Make sensitive data configurable

3 files changed, 27 insertions, 6 deletions

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 54be4225..e7ba998b 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1221,6 +1221,8 @@ preprocessor dns: \
 	
 EOD;
 
+	$sensitive_data = "preprocessor sensitive_data:\n";
+
 	/* stream5 queued settings */
 	$def_max_queued_bytes_type = '';
 	if (!empty($snortcfg['max_queued_bytes']))
@@ -1257,7 +1259,7 @@ EOD;
 
 	$snort_preproc = array (
 		"perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", 
-		"sf_portscan", "dce_rpc_2", "dns_preprocessor"
+		"sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data"
 	);
 	$snort_preprocessors = "";
 	foreach ($snort_preproc as $preproc) {
@@ -1274,9 +1276,16 @@ EOD;
 	if (file_exists("{$snortcfgdir}/classification.config"))
 		$snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n";
 	if (is_dir("{$snortdir}/preproc_rules")) {
-		foreach (glob("{$snortdir}/preproc_rules/*.rules") as $file) {
-			$file = basename($file);
-			$snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/{$file}\n";
+		if ($snortcfg['sensitive_data'] && file_exists("{$snortdir}/preproc_rules/sensitive-data.rules"))
+			$snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/sensitive-data.rules/\n";
+			
+		if (file_exists("{$snortdir}/preproc_rules/decoder.rules") &&
+		    file_exists("{$snortdir}/preproc_rules/preprocessor.rules")) {
+			$snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
+			$snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
+		} else {
+			$snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
+			log_error("Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
 		}
 	} else {
 		$snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
@@ -1351,8 +1360,6 @@ preprocessor stream5_tcp: policy BSD, ports both all{$def_max_queued_bytes_type}
 preprocessor stream5_udp:
 preprocessor stream5_icmp:
 
-preprocessor sensitive_data:
-
 {$snort_preprocessors}
 
 # Ignore SSL and Encryption  #
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index e05bd938..73c67415 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -334,6 +334,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
 </table>
 </div>
 </td></tr></table>
+<script type="text/javascript">
+sortable.reverse("myTable");
+</script>
 <?php
 include("fend.inc");
 ?>
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 339c0168..6a5cca6e 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -65,6 +65,7 @@ if (isset($id) && $a_nat[$id]) {
 	$pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
 	$pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
 	$pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+	$pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
 }
 
 if ($_POST) {
@@ -86,6 +87,7 @@ if ($_POST) {
 		$natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off';
 		$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
 		$natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
+		$natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off';
 
 		if (isset($id) && $a_nat[$id])
 			$a_nat[$id] = $natent;
@@ -299,6 +301,15 @@ include_once("head.inc");
 		vulnerabilities.</td>
 	</tr>
 	<tr>
+		<td width="22%" valign="top" class="vncell">Enable <br> Sensitive Data</td>
+		<td width="78%" class="vtable">
+			<input name="sensitive_data" type="checkbox" value="on"
+			<?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>
+			onClick="enable_change(false)"><br>
+		Sensisitive data searches for CC or SS# in data
+		</td>
+	</tr>
+	<tr>
 		<td width="22%" valign="top">&nbsp;</td>
 				<td width="78%">
 					<input name="Submit" type="submit" class="formbtn" value="Save">