aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-08-26 17:51:00 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-08-26 17:51:00 -0300
commit4d68442d89b78154f5f9cb46271e7e5527685a2c (patch)
treeb7bc0957cb7e1b395d54ffbd989d63d37a519d12 /config/snort
parent85d7ac7548b43625f0206ddaa63ae09b9db388ba (diff)
parent409def867de5eabfb4295dd74c297daafa4e3641 (diff)
downloadpfsense-packages-4d68442d89b78154f5f9cb46271e7e5527685a2c.tar.gz
pfsense-packages-4d68442d89b78154f5f9cb46271e7e5527685a2c.tar.bz2
pfsense-packages-4d68442d89b78154f5f9cb46271e7e5527685a2c.zip
Merge pull request #692 from bmeeks8/snort-2.9.6.2-v3.1.2
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc109
-rwxr-xr-xconfig/snort/snort.xml4
-rwxr-xr-xconfig/snort/snort_alerts.php83
-rw-r--r--config/snort/snort_blocked.php68
-rwxr-xr-xconfig/snort/snort_download_updates.php2
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php6
-rw-r--r--config/snort/snort_interfaces_global.php4
-rw-r--r--config/snort/snort_migrate_config.php2
-rw-r--r--config/snort/snort_passlist_edit.php134
-rw-r--r--config/snort/snort_post_install.php2
-rwxr-xr-xconfig/snort/snort_preprocessors.php37
-rwxr-xr-xconfig/snort/snort_rules.php60
-rw-r--r--config/snort/snort_rules_flowbits.php4
13 files changed, 367 insertions, 148 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 2a6d006a..e442755a 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -51,7 +51,7 @@ $snortver = array();
exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
/* Used to indicate latest version of this include file has been loaded */
-$pfSense_snort_version = "3.1.1";
+$pfSense_snort_version = "3.1.2";
/* get installed package version for display */
$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}";
@@ -333,9 +333,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
$home_net = explode(" ", trim(filter_expand_alias($list['address'])));
}
- /* Always add loopback to HOME_NET and whitelist (ftphelper) */
+ /* Always add loopback addresses to HOME_NET and whitelist */
if (!in_array("127.0.0.1", $home_net))
$home_net[] = "127.0.0.1";
+ if (!in_array("::1", $home_net))
+ $home_net[] = "::1";
/********************************************************************/
/* Always put the interface running Snort in HOME_NET and whitelist */
@@ -363,27 +365,37 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
}
}
- /* Handle IPv6 if available (2.1 and higher) */
- if (function_exists('get_interface_ipv6')) {
- $snortip = get_interface_ipv6($snortcfg['interface']);
- if (!$whitelist || $localnet == 'yes' || empty($localnet)) {
- if (is_ipaddrv6($snortip)) {
- if ($snortcfg['interface'] <> "wan") {
- $sn = get_interface_subnetv6($snortcfg['interface']);
- $ip = gen_subnetv6($snortip, $sn). "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
- }
+ $snortip = get_interface_ipv6($snortcfg['interface']);
+ if (!$whitelist || $localnet == 'yes' || empty($localnet)) {
+ if (is_ipaddrv6($snortip)) {
+ if ($snortcfg['interface'] <> "wan") {
+ $sn = get_interface_subnetv6($snortcfg['interface']);
+ $ip = gen_subnetv6($snortip, $sn). "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
}
}
- else {
- if (is_ipaddrv6($snortip)) {
- if (!in_array($snortip, $home_net))
- $home_net[] = $snortip;
- }
+ }
+ else {
+ if (is_ipaddrv6($snortip)) {
+ // Trim off the interface designation (e.g., %em1) if present
+ if (strpos($snortip, "%") !== FALSE)
+ $snortip = substr($snortip, 0, strpos($snortip, "%"));
+ if (!in_array($snortip, $home_net))
+ $home_net[] = $snortip;
}
}
+ // Add link-local address
+ $snortip = get_interface_linklocal($snortcfg['interface']);
+ if (!empty($snortip)) {
+ // Trim off the interface designation (e.g., %em1) if present
+ if (strpos($snortip, "%") !== FALSE)
+ $snortip = substr($snortip, 0, strpos($snortip, "%"));
+ if (!in_array($snortip, $home_net))
+ $home_net[] = $snortip;
+ }
+
if (!$whitelist || $localnet == 'yes' || empty($localnet)) {
/*************************************************************************/
/* Iterate through the interface list and write out whitelist items and */
@@ -402,16 +414,23 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
if (!in_array($ip, $home_net))
$home_net[] = $ip;
}
- if (function_exists("get_interface_ipv6")) {
- if ($int == "wan")
- continue;
- $subnet = get_interface_ipv6($int);
- if (is_ipaddrv6($subnet)) {
- $sn = get_interface_subnetv6($int);
- $ip = gen_subnetv6($subnet, $sn). "/{$sn}";
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
- }
+
+ $subnet = get_interface_ipv6($int);
+ if (is_ipaddrv6($subnet)) {
+ $sn = get_interface_subnetv6($int);
+ $ip = gen_subnetv6($subnet, $sn). "/{$sn}";
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
+
+ // Add link-local address
+ $snortip = get_interface_linklocal($int);
+ if (!empty($snortip)) {
+ // Trim off the interface designation (e.g., %em1) if present
+ if (strpos($snortip, "%") !== FALSE)
+ $snortip = substr($snortip, 0, strpos($snortip, "%"));
+ if (!in_array($snortip, $home_net))
+ $home_net[] = $snortip;
}
}
}
@@ -422,12 +441,23 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
if (!in_array($ip, $home_net))
$home_net[] = $ip;
}
- if (function_exists("get_interface_ipv6")) {
- $ip = get_interface_ipv6("wan");
- if (is_ipaddrv6($ip)) {
- if (!in_array($ip, $home_net))
- $home_net[] = $ip;
- }
+ $ip = get_interface_ipv6("wan");
+ if (is_ipaddrv6($ip)) {
+ // Trim off the interface designation (e.g., %em1) if present
+ if (strpos($ip, "%") !== FALSE)
+ $ip = substr($ip, 0, strpos($ip, "%"));
+ if (!in_array($ip, $home_net))
+ $home_net[] = $ip;
+ }
+
+ // Add link-local address
+ $snortip = get_interface_linklocal("wan");
+ if (!empty($snortip)) {
+ // Trim off the interface designation (e.g., %em1) if present
+ if (strpos($snortip, "%") !== FALSE)
+ $snortip = substr($snortip, 0, strpos($snortip, "%"));
+ if (!in_array($snortip, $home_net))
+ $home_net[] = $snortip;
}
}
@@ -441,11 +471,12 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
$gw = get_interface_gateway($snortcfg['interface']);
if (is_ipaddr($gw) && !in_array($gw, $home_net))
$home_net[] = $gw;
- if (function_exists("get_interface_gateway_v6")) {
- $gw = get_interface_gateway_v6($snortcfg['interface']);
- if (is_ipaddrv6($gw) && !in_array($gw, $home_net))
- $home_net[] = $gw;
- }
+ $gw = get_interface_gateway_v6($snortcfg['interface']);
+ // Trim off the interface designation (e.g., %em1) if present
+ if (strpos($gw, "%") !== FALSE)
+ $gw = substr($gw, 0, strpos($gw, "%"));
+ if (is_ipaddrv6($gw) && !in_array($gw, $home_net))
+ $home_net[] = $gw;
}
if ($wandns == 'yes') {
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 3feede80..663ce4eb 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.9.6.2</version>
- <title>Services:2.9.6.2 pkg v3.1.1</title>
+ <title>Services:2.9.6.2 pkg v3.1.2</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
@@ -279,7 +279,7 @@
</custom_add_php_command>
<custom_php_resync_config_command>
<![CDATA[
- if ($GLOBALS['pfSense_snort_version'] == "3.1.1")
+ if ($GLOBALS['pfSense_snort_version'] == "3.1.2")
sync_snort_package_config();
]]>
</custom_php_resync_config_command>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 1c9d8492..c04f4e31 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -7,6 +7,7 @@
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2012 Ermal Luci
+ * Copyright (C) 2014 Jim Pingle jim@pingle.org
* Copyright (C) 2013,2014 Bill Meeks
* All rights reserved.
*
@@ -164,6 +165,21 @@ if (empty($pconfig['arefresh']))
$pconfig['arefresh'] = 'off';
$anentries = $pconfig['alertnumber'];
+# --- AJAX REVERSE DNS RESOLVE Start ---
+if (isset($_POST['resolve'])) {
+ $ip = strtolower($_POST['resolve']);
+ $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : '');
+
+ if ($res && $res != $ip)
+ $response = array('resolve_ip' => $ip, 'resolve_text' => $res);
+ else
+ $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve"));
+
+ echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode
+ exit;
+}
+# --- AJAX REVERSE DNS RESOLVE End ---
+
if ($_POST['save']) {
if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
$config['installedpackages']['snortglobal']['alertsblocks'] = array();
@@ -344,7 +360,6 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<script src="/javascript/filter_log.js" type="text/javascript"></script>
<?php
include_once("fbegin.inc");
@@ -444,7 +459,7 @@ if ($savemsg) {
<col axis="string">
</colgroup>
<thead>
- <tr>
+ <tr class="sortableHeaderRowIdentifier">
<th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th>
<th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th>
@@ -488,16 +503,12 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) {
$alert_ip_src = $fields[6];
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_src = str_replace(":", ":&#8203;", $alert_ip_src);
+
/* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */
$alert_ip_src .= "<br/>";
- if ($pfs_version > 2.0) {
- $alert_ip_src .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[6]}&dialog_output=true', outputrule);\">";
- $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
- $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
- }
- $alert_ip_src .= "<a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>";
- $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
- $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
+ $alert_ip_src .= "<img onclick=\"javascript:resolve_with_ajax('{$fields[6]}');\" title=\"";
+ $alert_ip_src .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" ";
+ $alert_ip_src .= " style=\"cursor: pointer;\"/>";
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
@@ -521,16 +532,13 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) {
$alert_ip_dst = $fields[8];
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_dst = str_replace(":", ":&#8203;", $alert_ip_dst);
+
/* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */
$alert_ip_dst .= "<br/>";
- if ($pfs_version > 2.0) {
- $alert_ip_dst .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[8]}&dialog_output=true', outputrule);\">";
- $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
- $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
- }
- $alert_ip_dst .= "<a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>";
- $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
- $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
+ $alert_ip_dst .= "<img onclick=\"javascript:resolve_with_ajax('{$fields[8]}');\" title=\"";
+ $alert_ip_dst .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" ";
+ $alert_ip_dst .= " style=\"cursor: pointer;\"/>";
+
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
!isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) {
@@ -580,11 +588,11 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) {
<td class='listr' align='center'>{$alert_priority}</td>
<td class='listr' align='center'>{$alert_proto}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td>
- <td class='listr' align='center' sorttable_customkey='{$fields[6]}'>{$alert_ip_src}</td>
+ <td class='listr' align='center' style=\"sorttable_customkey:{$fields[6]};\" sorttable_customkey=\"{$fields[6]}\">{$alert_ip_src}</td>
<td class='listr' align='center'>{$alert_src_p}</td>
- <td class='listr' align='center' sorttable_customkey='{$fields[8]}'>{$alert_ip_dst}</td>
+ <td class='listr' align='center' style=\"sorttable_customkey:{$fields[8]};\" sorttable_customkey=\"{$fields[8]}\">{$alert_ip_dst}</td>
<td class='listr' align='center'>{$alert_dst_p}</td>
- <td class='listr' align='center' sorttable_customkey='{$fields[2]}'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
+ <td class='listr' align='center' style=\"sorttable_customkey:{$fields[2]};\" sorttable_customkey=\"{$fields[2]}\">{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
<td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td>
</tr>\n";
$counter++;
@@ -622,5 +630,38 @@ function encRuleSig(rulegid,rulesid,srcip,ruledescr) {
document.getElementById("descr").value = ruledescr;
}
</script>
+
+<!-- The following AJAX code was borrowed from the diag_logs_filter.php -->
+<!-- file in pfSense. See copyright info at top of this page. -->
+<script type="text/javascript">
+//<![CDATA[
+function resolve_with_ajax(ip_to_resolve) {
+ var url = "/snort/snort_alerts.php";
+
+ jQuery.ajax(
+ url,
+ {
+ type: 'post',
+ dataType: 'json',
+ data: {
+ resolve: ip_to_resolve,
+ },
+ complete: resolve_ip_callback
+ });
+}
+
+function resolve_ip_callback(transport) {
+ var response = jQuery.parseJSON(transport.responseText);
+ var msg = 'IP address "' + response.resolve_ip + '" resolves to\n';
+ alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"');
+}
+
+// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities
+function htmlspecialchars(str) {
+ return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;');
+}
+//]]>
+</script>
+
</body>
</html>
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 97301a0f..087724e3 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -7,6 +7,7 @@
*
* Modified for the Pfsense snort package v. 1.8+
* Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2014 Jim Pingle jim@pingle.org
* Copyright (C) 2014 Bill Meeks
*
* Redistribution and use in source and binary forms, with or without
@@ -50,6 +51,21 @@ if (empty($pconfig['blertnumber']))
else
$bnentries = $pconfig['blertnumber'];
+# --- AJAX REVERSE DNS RESOLVE Start ---
+if (isset($_POST['resolve'])) {
+ $ip = strtolower($_POST['resolve']);
+ $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : '');
+
+ if ($res && $res != $ip)
+ $response = array('resolve_ip' => $ip, 'resolve_text' => $res);
+ else
+ $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve"));
+
+ echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode
+ exit;
+}
+# --- AJAX REVERSE DNS RESOLVE End ---
+
if ($_POST['todelete']) {
$ip = "";
if ($_POST['ip'])
@@ -133,7 +149,6 @@ include_once("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000">
-<script src="/javascript/filter_log.js" type="text/javascript"></script>
<?php
@@ -214,11 +229,11 @@ if ($savemsg) {
<col width="10%" align="center">
</colgroup>
<thead>
- <tr>
+ <tr class="sortableHeaderRowIdentifier">
<th class="listhdrr" axis="number">#</th>
<th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th>
- <th class="listhdrr"><?php echo gettext("Remove"); ?></th>
+ <th class="listhdrr sorttable_nosort"><?php echo gettext("Remove"); ?></th>
</tr>
</thead>
<tbody>
@@ -278,20 +293,16 @@ if ($savemsg) {
$tmp_ip = str_replace(":", ":&#8203;", $blocked_ip);
/* Add reverse DNS lookup icons (two different links if pfSense version supports them) */
$rdns_link = "";
- if ($pfs_version > 2.0) {
- $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$blocked_ip}&dialog_output=true', outputrule);\">";
- $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
- $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
- }
- $rdns_link .= "<a href='/diag_dns.php?host={$blocked_ip}'>";
- $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
- $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
+ $rdns_link .= "<img onclick=\"javascript:resolve_with_ajax('{$blocked_ip}');\" title=\"";
+ $rdns_link .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" ";
+ $rdns_link.= " style=\"cursor: pointer;\"/>";
+
/* use one echo to do the magic*/
echo "<tr>
<td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td>
<td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td>
<td valign=\"middle\" class=\"listr\">{$blocked_desc}</td>
- <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\">
+ <td align=\"center\" valign=\"middle\" class=\"listr\">
<input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$blocked_ip}';\"
src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td>
</tr>\n";
@@ -325,5 +336,38 @@ if ($savemsg) {
<?php
include("fend.inc");
?>
+
+<!-- The following AJAX code was borrowed from the diag_logs_filter.php -->
+<!-- file in pfSense. See copyright info at top of this page. -->
+<script type="text/javascript">
+//<![CDATA[
+function resolve_with_ajax(ip_to_resolve) {
+ var url = "/snort/snort_blocked.php";
+
+ jQuery.ajax(
+ url,
+ {
+ type: 'post',
+ dataType: 'json',
+ data: {
+ resolve: ip_to_resolve,
+ },
+ complete: resolve_ip_callback
+ });
+}
+
+function resolve_ip_callback(transport) {
+ var response = jQuery.parseJSON(transport.responseText);
+ var msg = 'IP address "' + response.resolve_ip + '" resolves to\n';
+ alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"');
+}
+
+// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities
+function htmlspecialchars(str) {
+ return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;');
+}
+//]]>
+</script>
+
</body>
</html>
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 7f8bc7a1..ff05bdfd 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -251,7 +251,7 @@ include_once("head.inc");
<p style="text-align:center;" class="vexpl">
<font class="red"><b><?php echo gettext("WARNING:");?></b></font>&nbsp;
<?php echo gettext('No rule types have been selected for download. ') .
- gettext('Visit the ') . '<a href="/snort/snort_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?>
+ gettext('Visit the ') . '<a href="/snort/snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?>
<br/></p>
<?php else: ?>
<br/>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index ca8d03ee..fb573a73 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -176,6 +176,9 @@ if ($_POST["save"] && !$input_errors) {
/* if no errors write to conf */
if (!$input_errors) {
+ /* Most changes don't require a rules rebuild, so default to "off" */
+ $rebuild_rules = false;
+
$natent = $a_rule[$id];
$natent['interface'] = $_POST['interface'];
$natent['enable'] = $_POST['enable'] ? 'on' : 'off';
@@ -360,9 +363,6 @@ if ($_POST["save"] && !$input_errors) {
/* Save configuration changes */
write_config("Snort pkg: modified interface configuration for {$natent['interface']}.");
- /* Most changes don't require a rules rebuild, so default to "off" */
- $rebuild_rules = false;
-
/* Update snort.conf and snort.sh files for this interface */
sync_snort_package_config();
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 849dea8f..195e1a5e 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -219,8 +219,8 @@ if ($input_errors)
<td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td>
<tr>
<td>&nbsp;</td>
- <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/>
- <a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank">
+ <td><a href="https://www.snort.org/users/sign_up" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/>
+ <a href="https://www.snort.org/products" target="_blank">
<?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td>
</tr>
</table>
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index 5e1e5113..af02261f 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -459,7 +459,7 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.1";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.2";
log_error("[Snort] Saving configuration settings in new format...");
write_config("Snort pkg: migrate existing settings to new format as part of package upgrade.");
log_error("[Snort] Settings successfully migrated to new configuration format...");
diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php
index f501e0fc..d5b89877 100644
--- a/config/snort/snort_passlist_edit.php
+++ b/config/snort/snort_passlist_edit.php
@@ -39,6 +39,8 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+$pconfig = array();
+
if ($_POST['cancel']) {
header("Location: /snort/snort_passlist.php");
exit;
@@ -52,24 +54,63 @@ $a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id'])) {
$id = htmlspecialchars($_GET['id']);
+}
/* Should never be called without identifying list index, so bail */
if (is_null($id)) {
- header("Location: /snort/snort_interfaces_whitelist.php");
+ header("Location: /snort/snort_passlist.php");
exit;
}
+if (isset($id) && isset($a_passlist[$id])) {
+ /* Retrieve saved settings */
+ $pconfig['name'] = $a_passlist[$id]['name'];
+ $pconfig['uuid'] = $a_passlist[$id]['uuid'];
+ $pconfig['address'] = $a_passlist[$id]['address'];
+ $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']);
+ $pconfig['localnets'] = $a_passlist[$id]['localnets'];
+ $pconfig['wanips'] = $a_passlist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_passlist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_passlist[$id]['vips'];
+ $pconfig['vpnips'] = $a_passlist[$id]['vpnips'];
+}
+
+// Check for returned "selected alias" if action is import
+if ($_GET['act'] == "import") {
+
+ // Retrieve previously typed values we passed to SELECT ALIAS page
+ $pconfig['name'] = htmlspecialchars($_GET['name']);
+ $pconfig['uuid'] = htmlspecialchars($_GET['uuid']);
+ $pconfig['address'] = htmlspecialchars($_GET['address']);
+ $pconfig['descr'] = htmlspecialchars($_GET['descr']);
+ $pconfig['localnets'] = htmlspecialchars($_GET['localnets'])? 'yes' : 'no';
+ $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no';
+ $pconfig['wangateips'] = htmlspecialchars($_GET['wangateips'])? 'yes' : 'no';
+ $pconfig['wandnsips'] = htmlspecialchars($_GET['wandnsips'])? 'yes' : 'no';
+ $pconfig['vips'] = htmlspecialchars($_GET['vips'])? 'yes' : 'no';
+ $pconfig['vpnips'] = htmlspecialchars($_GET['vpnips'])? 'yes' : 'no';
+
+ // Now retrieve the "selected alias" returned from SELECT ALIAS page
+ if ($_GET['varname'] == "address" && isset($_GET['varvalue']))
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
+}
+
/* If no entry for this passlist, then create a UUID and treat it like a new list */
-if (!isset($a_passlist[$id]['uuid'])) {
+if (!isset($a_passlist[$id]['uuid']) && empty($pconfig['uuid'])) {
$passlist_uuid = 0;
while ($passlist_uuid > 65535 || $passlist_uuid == 0) {
$passlist_uuid = mt_rand(1, 65535);
$pconfig['uuid'] = $passlist_uuid;
$pconfig['name'] = "passlist_{$passlist_uuid}";
}
-} else
+}
+elseif (!empty($pconfig['uuid'])) {
+ $passlist_uuid = $pconfig['uuid'];
+}
+else
$passlist_uuid = $a_passlist[$id]['uuid'];
/* returns true if $name is a valid name for a pass list file name or ip */
@@ -83,28 +124,6 @@ function is_validpasslistname($name) {
return false;
}
-if (isset($id) && $a_passlist[$id]) {
- /* old settings */
- $pconfig = array();
- $pconfig['name'] = $a_passlist[$id]['name'];
- $pconfig['uuid'] = $a_passlist[$id]['uuid'];
- $pconfig['detail'] = $a_passlist[$id]['detail'];
- $pconfig['address'] = $a_passlist[$id]['address'];
- $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']);
- $pconfig['localnets'] = $a_passlist[$id]['localnets'];
- $pconfig['wanips'] = $a_passlist[$id]['wanips'];
- $pconfig['wangateips'] = $a_passlist[$id]['wangateips'];
- $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips'];
- $pconfig['vips'] = $a_passlist[$id]['vips'];
- $pconfig['vpnips'] = $a_passlist[$id]['vpnips'];
-}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "address" && isset($_GET['varvalue']))
- $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
-}
-
if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
@@ -126,11 +145,11 @@ if ($_POST['save']) {
$input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset.");
/* check for name conflicts */
- foreach ($a_passlist as $w_list) {
- if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list))
+ foreach ($a_passlist as $p_list) {
+ if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $p_list))
continue;
- if ($w_list['name'] == $_POST['name']) {
+ if ($p_list['name'] == $_POST['name']) {
$input_errors[] = gettext("A Pass List file name with this name already exists.");
break;
}
@@ -141,27 +160,25 @@ if ($_POST['save']) {
$input_errors[] = gettext("A valid alias must be provided");
if (!$input_errors) {
- $w_list = array();
+ $p_list = array();
/* post user input */
- $w_list['name'] = $_POST['name'];
- $w_list['uuid'] = $passlist_uuid;
- $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no';
- $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
- $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
- $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
- $w_list['vips'] = $_POST['vips']? 'yes' : 'no';
- $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
-
- $w_list['address'] = $_POST['address'];
- $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $w_list['detail'] = $final_address_details;
+ $p_list['name'] = $_POST['name'];
+ $p_list['uuid'] = $passlist_uuid;
+ $p_list['localnets'] = $_POST['localnets']? 'yes' : 'no';
+ $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
+ $p_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
+ $p_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
+ $p_list['vips'] = $_POST['vips']? 'yes' : 'no';
+ $p_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
+ $p_list['address'] = $_POST['address'];
+ $p_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
if (isset($id) && $a_passlist[$id])
- $a_passlist[$id] = $w_list;
+ $a_passlist[$id] = $p_list;
else
- $a_passlist[] = $w_list;
+ $a_passlist[] = $p_list;
- write_config("Snort pkg: modified PASS LIST {$w_list['name']}.");
+ write_config("Snort pkg: modified PASS LIST {$p_list['name']}.");
/* create pass list and homenet file, then sync files */
sync_snort_package_config();
@@ -284,8 +301,8 @@ if ($savemsg)
</td>
<td width="78%" class="vtable">
<input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>"
- title="<?=trim(filter_expand_alias($pconfig['address']));?>"/>
- &nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ title="<?=trim(filter_expand_alias($pconfig['address']));?>"/>&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();"
title="<?php echo gettext("Select an existing IP alias");?>"/>
</td>
</tr>
@@ -326,6 +343,29 @@ function createAutoSuggest() {
setTimeout("createAutoSuggest();", 500);
+function selectAlias() {
+
+ var loc;
+ var fields = [ "name", "descr", "localnets", "wanips", "wangateips", "wandnsips", "vips", "vpnips", "address" ];
+
+ // Scrape current form field values and add to
+ // the select alias URL as a query string.
+ var loc = 'snort_select_alias.php?id=<?=$id;?>&act=import&type=host|network';
+ loc = loc + '&varname=address&multi_ip=yes';
+ loc = loc + '&returl=<?=urlencode($_SERVER['PHP_SELF']);?>';
+ loc = loc + '&uuid=<?=$passlist_uuid;?>';
+
+ // Iterate over just the specific form fields we want to pass to
+ // the select alias URL.
+ fields.forEach(function(entry) {
+ var tmp = $(entry).serialize();
+ if (tmp.length > 0)
+ loc = loc + '&' + tmp;
+ });
+
+ window.parent.location = loc;
+}
+
</script>
<?php include("fend.inc"); ?>
</body>
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 25be448a..c1be72cc 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -178,7 +178,7 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
$config['widgets']['sequence'] .= ",{$snort_widget_container}";
/* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.1";
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.2";
write_config("Snort pkg: post-install configuration saved.");
/* Done with post-install, so clear flag */
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index da1c515e..133c0513 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -240,7 +240,17 @@ $disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log";
// Check for returned "selected alias" if action is import
if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
+
+ // Retrieve previously typed values we passed to SELECT ALIAS page
+ $pconfig['sf_portscan'] = htmlspecialchars($_GET['sf_portscan'])? 'on' : 'off';
+ $pconfig['pscan_ignore_scanners'] = htmlspecialchars($_GET['pscan_ignore_scanners']);
+ $pconfig['pscan_protocol'] = htmlspecialchars($_GET['pscan_protocol']);
+ $pconfig['pscan_type'] = htmlspecialchars($_GET['pscan_type']);
+ $pconfig['pscan_memcap'] = htmlspecialchars($_GET['pscan_memcap']);
+ $pconfig['pscan_sense_level'] = htmlspecialchars($_GET['pscan_sense_level']);
+
+ // Now retrieve the "selected alias" returned from SELECT ALIAS page
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
}
// Handle deleting of any of the multiple configuration engines
@@ -1237,7 +1247,7 @@ if ($savemsg) {
value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>">&nbsp;&nbsp;<?php echo gettext("Leave blank for default. ") .
gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.</td>
<td class="vexpl" align="right">
- <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -2205,6 +2215,29 @@ function wopen(url, name, w, h)
win.focus();
}
+function selectAlias() {
+
+ var loc;
+ var fields = [ "sf_portscan", "pscan_protocol", "pscan_type", "pscan_sense_level", "pscan_memcap", "pscan_ignore_scanners" ];
+
+ // Scrape current form field values and add to
+ // the select alias URL as a query string.
+ var loc = 'snort_select_alias.php?id=<?=$id;?>&act=import&type=host|network';
+ loc = loc + '&varname=pscan_ignore_scanners&multi_ip=yes';
+ loc = loc + '&returl=<?=urlencode($_SERVER['PHP_SELF']);?>';
+ loc = loc + '&uuid=<?=$passlist_uuid;?>';
+
+ // Iterate over just the specific form fields we want to pass to
+ // the select alias URL.
+ fields.forEach(function(entry) {
+ var tmp = $(entry).serialize();
+ if (tmp.length > 0)
+ loc = loc + '&' + tmp;
+ });
+
+ window.parent.location = loc;
+}
+
// Set initial state of form controls
enable_change_all();
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index df17efc0..8d9aa6ba 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -157,12 +157,16 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) &
$sid = $_POST['sid'];
// See if the target SID is in our list of modified SIDs,
- // and toggle it back to default if present; otherwise,
- // add it to the appropriate modified SID list.
- if (isset($enablesid[$gid][$sid]))
+ // and toggle if present; otherwise, add it to the
+ // appropriate modified SID list.
+ if (isset($enablesid[$gid][$sid])) {
unset($enablesid[$gid][$sid]);
- elseif (isset($disablesid[$gid][$sid]))
+ $disablesid[$gid][$sid] = "disablesid";
+ }
+ elseif (isset($disablesid[$gid][$sid])) {
unset($disablesid[$gid][$sid]);
+ $enablesid[$gid][$sid] = "enablesid";
+ }
else {
if ($rules_map[$gid][$sid]['disabled'] == 1)
$enablesid[$gid][$sid] = "enablesid";
@@ -198,6 +202,10 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) &
/* Update the config.xml file. */
write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}.");
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
+
+ // Set a scroll-to anchor location
$anchor = "rule_{$gid}_{$sid}";
}
elseif ($_POST['disable_all'] && !empty($rules_map)) {
@@ -237,6 +245,9 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
+
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
}
elseif ($_POST['enable_all'] && !empty($rules_map)) {
@@ -274,6 +285,9 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
+
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
}
elseif ($_POST['resetcategory'] && !empty($rules_map)) {
@@ -313,6 +327,9 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}.");
+
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
}
elseif ($_POST['resetall'] && !empty($rules_map)) {
@@ -322,9 +339,13 @@ elseif ($_POST['resetall'] && !empty($rules_map)) {
/* Update the config.xml file. */
write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}.");
+
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
}
else if ($_POST['cancel']) {
$pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
+ clear_subsystem_dirty('snort_rules');
}
elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
@@ -365,6 +386,8 @@ elseif ($_POST['save']) {
$savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. ");
$savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules.");
}
+
+ clear_subsystem_dirty('snort_rules');
}
else if ($_POST['apply']) {
/* Save new configuration */
@@ -382,9 +405,11 @@ else if ($_POST['apply']) {
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_rule[$id]);
+
+ // We have saved changes and done a soft restart, so clear "dirty" flag
+ clear_subsystem_dirty('snort_rules');
}
-require_once("guiconfig.inc");
include_once("head.inc");
$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
@@ -411,6 +436,11 @@ if ($savemsg) {
<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/>
<input type='hidden' name='sid' id='sid' value=''/>
<input type='hidden' name='gid' id='gid' value=''/>
+
+<?php if (is_subsystem_dirty('snort_rules')): ?><p>
+<?php print_info_box_np(gettext("A change has been made to a rule state.") . "<br/>" . gettext("Click APPLY when finished to send the changes to the running configuration."));?>
+<?php endif; ?>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -570,8 +600,8 @@ if ($savemsg) {
<col axis="string">
</colgroup>
<thead>
- <tr>
- <th class="list">&nbsp;</th>
+ <tr class="sortableHeaderRowIdentifier">
+ <th class="list sorttable_nosort">&nbsp;</th>
<th class="listhdrr"><?php echo gettext("GID"); ?></th>
<th class="listhdrr"><?php echo gettext("SID"); ?></th>
<th class="listhdrr"><?php echo gettext("Proto"); ?></th>
@@ -595,7 +625,7 @@ if ($savemsg) {
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
- $title = gettext("Disabled by user. Click to toggle to default state");
+ $title = gettext("Disabled by user. Click to toggle to enabled state");
}
elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
$textss = "<span class=\"gray\">";
@@ -608,7 +638,7 @@ if ($savemsg) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
- $title = gettext("Enabled by user. Click to toggle to default state");
+ $title = gettext("Enabled by user. Click to toggle to disabled state");
}
else {
$textss = $textse = "";
@@ -638,7 +668,7 @@ if ($savemsg) {
$message = snort_get_msg($v['rule']); // description field
$sid_tooltip = gettext("View the raw text for this rule");
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss}
<a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
document.getElementById('gid').value='{$gid}';\"
src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
@@ -693,8 +723,8 @@ if ($savemsg) {
<col align="left" axis="string">
</colgroup>
<thead>
- <tr>
- <th class="list">&nbsp;</th>
+ <tr class="sortableHeaderRowIdentifier">
+ <th class="list" sorttable_nosort>&nbsp;</th>
<th class="listhdrr"><?php echo gettext("GID"); ?></th>
<th class="listhdrr"><?php echo gettext("SID"); ?></th>
<th class="listhdrr"><?php echo gettext("Classification"); ?></th>
@@ -714,7 +744,7 @@ if ($savemsg) {
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
- $title = gettext("Disabled by user. Click to toggle to default state");
+ $title = gettext("Disabled by user. Click to toggle to enabled state");
}
elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
$textss = "<span class=\"gray\">";
@@ -727,7 +757,7 @@ if ($savemsg) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
- $title = gettext("Enabled by user. Click to toggle to default state");
+ $title = gettext("Enabled by user. Click to toggle to disabled state");
}
else {
$textss = $textse = "";
@@ -747,7 +777,7 @@ if ($savemsg) {
else
$policy = "none";
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss}
<input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
document.getElementById('gid').value='{$gid}';\"
src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index d7c18a9d..cbb7b631 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -216,7 +216,7 @@ if ($savemsg)
<col axis="string">
</colgroup>
<thead>
- <tr>
+ <tr class="sortableHeaderRowIdentifier">
<th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th>
@@ -263,7 +263,7 @@ if ($savemsg)
// Use "echo" to write the table HTML row-by-row.
echo "<tr>" .
- "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid}&nbsp;{$supplink}</td>" .
+ "<td class=\"listr\" style=\"sorttable_customkey:{$sid};\" sorttable_customkey=\"{$sid}\">{$sid}&nbsp;{$supplink}</td>" .
"<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" .
"<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
"<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .