aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-07-15 21:08:48 +0000
committerErmal <eri@pfsense.org>2012-07-15 21:09:07 +0000
commita15664ad7508450ae5709462cefafb7bb107c159 (patch)
treea79debcc9723409e9d030ff386ca007b55849a1c /config/snort
parent99c2189fd0172dbf932441f9a44e4cc62b3071ff (diff)
downloadpfsense-packages-a15664ad7508450ae5709462cefafb7bb107c159.tar.gz
pfsense-packages-a15664ad7508450ae5709462cefafb7bb107c159.tar.bz2
pfsense-packages-a15664ad7508450ae5709462cefafb7bb107c159.zip
Make sensitive data configurable
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc19
-rw-r--r--config/snort/snort_alerts.php3
-rw-r--r--config/snort/snort_preprocessors.php11
3 files changed, 27 insertions, 6 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 54be4225..e7ba998b 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1221,6 +1221,8 @@ preprocessor dns: \
EOD;
+ $sensitive_data = "preprocessor sensitive_data:\n";
+
/* stream5 queued settings */
$def_max_queued_bytes_type = '';
if (!empty($snortcfg['max_queued_bytes']))
@@ -1257,7 +1259,7 @@ EOD;
$snort_preproc = array (
"perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor",
- "sf_portscan", "dce_rpc_2", "dns_preprocessor"
+ "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data"
);
$snort_preprocessors = "";
foreach ($snort_preproc as $preproc) {
@@ -1274,9 +1276,16 @@ EOD;
if (file_exists("{$snortcfgdir}/classification.config"))
$snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n";
if (is_dir("{$snortdir}/preproc_rules")) {
- foreach (glob("{$snortdir}/preproc_rules/*.rules") as $file) {
- $file = basename($file);
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/{$file}\n";
+ if ($snortcfg['sensitive_data'] && file_exists("{$snortdir}/preproc_rules/sensitive-data.rules"))
+ $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/sensitive-data.rules/\n";
+
+ if (file_exists("{$snortdir}/preproc_rules/decoder.rules") &&
+ file_exists("{$snortdir}/preproc_rules/preprocessor.rules")) {
+ $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
+ $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
+ } else {
+ $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
+ log_error("Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
}
} else {
$snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
@@ -1351,8 +1360,6 @@ preprocessor stream5_tcp: policy BSD, ports both all{$def_max_queued_bytes_type}
preprocessor stream5_udp:
preprocessor stream5_icmp:
-preprocessor sensitive_data:
-
{$snort_preprocessors}
# Ignore SSL and Encryption #
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index e05bd938..73c67415 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -334,6 +334,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
</table>
</div>
</td></tr></table>
+<script type="text/javascript">
+sortable.reverse("myTable");
+</script>
<?php
include("fend.inc");
?>
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 339c0168..6a5cca6e 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -65,6 +65,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
$pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
$pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+ $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
}
if ($_POST) {
@@ -86,6 +87,7 @@ if ($_POST) {
$natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off';
$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
$natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
+ $natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off';
if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
@@ -299,6 +301,15 @@ include_once("head.inc");
vulnerabilities.</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell">Enable <br> Sensitive Data</td>
+ <td width="78%" class="vtable">
+ <input name="sensitive_data" type="checkbox" value="on"
+ <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Sensisitive data searches for CC or SS# in data
+ </td>
+ </tr>
+ <tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input name="Submit" type="submit" class="formbtn" value="Save">