aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2006-09-27 16:51:08 +0000
committerScott Ullrich <sullrich@pfsense.org>2006-09-27 16:51:08 +0000
commit5bb0b3067102bcac7ab1082b9258d4b025a7ee08 (patch)
treed2332c58c7dd83884bed83276798c167f09d65b7
parent6755319e6d74c3b404927298c0c788d294345287 (diff)
downloadpfsense-packages-5bb0b3067102bcac7ab1082b9258d4b025a7ee08.tar.gz
pfsense-packages-5bb0b3067102bcac7ab1082b9258d4b025a7ee08.tar.bz2
pfsense-packages-5bb0b3067102bcac7ab1082b9258d4b025a7ee08.zip
Add Snort alerts log viewer
-rw-r--r--packages/snort/snort.xml9
-rw-r--r--packages/snort/snort_alerts.php88
-rw-r--r--packages/snort/snort_blocked.php1
-rw-r--r--packages/snort/snort_download_rules.php1
-rw-r--r--packages/snort/snort_rulesets.php1
-rw-r--r--packages/snort/snort_whitelist.xml4
6 files changed, 104 insertions, 0 deletions
diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml
index dd6b5a2e..0b0a93a2 100644
--- a/packages/snort/snort.xml
+++ b/packages/snort/snort.xml
@@ -44,6 +44,11 @@
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item>
+ </additional_files_needed>
<service>
<name>snort</name>
<rcfile>snort.sh</rcfile>
@@ -72,6 +77,10 @@
<text>Snort Whitelist</text>
<url>/pkg.php?xml=snort_whitelist.xml</url>
</tab>
+ <tab>
+ <text>Snort Alerts</text>
+ <url>/snort_alerts.php</url>
+ </tab>
</tabs>
<fields>
<field>
diff --git a/packages/snort/snort_alerts.php b/packages/snort/snort_alerts.php
new file mode 100644
index 00000000..e0ba80f2
--- /dev/null
+++ b/packages/snort/snort_alerts.php
@@ -0,0 +1,88 @@
+<?php
+/* $Id$ */
+/*
+ snort_alerts.php
+ part of pfSense
+
+ Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+$snort_logfile = "{$g['varlog_path']}/snort/alerts";
+
+$nentries = $config['syslog']['nentries'];
+if (!$nentries)
+ $nentries = 50;
+
+if ($_POST['clear']) {
+ exec("killall syslogd");
+ exec("/usr/sbin/clog -i -s 262144 {$snort_logfile}");
+ system_syslogd_start();
+}
+
+$pgtitle = "Services: Snort: Snort Alerts";
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Snort Rules Update"), false, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Snort Alerts"), true, "/snort_alerts.php");
+ display_top_tabs($tab_array);
+?>
+ </td></tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td colspan="2" class="listtopic">
+ Last <?=$nentries;?> Snort Alert entries</td>
+ </tr>
+ <?php dump_clog($snort_logfile, $nentries); ?>
+ <tr><td><br><form action="diag_logs_slbd.php" method="post">
+ <input name="clear" type="submit" class="formbtn" value="Clear log"></td></tr>
+ </table>
+ </div>
+ </form>
+ </td>
+ </tr>
+</table>
+<?php include("fend.inc"); ?>
+<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>">
+</body>
+</html>
diff --git a/packages/snort/snort_blocked.php b/packages/snort/snort_blocked.php
index 52cb3202..d08a7f6a 100644
--- a/packages/snort/snort_blocked.php
+++ b/packages/snort/snort_blocked.php
@@ -62,6 +62,7 @@ include("head.inc");
$tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php");
$tab_array[] = array(gettext("Snort Blocked"), true, "/snort_blocked.php");
$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
display_top_tabs($tab_array);
?>
</td>
diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php
index c1126400..d0309e18 100644
--- a/packages/snort/snort_download_rules.php
+++ b/packages/snort/snort_download_rules.php
@@ -74,6 +74,7 @@ include("head.inc");
$tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php");
$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
display_top_tabs($tab_array);
?>
</td>
diff --git a/packages/snort/snort_rulesets.php b/packages/snort/snort_rulesets.php
index acb2da00..9950c96b 100644
--- a/packages/snort/snort_rulesets.php
+++ b/packages/snort/snort_rulesets.php
@@ -80,6 +80,7 @@ include("head.inc");
$tab_array[] = array(gettext("Snort Rulesets"), true, "/snort_rulesets.php");
$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
display_top_tabs($tab_array);
?>
</td>
diff --git a/packages/snort/snort_whitelist.xml b/packages/snort/snort_whitelist.xml
index e016db72..902bf299 100644
--- a/packages/snort/snort_whitelist.xml
+++ b/packages/snort/snort_whitelist.xml
@@ -27,6 +27,10 @@
<url>/pkg.php?xml=snort_whitelist.xml</url>
<active/>
</tab>
+ <tab>
+ <text>Snort Alerts</text>
+ <url>/snort_alerts.php</url>
+ </tab>
</tabs>
<adddeleteeditpagefields>
<columnitem>