aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal Luçi <eri@pfsense.org>2013-06-07 01:56:53 -0700
committerErmal Luçi <eri@pfsense.org>2013-06-07 01:56:53 -0700
commitcd490cb5e08ab7361a97e6bcf2f2a1aa29e27656 (patch)
tree67e179f367bc28d4a971af0d4ed1ec51cddd5146 /config/snort
parent8ba97bb7780495943c2d50547514d5b388d06329 (diff)
parent8e910fa46269ae3c933ad068ef2843b9dd9dda4e (diff)
downloadpfsense-packages-cd490cb5e08ab7361a97e6bcf2f2a1aa29e27656.tar.gz
pfsense-packages-cd490cb5e08ab7361a97e6bcf2f2a1aa29e27656.tar.bz2
pfsense-packages-cd490cb5e08ab7361a97e6bcf2f2a1aa29e27656.zip
Merge pull request #455 from bmeeks8/master
Snort Pkg 2.5.8 Fix for User-Reported Bug and a few minor updates
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc37
-rw-r--r--config/snort/snort_barnyard.php8
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php5
-rwxr-xr-xconfig/snort/snort_preprocessors.php2
-rwxr-xr-xconfig/snort/snort_rules.php69
-rwxr-xr-xconfig/snort/snort_rulesets.php131
6 files changed, 142 insertions, 110 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index cf36ca86..44dd133e 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -39,6 +39,9 @@ require_once("pkg-utils.inc");
// Needed on 2.0 because of filter_get_vpns_list()
require_once("filter.inc");
+// Snort GUI needs some extra PHP memory space to manipulate large rules arrays
+ini_set("memory_limit", "192M");
+
// Explicitly declare these as global so they work through function call includes
global $snort_rules_file, $snort_version, $emerging_threats_version, $snort_rules_upd_log;
global $all_rules, $flowbit_rules_file, $snort_enforcing_rules_file, $rebuild_rules, $is_postinstall;
@@ -1285,7 +1288,7 @@ function snort_get_flowbits($rule) {
return $flowbits;
}
-function snort_get_checked_flowbits(&$rules_map) {
+function snort_get_checked_flowbits($rules_map) {
/*************************************************************/
/* This function checks all the currently enabled rules to */
@@ -1328,7 +1331,7 @@ function snort_get_checked_flowbits(&$rules_map) {
return $checked_flowbits;
}
-function snort_get_set_flowbits(&$rules_map) {
+function snort_get_set_flowbits($rules_map) {
/*********************************************************/
/* This function checks all the currently enabled rules */
@@ -1369,7 +1372,7 @@ function snort_get_set_flowbits(&$rules_map) {
return $set_flowbits;
}
-function snort_find_flowbit_required_rules(&$all_rules, &$unchecked_flowbits) {
+function snort_find_flowbit_required_rules($all_rules, $unchecked_flowbits) {
/********************************************************/
/* This function finds all rules that must be enabled */
@@ -1417,7 +1420,7 @@ function snort_find_flowbit_required_rules(&$all_rules, &$unchecked_flowbits) {
return $required_flowbits_rules;
}
-function snort_resolve_flowbits(&$active_rules) {
+function snort_resolve_flowbits($active_rules) {
/******************************************************/
/* This function auto-resolves flowbit requirements */
@@ -1529,20 +1532,21 @@ function snort_load_vrt_policy($policy, $load_rules_map=true) {
$snortdir = SNORTDIR;
$vrt_policy_rules = array();
- /* Create regular expression for searching. */
- $policy_pcre = "/policy\\s" . $policy . "/i";
-
/* Refresh the map of all the rules if flag */
/* is set. */
- if ($load_rules_map == true)
- $all_rules = snort_load_rules_map("{$snortdir}/rules/");
+ if ($load_rules_map) {
+ /* Since only Snort VRT rules have IPS Policy metadata, */
+ /* limit our search to just those files. */
+ $snort_vrt_files = glob("{$snortdir}/rules/snort_*.rules");
+ $all_rules = array();
+ $all_rules = snort_load_rules_map($snort_vrt_files);
+ }
- /* Now walk the rules list and find all those */
- /* that are defined as active for the chosen */
- /* security policy. */
+ /* Now walk the rules list and find all those that are defined */
+ /* defined as active for the chosen security policy. */
foreach ($all_rules as $k1 => $arulem) {
foreach ($arulem as $k2 => $arulem2) {
- if (preg_match($policy_pcre, $arulem2['rule'])) {
+ if (strripos($arulem2['rule'], "policy {$policy}-ips") !== false) {
if (!preg_match('/flowbits\s*:\s*noalert/i', $arulem2['rule'])) {
if (!is_array($vrt_policy_rules[$k1]))
$vrt_policy_rules[$k1] = array();
@@ -1564,9 +1568,9 @@ function snort_load_vrt_policy($policy, $load_rules_map=true) {
unset($arulem, $arulem2);
/* If we loaded the ALL_RULES map, */
- /* then release the memory. */
+ /* then release the global memory. */
if ($load_rules_map == true)
- unset($all_rules);
+ unset($GLOBALS['all_rules']);
/* Return all the rules that match the policy. */
return $vrt_policy_rules;
@@ -2075,6 +2079,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
$no_rules_defined = false;
/* Load up all the rules into a Rules Map array. */
+ $all_rules = array();
$all_rules = snort_load_rules_map("{$snortdir}/rules/");
/* Create an array with the filenames of the enabled */
@@ -2160,7 +2165,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Just put an empty file to always have the file present */
snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}");
- unset($enabled_rules, $all_rules);
+ unset($GLOBALS['all_rules']);
} else {
snort_write_enforcing_rules_file(array(), "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}");
snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}");
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index a7f04e39..2773fe95 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -192,8 +192,8 @@ function enable_change(enable_change) {
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Log to a MySQL Database"); ?></td>
- <td width="78%" class="vtable"><input name="barnyard_mysql"
- type="text" class="formfld" id="barnyard_mysql" size="100"
+ <td width="78%" class="vtable"><input name="barnyard_mysql"
+ type="text" class="formfld" id="barnyard_mysql" style="width:95%;" size="85"
value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br>
<span class="vexpl"><?php echo gettext("Example: output database: alert, mysql, " .
"dbname=snort user=snort host=localhost password=xyz"); ?><br>
@@ -206,8 +206,8 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top" class="vncell"<?php echo gettext("Advanced configuration " .
"pass through"); ?></td>
- <td width="78%" class="vtable"><textarea name="barnconfigpassthru"
- cols="60" rows="7" id="barnconfigpassthru" ><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
+ <td width="78%" class="vtable"><textarea name="barnconfigpassthru" style="width:95%;"
+ cols="65" rows="7" id="barnconfigpassthru" ><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
<br>
<?php echo gettext("Arguments here will be automatically inserted into the running " .
"barnyard2 configuration."); ?></td>
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index f08ebc18..2b60b6ce 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -41,6 +41,8 @@ $snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
+/* Save the state of $pkg_interface so we can restore it */
+$pkg_interface_orig = $pkg_interface;
if ($snort_gui_include)
$pkg_interface = "";
else
@@ -740,4 +742,7 @@ log_error(gettext("[Snort] The Rules update has finished."));
error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $snort_rules_upd_log);
conf_mount_ro();
+/* Restore the state of $pkg_interface */
+$pkg_interface = $pkg_interface_orig;
+
?>
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 4c921ca4..12981398 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -1143,7 +1143,7 @@ include_once("head.inc");
<td width="22%" valign="top">&nbsp;</td>
<td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: "); ?></strong></span>
<?php echo gettext("Please save your settings before you exit. Preprocessor changes will rebuild the rules file. This "); ?>
- </br><?php echo gettext("may take several seconds. Snort must also be restarted to activate any changes made on this screen."); ?></td>
+ <?php echo gettext("may take several seconds. Snort must also be restarted to activate any changes made on this screen."); ?></td>
</tr>
</table>
</div>
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 2ef529b9..ca63dae9 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -192,6 +192,7 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
+ $_GET['openruleset'] = $currentruleset;
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
exit;
}
@@ -227,6 +228,7 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
+ $_GET['openruleset'] = $currentruleset;
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
exit;
}
@@ -240,6 +242,7 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
+ $_GET['openruleset'] = $currentruleset;
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
exit;
}
@@ -324,32 +327,6 @@ if ($savemsg) {
?>
-<script language="javascript" type="text/javascript">
-function go()
-{
- var box = document.iform.selectbox;
- destination = box.options[box.selectedIndex].value;
- if (destination)
- location.href = destination;
-}
-
-function wopen(url, name, w, h)
-{
-// Fudge factors for window decoration space.
-// In my tests these work well on all platforms & browsers.
-w += 32;
-h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
-
<form action="/snort/snort_rules.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
@@ -434,9 +411,10 @@ h += 96;
<td class="vncell">
<table width="100%" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td width="55%" valign="middle" rowspan="2"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
- title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/>
- <input type='hidden' name='id' value='<?=$id;?>'/></td>
+ <td width="50%" valign="middle" rowspan="2"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
+ title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/>
+ <input type='hidden' name='id' value='<?=$id;?>'/>
+ <input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/></td>
<td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'>
<img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
@@ -496,6 +474,7 @@ h += 96;
<tbody>
<?php
+ $counter = 0;
foreach ($rules_map as $k1 => $rulem) {
foreach ($rulem as $k2 => $v) {
$sid = snort_get_sid($v['rule']);
@@ -576,6 +555,7 @@ h += 96;
</td>
</tr>
<?php
+ $counter++;
}
}
unset($rulem, $v);
@@ -586,7 +566,10 @@ h += 96;
</tr>
<tr>
<td>
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="1">
+ <table width="100%" border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td class="vexpl" colspan="2" height="30" valign="middle"><?php echo gettext("Rule Count: {$counter}"); ?></td>
+ </tr>
<tr>
<td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
width="11" height="11"></td>
@@ -618,5 +601,31 @@ h += 96;
</table>
</form>
<?php include("fend.inc"); ?>
+
+<script language="javascript" type="text/javascript">
+function go()
+{
+ var box = document.iform.selectbox;
+ destination = box.options[box.selectedIndex].value;
+ if (destination)
+ location.href = destination;
+}
+
+function wopen(url, name, w, h)
+{
+// Fudge factors for window decoration space.
+// In my tests these work well on all platforms & browsers.
+w += 32;
+h += 96;
+ var win = window.open(url,
+ name,
+ 'width=' + w + ', height=' + h + ', ' +
+ 'location=no, menubar=no, ' +
+ 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
+ win.resizeTo(w, h);
+ win.focus();
+}
+
+</script>
</body>
</html>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index fce1616b..fa3efc1b 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -112,12 +112,14 @@ else
/* alert file */
if ($_POST["Submit"]) {
- if ($_POST['ips_policy_enable'] == "on")
+ if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
- else
+ $a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
+ }
+ else {
$a_nat[$id]['ips_policy_enable'] = 'off';
-
- $a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
+ unset($a_nat[$id]['ips_policy']);
+ }
$enabled_items = "";
if (is_array($_POST['toenable']))
@@ -152,6 +154,15 @@ if ($_POST["Submit"]) {
if ($_POST['unselectall']) {
$a_nat[$id]['rulesets'] = "";
+ if ($_POST['ips_policy_enable'] == "on") {
+ $a_nat[$id]['ips_policy_enable'] = 'on';
+ $a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
+ }
+ else {
+ $a_nat[$id]['ips_policy_enable'] = 'off';
+ unset($a_nat[$id]['ips_policy']);
+ }
+
write_config();
sync_snort_package_config();
@@ -161,17 +172,29 @@ if ($_POST['unselectall']) {
if ($_POST['selectall']) {
$rulesets = array();
+
+ if ($_POST['ips_policy_enable'] == "on") {
+ $a_nat[$id]['ips_policy_enable'] = 'on';
+ $a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
+ }
+ else {
+ $a_nat[$id]['ips_policy_enable'] = 'off';
+ unset($a_nat[$id]['ips_policy']);
+ }
+
if ($emergingdownload == 'on') {
$files = glob("{$snortdir}/rules/emerging*.rules");
foreach ($files as $file)
$rulesets[] = basename($file);
}
if ($snortcommunitydownload == 'on') {
- $files = glob("{$snortdir}/rules/sc_*.rules");
+ $files = glob("{$snortdir}/rules/*_community.rules");
foreach ($files as $file)
$rulesets[] = basename($file);
}
- if ($snortdownload == 'on') {
+
+ /* Include the Snort VRT rules only if enabled and no IPS policy is set */
+ if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') {
$files = glob("{$snortdir}/rules/snort*.rules");
foreach ($files as $file)
$rulesets[] = basename($file);
@@ -210,49 +233,6 @@ if ($savemsg) {
?>
-<script language="javascript" type="text/javascript">
-function popup(url)
-{
- params = 'width='+screen.width;
- params += ', height='+screen.height;
- params += ', top=0, left=0'
- params += ', fullscreen=yes';
-
- newwin=window.open(url,'windowname4', params);
- if (window.focus) {newwin.focus()}
- return false;
-}
-
-function wopen(url, name, w, h)
-{
-// Fudge factors for window decoration space.
-// In my tests these work well on all platforms & browsers.
-w += 32;
-h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-function enable_change()
-{
- var endis = !(document.iform.ips_policy_enable.checked);
- document.iform.ips_policy.disabled=endis;
-
- for (var i = 0; i < document.iform.elements.length; i++) {
- if (document.iform.elements[i].type == 'checkbox') {
- var str = document.iform.elements[i].value;
- if (str.substr(0,6) == "snort_")
- document.iform.elements[i].disabled = !(endis);
- }
- }
-}
-</script>
-
<form action="snort_rulesets.php" method="post" name="iform" id="iform">
<input type="hidden" name="id" id="id" value="<?=$id;?>" />
<table width="100%" border="0" cellpadding="0" cellspacing="0">
@@ -271,14 +251,14 @@ function enable_change()
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
?>
</td></tr>
<tr>
@@ -348,7 +328,7 @@ function enable_change()
</td>
</tr>
<tr>
- <td colspan="6" class="listtopic"><?php echo gettext("Snort IPS Policy Selection"); ?><br/></td>
+ <td colspan="6" class="listtopic"><?php echo gettext("Snort IPS Policy selection"); ?><br/></td>
</tr>
<tr>
<td colspan="6" valign="center" class="listn">
@@ -389,7 +369,7 @@ function enable_change()
</td>
</tr>
<tr>
- <td colspan="6" class="listtopic"><?php echo gettext("Select the rulesets you would like Snort to load at startup"); ?><br/></td>
+ <td colspan="6" class="listtopic"><?php echo gettext("Select the rulesets Snort will load at startup"); ?><br/></td>
</tr>
<tr>
<td colspan="6">
@@ -570,5 +550,38 @@ function enable_change()
<?php
include("fend.inc");
?>
+
+<script language="javascript" type="text/javascript">
+
+function wopen(url, name, w, h)
+{
+// Fudge factors for window decoration space.
+// In my tests these work well on all platforms & browsers.
+w += 32;
+h += 96;
+ var win = window.open(url,
+ name,
+ 'width=' + w + ', height=' + h + ', ' +
+ 'location=no, menubar=no, ' +
+ 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
+ win.resizeTo(w, h);
+ win.focus();
+}
+
+function enable_change()
+{
+ var endis = !(document.iform.ips_policy_enable.checked);
+ document.iform.ips_policy.disabled=endis;
+
+ for (var i = 0; i < document.iform.elements.length; i++) {
+ if (document.iform.elements[i].type == 'checkbox') {
+ var str = document.iform.elements[i].value;
+ if (str.substr(0,6) == "snort_")
+ document.iform.elements[i].disabled = !(endis);
+ }
+ }
+}
+</script>
+
</body>
</html>