aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2013-10-16 17:37:40 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2013-10-16 17:37:40 -0400
commit5fa1b0321dd7418e5ccea08933121e400aa5f80b (patch)
tree377799dab03b1bc790c03aadf2045af1d15ff22d /config/snort
parentbcf19d7f11a21215f15655c9ddd2f1fba751742b (diff)
downloadpfsense-packages-5fa1b0321dd7418e5ccea08933121e400aa5f80b.tar.gz
pfsense-packages-5fa1b0321dd7418e5ccea08933121e400aa5f80b.tar.bz2
pfsense-packages-5fa1b0321dd7418e5ccea08933121e400aa5f80b.zip
Fix broken log data downloads for modern browsers.
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort_alerts.php37
-rw-r--r--config/snort/snort_blocked.php27
2 files changed, 38 insertions, 26 deletions
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 0295ed2f..728de751 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -171,7 +171,7 @@ if ($_POST['todelete'] || $_GET['todelete']) {
$ip = $_GET['todelete'];
if (is_ipaddr($ip)) {
exec("/sbin/pfctl -t snort2c -T delete {$ip}");
- $savemsg = "Host IP address {$ip} has been removed from the Blocked Table.";
+ $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table.");
}
}
@@ -183,7 +183,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
/* Add the new entry to the Suppress List */
if (snort_add_supplist_entry($suppress))
- $savemsg = "An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.";
+ $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
else
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
}
@@ -208,7 +208,7 @@ if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip")
/* Add the new entry to the Suppress List */
if (snort_add_supplist_entry($suppress))
- $savemsg = "An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.";
+ $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.");
else
/* We did not find the defined list, so notify the user with an error */
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
@@ -221,8 +221,7 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
if ($fd)
fclose($fd);
conf_mount_ro();
- /* XXX: This is needed is snort is run as snort user */
- //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
+ /* XXX: This is needed if snort is run as snort user */
mwexec('/bin/chmod 660 /var/log/snort/*', true);
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
@@ -233,22 +232,28 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
if ($_POST['download']) {
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz";
- exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/snort_{$if_real}{$snort_uuid}");
+ exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
if (file_exists("/tmp/{$file_name}")) {
- $file = "/tmp/snort_logs_{$save_date}.tar.gz";
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
- header("Pragma: private"); // needed for IE
- header("Cache-Control: private, must-revalidate"); // needed for IE
- header('Content-type: application/force-download');
- header('Content-Transfer-Encoding: Binary');
- header("Content-length: ".filesize($file));
+ ob_start(); //important or other posts will fail
+ if (isset($_SERVER['HTTPS'])) {
+ header('Pragma: ');
+ header('Cache-Control: ');
+ } else {
+ header("Pragma: private");
+ header("Cache-Control: private, must-revalidate");
+ }
+ header("Content-Type: application/octet-stream");
+ header("Content-length: " . filesize("/tmp/{$file_name}"));
header("Content-disposition: attachment; filename = {$file_name}");
- readfile("$file");
+ ob_end_clean(); //important or other post will fail
+ readfile("/tmp/{$file_name}");
+
+ // Clean up the temp file
@unlink("/tmp/{$file_name}");
}
- header("Location: /snort/snort_alerts.php?instance={$instanceid}");
- exit;
+ else
+ $savemsg = gettext("An error occurred while creating archive");
}
/* Load up an array with the current Suppression List GID,SID values */
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index a81b03d7..983e8905 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -67,7 +67,6 @@ if ($_POST['download'])
exec('/sbin/pfctl -t snort2c -T show', $blocked_ips_array_save);
/* build the list */
if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) {
- ob_start(); //important or other posts will fail
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_blocked_{$save_date}.tar.gz";
exec('/bin/mkdir -p /tmp/snort_blocked');
@@ -79,24 +78,32 @@ if ($_POST['download'])
file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND);
}
- exec("/usr/bin/tar cf /tmp/{$file_name} /tmp/snort_blocked");
+ // Create a tar gzip archive of blocked host IP addresses
+ exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/snort_blocked snort_block.pf");
+ // If we successfully created the archive, send it to the browser.
if(file_exists("/tmp/{$file_name}")) {
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
- header("Pragma: private"); // needed for IE
- header("Cache-Control: private, must-revalidate"); // needed for IE
- header('Content-type: application/force-download');
- header('Content-Transfer-Encoding: Binary');
+ ob_start(); //important or other posts will fail
+ if (isset($_SERVER['HTTPS'])) {
+ header('Pragma: ');
+ header('Cache-Control: ');
+ } else {
+ header("Pragma: private");
+ header("Cache-Control: private, must-revalidate");
+ }
+ header("Content-Type: application/octet-stream");
header("Content-length: " . filesize("/tmp/{$file_name}"));
header("Content-disposition: attachment; filename = {$file_name}");
+ ob_end_clean(); //important or other post will fail
readfile("/tmp/{$file_name}");
- ob_end_clean(); //importanr or other post will fail
+
+ // Clean up the temp files and directory
@unlink("/tmp/{$file_name}");
exec("/bin/rm -fr /tmp/snort_blocked");
} else
- $savemsg = "An error occurred while creating archive";
+ $savemsg = gettext("An error occurred while creating archive");
} else
- $savemsg = "No content on snort block list";
+ $savemsg = gettext("No content on snort block list");
}
if ($_POST['save'])