aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2013-01-26 21:28:43 +0100
committerErmal <eri@pfsense.org>2013-01-26 21:28:43 +0100
commit159f7aa6503168db8f0f8541312e55e1f67a8ee6 (patch)
tree903dcc9584ca82f8915536e18ed20d50bca21d1b /config/snort
parent995657bce91f35bf11beda71c224aa9afb2db9fe (diff)
downloadpfsense-packages-159f7aa6503168db8f0f8541312e55e1f67a8ee6.tar.gz
pfsense-packages-159f7aa6503168db8f0f8541312e55e1f67a8ee6.tar.bz2
pfsense-packages-159f7aa6503168db8f0f8541312e55e1f67a8ee6.zip
Include sip preprocessor which is needed for VRT policy secure
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc14
-rwxr-xr-xconfig/snort/snort_define_servers.php2
-rwxr-xr-xconfig/snort/snort_preprocessors.php12
3 files changed, 25 insertions, 3 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 80088779..de0ac58f 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1893,7 +1893,7 @@ function snort_generate_conf($snortcfg) {
"telnet_ports" => "23","snmp_ports" => "161", "ftp_ports" => "21",
"ssh_ports" => $ssh_port, "pop2_ports" => "109", "pop3_ports" => "110",
"imap_ports" => "143", "sip_proxy_ports" => "5060:5090,16384:32768",
- "sip_ports" => "5060:5090,16384:32768", "auth_ports" => "113", "finger_ports" => "79",
+ "sip_ports" => "5060, 5061", "auth_ports" => "113", "finger_ports" => "79",
"irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445",
"nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514",
"ssl_ports" => "443,465,563,636,989,990,992,993,994,995",
@@ -2094,6 +2094,16 @@ preprocessor dcerpc2_server: default, policy WinXP, \
EOD;
+ $sip_ports = str_replace(",", " ", $snort_ports['sip_ports']);
+ $sip_preproc = <<<EOD
+# SIP preprocessor
+preprocessor sip: ports { {$sip_ports} }, max_call_id_len 300, \
+ max_from_len 100, max_to_len 200, max_via_len 1000, \
+ max_requestName_len 50, max_uri_len 100, ignore_call_channel,\
+ max_content_len 1000
+
+EOD;
+
$dns_ports = str_replace(",", " ", $snort_ports['dns_ports']);
/* def dns_preprocessor */
$dns_preprocessor = <<<EOD
@@ -2174,7 +2184,7 @@ EOD;
"ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc"
);
$snort_preproc = array (
- "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc",
+ "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc",
"sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc"
);
$snort_preprocessors = "";
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index ca153d68..3a12b284 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -72,7 +72,7 @@ $snort_ports = array(
"telnet_ports" => "23","snmp_ports" => "161", "ftp_ports" => "21",
"ssh_ports" => $ssh_port, "pop2_ports" => "109", "pop3_ports" => "110",
"imap_ports" => "143", "sip_proxy_ports" => "5060:5090,16384:32768",
-"sip_ports" => "5060:5090,16384:32768", "auth_ports" => "113", "finger_ports" => "79",
+"sip_ports" => "5060,5061", "auth_ports" => "113", "finger_ports" => "79",
"irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445",
"nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514",
"ssl_ports" => "443,465,563,636,989,990,992,993,994,995",
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 25e176cb..916fd413 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -72,6 +72,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc'];
$pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc'];
$pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc'];
+ $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc'];
$pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc'];
$pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc'];
}
@@ -104,6 +105,8 @@ if ($_POST) {
$natent['imap_preproc'] = $_POST['imap_preproc'] ? 'on' : 'off';
$natent['dnp3_preproc'] = $_POST['dnp3_preproc'] ? 'on' : 'off';
$natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off';
+ $natent['sip_preproc'] = $_POST['sip_preproc'] ? 'on' : 'off';
+ $natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off';
if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
@@ -363,6 +366,15 @@ include_once("head.inc");
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
+ <?php echo gettext("SIP Detection"); ?></td>
+ <td width="78%" class="vtable"><input name="sip_preproc"
+ type="checkbox" value="on"
+ <?php if ($pconfig['sip_preproc']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ <?php echo gettext("The SIP preprocessor decodes SIP traffic and detects some vulnerabilities."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br>
<?php echo gettext("DNS Detection"); ?></td>
<td width="78%" class="vtable"><input name="dns_preprocessor"
type="checkbox" value="on"