diff options
| author | robiscool <robrob2626@yahoo.com> | 2009-12-05 15:48:09 -0800 |
|---|---|---|
| committer | robiscool <robrob2626@yahoo.com> | 2009-12-05 15:48:09 -0800 |
| commit | 191d39b8c2586455462d4634a403cdb3f0a68e31 (patch) | |
| tree | 41abc65f83efe440c93a7d4257ad17300cf96464 /config/snort-dev/snort_preprocessors.php | |
| parent | 1ac3cc08ca0e82bba94f0c18a7bb0613fe093321 (diff) | |
| download | pfsense-packages-191d39b8c2586455462d4634a403cdb3f0a68e31.tar.gz pfsense-packages-191d39b8c2586455462d4634a403cdb3f0a68e31.tar.bz2 pfsense-packages-191d39b8c2586455462d4634a403cdb3f0a68e31.zip | |
snort-dev, rc1 update, main gui updates, performace updates
Diffstat (limited to 'config/snort-dev/snort_preprocessors.php')
| -rw-r--r-- | config/snort-dev/snort_preprocessors.php | 175 |
1 files changed, 123 insertions, 52 deletions
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php index 88f90b2e..39ed86d4 100644 --- a/config/snort-dev/snort_preprocessors.php +++ b/config/snort-dev/snort_preprocessors.php @@ -58,8 +58,16 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_nat[$id]) { /* new options */ - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; /* old options */ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; @@ -123,55 +131,63 @@ if ($_POST) { if (!$input_errors) { $natent = array(); /* repost the options already in conf */ - $natent['enable'] = $pconfig['enable']; - $natent['interface'] = $pconfig['interface']; - $natent['descr'] = $pconfig['descr']; - $natent['performance'] = $pconfig['performance']; - $natent['blockoffenders7'] = $pconfig['blockoffenders7']; - $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; - $natent['alertsystemlog'] = $pconfig['alertsystemlog']; - $natent['tcpdumplog'] = $pconfig['tcpdumplog']; - $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; - $natent['flow_depth'] = $pconfig['flow_depth']; - $natent['barnyard_enable'] = $pconfig['barnyard_enable']; - $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; - $natent['def_dns_servers'] = $pconfig['def_dns_servers']; - $natent['def_dns_ports'] = $pconfig['def_dns_ports']; - $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; - $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; - $natent['def_mail_ports'] = $pconfig['def_mail_ports']; - $natent['def_http_servers'] = $pconfig['def_http_servers']; - $natent['def_www_servers'] = $pconfig['def_www_servers']; - $natent['def_http_ports'] = $pconfig['def_http_ports']; - $natent['def_sql_servers'] = $pconfig['def_sql_servers']; - $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; - $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; - $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; - $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; - $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; - $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; - $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; - $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; - $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; - $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; - $natent['def_pop_servers'] = $pconfig['def_pop_servers']; - $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; - $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; - $natent['def_imap_servers'] = $pconfig['def_imap_servers']; - $natent['def_imap_ports'] = $pconfig['def_imap_ports']; - $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; - $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; - $natent['def_auth_ports'] = $pconfig['def_auth_ports']; - $natent['def_finger_ports'] = $pconfig['def_finger_ports']; - $natent['def_irc_ports'] = $pconfig['def_irc_ports']; - $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; - $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; - $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; - $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['ip def_sip_proxy_ports'] != "") { $natent['ip def_sip_proxy_ports'] = $pconfig['ip def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } /* post new options */ $natent['perform_stat'] = $_POST['perform_stat']; if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } + if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } + $natent['perform_stat'] = $_POST['perform_stat'] ? on : off; + $natent['http_inspect'] = $_POST['http_inspect'] ? on : off; + $natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off; + $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? on : off; + $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? on : off; + $natent['sf_portscan'] = $_POST['sf_portscan'] ? on : off; + $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off; + $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off; if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -268,22 +284,77 @@ if($id != "") ?> <tr> <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> - Please save your settings befor you click start.<br> - Please make sure there are <strong>no spaces</strong> in your definitions. + <td width="78%"><span class="vexpl"><span class="red"><strong>Note: </strong></span><br> + RULES MAY DEPENDENT ON Preprocessors!<br> + Please save your settings befor you click start.<br> </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">perform_stat</td> + <td width="22%" valign="top" class="vncell">Enable <br>Performance Statistics</td> <td width="78%" class="vtable"> <input name="perform_stat" type="checkbox" value="on" <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</td> + Performance Statistics for this interface.</td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>HTTP Inspect</td> + <td width="78%" class="vtable"> + <input name="http_inspect" type="checkbox" value="on" <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> + </tr> + <tr> + <td valign="top" class="vncell">HTTP server flow depth</td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td> + </tr> + </table> + Amount of HTTP server response payload to inspect. Snort's performance may increase by ajusting this value.<br> + Setting this value too low may cause false negatives. Value above 0 is in bytes.<br> + <strong>Default value is 0</strong></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>RPC Decode and Back Orifice detector</td> + <td width="78%" class="vtable"> + <input name="other_preprocs" type="checkbox" value="on" <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>FTP & Telnet Normalizer</td> + <td width="78%" class="vtable"> + <input name="ftp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode FTP & Telnet traffic and protocol anomalies.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>SMTP Normalizer</td> + <td width="78%" class="vtable"> + <input name="smtp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>Portscan Detection</td> + <td width="78%" class="vtable"> + <input name="sf_portscan" type="checkbox" value="on" <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Detects various types of portscans and portsweeps.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>DCE/RPC2 Detection</td> + <td width="78%" class="vtable"> + <input name="dce_rpc_2" type="checkbox" value="on" <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + The dcerpc preprocessor detects and decodes SMB and DCE/RPC traffic.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>DNS Detection</td> + <td width="78%" class="vtable"> + <input name="dns_preprocessor" type="checkbox" value="on" <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + The dns preprocessor (currently) decodes DNS Response traffic and detects a few vulnerabilities.</td> + </tr> <tr> <td width="22%" valign="top" class="vncell">Define SSL_IGNORE</td> <td width="78%" class="vtable"> <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> - <br> <span class="vexpl">Example: "443 465 563 636 989 990 992 993 994 995".</span></td> + <br> <span class="vexpl"> Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.<br> + Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please use spaces and not commas.</strong></td> </tr> <tr> <td width="22%" valign="top"> </td> |