aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2011-06-23 10:16:02 -0700
committerrobiscool <robrob2626@yahoo.com>2011-06-23 10:16:02 -0700
commit01444db4a1b13dab674044e2a2b7c4006a820539 (patch)
treeeb7739e3bff9a6f3f785e213d603aad707d3c28f /config/snort-dev
parentb04a99614e2c4736230748a06359125d064a0ada (diff)
downloadpfsense-packages-01444db4a1b13dab674044e2a2b7c4006a820539.tar.gz
pfsense-packages-01444db4a1b13dab674044e2a2b7c4006a820539.tar.bz2
pfsense-packages-01444db4a1b13dab674044e2a2b7c4006a820539.zip
snort-dev, update install xml, add snort_install.inc snort_build
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/javascript/snort_globalsend.js36
-rw-r--r--config/snort-dev/snort.xml257
-rw-r--r--config/snort-dev/snort_alerts.php17
-rw-r--r--config/snort-dev/snort_barnyard.php17
-rw-r--r--config/snort-dev/snort_blocked.php17
-rw-r--r--config/snort-dev/snort_build.inc1117
-rw-r--r--config/snort-dev/snort_define_servers.php17
-rw-r--r--config/snort-dev/snort_download_rules.inc41
-rw-r--r--config/snort-dev/snort_download_updates.php15
-rw-r--r--config/snort-dev/snort_gui.inc20
-rw-r--r--config/snort-dev/snort_head.inc42
-rw-r--r--config/snort-dev/snort_headbase.inc42
-rw-r--r--config/snort-dev/snort_help_info.php17
-rw-r--r--config/snort-dev/snort_install.inc412
-rw-r--r--config/snort-dev/snort_interfaces.php17
-rw-r--r--config/snort-dev/snort_interfaces_edit.php50
-rw-r--r--config/snort-dev/snort_interfaces_global.php19
-rw-r--r--config/snort-dev/snort_interfaces_rules.php20
-rw-r--r--config/snort-dev/snort_interfaces_rules_edit.php19
-rw-r--r--config/snort-dev/snort_interfaces_suppress.php20
-rw-r--r--config/snort-dev/snort_interfaces_suppress_edit.php19
-rw-r--r--config/snort-dev/snort_interfaces_whitelist.php20
-rw-r--r--config/snort-dev/snort_interfaces_whitelist_edit.php19
-rw-r--r--config/snort-dev/snort_json_get.php41
-rw-r--r--config/snort-dev/snort_json_post.php587
-rw-r--r--config/snort-dev/snort_new.inc87
-rw-r--r--config/snort-dev/snort_preprocessors.php19
-rw-r--r--config/snort-dev/snort_rules.php17
-rw-r--r--config/snort-dev/snort_rulesets.php19
29 files changed, 2684 insertions, 356 deletions
diff --git a/config/snort-dev/javascript/snort_globalsend.js b/config/snort-dev/javascript/snort_globalsend.js
index 04912cb3..de7ba57b 100644
--- a/config/snort-dev/javascript/snort_globalsend.js
+++ b/config/snort-dev/javascript/snort_globalsend.js
@@ -1,3 +1,39 @@
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
jQuery.noConflict();
//prepare the form when the DOM is ready
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
new file mode 100644
index 00000000..d0d30ded
--- /dev/null
+++ b/config/snort-dev/snort.xml
@@ -0,0 +1,257 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ part of pfSense (http://www.pfsense.com)
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>Snort</name>
+ <version>2.9.0.5</version>
+ <title>Services:2.9.0.5 pkg v. 2.0</title>
+ <include_file>/usr/local/pkg/snort/snort_install.inc</include_file>
+ <menu>
+ <name>Snort</name>
+ <tooltiptext>Setup snort specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/snort/snort_interfaces.php</url>
+ </menu>
+ <service>
+ <name>snort</name>
+ <rcfile>snort.sh</rcfile>
+ <executable>snort</executable>
+ <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description>
+ </service>
+ <tabs>
+ </tabs>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snortDB</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snortDBrules</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snortDBtemp</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_build.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_head.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_headbase.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_install.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_new.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_help_info.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_get.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_post.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item>
+ </additional_files_needed>
+ <fields>
+ </fields>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_resync_config_command>
+ sync_snort_package();
+ </custom_php_resync_config_command>
+ <custom_php_install_command>
+ snort_postinstall();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ snort_deinstall();
+ </custom_php_deinstall_command>
+</packagegui>
diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php
index 0b7d7d06..cd21f29b 100644
--- a/config/snort-dev/snort_alerts.php
+++ b/config/snort-dev/snort_alerts.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,6 +38,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
+
*/
require_once("guiconfig.inc");
diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php
index 8dde1cd3..868e9f17 100644
--- a/config/snort-dev/snort_barnyard.php
+++ b/config/snort-dev/snort_barnyard.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,6 +38,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
+
*/
require_once("guiconfig.inc");
diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php
index 4f81bc6c..01eb5fe4 100644
--- a/config/snort-dev/snort_blocked.php
+++ b/config/snort-dev/snort_blocked.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,6 +38,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
+
*/
require_once("guiconfig.inc");
diff --git a/config/snort-dev/snort_build.inc b/config/snort-dev/snort_build.inc
new file mode 100644
index 00000000..7ce92f2a
--- /dev/null
+++ b/config/snort-dev/snort_build.inc
@@ -0,0 +1,1117 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+// unset crsf checks
+if(isset($_POST['__csrf_magic'])) {
+ unset($_POST['__csrf_magic']);
+}
+
+
+// -------------------------- START snort.conf -------------------------
+
+/* func builds custom whitelests */
+function build_base_whitelist($lanip, $wanip, $wangw, $wandns, $vips, $vpns, $userwhtips, $netlist) {
+
+ // bring in settings from /etc/inc
+ global $config;
+
+ /* build an interface array list */
+ if ($lanip === 'on') {
+ $int_array = array('lan');
+ for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
+ {
+ if(isset($config['interfaces']['opt' . $j]['enable']))
+ if(isset($config['interfaces']['opt' . $j]['gateway']))
+ $int_array[] = "opt{$j}";
+ }
+
+ /* iterate through interface list and write out whitelist items
+ * and also compile a home_net list for snort.
+ */
+ foreach($int_array as $int)
+ {
+ /* calculate interface subnet information */
+ $ifcfg = $config['interfaces'][$int];
+ $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
+ $subnetmask = gen_subnet_mask($ifcfg['subnet']);
+ if($subnet == "pppoe" or $subnet == "dhcp") {
+ $subnet = find_interface_ip("ng0");
+ if($subnet) {
+ $home_net .= "{$subnet} ";
+ }
+ } else {
+ if ($subnet)
+ if($ifcfg['subnet'])
+ $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
+ }
+ }
+ }
+
+ if($wanip === 'on') {
+ // add all WAN ips to the whitelist
+ $wan_if = get_real_wan_interface();
+ $ip = find_interface_ip($wan_if);
+ if($ip) {
+ $home_net .= "{$ip} ";
+ }
+ }
+
+ if($wangw === 'on') {
+ // Add Gateway on WAN interface to whitelist (For RRD graphs)
+ $gw = get_interface_gateway('wan');
+ if($gw) {
+ $home_net .= "{$gw} ";
+ }
+ }
+
+ if($wandns === 'on') {
+ // Add DNS server for WAN interface to whitelist
+ $dns_servers = get_dns_servers();
+ foreach($dns_servers as $dns) {
+ if($dns) {
+ $home_net .= "{$dns} ";
+ }
+ }
+ }
+
+ // TESTING: NEEDED 06202011
+ if($vips === 'on') {
+ // iterate all vips and add to whitelist
+ if($config['virtualip'])
+ foreach($config['virtualip']['vip'] as $vip)
+ if($vip['subnet'])
+ $home_net .= $vip['subnet'] . " ";
+ }
+
+ // TESTING: NEEDED 06202011
+ // grab a list of vpns and whitelist if user desires added by nestorfish 954
+ if($vpns == 'on') {
+ // chk what pfsense version were on
+ if ($pfsense_stable == 'yes') {
+ $vpns_list = get_vpns_list();
+ }
+
+ // chk what pfsense version were on
+ if ($pfsense_stable == 'no') {
+ $vpns_list = filter_get_vpns_list();
+ }
+
+ if ($vpns_list != '') {
+ $home_net .= "$vpns_list ";
+ }
+ }
+
+ // Add homenet, NETLIST
+ if($userwhtips == 'on') {
+
+ $whitelistArray = snortSql_fetchAllSettings('snortDB', 'SnortWhitelistips', 'filename', $netlist);
+
+ foreach ($whitelistArray as $whiteListIp)
+ {
+ $home_net .= $whiteListIp['ip'] . ' ';
+ }
+
+ }
+
+ // Add loopback to whitelist (ftphelper)
+ if ($lanip === 'on') {
+ $home_net .= '127.0.0.1';
+ }
+
+ // remove empty spaces
+ $home_net = trim($home_net);
+
+ // this is for snort.conf
+ $home_net = str_replace(' ', ',', $home_net);
+ // by Thrae, helps people with more than one gateway, breaks snort as is
+ $home_net = str_replace(',,', ',', $home_net);
+
+ if ($lanip !== 'on') {
+
+ $snortHomeNetPieces = explode(',', $home_net);
+ $home_net = '';
+
+ $i = 1;
+ $homeNetPieceCount = count($snortHomeNetPieces);
+ foreach ($snortHomeNetPieces as $homeNetPiece)
+ {
+ if (!empty($homeNetPiece) && $homeNetPieceCount !== $i) {
+ $home_net .= $homeNetPiece . ',';
+ }else{
+ $home_net .= $homeNetPiece . '';
+ }
+
+ $i++;
+ }
+
+ }
+
+ return $home_net;
+}
+
+
+
+function create_snort_homenet($snortNet, $getSnortHomeNet) {
+
+ if ($snortNet === 'homenet') {
+
+ $listName = $getSnortHomeNet['homelistname'];
+
+ if ($listName == 'default' || $listName == '') {
+ return build_base_whitelist('on','on', 'on', 'on', 'on', 'on', 'off', '');
+ }else{
+ $getSnortWhitelist = snortSql_fetchAllSettings('snortDB', 'SnortWhitelist', 'filename', $listName);
+ return build_base_whitelist('on', $getSnortWhitelist[0]['wanips'], $getSnortWhitelist[0]['wangateips'], $getSnortWhitelist[0]['wandnsips'], $getSnortWhitelist[0]['vips'], $getSnortWhitelist[0]['vpnips'], 'on', $listName);
+ }
+ }
+
+ if ($snortNet === 'externalnet') {
+ $listName = $getSnortHomeNet['externallistname'];
+ return build_base_whitelist('off', 'off', 'off', 'off', 'off', 'off', 'on', $listName);
+ }
+
+}
+
+function generate_snort_conf($uuid)
+{
+
+ // Iface main setings
+ $ifaceSettingsArray = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+
+ // custom home nets
+ // might need to make this same ass homenet
+ $home_net = '[' . create_snort_homenet('homenet', $ifaceSettingsArray) . ']';
+
+ if ($ifaceSettingsArray['externallistname'] === 'default'){
+ $external_net = '!$HOME_NET';
+ }else{
+ $external_net = '[' . create_snort_homenet('externalnet', $ifaceSettingsArray) . ']';
+ }
+
+ // obtain external interface
+ // XXX: make multi wan friendly
+ $snort_ext_int = $ifaceSettingsArray['interface'];
+
+ // user added arguments
+ $snort_config_pass_thru = str_replace("\r", '', base64_decode($ifaceSettingsArray['configpassthru']));
+
+ // define basic log filename
+ $snortunifiedlogbasic_type = "output unified: filename snort_{$ifaceSettingsArray['uuid']}.log, limit 128";
+
+ // define snortalertlogtype
+ $snortalertlogtype = $ifaceSettingsArray['snortalertlogtype'];
+
+ if ($snortalertlogtype == 'fast' || $snortalertlogtype == 'full') {
+ $snortalertlogtype_type = "output alert_{$snortalertlogtype}: alert";
+ }else{
+ $snortalertlogtype_type = '';
+ }
+
+ // define alertsystemlog
+ $alertsystemlog_info_chk = $ifaceSettingsArray['alertsystemlog'];
+ if ($alertsystemlog_info_chk == on) {
+ $alertsystemlog_type = "output alert_syslog: log_alert";
+ }
+
+ // define tcpdumplog
+ $tcpdumplog_info_chk = $ifaceSettingsArray['tcpdumplog'];
+ if ($tcpdumplog_info_chk == on) {
+ $tcpdumplog_type = "output log_tcpdump: snort_{$ifaceSettingsArray['uuid']}.tcpdump";
+ }
+
+ // define snortunifiedlog
+ $snortunifiedlog_info_chk = $ifaceSettingsArray['snortunifiedlog'];
+ if ($snortunifiedlog_info_chk == on) {
+ $snortunifiedlog_type = "output unified2: filename snort_{$ifaceSettingsArray['uuid']}.u2, limit 128";
+ }
+
+ // define snortsam
+ $snortsam_info_chk = $ifaceSettingsArray['blockoffenders7'];
+ if ($snortsam_info_chk === 'on') {
+ $snortsam_type = "output alert_fwsam: 127.0.0.1:898/addpasshere";
+ }else{
+ $snortsam_type = '';
+ }
+
+ /* define threshold file */
+ $threshold_info_chk = $ifaceSettingsArray['suppresslistname'];
+ if ($threshold_info_chk !== 'default') {
+
+ $threshold_info_chk = "include /usr/local/etc/snort/suppress/{$threshold_info_chk}";
+ }
+
+ /* define servers and ports snortdefservers */
+ /* def DNS_SERVSERS */
+ $def_dns_servers_info_chk = $ifaceSettingsArray['def_dns_servers'];
+ if (empty($def_dns_servers_info_chk)) {
+ $def_dns_servers_type = '$HOME_NET';
+ }else{
+ $def_dns_servers_type = "$def_dns_servers_info_chk";
+ }
+
+ /* def DNS_PORTS */
+ $def_dns_ports_info_chk = $ifaceSettingsArray['def_dns_ports'];
+ if (empty($def_dns_ports_info_chk)) {
+ $def_dns_ports_type = '53';
+ }else{
+ $def_dns_ports_type = "$def_dns_ports_info_chk";
+ }
+
+ /* def SMTP_SERVSERS */
+ $def_smtp_servers_info_chk = $ifaceSettingsArray['def_smtp_servers'];
+ if (empty($def_smtp_servers_info_chk)) {
+ $def_smtp_servers_type = '$HOME_NET';
+ }else{
+ $def_smtp_servers_type = $def_smtp_servers_info_chk;
+ }
+
+ /* def SMTP_PORTS */
+ $def_smtp_ports_info_chk = $ifaceSettingsArray['def_smtp_ports'];
+ if (empty($def_smtp_ports_info_chk)) {
+ $def_smtp_ports_type = '25';
+ }else{
+ $def_smtp_ports_type = $def_smtp_ports_info_chk;
+ }
+
+ /* def MAIL_PORTS */
+ $def_mail_ports_info_chk = $ifaceSettingsArray['def_mail_ports'];
+ if (empty($def_mail_ports_info_chk)) {
+ $def_mail_ports_type = '25,143,465,691';
+ }else{
+ $def_mail_ports_type = $def_mail_ports_info_chk;
+ }
+
+ /* def HTTP_SERVSERS */
+ $def_http_servers_info_chk = $ifaceSettingsArray['def_http_servers'];
+ if (empty($def_http_servers_info_chk)) {
+ $def_http_servers_type = '$HOME_NET';
+ }else{
+ $def_http_servers_type = $def_http_servers_info_chk;
+ }
+
+ /* def WWW_SERVSERS */
+ $def_www_servers_info_chk = $ifaceSettingsArray['def_www_servers'];
+ if (empty($def_www_servers_info_chk)) {
+ $def_www_servers_type = '$HOME_NET';
+ }else{
+ $def_www_servers_type = $def_www_servers_info_chk;
+ }
+
+ /* def HTTP_PORTS */
+ $def_http_ports_info_chk = $ifaceSettingsArray['def_http_ports'];
+ if (empty($def_http_ports_info_chk)) {
+ $def_http_ports_type = '80';
+ }else{
+ $def_http_ports_type = $def_http_ports_info_chk;
+ }
+
+ /* def SQL_SERVSERS */
+ $def_sql_servers_info_chk = $ifaceSettingsArray['def_sql_servers'];
+ if (empty($def_sql_servers_info_chk)) {
+ $def_sql_servers_type = '$HOME_NET';
+ }else{
+ $def_sql_servers_type = $def_sql_servers_info_chk;
+ }
+
+ /* def ORACLE_PORTS */
+ $def_oracle_ports_info_chk = $ifaceSettingsArray['def_oracle_ports'];
+ if (empty($def_oracle_ports_info_chk)) {
+ $def_oracle_ports_type = '1521';
+ }else{
+ $def_oracle_ports_type = $def_oracle_ports_info_chk;
+ }
+
+ /* def MSSQL_PORTS */
+ $def_mssql_ports_info_chk = $ifaceSettingsArray['def_mssql_ports'];
+ if (empty($def_mssql_ports_info_chk)) {
+ $def_mssql_ports_type = '1433';
+ }else{
+ $def_mssql_ports_type = $def_mssql_ports_info_chk;
+ }
+
+ /* def TELNET_SERVSERS */
+ $def_telnet_servers_info_chk = $ifaceSettingsArray['def_telnet_servers'];
+ if (empty($def_telnet_servers_info_chk)) {
+ $def_telnet_servers_type = '$HOME_NET';
+ }else{
+ $def_telnet_servers_type = $def_telnet_servers_info_chk;
+ }
+
+ /* def TELNET_PORTS */
+ $def_telnet_ports_info_chk = $ifaceSettingsArray['def_telnet_ports'];
+ if (empty($def_telnet_ports_info_chk)) {
+ $def_telnet_ports_type = '23';
+ }else{
+ $def_telnet_ports_type = $def_telnet_ports_info_chk;
+ }
+
+ /* def SNMP_SERVSERS */
+ $def_snmp_servers_info_chk = $ifaceSettingsArray['def_snmp_servers'];
+ if (empty($def_snmp_servers_info_chk)) {
+ $def_snmp_servers_type = '$HOME_NET';
+ }else{
+ $def_snmp_servers_type = $def_snmp_servers_info_chk;
+ }
+
+ /* def SNMP_PORTS */
+ $def_snmp_ports_info_chk = $ifaceSettingsArray['def_snmp_ports'];
+ if (empty($def_snmp_ports_info_chk)) {
+ $def_snmp_ports_type = '161';
+ }else{
+ $def_snmp_ports_type = $def_snmp_ports_info_chk;
+ }
+
+ /* def FTP_SERVSERS */
+ $def_ftp_servers_info_chk = $ifaceSettingsArray['def_ftp_servers'];
+ if (empty($def_ftp_servers_info_chk)) {
+ $def_ftp_servers_type = '$HOME_NET';
+ }else{
+ $def_ftp_servers_type = $def_ftp_servers_info_chk;
+ }
+
+ /* def FTP_PORTS */
+ $def_ftp_ports_info_chk = $ifaceSettingsArray['def_ftp_ports'];
+ if (empty($def_ftp_ports_info_chk)) {
+ $def_ftp_ports_type = '21';
+ }else{
+ $def_ftp_ports_type = $def_ftp_ports_info_chk;
+ }
+
+ /* def SSH_SERVSERS */
+ $def_ssh_servers_info_chk = $ifaceSettingsArray['def_ssh_servers'];
+ if (empty($def_ssh_servers_info_chk)) {
+ $def_ssh_servers_type = '$HOME_NET';
+ }else{
+ $def_ssh_servers_type = $def_ssh_servers_info_chk;
+ }
+
+ /* if user has defined a custom ssh port, use it */
+ if($config['system']['ssh']['port']) {
+ $ssh_port = $config['system']['ssh']['port'];
+ }else{
+ $ssh_port = '22';
+ }
+
+ /* def SSH_PORTS */
+ $def_ssh_ports_info_chk = $ifaceSettingsArray['def_ssh_ports'];
+ if (empty($def_ssh_ports_info_chk)) {
+ $def_ssh_ports_type = $ssh_port;
+ }else{
+ $def_ssh_ports_type = $def_ssh_ports_info_chk;
+ }
+
+ /* def POP_SERVSERS */
+ $def_pop_servers_info_chk = $ifaceSettingsArray['def_pop_servers'];
+ if (empty($def_pop_servers_info_chk)) {
+ $def_pop_servers_type = '$HOME_NET';
+ }else{
+ $def_pop_servers_type = $def_pop_servers_info_chk;
+ }
+
+ /* def POP2_PORTS */
+ $def_pop2_ports_info_chk = $ifaceSettingsArray['def_pop2_ports'];
+ if (empty($def_pop2_ports_info_chk)) {
+ $def_pop2_ports_type = '109';
+ }else{
+ $def_pop2_ports_type = $def_pop2_ports_info_chk;
+ }
+
+ /* def POP3_PORTS */
+ $def_pop3_ports_info_chk = $ifaceSettingsArray['def_pop3_ports'];
+ if (empty($def_pop3_ports_info_chk)) {
+ $def_pop3_ports_type = '110';
+ }else{
+ $def_pop3_ports_type = $def_pop3_ports_info_chk;
+ }
+
+ /* def IMAP_SERVSERS */
+ $def_imap_servers_info_chk = $ifaceSettingsArray['def_imap_servers'];
+ if (empty($def_imap_servers_info_chk)) {
+ $def_imap_servers_type = '$HOME_NET';
+ }else{
+ $def_imap_servers_type = $def_imap_servers_info_chk;
+ }
+
+ /* def IMAP_PORTS */
+ $def_imap_ports_info_chk = $ifaceSettingsArray['def_imap_ports'];
+ if (empty($def_imap_ports_info_chk)) {
+ $def_imap_ports_type = '143';
+ }else{
+ $def_imap_ports_type = $def_imap_ports_info_chk;
+ }
+ /* def SIP_PROXY_IP */
+ $def_sip_proxy_ip_info_chk = $ifaceSettingsArray['def_sip_proxy_ip'];
+ if (empty($def_sip_proxy_ip_info_chk)) {
+ $def_sip_proxy_ip_type = '$HOME_NET';
+ }else{
+ $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
+ }
+
+ /* def SIP_PROXY_PORTS */
+ $def_sip_proxy_ports_info_chk = $ifaceSettingsArray['def_sip_proxy_ports'];
+ if (empty($def_sip_proxy_ports_info_chk)) {
+ $def_sip_proxy_ports_type = '5060:5090,16384:32768';
+ }else{
+ $def_sip_proxy_ports_type = $def_sip_proxy_ports_info_chk;
+ }
+
+ /* def AUTH_PORTS */
+ $def_auth_ports_info_chk = $ifaceSettingsArray['def_auth_ports'];
+ if (empty($def_auth_ports_info_chk)) {
+ $def_auth_ports_type = '113';
+ }else{
+ $def_auth_ports_type = $def_auth_ports_info_chk;
+ }
+
+ /* def FINGER_PORTS */
+ $def_finger_ports_info_chk = $ifaceSettingsArray['def_finger_ports'];
+ if (empty($def_finger_ports_info_chk)) {
+ $def_finger_ports_type = "79";
+ }else{
+ $def_finger_ports_type = $def_finger_ports_info_chk;
+ }
+
+ /* def IRC_PORTS */
+ $def_irc_ports_info_chk = $ifaceSettingsArray['def_irc_ports'];
+ if (empty($def_irc_ports_info_chk)) {
+ $def_irc_ports_type = '6665,6666,6667,6668,6669,7000';
+ }else{
+ $def_irc_ports_type = $def_irc_ports_info_chk;
+ }
+
+ /* def NNTP_PORTS */
+ $def_nntp_ports_info_chk = $ifaceSettingsArray['def_nntp_ports'];
+ if (empty($def_nntp_ports_info_chk)) {
+ $def_nntp_ports_type = '119';
+ }else{
+ $def_nntp_ports_type = $def_nntp_ports_info_chk;
+ }
+
+ /* def RLOGIN_PORTS */
+ $def_rlogin_ports_info_chk = $ifaceSettingsArray['def_rlogin_ports'];
+ if (empty($def_rlogin_ports_info_chk)) {
+ $def_rlogin_ports_type = '513';
+ }else{
+ $def_rlogin_ports_type = $def_rlogin_ports_info_chk;
+ }
+
+ /* def RSH_PORTS */
+ $def_rsh_ports_info_chk = $ifaceSettingsArray['def_rsh_ports'];
+ if (empty($def_rsh_ports_info_chk)) {
+ $def_rsh_ports_type = '514';
+ }else{
+ $def_rsh_ports_type = $def_rsh_ports_info_chk;
+ }
+
+ /* def SSL_PORTS */
+ $def_ssl_ports_info_chk = $ifaceSettingsArray['def_ssl_ports'];
+ if (empty($def_ssl_ports_info_chk)) {
+ $def_ssl_ports_type = '443,465,563,636,989,990,992,993,994,995';
+ }else{
+ $def_ssl_ports_type = $def_ssl_ports_info_chk;
+ }
+
+ /* should we install a automatic update crontab entry?
+ $automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7'];
+
+ // if user is on pppoe, we really want to use ng0 interface
+ if(isset($config['interfaces'][$snort_ext_int]['ipaddr']) && ($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe"))
+ $snort_ext_int = "ng0";
+
+ // set the snort performance model */
+ if($ifaceSettingsArray['performance']) {
+ $snort_performance = $ifaceSettingsArray['performance'];
+ }else{
+ $snort_performance = "ac-bnfa";
+ }
+
+ // list rules in db that are on in a array
+ $listEnabled_rulesets = array();
+ $listEnabled_rulesets = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'rdbuuid', $ifaceSettingsArray['ruledbname']);
+
+ if(!empty($listEnabled_rulesets)) {
+ foreach($listEnabled_rulesets as $enabled_item)
+ {
+ $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item['rulesetname']}\n";
+ }
+ }
+
+
+ /////////////////////////////
+
+ /* preprocessor code */
+
+ /* def perform_stat */
+
+
+ $def_perform_stat_info_chk = $ifaceSettingsArray['perform_stat'];
+ if ($def_perform_stat_info_chk === 'on') {
+ $def_perform_stat_type = "preprocessor perfmonitor: time 300 file /var/log/snort/sn_{$ifaceSettingsArray['uuid']}.stats pktcnt 10000";
+ }else{
+ $def_perform_stat_type = '';
+ }
+
+ $def_flow_depth_info_chk = $ifaceSettingsArray['flow_depth'];
+ if (empty($def_flow_depth_info_chk)) {
+ $def_flow_depth_type = '0';
+ }else{
+ $def_flow_depth_type = $ifaceSettingsArray['flow_depth'];
+ }
+
+ /* def http_inspect */
+ $snort_http_inspect = <<<EOD
+#################
+ #
+# HTTP Inspect #
+ #
+#################
+
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+
+preprocessor http_inspect_server: server default \
+ ports { 80 8080 } \
+ non_strict \
+ non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
+ flow_depth {$def_flow_depth_type} \
+ apache_whitespace no \
+ directory no \
+ iis_backslash no \
+ u_encode yes \
+ ascii no \
+ chunk_length 500000 \
+ bare_byte yes \
+ double_decode yes \
+ iis_unicode no \
+ iis_delimiter no \
+ multi_slash no
+
+EOD;
+
+ $def_http_inspect_info_chk = $ifaceSettingsArray['http_inspect'];
+ if ($def_http_inspect_info_chk === 'on') {
+ $def_http_inspect_type = $snort_http_inspect;
+ }else{
+ $def_http_inspect_type = '';
+ }
+
+
+ /* def other_preprocs */
+ $snort_other_preprocs = <<<EOD
+##################
+ #
+# Other preprocs #
+ #
+##################
+
+preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
+preprocessor bo
+
+EOD;
+
+ $def_other_preprocs_info_chk = $ifaceSettingsArray['other_preprocs'];
+ if ($def_other_preprocs_info_chk === 'on') {
+ $def_other_preprocs_type = $snort_other_preprocs;
+ }else{
+ $def_other_preprocs_type = '';
+ }
+
+ /* def ftp_preprocessor */
+ $snort_ftp_preprocessor = <<<EOD
+#####################
+ #
+# ftp preprocessor #
+ #
+#####################
+
+preprocessor ftp_telnet: global \
+inspection_type stateless
+
+preprocessor ftp_telnet_protocol: telnet \
+ normalize \
+ ayt_attack_thresh 200
+
+preprocessor ftp_telnet_protocol: \
+ ftp server default \
+ def_max_param_len 100 \
+ ports { 21 } \
+ ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
+ ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
+ ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
+ ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
+ ftp_cmds { FEAT CEL CMD MACB } \
+ ftp_cmds { MDTM REST SIZE MLST MLSD } \
+ ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
+ alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
+ alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
+ alt_max_param_len 256 { RNTO CWD } \
+ alt_max_param_len 400 { PORT } \
+ alt_max_param_len 512 { SIZE } \
+ chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
+ chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
+ chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
+ chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
+ chk_str_fmt { FEAT CEL CMD } \
+ chk_str_fmt { MDTM REST SIZE MLST MLSD } \
+ chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity STRU < char FRP > \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
+ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+ cmd_validity PORT < host_port >
+
+preprocessor ftp_telnet_protocol: ftp client default \
+ max_resp_len 256 \
+ bounce yes \
+ telnet_cmds yes
+
+EOD;
+
+ $def_ftp_preprocessor_info_chk = $ifaceSettingsArray['ftp_preprocessor'];
+ if ($def_ftp_preprocessor_info_chk === 'on') {
+ $def_ftp_preprocessor_type = $snort_ftp_preprocessor;
+ }else{
+ $def_ftp_preprocessor_type = "";
+ }
+
+ /* def smtp_preprocessor */
+ $snort_smtp_preprocessor = <<<EOD
+#####################
+ #
+# SMTP preprocessor #
+ #
+#####################
+
+preprocessor SMTP: \
+ ports { 25 465 691 } \
+ inspection_type stateful \
+ normalize cmds \
+ valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \
+CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \
+PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ max_header_line_len 1000 \
+ max_response_line_len 512 \
+ alt_max_command_line_len 260 { MAIL } \
+ alt_max_command_line_len 300 { RCPT } \
+ alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
+ alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
+ alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \
+ alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \
+ alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ xlink2state { enable }
+
+EOD;
+
+ $def_smtp_preprocessor_info_chk = $ifaceSettingsArray['smtp_preprocessor'];
+ if ($def_smtp_preprocessor_info_chk === 'on') {
+ $def_smtp_preprocessor_type = $snort_smtp_preprocessor;
+ }else{
+ $def_smtp_preprocessor_type = '';
+ }
+
+ /* def sf_portscan */
+ $snort_sf_portscan = <<<EOD
+################
+ #
+# sf Portscan #
+ #
+################
+
+preprocessor sfportscan: scan_type { all } \
+ proto { all } \
+ memcap { 10000000 } \
+ sense_level { medium } \
+ ignore_scanners { \$HOME_NET }
+
+EOD;
+
+ $def_sf_portscan_info_chk = $ifaceSettingsArray['sf_portscan'];
+ if ($def_sf_portscan_info_chk === 'on') {
+ $def_sf_portscan_type = $snort_sf_portscan;
+ }else{
+ $def_sf_portscan_type = '';
+ }
+
+ /* def dce_rpc_2 */
+ $snort_dce_rpc_2 = <<<EOD
+###############
+ #
+# NEW #
+# DCE/RPC 2 #
+ #
+###############
+
+preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
+preprocessor dcerpc2_server: default, policy WinXP, \
+ detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
+ autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
+ smb_max_chain 3
+
+EOD;
+
+ $def_dce_rpc_2_info_chk = $ifaceSettingsArray['dce_rpc_2'];
+ if ($def_dce_rpc_2_info_chk === 'on') {
+ $def_dce_rpc_2_type = $snort_dce_rpc_2;
+ }else{
+ $def_dce_rpc_2_type = '';
+ }
+
+ /* def dns_preprocessor */
+ $snort_dns_preprocessor = <<<EOD
+####################
+ #
+# DNS preprocessor #
+ #
+####################
+
+preprocessor dns: \
+ ports { 53 } \
+ enable_rdata_overflow
+
+EOD;
+
+ $def_dns_preprocessor_info_chk = $ifaceSettingsArray['dns_preprocessor'];
+ if ($def_dns_preprocessor_info_chk === 'on') {
+ $def_dns_preprocessor_type = $snort_dns_preprocessor;
+ }else{
+ $def_dns_preprocessor_type = '';
+ }
+
+ /* def SSL_PORTS IGNORE */
+ $def_ssl_ports_ignore_info_chk = $ifaceSettingsArray['def_ssl_ports_ignore'];
+ if (empty($def_ssl_ports_ignore_info_chk)) {
+ $def_ssl_ports_ignore_type = 'preprocessor ssl: ports { 443 465 563 636 989 990 992 993 994 995 }, trustservers, noinspect_encrypted';
+ }else{
+ $def_ssl_ports_ignore_type = "preprocessor ssl: ports { {$def_ssl_ports_ignore_info_chk} }, trustservers, noinspect_encrypted";
+ }
+
+ /* stream5 queued settings */
+
+
+ $def_max_queued_bytes_info_chk = $ifaceSettingsArray['max_queued_bytes'];
+ if (empty($def_max_queued_bytes_info_chk)) {
+ $def_max_queued_bytes_type = '';
+ }else{
+ $def_max_queued_bytes_type = ' max_queued_bytes ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'] . ',';
+ }
+
+ $def_max_queued_segs_info_chk = $ifaceSettingsArray['max_queued_segs'];
+ if (empty($def_max_queued_segs_info_chk)) {
+ $def_max_queued_segs_type = '';
+ }else{
+ $def_max_queued_segs_type = ' max_queued_segs ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'] . ',';
+ }
+
+
+ /* build snort configuration file */
+ /* TODO; feed back from pfsense users to reduce false positives */
+ $snort_conf_text = <<<EOD
+
+# snort configuration file
+# generated by the pfSense
+# package manager system
+# see /usr/local/pkg/snort.inc
+# for more information
+# snort.conf
+# Snort can be found at http://www.snort.org/
+#
+# Copyright (C) 2009-2010 Robert Zelaya
+# part of pfSense
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+#########################
+ #
+# Define Local Network #
+ #
+#########################
+
+var HOME_NET {$home_net}
+var EXTERNAL_NET {$external_net}
+
+###################
+ #
+# Define Servers #
+ #
+###################
+
+var DNS_SERVERS [{$def_dns_servers_type}]
+var SMTP_SERVERS [{$def_smtp_servers_type}]
+var HTTP_SERVERS [{$def_http_servers_type}]
+var SQL_SERVERS [{$def_sql_servers_type}]
+var TELNET_SERVERS [{$def_telnet_servers_type}]
+var SNMP_SERVERS [{$def_snmp_servers_type}]
+var FTP_SERVERS [{$def_ftp_servers_type}]
+var SSH_SERVERS [{$def_ssh_servers_type}]
+var POP_SERVERS [{$def_pop_servers_type}]
+var IMAP_SERVERS [{$def_imap_servers_type}]
+var RPC_SERVERS \$HOME_NET
+var WWW_SERVERS [{$def_www_servers_type}]
+var SIP_PROXY_IP [{$def_sip_proxy_ip_type}]
+var AIM_SERVERS \
+[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
+
+########################
+ #
+# Define Server Ports #
+ #
+########################
+
+portvar HTTP_PORTS [{$def_http_ports_type}]
+portvar SHELLCODE_PORTS !80
+portvar ORACLE_PORTS [{$def_oracle_ports_type}]
+portvar AUTH_PORTS [{$def_auth_ports_type}]
+portvar DNS_PORTS [{$def_dns_ports_type}]
+portvar FINGER_PORTS [{$def_finger_ports_type}]
+portvar FTP_PORTS [{$def_ftp_ports_type}]
+portvar IMAP_PORTS [{$def_imap_ports_type}]
+portvar IRC_PORTS [{$def_irc_ports_type}]
+portvar MSSQL_PORTS [{$def_mssql_ports_type}]
+portvar NNTP_PORTS [{$def_nntp_ports_type}]
+portvar POP2_PORTS [{$def_pop2_ports_type}]
+portvar POP3_PORTS [{$def_pop3_ports_type}]
+portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779]
+portvar RLOGIN_PORTS [{$def_rlogin_ports_type}]
+portvar RSH_PORTS [{$def_rsh_ports_type}]
+portvar SMB_PORTS [139,445]
+portvar SMTP_PORTS [{$def_smtp_ports_type}]
+portvar SNMP_PORTS [{$def_snmp_ports_type}]
+portvar SSH_PORTS [{$def_ssh_ports_type}]
+portvar TELNET_PORTS [{$def_telnet_ports_type}]
+portvar MAIL_PORTS [{$def_mail_ports_type}]
+portvar SSL_PORTS [{$def_ssl_ports_type}]
+portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}]
+
+# DCERPC NCACN-IP-TCP
+portvar DCERPC_NCACN_IP_TCP [139,445]
+portvar DCERPC_NCADG_IP_UDP [138,1024:]
+portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:]
+portvar DCERPC_NCACN_UDP_LONG [135,1024:]
+portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:]
+portvar DCERPC_NCACN_TCP [2103,2105,2107]
+portvar DCERPC_BRIGHTSTORE [6503,6504]
+
+#####################
+ #
+# Define Rule Paths #
+ #
+#####################
+
+var RULE_PATH /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/rules
+# var PREPROC_RULE_PATH ./preproc_rules
+
+################################
+ #
+# Configure the snort decoder #
+ #
+################################
+
+config checksum_mode: all
+config disable_decode_alerts
+config disable_tcpopt_experimental_alerts
+config disable_tcpopt_obsolete_alerts
+config disable_ttcp_alerts
+config disable_tcpopt_alerts
+config disable_ipopt_alerts
+config disable_decode_drops
+
+###################################
+ #
+# Configure the detection engine #
+# Use lower memory models #
+ #
+###################################
+
+config detection: search-method {$snort_performance} max_queue_events 5
+config event_queue: max_queue 8 log 3 order_events content_length
+
+#Configure dynamic loaded libraries
+dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/
+dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
+dynamicdetection directory /usr/local/lib/snort/dynamicrules/
+
+###################
+ #
+# Flow and stream #
+ #
+###################
+
+preprocessor frag3_global: max_frags 8192
+preprocessor frag3_engine: policy bsd detect_anomalies
+
+preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
+track_udp yes, track_icmp yes
+preprocessor stream5_tcp: policy BSD, ports both all,{$def_max_queued_bytes_type}{$def_max_queued_segs_type} use_static_footprint_sizes
+preprocessor stream5_udp:
+preprocessor stream5_icmp:
+
+##########################
+ #
+# NEW #
+# Performance Statistics #
+ #
+##########################
+
+{$def_perform_stat_type}
+
+{$def_http_inspect_type}
+
+{$def_other_preprocs_type}
+
+{$def_ftp_preprocessor_type}
+
+{$def_smtp_preprocessor_type}
+
+{$def_sf_portscan_type}
+
+############################
+ #
+# OLD #
+# preprocessor dcerpc: \ #
+# autodetect \ #
+# max_frag_size 3000 \ #
+# memcap 100000 #
+ #
+############################
+
+{$def_dce_rpc_2_type}
+
+{$def_dns_preprocessor_type}
+
+##############################
+ #
+# NEW #
+# Ignore SSL and Encryption #
+ #
+##############################
+
+{$def_ssl_ports_ignore_type}
+
+#####################
+ #
+# Snort Output Logs #
+ #
+#####################
+
+$snortunifiedlogbasic_type
+$snortalertlogtype_type
+$alertsystemlog_type
+$tcpdumplog_type
+$snortmysqllog_info_chk
+$snortunifiedlog_type
+$snortsam_type
+
+#################
+ #
+# Misc Includes #
+ #
+#################
+
+include /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/reference.config
+include /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/classification.config
+$threshold_file_name
+
+# Snort user pass through configuration
+{$snort_config_pass_thru}
+
+###################
+ #
+# Rules Selection #
+ #
+###################
+
+{$selected_rules_sections}
+
+EOD;
+
+ return $snort_conf_text;
+}
+
+
+function create_snort_conf($uuid)
+{
+ // write out snort.conf
+
+ if (!file_exists("/usr/local/etc/snort/sn_{$uuid}/snort.conf")) {
+ exec("/usr/bin/touch /usr/local/etc/snort/sn_{$uuid}/snort.conf");
+ }
+
+ $snort_conf_text = generate_snort_conf($uuid);
+
+ conf_mount_rw();
+ $conf = fopen("/usr/local/etc/snort/sn_{$uuid}/snort.conf", "w");
+ if(!$conf) {
+ log_error("Could not open /usr/local/etc/snort/sn_{$uuid}/snort.conf for writing.");
+ exit;
+ }
+
+ fwrite($conf, $snort_conf_text);
+ fclose($conf);
+ conf_mount_ro();
+
+}
+
+// -------------------------- END snort.conf -------------------------
+
+
+
+?>
diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php
index abb9bcdd..78e033f6 100644
--- a/config/snort-dev/snort_define_servers.php
+++ b/config/snort-dev/snort_define_servers.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,6 +38,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
+
*/
require_once("guiconfig.inc");
diff --git a/config/snort-dev/snort_download_rules.inc b/config/snort-dev/snort_download_rules.inc
index 5b6937fb..0d3330b7 100644
--- a/config/snort-dev/snort_download_rules.inc
+++ b/config/snort-dev/snort_download_rules.inc
@@ -1,11 +1,16 @@
#!/usr/local/bin/php
<?php
+/* $Id$ */
/*
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+
+ part of pfSense
All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
Pfsense snort GUI
- Copyright (C) 2008-2011 Robert Zelaya.
+ Copyright (C) 2008-2012 Robert Zelaya.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -17,6 +22,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -27,8 +36,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
-
+
+*/
/*
* WARNING: THIS FILE SHOULD NEVER BE IN WWWW DIR
@@ -887,29 +896,29 @@ function sendUpdateSnortLogDownload($console)
foreach ($ifaceConfMaps_array as $preIfaceConfMaps_array)
{
// create iface dir if missing
- if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}")) {
- exec("/bin/mkdir -p /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}");
+ if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}")) {
+ exec("/bin/mkdir -p /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
}
// create rules dir soft link if setting is default
if ($preIfaceConfMaps_array['ruledbname'] === 'default' || $preIfaceConfMaps_array['ruledbname'] === '') {
- if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) {
- exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/default/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}/rules");
+ if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) {
+ exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/default/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules");
}
}
// create rules dir soft link if setting is not default
if ($preIfaceConfMaps_array['ruledbname'] !== 'default' || $preIfaceConfMaps_array['ruledbname'] != '') {
- if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}/rules") && file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules")) {
- exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}/rules");
+ if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules")) {
+ exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules");
}
}
- exec("/bin/cp {$snortdir}/etc/*.config /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}");
- exec("/bin/cp {$snortdir}/etc/*.conf /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}");
- exec("/bin/cp {$snortdir}/etc/*.map /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}");
- exec("/bin/cp {$snortdir}/etc/generators /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}");
- exec("/bin/cp {$snortdir}/etc/sid /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}");
+ exec("/bin/cp {$snortdir}/etc/*.config /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+ exec("/bin/cp {$snortdir}/etc/*.conf /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+ exec("/bin/cp {$snortdir}/etc/*.map /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+ exec("/bin/cp {$snortdir}/etc/generators /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+ exec("/bin/cp {$snortdir}/etc/sid /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
reapplyRuleSettings_run($preSid_Array['uuid']);
update_output_window2('ms2', 'Done...');
@@ -937,7 +946,7 @@ function sendUpdateSnortLogDownload($console)
exec("/bin/chmod -R 755 /usr/local/lib/snort");
- // if snort is running hardrestart, if snort is not running do nothing
+ // if snort is running hard restart, if snort is not running do nothing
// TODO: Restart Ifaces
diff --git a/config/snort-dev/snort_download_updates.php b/config/snort-dev/snort_download_updates.php
index 6e1a0b0d..a5c3b030 100644
--- a/config/snort-dev/snort_download_updates.php
+++ b/config/snort-dev/snort_download_updates.php
@@ -1,14 +1,18 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
Pfsense snort GUI
- Copyright (C) 2008-2011 Robert Zelaya.
+ Copyright (C) 2008-2012 Robert Zelaya.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -20,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -30,6 +38,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
+
*/
require_once("guiconfig.inc");
diff --git a/config/snort-dev/snort_gui.inc b/config/snort-dev/snort_gui.inc
index 88debbc6..d0a778ae 100644
--- a/config/snort-dev/snort_gui.inc
+++ b/config/snort-dev/snort_gui.inc
@@ -1,12 +1,19 @@
<?php
/* $Id$ */
/*
- snort.inc
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2006 Robert Zelaya
+
part of pfSense
All rights reserved.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -17,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -27,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
//include_once("/usr/local/pkg/snort/snort.inc");
diff --git a/config/snort-dev/snort_head.inc b/config/snort-dev/snort_head.inc
index 6addeaaa..2d5aadaa 100644
--- a/config/snort-dev/snort_head.inc
+++ b/config/snort-dev/snort_head.inc
@@ -1,4 +1,46 @@
<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
/*
pfSense_MODULE: header
*/
diff --git a/config/snort-dev/snort_headbase.inc b/config/snort-dev/snort_headbase.inc
index d21fedc7..765ae8ed 100644
--- a/config/snort-dev/snort_headbase.inc
+++ b/config/snort-dev/snort_headbase.inc
@@ -1,4 +1,46 @@
+<?php
+/* $Id$ */
+/*
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+?>
<!-- START of Snort Package css and javascript -->
diff --git a/config/snort-dev/snort_help_info.php b/config/snort-dev/snort_help_info.php
index cd757d3e..d12cfd11 100644
--- a/config/snort-dev/snort_help_info.php
+++ b/config/snort-dev/snort_help_info.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,6 +38,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
+
*/
require_once("guiconfig.inc");
diff --git a/config/snort-dev/snort_install.inc b/config/snort-dev/snort_install.inc
new file mode 100644
index 00000000..30f2884e
--- /dev/null
+++ b/config/snort-dev/snort_install.inc
@@ -0,0 +1,412 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+// unset crsf checks
+if(isset($_POST['__csrf_magic'])) {
+ unset($_POST['__csrf_magic']);
+}
+
+require_once("pfsense-utils.inc");
+require_once("config.inc");
+require_once("functions.inc");
+
+/* Allow additional execution time 0 = no limit. */
+ini_set('max_execution_time', '9999');
+ini_set('max_input_time', '9999');
+
+function snort_postinstall()
+{
+ global $config;
+ conf_mount_rw();
+
+ /* find out if were in 1.2.3-RELEASE */
+ $pfsense_ver_chk = exec('/bin/cat /etc/version');
+ if ($pfsense_ver_chk == '1.2.3-RELEASE') {
+ $pfsense_stable = 'yes';
+ }else{
+ $pfsense_stable = 'no';
+ }
+
+ /* find out what arch where in x86 , x64 */
+ $snort_arch_ck = '';
+ exec('/usr/bin/uname -m', $snort_arch_ck);
+ if($snort_arch_ck[0] == 'i386') {
+ $snort_arch = 'x86';
+ }else{
+ $snort_arch = 'x64';
+ }
+
+ /* snort -> advanced features */
+ //$bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize'];
+ //$bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize'];
+ //$bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns'];
+
+ // create a few directories and ensure the sample files are in place
+ if(!file_exists('/usr/local/etc/snort')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort');
+ }
+
+ if(!file_exists('/usr/local/etc/snort/whitelist')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
+ }
+
+ if(!file_exists('/var/log/snort/run')) {
+ exec('/bin/mkdir -p /var/log/snort/run');
+ }
+
+ if(!file_exists('/var/log/snort/barnyard2')) {
+ exec('/bin/mkdir -p /var/log/snort/barnyard2/');
+ }
+
+ if(!file_exists('/usr/local/lib/snort/dynamicrules/')) {
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ }
+
+ // for snort2c, remove when snortsam is working
+ if(!file_exists('/var/db/whitelist')) {
+ touch('/var/db/whitelist');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/etc')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/etc');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/signatures')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/signatures');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snort_download')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snort_download');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/DB')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/custom_rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/emerging_rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/pfsense_rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/snort_rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules');
+ }
+
+ if (!file_exists('/var/snort/')) {
+ exec('/bin/mkdir -p /var/snort/');
+ }
+
+ // cleanup default files
+ if(file_exists('/usr/local/etc/snort/snort.conf-sample')) {
+ exec('/bin/rm /usr/local/etc/snort/classification.config-sample');
+ exec('/bin/mv /usr/local/etc/snort/classification.config /usr/local/etc/snort/etc/classification.config');
+ exec('/bin/rm /usr/local/etc/snort/gen-msg.map-sample');
+ exec('/bin/mv /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/etc/gen-msg.map');
+ exec('/bin/rm /usr/local/etc/snort/reference.config-sample');
+ exec('/bin/mv /usr/local/etc/snort/reference.config /usr/local/etc/snort/etc/reference.config');
+ exec('/bin/rm /usr/local/etc/snort/sid-msg.map-sample');
+ exec('/bin/mv /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/etc/sid-msg.map');
+ exec('/bin/rm /usr/local/etc/snort/snort.conf-sample');
+ exec('/bin/mv /usr/local/etc/snort/snort.conf /usr/local/etc/snort/etc/snort.conf');
+ exec('/bin/rm /usr/local/etc/snort/threshold.conf-sample');
+ exec('/bin/mv /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/etc/threshold.conf');
+ exec('/bin/rm /usr/local/etc/snort/unicode.map-sample');
+ exec('/bin/mv /usr/local/etc/snort/unicode.map /usr/local/etc/snort/etc/unicode.map');
+ exec('/bin/rm /usr/local/etc/snort/generators-sample');
+ exec('/bin/mv /usr/local/etc/snort/generators /usr/local/etc/snort/etc/generators');
+ exec('/bin/rm /usr/local/etc/snort/sid');
+ exec('/bin/rm /usr/local/etc/rc.d/snort');
+ exec('/bin/rm /usr/local/etc/rc.d/bardyard2');
+ }
+
+ // remove example files
+ if(file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) {
+ exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*');
+ }
+
+ if(file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) {
+ exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
+ }
+
+
+ // add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0
+ exec('/usr/sbin/pw groupadd snort -g 920');
+ exec('/usr/sbin/pw useradd snort -u 920 -c "Snort User" -d /nonexistent -g snort -s /sbin/nologin');
+
+ // if users have old log files delete them */
+ if(!file_exists('/var/log/snort/alert')) {
+ touch('/var/log/snort/alert');
+ }else{
+ exec('/bin/rm -rf /var/log/snort/*');
+ touch('/var/log/snort/alert');
+ }
+
+ // rm barnyard2 important */
+ if(!file_exists('/usr/local/bin/barnyard2')) {
+ exec('/bin/rm /usr/local/bin/barnyard2');
+ }
+
+ /* important */
+ exec('/usr/sbin/chown -R snort:snort /var/log/snort');
+ exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort');
+ exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort');
+ exec('/usr/sbin/chown -R snort:snort /var/snort');
+ exec('/usr/sbin/chown snort:snort /tmp/snort*');
+ exec('/usr/sbin/chown snort:snort /var/db/whitelist');
+ exec('/bin/chmod 660 /var/log/snort/alert');
+ exec('/bin/chmod 660 /var/db/whitelist');
+ exec('/bin/chmod -R 660 /usr/local/etc/snort/*');
+ exec('/bin/chmod -R 660 /tmp/snort*');
+ exec('/bin/chmod -R 660 /var/run/snort*');
+ exec('/bin/chmod -R 660 /var/snort/run/*');
+ exec('/bin/chmod 770 /usr/local/lib/snort');
+ exec('/bin/chmod 770 /usr/local/etc/snort');
+ exec('/bin/chmod 770 /usr/local/etc/whitelist');
+ exec('/bin/chmod 770 /var/log/snort');
+ exec('/bin/chmod 770 /var/log/snort/run');
+ exec('/bin/chmod 770 /var/log/snort/barnyard2');
+
+ /* move files around, make it look clean */
+ exec('/bin/mkdir -p /usr/local/www/snort/css');
+ exec('/bin/mkdir -p /usr/local/www/snort/images');
+ exec('/bin/mkdir -p /usr/local/www/snort/javascript');
+
+ chdir ("/usr/local/www/snort/css/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style_snort2.css');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/new_tab_menu.css');
+ chdir ("/usr/local/www/snort/images/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/alert.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/arrow_down.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/awesome-overlay-sprite.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/controls.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/footer.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/footer2.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-asc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-desc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon_excli.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/loading.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo22.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/page_white_text.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/transparent.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up2.gif');
+ chdir ("/usr/local/www/snort/javascript/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/jquery-1.6.1.min.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/jquery.form.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/snort_globalsend.js');
+
+ /* back to default */
+ chdir ('/root/');
+
+ // make sure snort-old is deinstalled
+ // remove when snort-old is removed
+ unset($config['installedpackages']['snort']);
+ unset($config['installedpackages']['snortdefservers']);
+ unset($config['installedpackages']['snortwhitelist']);
+ unset($config['installedpackages']['snortthreshold']);
+ unset($config['installedpackages']['snortadvanced']);
+ write_config();
+ conf_mount_rw();
+
+ // remake saved settings
+ // TODO: make sre this works in final release
+ /*
+ if($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
+ update_status(gettext("Saved settings detected..."));
+ update_output_window(gettext("Please wait... rebuilding files..."));
+ sync_snort_package_empty();
+ update_output_window(gettext("Finnished Rebuilding files..."));
+ }
+ */
+
+ conf_mount_ro();
+
+}
+
+function snort_deinstall()
+{
+
+ global $config, $g;
+ conf_mount_rw();
+
+ // remove custom sysctl //
+ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
+
+ // decrease bpf buffers back to 4096, from 20480
+ exec('/sbin/sysctl net.bpf.bufsize=4096');
+
+ exec('/usr/usr/bin/killall snort');
+ sleep(2);
+ exec('/usr/usr/bin/killall -9 snort');
+ sleep(2);
+ exec('/usr/usr/bin/killall barnyard2');
+ sleep(2);
+ exec('/usr/usr/bin/killall -9 barnyard2');
+ sleep(2);
+
+ exec('/usr/sbin/pw userdel snort');
+ exec('/usr/sbin/pw groupdel snort');
+ exec('rm -rf /usr/local/etc/snort*');
+ exec('rm -rf /usr/local/pkg/snort*');
+ exec('rm -rf /usr/local/pkg/pf/snort*');
+
+ exec("cd /var/db/pkg && pkg_delete `ls | grep snort`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep perl-threaded`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client-5.1.50_1`");
+ exec('rm -r /usr/local/bin/barnyard2');
+
+ // TODO: figure out how to detect pfsense packages that use the same freebsd pkckages and not deinstall
+ //exec("cd /var/db/pkg && pkg_delete `ls | grep perl`");
+ //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`");
+ //exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); // Never remove pcre or pfsense will break
+
+ // Remove snort cron entries Ugly code needs smoothness
+ // TODO: redo code because its a mess
+ function snort_rm_blocked_deinstall_cron($should_install)
+ {
+ global $config, $g;
+ conf_mount_rw();
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item)
+ {
+ if (strstr($item['command'], "snort2c"))
+ {
+ $is_installed = true;
+ break;
+ }
+
+ $x++;
+
+ }
+ if($is_installed == true)
+ {
+ if($x > 0)
+ {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+
+ configure_cron();
+
+ }
+ conf_mount_ro();
+
+ }
+
+ function snort_rules_up_deinstall_cron($should_install)
+ {
+ global $config, $g;
+ conf_mount_rw();
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ }
+ }
+
+ snort_rm_blocked_deinstall_cron("");
+ snort_rules_up_deinstall_cron("");
+
+
+ /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
+ /* Keep this as a last step */
+ if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') {
+ unset($config['installedpackages']['snortglobal']);
+ }
+ write_config();
+ conf_mount_rw();
+
+ exec('rm -rf /usr/local/www/snort');
+ exec('rm -rf /usr/local/lib/snort/');
+ exec('rm -rf /var/log/snort/');
+ exec('rm -rf /usr/local/pkg/snort');
+ exec('rm -rf /var/snort');
+
+ conf_mount_ro();
+
+}
+
+// make sure this func on writes to files and does not start snort */
+function sync_snort_package()
+{
+ global $config, $g;
+ conf_mount_rw();
+
+
+
+ conf_mount_ro();
+}
+
+?>
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index 59ff381d..55161575 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -1,14 +1,18 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
Pfsense snort GUI
- Copyright (C) 2008-2011 Robert Zelaya.
+ Copyright (C) 2008-2012 Robert Zelaya.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -20,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -30,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index 169b0dba..4ac128cf 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,6 +38,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
+
*/
require_once("guiconfig.inc");
@@ -290,7 +301,7 @@ jQuery(document).ready(function() {
if ($a_list['ruledbname'] == 'default') {
$selected = 'selected';
}
- echo "\n" . '<option value="default" ' . $selected . ' >default</option>' . "\r";
+ echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r";
foreach ($a_rules as $value)
{
$selected = '';
@@ -298,7 +309,7 @@ jQuery(document).ready(function() {
$selected = 'selected';
}
- echo "\n" . '<option value="' . $value['uuid'] . '" ' . $selected . ' >' . $value['ruledbname'] . '</option>' . "\r";
+ echo "\n" . '<option value="' . $value['uuid'] . '" ' . $selected . ' >' . strtoupper($value['ruledbname']) . '</option>' . "\r";
}
?>
@@ -322,7 +333,7 @@ jQuery(document).ready(function() {
/* find homelist names and filter by type */
$selected = '';
if ($a_list['homelistname'] == 'default'){$selected = 'selected';}
- echo "\n" . '<option value="default" ' . $selected . ' >default</option>' . "\r";
+ echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r";
foreach ($a_whitelist as $value)
{
$selected = '';
@@ -330,7 +341,7 @@ jQuery(document).ready(function() {
if ($value['snortlisttype'] == 'netlist') // filter
{
- echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . $value['filename'] . '</option>' . "\r";
+ echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r";
}
}
@@ -352,7 +363,7 @@ jQuery(document).ready(function() {
/* find externallist names and filter by type */
$selected = '';
if ($a_list['externallistname'] == 'default'){$selected = 'selected';}
- echo "\n" . '<option value="default" ' . $selected . ' >default</option>' . "\r";
+ echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r";
foreach ($a_whitelist as $value)
{
$selected = '';
@@ -360,7 +371,7 @@ jQuery(document).ready(function() {
if ($value['snortlisttype'] == 'netlist') // filter
{
- echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . $value['filename'] . '</option>' . "\r";
+ echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r";
}
}
@@ -391,14 +402,14 @@ jQuery(document).ready(function() {
$selected = '';
if ($a_list['suppresslistname'] == 'default'){$selected = 'selected';}
- echo "\n" . '<option value="default" ' . $selected . ' >default</option>' . "\r";
+ echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r";
foreach ($a_suppresslist as $value)
{
$selected = '';
if ($value['filename'] == $a_list['suppresslistname']){$selected = 'selected';}
- echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . $value['filename'] . '</option>' . "\r";
+ echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r";
}
?>
@@ -407,11 +418,26 @@ jQuery(document).ready(function() {
<span class="vexpl">Choose the suppression or filtering file you will like this rule to use.&nbsp;<span class="red">
Note:</span>&nbsp;Default option disables suppression and filtering.</span>
</td>
- </tr>
+ </tr>
<tr>
<td colspan="2" valign="top" class="listtopic">Choose the types of logs snort should create.</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell2">Type of Unified Logging</td>
+ <td width="78%" class="vtable">
+ <select name="snortalertlogtype" class="formfld" id="snortalertlogtype">
+
+ <?php
+ $snortalertlogtypePerfList = array('full' => 'FULL', 'fast' => 'FAST', 'disable' => 'DISABLE');
+ snortDropDownList($snortalertlogtypePerfList, $a_list['snortalertlogtype']);
+ ?>
+
+ </select>
+ <br>
+ <span class="vexpl">Snort will log Alerts to a file in the UNIFIED format. Full is a requirement for the snort wigdet.</span>
+ </td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell2">Send alerts to mainSystem logs</td>
<td width="78%" class="vtable">
<input name="alertsystemlog" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['alertsystemlog'] == 'on' ? 'checked' : '';?> >
diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php
index 64f81643..1986a727 100644
--- a/config/snort-dev/snort_interfaces_global.php
+++ b/config/snort-dev/snort_interfaces_global.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_interfaces_rules.php b/config/snort-dev/snort_interfaces_rules.php
index 8f1631a2..51b8cbb4 100644
--- a/config/snort-dev/snort_interfaces_rules.php
+++ b/config/snort-dev/snort_interfaces_rules.php
@@ -1,15 +1,18 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
- Modified for the Snaort Package By
- Copyright (C) 2008-2011 Robert Zelaya.
- All rights reserved.
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -21,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -31,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_interfaces_rules_edit.php b/config/snort-dev/snort_interfaces_rules_edit.php
index 7db725af..33b2f7e0 100644
--- a/config/snort-dev/snort_interfaces_rules_edit.php
+++ b/config/snort-dev/snort_interfaces_rules_edit.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_interfaces_suppress.php b/config/snort-dev/snort_interfaces_suppress.php
index 83e87838..4df94ec9 100644
--- a/config/snort-dev/snort_interfaces_suppress.php
+++ b/config/snort-dev/snort_interfaces_suppress.php
@@ -1,15 +1,18 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
- Modified for the Snaort Package By
- Copyright (C) 2008-2011 Robert Zelaya.
- All rights reserved.
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -21,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -31,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_interfaces_suppress_edit.php b/config/snort-dev/snort_interfaces_suppress_edit.php
index 28bb7868..7f6f178d 100644
--- a/config/snort-dev/snort_interfaces_suppress_edit.php
+++ b/config/snort-dev/snort_interfaces_suppress_edit.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_interfaces_whitelist.php b/config/snort-dev/snort_interfaces_whitelist.php
index 0ceed8c0..d13b380a 100644
--- a/config/snort-dev/snort_interfaces_whitelist.php
+++ b/config/snort-dev/snort_interfaces_whitelist.php
@@ -1,15 +1,18 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
- Modified for the Snaort Package By
- Copyright (C) 2008-2011 Robert Zelaya.
- All rights reserved.
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -21,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -31,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php
index 689fb719..44b1d0f2 100644
--- a/config/snort-dev/snort_interfaces_whitelist_edit.php
+++ b/config/snort-dev/snort_interfaces_whitelist_edit.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once('guiconfig.inc');
require_once('/usr/local/pkg/snort/snort_new.inc');
diff --git a/config/snort-dev/snort_json_get.php b/config/snort-dev/snort_json_get.php
index ecab3a13..84cc8ed7 100644
--- a/config/snort-dev/snort_json_get.php
+++ b/config/snort-dev/snort_json_get.php
@@ -1,4 +1,45 @@
<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php
index 37950f91..7ec85d4d 100644
--- a/config/snort-dev/snort_json_post.php
+++ b/config/snort-dev/snort_json_post.php
@@ -1,5 +1,45 @@
<?php
+/* $Id$ */
+/*
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
@@ -14,42 +54,53 @@ function snortJsonReturnCode($returnStatus)
{
if ($returnStatus == true) {
echo '{"snortgeneralsettings":"success","snortUnhideTabs":"true"}';
+ return true;
}else{
echo '{"snortgeneralsettings":"fail"}';
- }
+ return false;
+ }
}
// row from db by uuid
if ($_POST['snortSidRuleEdit'] == 1) {
- unset($_POST['snortSidRuleEdit']);
+ function snortSidRuleEditFunc()
+ {
- snortSidStringRuleEditGUI();
+ unset($_POST['snortSidRuleEdit']);
+ snortSidStringRuleEditGUI();
+
+ }
+ snortSidRuleEditFunc();
}
// row from db by uuid
if ($_POST['snortSaveRuleSets'] == 1) {
+
+ function snortSaveRuleSetsFunc()
+ {
- if ($_POST['ifaceTab'] == 'snort_rulesets') {
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveRuleSets']);
- unset($_POST['ifaceTab']);
+ if ($_POST['ifaceTab'] == 'snort_rulesets') {
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveRuleSets']);
+ unset($_POST['ifaceTab']);
+
+ snortJsonReturnCode(snortSql_updateRuleSetList());
+ }
- snortJsonReturnCode(snortSql_updateRuleSetList());
-
- }
-
-
- if ($_POST['ifaceTab'] == 'snort_rules') {
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveRuleSets']);
- unset($_POST['ifaceTab']);
- snortJsonReturnCode(snortSql_updateRuleSigList());
- }
+ if ($_POST['ifaceTab'] == 'snort_rules') {
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveRuleSets']);
+ unset($_POST['ifaceTab']);
+
+ snortJsonReturnCode(snortSql_updateRuleSigList());
+ }
+ }
+ snortSaveRuleSetsFunc();
} // END of rulesSets
@@ -57,29 +108,35 @@ if ($_POST['snortSaveRuleSets'] == 1) {
if ($_POST['RMlistDelRow'] == 1) {
- $rm_row_list = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']);
-
- // list rules in the default dir
- if ($_POST['RMlistTable'] == 'SnortIfaces') {
-
- $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid'] . '_' . $rm_row_list['interface'];
-
- exec('/bin/rm -r ' . $snortRuleDir);
- }
+ function RMlistDelRowFunc()
+ {
- // rm ruledb and files
- if ($_POST['RMlistTable'] == 'Snortrules') {
-
- $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}";
+ $rm_row_list = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']);
+
+ // list rules in the default dir
+ if ($_POST['RMlistTable'] == 'SnortIfaces') {
+
+ $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid'];
+
+ exec('/bin/rm -r ' . $snortRuleDir);
+ }
- exec('/bin/rm -r ' . $snortRuleDir);
- }
+ // rm ruledb and files
+ if ($_POST['RMlistTable'] == 'Snortrules') {
+
+ $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}";
+
+ exec('/bin/rm -r ' . $snortRuleDir);
+ }
+
+ if ($_POST['RMlistTable'] == 'SnortWhitelist') {
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortWhitelistips', 'filename', $rm_row_list['filename']);
+ }
- if ($_POST['RMlistTable'] == 'SnortWhitelist') {
- snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortWhitelistips', 'filename', $rm_row_list['filename']);
- }
+ snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']));
- snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']));
+ }
+ RMlistDelRowFunc();
}
@@ -87,255 +144,277 @@ if ($_POST['RMlistDelRow'] == 1) {
// general settings save
if ($_POST['snortSaveSettings'] == 1) {
+ function snortSaveSettingsFunc()
+ {
- // Save ruleDB settings
- if ($_POST['dbTable'] == 'Snortrules') {
-
- unset($_POST['snortSaveSettings']);
- unset($_POST['ifaceTab']);
-
- if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) {
-
- // creat iface dir and ifcae rules dir
- exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
-
-
- // NOTE: code only works on php5
- $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules');
- $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules');
- $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules');
-
- if (!empty($listSnortRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
- }
- if (!empty($listEmergingRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
- }
- if (!empty($listPfsenseRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
- }
-
-
- } //end of mkdir
-
- snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
-
- }
-
- // Save general settings
- if ($_POST['dbTable'] == 'SnortSettings') {
-
- if ($_POST['ifaceTab'] == 'snort_interfaces_global') {
- // checkboxes when set to off never get included in POST thus this code
- $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']);
- }
-
- if ($_POST['ifaceTab'] == 'snort_alerts') {
-
- if (!isset($_POST['arefresh']))
- $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']);
-
- }
-
- if ($_POST['ifaceTab'] == 'snort_blocked') {
-
- if (!isset($_POST['brefresh']))
- $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']);
-
- }
-
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveSettings']);
- unset($_POST['ifaceTab']);
-
-
- snortJsonReturnCode(snortSql_updateSettings('id', '1'));
-
- } // end of dbTable SnortSettings
-
- // Save rule settings on the interface edit tab
- if ($_POST['dbTable'] == 'SnortIfaces') {
-
- // snort interface edit
- if ($_POST['ifaceTab'] == 'snort_interfaces_edit') {
-
- if (!isset($_POST['enable']))
- $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']);
-
- if (!isset($_POST['blockoffenders7']))
- $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']);
-
- if (!isset($_POST['alertsystemlog']))
- $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']);
-
- if (!isset($_POST['tcpdumplog']))
- $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']);
-
- if (!isset($_POST['snortunifiedlog']))
- $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']);
-
- // convert textbox to base64
- $_POST['configpassthru'] = base64_encode($_POST['configpassthru']);
+ // Save ruleDB settings
+ if ($_POST['dbTable'] == 'Snortrules') {
- /*
- * make dir for the new iface
- * may need to move this as a func to new_snort,inc
- */
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
- $newSnortDir = 'sn_' . $_POST['uuid'] . '_' . $_POST['interface'];
-
- if (!is_dir("/usr/local/etc/snort/{$newSnortDir}")) {
+ if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) {
// creat iface dir and ifcae rules dir
- exec("/bin/mkdir -p /usr/local/etc/snort/{$newSnortDir}");
+ exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+
- /*
// NOTE: code only works on php5
- $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snort_rules/rules', '\.rules');
- $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/emerging_rules/rules', '\.rules');
- $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/pfsense_rules/rules', '\.rules');
+ $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules');
+ $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules');
+ $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules');
if (!empty($listSnortRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snort_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules");
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
}
if (!empty($listEmergingRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/emerging_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules");
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
}
if (!empty($listPfsenseRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/pfsense_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules");
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
}
- */
-
+
- } //end of mkdir
-
- } // end of snort_interfaces_edit
-
- // snort preprocessor edit
- if ($_POST['ifaceTab'] == 'snort_preprocessors') {
-
- if (!isset($_POST['dce_rpc_2']))
- $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']);
-
- if (!isset($_POST['dns_preprocessor']))
- $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']);
-
- if (!isset($_POST['ftp_preprocessor']))
- $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']);
-
- if (!isset($_POST['http_inspect']))
- $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']);
-
- if (!isset($_POST['other_preprocs']))
- $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']);
-
- if (!isset($_POST['perform_stat']))
- $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']);
-
- if (!isset($_POST['sf_portscan']))
- $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']);
-
- if (!isset($_POST['smtp_preprocessor']))
- $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']);
+ } //end of mkdir
+
+ snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
}
-
- // snort barnyard edit
- if ($_POST['ifaceTab'] == 'snort_barnyard') {
- // make shure iface is lower case
- $_POST['interface'] = strtolower($_POST['interface']);
+
+ // Save general settings
+ if ($_POST['dbTable'] == 'SnortSettings') {
+
+ if ($_POST['ifaceTab'] == 'snort_interfaces_global') {
+ // checkboxes when set to off never get included in POST thus this code
+ $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']);
+ }
+
+ if ($_POST['ifaceTab'] == 'snort_alerts') {
+
+ if (!isset($_POST['arefresh']))
+ $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']);
+
+ }
+
+ if ($_POST['ifaceTab'] == 'snort_blocked') {
+
+ if (!isset($_POST['brefresh']))
+ $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']);
+
+ }
- if (!isset($_POST['barnyard_enable']))
- $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']);
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
+
- }
+ snortJsonReturnCode(snortSql_updateSettings('id', '1'));
+
+ } // end of dbTable SnortSettings
+
+ // Save rule settings on the interface edit tab
+ if ($_POST['dbTable'] == 'SnortIfaces') {
+
+ // snort interface edit
+ if ($_POST['ifaceTab'] == 'snort_interfaces_edit') {
+
+ if (!isset($_POST['enable']))
+ $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']);
+
+ if (!isset($_POST['blockoffenders7']))
+ $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']);
+
+ if (!isset($_POST['alertsystemlog']))
+ $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']);
+ if (!isset($_POST['tcpdumplog']))
+ $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']);
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveSettings']);
- unset($_POST['ifaceTab']);
+ if (!isset($_POST['snortunifiedlog']))
+ $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']);
+
+ // convert textbox to base64
+ $_POST['configpassthru'] = base64_encode($_POST['configpassthru']);
+
+ /*
+ * make dir for the new iface, if iface exists or rule dir has changed redo soft link
+ * may need to move this as a func to new_snort.inc
+ */
+
+ $newSnortDir = 'sn_' . $_POST['uuid'];
+ $pathToSnortDir = '/usr/local/etc/snort';
+
+ // creat iface dir and ifcae rules dir
+ if (!is_dir("{$pathToSnortDir}/{$newSnortDir}")) {
+ createNewIfaceDir($pathToSnortDir, $newSnortDir);
+ } //end of mkdir
+
+ // change the rule path
+ if (is_dir("{$pathToSnortDir}/{$newSnortDir}")) {
+
+ $snortCurrentRuleDbName = snortSql_fetchAllSettings('snortDB', 'snortIfaces', 'uuid', $_POST['uuid']);
+
+ if ($_POST['ruledbname'] !== $snortCurrentRuleDbName['ruledbname'] || !file_exists("{$pathToSnortDir}/{$newSnortDir}/rules")) {
+
+ // NOTE: use full paths or link rm will not work, Freebsd love
+ exec("/bin/rm {$pathToSnortDir}/{$newSnortDir}/rules");
+ exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/{$newSnortDir}/rules");
+
+ }
+
+ }
+
+ } // end of snort_interfaces_edit
+
+ // snort preprocessor edit
+ if ($_POST['ifaceTab'] == 'snort_preprocessors') {
+
+ if (!isset($_POST['dce_rpc_2']))
+ $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']);
+
+ if (!isset($_POST['dns_preprocessor']))
+ $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']);
+
+ if (!isset($_POST['ftp_preprocessor']))
+ $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']);
+
+ if (!isset($_POST['http_inspect']))
+ $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']);
+
+ if (!isset($_POST['other_preprocs']))
+ $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']);
+
+ if (!isset($_POST['perform_stat']))
+ $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']);
+
+ if (!isset($_POST['sf_portscan']))
+ $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']);
+
+ if (!isset($_POST['smtp_preprocessor']))
+ $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']);
+
+ }
+
+ // snort barnyard edit
+ if ($_POST['ifaceTab'] == 'snort_barnyard') {
+ // make shure iface is lower case
+ $_POST['interface'] = strtolower($_POST['interface']);
+
+ if (!isset($_POST['barnyard_enable']))
+ $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']);
+
+ }
+
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
+
+ snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
- snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
-
- } // end of dbTable Snortrules
+ } // end of dbTable SnortIfaces
+
+ }
+ snortSaveSettingsFunc();
} // STOP General Settings Save
// Suppress settings save
if ($_POST['snortSaveSuppresslist'] == 1) {
+
+ function snortSaveSuppresslistFunc()
+ {
- // post for supress_edit
- if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') {
-
- // make sure filename is valid
- if (!is_validFileName($_POST['filename'])) {
- echo 'Error: FileName';
- return false;
+ // post for supress_edit
+ if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') {
+
+ // make sure filename is valid
+ if (!is_validFileName($_POST['filename'])) {
+ echo 'Error: FileName';
+ return false;
+ }
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSuppresslist']);
+ unset($_POST['ifaceTab']);
+
+ // convert textbox to base64
+ $_POST['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
+
+ // Write to database
+ snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
+
}
-
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveSuppresslist']);
- unset($_POST['ifaceTab']);
-
- // convert textbox to base64
- $_POST['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
-
- // Write to database
- snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
-
- }
+
+ }
+ snortSaveSuppresslistFunc();
}
// Whitelist settings save
if ($_POST['snortSaveWhitelist'] == 1) {
+
+ function snortSaveWhitelistFunc()
+ {
- if ($_POST['ifaceTab'] == 'snort_interfaces_whitelist_edit') {
-
- if (!is_validFileName($_POST['filename'])) {
- echo 'Error: FileName';
- return false;
+ if ($_POST['ifaceTab'] == 'snort_interfaces_whitelist_edit') {
+
+ if (!is_validFileName($_POST['filename'])) {
+ echo 'Error: FileName';
+ return false;
+ }
+
+ $_POST['wanips'] = ($_POST['wanips'] == '' ? off : $_POST['wanips']);
+ $_POST['wangateips'] = ($_POST['wangateips'] == '' ? off : $_POST['wangateips']);
+ $_POST['wandnsips'] = ($_POST['wandnsips'] == '' ? off : $_POST['wandnsips']);
+ $_POST['vips'] = ($_POST['vips'] == '' ? off : $_POST['vips']);
+ $_POST['vpnips'] = ($_POST['vpnips'] == '' ? off : $_POST['vpnips']);
+
+ }
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveWhitelist']);
+ unset($_POST['ifaceTab']);
+
+ // Split the POST for 2 arraus
+ $whitelistIPs = $_POST['list'];
+ unset($_POST['list']);
+
+
+ if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) {
+ snortJsonReturnCode(true);
+ }else{
+ snortJsonReturnCode(false);
}
-
- $_POST['wanips'] = ($_POST['wanips'] == '' ? off : $_POST['wanips']);
- $_POST['wangateips'] = ($_POST['wangateips'] == '' ? off : $_POST['wangateips']);
- $_POST['wandnsips'] = ($_POST['wandnsips'] == '' ? off : $_POST['wandnsips']);
- $_POST['vips'] = ($_POST['vips'] == '' ? off : $_POST['vips']);
- $_POST['vpnips'] = ($_POST['vpnips'] == '' ? off : $_POST['vpnips']);
-
- }
-
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveWhitelist']);
- unset($_POST['ifaceTab']);
-
- // Split the POST for 2 arraus
- $whitelistIPs = $_POST['list'];
- unset($_POST['list']);
-
- if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) {
- snortJsonReturnCode(true);
- }else{
- snortJsonReturnCode(false);
- }
-
+ }
+ snortSaveWhitelistFunc();
}
// download code for alerts page
if ($_POST['snortlogsdownload'] == 1) {
- conf_mount_rw();
- snort_downloadAllLogs();
- conf_mount_ro();
+
+ function snortlogsdownloadFunc()
+ {
+ conf_mount_rw();
+ snort_downloadAllLogs();
+ conf_mount_ro();
+ }
+ snortlogsdownloadFunc();
}
// download code for alerts page
if ($_POST['snortblockedlogsdownload'] == 1) {
- conf_mount_rw();
- snort_downloadBlockedIPs();
- conf_mount_ro();
+
+ function snortblockedlogsdownloadFunc()
+ {
+ conf_mount_rw();
+ snort_downloadBlockedIPs();
+ conf_mount_ro();
+ }
+ snortblockedlogsdownloadFunc();
}
@@ -343,25 +422,37 @@ if ($_POST['snortblockedlogsdownload'] == 1) {
// code neeed to be worked on when finnished rules code
if ($_POST['snortlogsdelete'] == 1) {
- conf_mount_rw();
- snortDeleteLogs();
- conf_mount_ro();
+ function snortlogsdeleteFunc()
+ {
+ conf_mount_rw();
+ snortDeleteLogs();
+ conf_mount_ro();
+ }
+ snortlogsdeleteFunc();
}
// flushes snort2c table
if ($_POST['snortflushpftable'] == 1) {
- conf_mount_rw();
- snortRemoveBlockedIPs();
- conf_mount_ro();
+ function snortflushpftableFunc()
+ {
+ conf_mount_rw();
+ snortRemoveBlockedIPs();
+ conf_mount_ro();
+ }
+ snortflushpftableFunc();
}
// reset db reset_snortgeneralsettings
if ($_POST['reset_snortgeneralsettings'] == 1) {
- conf_mount_rw();
- reset_snortgeneralsettings();
- conf_mount_ro();
+ function reset_snortgeneralsettingsFunc()
+ {
+ conf_mount_rw();
+ reset_snortgeneralsettings();
+ conf_mount_ro();
+ }
+ reset_snortgeneralsettingsFunc();
}
diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc
index 1f387370..b2e48a2a 100644
--- a/config/snort-dev/snort_new.inc
+++ b/config/snort-dev/snort_new.inc
@@ -1,10 +1,56 @@
<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
// unset crsf checks
if(isset($_POST['__csrf_magic'])) {
unset($_POST['__csrf_magic']);
}
+//require_once("pfsense-utils.inc");
+require_once("config.inc");
+require_once("functions.inc");
+
// Wites selected sig to file
function snortSidStringRuleEditGUI()
{
@@ -39,6 +85,32 @@ function sendSidStringRuleEditGUI()
return true;
}
+// create new Ifac dirs and soft links
+function createNewIfaceDir($pathToSnortDir, $newSnortDir) {
+
+ exec("/bin/mkdir -p {$pathToSnortDir}/{$newSnortDir}");
+
+ // create rules dir soft link if setting is default
+ if ($_POST['ruledbname'] === 'default' || $_POST['ruledbname'] === '') {
+ if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) {
+ exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/default/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules");
+ }
+ }
+
+ // create rules dir soft link if setting is not default
+ if ($_POST['ruledbname'] !== 'default' || $_POST['ruledbname'] != '') {
+ if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists("{$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules")) {
+ exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules");
+ }
+ }
+
+ // cp new rules
+ exec("/bin/cp {$pathToSnortDir}/etc/*.config {$pathToSnortDir}/sn_{$_POST['uuid']}");
+ exec("/bin/cp {$pathToSnortDir}/etc/*.conf {$pathToSnortDir}/sn_{$_POST['uuid']}");
+ exec("/bin/cp {$pathToSnortDir}/etc/*.map {$pathToSnortDir}/sn_{$_POST['uuid']}");
+ exec("/bin/cp {$pathToSnortDir}/etc/generators {$pathToSnortDir}/sn_{$_POST['uuid']}");
+ exec("/bin/cp {$pathToSnortDir}/etc/sid {$pathToSnortDir}/sn_{$_POST['uuid']}");
+} // end of func
function escapeJsonString($escapeString)
{
@@ -422,7 +494,7 @@ function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid)
$chktable = sqlite_fetch_array($result, SQLITE_ASSOC);
}
- if ($type == 'All' || $type == 'ifaceuuid' || $type == 'ruledbname' || $type == 'rdbuuid') {
+ if ($type == 'All' || $type == 'ifaceuuid' || $type == 'ruledbname' || $type == 'rdbuuid' || $type == 'filename') {
$chktable = sqlite_fetch_all($result, SQLITE_ASSOC);
}
@@ -912,14 +984,13 @@ function post_delete_logs()
$id += 1;
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- if ($if_real != '' && $snort_uuid != '')
+ if ($snort_uuid != '')
{
if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on')
{
- $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2.";
+ $snort_log_file_u2 = "{$snort_uuid}.u2.";
$snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2);
if (is_array($snort_list_u2)) {
usort($snort_list_u2, "snort_file_sort");
@@ -927,12 +998,12 @@ function post_delete_logs()
snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]);
}
}else{
- exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*");
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.u2*");
}
if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on')
{
- $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump.";
+ $snort_log_file_tcpd = "{$snort_uuid}.tcpdump.";
$snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd);
if (is_array($snort_list_tcpd)) {
usort($snort_list_tcpd, "snort_file_sort");
@@ -940,7 +1011,7 @@ function post_delete_logs()
snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]);
}
}else{
- exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*");
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.tcpdump*");
}
/* create barnyard2 configuration file */
@@ -949,7 +1020,7 @@ function post_delete_logs()
if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on)
{
- exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats");
+ exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}.stats");
}
}
}
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php
index e0c334ba..dc788045 100644
--- a/config/snort-dev/snort_preprocessors.php
+++ b/config/snort-dev/snort_preprocessors.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php
index 1edc31e2..55cf47ac 100644
--- a/config/snort-dev/snort_rules.php
+++ b/config/snort-dev/snort_rules.php
@@ -1,14 +1,18 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
Pfsense snort GUI
- Copyright (C) 2008-2011 Robert Zelaya.
+ Copyright (C) 2008-2012 Robert Zelaya.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -20,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -30,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php
index 051a8398..dac80023 100644
--- a/config/snort-dev/snort_rulesets.php
+++ b/config/snort-dev/snort_rulesets.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,7 +38,8 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");