diff options
author | robiscool <robrob2626@yahoo.com> | 2011-05-06 13:08:28 -0700 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2011-05-06 13:08:28 -0700 |
commit | c0076cc80d8c3689ffacff0a61f6d5a76c30b70c (patch) | |
tree | 56617399385ca9868de39e822f289291390173f6 /config/snort-dev/snort_new.inc | |
parent | 007a2e17c59e36d5f59457d1df50f722d8fb9d64 (diff) | |
download | pfsense-packages-c0076cc80d8c3689ffacff0a61f6d5a76c30b70c.tar.gz pfsense-packages-c0076cc80d8c3689ffacff0a61f6d5a76c30b70c.tar.bz2 pfsense-packages-c0076cc80d8c3689ffacff0a61f6d5a76c30b70c.zip |
snort-dev, add neww files
Diffstat (limited to 'config/snort-dev/snort_new.inc')
-rw-r--r-- | config/snort-dev/snort_new.inc | 366 |
1 files changed, 299 insertions, 67 deletions
diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc index 59186ec2..5530a854 100644 --- a/config/snort-dev/snort_new.inc +++ b/config/snort-dev/snort_new.inc @@ -6,8 +6,27 @@ if(isset($_POST['__csrf_magic'])) unset($_POST['__csrf_magic']); } + +function snortSql_fetchAllInterfaceRules($table, $dbname) +{ + // do let user pick the DB path + $db = sqlite_open("/usr/local/pkg/snort/{$dbname}"); + + $result = sqlite_query($db, + "SELECT * FROM {$table} WHERE id > 0; + "); + + $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); + + sqlite_close($db); + + return $chktable; + +} + + // fetch db Settings NONE Json -function snortSql_fetchAllSettings($table, $type, $id_uuid) +function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid) { if ($table == '') @@ -15,7 +34,7 @@ function snortSql_fetchAllSettings($table, $type, $id_uuid) return false; } - $db = sqlite_open('/usr/local/pkg/snort/snortDB'); + $db = sqlite_open("/usr/local/pkg/snort/$dbname"); if ($type == 'id') { @@ -145,7 +164,7 @@ function snortSql_updateSettings($settings, $type, $id_uuid) { // fetch for snort_interfaces_whitelist.php NONE Json // use sqlite_fetch_array for single and sqlite_fetch_all for lists -function snortSql_fetchAllWhitelistTypes($table) +function snortSql_fetchAllWhitelistTypes($table, $table2) { if ($table == '') @@ -167,29 +186,33 @@ function snortSql_fetchAllWhitelistTypes($table) return false; } - foreach ($chktable as $value) - { - - $filename2 = $value['filename']; - - $result2 = sqlite_query($db, - "SELECT ip FROM {$table}ips WHERE filename = \"{$filename2}\" LIMIT 4; - "); - - $chktable2 = sqlite_fetch_all($result2, SQLITE_ASSOC); - - $final2 = array('id' => $value['id']); - $final2['date'] = $value['date']; - $final2['uuid'] = $value['uuid']; - $final2['filename'] = $value['filename']; - $final2['description'] = $value['description']; - - $final2['list'] = $chktable2; - - $final[] = $final2; - - } // end foreach - + if ($table2 != '') + { + foreach ($chktable as $value) + { + + $filename2 = $value['filename']; + + $result2 = sqlite_query($db, + "SELECT ip FROM {$table2} WHERE filename = \"{$filename2}\" LIMIT 4; + "); + + $chktable2 = sqlite_fetch_all($result2, SQLITE_ASSOC); + + $final2 = array('id' => $value['id']); + $final2['date'] = $value['date']; + $final2['uuid'] = $value['uuid']; + $final2['filename'] = $value['filename']; + $final2['description'] = $value['description']; + + $final2['list'] = $chktable2; + + $final[] = $final2; + + } // end foreach + }else{ + $final = $chktable; + } sqlite_close($db); return $final; @@ -336,57 +359,35 @@ function snortSql_updateWhitelistIps($table, $newPostListips, $filename) } // end of func -// Whitelist Delete -function snortSql_updateWhitelistDelete($table, $uuid) +// RMlist Delete +function snortSql_updatelistDelete($usrDB, $table, $type, $uuid_filename) { - $db = '/usr/local/pkg/snort/snortDB'; + $db = "/usr/local/pkg/snort/$usrDB"; $mydb = sqlite_open("$db"); - - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "SELECT filename FROM {$table} WHERE uuid = '{$uuid}'; - "); - - $query_ck_filename = sqlite_fetch_array($query, SQLITE_ASSOC); - - if (!empty($query_ck_filename['filename'])) - { - $query2 = sqlite_query($mydb, // @ supress warnings usonly in production - "DELETE FROM {$table} WHERE uuid = '{$uuid}'; - "); + if ($type == 'uuid') + { + $query = sqlite_query($mydb, // @ supress warnings usonly in production + "DELETE FROM {$table} WHERE uuid = '{$uuid_filename}'; + "); + } + if ($type == 'filename') + { + $query = sqlite_query($mydb, // @ supress warnings use only in production + "DELETE FROM {$table} WHERE filename = '{$uuid_filename}'; + "); + } + if (sqlite_changes($mydb) < 1) { sqlite_close($mydb); return 'Error in query'; - } - - $query3 = sqlite_query($mydb, // @ supress warnings usonly in production - "SELECT ip FROM {$table}ips WHERE filename = '{$query_ck_filename['filename']}'; - "); - - $query_rm_ips_ck = sqlite_fetch_array($query3, SQLITE_ASSOC); - - if (!empty($query_rm_ips_ck)) - { - - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "DELETE FROM {$table}ips WHERE filename = '{$query_ck_filename['filename']}'; - "); - - if (sqlite_changes($mydb) < 1) - { - sqlite_close($mydb); - return 'Error in query'; - } - - } - - } - + } + sqlite_close($mydb); - return true; + return true; } // END main func @@ -399,6 +400,237 @@ function snortDropDownList($list, $setting) { } } +// downlod all snort logs +function snort_downloadAllLogs() { + + $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $file_name = "snort_logs_{$save_date}.tar.gz"; + + exec('/bin/rm /tmp/snort_logs_*.gz'); // remove old file + exec('/bin/rm /tmp/snort_blocked_*.gz'); // remove old file + exec('/bin/rm /tmp/snort_block.pf'); // remove old file + exec('/bin/rm -r /tmp/snort_blocked'); // remove old file + exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort"); + + if (file_exists("/tmp/snort_logs_{$save_date}.tar.gz")) { + echo " + { + \"snortdownload\": \"success\", + \"downloadfilename\": \"{$save_date}\" + } + "; + return true; + }else{ + return false; + } +} + +// send log files to browser GET function +function sendFileSnortLogDownload() { + //ob_start(); //importanr or other post will fail + $file_name_date = $_GET['snortlogfilename']; + + $file_name1 = "/tmp/snort_logs_{$file_name_date}.tar.gz"; + $file_name2 = "/tmp/snort_blocked_{$file_name_date}.tar.gz"; + + if (file_exists($file_name1)) { + $file_name = "snort_logs_{$file_name_date}.tar.gz"; + } + + if (file_exists($file_name2)) { + $file_name = "snort_blocked_{$file_name_date}.tar.gz"; + } + + if ($file_name == '') { + echo 'Error no saved file.'; + return false; + } + + if(file_exists("/tmp/{$file_name}")) + { + $file = "/tmp/{$file_name}"; + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); + header("Pragma: private"); // needed for IE + header("Cache-Control: private, must-revalidate"); // needed for IE + header('Content-type: application/force-download'); + header('Content-Transfer-Encoding: Binary'); + header("Content-length: ".filesize($file)); + header("Content-disposition: attachment; filename = {$file_name}"); + readfile("$file"); + exec("/bin/rm /tmp/{$file_name}"); + //od_end_clean(); //importanr or other post will fail + }else{ + echo 'Error no saved file.'; + return false; + } +} + +// Warning code not finnish untill rule code is DONE ! +// Delete Snort logs +function snortDeleteLogs() { + if(file_exists('/var/log/snort/alert')) + { + exec('/bin/echo "" > /var/log/snort/alert'); + //post_delete_logs(); + exec('/usr/sbin/chown snort:snort /var/log/snort/*'); + exec('/bin/chmod 660 /var/log/snort/*'); + sleep(2); + exec('/usr/bin/killall -HUP snort'); + } + + echo ' + { + "snortdelete": "success" + } + '; + return true; + +} + +// Warning code not finnish untill rule code is DONE ! +// code neeed to be worked on when finnished rules code +function post_delete_logs() +{ + global $config, $g; + + + $snort_log_dir = '/var/log/snort'; + + /* do not start config build if rules is empty */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) + { + + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) + { + + if ($id == '') { + $id = 0; + } + + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + if ($if_real != '' && $snort_uuid != '') + { + if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on') + { + $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2."; + $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2); + if (is_array($snort_list_u2)) { + usort($snort_list_u2, "snort_file_sort"); + $snort_u2_rm_list = snort_build_order($snort_list_u2); + snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]); + } + }else{ + exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*"); + } + + if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on') + { + $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump."; + $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd); + if (is_array($snort_list_tcpd)) { + usort($snort_list_tcpd, "snort_file_sort"); + $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd); + snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); + } + }else{ + exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*"); + } + + /* create barnyard2 configuration file */ + //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on') + //create_barnyard2_conf($id, $if_real, $snort_uuid); + + if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on) + { + exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats"); + } + } + } + } +} + +// END General Functions + +// downlod all blocked ips to log +function snort_downloadBlockedIPs() { + + exec('/bin/rm /tmp/snort_logs_*.gz'); // remove old file + exec('/bin/rm /tmp/snort_blocked_*.gz'); // remove old file + exec('/bin/rm /tmp/snort_block.pf'); // remove old file + exec('/bin/rm -r /tmp/snort_blocked'); // remove old file + $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $file_name = "snort_blocked_{$save_date}.tar.gz"; + exec('/bin/mkdir /tmp/snort_blocked'); + exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf'); + + $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); + + if ($blocked_ips_array_save[0] != '') + { + /* build the list */ + $counter = 0; + foreach($blocked_ips_array_save as $fileline3) + { + $counter++; + exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf"); + } + } + + exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); + + if (file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) { + echo " + { + \"snortdownload\": \"success\", + \"downloadfilename\": \"{$save_date}\" + } + "; + return true; + }else{ + return false; + } + +} + +// flush all ips from snort2c table +function snortRemoveBlockedIPs() { + + exec("/sbin/pfctl -t snort2c -T flush"); + + echo ' + { + "snortdelete": "success" + } + '; + return true; + +} + +/* returns true if $name is a valid name for a whitelist file name or ip */ +function is_validFileName($name) { + + if ($name == '') + return false; + + if (!is_string($name)) + return false; + + if (preg_match("/\s+/", $name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\-_]/", $name)) + return true; + + return false; +} /* gen Alpha Num Mix for uuids or anything random, NEVER USE rand() */ /* mt_rand/mt_srand is insecure way to gen random nums and strings, when posible use /dev/random or /dev/urandom */ |