> +<?php + + /* Display message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + if (file_exists($d_snortconfdirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + <table width="99%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> @@ -231,7 +281,7 @@ echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\ <tr><td> </td></tr> <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr> <tr><td> </td></tr> - <tr><td><input value="Save" type="submit" name="save" id="save" /></td></tr> + <tr><td><input value="Save" type="submit" name="Submit" id="Submit" /></td></tr> </table> </div> </td> |