aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2013-11-22 01:35:55 -0200
committerMarcello Coutinho <marcellocoutinho@gmail.com>2013-11-22 01:35:55 -0200
commit0d7e8e94c0854145806e91e7ff82015bb1c30330 (patch)
tree8294717c11c18a6b6c70188f0dfd88632365bf8b /config/snort
parent595c831d2768547d49e6daf147889c6aee15f9a4 (diff)
downloadpfsense-packages-0d7e8e94c0854145806e91e7ff82015bb1c30330.tar.gz
pfsense-packages-0d7e8e94c0854145806e91e7ff82015bb1c30330.tar.bz2
pfsense-packages-0d7e8e94c0854145806e91e7ff82015bb1c30330.zip
snort - add multi select combo option for sensitive data preprocessor
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc12
-rwxr-xr-xconfig/snort/snort_preprocessors.php24
2 files changed, 35 insertions, 1 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 1a6f1ac6..0573d5f4 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -3204,8 +3204,18 @@ EOD;
if (is_dir("{$snortcfgdir}/preproc_rules")) {
if ($snortcfg['sensitive_data'] == 'on' && $protect_preproc_rules == "off") {
$sedcmd = '/^#alert.*classtype:sdf/s/^#//';
- if (file_exists("{$snortcfgdir}/preproc_rules/sensitive-data.rules"))
+ if (file_exists("{$snortcfgdir}/preproc_rules/sensitive-data.rules")){
$snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/sensitive-data.rules\n";
+ #enable only selected sensitive data
+ if (file_exists(SNORTDIR."/preproc_rules/sensitive-data.rules")){
+ $sdf_alert_pattern="(".preg_replace("/,/","|",$snortcfg['sdf_alert_data_type']).")";
+ $sd_tmp_file=file(SNORTDIR."/preproc_rules/sensitive-data.rules");
+ $sd_tmp_new_file="";
+ foreach ($sd_tmp_file as $sd_tmp_line)
+ $sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : "";
+ file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
+ }
+ }
} else
$sedcmd = '/^alert.*classtype:sdf/s/^/#/';
if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") &&
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 98a0b106..c6546b6f 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -100,6 +100,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
$pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
$pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
+ $pconfig['sdf_alert_data_type'] = $a_nat[$id]['sdf_alert_data_type'];
$pconfig['sdf_alert_threshold'] = $a_nat[$id]['sdf_alert_threshold'];
$pconfig['sdf_mask_output'] = $a_nat[$id]['sdf_mask_output'];
$pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc'];
@@ -410,6 +411,7 @@ if ($_POST['ResetAll']) {
$pconfig['dce_rpc_2'] = "on";
$pconfig['dns_preprocessor'] = "on";
$pconfig['sensitive_data'] = "off";
+ $pconfig['sdf_alert_data_type'] = "";
$pconfig['sdf_alert_threshold'] = "25";
$pconfig['sdf_mask_output'] = "off";
$pconfig['ssl_preproc'] = "on";
@@ -437,6 +439,8 @@ elseif ($_POST['Submit']) {
if ($_POST['sensitive_data'] == 'on') {
if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 4294067295)
$input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 4,294,067,295.");
+ if (empty($_POST['sdf_alert_data_type']))
+ $input_errors[] = gettext("You must select at least one item to Inspect for while Sensitive data Detections is enabled.");
}
/* if no errors write to conf */
@@ -480,6 +484,8 @@ elseif ($_POST['Submit']) {
$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
$natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
$natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off';
+ $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']);
+ $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold'];
$natent['sdf_mask_output'] = $_POST['sdf_mask_output'] ? 'on' : 'off';
$natent['ssl_preproc'] = $_POST['ssl_preproc'] ? 'on' : 'off';
$natent['pop_preproc'] = $_POST['pop_preproc'] ? 'on' : 'off';
@@ -1247,6 +1253,7 @@ include_once("head.inc");
</select>&nbsp;&nbsp;<?php echo gettext("Choose to operate in stateful or stateless mode. Default is ") .
"<strong>" . gettext("stateful") . "</strong>."; ?><br/>
</td>
+ </tr>
<tr id="ftp_telnet_row_encrypted_check">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Check Encrypted Traffic"); ?></td>
<td width="78%" class="vtable"><input name="ftp_telnet_check_encrypted" type="checkbox" value="on"
@@ -1393,6 +1400,20 @@ include_once("head.inc");
"<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\"/>" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
</td>
</tr>
+ <tr id="sdf_alert_data_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Inspection for"); ?> </td>
+ <td width="78%" class="vtable">
+ <select name="sdf_alert_data_type[]" class="formselect" id="sdf_alert_data_type" size="4" multiple="multiple">
+ <?php
+ $values = array('Credit Card', 'Email Addresses', 'U.S. Phone Numbers', 'U.S. Social Security Numbers');
+ foreach ($values as $val): ?>
+ <option value="<?=$val;?>"
+ <?php if (preg_match("/$val/",$pconfig['sdf_alert_data_type'])) echo "selected"; ?>>
+ <?=gettext($val);?></option>
+ <?php endforeach; ?>
+ </select><br><?php echo gettext("Choose what type of sensitive alerts to detect.").$pconfig['sdf_alert_data_type']; ?><br/>
+ </td>
+ </tr>
<tr id="sdf_alert_threshold_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Alert Threshold"); ?></td>
<td width="78%" class="vtable"><input name="sdf_alert_threshold" type="text" class="formfld unknown" id="sdf_alert_threshold" size="9" value="<?=htmlspecialchars($pconfig['sdf_alert_threshold']);?>">
@@ -1789,10 +1810,13 @@ function sensitive_data_enable_change() {
if (endis) {
document.getElementById("sdf_alert_threshold_row").style.display="none";
document.getElementById("sdf_mask_output_row").style.display="none";
+ document.getElementById("sdf_alert_data_type").style.display="none";
+
}
else {
document.getElementById("sdf_alert_threshold_row").style.display="table-row";
document.getElementById("sdf_mask_output_row").style.display="table-row";
+ document.getElementById("sdf_alert_data_type").style.display="table-row";
}
}