aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_frag3_engine.php
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2013-11-18 18:59:41 -0500
committerbmeeks8 <bmeeks8@bellsouth.net>2013-11-18 18:59:41 -0500
commit595c831d2768547d49e6daf147889c6aee15f9a4 (patch)
treeb42612841f0195d09538f78f5eab1aac43f9e4b6 /config/snort/snort_frag3_engine.php
parent1a533cc04b825769bf2c8a83f574894132fe9ba4 (diff)
downloadpfsense-packages-595c831d2768547d49e6daf147889c6aee15f9a4.tar.gz
pfsense-packages-595c831d2768547d49e6daf147889c6aee15f9a4.tar.bz2
pfsense-packages-595c831d2768547d49e6daf147889c6aee15f9a4.zip
Snort 2.9.5.5 pkg v3.0.0 update
Diffstat (limited to 'config/snort/snort_frag3_engine.php')
-rw-r--r--config/snort/snort_frag3_engine.php402
1 files changed, 402 insertions, 0 deletions
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php
new file mode 100644
index 00000000..f344771b
--- /dev/null
+++ b/config/snort/snort_frag3_engine.php
@@ -0,0 +1,402 @@
+<?php
+/*
+ * snort_frag3_engine.php
+ * Copyright (C) 2004 Scott Ullrich
+ * Copyright (C) 2011-2012 Ermal Luci
+ * All rights reserved.
+ *
+ * originially part of m0n0wall (http://m0n0.ch/wall)
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * All rights reserved.
+ *
+ * modified for the pfsense snort package
+ * Copyright (C) 2009-2010 Robert Zelaya.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+$snortdir = SNORTDIR;
+
+// Grab the incoming QUERY STRING or POST variables
+$id = $_GET['id'];
+$eng_id = $_GET['eng_id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (isset($_POST['eng_id']))
+ $eng_id = $_POST['eng_id'];
+
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['frag3_engine']['item']))
+ $config['installedpackages']['snortglobal']['rule'][$id]['frag3_engine']['item'] = array();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'][$id]['frag3_engine']['item'];
+
+$pconfig = array();
+if (empty($a_nat[$eng_id])) {
+ $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "policy" => "bsd",
+ "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on",
+ "overlap_limit" => 0, "min_frag_len" => 0 );
+ // See if this is initial entry and set to "default" if true
+ if ($eng_id < 1) {
+ $def['name'] = "default";
+ $def['bind_to'] = "all";
+ }
+ $pconfig = $def;
+}
+else {
+ $pconfig = $a_nat[$eng_id];
+
+ // Check for any empty values and set sensible defaults
+ if (empty($pconfig['policy']))
+ $pconfig['policy'] = "bsd";
+ if (empty($pconfig['timeout']))
+ $pconfig['timeout'] = 60;
+ if (empty($pconfig['min_ttl']))
+ $pconfig['min_ttl'] = 1;
+ if (empty($pconfig['detect_anomalies']))
+ $pconfig['detect_anomalies'] = "on";
+ if (empty($pconfig['overlap_limit']))
+ $pconfig['overlap_limit'] = 0;
+ if (empty($pconfig['min_frag_len']))
+ $pconfig['min_frag_len'] = 0;
+}
+
+if ($_POST['Cancel']) {
+ header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row");
+ exit;
+}
+
+// Check for returned "selected alias" if action is import
+if ($_GET['act'] == "import") {
+ if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
+ $pconfig[$_GET['varname']] = $_GET['varvalue'];
+}
+
+if ($_POST['Submit']) {
+
+ /* Grab all the POST values and save in new temp array */
+ $engine = array();
+ if ($_POST['frag3_name']) { $engine['name'] = trim($_POST['frag3_name']); } else { $engine['name'] = "default"; }
+ if ($_POST['frag3_bind_to']) {
+ if (is_alias($_POST['frag3_bind_to']))
+ $engine['bind_to'] = $_POST['frag3_bind_to'];
+ elseif (strtolower(trim($_POST['frag3_bind_to'])) == "all")
+ $engine['bind_to'] = "all";
+ else
+ $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
+ }
+ else {
+ $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
+ }
+
+ /* Validate the text input fields before saving */
+ if (!empty($_POST['frag3_timeout']) || $_POST['frag3_timeout'] == 0) {
+ $engine['timeout'] = $_POST['frag3_timeout'];
+ if (!is_numeric($_POST['frag3_timeout']) || $_POST['frag3_timeout'] < 1)
+ $input_errors[] = gettext("The value for Timeout must be numeric and greater than zero.");
+ }
+ else
+ $engine['timeout'] = 60;
+
+ if (!empty($_POST['frag3_min_ttl']) || $_POST['frag3_min_ttl'] == 0) {
+ $engine['min_ttl'] = $_POST['frag3_min_ttl'];
+ if ($_POST['frag3_min_ttl'] < 1 || $_POST['frag3_min_ttl'] > 255)
+ $input_errors[] = gettext("The value for Minimum_Time-To-Live must be between 1 and 255.");
+ }
+ else
+ $engine['min_ttl'] = 1;
+
+ if (!empty($_POST['frag3_overlap_limit']) || $_POST['frag3_overlap_limit'] == 0) {
+ $engine['overlap_limit'] = $_POST['frag3_overlap_limit'];
+ if (!is_numeric($_POST['frag3_overlap_limit']) || $_POST['frag3_overlap_limit'] < 0)
+ $input_errors[] = gettext("The value for Overlap_Limit must be a number greater than or equal to zero.");
+ }
+ else
+ $engine['overlap_limit'] = 0;
+
+ if (!empty($_POST['frag3_min_frag_len']) || $_POST['frag3_min_frag_len'] == 0) {
+ $engine['min_frag_len'] = $_POST['frag3_min_frag_len'];
+ if (!is_numeric($_POST['frag3_min_frag_len']) || $_POST['frag3_min_frag_len'] < 0)
+ $input_errors[] = gettext("The value for Min_Fragment_Length must be a number greater than or equal to zero.");
+ }
+ else
+ $engine['min_frag_len'] = 0;
+
+ if ($_POST['frag3_policy']) { $engine['policy'] = $_POST['frag3_policy']; } else { $engine['policy'] = "bsd"; }
+ $engine['detect_anomalies'] = $_POST['frag3_detect_anomalies'] ? 'on' : 'off';
+
+ /* Can only have one "all" Bind_To address */
+ if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
+ $input_errors[] = gettext("Only one default Frag3 Engine can be bound to all addresses.");
+ $pconfig = $engine;
+ }
+
+ /* if no errors, write new entry to conf */
+ if (!$input_errors) {
+ if (isset($eng_id) && $a_nat[$eng_id]) {
+ $a_nat[$eng_id] = $engine;
+ }
+ else
+ $a_nat[] = $engine;
+
+ /* Reorder the engine array to ensure the */
+ /* 'bind_to=all' entry is at the bottom */
+ /* if it contains more than one entry. */
+ if (count($a_nat) > 1) {
+ $i = -1;
+ foreach ($a_nat as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ /* Only relocate the entry if we */
+ /* found it, and it's not already */
+ /* at the end. */
+ if ($i > -1 && ($i < (count($a_nat) - 1))) {
+ $tmp = $a_nat[$i];
+ unset($a_nat[$i]);
+ $a_nat[] = $tmp;
+ }
+ }
+
+ /* Now write the new engine array to conf */
+ write_config();
+
+ header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row");
+ exit;
+ }
+}
+
+$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$pgtitle = gettext("Snort: Interface {$if_friendly} Frag3 Preprocessor Engine");
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
+
+<?php
+include("fbegin.inc");
+if ($input_errors) print_input_errors($input_errors);
+if ($savemsg)
+ print_info_box($savemsg);
+?>
+
+<form action="snort_frag3_engine.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id?>">
+<input name="eng_id" type="hidden" value="<?=$eng_id?>">
+<div id="boxarea">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+<td class="tabcont">
+<table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="middle" class="listtopic"><?php echo gettext("Snort Target-Based IP Defragmentation Engine Configuration"); ?></td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td>
+ <td class="vtable">
+ <input name="frag3_name" type="text" class="formfld unknown" id="frag3_name" size="25" maxlength="25"
+ value="<?=htmlspecialchars($pconfig['name']);?>"<?php if (htmlspecialchars($pconfig['name']) == "default") echo "readonly";?>>&nbsp;
+ <?php if (htmlspecialchars($pconfig['name']) <> "default")
+ echo gettext("Name or description for this engine. (Max 25 characters)");
+ else
+ echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/>
+ <?php echo gettext("Unique name or description for this engine configuration. Default value is ") .
+ "<strong>" . gettext("default") . "</strong>"; ?>.<br/>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td>
+ <td class="vtable">
+ <?php if ($pconfig['name'] <> "default") : ?>
+ <table width="95%" border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td class="vexpl"><input name="frag3_bind_to" type="text" class="formfldalias" id="frag3_bind_to" size="32"
+ value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
+ <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
+ <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes'"
+ title="<?php echo gettext("Select an existing IP alias");?>"/></td>
+ </tr>
+ <tr>
+ <td class="vexpl" colspan="2"><?php echo gettext("This engine will only run for packets with destination addresses contained within this IP List.");?></td>
+ </tr>
+ </table>
+ <span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?>
+ &nbsp;&nbsp;&nbsp;&nbsp;
+ <?php else : ?>
+ <input name="frag3_bind_to" type="text" class="formfldalias" id="frag3_bind_to" size="32"
+ value="<?=htmlspecialchars($pconfig['bind_to']);?>" autocomplete="off" readonly>&nbsp;
+ <?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/>
+ <?php echo gettext("The default engine is required and only runs for packets with destination addresses not matching other engine IP Lists.");?><br/>
+ <?php endif ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Target Policy"); ?> </td>
+ <td width="78%" class="vtable">
+ <select name="frag3_policy" class="formselect" id="policy">
+ <?php
+ $profile = array( 'BSD', 'BSD-Right', 'First', 'Last', 'Linux', 'Solaris', 'Windows' );
+ foreach ($profile as $val): ?>
+ <option value="<?=strtolower($val);?>"
+ <?php if (strtolower($val) == $pconfig['policy']) echo "selected"; ?>>
+ <?=gettext($val);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;&nbsp;<?php echo gettext("Choose the IP fragmentation target policy appropriate for the protected hosts. The default is ") .
+ "<strong>" . gettext("BSD") . "</strong>"; ?>.<br/><br/>
+ <?php echo gettext("Available OS targets are BSD, BSD-Right, First, Last, Linux, Solaris and Windows."); ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Timeout"); ?></td>
+ <td class="vtable">
+ <input name="frag3_timeout" type="text" class="formfld unknown" id="frag3_timeout" size="6"
+ value="<?=htmlspecialchars($pconfig['timeout']);?>">
+ <?php echo gettext("Timeout period in seconds for fragments in the engine."); ?><br/><br/>
+ <?php echo gettext("Fragments in the engine for longer than this period will be automatically dropped. Default value is ") .
+ "<strong>" . gettext("60 ") . "</strong>" . gettext("seconds."); ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Minimum Time-to-Live"); ?></td>
+ <td class="vtable">
+ <input name="frag3_min_ttl" type="text" class="formfld unknown" id="frag3_min_ttl" size="6"
+ value="<?=htmlspecialchars($pconfig['min_ttl']);?>">
+ <?php echo gettext("Minimum acceptable TTL for a fragment in the engine."); ?><br/><br/>
+ <?php echo gettext("The accepted range for this option is 1 - 255. Default value is ") .
+ "<strong>" . gettext("1") . "</strong>"; ?>.<br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Detect Anomalies"); ?></td>
+ <td width="78%" class="vtable"><input name="frag3_detect_anomalies" id="frag3_detect_anomalies" type="checkbox" value="on"
+ <?php if ($pconfig['detect_anomalies']=="on") echo "checked "; ?> onclick="frag3_enable_change();">
+ <?php echo gettext("Use Frag3 Engine to detect fragment anomalies. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.<br/><br/>
+ <span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" .
+ gettext("In order to customize the Overlap Limit and Minimum Fragment Length parameters for this engine, Anomaly Detection must be enabled."); ?>
+ </td>
+ </tr>
+ <tr id="frag3_overlaplimit_row">
+ <td valign="top" class="vncell"><?php echo gettext("Overlap Limit"); ?></td>
+ <td class="vtable">
+ <input name="frag3_overlap_limit" type="text" class="formfld unknown" id="frag3_overlap_limit" size="6"
+ value="<?=htmlspecialchars($pconfig['overlap_limit']);?>">
+ <?php echo gettext("Minimum is ") . "<strong>0</strong>" . gettext(" (unlimited). Values greater than zero set the overlapped limit."); ?><br/><br/>
+ <?php echo gettext("Sets the limit for the number of overlapping fragments allowed per packet. Default value is ") .
+ "<strong>0</strong>" . gettext(" (unlimited)."); ?><br/>
+ </td>
+ </tr>
+ <tr id="frag3_minfraglen_row">
+ <td valign="top" class="vncell"><?php echo gettext("Minimum Fragment Length"); ?></td>
+ <td class="vtable">
+ <input name="frag3_min_frag_len" type="text" class="formfld unknown" id="frag3_min_frag_len" size="6"
+ value="<?=htmlspecialchars($pconfig['min_frag_len']);?>">
+ <?php echo gettext("Minimum is ") . "<strong>0</strong>" . gettext(" (check is disabled). Values greater than zero enable the check."); ?><br/><br/>
+ <?php echo gettext("Defines smallest fragment size (payload size) that should be considered valid. " .
+ "Fragments smaller than or equal to this limit are considered malicious. Default value is ") .
+ "<strong>0</strong>" . gettext(" (check is disabled)."); ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="bottom">&nbsp;</td>
+ <td width="78%" valign="bottom">
+ <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ gettext("Save Frag3 engine settings and return to Preprocessors tab"); ?>">
+ &nbsp;&nbsp;&nbsp;&nbsp;
+ <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
+ gettext("Cancel changes and return to Preprocessors tab"); ?>"></td>
+ </tr>
+</table>
+</td>
+</tr>
+</table>
+</div>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+<script type="text/javascript" src="/javascript/autosuggest.js">
+</script>
+<script type="text/javascript" src="/javascript/suggestions.js">
+</script>
+<script type="text/javascript">
+
+function frag3_enable_change() {
+ var endis = !(document.iform.frag3_detect_anomalies.checked);
+
+ // Hide the "frag3_overlap_limit and frag3_min_frag_len" rows if frag3_detect_anomablies disabled
+ if (endis) {
+ document.getElementById("frag3_overlaplimit_row").style.display="none";
+ document.getElementById("frag3_minfraglen_row").style.display="none";
+ }
+ else {
+ document.getElementById("frag3_overlaplimit_row").style.display="table-row";
+ document.getElementById("frag3_minfraglen_row").style.display="table-row";
+ }
+}
+
+// Set initial state of form controls
+frag3_enable_change();
+
+<?php
+ $isfirst = 0;
+ $aliases = "";
+ $addrisfirst = 0;
+ $aliasesaddr = "";
+ if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
+ foreach($config['aliases']['alias'] as $alias_name) {
+ if ($alias_name['type'] != "host" && $alias_name['type'] != "network")
+ continue;
+ // Skip any Aliases that resolve to an empty string
+ if (trim(filter_expand_alias($alias_name['name'])) == "")
+ continue;
+ if($addrisfirst == 1) $aliasesaddr .= ",";
+ $aliasesaddr .= "'" . $alias_name['name'] . "'";
+ $addrisfirst = 1;
+ }
+?>
+ var addressarray=new Array(<?php echo $aliasesaddr; ?>);
+
+function createAutoSuggest() {
+<?php
+ echo "objAlias = new AutoSuggestControl(document.getElementById('frag3_bind_to'), new StateSuggestions(addressarray));\n";
+?>
+}
+
+setTimeout("createAutoSuggest();", 500);
+
+</script>
+
+</html>