diff options
| author | robiscool <robrob2626@yahoo.com> | 2009-11-17 22:56:02 -0800 |
|---|---|---|
| committer | robiscool <robrob2626@yahoo.com> | 2009-11-17 22:56:02 -0800 |
| commit | 0b5df72ea1ccb50d917ba7c3e3e41bb0ef6037d6 (patch) | |
| tree | d921158ffba8244e6dd279952bfb2e81075dd06f | |
| parent | 4f16a44b64888642de91c994b3da4dc9cc6ed89d (diff) | |
| download | pfsense-packages-0b5df72ea1ccb50d917ba7c3e3e41bb0ef6037d6.tar.gz pfsense-packages-0b5df72ea1ccb50d917ba7c3e3e41bb0ef6037d6.tar.bz2 pfsense-packages-0b5df72ea1ccb50d917ba7c3e3e41bb0ef6037d6.zip | |
snort-dev, almost done with the new gui
| -rw-r--r-- | config/snort-dev/NOTES.txt | 23 | ||||
| -rw-r--r-- | config/snort-dev/pfsense_rules/local.rules | 12 | ||||
| -rw-r--r-- | config/snort-dev/snort.xml | 39 | ||||
| -rw-r--r-- | config/snort-dev/snort_barnyard.php | 294 | ||||
| -rw-r--r-- | config/snort-dev/snort_base_files.inc | 2025 | ||||
| -rw-r--r-- | config/snort-dev/snort_blocked.php | 174 | ||||
| -rw-r--r-- | config/snort-dev/snort_define_servers.php | 494 | ||||
| -rw-r--r-- | config/snort-dev/snort_interfaces_edit.php | 44 | ||||
| -rw-r--r-- | config/snort-dev/snort_rules.php | 645 | ||||
| -rw-r--r-- | config/snort-dev/snort_rules_edit.php | 439 | ||||
| -rw-r--r-- | config/snort-dev/snort_rulesets.php | 258 | ||||
| -rw-r--r-- | config/snort/pfsense_rules/local.rules | 12 |
12 files changed, 2402 insertions, 2057 deletions
diff --git a/config/snort-dev/NOTES.txt b/config/snort-dev/NOTES.txt new file mode 100644 index 00000000..7b405dab --- /dev/null +++ b/config/snort-dev/NOTES.txt @@ -0,0 +1,23 @@ + + +November 17 2009 + +If you work on this package just comment on every thing you change. + + +Gui is almost done. + +The Gui works just the interface tabs have to be pointed to the right files. + +snort.inc +Must be recoded so that it reads the [snortglobal][rule] options in conf.xml and makes a snort.sh, snort.conf, and barnyard.conf. +This is easy, just cut and paste from the old snort.inc. + +snort_rules_edit.php +Is what Im working on. Just make sure all snort sig options are supported. + +snort_rules.php +Change the way the rules get disabled, by removing the x icon image and replacing it with check boxes. +This should improve the users use of the package. + +Done.
\ No newline at end of file diff --git a/config/snort-dev/pfsense_rules/local.rules b/config/snort-dev/pfsense_rules/local.rules index a9072733..83a05f1b 100644 --- a/config/snort-dev/pfsense_rules/local.rules +++ b/config/snort-dev/pfsense_rules/local.rules @@ -1,7 +1,7 @@ -# ----------------
-# LOCAL RULES
-# ----------------
-# This file intentionally does not come with signatures. Put your local
-# additions here. Pfsense first install rule. Rule edit tabe fails with out this file.
-#
+# ---------------- +# LOCAL RULES +# ---------------- +# This file intentionally does not come with signatures. Put your local +# additions here. Pfsense first install rule. Rule edit tabe fails with out this file. +# #
\ No newline at end of file diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 344a01cf..6345ffb7 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.8.4.1_5</version> - <title>Services: Snort 2.8.4.1_5 pkg v. 1.7 alpha</title> + <title>Services: Snort 2.8.4.1_5 pkg v. 1.8 alpha</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -66,12 +66,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_base_files.inc</item> + <item>http://www.pfsense.com/packages/config/snort-dev/snort.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort.inc</item> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/images/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> @@ -89,14 +94,34 @@ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/snort/images/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg</item> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item> </additional_files_needed> <fields> </fields> diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php new file mode 100644 index 00000000..d703b5dc --- /dev/null +++ b/config/snort-dev/snort_barnyard.php @@ -0,0 +1,294 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + +TODO: Nov 12 09 +Clean this code up its ugly +Important add error checking + +*/ + +require("guiconfig.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + +if (isset($id) && $a_nat[$id]) { + + /* new options */ + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + /* old options */ + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; +} else { + $pconfig['interface'] = "wan"; +} + +if (isset($_GET['dup'])) + unset($id); + +if ($_POST) { + + /* check for overlaps */ + foreach ($a_nat as $natent) { + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + continue; + if ($natent['interface'] != $_POST['interface']) + continue; + } + +/* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + /* repost the options already in conf */ + $natent['enable'] = $pconfig['enable']; + $natent['interface'] = $pconfig['interface']; + $natent['descr'] = $pconfig['descr']; + $natent['performance'] = $pconfig['performance']; + $natent['blockoffenders7'] = $pconfig['blockoffenders7']; + $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; + $natent['alertsystemlog'] = $pconfig['alertsystemlog']; + $natent['tcpdumplog'] = $pconfig['tcpdumplog']; + $natent['flow_depth'] = $pconfig['flow_depth']; + /* post new options */ + $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off; + $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; + if ($_POST['barnyard_enable'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['barnyard_enable'] == "") { $natent['snortunifiedlog'] = off; } + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + /* enable this if you want the user to aprove changes */ + // touch($d_natconfdirty_path); + + write_config(); + + /* after click go to this page */ + header("Location: snort_barnyard.php?id=$id"); + exit; + } +} + +$pgtitle = "Services: Snort Barnyard2 Edit"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("fbegin.inc"); +?> +<style type="text/css"> +.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 85% 50px; +} +</style> +<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> +<script language="JavaScript"> +<!-- + +function enable_change(enable_change) { + endis = !(document.iform.barnyard_enable.checked || enable_change); + // make shure a default answer is called if this is envoked. + endis2 = (document.iform.barnyard_enable); + +<?php +/* make shure all the settings exist or function hide will not work */ +/* if $id is emty allow if and discr to be open */ +if($id != "") +{ +echo " + document.iform.interface.disabled = endis2;\n"; +} +?> + document.iform.barnyard_mysql.disabled = endis; +} +//--> +</script> +<p class="pgtitle"><?=$pgtitle?></p> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<form action="snort_barnyard.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php +if($id != "") +{ + + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort_interfaces_edit.php"); + $tab_array[] = array("Categories", false, "/snort/snort_{$snortIf}_{$id}/snort_rulesets_{$snortIf}_{$id}.php"); + $tab_array[] = array("Rules", false, "/snort/snort_{$snortIf}_{$id}/snort_rules_{$snortIf}_{$id}.php"); + $tab_array[] = array("Servers", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_define_servers_{$snortIf}_{$id}.xml&id=0"); + $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0"); + $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0"); + $tab_array[] = array("Barnyard2", true, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0"); + display_top_tabs($tab_array); + +} +?> +</td> +</tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + /* display error code if there is no id */ + if($id == "") + { + echo " + <style type=\"text/css\"> + .noid { + position:absolute; + top:10px; + left:0px; + width:94%; + background:#FCE9C0; + background-position: 15px; + border-top:2px solid #DBAC48; + border-bottom:2px solid #DBAC48; + padding: 15px 10px 85% 50px; + } + </style> + <div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; + + } + ?> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <?php + // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> + // care with spaces + if ($pconfig['barnyard_enable'] == "on") + $checked = checked; + if($id != "") + { + $onclick_enable = "onClick=\"enable_change(false)\">"; + } + echo " + <input name=\"barnyard_enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable + <strong>Enable Barnyard2 on this Interface</strong><br> + This will enable barnyard2 for this interface. You will also have to set the database credentials.</td>\n\n"; + ?> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Interface</td> + <td width="78%" class="vtable"> + <select name="interface" class="formfld"> + <?php + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose which interface this rule applies to.<br> + Hint: in most cases, you'll want to use WAN here.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Log to a Mysql Database</td> + <td width="78%" class="vtable"> + <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="40" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> + <br> <span class="vexpl">Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings befor you click start. </td> + </tr> + </table> + </table> +</form> + +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_base_files.inc b/config/snort-dev/snort_base_files.inc deleted file mode 100644 index f6832ad8..00000000 --- a/config/snort-dev/snort_base_files.inc +++ /dev/null @@ -1,2025 +0,0 @@ -<?php -/* - amanda.php - Copyright (C) 2008, 2009 Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("filter.inc"); - - -/* create snort.xml for every interface selected */ -function create_snort_xml() -{ -include("filter.inc"); -include("config.inc"); - - global $bconfig, $bg; - - conf_mount_rw(); - - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snort']['config'][0]['iface_array']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - - if($config['interfaces'][$iface]['ipaddr'] == "pppoe") { - $if = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if){ - array_push($snortInterfaces, $if); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } - - - foreach($snortInterfaces as $snortIf) - { - -$snort_xml_text = <<<EOD -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* \$Id\$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfsense.com) - Copyright (C) 2007 Robert Zelaya - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>Snort{$snortIf}</name> - <version>2.8.4.1_5</version> - <title>Services: Snort 2.8.4.1_5 pkg v. 1.6 {$snortIf}</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <tabs> - <tab> - <text>Snort Interfaces</text> - <url>/snort_interfaces.php</url> - </tab> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Categories</text> - <url>snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php</url> - </tab> - <tab> - <text>Rules</text> - <url>snort/snort_{$snortIf}/snort_rules_{$snortIf}.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml</url> - </tab> - <tab> - <text>Barnyard2</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0</url> - </tab> - </tabs> - <fields> - <field> - <fielddescr>Interface</fielddescr> - <fieldname>iface_array</fieldname> - <description>Select the interface(s) Snort will listen on.</description> - <type>interfaces_selection</type> - <size>3</size> - <value>lan</value> - <multiple>true</multiple> - </field> - <field> - <fielddescr>Memory Performance</fielddescr> - <fieldname>performance</fieldname> - <description>Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small -memory,moderate performance, ac-sparsebands: small memory, high performance.</description> - <type>select</type> - <options> - <option> - <name>ac-bnfa</name> - <value>ac-bnfa</value> - </option> - <option> - <name>lowmem</name> - <value>lowmem</value> - </option> - <option> - <name>ac-std</name> - <value>ac-std</value> - </option> - <option> - <name>ac</name> - <value>ac</value> - </option> - <option> - <name>ac-banded</name> - <value>ac-banded</value> - </option> - <option> - <name>ac-sparsebands</name> - <value>ac-sparsebands</value> - </option> - <option> - <name>acs</name> - <value>acs</value> - </option> - </options> - </field> - <field> - <fielddescr>BPF Buffer size</fielddescr> - <fieldname>bpfbufsize</fieldname> - <description>Changing this option adjusts the system BPF buffer size. Leave blank if you do not know what this does. Default is 1024.</description> - <type>input</type> - </field> - <field> - <fielddescr>Maximum BPF buffer size</fielddescr> - <fieldname>bpfmaxbufsize</fieldname> - <description>Changing this option adjusts the system maximum BPF buffer size. Leave blank if you do not know what this does. Default is 524288. This value should never be set above hardware cache size. The -best (optimal size) is 50% - 80% of the hardware cache size.</description> - <type>input</type> - </field> - <field> - <fielddescr>Maximum BPF inserts</fielddescr> - <fieldname>bpfmaxinsns</fieldname> - <description>Changing this option adjusts the system maximum BPF insert size. Leave blank if you do not know what this does. Default is 512.</description> - <type>input</type> - </field> - <field> - <fielddescr>Advanced configuration pass through</fielddescr> - <fieldname>configpassthru</fieldname> - <description>Add items to here will be automatically inserted into the running snort configuration</description> - <type>textarea</type> - <cols>40</cols> - <rows>5</rows> - </field> - <field> - <fielddescr>Snort signature info files.</fielddescr> - <fieldname>signatureinfo</fieldname> - <description>Snort signature info files will be installed during updates. At leats 500 mb of memory is needed.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Alerts Tab logging type.</fielddescr> - <fieldname>snortalertlogtype</fieldname> - <description>Please choose the type of Alert logging you will like see in the Alerts Tab. The options are Full descriptions or Fast short descriptions</description> - <type>select</type> - <options> - <option> - <name>fast</name> - <value>fast</value> - </option> - <option> - <name>full</name> - <value>full</value> - </option> - </options> - </field> - <field> - <fielddescr>Send alerts to main System logs.</fielddescr> - <fieldname>alertsystemlog</fieldname> - <description>Snort will send Alerts to the Pfsense system logs.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Log to a Tcpdump file.</fielddescr> - <fieldname>tcpdumplog</fieldname> - <description>Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by a wireshark type of application. WARNING: File may become large.</description> - <type>checkbox</type> - </field> - </fields> - <custom_php_deinstall_command> - snort_deinstall(); - </custom_php_deinstall_command> -</packagegui> - -EOD; - -/* write out snort_xml */ -$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_{$snortIf}.xml", "w"); -if(!$bconf) -{ - log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_{$snortIf}.xml for writing."); - exit; - } - fwrite($bconf, $snort_xml_text); - fclose($bconf); - - conf_mount_ro(); - - } -} - -/* create barnyard2.xml for every interface selected */ -function create_snort_barnyard2_xml() -{ -include("filter.inc"); -include("config.inc"); - - global $bconfig, $bg; - - conf_mount_rw(); - - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snort']['config'][0]['iface_array']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - - if($config['interfaces'][$iface]['ipaddr'] == "pppoe") { - $if = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if){ - array_push($snortInterfaces, $if); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } - - - foreach($snortInterfaces as $snortIf) - { - -$snort_barnyard2_text = <<<EOD -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* \$Id\$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Robert Zelaya - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>barnyard2{$snortIf}</name> - <version>none</version> - <title>Services: Barnyard2 {$snortIf}</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <tabs> - <tab> - <text>Snort Interfaces</text> - <url>/snort_interfaces.php</url> - </tab> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0</url> - </tab> - <tab> - <text>Categories</text> - <url>snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php</url> - </tab> - <tab> - <text>Rules</text> - <url>snort/snort_{$snortIf}/snort_rules_{$snortIf}.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml</url> - </tab> - <tab> - <text>Barnyard2</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0</url> - <active/> - </tab> - </tabs> - <fields> - <field> - <fielddescr>Enable Barnyard2.</fielddescr> - <fieldname>snortbarnyardlog</fieldname> - <description>This will enable barnyard2 in the snort package. You will also have to set the database credentials.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Barnyard2 Log Mysql Database.</fielddescr> - <fieldname>snortbarnyardlog_database</fieldname> - <description>Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Barnyard2 Configure Hostname ID.</fielddescr> - <fieldname>snortbarnyardlog_hostname</fieldname> - <description>Example: pfsense.local</description> - <type>input</type> - <size>25</size> - <value></value> - </field> - <field> - <fielddescr>Barnyard2 Configure Interface ID</fielddescr> - <fieldname>snortbarnyardlog_interface</fieldname> - <description>Example: vr0</description> - <type>input</type> - <size>25</size> - <value></value> - </field> - <field> - <fielddescr>Log Alerts to a snort unified2 file.</fielddescr> - <fieldname>snortunifiedlog</fieldname> - <description>Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</description> - <type>checkbox</type> - </field> - </fields> - <custom_php_deinstall_command> - snort_advanced(); - </custom_php_deinstall_command> -</packagegui> - -EOD; - -/* write out snort_barnyard2_xml */ -$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml", "w"); -if(!$bconf) -{ - log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml for writing."); - exit; - } - fwrite($bconf, $snort_barnyard2_text); - fclose($bconf); - - conf_mount_ro(); - - } -} - - -/* create snort_define_servers.xml for every interface selected */ -function create_snort_define_servers_xml() -{ -include("filter.inc"); -include("config.inc"); - - global $bconfig, $bg; - - conf_mount_rw(); - - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snort']['config'][0]['iface_array']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - - if($config['interfaces'][$iface]['ipaddr'] == "pppoe") { - $if = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if){ - array_push($snortInterfaces, $if); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } - - - foreach($snortInterfaces as $snortIf) - { - -$snort_define_servers_xml_text = <<<EOD -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* \$Id\$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Robert Zelaya - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>SnortDefServers{$snortIf}</name> - <version>none</version> - <title>Services: Snort Define Servers {$snortIf}</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <tabs> - <tab> - <text>Snort Interfaces</text> - <url>/snort_interfaces.php</url> - </tab> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0</url> - </tab> - <tab> - <text>Categories</text> - <url>snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php</url> - </tab> - <tab> - <text>Rules</text> - <url>snort/snort_{$snortIf}/snort_rules_{$snortIf}.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml</url> - </tab> - <tab> - <text>Barnyard2</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0</url> - </tab> - </tabs> - <fields> - <field> - <fielddescr>Define DNS_SERVERS</fielddescr> - <fieldname>def_dns_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define DNS_PORTS</fielddescr> - <fieldname>def_dns_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 53.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SMTP_SERVERS</fielddescr> - <fieldname>def_smtp_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SMTP_PORTS</fielddescr> - <fieldname>def_smtp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 25.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define Mail_Ports</fielddescr> - <fieldname>def_mail_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 25,143,465,691.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define HTTP_SERVERS</fielddescr> - <fieldname>def_http_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define WWW_SERVERS</fielddescr> - <fieldname>def_www_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define HTTP_PORTS</fielddescr> - <fieldname>def_http_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 80.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SQL_SERVERS</fielddescr> - <fieldname>def_sql_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define ORACLE_PORTS</fielddescr> - <fieldname>def_oracle_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 1521.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define MSSQL_PORTS</fielddescr> - <fieldname>def_mssql_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 1433.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define TELNET_SERVERS</fielddescr> - <fieldname>def_telnet_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define TELNET_PORTS</fielddescr> - <fieldname>def_telnet_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 23.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SNMP_SERVERS</fielddescr> - <fieldname>def_snmp_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SNMP_PORTS</fielddescr> - <fieldname>def_snmp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 161.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define FTP_SERVERS</fielddescr> - <fieldname>def_ftp_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define FTP_PORTS</fielddescr> - <fieldname>def_ftp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 21.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SSH_SERVERS</fielddescr> - <fieldname>def_ssh_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SSH_PORTS</fielddescr> - <fieldname>def_ssh_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is Pfsense SSH port.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define POP_SERVERS</fielddescr> - <fieldname>def_pop_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define POP2_PORTS</fielddescr> - <fieldname>def_pop2_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 109.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define POP3_PORTS</fielddescr> - <fieldname>def_pop3_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 110.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define IMAP_SERVERS</fielddescr> - <fieldname>def_imap_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define IMAP_PORTS</fielddescr> - <fieldname>def_imap_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 143.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SIP_PROXY_IP</fielddescr> - <fieldname>def_sip_proxy_ip</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SIP_PROXY_PORTS</fielddescr> - <fieldname>def_sip_proxy_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 5060:5090,16384:32768.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define AUTH_PORTS</fielddescr> - <fieldname>def_auth_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 113.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define FINGER_PORTS</fielddescr> - <fieldname>def_finger_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 79.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define IRC_PORTS</fielddescr> - <fieldname>def_irc_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 6665,6666,6667,6668,6669,7000.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define NNTP_PORTS</fielddescr> - <fieldname>def_nntp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 119.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define RLOGIN_PORTS</fielddescr> - <fieldname>def_rlogin_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 513.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define RSH_PORTS</fielddescr> - <fieldname>def_rsh_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 514.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SSL_PORTS</fielddescr> - <fieldname>def_ssl_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 25,443,465,636,993,995.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - </fields> - <custom_php_deinstall_command> - snort_define_servers(); - </custom_php_deinstall_command> -</packagegui> - -EOD; - -/* write out snort_define_servers_xml */ -$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml", "w"); -if(!$bconf) -{ - log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml for writing."); - exit; - } - fwrite($bconf, $snort_define_servers_xml_text); - fclose($bconf); - - conf_mount_ro(); - - } -} - -/* create snort_threshold.xml for every interface selected */ -function create_snort_threshold_xml() -{ -include("filter.inc"); -include("config.inc"); - - global $bconfig, $bg; - - conf_mount_rw(); - - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snort']['config'][0]['iface_array']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - - if($config['interfaces'][$iface]['ipaddr'] == "pppoe") { - $if = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if){ - array_push($snortInterfaces, $if); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } - - - foreach($snortInterfaces as $snortIf) - { - -$snort_threshold_xml_text = <<<EOD -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* \$Id\$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2004, 2005 Scott Robert Zelaya - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>snort-threshold{$snortIf}</name> - <version>0.1.0</version> - <title>Snort: Alert Thresholding and Suppression {$snortIf}</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <!-- Menu is where this packages menu will appear --> - <tabs> - <tab> - <text>Snort Interfaces</text> - <url>/snort_interfaces.php</url> - </tab> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0</url> - </tab> - <tab> - <text>Categories</text> - <url>snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php</url> - </tab> - <tab> - <text>Rules</text> - <url>snort/snort_{$snortIf}/snort_rules_{$snortIf}.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml</url> - <active/> - </tab> - <tab> - <text>Barnyard2</text> - <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0</url> - </tab> - </tabs> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Thresholding or Suppression Rule</fielddescr> - <fieldname>threshrule</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - </adddeleteeditpagefields> - <fields> - <field> - <fielddescr>Thresholding or Suppression Rule</fielddescr> - <fieldname>threshrule</fieldname> - <description>Enter the Rule. Example; "suppress gen_id 125, sig_id 4" or "threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60"</description> - <type>input</type> - <size>40</size> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>Enter the description for this item</description> - <type>input</type> - <size>60</size> - </field> - </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> - <custom_php_resync_config_command> - create_snort_conf(); - </custom_php_resync_config_command> -</packagegui> - -EOD; - -/* write out snort_threshold_xml */ -$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml", "w"); -if(!$bconf) -{ - log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml for writing."); - exit; - } - fwrite($bconf, $snort_threshold_xml_text); - fclose($bconf); - - conf_mount_ro(); - - } -} - -/* create snort_rules.php for every interface selected */ -function create_snort_rules_php() -{ -include("filter.inc"); -include("config.inc"); - - global $bconfig, $bg; - - conf_mount_rw(); - - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snort']['config'][0]['iface_array']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - - if($config['interfaces'][$iface]['ipaddr'] == "pppoe") { - $if = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if){ - array_push($snortInterfaces, $if); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } - - - foreach($snortInterfaces as $snortIf) - { - -$snort_rules_php_text = <<<EOD -<?php -/* \$Id\$ */ -/* - edit_snortrule.php - Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2004, 2005 Scott Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -require("guiconfig.inc"); -require("config.inc"); - -if(!is_dir("/usr/local/etc/snort_{$snortIf}/rules_{$snortIf}")) { - conf_mount_rw(); - exec('mkdir /usr/local/etc/snort_{$snortIf}/rules_{$snortIf}/'); - conf_mount_ro(); -} - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -\$isrulesfolderempty = exec('ls -A /usr/local/etc/snort_{$snortIf}/rules_{$snortIf}/*.rules'); -if (\$isrulesfolderempty == "") { - -include("head.inc"); -include("fbegin.inc"); - -echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - -echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n -<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n -<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - \$tab_array = array(); - \$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0"); - \$tab_array[] = array(gettext("Categories"), false, "snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php"); - \$tab_array[] = array(gettext("Rules"), true, "snort/snort_{$snortIf}/snort_rules_{$snortIf}.php"); - \$tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0"); - \$tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml"); - \$tab_array[] = array(gettext("Barnyard2"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0"); - display_top_tabs(\$tab_array); - -echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n -# The rules directory is empty.\n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n -</table>\n -\n -</form>\n -\n -<p>\n\n"; - -echo "Please click on the Update Rules tab to install your selected rule sets."; -include("fend.inc"); - -echo "</body>"; -echo "</html>"; - -exit(0); - -} - -function get_middle(\$source, \$beginning, \$ending, \$init_pos) { - \$beginning_pos = strpos(\$source, \$beginning, \$init_pos); - \$middle_pos = \$beginning_pos + strlen(\$beginning); - \$ending_pos = strpos(\$source, \$ending, \$beginning_pos); - \$middle = substr(\$source, \$middle_pos, \$ending_pos - \$middle_pos); - return \$middle; -} - -function write_rule_file(\$content_changed, \$received_file) -{ - conf_mount_rw(); - - //read snort file with writing enabled - \$filehandle = fopen(\$received_file, "w"); - - //delimiter for each new rule is a new line - \$delimiter = "\n"; - - //implode the array back into a string for writing purposes - \$fullfile = implode(\$delimiter, \$content_changed); - - //write data to file - fwrite(\$filehandle, \$fullfile); - - //close file handle - fclose(\$filehandle); - - conf_mount_rw(); -} - -function load_rule_file(\$incoming_file) -{ - - //read snort file - \$filehandle = fopen(\$incoming_file, "r"); - - //read file into string, and get filesize - \$contents = fread(\$filehandle, filesize(\$incoming_file)); - - //close handler - fclose (\$filehandle); - - //string for populating category select - \$currentruleset = substr(\$file, 27); - - //delimiter for each new rule is a new line - \$delimiter = "\n"; - - //split the contents of the string file into an array using the delimiter - \$splitcontents = explode(\$delimiter, \$contents); - - return \$splitcontents; - -} - -\$ruledir = "/usr/local/etc/snort_{$snortIf}/rules_{$snortIf}/"; -\$dh = opendir(\$ruledir); - -\$message_reload = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect."; - -while (false !== (\$filename = readdir(\$dh))) -{ - //only populate this array if its a rule file - \$isrulefile = strstr(\$filename, ".rules"); - if (\$isrulefile !== false) - { - \$files[] = \$filename; - } -} - -sort(\$files); - -if (\$_GET['openruleset']) -{ - \$file = \$_GET['openruleset']; -} -else -{ - \$file = \$ruledir.\$files[0]; - -} - -//Load the rule file -\$splitcontents = load_rule_file(\$file); - -if (\$_POST) -{ - if (!\$_POST['apply']) { - //retrieve POST data - \$post_lineid = \$_POST['lineid']; - \$post_enabled = \$_POST['enabled']; - \$post_src = \$_POST['src']; - \$post_srcport = \$_POST['srcport']; - \$post_dest = \$_POST['dest']; - \$post_destport = \$_POST['destport']; - - //clean up any white spaces insert by accident - \$post_src = str_replace(" ", "", \$post_src); - \$post_srcport = str_replace(" ", "", \$post_srcport); - \$post_dest = str_replace(" ", "", \$post_dest); - \$post_destport = str_replace(" ", "", \$post_destport); - - //copy rule contents from array into string - \$tempstring = \$splitcontents[\$post_lineid]; - - //search string - \$findme = "# alert"; //find string for disabled alerts - - //find if alert is disabled - \$disabled = strstr(\$tempstring, \$findme); - - //if find alert is false, then rule is disabled - if (\$disabled !== false) - { - //has rule been enabled - if (\$post_enabled == "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - \$tempstring = str_replace("# alert", "alert", \$tempstring); - \$counter2 = 1; - } - else - { - //rule is staying disabled - \$counter2 = 2; - } - } - else - { - //has rule been disabled - if (\$post_enabled != "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - \$tempstring = str_replace("alert", "# alert", \$tempstring); - \$counter2 = 2; - } - else - { - //rule is staying enabled - \$counter2 = 1; - } - } - - //explode rule contents into an array, (delimiter is space) - \$rule_content = explode(' ', \$tempstring); - - //insert new values - \$counter2++; - \$rule_content[\$counter2] = \$post_src;//source location - \$counter2++; - \$rule_content[\$counter2] = \$post_srcport;//source port location - \$counter2 = \$counter2+2; - \$rule_content[\$counter2] = \$post_dest;//destination location - \$counter2++; - \$rule_content[\$counter2] = \$post_destport;//destination port location - - //implode the array back into string - \$tempstring = implode(' ', \$rule_content); - - //copy string into file array for writing - \$splitcontents[\$post_lineid] = \$tempstring; - - //write the new .rules file - write_rule_file(\$splitcontents, \$file); - - //once file has been written, reload file - \$splitcontents = load_rule_file(\$file); - - \$stopMsg = true; - } - - if (\$_POST['apply']) { -// stop_service("snort"); -// sleep(2); -// start_service("snort"); - \$savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab."; - \$stopMsg = false; - } - -} -else if (\$_GET['act'] == "toggle") -{ - \$toggleid = \$_GET['id']; - - //copy rule contents from array into string - \$tempstring = \$splitcontents[\$toggleid]; - - //explode rule contents into an array, (delimiter is space) - \$rule_content = explode(' ', \$tempstring); - - //search string - \$findme = "# alert"; //find string for disabled alerts - - //find if alert is disabled - \$disabled = strstr(\$tempstring, \$findme); - - //if find alert is false, then rule is disabled - if (\$disabled !== false) - { - //rule has been enabled - //move counter up 1, so we do not retrieve the # in the rule_content array - \$tempstring = str_replace("# alert", "alert", \$tempstring); - - } - else - { - //has rule been disabled - //move counter up 1, so we do not retrieve the # in the rule_content array - \$tempstring = str_replace("alert", "# alert", \$tempstring); - - } - - //copy string into array for writing - \$splitcontents[\$toggleid] = \$tempstring; - - //write the new .rules file - write_rule_file(\$splitcontents, \$file); - - //once file has been written, reload file - \$splitcontents = load_rule_file(\$file); - - \$stopMsg = true; - - //write disable/enable sid to config.xml - if (\$disabled == false) { - \$string_sid = strstr(\$tempstring, 'sid:'); - \$sid_pieces = explode(";", \$string_sid); - \$sid_off_cut = \$sid_pieces[0]; - // sid being turned off - \$sid_off = str_replace("sid:", "", \$sid_off_cut); - // rule_sid_on registers - \$sid_on_pieces = \$config['installedpackages']['snort']['rule_sid_on']; - // if off sid is the same as on sid remove it - \$sid_on_old = str_replace("||enablesid \$sid_off", "", "\$sid_on_pieces"); - // write the replace sid back as empty - \$config['installedpackages']['snort']['rule_sid_on'] = \$sid_on_old; - // rule sid off registers - \$sid_off_pieces = \$config['installedpackages']['snort']['rule_sid_off']; - // if off sid is the same as off sid remove it - \$sid_off_old = str_replace("||disablesid \$sid_off", "", "\$sid_off_pieces"); - // write the replace sid back as empty - \$config['installedpackages']['snort']['rule_sid_off'] = \$sid_off_old; - // add sid off registers to new off sid - \$config['installedpackages']['snort']['rule_sid_off'] = "||disablesid \$sid_off" . \$config['installedpackages']['snort']['rule_sid_off']; - write_config(); - } - else - { - \$string_sid = strstr(\$tempstring, 'sid:'); - \$sid_pieces = explode(";", \$string_sid); - \$sid_on_cut = \$sid_pieces[0]; - // sid being turned off - \$sid_on = str_replace("sid:", "", \$sid_on_cut); - // rule_sid_off registers - \$sid_off_pieces = \$config['installedpackages']['snort']['rule_sid_off']; - // if off sid is the same as on sid remove it - \$sid_off_old = str_replace("||disablesid \$sid_on", "", "\$sid_off_pieces"); - // write the replace sid back as empty - \$config['installedpackages']['snort']['rule_sid_off'] = \$sid_off_old; - // rule sid on registers - \$sid_on_pieces = \$config['installedpackages']['snort']['rule_sid_on']; - // if on sid is the same as on sid remove it - \$sid_on_old = str_replace("||enablesid \$sid_on", "", "\$sid_on_pieces"); - // write the replace sid back as empty - \$config['installedpackages']['snort']['rule_sid_on'] = \$sid_on_old; - // add sid on registers to new on sid - \$config['installedpackages']['snort']['rule_sid_on'] = "||enablesid \$sid_on" . \$config['installedpackages']['snort']['rule_sid_on']; - write_config(); - } - -} - - -\$pgtitle = "Snort: Rules"; -require("guiconfig.inc"); -include("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php -if(!\$pgtitle_output) - echo "<p class=\"pgtitle\"><?=\$pgtitle?></p>"; -?> -<form action="snort_rules.php" method="post" name="iform" id="iform"> -<?php if (\$savemsg){print_info_box(\$savemsg);} else if (\$stopMsg){print_info_box_np(\$message_reload);}?> -<br> -</form> -<script type="text/javascript" language="javascript" src="row_toggle.js"> - <script src="/javascript/sorttable.js" type="text/javascript"> -</script> - -<script language="javascript" type="text/javascript"> -<!-- -function go() -{ - var agt=navigator.userAgent.toLowerCase(); - if (agt.indexOf("msie") != -1) { - box = document.forms.selectbox; - } else { - box = document.forms[1].selectbox; - } - destination = box.options[box.selectedIndex].value; - if (destination) - location.href = destination; -} -// --> -</script> - -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - \$tab_array = array(); - \$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0"); - \$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - \$tab_array[] = array(gettext("Categories"), false, "snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php"); - \$tab_array[] = array(gettext("Rules"), true, "snort/snort_{$snortIf}/snort_rules_{$snortIf}.php"); - \$tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0"); - \$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - \$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - \$tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml"); - \$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - \$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs(\$tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="5%" class="listhdr">SID</td> - <td width="6%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> - <td width="10%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> - <td width="10%" class="listhdrr">Port</td> - <td width="32%" class="listhdrr">Message</td> - - </tr> - <tr> - <?php - - echo "<br>Category: "; - - //string for populating category select - \$currentruleset = substr(\$file, 27); - ?> - <form name="forms"> - <select name="selectbox" class="formfld" onChange="go()"> - <?php - \$i=0; - foreach (\$files as \$value) - { - \$selectedruleset = ""; - if (\$files[\$i] === \$currentruleset) - \$selectedruleset = "selected"; - ?> - <option value="?&openruleset=<?=\$ruledir;?><?=\$files[\$i];?>" <?=\$selectedruleset;?>><?=\$files[\$i];?></option>" - <?php - \$i++; - - } - ?> - </select> - </form> - </tr> - <?php - - \$counter = 0; - \$printcounter = 0; - - foreach ( \$splitcontents as \$value ) - { - - \$counter++; - \$disabled = "False"; - \$comments = "False"; - - \$tempstring = \$splitcontents[\$counter]; - \$findme = "# alert"; //find string for disabled alerts - - //find alert - \$disabled_pos = strstr(\$tempstring, \$findme); - - - //do soemthing, this rule is enabled - \$counter2 = 1; - - //retrieve sid value - \$sid = get_middle(\$tempstring, 'sid:', ';', 0); - - //check to see if the sid is numberical - \$is_sid_num = is_numeric(\$sid); - - //if SID is numerical, proceed - if (\$is_sid_num) - { - - //if find alert is false, then rule is disabled - if (\$disabled_pos !== false){ - \$counter2 = \$counter2+1; - \$textss = "<span class=\"gray\">"; - \$textse = "</span>"; - \$iconb = "icon_block_d.gif"; - } - else - { - \$textss = \$textse = ""; - \$iconb = "icon_block.gif"; - } - - \$rule_content = explode(' ', \$tempstring); - - \$protocol = \$rule_content[\$counter2];//protocol location - \$counter2++; - \$source = \$rule_content[\$counter2];//source location - \$counter2++; - \$source_port = \$rule_content[\$counter2];//source port location - \$counter2 = \$counter2+2; - \$destination = \$rule_content[\$counter2];//destination location - \$counter2++; - \$destination_port = \$rule_content[\$counter2];//destination port location - - \$message = get_middle(\$tempstring, 'msg:"', '";', 0); - - echo "<tr>"; - echo "<td class=\"listt\">"; - echo \$textss; - ?> - <a href="?&openruleset=<?=\$file;?>&act=toggle&id=<?=\$counter;?>"><img src="./themes/<?= \$g['theme']; ?>/images/icons/<?=\$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a> - <?php - echo \$textse; - echo "</td>"; - - - echo "<td class=\"listlr\">"; - echo \$textss; - echo \$sid; - echo \$textse; - echo "</td>"; - - echo "<td class=\"listlr\">"; - echo \$textss; - echo \$protocol; - \$printcounter++; - echo \$textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo \$textss; - echo \$source; - echo \$textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo \$textss; - echo \$source_port; - echo \$textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo \$textss; - echo \$destination; - echo \$textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo \$textss; - echo \$destination_port; - echo \$textse; - echo "</td>"; - ?> - <td class="listbg"><font color="white"> - <?php - echo \$textss; - echo \$message; - echo \$textse; - echo "</td>"; - ?> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="snort_rules_edit.php?openruleset=<?=\$file;?>&id=<?=\$counter;?>"><img src="./themes/<?= \$g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - <?php - } - } - echo " "; - echo "There are "; - echo \$printcounter; - echo " rules in this category. <br><br>"; - ?> - </table> - </td> - </tr> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img src="./themes/<?= \$g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> - <td>Rule Enabled</td> - </tr> - <tr> - <td><img src="./themes/<?= \$g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> - <td nowrap>Rule Disabled</td> - - - </tr> - <tr> - <td colspan="10"> - <p> - <!--<strong><span class="red">Warning:<br> - </span></strong>Editing these r</p>--> - </td> - </tr> - </table> - </table> - - </td> - </tr> -</table> - - -<?php include("fend.inc"); ?> -</div></body> -</html> - -EOD; - -/* write out snort_rules_php */ -$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_rules_{$snortIf}.php", "w"); -if(!$bconf) -{ - log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_rules_{$snortIf}.php for writing."); - exit; - } - fwrite($bconf, $snort_rules_php_text); - fclose($bconf); - - conf_mount_ro(); - - } -} - -/* create snort_rules_edit.php for every interface selected */ -function create_snort_rules_edit_php() -{ -include("filter.inc"); -include("config.inc"); - - global $bconfig, $bg; - - conf_mount_rw(); - - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snort']['config'][0]['iface_array']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - - if($config['interfaces'][$iface]['ipaddr'] == "pppoe") { - $if = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if){ - array_push($snortInterfaces, $if); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } - - - foreach($snortInterfaces as $snortIf) - { - -$snort_rules_edit_php_text = <<<EOD -<?php -/* \$Id\$ */ -/* - snort_rules_edit.php - Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2004, 2005 Scott Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -function get_middle(\$source, \$beginning, \$ending, \$init_pos) { - \$beginning_pos = strpos(\$source, \$beginning, \$init_pos); - \$middle_pos = \$beginning_pos + strlen(\$beginning); - \$ending_pos = strpos(\$source, \$ending, \$beginning_pos); - \$middle = substr(\$source, \$middle_pos, \$ending_pos - \$middle_pos); - return \$middle; -} - - -\$file = \$_GET['openruleset']; - -//read snort file -\$filehandle = fopen(\$file, "r"); - -//get rule id -\$lineid = \$_GET['id']; - -//read file into string, and get filesize -\$contents = fread(\$filehandle, filesize(\$file)); - -//close handler -fclose (\$filehandle); - -//delimiter for each new rule is a new line -\$delimiter = "\n"; - -//split the contents of the string file into an array using the delimiter -\$splitcontents = explode(\$delimiter, \$contents); - -//copy rule contents from array into string -\$tempstring = \$splitcontents[\$lineid]; - -//explode rule contents into an array, (delimiter is space) -\$rule_content = explode(' ', \$tempstring); - -//search string -\$findme = "# alert"; //find string for disabled alerts - -//find if alert is disabled -\$disabled = strstr(\$tempstring, \$findme); - -//get sid -\$sid = get_middle(\$tempstring, 'sid:', ';', 0); - - -//if find alert is false, then rule is disabled -if (\$disabled !== false) -{ - //move counter up 1, so we do not retrieve the # in the rule_content array - \$counter2 = 2; -} -else -{ - \$counter2 = 1; -} - - -\$protocol = \$rule_content[\$counter2];//protocol location -\$counter2++; -\$source = \$rule_content[\$counter2];//source location -\$counter2++; -\$source_port = \$rule_content[\$counter2];//source port location -\$counter2++; -\$direction = \$rule_content[\$counter2]; -\$counter2++; -\$destination = \$rule_content[\$counter2];//destination location -\$counter2++; -\$destination_port = \$rule_content[\$counter2];//destination port location -\$message = get_middle(\$tempstring, 'msg:"', '";', 0); - -\$content = get_middle(\$tempstring, 'content:"', '";', 0); -\$classtype = get_middle(\$tempstring, 'classtype:', ';', 0); -\$revision = get_middle(\$tempstring, 'rev:', ';',0); - -\$pgtitle = "Snort: Edit Rule"; -require("guiconfig.inc"); -include("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("fbegin.inc"); ?> -<?php -if(!\$pgtitle_output) - echo "<p class=\"pgtitle\"><?=\$pgtitle?></p>"; -?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - \$tab_array = array(); - \$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0"); - \$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - \$tab_array[] = array(gettext("Categories"), false, "snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php"); - \$tab_array[] = array(gettext("Rules"), true, "snort/snort_{$snortIf}/snort_rules_{$snortIf}.php"); - \$tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0"); - \$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - \$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - \$tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml"); - \$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - \$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs(\$tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <form action="snort_rules.php?openruleset=<?=\$file;?>&id=<?=\$lineid;?>" target="" method="post" name="editform" id="editform"> - <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listhdr" width="10%">Enabled: </td> - <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if (\$disabled === false) echo "checked";?>></td> - </tr> - <tr> - <td class="listhdr" width="10%">SID: </td> - <td class="listlr" width="30%"><?php echo \$sid; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Protocol: </td> - <td class="listlr" width="30%"><?php echo \$protocol; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Source: </td> - <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo \$source;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Source Port: </td> - <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo \$source_port;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Direction:</td> - <td class="listlr" width="30%"><?php echo \$direction;?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Destination:</td> - <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo \$destination;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Destination Port: </td> - <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo \$destination_port;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Message: </td> - <td class="listlr" width="30%"><?php echo \$message; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Content: </td> - <td class="listlr" width="30%"><?php echo \$content; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Classtype: </td> - <td class="listlr" width="30%"><?php echo \$classtype; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Revision: </td> - <td class="listlr" width="30%"><?php echo \$revision; ?></td> - </tr> - <tr><td> </td></tr> - <tr> - <td><input name="lineid" type="hidden" value="<?=\$lineid;?>"></td> - <td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">   <input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td> - </tr> - </table> - </form> - </td> - </tr> - </table> - </td> -</tr> -</table> - -<?php include("fend.inc"); ?> -</div></body> -</html> - -EOD; - -/* write out snort_rules_edit_php */ -$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_rules_edit_{$snortIf}.php", "w"); -if(!$bconf) -{ - log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_rules_edit_{$snortIf}.php for writing."); - exit; - } - fwrite($bconf, $snort_rules_edit_php_text); - fclose($bconf); - - conf_mount_ro(); - - } -} - - -create_snort_xml(); - -create_snort_barnyard2_xml(); - -create_snort_define_servers_xml(); - -create_snort_threshold_xml(); - -create_snort_rules_php(); - -create_snort_rules_edit_php(); - -?> diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php new file mode 100644 index 00000000..ff158853 --- /dev/null +++ b/config/snort-dev/snort_blocked.php @@ -0,0 +1,174 @@ +<?php +/* $Id$ */ +/* + snort_blocked.php + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require("/usr/local/pkg/snort.inc"); + +if($_POST['todelete'] or $_GET['todelete']) { + if($_POST['todelete']) + $ip = $_POST['todelete']; + if($_GET['todelete']) + $ip = $_GET['todelete']; + exec("/sbin/pfctl -t snort2c -T delete {$ip}"); +} + +$pgtitle = "Snort: Snort Blocked"; +include("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<?php include("fbegin.inc"); ?> + +<?php +if(!$pgtitle_output) + echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; +?> + +<form action="snort_rulesets.php" method="post" name="iform" id="iform"> +<script src="/row_toggle.js" type="text/javascript"></script> +<script src="/javascript/sorttable.js" type="text/javascript"></script> +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="99%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); + $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); + $tab_array[] = array(gettext("Blocked"), true, "/snort_blocked.php"); + $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); + $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="listhdrr">Remove</td> + <td class="listhdrr">IP</td> + <td class="listhdrr">Alert Description</td> + </tr> +<?php + + $associatealertip = $config['installedpackages']['snort']['config'][0]['associatealertip']; + $ips = `/sbin/pfctl -t snort2c -T show`; + $ips_array = split("\n", $ips); + $counter = 0; + foreach($ips_array as $ip) { + if(!$ip) + continue; + $ww_ip = str_replace(" ", "", $ip); + $counter++; + if($associatealertip) + $alert_description = get_snort_alert($ww_ip); + else + $alert_description = ""; + echo "\n<tr>"; + echo "\n<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ww_ip)) . "'>"; + echo "\n<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>"; + echo "\n<td> {$ww_ip}</td>"; + echo "\n<td> {$alert_description}<!-- |{$ww_ip}| get_snort_alert($ww_ip); --></td>"; + echo "\n</tr>"; + } + echo "\n<tr><td colspan='3'> </td></tr>"; + if($counter < 1) + echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>"; + else + echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>"; + +?> + + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> + +</form> + +<p> + +<?php + +$blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blocked']; + if ($blockedtab_msg_chk == "1h_b") { + $blocked_msg = "hour"; + } + if ($blockedtab_msg_chk == "3h_b") { + $blocked_msg = "3 hours"; + } + if ($blockedtab_msg_chk == "6h_b") { + $blocked_msg = "6 hours"; + } + if ($blockedtab_msg_chk == "12h_b") { + $blocked_msg = "12 hours"; + } + if ($blockedtab_msg_chk == "1d_b") { + $blocked_msg = "day"; + } + if ($blockedtab_msg_chk == "4d_b") { + $blocked_msg = "4 days"; + } + if ($blockedtab_msg_chk == "7d_b") { + $blocked_msg = "7 days"; + } + if ($blockedtab_msg_chk == "28d_b") { + $blocked_msg = "28 days"; + } + +echo "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every $blocked_msg."; + +?> + +<?php include("fend.inc"); ?> + +</body> +</html> + +<?php + +/* write out snort cache */ +write_snort_config_cache($snort_config); + +?>
\ No newline at end of file diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php new file mode 100644 index 00000000..243e106f --- /dev/null +++ b/config/snort-dev/snort_define_servers.php @@ -0,0 +1,494 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + +TODO: Nov 12 09 +Clean this code up its ugly +Important add error checking + +*/ + +require("guiconfig.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + +if (isset($id) && $a_nat[$id]) { + + /* new options */ + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['ip def_sip_proxy_ports'] = $a_nat[$id]['ip def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; + /* old options */ + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + +if (isset($_GET['dup'])) + unset($id); +} + +if ($_POST) { + + /* check for overlaps */ + +/* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + /* repost the options already in conf */ + $natent['enable'] = $pconfig['enable']; + $natent['interface'] = $pconfig['interface']; + $natent['descr'] = $pconfig['descr']; + $natent['performance'] = $pconfig['performance']; + $natent['blockoffenders7'] = $pconfig['blockoffenders7']; + $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; + $natent['alertsystemlog'] = $pconfig['alertsystemlog']; + $natent['tcpdumplog'] = $pconfig['tcpdumplog']; + $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; + $natent['flow_depth'] = $pconfig['flow_depth']; + $natent['barnyard_enable'] = $pconfig['barnyard_enable']; + $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; + + /* post new options */ + if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } + if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } + if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; } + if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; } + if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; } + if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } + if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; } + if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; } + if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; } + if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } + if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; } + if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; } + if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; } + if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } + if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; } + if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; } + if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; } + if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } + if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; } + if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; } + if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; } + if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } + if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; } + if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } + if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } + if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } + if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } + if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } + if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } + if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } + if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; } + if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; } + if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; } + + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + /* enable this if you want the user to aprove changes */ + // touch($d_natconfdirty_path); + + write_config(); + + /* after click go to this page */ + header("Location: snort_define_servers.php?id=$id"); + exit; + } +} + +$pgtitle = "Services: Snort Define Servers"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("fbegin.inc"); +?> +<style type="text/css"> +.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 85% 50px; +} +</style> +<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> + +<p class="pgtitle"><?=$pgtitle?></p> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<form action="snort_define_servers.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php +if($id != "") +{ + + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id=$id"); + $tab_array[] = array("Categories", false, "/snort/snort_{$snortIf}_{$id}/snort_rulesets_{$snortIf}_{$id}.php"); + $tab_array[] = array("Rules", false, "/snort/snort_{$snortIf}_{$id}/snort_rules_{$snortIf}_{$id}.php"); + $tab_array[] = array("Servers", true, "/snort/snort_define_servers.php?id=$id"); + $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0"); + $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id=$id"); + display_top_tabs($tab_array); + +} +?> +</td> +</tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + /* display error code if there is no id */ + if($id == "") + { + echo " + <style type=\"text/css\"> + .noid { + position:absolute; + top:10px; + left:0px; + width:94%; + background:#FCE9C0; + background-position: 15px; + border-top:2px solid #DBAC48; + border-bottom:2px solid #DBAC48; + padding: 15px 10px 85% 50px; + } + </style> + <div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; + + } + ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> + Please save your settings befor you click start.<br> + Please make sure there are <strong>no spaces</strong> in your definitions. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define DNS_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_dns_servers" type="text" class="formfld" id="def_dns_servers" size="40" value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define DNS_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_dns_ports" type="text" class="formfld" id="def_dns_ports" size="40" value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SMTP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_smtp_servers" type="text" class="formfld" id="def_smtp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SMTP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_smtp_ports" type="text" class="formfld" id="def_smtp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define Mail_Ports</td> + <td width="78%" class="vtable"> + <input name="def_mail_ports" type="text" class="formfld" id="def_mail_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define HTTP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_http_servers" type="text" class="formfld" id="def_http_servers" size="40" value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define WWW_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_www_servers" type="text" class="formfld" id="def_www_servers" size="40" value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define HTTP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_http_ports" type="text" class="formfld" id="def_http_ports" size="40" value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SQL_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_sql_servers" type="text" class="formfld" id="def_sql_servers" size="40" value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define ORACLE_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_oracle_ports" type="text" class="formfld" id="def_oracle_ports" size="40" value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define MSSQL_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_mssql_ports" type="text" class="formfld" id="def_mssql_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define TELNET_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_telnet_servers" type="text" class="formfld" id="def_telnet_servers" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define TELNET_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_telnet_ports" type="text" class="formfld" id="def_telnet_ports" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SNMP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_snmp_servers" type="text" class="formfld" id="def_snmp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SNMP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_snmp_ports" type="text" class="formfld" id="def_snmp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define FTP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_ftp_servers" type="text" class="formfld" id="def_ftp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define FTP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_ftp_ports" type="text" class="formfld" id="def_ftp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SSH_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_ssh_servers" type="text" class="formfld" id="def_ssh_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SSH_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_ssh_ports" type="text" class="formfld" id="def_ssh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define POP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_pop_servers" type="text" class="formfld" id="def_pop_servers" size="40" value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define POP2_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_pop2_ports" type="text" class="formfld" id="def_pop2_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define POP3_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_pop3_ports" type="text" class="formfld" id="def_pop3_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define IMAP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_imap_servers" type="text" class="formfld" id="def_imap_servers" size="40" value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define IMAP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_imap_ports" type="text" class="formfld" id="def_imap_ports" size="40" value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SIP_PROXY_IP</td> + <td width="78%" class="vtable"> + <input name="def_sip_proxy_ip" type="text" class="formfld" id="def_sip_proxy_ip" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SIP_PROXY_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_sip_proxy_ports" type="text" class="formfld" id="def_sip_proxy_ports" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define AUTH_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define FINGER_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_finger_ports" type="text" class="formfld" id="def_finger_ports" size="40" value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define IRC_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_irc_ports" type="text" class="formfld" id="def_irc_ports" size="40" value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define NNTP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_nntp_ports" type="text" class="formfld" id="def_nntp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define RLOGIN_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_rlogin_ports" type="text" class="formfld" id="def_rlogin_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define RSH_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_rsh_ports" type="text" class="formfld" id="def_rsh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SSL_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_ssl_ports" type="text" class="formfld" id="def_ssl_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings befor you click start. </td> + </tr> + </table> + </table> +</form> + +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 49f40638..e2ee443d 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -57,7 +57,10 @@ if (isset($id) && $a_nat[$id]) { $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; if (!$pconfig['interface']) $pconfig['interface'] = "wan"; @@ -125,16 +128,24 @@ if ($_POST) { /* if no errors write to conf */ if (!$input_errors) { $natent = array(); - $natent['enable'] = $_POST['enable'] ? on : off; - /* if option is diabled add a default answer */ + + /* write to conf for 1st time or rewrite the answer */ $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface']; - $natent['descr'] = $_POST['descr']; - $natent['performance'] = $_POST['performance']; - $natent['blockoffenders7'] = $_POST['blockoffenders7'] ? on : off; - $natent['snortalertlogtype'] = $_POST['snortalertlogtype']; - $natent['alertsystemlog'] = $_POST['alertsystemlog'] ? on : off; - $natent['tcpdumplog'] = $_POST['tcpdumplog'] ? on : off; - $natent['flow_depth'] = $_POST['flow_depth']; + /* if post write to conf or rewite the answer */ + $natent['enable'] = $_POST['enable'] ? on : off; + $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; + $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; + /* if post = on use on off or rewrite the conf */ + if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; + if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + /* if optiion = 0 then the old descr way will not work */ + if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = $pconfig['flow_depth']; } + /* rewrite the options that are not in post */ + $natent['barnyard_enable'] = $pconfig['barnyard_enable']; + $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -200,6 +211,7 @@ echo " document.iform.snortalertlogtype.disabled = endis; document.iform.alertsystemlog.disabled = endis; document.iform.tcpdumplog.disabled = endis; + document.iform.snortunifiedlog.disabled = endis; } //--> </script> @@ -300,7 +312,7 @@ if($id != "") $onclick_enable = "onClick=\"enable_change(false)\">"; } echo " - <input name=\"enable\" type=\"checkbox\" value=\"yes\" $checked $onclick_enable + <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable <strong>Enable Interface</strong></td>\n\n"; ?> </tr> @@ -347,7 +359,7 @@ if($id != "") <tr> <td width="22%" valign="top" class="vncell">Block offenders</td> <td width="78%" class="vtable"> - <input name="blockoffenders7" type="checkbox" value="yes" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + <input name="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> Checking this option will automatically block hosts that generate a snort alert.</td> </tr> <tr> @@ -368,16 +380,22 @@ if($id != "") <tr> <td width="22%" valign="top" class="vncell">Send alerts to main System logs</td> <td width="78%" class="vtable"> - <input name="alertsystemlog" type="checkbox" value="yes" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + <input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> Snort will send Alerts to the Pfsense system logs.</td> </tr> <tr> <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td> <td width="78%" class="vtable"> - <input name="tcpdumplog" type="checkbox" value="yes" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + <input name="tcpdumplog" type="checkbox" value="on" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by a wireshark type of application. WARNING: File may become large.</td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Log Alerts to a snort unified2 file</td> + <td width="78%" class="vtable"> + <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td> + </tr> + <tr> <td valign="top" class="vncell">HTTP server flow depth</td> <td class="vtable"> <table cellpadding="0" cellspacing="0"> diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php new file mode 100644 index 00000000..e83e9fc0 --- /dev/null +++ b/config/snort-dev/snort_rules.php @@ -0,0 +1,645 @@ +<?php +/* $Id$ */ +/* + edit_snortrule.php + Copyright (C) 2004, 2005 Scott Ullrich and Rober Zelaya + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require("guiconfig.inc"); +require("config.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_nat[$id]) { + + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; +} + +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); + +// if(!is_dir("/usr/local/etc/snort/rules")) +// exec('mkdir /usr/local/etc/snort/rules/'); + +/* Check if the rules dir is empy if so warn the user */ +/* TODO give the user the option to delete the installed rules rules */ +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$id}{$if_real}/rules/*.rules"); +if ($isrulesfolderempty == "") { + +include("head.inc"); +include("fbegin.inc"); + +echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; + +echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n +<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n +<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n"; + + $tab_array = array(); + $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php"); + $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); + $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); + $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); + +echo "</td>\n + </tr>\n + <tr>\n + <td>\n + <div id=\"mainarea\">\n + <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n +# The rules directory is empty.\n + </td>\n + </tr>\n + </table>\n + </div>\n + </td>\n + </tr>\n +</table>\n +\n +</form>\n +\n +<p>\n\n"; + +echo "Please click on the Update Rules tab to install your selected rule sets."; +include("fend.inc"); + +echo "</body>"; +echo "</html>"; + +exit(0); + +} + +function get_middle($source, $beginning, $ending, $init_pos) { + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; +} + +function write_rule_file($content_changed, $received_file) +{ + //read snort file with writing enabled + $filehandle = fopen($received_file, "w"); + + //delimiter for each new rule is a new line + $delimiter = "\n"; + + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); + + //write data to file + fwrite($filehandle, $fullfile); + + //close file handle + fclose($filehandle); + +} + +function load_rule_file($incoming_file) +{ + + //read snort file + $filehandle = fopen($incoming_file, "r"); + + //read file into string, and get filesize + $contents = fread($filehandle, filesize($incoming_file)); + + //close handler + fclose ($filehandle); + + + //string for populating category select + $currentruleset = basename($file); + + //delimiter for each new rule is a new line + $delimiter = "\n"; + + //split the contents of the string file into an array using the delimiter + $splitcontents = explode($delimiter, $contents); + + return $splitcontents; + +} + +$ruledir = "/usr/local/etc/snort/snort_{$id}{$if_real}/rules/"; +$dh = opendir($ruledir); + +$message_reload = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect."; + +while (false !== ($filename = readdir($dh))) +{ + //only populate this array if its a rule file + $isrulefile = strstr($filename, ".rules"); + if ($isrulefile !== false) + { + $files[] = $filename; + } +} + +sort($files); + +if ($_GET['openruleset']) +{ + $file = $_GET['openruleset']; +} +else +{ + $file = $ruledir.$files[0]; + +} + +//Load the rule file +$splitcontents = load_rule_file($file); + +if ($_POST) +{ + if (!$_POST['apply']) { + //retrieve POST data + $post_lineid = $_POST['lineid']; + $post_enabled = $_POST['enabled']; + $post_src = $_POST['src']; + $post_srcport = $_POST['srcport']; + $post_dest = $_POST['dest']; + $post_destport = $_POST['destport']; + + //clean up any white spaces insert by accident + $post_src = str_replace(" ", "", $post_src); + $post_srcport = str_replace(" ", "", $post_srcport); + $post_dest = str_replace(" ", "", $post_dest); + $post_destport = str_replace(" ", "", $post_destport); + + //copy rule contents from array into string + $tempstring = $splitcontents[$post_lineid]; + + //search string + $findme = "# alert"; //find string for disabled alerts + + //find if alert is disabled + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) + { + //has rule been enabled + if ($post_enabled == "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("# alert", "alert", $tempstring); + $counter2 = 1; + } + else + { + //rule is staying disabled + $counter2 = 2; + } + } + else + { + //has rule been disabled + if ($post_enabled != "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("alert", "# alert", $tempstring); + $counter2 = 2; + } + else + { + //rule is staying enabled + $counter2 = 1; + } + } + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + + //insert new values + $counter2++; + $rule_content[$counter2] = $post_src;//source location + $counter2++; + $rule_content[$counter2] = $post_srcport;//source port location + $counter2 = $counter2+2; + $rule_content[$counter2] = $post_dest;//destination location + $counter2++; + $rule_content[$counter2] = $post_destport;//destination port location + + //implode the array back into string + $tempstring = implode(' ', $rule_content); + + //copy string into file array for writing + $splitcontents[$post_lineid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $file); + + //once file has been written, reload file + $splitcontents = load_rule_file($file); + + $stopMsg = true; + } + + if ($_POST['apply']) { +// stop_service("snort"); +// sleep(2); +// start_service("snort"); + $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab."; + $stopMsg = false; + } + +} +else if ($_GET['act'] == "toggle") +{ + $toggleid = $_GET['ids']; + + //copy rule contents from array into string + $tempstring = $splitcontents[$toggleid]; + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + + //search string + $findme = "# alert"; //find string for disabled alerts + + //find if alert is disabled + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) + { + //rule has been enabled + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("# alert", "alert", $tempstring); + + } + else + { + //has rule been disabled + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("alert", "# alert", $tempstring); + + } + + //copy string into array for writing + $splitcontents[$toggleid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $file); + + //once file has been written, reload file + $splitcontents = load_rule_file($file); + + $stopMsg = true; + + //write disable/enable sid to config.xml + if ($disabled == false) { + $string_sid = strstr($tempstring, 'sid:'); + $sid_pieces = explode(";", $string_sid); + $sid_off_cut = $sid_pieces[0]; + // sid being turned off + $sid_off = str_replace("sid:", "", $sid_off_cut); + // rule_sid_on registers + $sid_on_pieces = $a_nat[$id]['rule_sid_on']; + // if off sid is the same as on sid remove it + $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces"); + // write the replace sid back as empty + $a_nat[$id]['rule_sid_on'] = $sid_on_old; + // rule sid off registers + $sid_off_pieces = $a_nat[$id]['rule_sid_off']; + // if off sid is the same as off sid remove it + $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces"); + // write the replace sid back as empty + $a_nat[$id]['rule_sid_off'] = $sid_off_old; + // add sid off registers to new off sid + $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; + write_config(); + } + else + { + $string_sid = strstr($tempstring, 'sid:'); + $sid_pieces = explode(";", $string_sid); + $sid_on_cut = $sid_pieces[0]; + // sid being turned off + $sid_on = str_replace("sid:", "", $sid_on_cut); + // rule_sid_off registers + $sid_off_pieces = $a_nat[$id]['rule_sid_off']; + // if off sid is the same as on sid remove it + $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces"); + // write the replace sid back as empty + $a_nat[$id]['rule_sid_off'] = $sid_off_old; + // rule sid on registers + $sid_on_pieces = $a_nat[$id]['rule_sid_on']; + // if on sid is the same as on sid remove it + $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces"); + // write the replace sid back as empty + $a_nat[$id]['rule_sid_on'] = $sid_on_old; + // add sid on registers to new on sid + $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; + write_config(); + } + +} + +$currentruleset = basename($file); + +$pgtitle = "Snort: Interface $id$if_real Rule File $currentruleset"; +require("guiconfig.inc"); +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php +echo "<form action=\"snort_rules.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; +?> +<?php if ($savemsg){print_info_box($savemsg);} else if ($stopMsg){print_info_box_np($message_reload);}?> +</form> +<script type="text/javascript" language="javascript" src="row_toggle.js"> + <script src="/javascript/sorttable.js" type="text/javascript"> +</script> + +<script language="javascript" type="text/javascript"> +<!-- +function go() +{ + var agt=navigator.userAgent.toLowerCase(); + if (agt.indexOf("msie") != -1) { + box = document.forms.selectbox; + } else { + box = document.forms[1].selectbox; + } + destination = box.options[box.selectedIndex].value; + if (destination) + location.href = destination; +} +// --> +</script> + +<table width="99%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php"); + $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); + $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); + $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="3%" class="list"> </td> + <td width="5%" class="listhdr">SID</td> + <td width="6%" class="listhdrr">Proto</td> + <td width="15%" class="listhdrr">Source</td> + <td width="10%" class="listhdrr">Port</td> + <td width="15%" class="listhdrr">Destination</td> + <td width="10%" class="listhdrr">Port</td> + <td width="32%" class="listhdrr">Message</td> + + </tr> + <tr> + <?php + + echo "<br>Category: "; + + //string for populating category select + $currentruleset = basename($file); + + ?> + <form name="forms"> + <select name="selectbox" class="formfld" onChange="go()"> + <?php + $i=0; + foreach ($files as $value) + { + $selectedruleset = ""; + if ($files[$i] === $currentruleset) + $selectedruleset = "selected"; + ?> + <option value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>" + <?php + $i++; + + } + ?> + </select> + </form> + </tr> + <?php + + $counter = 0; + $printcounter = 0; + + foreach ( $splitcontents as $value ) + { + + $counter++; + $disabled = "False"; + $comments = "False"; + + $tempstring = $splitcontents[$counter]; + $findme = "# alert"; //find string for disabled alerts + + //find alert + $disabled_pos = strstr($tempstring, $findme); + + + //do soemthing, this rule is enabled + $counter2 = 1; + + //retrieve sid value + $sid = get_middle($tempstring, 'sid:', ';', 0); + + //check to see if the sid is numberical + $is_sid_num = is_numeric($sid); + + //if SID is numerical, proceed + if ($is_sid_num) + { + + //if find alert is false, then rule is disabled + if ($disabled_pos !== false){ + $counter2 = $counter2+1; + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + } + else + { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + } + + $rule_content = explode(' ', $tempstring); + + $protocol = $rule_content[$counter2];//protocol location + $counter2++; + $source = $rule_content[$counter2];//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = $rule_content[$counter2];//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + if (strstr($tempstring, 'msg: "')) + $message = get_middle($tempstring, 'msg: "', '";', 0); + if (strstr($tempstring, 'msg:"')) + $message = get_middle($tempstring, 'msg:"', '";', 0); + + echo "<tr>"; + echo "<td class=\"listt\">"; + echo $textss; + ?> + <a href="?id=<?=$id;?>&openruleset=<?=$file;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a> + <?php + echo $textse; + echo "</td>"; + + + echo "<td class=\"listlr\">"; + echo $textss; + echo $sid; + echo $textse; + echo "</td>"; + + echo "<td class=\"listlr\">"; + echo $textss; + echo $protocol; + $printcounter++; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $source; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $source_port; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $destination; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $destination_port; + echo $textse; + echo "</td>"; + ?> + <td class="listbg"><font color="white"> + <?php + echo $textss; + echo $message; + echo $textse; + echo "</td>"; + ?> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><a href="snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$file;?>&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + <?php + } + } + echo " "; + echo "There are "; + echo $printcounter; + echo " rules in this category. <br><br>"; + ?> + </table> + </td> + </tr> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> + <td>Rule Enabled</td> + </tr> + <tr> + <td><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> + <td nowrap>Rule Disabled</td> + + + </tr> + <tr> + <td colspan="10"> + <p> + <!--<strong><span class="red">Warning:<br> + </span></strong>Editing these r</p>--> + </td> + </tr> + </table> + </table> + + </td> + </tr> +</table> + + +<?php include("fend.inc"); ?> +</div></body> +</html>
\ No newline at end of file diff --git a/config/snort-dev/snort_rules_edit.php b/config/snort-dev/snort_rules_edit.php new file mode 100644 index 00000000..69d946a9 --- /dev/null +++ b/config/snort-dev/snort_rules_edit.php @@ -0,0 +1,439 @@ +<?php +/* $Id$ */ +/* + snort_rules_edit.php + Copyright (C) 2004, 2005 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require("config.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + + +if (isset($id) && $a_nat[$id]) { + + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; +} + +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); + +// + +function get_middle($source, $beginning, $ending, $init_pos) { + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; +} + + +$file = $_GET['openruleset']; + +//read snort file +$filehandle = fopen($file, "r"); + +//get rule id +$lineid = $_GET['ids']; + +//read file into string, and get filesize +$contents = fread($filehandle, filesize($file)); + +//close handler +fclose ($filehandle); + +//delimiter for each new rule is a new line +$delimiter = "\n"; + +//split the contents of the string file into an array using the delimiter +$splitcontents = explode($delimiter, $contents); + +//copy rule contents from array into string +$tempstring = $splitcontents[$lineid]; + +//explode rule contents into an array, (delimiter is space) +$rule_content = explode(' ', $tempstring); + +//search string +$findme = "# alert"; //find string for disabled alerts + +//find if alert is disabled +$disabled = strstr($tempstring, $findme); + +//get sid +$sid = get_middle($tempstring, 'sid:', ';', 0); + +//get the full alert string rob +$rulealertsting = explode(" ", $tempstring); + +//get type rob +if ($rulealertsting[0] == 'alert' || $rulealertsting[1] == 'alert') + $type = 'alert'; +if ($rulealertsting[0] == 'drop' || $rulealertsting[1] == 'drop') + $type = 'drop'; + + + +//if find alert is false, then rule is disabled +if ($disabled !== false) +{ + //move counter up 1, so we do not retrieve the # in the rule_content array + $counter2 = 2; +} +else +{ + $counter2 = 1; +} + + +$protocol = $rule_content[$counter2];//protocol location +$counter2++; +$source = $rule_content[$counter2];//source location +$counter2++; +$source_port = $rule_content[$counter2];//source port location +$counter2++; +$direction = $rule_content[$counter2]; +$counter2++; +$destination = $rule_content[$counter2];//destination location +$counter2++; +$destination_port = $rule_content[$counter2];//destination port location + + +if (strstr($tempstring, 'msg: "')) + $message = get_middle($tempstring, 'msg: "', '";', 0); + if (strstr($tempstring, 'msg:"')) + $message = get_middle($tempstring, 'msg:"', '";', 0); + +if (strstr($tempstring, 'flow: ')) + $flow = get_middle($tempstring, 'flow: ', ';', 0); + if (strstr($tempstring, 'flow:')) + $flow = get_middle($tempstring, 'flow:', ';', 0); + +if (strstr($tempstring, 'content: "')) + $content = get_middle($tempstring, 'content: "', '";', 0); + if (strstr($tempstring, 'content:"')) + $content = get_middle($tempstring, 'content:"', '";', 0); + +if (strstr($tempstring, 'metadata: ')) + $metadata = get_middle($tempstring, 'metadata: ', ';', 0); + if (strstr($tempstring, 'metadata:')) + $metadata = get_middle($tempstring, 'metadata:', ';', 0); + +if (strstr($tempstring, 'reference: ')) + $reference = get_middle($tempstring, 'reference: ', ';', 0); + if (strstr($tempstring, 'reference:')) + $reference = get_middle($tempstring, 'reference:', ';', 0); + +if (strstr($tempstring, 'reference: ')) + $reference2 = get_middle($tempstring, 'reference: ', ';', 1); + if (strstr($tempstring, 'reference:')) + $reference2 = get_middle($tempstring, 'reference:', ';', 1); + +if (strstr($tempstring, 'classtype: ')) + $classtype = get_middle($tempstring, 'classtype: ', ';', 0); + if (strstr($tempstring, 'classtype:')) + $classtype = get_middle($tempstring, 'classtype:', ';', 0); + +if (strstr($tempstring, 'rev: ')) + $revision = get_middle($tempstring, 'rev: ', ';', 0); + if (strstr($tempstring, 'rev:')) + $revision = get_middle($tempstring, 'rev:', ';', 0); + + +function write_rule_file($content_changed, $received_file) +{ + //read snort file with writing enabled + $filehandle = fopen($received_file, "w"); + + //delimiter for each new rule is a new line + $delimiter = "\n"; + + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); + + //write data to file + fwrite($filehandle, $fullfile); + + //close file handle + fclose($filehandle); + +} + +function load_rule_file($incoming_file) +{ + + //read snort file + $filehandle = fopen($incoming_file, "r"); + + //read file into string, and get filesize + $contents = fread($filehandle, filesize($incoming_file)); + + //close handler + fclose ($filehandle); + + + //string for populating category select + $currentruleset = basename($file); + + //delimiter for each new rule is a new line + $delimiter = "\n"; + + //split the contents of the string file into an array using the delimiter + $splitcontents = explode($delimiter, $contents); + + return $splitcontents; + +} + +if ($_POST) +{ + if (!$_POST['apply']) { + //retrieve POST data + $post_lineid = $_POST['lineid']; + $post_enabled = $_POST['enabled']; + $post_src = $_POST['src']; + $post_srcport = $_POST['srcport']; + $post_dest = $_POST['dest']; + $post_destport = $_POST['destport']; + + //clean up any white spaces insert by accident + $post_src = str_replace(" ", "", $post_src); + $post_srcport = str_replace(" ", "", $post_srcport); + $post_dest = str_replace(" ", "", $post_dest); + $post_destport = str_replace(" ", "", $post_destport); + + //copy rule contents from array into string + $tempstring = $splitcontents[$post_lineid]; + + //search string + $findme = "# alert"; //find string for disabled alerts + + //find if alert is disabled + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) + { + //has rule been enabled + if ($post_enabled == "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("# alert", "alert", $tempstring); + $counter2 = 1; + } + else + { + //rule is staying disabled + $counter2 = 2; + } + } + else + { + //has rule been disabled + if ($post_enabled != "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("alert", "# alert", $tempstring); + $counter2 = 2; + } + else + { + //rule is staying enabled + $counter2 = 1; + } + } + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + + //insert new values + $counter2++; + $rule_content[$counter2] = $post_src;//source location + $counter2++; + $rule_content[$counter2] = $post_srcport;//source port location + $counter2 = $counter2+2; + $rule_content[$counter2] = $post_dest;//destination location + $counter2++; + $rule_content[$counter2] = $post_destport;//destination port location + + //implode the array back into string + $tempstring = implode(' ', $rule_content); + + //copy string into file array for writing + $splitcontents[$post_lineid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $file); + + //once file has been written, reload file + $splitcontents = load_rule_file($file); + +// stop_service("snort"); +// sleep(2); +// start_service("snort"); + + } +} + +// + + +$currentruleset = basename($file); + +$pgtitle = "Snort: Interface: $id$if_real Rule File: $currentruleset Edit SID: $sid"; +require("guiconfig.inc"); +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($savemsg){print_info_box($savemsg);}?> +<table width="99%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules"); + $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); + $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); + $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); +?> + + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <form action="snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$file;?>&ids=<?=$lineid;?>" target="" method="post" name="editform" id="editform"> + <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdr" width="10%">Enabled: </td> + <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if ($disabled === false) echo "checked";?>></td> + </tr> + <tr> + <td class="listhdr" width="10%">SID: </td> + <td class="listlr" width="30%"><?php echo $sid; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Type: </td> + <td class="listlr" width="30%"><input name="type" type="text" id="type" size="20" value="<?php echo $type;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Protocol: </td> + <td class="listlr" width="30%"><?php echo $protocol; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Source: </td> + <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo $source;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Source Port: </td> + <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo $source_port;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Direction:</td> + <td class="listlr" width="30%"><?php echo $direction;?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Destination:</td> + <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo $destination;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Destination Port: </td> + <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo $destination_port;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Message: </td> + <td class="listlr" width="30%"><?php echo $message; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Flow: </td> + <td class="listlr" width="30%"><input name="flow" type="text" id="flow" size="20" value="<?php echo $flow;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Content: </td> + <td class="listlr" width="30%"><?php echo $content; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Metadata: </td> + <td class="listlr" width="30%"><input name="metadata" type="text" id="metadata" size="80" value="<?php echo $metadata;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Reference: </td> + <td class="listlr" width="30%"><input name="reference" type="text" id="reference" size="80" value="<?php echo $reference;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Reference2: </td> + <td class="listlr" width="30%"><input name="reference2" type="text" id="reference2" size="80" value="<?php echo $reference2;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Classtype: </td> + <td class="listlr" width="30%"><?php echo $classtype; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Revision: </td> + <td class="listlr" width="30%"><?php echo $revision; ?></td> + </tr> + <tr><td> </td></tr> + <tr> + <td><input name="lineid" type="hidden" value="<?=$lineid;?>"></td> + <td><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td> + </tr> + </table> + </form> + </td> + </tr> + </table> + </td> +</tr> +</table> + +<?php include("fend.inc"); ?> +</div></body> +</html>
\ No newline at end of file diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php new file mode 100644 index 00000000..ede379b0 --- /dev/null +++ b/config/snort-dev/snort_rulesets.php @@ -0,0 +1,258 @@ +<?php +/* $Id$ */ +/* + snort_rulesets.php + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require("filter.inc"); +require_once("service-utils.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + + +if (isset($id) && $a_nat[$id]) { + + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; +} + +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); + +//if(!is_dir("/usr/local/etc/snort/rules")) +// exec('mkdir /usr/local/etc/snort/rules/'); + +/* Check if the rules dir is empy if so warn the user */ +/* TODO give the user the option to delete the installed rules rules */ +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$id}{$if_real}/rules/*.rules"); +if ($isrulesfolderempty == "") { + +include("head.inc"); +include("fbegin.inc"); + +echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; + +echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n +<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n +<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n"; + + $tab_array = array(); + $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); + $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); + $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); + $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); + +echo "</td>\n + </tr>\n + <tr>\n + <td>\n + <div id=\"mainarea\">\n + <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n +# The rules directory is empty. /usr/local/etc/snort/snort_{$id}{$if_real}/rules \n + </td>\n + </tr>\n + </table>\n + </div>\n + </td>\n + </tr>\n +</table>\n +\n +</form>\n +\n +<p>\n\n"; + +echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty"; +include("fend.inc"); + +echo "</body>"; +echo "</html>"; + +exit(0); + +} + +if($_POST) { + $enabled_items = ""; + $isfirst = true; + if (is_array($_POST['toenable'])) { + foreach($_POST['toenable'] as $toenable) { + if(!$isfirst) + $enabled_items .= "||"; + $enabled_items .= "{$toenable}"; + $isfirst = false; + } + }else{ + $enabled_items = $_POST['toenable']; + } + $a_nat[$id]['rulesets'] = $enabled_items; + write_config(); +// stop_service("snort"); +// create_snort_conf(); +// sleep(2); +// start_service("snort"); + $savemsg = "The snort ruleset selections have been saved."; +} + +$enabled_rulesets = $a_nat[$id]['rulesets']; +if($enabled_rulesets) + $enabled_rulesets_array = split("\|\|", $enabled_rulesets); + +$pgtitle = "Snort: {$id}{$if_real} Categories"; +include("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<?php include("fbegin.inc"); ?> + +<?php +if(!$pgtitle_output) + echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; +?> + +<?php + +echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; + +?> + +<script src="/row_toggle.js" type="text/javascript"></script> +<script src="/javascript/sorttable.js" type="text/javascript"></script> +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="99%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); + $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); + $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); + $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="listhdrr">Enabled</td> + <td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td> + <!-- <td class="listhdrr">Description</td> --> + </tr> +<?php + $dir = "/usr/local/etc/snort/snort_{$id}{$if_real}/rules/"; + $dh = opendir($dir); + while (false !== ($filename = readdir($dh))) { + $files[] = $filename; + } + sort($files); + foreach($files as $file) { + if(!stristr($file, ".rules")) + continue; + echo "<tr>"; + echo "<td align=\"center\" valign=\"top\">"; + if(is_array($enabled_rulesets_array)) + if(in_array($file, $enabled_rulesets_array)) { + $CHECKED = " checked=\"checked\""; + } else { + $CHECKED = ""; + } + else + $CHECKED = ""; + echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />"; + echo "</td>"; + echo "<td>"; + echo "<a href='snort_rules.php?openruleset=/usr/local/etc/snort/snort_{$id}{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>"; + echo "</td>"; + //echo "<td>"; + //echo "description"; + //echo "</td>"; + } + +?> + </table> + </td> + </tr> + <tr><td> </td></tr> + <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr> + <tr><td> </td></tr> + <tr><td><input value="Save" type="submit" name="save" id="save" /></td></tr> + </table> + </div> + </td> + </tr> +</table> + +</form> + +<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset. + +<?php include("fend.inc"); ?> + +</body> +</html> + +<?php + + function get_snort_rule_file_description($filename) { + $filetext = file_get_contents($filename); + + } + +?>
\ No newline at end of file diff --git a/config/snort/pfsense_rules/local.rules b/config/snort/pfsense_rules/local.rules index a9072733..83a05f1b 100644 --- a/config/snort/pfsense_rules/local.rules +++ b/config/snort/pfsense_rules/local.rules @@ -1,7 +1,7 @@ -# ----------------
-# LOCAL RULES
-# ----------------
-# This file intentionally does not come with signatures. Put your local
-# additions here. Pfsense first install rule. Rule edit tabe fails with out this file.
-#
+# ---------------- +# LOCAL RULES +# ---------------- +# This file intentionally does not come with signatures. Put your local +# additions here. Pfsense first install rule. Rule edit tabe fails with out this file. +# #
\ No newline at end of file |