Add separate packages for snort and havp dashboard widgets.

7 files changed, 415 insertions, 0 deletions

diff --git a/config/widget-snort/snort_alerts.inc b/config/widget-snort/snort_alerts.inc
new file mode 100644
index 00000000..d6e3b0ca
--- /dev/null
+++ b/config/widget-snort/snort_alerts.inc
@@ -0,0 +1,15 @@
+<?php
+
+require_once("includes/snort_alerts.inc.php");
+
+$snort_alerts_title = "Snort Alerts";
+$snort_alerts_title_link = "snort_alerts.php";
+
+$snort_alerts_logfile = "{$g['varlog_path']}/snort/alert";
+$nentries = 5;
+$snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries);
+
+/* AJAX related routines */
+handle_snort_ajax($snort_alerts_logfile, $nentries = 5);
+
+?>
\ No newline at end of file
diff --git a/config/widget-snort/snort_alerts.inc.php b/config/widget-snort/snort_alerts.inc.php
new file mode 100644
index 00000000..99e3ee9f
--- /dev/null
+++ b/config/widget-snort/snort_alerts.inc.php
@@ -0,0 +1,77 @@
+<?
+function get_snort_alerts($snort_alerts, $nentries, $tail = 20) {
+	global $config, $g;
+	$logarr = "";
+	/* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */
+	exec("/usr/bin/tail -r -n {$tail} {$snort_alerts}", $logarr);
+	
+	$snortalerts = array();
+	
+	$counter = 0;
+	
+	foreach ($logarr as $logent) {
+		if($counter >= $nentries)
+			break;
+
+		$alert = parse_snort_alert_line($logent);
+		if ($alert != "") {
+			$counter++;
+			$snortalerts[] = $alert;
+		}
+
+	}
+	/* Since the rules are in reverse order, flip them around if needed based on the user's preference */
+	return isset($config['syslog']['reverse']) ? $snortalerts : array_reverse($snortalerts);
+}
+
+function parse_snort_alert_line($line) {
+	$log_split = "";
+	
+	preg_match("/^(.*)\s+\[\*\*\]\s+\[(\d+\:\d+:\d+)\]\s(.*)\s(.*)\s+\[\*\*\].*\s+\[Priority:\s(\d+)\]\s{(.*)}\s+(.*)\s->\s(.*)$/U", $line, $log_split);
+	
+	list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'], 
+	  $alert['priority'], $alert['proto'], $alert['src'], $alert['dst']) = $log_split;
+
+	$usableline = true;
+
+	if(trim($alert['src']) == "")
+		$usableline = false;
+	if(trim($alert['dst']) == "")
+		$usableline = false;
+
+	if($usableline == true) {
+		return $alert;
+	} else {
+		if($g['debug']) {
+			log_error("There was a error parsing line: $line.   Please report to mailing list or forum.");
+		}
+		return "";
+	}
+}
+
+/* AJAX specific handlers */
+function handle_snort_ajax($snort_alerts_logfile, $nentries = 5, $tail = 50) {
+	if($_GET['lastsawtime'] or $_POST['lastsawtime']) {
+		if($_GET['lastsawtime'])
+			$lastsawtime = $_GET['lastsawtime'];
+		if($_POST['lastsawtime'])
+			$lastsawtime = $_POST['lastsawtime'];
+		/*  compare lastsawrule's time stamp to alert logs.
+		 *  afterwards return the newer records so that client
+                 *  can update AJAX interface screen.
+		 */
+		$new_rules = "";
+		$snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries);
+		foreach($snort_alerts as $log_row) {
+			$time_regex = "";
+			preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex);
+			$row_time = strtotime($time_regex[1]);
+			if($row_time > $lastsawtime) {
+				$new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||" . time() . "||\n";
+			}
+		}
+		echo $new_rules;
+		exit;
+	}
+}
+?>
\ No newline at end of file
diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js
new file mode 100644
index 00000000..48c97d6c
--- /dev/null
+++ b/config/widget-snort/snort_alerts.js
@@ -0,0 +1,145 @@
+
+snortlastsawtime = '<?php echo time(); ?>';
+var snortlines = Array();
+var snorttimer;
+var snortupdateDelay = 25500;
+var snortisBusy = false;
+var snortisPaused = false;
+
+<?php
+	if(isset($config['syslog']['reverse']))
+		echo "var isReverse = true;\n";
+	else
+		echo "var isReverse = false;\n";
+?>
+
+if (typeof getURL == 'undefined') {
+	getURL = function(url, callback) {
+		if (!url)
+			throw 'No URL for getURL';
+		try {
+			if (typeof callback.operationComplete == 'function')
+				callback = callback.operationComplete;
+		} catch (e) {}
+			if (typeof callback != 'function')
+				throw 'No callback function for getURL';
+		var http_request = null;
+		if (typeof XMLHttpRequest != 'undefined') {
+		    http_request = new XMLHttpRequest();
+		}
+		else if (typeof ActiveXObject != 'undefined') {
+			try {
+				http_request = new ActiveXObject('Msxml2.XMLHTTP');
+			} catch (e) {
+				try {
+					http_request = new ActiveXObject('Microsoft.XMLHTTP');
+				} catch (e) {}
+			}
+		}
+		if (!http_request)
+			throw 'Both getURL and XMLHttpRequest are undefined';
+		http_request.onreadystatechange = function() {
+			if (http_request.readyState == 4) {
+				callback( { success : true,
+				  content : http_request.responseText,
+				  contentType : http_request.getResponseHeader("Content-Type") } );
+			}
+		}
+		http_request.open('GET', url, true);
+		http_request.send(null);
+	}
+}
+
+function snort_alerts_fetch_new_rules() {
+	if(snortisPaused)
+		return;
+	if(snortisBusy)
+		return;
+	snortisBusy = true;
+	getURL('widgets/helpers/snort_alerts_helper.php?lastsawtime=' + snortlastsawtime, snort_alerts_fetch_new_rules_callback);
+}
+function snort_alerts_fetch_new_rules_callback(callback_data) {
+	if(snortisPaused)
+		return;
+
+	var data_split;
+	var new_data_to_add = Array();
+	var data = callback_data.content;
+
+	data_split = data.split("\n");
+
+	for(var x=0; x<data_split.length-1; x++) {
+		/* loop through rows */
+		row_split = data_split[x].split("||");
+		var line = '';
+		line =  '<td width="5%"  class="listr">' + row_split[1] + '</td>';
+		line += '<td width="5%"  class="listr">' + row_split[2] + '</td>';
+		line += '<td width="45%" class="listr">' + row_split[3] + '</td>';
+		line += '<td width="45%" class="listr">' + row_split[4] + '</td>';
+		snortlastsawtime = row_split[5];
+		new_data_to_add[new_data_to_add.length] = line;
+	}
+	snort_alerts_update_div_rows(new_data_to_add);
+	snortisBusy = false;
+}
+function snort_alerts_update_div_rows(data) {
+	if(snortisPaused)
+		return;
+
+	var isIE = navigator.appName.indexOf('Microsoft') != -1;
+	var isSafari = navigator.userAgent.indexOf('Safari') != -1;
+	var isOpera = navigator.userAgent.indexOf('Opera') != -1;
+	var rulestable = document.getElementById('snort_alerts');
+	var rows = rulestable.getElementsByTagName('tr');
+	var showanim = 1;
+	if (isIE) {
+		showanim = 0;
+	}
+	//alert(data.length);
+	for(var x=0; x<data.length; x++) {
+		var numrows = rows.length;
+		/*    if reverse logging is enabled we need to show the
+		 *    records in a reverse order with new items appearing
+		 *    on the top
+		 */
+		if(isReverse == false) {
+			for (var i = 1; i < numrows; i++) {
+				nextrecord = i + 1;
+				if(nextrecord < numrows)
+					rows[i].innerHTML = rows[nextrecord].innerHTML;
+			}
+		} else {
+			for (var i = numrows; i > 0; i--) {
+				nextrecord = i + 1;
+				if(nextrecord < numrows)
+					rows[nextrecord].innerHTML = rows[i].innerHTML;
+			}
+		}
+		var item = document.getElementById('snort-firstrow');
+		if(x == data.length-1) {
+			/* nothing */
+			showanim = false;
+		} else {
+			showanim = false;
+		}
+		if (showanim) {
+			item.style.display = 'none';
+			item.innerHTML = data[x];
+			new Effect.Appear(item);
+		} else {
+			item.innerHTML = data[x];
+		}
+	}
+	/* rechedule AJAX interval */
+	//snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay);
+}
+function snort_alerts_toggle_pause() {
+	if(snortisPaused) {
+		snortisPaused = false;
+		snort_alerts_fetch_new_rules();
+	} else {
+		snortisPaused = true;
+	}
+}
+/* start local AJAX engine */
+snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay);
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php
new file mode 100644
index 00000000..22bd1b69
--- /dev/null
+++ b/config/widget-snort/snort_alerts.widget.php
@@ -0,0 +1,67 @@
+<?php
+/*
+    snort_alerts.widget.php
+    Copyright (C) 2009 Jim Pingle
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+global $config, $g;
+
+?>
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+	<tbody>
+		<tr class="snort-alert-header">
+			<td width="5%"  class="widgetsubheader">Pri</td>
+			<td width="5%"  class="widgetsubheader">Category</td>
+			<td width="45%" class="widgetsubheader">Src</td>
+			<td width="45%" class="widgetsubheader">Dst</td>
+		</tr>
+<?php   $counter=0;
+ 	foreach ($snort_alerts as $alert) { ?>
+
+	<?php
+		if(isset($config['syslog']['reverse'])) {
+			/* honour reverse logging setting */
+			if($counter == 0)
+				$activerow = " id=\"snort-firstrow\"";
+			else
+				$activerow = "";
+
+		} else {
+			/* non-reverse logging */
+			if($counter == count($snort_alerts) - 1)
+				$activerow = " id=\"snort-firstrow\"";
+			else
+				$activerow = "";
+		}
+	?>
+
+		<tr class="snort-alert-entry" <?php echo $activerow; ?>>
+			<td width="5%"  class="listr"><?= $alert["priority"] ?></td>
+			<td width="5%"  class="listr"><?= $alert["category"] ?></td>
+			<td width="45%" class="listr"><?= $alert["src"] ?></td>
+			<td width="45%" class="listr"><?= $alert["dst"] ?></td>
+		</tr>
+<?php 		$counter++;
+	} ?>
+	</tbody>
+</table>
diff --git a/config/widget-snort/snort_alerts_helper.php b/config/widget-snort/snort_alerts_helper.php
new file mode 100644
index 00000000..0e7b4fad
--- /dev/null
+++ b/config/widget-snort/snort_alerts_helper.php
@@ -0,0 +1,13 @@
+<?php
+require("guiconfig.inc");
+
+require_once("includes/snort_alerts.inc.php");
+
+$snort_alerts_logfile = "{$g['varlog_path']}/snort/alert";
+$nentries = 5;
+handle_snort_ajax($snort_alerts_logfile, $nentries);
+
+?>
+<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
+<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script>
+<script src="/widgets/javascript/snort_alerts.js" type="text/javascript"></script>
diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc
new file mode 100644
index 00000000..584e5f2d
--- /dev/null
+++ b/config/widget-snort/widget-snort.inc
@@ -0,0 +1,13 @@
+<?php
+
+function widget_snort_uninstall() {
+
+	unlink("/usr/local/www/includes/snort_alerts.inc.php");
+	unlink("/usr/local/www/widgets/helpers/snort_alerts_helper.php");
+	unlink("/usr/local/www/widgets/include/snort_alerts.inc");
+	unlink("/usr/local/www/widgets/javascript/snort_alerts.js");
+	unlink("/usr/local/www/widgets/widgets/snort_alerts.widget.php");
+
+}
+
+?>
\ No newline at end of file
diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml
new file mode 100644
index 00000000..b32a27d7
--- /dev/null
+++ b/config/widget-snort/widget-snort.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+	<copyright>
+	<![CDATA[
+/* $Id$	*/
+/* ========================================================================== */
+/*
+    widget-snort.xml
+    part of pfSense (http://www.pfSense.com)
+    Copyright (C) 2009 Jim Pingle
+    All	rights reserved.
+
+    Based on m0n0wall (http://m0n0.ch/wall)
+    Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+    All	rights reserved.
+									      */
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary	forms, with or without
+    modification, are permitted	provided that the following conditions are met:
+
+     1.	Redistributions	of source code must retain the above copyright notice,
+	this list of conditions	and the	following disclaimer.
+
+     2.	Redistributions	in binary form must reproduce the above	copyright
+	notice,	this list of conditions	and the	following disclaimer in	the
+	documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS''	AND ANY	EXPRESS	OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND	FITNESS	FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR	SERVICES; LOSS OF USE, DATA, OR	PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON	ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY,	OR TORT	(INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,	EVEN IF	ADVISED	OF THE
+    POSSIBILITY	OF SUCH	DAMAGE.
+									      */
+/* ========================================================================== */
+	]]>
+	</copyright>
+	<description>Snort widget add-on for Dashboard package</description>
+	<requirements>Dashboard package and Snort</requirements>
+	<faq>Currently there are no FAQ	items provided.</faq>
+	<name>widget-snort</name>
+	<version>0.1</version>
+	<title>Widget - Snort</title>
+	<include_file>/usr/local/pkg/widget-snort.inc</include_file>
+	<additional_files_needed>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>077</chmod>
+		<item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item>
+	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/www/includes/</prefix>
+		<chmod>0644</chmod>
+		<item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc.php</item>
+	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/www/widgets/helpers/</prefix>
+		<chmod>0644</chmod>
+		<item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts_helper.php</item>
+	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/www/widgets/include/</prefix>
+		<chmod>0644</chmod>
+		<item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc</item>
+	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/www/widgets/javascript/</prefix>
+		<chmod>0644</chmod>
+		<item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.js</item>
+	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/www/widgets/widgets/</prefix>
+		<chmod>0644</chmod>
+		<item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php</item>
+	</additional_files_needed>
+	<custom_php_deinstall_command>
+		widget_snort_uninstall();
+	</custom_php_deinstall_command>
+</packagegui>