aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorjim-p <jim@pingle.org>2009-10-14 17:10:40 -0400
committerjim-p <jim@pingle.org>2009-10-14 17:11:35 -0400
commit196610ae4ce93843d877993c6f1a400c7670df1e (patch)
tree945bf5c141930b56844b018a1d543e137e7ed8ee /config
parenta0275915f127d728e5088920bd8da9a944a7d6b4 (diff)
downloadpfsense-packages-196610ae4ce93843d877993c6f1a400c7670df1e.tar.gz
pfsense-packages-196610ae4ce93843d877993c6f1a400c7670df1e.tar.bz2
pfsense-packages-196610ae4ce93843d877993c6f1a400c7670df1e.zip
Add separate packages for snort and havp dashboard widgets.
Diffstat (limited to 'config')
-rw-r--r--config/widget-havp/havp_alerts.inc15
-rw-r--r--config/widget-havp/havp_alerts.inc.php90
-rw-r--r--config/widget-havp/havp_alerts.js149
-rw-r--r--config/widget-havp/havp_alerts.widget.php63
-rw-r--r--config/widget-havp/havp_alerts_helper.php13
-rw-r--r--config/widget-havp/widget-havp.inc11
-rw-r--r--config/widget-havp/widget-havp.xml85
-rw-r--r--config/widget-snort/snort_alerts.inc15
-rw-r--r--config/widget-snort/snort_alerts.inc.php77
-rw-r--r--config/widget-snort/snort_alerts.js145
-rw-r--r--config/widget-snort/snort_alerts.widget.php67
-rw-r--r--config/widget-snort/snort_alerts_helper.php13
-rw-r--r--config/widget-snort/widget-snort.inc13
-rw-r--r--config/widget-snort/widget-snort.xml85
14 files changed, 841 insertions, 0 deletions
diff --git a/config/widget-havp/havp_alerts.inc b/config/widget-havp/havp_alerts.inc
new file mode 100644
index 00000000..ecbfe897
--- /dev/null
+++ b/config/widget-havp/havp_alerts.inc
@@ -0,0 +1,15 @@
+<?php
+
+require_once("includes/havp_alerts.inc.php");
+
+$havp_alerts_title = "HAVP Alerts";
+$havp_alerts_title_link = "havp_alerts.php";
+
+$havp_alerts_logfile = "{$g['varlog_path']}/havp/access.log";
+$nentries = 5;
+$havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries);
+
+/* AJAX related routines */
+handle_havp_ajax($havp_alerts_logfile, $nentries = 5);
+
+?> \ No newline at end of file
diff --git a/config/widget-havp/havp_alerts.inc.php b/config/widget-havp/havp_alerts.inc.php
new file mode 100644
index 00000000..c0810b83
--- /dev/null
+++ b/config/widget-havp/havp_alerts.inc.php
@@ -0,0 +1,90 @@
+<?
+function get_havp_alerts($havp_alerts, $nentries, $tail = 20) {
+ global $config, $g;
+ $logarr = "";
+ /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */
+ exec("/usr/bin/tail -r -n {$tail} {$havp_alerts}", $logarr);
+
+ $havpalerts = array();
+
+ $counter = 0;
+
+ foreach ($logarr as $logent) {
+ if($counter >= $nentries)
+ break;
+
+ $alert = parse_havp_alert_line($logent);
+ if ($alert != "") {
+ $counter++;
+ $havpalerts[] = $alert;
+ }
+
+ }
+ /* Since the rules are in reverse order, flip them around if needed based on the user's preference */
+ return isset($config['syslog']['reverse']) ? $havpalerts : array_reverse($havpalerts);
+}
+
+
+
+
+function parse_havp_alert_line($line) {
+ $log_split = "";
+
+ preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split);
+
+ list($all, $alert['date'], $alert['time'], $alert['lanip'], $alert['url'], $alert['dontcare1'], $alert['dontcare2'], $alert['dontcare3'], $alert['query'],
+ $alert['virusname']) = $log_split;
+
+ $usableline = true;
+
+ if(trim($alert['url']) == "")
+ $usableline = false;
+ if(trim($alert['virusname']) == "")
+ $usableline = false;
+
+ if($usableline == true) {
+ return $alert;
+ } else {
+ if($g['debug']) {
+ log_error("There was a error parsing line: $line. Please report to mailing list or forum.");
+ }
+ return "";
+ }
+}
+
+/* AJAX specific handlers */
+function handle_havp_ajax($havp_alerts_logfile, $nentries = 5, $tail = 50) {
+ if($_GET['lastsawtime'] or $_POST['lastsawtime']) {
+ if($_GET['lastsawtime'])
+ $lastsawtime = $_GET['lastsawtime'];
+ if($_POST['lastsawtime'])
+ $lastsawtime = $_POST['lastsawtime'];
+ /* compare lastsawrule's time stamp to alert logs.
+ * afterwards return the newer records so that client
+ * can update AJAX interface screen.
+ */
+ $new_rules = "";
+ $time_regex = "";
+
+ $havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries);
+ foreach($havp_alerts as $log_row) {
+ preg_match("/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])$/U",$log_row['date'] , $time_regex);
+# $time_regex = "";"/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])\s+([0-9][0-9]:[0-9][0-9]:[0-9][0-9])$/U"
+ // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['date'] . " " . $log_row['time'], $time_regex);
+ $row_time = strtotime($time_regex[2] . "/" . $time_regex[1] . "/" . $time_regex[3] . " " . $log_row['time']);
+ // $myfile = "/testfile.txt";
+ // $fh = fopen($myfile,'a') or die("can't open file");
+ // $stringdata = $lastsawtime . "-" . $row_time . "\n";
+ // fwrite($fh, $stringdata);
+ // fclose($fh);
+
+ if($row_time > $lastsawtime and $lastsawtime > 0) {
+
+ $new_rules .= "{$log_row['url']}||{$log_row['virusname']}||" . time() . "||{$log_row['date']}||{$log_row['time']}||" . "\n";
+ }
+ }
+ echo $new_rules;
+ exit;
+ }
+}
+?> \ No newline at end of file
diff --git a/config/widget-havp/havp_alerts.js b/config/widget-havp/havp_alerts.js
new file mode 100644
index 00000000..110e3998
--- /dev/null
+++ b/config/widget-havp/havp_alerts.js
@@ -0,0 +1,149 @@
+
+havplastsawtime = '<?php echo time(); ?>';
+var havplines = Array();
+var havptimer;
+var havpupdateDelay = 25500;
+var havpisBusy = false;
+var havpisPaused = false;
+
+<?php
+ if(isset($config['syslog']['reverse']))
+ echo "var isReverse = true;\n";
+ else
+ echo "var isReverse = false;\n";
+?>
+
+if (typeof getURL == 'undefined') {
+ getURL = function(url, callback) {
+ if (!url)
+ throw 'No URL for getURL';
+ try {
+ if (typeof callback.operationComplete == 'function')
+ callback = callback.operationComplete;
+ } catch (e) {}
+ if (typeof callback != 'function')
+ throw 'No callback function for getURL';
+ var http_request = null;
+ if (typeof XMLHttpRequest != 'undefined') {
+ http_request = new XMLHttpRequest();
+ }
+ else if (typeof ActiveXObject != 'undefined') {
+ try {
+ http_request = new ActiveXObject('Msxml2.XMLHTTP');
+ } catch (e) {
+ try {
+ http_request = new ActiveXObject('Microsoft.XMLHTTP');
+ } catch (e) {}
+ }
+ }
+ if (!http_request)
+ throw 'Both getURL and XMLHttpRequest are undefined';
+ http_request.onreadystatechange = function() {
+ if (http_request.readyState == 4) {
+ callback( { success : true,
+ content : http_request.responseText,
+ contentType : http_request.getResponseHeader("Content-Type") } );
+ }
+ }
+ http_request.open('GET', url, true);
+ http_request.send(null);
+ }
+}
+
+function havp_alerts_fetch_new_rules() {
+ if(havpisPaused)
+ return;
+ if(havpisBusy)
+ return;
+ havpisBusy = true;
+ getURL('widgets/helpers/havp_alerts_helper.php?lastsawtime=' + havplastsawtime, havp_alerts_fetch_new_rules_callback);
+}
+function havp_alerts_fetch_new_rules_callback(callback_data) {
+ if(havpisPaused)
+ return;
+
+ var data_split;
+ var new_data_to_add = Array();
+ var data = callback_data.content;
+ data_split = data.split("\n");
+ for(var x=0; x<data_split.length-1; x++) {
+ /* loop through rows */
+ row_split = data_split[x].split("||");
+ var line = '';
+ line += '<td width="25%" class="listr">' + row_split[4] + '<br> ' + row_split[3] + '</td>';
+ line += '<td width="75%" class="listr">' + row_split[0] + '<br>' + row_split[1] + '</td>';
+ havplastsawtime = row_split[2];
+ new_data_to_add[new_data_to_add.length] = line;
+ }
+ havp_alerts_update_div_rows(new_data_to_add);
+ havpisBusy = false;
+}
+
+
+function havp_alerts_update_div_rows(data) {
+ if(havpisPaused)
+ return;
+
+ var isIE = navigator.appName.indexOf('Microsoft') != -1;
+ var isSafari = navigator.userAgent.indexOf('Safari') != -1;
+ var isOpera = navigator.userAgent.indexOf('Opera') != -1;
+ var rulestable = document.getElementById('havp_alerts');
+ var rows = rulestable.getElementsByTagName('tr');
+ var showanim = 1;
+ if (isIE) {
+ showanim = 0;
+ }
+ //alert(data.length);
+ for(var x=0; x<data.length; x++) {
+ var numrows = rows.length;
+ /* if reverse logging is enabled we need to show the
+ * records in a reverse order with new items appearing
+ * on the top
+ */
+ if(isReverse == false) {
+ for (var i = 1; i < numrows; i++) {
+ nextrecord = i + 1;
+ if(nextrecord < numrows)
+ rows[i].innerHTML = rows[nextrecord].innerHTML;
+ }
+ } else {
+ for (var i = numrows; i > 0; i--) {
+ nextrecord = i + 1;
+ if(nextrecord < numrows)
+ rows[nextrecord].innerHTML = rows[i].innerHTML;
+ }
+ }
+ var item = document.getElementById('havp-firstrow');
+ if(x == data.length-1)
+ {
+ /* nothing */
+ showanim = false;
+ }
+ else
+ {
+ showanim = false;
+ }
+ if (showanim)
+ {
+ // item.style.display = 'none';
+ item.innerHTML = data[x];
+ // new Effect.Appear(item);
+ }
+ else
+ {
+ item.innerHTML = data[x];
+ }
+ }
+ /* rechedule AJAX interval */
+ //havptimer = setInterval('havp_alerts_fetch_new_rules()', havpupdateDelay);
+}
+function havp_alerts_toggle_pause() {
+ if(havpisPaused) {
+ havpisPaused = false;
+ havp_alerts_fetch_new_rules();
+ } else {
+ havpisPaused = true;
+ }
+}
+/* start local AJAX engine */
+havptimer = setInterval('havp_alerts_fetch_new_rules()', havpupdateDelay);
diff --git a/config/widget-havp/havp_alerts.widget.php b/config/widget-havp/havp_alerts.widget.php
new file mode 100644
index 00000000..57614fa1
--- /dev/null
+++ b/config/widget-havp/havp_alerts.widget.php
@@ -0,0 +1,63 @@
+<?php
+/*
+ havp_alerts.widget.php
+ Copyright (C) 2009 Michael Liberman , Jim Pingle
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $config, $g;
+
+?>
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tbody>
+ <tr class="havp-alert-header">
+ <td width="25%" class="widgetsubheader">Date</td>
+ <td width="75%" class="widgetsubheader">Details</td>
+ </tr>
+<?php $counter=0;
+ foreach ($havp_alerts as $alert) { ?>
+
+ <?php
+ if(isset($config['syslog']['reverse'])) {
+ /* honour reverse logging setting */
+ if($counter == 0)
+ $activerow = " id=\"havp-firstrow\"";
+ else
+ $activerow = "";
+
+ } else {
+ /* non-reverse logging */
+ if($counter == count($havp_alerts) - 1)
+ $activerow = " id=\"havp-firstrow\"";
+ else
+ $activerow = "";
+ }
+ ?>
+
+ <tr class="havp-alert-entry" <?php echo $activerow; ?>>
+ <td width="25%" class="listr"><?= $alert["time"] . "<br>" . $alert["date"]?></td>
+ <td width="75%" class="listr"><?= $alert["url"] . "<br>" . $alert["virusname"] ?></td>
+ </tr>
+<?php $counter++;
+ } ?>
+ </tbody>
+</table>
diff --git a/config/widget-havp/havp_alerts_helper.php b/config/widget-havp/havp_alerts_helper.php
new file mode 100644
index 00000000..332394b2
--- /dev/null
+++ b/config/widget-havp/havp_alerts_helper.php
@@ -0,0 +1,13 @@
+<?php
+require("guiconfig.inc");
+
+require_once("includes/havp_alerts.inc.php");
+
+$havp_alerts_logfile = "{$g['varlog_path']}/havp/access.log";
+$nentries = 5;
+handle_havp_ajax($havp_alerts_logfile, $nentries);
+
+?>
+<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
+<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script>
+<script src="/widgets/javascript/havp_alerts.js" type="text/javascript"></script>
diff --git a/config/widget-havp/widget-havp.inc b/config/widget-havp/widget-havp.inc
new file mode 100644
index 00000000..61713f24
--- /dev/null
+++ b/config/widget-havp/widget-havp.inc
@@ -0,0 +1,11 @@
+<?php
+
+function widget_havp_uninstall() {
+ unlink("/usr/local/www/includes/havp_alerts.inc.php");
+ unlink("/usr/local/www/widgets/helpers/havp_alerts_helper.php");
+ unlink("/usr/local/www/widgets/include/havp_alerts.inc");
+ unlink("/usr/local/www/widgets/javascript/havp_alerts.js");
+ unlink("/usr/local/www/widgets/widgets/havp_alerts.widget.php");
+}
+
+?> \ No newline at end of file
diff --git a/config/widget-havp/widget-havp.xml b/config/widget-havp/widget-havp.xml
new file mode 100644
index 00000000..7042fe55
--- /dev/null
+++ b/config/widget-havp/widget-havp.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ widget-havp.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2009 Jim Pingle
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>HAVP widget add-on for Dashboard package</description>
+ <requirements>Dashboard package and HAVP</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>widget-havp</name>
+ <version>0.1</version>
+ <title>Widget - HAVP</title>
+ <include_file>/usr/local/pkg/widget-havp.inc</include_file>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-havp/widget-havp.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/includes/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/helpers/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts_helper.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/include/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/javascript/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.js</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/widgets/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.widget.php</item>
+ </additional_files_needed>
+ <custom_php_deinstall_command>
+ widget_havp_uninstall();
+ </custom_php_deinstall_command>
+</packagegui>
diff --git a/config/widget-snort/snort_alerts.inc b/config/widget-snort/snort_alerts.inc
new file mode 100644
index 00000000..d6e3b0ca
--- /dev/null
+++ b/config/widget-snort/snort_alerts.inc
@@ -0,0 +1,15 @@
+<?php
+
+require_once("includes/snort_alerts.inc.php");
+
+$snort_alerts_title = "Snort Alerts";
+$snort_alerts_title_link = "snort_alerts.php";
+
+$snort_alerts_logfile = "{$g['varlog_path']}/snort/alert";
+$nentries = 5;
+$snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries);
+
+/* AJAX related routines */
+handle_snort_ajax($snort_alerts_logfile, $nentries = 5);
+
+?> \ No newline at end of file
diff --git a/config/widget-snort/snort_alerts.inc.php b/config/widget-snort/snort_alerts.inc.php
new file mode 100644
index 00000000..99e3ee9f
--- /dev/null
+++ b/config/widget-snort/snort_alerts.inc.php
@@ -0,0 +1,77 @@
+<?
+function get_snort_alerts($snort_alerts, $nentries, $tail = 20) {
+ global $config, $g;
+ $logarr = "";
+ /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */
+ exec("/usr/bin/tail -r -n {$tail} {$snort_alerts}", $logarr);
+
+ $snortalerts = array();
+
+ $counter = 0;
+
+ foreach ($logarr as $logent) {
+ if($counter >= $nentries)
+ break;
+
+ $alert = parse_snort_alert_line($logent);
+ if ($alert != "") {
+ $counter++;
+ $snortalerts[] = $alert;
+ }
+
+ }
+ /* Since the rules are in reverse order, flip them around if needed based on the user's preference */
+ return isset($config['syslog']['reverse']) ? $snortalerts : array_reverse($snortalerts);
+}
+
+function parse_snort_alert_line($line) {
+ $log_split = "";
+
+ preg_match("/^(.*)\s+\[\*\*\]\s+\[(\d+\:\d+:\d+)\]\s(.*)\s(.*)\s+\[\*\*\].*\s+\[Priority:\s(\d+)\]\s{(.*)}\s+(.*)\s->\s(.*)$/U", $line, $log_split);
+
+ list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'],
+ $alert['priority'], $alert['proto'], $alert['src'], $alert['dst']) = $log_split;
+
+ $usableline = true;
+
+ if(trim($alert['src']) == "")
+ $usableline = false;
+ if(trim($alert['dst']) == "")
+ $usableline = false;
+
+ if($usableline == true) {
+ return $alert;
+ } else {
+ if($g['debug']) {
+ log_error("There was a error parsing line: $line. Please report to mailing list or forum.");
+ }
+ return "";
+ }
+}
+
+/* AJAX specific handlers */
+function handle_snort_ajax($snort_alerts_logfile, $nentries = 5, $tail = 50) {
+ if($_GET['lastsawtime'] or $_POST['lastsawtime']) {
+ if($_GET['lastsawtime'])
+ $lastsawtime = $_GET['lastsawtime'];
+ if($_POST['lastsawtime'])
+ $lastsawtime = $_POST['lastsawtime'];
+ /* compare lastsawrule's time stamp to alert logs.
+ * afterwards return the newer records so that client
+ * can update AJAX interface screen.
+ */
+ $new_rules = "";
+ $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries);
+ foreach($snort_alerts as $log_row) {
+ $time_regex = "";
+ preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex);
+ $row_time = strtotime($time_regex[1]);
+ if($row_time > $lastsawtime) {
+ $new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||" . time() . "||\n";
+ }
+ }
+ echo $new_rules;
+ exit;
+ }
+}
+?> \ No newline at end of file
diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js
new file mode 100644
index 00000000..48c97d6c
--- /dev/null
+++ b/config/widget-snort/snort_alerts.js
@@ -0,0 +1,145 @@
+
+snortlastsawtime = '<?php echo time(); ?>';
+var snortlines = Array();
+var snorttimer;
+var snortupdateDelay = 25500;
+var snortisBusy = false;
+var snortisPaused = false;
+
+<?php
+ if(isset($config['syslog']['reverse']))
+ echo "var isReverse = true;\n";
+ else
+ echo "var isReverse = false;\n";
+?>
+
+if (typeof getURL == 'undefined') {
+ getURL = function(url, callback) {
+ if (!url)
+ throw 'No URL for getURL';
+ try {
+ if (typeof callback.operationComplete == 'function')
+ callback = callback.operationComplete;
+ } catch (e) {}
+ if (typeof callback != 'function')
+ throw 'No callback function for getURL';
+ var http_request = null;
+ if (typeof XMLHttpRequest != 'undefined') {
+ http_request = new XMLHttpRequest();
+ }
+ else if (typeof ActiveXObject != 'undefined') {
+ try {
+ http_request = new ActiveXObject('Msxml2.XMLHTTP');
+ } catch (e) {
+ try {
+ http_request = new ActiveXObject('Microsoft.XMLHTTP');
+ } catch (e) {}
+ }
+ }
+ if (!http_request)
+ throw 'Both getURL and XMLHttpRequest are undefined';
+ http_request.onreadystatechange = function() {
+ if (http_request.readyState == 4) {
+ callback( { success : true,
+ content : http_request.responseText,
+ contentType : http_request.getResponseHeader("Content-Type") } );
+ }
+ }
+ http_request.open('GET', url, true);
+ http_request.send(null);
+ }
+}
+
+function snort_alerts_fetch_new_rules() {
+ if(snortisPaused)
+ return;
+ if(snortisBusy)
+ return;
+ snortisBusy = true;
+ getURL('widgets/helpers/snort_alerts_helper.php?lastsawtime=' + snortlastsawtime, snort_alerts_fetch_new_rules_callback);
+}
+function snort_alerts_fetch_new_rules_callback(callback_data) {
+ if(snortisPaused)
+ return;
+
+ var data_split;
+ var new_data_to_add = Array();
+ var data = callback_data.content;
+
+ data_split = data.split("\n");
+
+ for(var x=0; x<data_split.length-1; x++) {
+ /* loop through rows */
+ row_split = data_split[x].split("||");
+ var line = '';
+ line = '<td width="5%" class="listr">' + row_split[1] + '</td>';
+ line += '<td width="5%" class="listr">' + row_split[2] + '</td>';
+ line += '<td width="45%" class="listr">' + row_split[3] + '</td>';
+ line += '<td width="45%" class="listr">' + row_split[4] + '</td>';
+ snortlastsawtime = row_split[5];
+ new_data_to_add[new_data_to_add.length] = line;
+ }
+ snort_alerts_update_div_rows(new_data_to_add);
+ snortisBusy = false;
+}
+function snort_alerts_update_div_rows(data) {
+ if(snortisPaused)
+ return;
+
+ var isIE = navigator.appName.indexOf('Microsoft') != -1;
+ var isSafari = navigator.userAgent.indexOf('Safari') != -1;
+ var isOpera = navigator.userAgent.indexOf('Opera') != -1;
+ var rulestable = document.getElementById('snort_alerts');
+ var rows = rulestable.getElementsByTagName('tr');
+ var showanim = 1;
+ if (isIE) {
+ showanim = 0;
+ }
+ //alert(data.length);
+ for(var x=0; x<data.length; x++) {
+ var numrows = rows.length;
+ /* if reverse logging is enabled we need to show the
+ * records in a reverse order with new items appearing
+ * on the top
+ */
+ if(isReverse == false) {
+ for (var i = 1; i < numrows; i++) {
+ nextrecord = i + 1;
+ if(nextrecord < numrows)
+ rows[i].innerHTML = rows[nextrecord].innerHTML;
+ }
+ } else {
+ for (var i = numrows; i > 0; i--) {
+ nextrecord = i + 1;
+ if(nextrecord < numrows)
+ rows[nextrecord].innerHTML = rows[i].innerHTML;
+ }
+ }
+ var item = document.getElementById('snort-firstrow');
+ if(x == data.length-1) {
+ /* nothing */
+ showanim = false;
+ } else {
+ showanim = false;
+ }
+ if (showanim) {
+ item.style.display = 'none';
+ item.innerHTML = data[x];
+ new Effect.Appear(item);
+ } else {
+ item.innerHTML = data[x];
+ }
+ }
+ /* rechedule AJAX interval */
+ //snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay);
+}
+function snort_alerts_toggle_pause() {
+ if(snortisPaused) {
+ snortisPaused = false;
+ snort_alerts_fetch_new_rules();
+ } else {
+ snortisPaused = true;
+ }
+}
+/* start local AJAX engine */
+snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay);
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php
new file mode 100644
index 00000000..22bd1b69
--- /dev/null
+++ b/config/widget-snort/snort_alerts.widget.php
@@ -0,0 +1,67 @@
+<?php
+/*
+ snort_alerts.widget.php
+ Copyright (C) 2009 Jim Pingle
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $config, $g;
+
+?>
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tbody>
+ <tr class="snort-alert-header">
+ <td width="5%" class="widgetsubheader">Pri</td>
+ <td width="5%" class="widgetsubheader">Category</td>
+ <td width="45%" class="widgetsubheader">Src</td>
+ <td width="45%" class="widgetsubheader">Dst</td>
+ </tr>
+<?php $counter=0;
+ foreach ($snort_alerts as $alert) { ?>
+
+ <?php
+ if(isset($config['syslog']['reverse'])) {
+ /* honour reverse logging setting */
+ if($counter == 0)
+ $activerow = " id=\"snort-firstrow\"";
+ else
+ $activerow = "";
+
+ } else {
+ /* non-reverse logging */
+ if($counter == count($snort_alerts) - 1)
+ $activerow = " id=\"snort-firstrow\"";
+ else
+ $activerow = "";
+ }
+ ?>
+
+ <tr class="snort-alert-entry" <?php echo $activerow; ?>>
+ <td width="5%" class="listr"><?= $alert["priority"] ?></td>
+ <td width="5%" class="listr"><?= $alert["category"] ?></td>
+ <td width="45%" class="listr"><?= $alert["src"] ?></td>
+ <td width="45%" class="listr"><?= $alert["dst"] ?></td>
+ </tr>
+<?php $counter++;
+ } ?>
+ </tbody>
+</table>
diff --git a/config/widget-snort/snort_alerts_helper.php b/config/widget-snort/snort_alerts_helper.php
new file mode 100644
index 00000000..0e7b4fad
--- /dev/null
+++ b/config/widget-snort/snort_alerts_helper.php
@@ -0,0 +1,13 @@
+<?php
+require("guiconfig.inc");
+
+require_once("includes/snort_alerts.inc.php");
+
+$snort_alerts_logfile = "{$g['varlog_path']}/snort/alert";
+$nentries = 5;
+handle_snort_ajax($snort_alerts_logfile, $nentries);
+
+?>
+<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
+<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script>
+<script src="/widgets/javascript/snort_alerts.js" type="text/javascript"></script>
diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc
new file mode 100644
index 00000000..584e5f2d
--- /dev/null
+++ b/config/widget-snort/widget-snort.inc
@@ -0,0 +1,13 @@
+<?php
+
+function widget_snort_uninstall() {
+
+ unlink("/usr/local/www/includes/snort_alerts.inc.php");
+ unlink("/usr/local/www/widgets/helpers/snort_alerts_helper.php");
+ unlink("/usr/local/www/widgets/include/snort_alerts.inc");
+ unlink("/usr/local/www/widgets/javascript/snort_alerts.js");
+ unlink("/usr/local/www/widgets/widgets/snort_alerts.widget.php");
+
+}
+
+?> \ No newline at end of file
diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml
new file mode 100644
index 00000000..b32a27d7
--- /dev/null
+++ b/config/widget-snort/widget-snort.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ widget-snort.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2009 Jim Pingle
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Snort widget add-on for Dashboard package</description>
+ <requirements>Dashboard package and Snort</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>widget-snort</name>
+ <version>0.1</version>
+ <title>Widget - Snort</title>
+ <include_file>/usr/local/pkg/widget-snort.inc</include_file>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/includes/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/helpers/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts_helper.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/include/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/javascript/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.js</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/widgets/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php</item>
+ </additional_files_needed>
+ <custom_php_deinstall_command>
+ widget_snort_uninstall();
+ </custom_php_deinstall_command>
+</packagegui>