aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal Luçi <eri@pfsense.org>2013-12-18 00:03:40 -0800
committerErmal Luçi <eri@pfsense.org>2013-12-18 00:03:40 -0800
commit3d70590e1cd0a7b8bd309dd9d6b1f0278c3c197e (patch)
treec8823be639d342253b5cc26fdd28a861c3e9c0a4
parent419fe8a7818856bcc6badb4e8d601f0e01f31f5c (diff)
parentd1cf8edc0e9b4e4ad3ae0d14613047de4bfa2c90 (diff)
downloadpfsense-packages-3d70590e1cd0a7b8bd309dd9d6b1f0278c3c197e.tar.gz
pfsense-packages-3d70590e1cd0a7b8bd309dd9d6b1f0278c3c197e.tar.bz2
pfsense-packages-3d70590e1cd0a7b8bd309dd9d6b1f0278c3c197e.zip
Merge pull request #558 from bmeeks8/master
Snort Package 3.0.1 Update
-rwxr-xr-xconfig/snort/snort.inc81
-rwxr-xr-xconfig/snort/snort.xml11
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php11
-rwxr-xr-xconfig/snort/snort_download_updates.php7
-rw-r--r--config/snort/snort_frag3_engine.php13
-rw-r--r--config/snort/snort_ftp_client_engine.php17
-rw-r--r--config/snort/snort_ftp_server_engine.php13
-rw-r--r--config/snort/snort_httpinspect_engine.php15
-rw-r--r--config/snort/snort_import_aliases.php6
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php2
-rw-r--r--config/snort/snort_migrate_config.php19
-rw-r--r--config/snort/snort_post_install.php61
-rwxr-xr-xconfig/snort/snort_preprocessors.php16
-rwxr-xr-xconfig/snort/snort_rules.php2
-rw-r--r--config/snort/snort_rules_flowbits.php33
-rwxr-xr-xconfig/snort/snort_rulesets.php2
-rw-r--r--config/snort/snort_select_alias.php47
-rw-r--r--config/snort/snort_stream5_engine.php19
-rw-r--r--config/widget-snort/snort_alerts.js2
-rw-r--r--config/widget-snort/snort_alerts.widget.php30
-rw-r--r--config/widget-snort/widget-snort.xml2
-rw-r--r--pkg_config.8.xml6
-rw-r--r--pkg_config.8.xml.amd646
23 files changed, 215 insertions, 206 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index af1c0993..79fef4fa 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -5,6 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009-2010 Robert Zelaya
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013 Bill Meeks
* part of pfSense
* All rights reserved.
*
@@ -45,24 +46,22 @@ ini_set("memory_limit", "192M");
// Explicitly declare this as global so it works through function call includes
global $rebuild_rules, $pfSense_snort_version;
-// Grab the Snort binary version programmatically
+// Grab the Snort binary version programmatically, but if that fails use a safe default
$snortver = array();
exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
$snort_version = $snortver[0];
+if (empty($snort_version))
+ $snort_version = "2.9.5.5";
/* package version */
-$pfSense_snort_version = "3.0.0";
-$snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}";
-
-// Define SNORTDIR and SNORTLIBDIR constants according to FreeBSD version (PBI support or no PBI)
-if (floatval(php_uname("r")) >= 8.3) {
- exec("/usr/local/sbin/pbi_info | grep 'snort-{$snort_version}' | xargs /usr/local/sbin/pbi_info | awk '/Prefix/ {print $2}'",$pbidirarray);
- $snort_pbidir = "{$pbidirarray[0]}";
- /* In case this is an initial Snort install and pbi_info() above returned null, set a sane default value */
- if (empty($snort_pbidir))
- $snort_pbidir = "/usr/pbi/snort-" . php_uname("m");
- define("SNORTDIR", "{$snort_pbidir}/etc/snort");
- define("SNORTLIBDIR", "{$snort_pbidir}/lib/snort");
+$pfSense_snort_version = "3.0.1";
+$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}";
+
+// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version
+$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pfs_version > 2.0) {
+ define("SNORTDIR", "/usr/pbi/snort-" . php_uname("m") . "/etc/snort");
+ define("SNORTLIBDIR", "/usr/pbi/snort-" . php_uname("m") . "/lib/snort");
}
else {
define("SNORTDIR", "/usr/local/etc/snort");
@@ -2700,32 +2699,38 @@ EOD;
// Setup the standard FTP commands used for all FTP Server engines
$ftp_cmds = <<<EOD
- ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
- ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
- ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
- ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
- ftp_cmds { FEAT CEL CMD MACB } \
- ftp_cmds { MDTM REST SIZE MLST MLSD } \
- ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
- alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
- alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
- alt_max_param_len 256 { RNTO CWD } \
+ ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
+ ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
+ ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
+ ftp_cmds { LPSV MACB MAIL MDTM MFMT MIC MKD MLSD MLST } \
+ ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
+ ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
+ ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
+ ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
+ ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
+ ftp_cmds { XSEN XSHA1 XSHA256 } \
+ alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
+ alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
+ alt_max_param_len 256 { CWD RNTO } \
alt_max_param_len 400 { PORT } \
- alt_max_param_len 512 { SIZE } \
- chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
- chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
- chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
- chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
- chk_str_fmt { FEAT CEL CMD } \
- chk_str_fmt { MDTM REST SIZE MLST MLSD } \
- chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- cmd_validity MODE < char ASBCZ > \
- cmd_validity STRU < char FRP > \
- cmd_validity ALLO < int [ char R int ] > \
- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
+ alt_max_param_len 512 { MFMT SIZE } \
+ chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
+ chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
+ chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
+ chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
+ chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
+ chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
+ chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \
+ chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
+ cmd_validity MACB < string > \
cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
- cmd_validity PORT < host_port >
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity PORT < host_port > \
+ cmd_validity PROT < char CSEP > \
+ cmd_validity STRU < char FRPO [ string ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
EOD;
@@ -3123,6 +3128,8 @@ EOD;
$sdf_mask_output = "\\\n\tmask_output";
else
$sdf_mask_output = "";
+ if (empty($snortcfg['sdf_alert_threshold']))
+ $snortcfg['sdf_alert_threshold'] = 25;
$sensitive_data = <<<EOD
# SDF preprocessor #
preprocessor sensitive_data: \
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 412974b5..c50c066a 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -42,12 +42,12 @@
/* ========================================================================== */
]]>
</copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
+ <description>Snort IDS/IPS Package</description>
+ <requirements>None</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.9.5.5</version>
- <title>Services:2.9.5.5 pkg v. 3.0.0</title>
+ <title>Services:2.9.5.5 pkg v3.0.1</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
@@ -244,7 +244,7 @@
</custom_add_php_command>
<custom_php_resync_config_command>
<![CDATA[
- if ($GLOBALS['pfSense_snort_version'] == "3.0.0")
+ if ($GLOBALS['pfSense_snort_version'] == "3.0.1")
sync_snort_package_config();
]]>
</custom_php_resync_config_command>
@@ -254,7 +254,8 @@
]]>
</custom_php_install_command>
<custom_php_deinstall_command>
+ <![CDATA[
snort_deinstall();
+ ]]>
</custom_php_deinstall_command>
</packagegui>
-
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 28539f1f..a93aef56 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -5,6 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009 Robert Zelaya
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -88,10 +89,15 @@ $et_enabled = $config['installedpackages']['snortglobal']['emergingthreats'];
$tmpfname = "{$snortdir}/tmp/snort_rules_up";
/* Grab the Snort binary version programmatically and use it to construct */
-/* the proper Snort VRT rules tarball and md5 filenames. */
+/* the proper Snort VRT rules tarball and md5 filenames. Fallback to a */
+/* default in the event we fail. */
+$snortver = array();
exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
// Save the version with decimal delimiters for use in extracting the rules
$snort_version = $snortver[0];
+if (empty($snort_version))
+ $snort_version = "2.9.5.5";
+
// Create a collapsed version string for use in the tarball filename
$snortver[0] = str_replace(".", "", $snortver[0]);
$snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz";
@@ -695,8 +701,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
}
/* Start the rules rebuild proccess for each configured interface */
- if (is_array($config['installedpackages']['snortglobal']['rule']) &&
- !empty($config['installedpackages']['snortglobal']['rule'])) {
+ if (is_array($config['installedpackages']['snortglobal']['rule'])) {
/* Set the flag to force rule rebuilds since we downloaded new rules, */
/* except when in post-install mode. Post-install does its own rebuild. */
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 1db5b6a0..5c9b8210 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -43,9 +43,14 @@ $log = $snort_rules_upd_log;
/* Grab the Snort binary version programmatically and */
/* use it to construct the proper Snort VRT rules */
-/* tarball filename. */
+/* tarball filename. Fallback to a safe default if */
+/* we fail. */
+$snortver = array();
exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
+if (empty($snortver[0]))
+ $snortver[0] = "2.9.5.5";
$snortver[0] = str_replace(".", "", $snortver[0]);
+
$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz";
//$snort_rules_file = VRT_DNLD_FILENAME;
$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php
index f344771b..89a21dc8 100644
--- a/config/snort/snort_frag3_engine.php
+++ b/config/snort/snort_frag3_engine.php
@@ -1,16 +1,7 @@
<?php
/*
* snort_frag3_engine.php
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -246,7 +237,7 @@ if ($savemsg)
<td class="vexpl"><input name="frag3_bind_to" type="text" class="formfldalias" id="frag3_bind_to" size="32"
value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes'"
+ <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php
index a9f5e82b..b039df5b 100644
--- a/config/snort/snort_ftp_client_engine.php
+++ b/config/snort/snort_ftp_client_engine.php
@@ -1,16 +1,7 @@
<?php
/*
* snort_ftp_client_engine.php
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -277,7 +268,7 @@ if ($savemsg)
<td class="vexpl"><input name="ftp_bind_to" type="text" class="formfldalias" id="ftp_bind_to" size="32"
value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off" >&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import'"
+ <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -337,7 +328,7 @@ if ($savemsg)
value="<?=htmlspecialchars($pconfig['bounce_to_net']);?>" title="<?=trim(filter_expand_alias($pconfig['bounce_to_net']));?>" autocomplete="off"><span class="vexpl">&nbsp;
<?php echo gettext("Default is ") . "<strong>" . gettext("blank") . "</strong>.";?></span>
</td>
- <td class="vexpl">&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bounce_to_net&act=import'"
+ <td class="vexpl">&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bounce_to_net&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/>
</td>
</tr>
@@ -347,7 +338,7 @@ if ($savemsg)
value="<?=htmlspecialchars($pconfig['bounce_to_port']);?>" title="<?=trim(filter_expand_alias($pconfig['bounce_to_port']));?>" autocomplete="off"><span class="vexpl">&nbsp;
<?php echo gettext("Default is ") . "<strong>" . gettext("blank") . "</strong>.";?></span>
</td>
- <td class="vexpl">&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=bounce_to_port&act=import'"
+ <td class="vexpl">&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=bounce_to_port&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing port alias");?>"/>
</td>
</tr>
diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php
index 8f462ca9..e70033e7 100644
--- a/config/snort/snort_ftp_server_engine.php
+++ b/config/snort/snort_ftp_server_engine.php
@@ -1,16 +1,7 @@
<?php
/*
* snort_ftp_server_engine.php
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -248,7 +239,7 @@ if ($savemsg)
<td class="vexpl"><input name="ftp_bind_to" type="text" class="formfldalias" id="ftp_bind_to" size="32"
value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import'"
+ <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php
index 58488f2d..94d3364f 100644
--- a/config/snort/snort_httpinspect_engine.php
+++ b/config/snort/snort_httpinspect_engine.php
@@ -1,16 +1,7 @@
<?php
/*
* snort_httpinspect_engine.php
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -357,7 +348,7 @@ if ($savemsg)
<td class="vexpl"><input name="httpinspect_bind_to" type="text" class="formfldalias" id="httpinspect_bind_to" size="32"
value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes'"
+ <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -381,7 +372,7 @@ if ($savemsg)
<td class="vexpl"><input name="httpinspect_ports" type="text" class="formfldalias" id="httpinspect_ports" size="25"
value="<?=htmlspecialchars($pconfig['ports']);?>" title="<?=trim(filter_expand_alias($pconfig['ports']));?>">
<?php echo gettext("Specifiy which ports to check for HTTP data.");?></td>
- <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports&act=import'"
+ <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing port alias");?>"/></td>
</tr>
<tr>
diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php
index d9f751cd..77cd5490 100644
--- a/config/snort/snort_import_aliases.php
+++ b/config/snort/snort_import_aliases.php
@@ -2,11 +2,7 @@
/* $Id$ */
/*
snort_import_aliases.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2013 Bill Meeks
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index 9fb97be1..cbc31378 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -274,7 +274,7 @@ if ($savemsg)
<td width="78%" class="vtable">
<input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>"
title="<?=trim(filter_expand_alias($pconfig['address']));?>" />
- &nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes'"
+ &nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/>
</td>
</tr>
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index 35dd3847..1a555408 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -2,10 +2,7 @@
/*
* snort_migrate_config.inc
*
- * Copyright (C) 2006 Scott Ullrich
- * Copyright (C) 2009-2010 Robert Zelaya
- * Copyright (C) 2011-2012 Ermal Luci
- * part of pfSense
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -279,6 +276,18 @@ foreach ($rule as &$r) {
$pconfig['ftp_server_engine']['item'][] = $default;
}
+ // Set sensible defaults for new SDF options if SDF is enabled
+ if ($pconfig['sensitive_data'] == 'on') {
+ if (empty($pconfig['sdf_alert_threshold'])) {
+ $pconfig['sdf_alert_threshold'] = 25;
+ $updated_cfg = true;
+ }
+ if (empty($pconfig['sdf_alert_data_type'])) {
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
+ $updated_cfg = true;
+ }
+ }
+
// Save the new configuration data into the $config array pointer
$r = $pconfig;
}
@@ -287,7 +296,7 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.0";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.1";
log_error("[Snort] Saving configuration settings in new format...");
write_config();
log_error("[Snort] Settings successfully migrated to new configuration format...");
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 2ef0bde9..a7b54503 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -5,6 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009-2010 Robert Zelaya
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013 Bill Meeks
* part of pfSense
* All rights reserved.
*
@@ -282,32 +283,38 @@ EOD;
// Setup the standard FTP commands used for all FTP Server engines
$ftp_cmds = <<<EOD
- ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
- ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
- ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
- ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
- ftp_cmds { FEAT CEL CMD MACB } \
- ftp_cmds { MDTM REST SIZE MLST MLSD } \
- ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
- alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
- alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
- alt_max_param_len 256 { RNTO CWD } \
+ ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
+ ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
+ ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
+ ftp_cmds { LPSV MACB MAIL MDTM MFMT MIC MKD MLSD MLST } \
+ ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
+ ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
+ ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
+ ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
+ ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
+ ftp_cmds { XSEN XSHA1 XSHA256 } \
+ alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
+ alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
+ alt_max_param_len 256 { CWD RNTO } \
alt_max_param_len 400 { PORT } \
- alt_max_param_len 512 { SIZE } \
- chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
- chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
- chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
- chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
- chk_str_fmt { FEAT CEL CMD } \
- chk_str_fmt { MDTM REST SIZE MLST MLSD } \
- chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- cmd_validity MODE < char ASBCZ > \
- cmd_validity STRU < char FRP > \
- cmd_validity ALLO < int [ char R int ] > \
- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
+ alt_max_param_len 512 { MFMT SIZE } \
+ chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
+ chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
+ chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
+ chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
+ chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
+ chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
+ chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \
+ chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
+ cmd_validity MACB < string > \
cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
- cmd_validity PORT < host_port >
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity PORT < host_port > \
+ cmd_validity PROT < char CSEP > \
+ cmd_validity STRU < char FRPO [ string ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
EOD;
@@ -705,6 +712,8 @@ EOD;
$sdf_mask_output = "\\\n\tmask_output";
else
$sdf_mask_output = "";
+ if (empty($snortcfg['sdf_alert_threshold']))
+ $snortcfg['sdf_alert_threshold'] = 25;
$sensitive_data = <<<EOD
# SDF preprocessor #
preprocessor sensitive_data: \
@@ -1443,6 +1452,10 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
}
}
+/* Update Snort package version in configuration */
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.1";
+write_config();
+
/* Done with post-install, so clear flag */
unset($g['snort_postinstall']);
log_error(gettext("[Snort] Package post-installation tasks completed..."));
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 1d47ccdb..289a3941 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -6,6 +6,7 @@
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -263,6 +264,8 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ftp_telnet_detect_anomalies'] = 'on';
if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0)
$pconfig['ftp_telnet_ayt_attack_threshold'] = '20';
+ if (empty($pconfig['sdf_alert_data_type']))
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
if (empty($pconfig['sdf_alert_threshold']))
$pconfig['sdf_alert_threshold'] = '25';
if (empty($pconfig['sdf_mask_output']))
@@ -411,7 +414,7 @@ if ($_POST['ResetAll']) {
$pconfig['dce_rpc_2'] = "on";
$pconfig['dns_preprocessor'] = "on";
$pconfig['sensitive_data'] = "off";
- $pconfig['sdf_alert_data_type'] = "";
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
$pconfig['sdf_alert_threshold'] = "25";
$pconfig['sdf_mask_output'] = "off";
$pconfig['ssl_preproc'] = "on";
@@ -437,8 +440,8 @@ elseif ($_POST['Submit']) {
// Validate SDF alert threshold and alert data type values if SDF is enabled
if ($_POST['sensitive_data'] == 'on') {
- if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 4294067295)
- $input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 4,294,067,295.");
+ if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 65535)
+ $input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 65,535.");
if (empty($_POST['sdf_alert_data_type']))
$input_errors[] = gettext("You must select at least one sensitive data type to inspect for when Sensitive Data detection is enabled.");
}
@@ -469,6 +472,9 @@ elseif ($_POST['Submit']) {
if ($_POST['ftp_telnet_ayt_attack_threshold'] != "") { $natent['ftp_telnet_ayt_attack_threshold'] = $_POST['ftp_telnet_ayt_attack_threshold']; }else{ $natent['ftp_telnet_ayt_attack_threshold'] = "20"; }
if ($_POST['sdf_alert_threshold'] != "") { $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold']; }else{ $natent['sdf_alert_threshold'] = "25"; }
+ // Set SDF inspection types
+ $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']);
+
$natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off';
$natent['host_attribute_table'] = $_POST['host_attribute_table'] ? 'on' : 'off';
$natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off';
@@ -484,8 +490,6 @@ elseif ($_POST['Submit']) {
$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
$natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
$natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off';
- $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']);
- $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold'];
$natent['sdf_mask_output'] = $_POST['sdf_mask_output'] ? 'on' : 'off';
$natent['ssl_preproc'] = $_POST['ssl_preproc'] ? 'on' : 'off';
$natent['pop_preproc'] = $_POST['pop_preproc'] ? 'on' : 'off';
@@ -1220,7 +1224,7 @@ include_once("head.inc");
value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>">&nbsp;&nbsp;<?php echo gettext("Leave blank for default. ") .
gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.</td>
<td class="vexpl" align="right">
- <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes'"
+ <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 48d26d1d..0434f88f 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -528,7 +528,7 @@ if ($savemsg) {
<tr>
<td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" .
gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") .
- "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
+ "<a href='snort_rules_flowbits.php?id={$id}&openruleset={$currentruleset}&returl=" . urlencode($_SERVER['PHP_SELF']) . "' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
gettext("clicking here") . ".</a>";?></td>
</tr>
<?php endif;?>
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index 2f13d6bc..325276ee 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -1,16 +1,7 @@
<?php
/*
* snort_rules_flowbits.php
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -51,18 +42,23 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
// Set who called us so we can return to the correct page with
-// the RETURN button. We will just trust this User-Agent supplied
-// string for now.
+// the RETURN button. Save the original referrer and the query
+// string in session variables.
session_start();
-if(!isset($_SESSION['org_referer']))
- $_SESSION['org_referer'] = $_SERVER['HTTP_REFERER'];
-$referrer = $_SESSION['org_referer'];
+if (!isset($_SESSION['org_referrer']) || isset($_GET['returl'])) {
+ $_SESSION['org_referrer'] = urldecode($_GET['returl']);
+ $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING'];
+}
+$referrer = $_SESSION['org_referrer'];
+$querystr = $_SESSION['org_querystr'];
+session_write_close();
if ($_POST['cancel']) {
session_start();
- unset($_SESSION['org_referer']);
+ unset($_SESSION['org_referrer']);
+ unset($_SESSION['org_querystr']);
session_write_close();
- header("Location: {$referrer}");
+ header("Location: {$referrer}?{$querystr}");
exit;
}
@@ -71,7 +67,8 @@ if (isset($_POST['id']))
$id = $_POST['id'];
if (is_null($id)) {
session_start();
- unset($_SESSION['org_referer']);
+ unset($_SESSION['org_referrer']);
+ unset($_SESSION['org_querystr']);
session_write_close();
header("Location: /snort/snort_interfaces.php");
exit;
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 3b7ef916..62b68a1b 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -330,7 +330,7 @@ if ($savemsg) {
</tr>
<tr>
<td width="15%" class="listn"><?php echo gettext("Auto Flowbit Rules"); ?></td>
- <td width="85%"><input type="button" class="formbtns" value="View" onclick="parent.location='snort_rules_flowbits.php?id=<?=$id;?>'" <?php echo $btn_view_flowb_rules; ?>/>
+ <td width="85%"><input type="button" class="formbtns" value="View" onclick="parent.location='snort_rules_flowbits.php?id=<?=$id;?>&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" <?php echo $btn_view_flowb_rules; ?>/>
&nbsp;&nbsp;<span class="vexpl"><?php echo gettext("Click to view auto-enabled rules required to satisfy flowbit dependencies"); ?></span></td>
</tr>
<tr>
diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php
index bd0a02e2..c5c6347e 100644
--- a/config/snort/snort_select_alias.php
+++ b/config/snort/snort_select_alias.php
@@ -2,11 +2,7 @@
/* $Id$ */
/*
snort_select_alias.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2013 Bill Meeks
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -35,38 +31,37 @@ require("guiconfig.inc");
require_once("functions.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-// Set who called us so we can return to the correct page with
-// the RETURN button. We will just trust this User-Agent supplied
-// string for now. Check and make sure we don't store this page
-// as the referrer so we don't stick the user in a loop.
-session_start();
-if(!isset($_SESSION['org_referer']) && strpos($_SERVER['HTTP_REFERER'], $SERVER['PHP_SELF']) === false)
- $_SESSION['org_referer'] = substr($_SERVER['HTTP_REFERER'], 0, strpos($_SERVER['HTTP_REFERER'], "?"));
-$referrer = $_SESSION['org_referer'];
+// Need to keep track of who called us so we can return to the correct page
+// when the SAVE button is clicked. On initial entry, a GET variable is
+// passed with the referrer's URL encoded within. That value is saved and
+// used when SAVE or CANCEL is clicked to return to the referring page.
+//
-// Get the QUERY_STRING from our referrer so we can return it.
-if(!isset($_SESSION['org_querystr']))
- $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING'];
-$querystr = $_SESSION['org_querystr'];
+// Retrieve the QUERY STRING of the original referrer so we can return it.
+// On the initial pass, we will save it in a hidden POST field so we won't
+// overwrite it on subsequent POST-BACKs to this page.
+if (!isset($_POST['org_querystr']))
+ $querystr = $_SERVER['QUERY_STRING'];
// Retrieve any passed QUERY STRING or POST variables
$type = $_GET['type'];
$varname = $_GET['varname'];
$multi_ip = $_GET['multi_ip'];
+$referrer = urldecode($_GET['returl']);
if (isset($_POST['type']))
$type = $_POST['type'];
if (isset($_POST['varname']))
$varname = $_POST['varname'];
if (isset($_POST['multi_ip']))
$multi_ip = $_POST['multi_ip'];
+if (isset($_POST['returl']))
+ $referrer = urldecode($_POST['returl']);
+if (isset($_POST['org_querystr']))
+ $querystr = $_POST['org_querystr'];
// Make sure we have a valid VARIABLE name
// and ALIAS TYPE, or else bail out.
if (is_null($type) || is_null($varname)) {
- session_start();
- unset($_SESSION['org_referer']);
- unset($_SESSION['org_querystr']);
- session_write_close();
header("Location: http://{$referrer}?{$querystr}");
exit;
}
@@ -103,10 +98,6 @@ switch (count($a_types)) {
}
if ($_POST['cancel']) {
- session_start();
- unset($_SESSION['org_referer']);
- unset($_SESSION['org_querystr']);
- session_write_close();
header("Location: {$referrer}?{$querystr}");
exit;
}
@@ -118,10 +109,6 @@ if ($_POST['save']) {
// if no errors, write new entry to conf
if (!$input_errors) {
$selection = $_POST['alias'];
- session_start();
- unset($_SESSION['org_referer']);
- unset($_SESSION['org_querystr']);
- session_write_close();
header("Location: {$referrer}?{$querystr}&varvalue={$selection}");
exit;
}
@@ -138,6 +125,8 @@ include("head.inc");
<input type="hidden" name="varname" value="<?=$varname;?>">
<input type="hidden" name="type" value="<?=$type;?>">
<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>">
+<input type="hidden" name="returl" value="<?=$referrer;?>">
+<input type="hidden" name="org_querystr" value="<?=$querystr;?>">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php
index 33fade40..b3d81f37 100644
--- a/config/snort/snort_stream5_engine.php
+++ b/config/snort/snort_stream5_engine.php
@@ -1,16 +1,7 @@
<?php
/*
* snort_stream5_engine.php
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -390,7 +381,7 @@ if ($savemsg)
<td class="vexpl"><input name="stream5_bind_to" type="text" class="formfldalias" id="stream5_bind_to" size="32"
value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
<?php echo gettext("IP address or network to bind this engine to."); ?></td>
- <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=no'"
+ <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=no&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -435,7 +426,7 @@ if ($savemsg)
value="<?=htmlspecialchars($pconfig['ports_client']);?>" title="<?=trim(filter_expand_alias($pconfig['ports_client']));?>" autocomplete="off"><span class="vexpl">&nbsp;
<?php echo gettext("Default value is the keyword ") . "<strong>" . gettext("default") . "</strong>.";?></span>
</td>
- <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_client&act=import'"
+ <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_client&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing port alias");?>"/>
</td>
</tr>
@@ -445,7 +436,7 @@ if ($savemsg)
value="<?=htmlspecialchars($pconfig['ports_server']);?>" title="<?=trim(filter_expand_alias($pconfig['ports_server']));?>" autocomplete="off"><span class="vexpl">&nbsp;
<?php echo gettext("Default value is the keyword ") . "<strong>" . gettext("none") . "</strong>.";?></span>
</td>
- <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_server&act=import'"
+ <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_server&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing port alias");?>"/>
</td>
</tr>
@@ -455,7 +446,7 @@ if ($savemsg)
value="<?=htmlspecialchars($pconfig['ports_both']);?>" title="<?=trim(filter_expand_alias($pconfig['ports_both']));?>" autocomplete="off"><span class="vexpl">&nbsp;
<?php echo gettext("Default value is the keyword ") . "<strong>" . gettext("default") . "</strong>.";?></span>
</td>
- <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_both&act=import'"
+ <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_both&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing port alias");?>"/>
</td>
</tr>
diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js
index 0c2d9ca6..c5c743df 100644
--- a/config/widget-snort/snort_alerts.js
+++ b/config/widget-snort/snort_alerts.js
@@ -1,7 +1,7 @@
var snortlines = Array();
var snorttimer;
-var snortupdateDelay = 25500;
+var snortupdateDelay = 22000;
var snortisBusy = false;
var snortisPaused = false;
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php
index f4eaa140..691b03a3 100644
--- a/config/widget-snort/snort_alerts.widget.php
+++ b/config/widget-snort/snort_alerts.widget.php
@@ -26,6 +26,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+require_once("guiconfig.inc");
require_once("/usr/local/www/widgets/include/widget-snort.inc");
global $config, $g;
@@ -61,7 +62,14 @@ function sksort(&$array, $subkey="id", $sort_ascending=false) {
};
/* check if firewall widget variable is set */
-if (!isset($nentries)) $nentries = 5;
+$nentries = $config['widgets']['widget_snort_display_lines'];
+if (!isset($nentries) || $nentries < 0) $nentries = 5;
+
+if(isset($_POST['widget_snort_display_lines'])) {
+ $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines'];
+ write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard");
+ header("Location: ../../index.php");
+}
/* check if Snort include file exists before we use it */
if (file_exists("/usr/local/pkg/snort/snort.inc")) {
@@ -121,6 +129,16 @@ if (file_exists("/usr/local/pkg/snort/snort.inc")) {
/* display the result */
?>
+
+<input type="hidden" id="snort_alerts-config" name="snort_alerts-config" value="" />
+<div id="snort_alerts-settings" class="widgetconfigdiv" style="display:none;">
+ <form action="/widgets/widgets/snort_alerts.widget.php" method="post" name="iformd">
+ Enter number of recent alerts to display (default is 5)<br/>
+ <input type="text" size="5" name="widget_snort_display_lines" class="formfld unknown" id="widget_snort_display_lines" value="<?= $config['widgets']['widget_snort_display_lines'] ?>" />
+ &nbsp;&nbsp;<input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" />
+ </form>
+</div>
+
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr class="snort-alert-header">
@@ -150,3 +168,13 @@ if (is_array($snort_alerts)) {
?>
</tbody>
</table>
+
+<!-- needed to display the widget settings menu -->
+<script type="text/javascript">
+//<![CDATA[
+ selectIntLink = "snort_alerts-configure";
+ textlink = document.getElementById(selectIntLink);
+ textlink.style.display = "inline";
+//]]>
+</script>
+
diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml
index 29edcc3f..1a371ca5 100644
--- a/config/widget-snort/widget-snort.xml
+++ b/config/widget-snort/widget-snort.xml
@@ -46,7 +46,7 @@
<requirements>Dashboard package and Snort</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>widget-snort</name>
- <version>0.3.5</version>
+ <version>0.3.6</version>
<title>Widget - Snort</title>
<include_file>/usr/local/www/widgets/include/widget-snort.inc</include_file>
<additional_files_needed>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 0a04d15c..e75f5abf 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -497,7 +497,7 @@
<configurationfile>vhosts.xml</configurationfile>
</package>
<package>
- <name>snort</name>
+ <name>Snort</name>
<pkginfolink></pkginfolink>
<website>http://www.snort.org</website>
<descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr>
@@ -525,7 +525,7 @@
<!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. -->
<build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_SET=TARGETBASED PERFPROFILE DECODERPRE REACT FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITH_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options>
<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.9.5.5 pkg v. 3.0.0</version>
+ <version>2.9.5.5 pkg v3.0.1</version>
<required_version>2.0</required_version>
<status>Stable</status>
<configurationfile>/snort.xml</configurationfile>
@@ -1559,7 +1559,7 @@
<descr>Dashboard widget for Snort.</descr>
<category>System</category>
<config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file>
- <version>0.3.5</version>
+ <version>0.3.6</version>
<status>BETA</status>
<required_version>1.2</required_version>
<configurationfile>widget-snort.xml</configurationfile>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 0376a7df..0a7baf69 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -484,7 +484,7 @@
<configurationfile>vhosts.xml</configurationfile>
</package>
<package>
- <name>snort</name>
+ <name>Snort</name>
<pkginfolink></pkginfolink>
<website>http://www.snort.org</website>
<descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr>
@@ -512,7 +512,7 @@
<!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. -->
<build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_SET=TARGETBASED PERFPROFILE DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITH_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options>
<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.9.5.5 pkg v. 3.0.0</version>
+ <version>2.9.5.5 pkg v3.0.1</version>
<required_version>2.0</required_version>
<status>Stable</status>
<configurationfile>/snort.xml</configurationfile>
@@ -1546,7 +1546,7 @@
<descr>Dashboard widget for Snort.</descr>
<category>System</category>
<config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file>
- <version>0.3.5</version>
+ <version>0.3.6</version>
<status>BETA</status>
<required_version>1.2</required_version>
<configurationfile>widget-snort.xml</configurationfile>