diff options
| author | robiscool <robrob2626@yahoo.com> | 2010-04-07 23:40:40 -0700 |
|---|---|---|
| committer | robiscool <robrob2626@yahoo.com> | 2010-04-07 23:41:15 -0700 |
| commit | e8fa9505ad3c402bf4a5b5143842c0028382a658 (patch) | |
| tree | 802cf09aad71d143bf4fed56817ed93a72d40154 /config/snort | |
| parent | 107e44d435f9805003de709a1b9d36f0a3cbb05a (diff) | |
| download | pfsense-packages-e8fa9505ad3c402bf4a5b5143842c0028382a658.tar.gz pfsense-packages-e8fa9505ad3c402bf4a5b5143842c0028382a658.tar.bz2 pfsense-packages-e8fa9505ad3c402bf4a5b5143842c0028382a658.zip | |
snort, add passthrough option
Diffstat (limited to 'config/snort')
| -rw-r--r-- | config/snort/snort.inc | 11 | ||||
| -rw-r--r-- | config/snort/snort_barnyard.php | 20 | ||||
| -rw-r--r-- | config/snort/snort_define_servers.php | 5 | ||||
| -rw-r--r-- | config/snort/snort_interfaces.php | 2 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_edit.php | 12 | ||||
| -rw-r--r-- | config/snort/snort_preprocessors.php | 4 |
6 files changed, 49 insertions, 5 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index cd2f9946..104c1a5a 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1055,6 +1055,8 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); +/* user add arguments */ +$snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru'])); $barnyard2_conf_text = <<<EOD @@ -1094,6 +1096,12 @@ config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid config hostname: $snortbarnyardlog_hostname_info_chk config interface: {$snort_uuid}_{$if_real} +## START user pass through ## + +{$snortbarnyardlog_config_pass_thru} + +## END user pass through ## + # Step 2: setup the input plugins input unified2 @@ -1259,6 +1267,9 @@ function generate_snort_conf($id, $if_real, $snort_uuid) /* XXX: make multi wan friendly */ $snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + /* user added arguments */ + $snort_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['configpassthru'])); + /* create basic files */ if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}")) { diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 7a587330..103fba0e 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -114,7 +114,9 @@ if (isset($id) && $a_nat[$id]) { $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['configpassthru'] = $a_nat[$id]['configpassthru']; + $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); $pconfig['rulesets'] = $a_nat[$id]['rulesets']; $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; @@ -219,6 +221,8 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } @@ -226,6 +230,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; /* post new options */ $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off; $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; + $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']) ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru']; if ($_POST['barnyard_enable'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['barnyard_enable'] == "") { $natent['snortunifiedlog'] = off; } if (isset($id) && $a_nat[$id]) @@ -293,6 +298,7 @@ echo " } ?> document.iform.barnyard_mysql.disabled = endis; + document.iform.barnconfigpassthru.disabled = endis; } //--> </script> @@ -409,8 +415,16 @@ if($id != "") <tr> <td width="22%" valign="top" class="vncell">Log to a Mysql Database</td> <td width="78%" class="vtable"> - <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="40" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> - <br> <span class="vexpl">Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span></td> + <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="100" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> + <br> <span class="vexpl">Example: output database: alert, mysql, dbname=snort user=snort host=localhost password=xyz<br> + Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Advanced configuration pass through</td> + <td width="78%" class="vtable"> + <textarea name="barnconfigpassthru" cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> + <br> + Arguments here will be automatically inserted into the running barnyard2 configuration.</td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 5e9b0f31..9641b767 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -117,6 +117,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['configpassthru'] = $a_nat[$id]['configpassthru']; + $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; $pconfig['rulesets'] = $a_nat[$id]['rulesets']; $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; @@ -166,7 +168,8 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - + if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } /* post new options */ if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 30fed8e5..5f42725f 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -241,7 +241,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.20"; +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.21"; include("head.inc"); ?> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index cba0cc8a..b63bbfbd 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -138,6 +138,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']); + $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; $pconfig['rulesets'] = $a_nat[$id]['rulesets']; $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; @@ -235,6 +237,7 @@ if ($_POST["Submit"]) { if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + $natent['configpassthru'] = base64_encode($_POST['configpassthru']) ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; /* if optiion = 0 then the old descr way will not work */ /* rewrite the options that are not in post */ @@ -284,6 +287,7 @@ if ($_POST["Submit"]) { if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } @@ -408,6 +412,7 @@ echo " document.iform.alertsystemlog.disabled = endis; document.iform.tcpdumplog.disabled = endis; document.iform.snortunifiedlog.disabled = endis; + document.iform.configpassthru.disabled = endis; } //--> </script> @@ -580,6 +585,13 @@ if ($a_nat[$id]['interface'] != '') { <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">Advanced configuration pass through</td> + <td width="78%" class="vtable"> + <textarea name="configpassthru" cols="100" rows="7" id="configpassthru" class="formpre"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> + <br> + Arguments here will be automatically inserted into the running snort configuration.</td> + </tr> <tr> <td width="22%" valign="top"></td> <td width="78%"> diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 0d7fdde3..1d3abf0b 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -110,6 +110,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['configpassthru'] = $a_nat[$id]['configpassthru']; + $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; $pconfig['rulesets'] = $a_nat[$id]['rulesets']; $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; @@ -195,6 +197,8 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } |