aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2009-07-06 13:21:19 -0700
committerrobiscool <robrob2626@yahoo.com>2009-07-06 13:21:19 -0700
commita026202a9d1b4f39d5389b3c7af1d25999bf17c5 (patch)
tree30e2993600c896856e97f81d55e0f88fa901f57d /config/snort
parent4df4bc5f34cc29af7e0dc76a5c7249f4d99b41d6 (diff)
downloadpfsense-packages-a026202a9d1b4f39d5389b3c7af1d25999bf17c5.tar.gz
pfsense-packages-a026202a9d1b4f39d5389b3c7af1d25999bf17c5.tar.bz2
pfsense-packages-a026202a9d1b4f39d5389b3c7af1d25999bf17c5.zip
july 6, add threshold tab, add server tab, prepare for barnyard2 and snort-inline
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc341
-rw-r--r--config/snort/snort.xml20
-rw-r--r--config/snort/snort_advanced.xml8
-rw-r--r--config/snort/snort_alerts.php4
-rw-r--r--config/snort/snort_blocked.php2
-rw-r--r--config/snort/snort_download_rules.php2
-rw-r--r--config/snort/snort_rules.php2
-rw-r--r--config/snort/snort_rules_edit.php2
-rw-r--r--config/snort/snort_rulesets.php2
-rw-r--r--config/snort/snort_whitelist.xml8
10 files changed, 349 insertions, 42 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 3798b966..1808751d 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -240,7 +240,246 @@ $snortmysqllog_info_chk = $config['installedpackages']['snortadvanced']['config'
/* define snortunifiedlog */
$snortunifiedlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortunifiedlog'];
if ($snortunifiedlog_info_chk == on)
- $snortunifiedlog_type = "output alert_unified: snort.alert, limit 128\noutput log_unified: snort.log, limit 128";
+ $snortunifiedlog_type = "output unified2: filename snort.u2, limit 128";
+
+/* define servers and ports snortdefservers */
+
+/* def DNS_SERVSERS */
+$def_dns_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_servers'];
+if ($def_dns_servers_info_chk == "")
+ $def_dns_servers_type = "\$HOME_NET";
+else
+ $def_dns_servers_type = "$def_dns_servers_info_chk";
+
+/* def DNS_PORTS */
+$def_dns_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_ports'];
+if ($def_dns_ports_info_chk == "")
+ $def_dns_ports_type = "53";
+else
+ $def_dns_ports_type = "$def_dns_ports_info_chk";
+
+/* def SMTP_SERVSERS */
+$def_smtp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_servers'];
+if ($def_smtp_servers_info_chk == "")
+ $def_smtp_servers_type = "\$HOME_NET";
+else
+ $def_smtp_servers_type = "$def_smtp_servers_info_chk";
+
+/* def SMTP_PORTS */
+$def_smtp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_ports'];
+if ($def_smtp_ports_info_chk == "")
+ $def_smtp_ports_type = "25";
+else
+ $def_smtp_ports_type = "$def_smtp_ports_info_chk";
+
+/* def MAIL_PORTS */
+$def_mail_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mail_ports'];
+if ($def_mail_ports_info_chk == "")
+ $def_mail_ports_type = "25,143,465,691";
+else
+ $def_mail_ports_type = "$def_mail_ports_info_chk";
+
+/* def HTTP_SERVSERS */
+$def_http_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_servers'];
+if ($def_http_servers_info_chk == "")
+ $def_http_servers_type = "\$HOME_NET";
+else
+ $def_http_servers_type = "$def_http_servers_info_chk";
+
+/* def WWW_SERVSERS */
+$def_www_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_www_servers'];
+if ($def_www_servers_info_chk == "")
+ $def_www_servers_type = "\$HOME_NET";
+else
+ $def_www_servers_type = "$def_www_servers_info_chk";
+
+/* def HTTP_PORTS */
+$def_http_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_ports'];
+if ($def_http_ports_info_chk == "")
+ $def_http_ports_type = "80";
+else
+ $def_http_ports_type = "$def_http_ports_info_chk";
+
+/* def SQL_SERVSERS */
+$def_sql_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sql_servers'];
+if ($def_sql_servers_info_chk == "")
+ $def_sql_servers_type = "\$HOME_NET";
+else
+ $def_sql_servers_type = "$def_sql_servers_info_chk";
+
+/* def ORACLE_PORTS */
+$def_oracle_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_oracle_ports'];
+if ($def_oracle_ports_info_chk == "")
+ $def_oracle_ports_type = "1521";
+else
+ $def_oracle_ports_type = "$def_oracle_ports_info_chk";
+
+/* def MSSQL_PORTS */
+$def_mssql_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mssql_ports'];
+if ($def_mssql_ports_info_chk == "")
+ $def_mssql_ports_type = "1433";
+else
+ $def_mssql_ports_type = "$def_mssql_ports_info_chk";
+
+/* def TELNET_SERVSERS */
+$def_telnet_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_servers'];
+if ($def_telnet_servers_info_chk == "")
+ $def_telnet_servers_type = "\$HOME_NET";
+else
+ $def_telnet_servers_type = "$def_telnet_servers_info_chk";
+
+/* def TELNET_PORTS */
+$def_telnet_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_ports'];
+if ($def_telnet_ports_info_chk == "")
+ $def_telnet_ports_type = "23";
+else
+ $def_telnet_ports_type = "$def_telnet_ports_info_chk";
+
+/* def SNMP_SERVSERS */
+$def_snmp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_servers'];
+if ($def_snmp_servers_info_chk == "")
+ $def_snmp_servers_type = "\$HOME_NET";
+else
+ $def_snmp_servers_type = "$def_snmp_servers_info_chk";
+
+/* def SNMP_PORTS */
+$def_snmp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_ports'];
+if ($def_snmp_ports_info_chk == "")
+ $def_snmp_ports_type = "161";
+else
+ $def_snmp_ports_type = "$def_snmp_ports_info_chk";
+
+/* def FTP_SERVSERS */
+$def_ftp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_servers'];
+if ($def_ftp_servers_info_chk == "")
+ $def_ftp_servers_type = "\$HOME_NET";
+else
+ $def_ftp_servers_type = "$def_ftp_servers_info_chk";
+
+/* def FTP_PORTS */
+$def_ftp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_ports'];
+if ($def_ftp_ports_info_chk == "")
+ $def_ftp_ports_type = "21";
+else
+ $def_ftp_ports_type = "$def_ftp_ports_info_chk";
+
+/* def SSH_SERVSERS */
+$def_ssh_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_servers'];
+if ($def_ssh_servers_info_chk == "")
+ $def_ssh_servers_type = "\$HOME_NET";
+else
+ $def_ssh_servers_type = "$def_ssh_servers_info_chk";
+
+/* if user has defined a custom ssh port, use it */
+if($config['system']['ssh']['port'])
+ $ssh_port = $config['system']['ssh']['port'];
+else
+ $ssh_port = "22";
+
+/* def SSH_PORTS */
+$def_ssh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_ports'];
+if ($def_ssh_ports_info_chk == "")
+ $def_ssh_ports_type = "{$ssh_port}";
+else
+ $def_ssh_ports_type = "$def_ssh_ports_info_chk";
+
+/* def POP_SERVSERS */
+$def_pop_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop_servers'];
+if ($def_pop_servers_info_chk == "")
+ $def_pop_servers_type = "\$HOME_NET";
+else
+ $def_pop_servers_type = "$def_pop_servers_info_chk";
+
+/* def POP2_PORTS */
+$def_pop2_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop2_ports'];
+if ($def_pop2_ports_info_chk == "")
+ $def_pop2_ports_type = "109";
+else
+ $def_pop2_ports_type = "$def_pop2_ports_info_chk";
+
+/* def POP3_PORTS */
+$def_pop3_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop3_ports'];
+if ($def_pop3_ports_info_chk == "")
+ $def_pop3_ports_type = "110";
+else
+ $def_pop3_ports_type = "$def_pop3_ports_info_chk";
+
+/* def IMAP_SERVSERS */
+$def_imap_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_servers'];
+if ($def_imap_servers_info_chk == "")
+ $def_imap_servers_type = "\$HOME_NET";
+else
+ $def_imap_servers_type = "$def_imap_servers_info_chk";
+
+/* def IMAP_PORTS */
+$def_imap_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_ports'];
+if ($def_imap_ports_info_chk == "")
+ $def_imap_ports_type = "143";
+else
+ $def_imap_ports_type = "$def_imap_ports_info_chk";
+
+/* def SIP_PROXY_IP */
+$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ip'];
+if ($def_sip_proxy_ip_info_chk == "")
+ $def_sip_proxy_ip_type = "\$HOME_NET";
+else
+ $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
+
+/* def SIP_PROXY_PORTS */
+$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ports'];
+if ($def_sip_proxy_ports_info_chk == "")
+ $def_sip_proxy_ports_type = "5060:5090,16384:32768";
+else
+ $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
+
+/* def AUTH_PORTS */
+$def_auth_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_auth_ports'];
+if ($def_auth_ports_info_chk == "")
+ $def_auth_ports_type = "113";
+else
+ $def_auth_ports_type = "$def_auth_ports_info_chk";
+
+/* def FINGER_PORTS */
+$def_finger_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_finger_ports'];
+if ($def_finger_ports_info_chk == "")
+ $def_finger_ports_type = "79";
+else
+ $def_finger_ports_type = "$def_finger_ports_info_chk";
+
+/* def IRC_PORTS */
+$def_irc_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_irc_ports'];
+if ($def_irc_ports_info_chk == "")
+ $def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
+else
+ $def_irc_ports_type = "$def_irc_ports_info_chk";
+
+/* def NNTP_PORTS */
+$def_nntp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_nntp_ports'];
+if ($def_nntp_ports_info_chk == "")
+ $def_nntp_ports_type = "119";
+else
+ $def_nntp_ports_type = "$def_nntp_ports_info_chk";
+
+/* def RLOGIN_PORTS */
+$def_rlogin_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rlogin_ports'];
+if ($def_rlogin_ports_info_chk == "")
+ $def_rlogin_ports_type = "513";
+else
+ $def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
+
+/* def RSH_PORTS */
+$def_rsh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rsh_ports'];
+if ($def_rsh_ports_info_chk == "")
+ $def_rsh_ports_type = "514";
+else
+ $def_rsh_ports_type = "$def_rsh_ports_info_chk";
+
+/* def SSL_PORTS */
+$def_ssl_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssl_ports'];
+if ($def_ssl_ports_info_chk == "")
+ $def_ssl_ports_type = "25,443,465,636,993,995";
+else
+ $def_ssl_ports_type = "$def_ssl_ports_info_chk";
/* add auto update scripts to /etc/crontab */
// $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php";
@@ -276,12 +515,6 @@ if ($snortunifiedlog_info_chk == on)
if(!$config['interfaces']['opt' . $j]['gateway'])
$int_array[] = "opt{$j}";
- /* if user has defined a custom ssh port, use it */
- if($config['system']['ssh']['port'])
- $ssh_port = $config['system']['ssh']['port'];
- else
- $ssh_port = "22";
-
/* iterate through interface list and write out whitelist items
* and also compile a home_net list for snort.
*/
@@ -364,6 +597,29 @@ if ($snortunifiedlog_info_chk == on)
/* close file */
fclose($whitelist);
+ /* open snort's threshold.conf for writing */
+ $threshlist = fopen("/usr/local/etc/snort/threshold.conf", "w");
+ if(!$threshlist) {
+ log_error("Could not open /usr/local/etc/snort/threshold.conf for writing.");
+ return;
+ }
+
+ /* list all entries to new lines */
+ if($config['installedpackages']['snortthreshold'])
+ foreach($config['installedpackages']['snortthreshold']['config'] as $snortthreshlist)
+ if($snortthreshlist['threshrule'])
+ $snortthreshlist_r .= $snortthreshlist['threshrule'] . "\n";
+
+
+ /* foreach through threshlist, writing out to file */
+ $threshlist_split = split("\n", $snortthreshlist_r);
+ foreach($threshlist_split as $wl)
+ if(trim($wl))
+ fwrite($threshlist, trim($wl) . "\n");
+
+ /* close snort's threshold.conf file */
+ fclose($threshlist);
+
/* generate rule sections to load */
$enabled_rulesets = $config['installedpackages']['snort']['rulesets'];
if($enabled_rulesets) {
@@ -400,19 +656,19 @@ var EXTERNAL_NET !\$HOME_NET
#
###################
-var DNS_SERVERS \$HOME_NET
-var SMTP_SERVERS \$HOME_NET
-var HTTP_SERVERS \$HOME_NET
-var SQL_SERVERS \$HOME_NET
-var TELNET_SERVERS \$HOME_NET
-var SNMP_SERVERS \$HOME_NET
-var FTP_SERVERS \$HOME_NET
-var SSH_SERVERS \$HOME_NET
-var POP_SERVERS \$HOME_NET
-var IMAP_SERVERS \$HOME_NET
+var DNS_SERVERS [{$def_dns_servers_type}]
+var SMTP_SERVERS [{$def_smtp_servers_type}]
+var HTTP_SERVERS [{$def_http_servers_type}]
+var SQL_SERVERS [{$def_sql_servers_type}]
+var TELNET_SERVERS [{$def_telnet_servers_type}]
+var SNMP_SERVERS [{$def_snmp_servers_type}]
+var FTP_SERVERS [{$def_ftp_servers_type}]
+var SSH_SERVERS [{$def_ssh_servers_type}]
+var POP_SERVERS [{$def_pop_servers_type}]
+var IMAP_SERVERS [{$def_imap_servers_type}]
var RPC_SERVERS \$HOME_NET
-var WWW_SERVERS \$HOME_NET
-var SIP_PROXY_IP \$HOME_NET
+var WWW_SERVERS [{$def_www_servers_type}]
+var SIP_PROXY_IP [{$def_sip_proxy_ip_type}]
var AIM_SERVERS \
[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
@@ -422,30 +678,30 @@ var AIM_SERVERS \
#
########################
-portvar HTTP_PORTS 80
+portvar HTTP_PORTS [{$def_http_ports_type}]
portvar SHELLCODE_PORTS !80
-portvar ORACLE_PORTS 1521
-portvar AUTH_PORTS 113
-portvar DNS_PORTS 53
-portvar FINGER_PORTS 79
-portvar FTP_PORTS 21
-portvar IMAP_PORTS 143
-portvar IRC_PORTS [6665,6666,6667,6668,6669,7000]
-portvar MSSQL_PORTS 1433
-portvar NNTP_PORTS 119
-portvar POP2_PORTS 109
-portvar POP3_PORTS 110
+portvar ORACLE_PORTS [{$def_oracle_ports_type}]
+portvar AUTH_PORTS [{$def_auth_ports_type}]
+portvar DNS_PORTS [{$def_dns_ports_type}]
+portvar FINGER_PORTS [{$def_finger_ports_type}]
+portvar FTP_PORTS [{$def_ftp_ports_type}]
+portvar IMAP_PORTS [{$def_imap_ports_type}]
+portvar IRC_PORTS [{$def_irc_ports_type}]
+portvar MSSQL_PORTS [{$def_mssql_ports_type}]
+portvar NNTP_PORTS [{$def_nntp_ports_type}]
+portvar POP2_PORTS [{$def_pop2_ports_type}]
+portvar POP3_PORTS [{$def_pop3_ports_type}]
portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779]
-portvar RLOGIN_PORTS 513
-portvar RSH_PORTS 514
+portvar RLOGIN_PORTS [{$def_rlogin_ports_type}]
+portvar RSH_PORTS [{$def_rsh_ports_type}]
portvar SMB_PORTS [139,445]
-portvar SMTP_PORTS 25
-portvar SNMP_PORTS 161
-portvar SSH_PORTS {$ssh_port}
-portvar TELNET_PORTS 23
-portvar MAIL_PORTS [25,143,465,691]
-portvar SSL_PORTS [25,443,465,636,993,995]
-portvar SIP_PROXY_PORTS [5060:5090,16384:32768]
+portvar SMTP_PORTS [{$def_smtp_ports_type}]
+portvar SNMP_PORTS [{$def_snmp_ports_type}]
+portvar SSH_PORTS [{$def_ssh_ports_type}]
+portvar TELNET_PORTS [{$def_telnet_ports_type}]
+portvar MAIL_PORTS [{$def_mail_ports_type}]
+portvar SSL_PORTS [{$def_ssl_ports_type}]
+portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}]
# DCERPC NCACN-IP-TCP
portvar DCERPC_NCACN_IP_TCP [139,445]
@@ -936,4 +1192,9 @@ function snort_advanced() {
sync_package_snort();
}
+function snort_define_servers() {
+ global $g, $config;
+ sync_package_snort();
+}
+
?>
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 7bc22474..7cfd6a4f 100644
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.8.4.1</version>
- <title>Services: Snort 2.8.4.1 pkg v. 1.3</title>
+ <title>Services: Snort 2.8.4.1 pkg v. 1.4</title>
<include_file>/usr/local/pkg/snort.inc</include_file>
<menu>
<name>Snort</name>
@@ -79,6 +79,10 @@
<url>/snort_rules.php</url>
</tab>
<tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
+ </tab>
+ <tab>
<text>Blocked</text>
<url>/snort_blocked.php</url>
</tab>
@@ -87,6 +91,10 @@
<url>/pkg.php?xml=snort_whitelist.xml</url>
</tab>
<tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort_threshold.xml</url>
+ </tab>
+ <tab>
<text>Alerts</text>
<url>/snort_alerts.php</url>
</tab>
@@ -160,6 +168,16 @@
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_advanced.xml</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_threshold.xml</item>
+ </additional_files_needed>
<fields>
<field>
<fielddescr>Interface</fielddescr>
diff --git a/config/snort/snort_advanced.xml b/config/snort/snort_advanced.xml
index 227c0ce4..fa7f7d0f 100644
--- a/config/snort/snort_advanced.xml
+++ b/config/snort/snort_advanced.xml
@@ -67,6 +67,10 @@
<url>/snort_rules.php</url>
</tab>
<tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
+ </tab>
+ <tab>
<text>Blocked</text>
<url>/snort_blocked.php</url>
</tab>
@@ -75,6 +79,10 @@
<url>/pkg.php?xml=snort_whitelist.xml</url>
</tab>
<tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort_threshold.xml</url>
+ </tab>
+ <tab>
<text>Alerts</text>
<url>/snort_alerts.php</url>
</tab>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 9604d64c..f463c0b9 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -68,9 +68,11 @@ if(!$pgtitle_output)
$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
$tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Whitelist"),false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
$tab_array[] = array(gettext("Alerts"), true, "/snort_alerts.php");
$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index fab226b6..42048eff 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -64,8 +64,10 @@ if(!$pgtitle_output)
$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
$tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
$tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
$tab_array[] = array(gettext("Blocked"), true, "/snort_blocked.php");
$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 8d1a1edc..d653f424 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -71,8 +71,10 @@ if(!$pgtitle_output)
$tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php");
$tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
$tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index e9276ecf..76413727 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -298,8 +298,10 @@ function go()
$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
$tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
$tab_array[] = array(gettext("Rules"), true, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index caffb7f2..cbabce73 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -122,8 +122,10 @@ if(!$pgtitle_output)
$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
$tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
$tab_array[] = array(gettext("Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 527dc712..4f16eadd 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -82,8 +82,10 @@ if(!$pgtitle_output)
$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
$tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php");
$tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+ $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
display_top_tabs($tab_array);
diff --git a/config/snort/snort_whitelist.xml b/config/snort/snort_whitelist.xml
index 5ac41802..42769e4e 100644
--- a/config/snort/snort_whitelist.xml
+++ b/config/snort/snort_whitelist.xml
@@ -68,6 +68,10 @@
<url>/snort_rules.php</url>
</tab>
<tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
+ </tab>
+ <tab>
<text>Blocked</text>
<url>/snort_blocked.php</url>
</tab>
@@ -77,6 +81,10 @@
<active/>
</tab>
<tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort_threshold.xml</url>
+ </tab>
+ <tab>
<text>Alerts</text>
<url>/snort_alerts.php</url>
</tab>