aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2009-10-28 00:13:49 -0700
committerrobiscool <robrob2626@yahoo.com>2009-10-28 00:14:36 -0700
commit69ad0f23207b89c04872cac32aa77ea6a56d3286 (patch)
treee05ca8685b67e465ae36ec6227cb0309bdb72af2 /config
parent605ba02a8940e8427f164b8e4aeb83662c409b2c (diff)
downloadpfsense-packages-69ad0f23207b89c04872cac32aa77ea6a56d3286.tar.gz
pfsense-packages-69ad0f23207b89c04872cac32aa77ea6a56d3286.tar.bz2
pfsense-packages-69ad0f23207b89c04872cac32aa77ea6a56d3286.zip
snort-dev, see if snort.xml creates directories
Diffstat (limited to 'config')
-rw-r--r--config/snort-dev/snort.inc1620
-rw-r--r--config/snort-dev/snort.xml102
-rw-r--r--config/snort-dev/snort_base_files.inc (renamed from config/snort-dev/snort_base_files.php)0
-rw-r--r--config/snort-dev/snort_interfaces.php158
-rw-r--r--config/snort-dev/snort_interfaces_edit.php466
-rw-r--r--config/snort-dev/snort_interfaces_global.php279
6 files changed, 2334 insertions, 291 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
new file mode 100644
index 00000000..575192b9
--- /dev/null
+++ b/config/snort-dev/snort.inc
@@ -0,0 +1,1620 @@
+<?php
+/* $Id$ */
+/*
+ snort.inc
+ Copyright (C) 2006 Scott Ullrich
+ part of pfSense
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("pfsense-utils.inc");
+
+// Needed on 2.0 because of get_vpns_list()
+require_once("filter.inc");
+
+/* Allow additional execution time 0 = no limit. */
+ini_set('max_execution_time', '9999');
+ini_set('max_input_time', '9999');
+
+/* define oinkid */
+if($config['installedpackages']['snort'])
+ $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
+
+function sync_package_snort_reinstall()
+{
+ global $config;
+ if(!$config['installedpackages']['snort'])
+ return;
+
+ /* create snort configuration file */
+ create_snort_conf();
+
+ /* start snort service */
+ start_service("snort");
+}
+function sync_package_snort()
+{
+ global $config, $g;
+
+ mwexec("mkdir -p /var/log/snort/");
+
+ if(!file_exists("/var/log/snort/alert"))
+ touch("/var/log/snort/alert");
+
+ /* snort -> advanced features */
+ $bpfbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfbufsize'];
+ $bpfmaxbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxbufsize'];
+ $bpfmaxinsns = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxinsns'];
+
+ /* set the snort performance model */
+ if($config['installedpackages']['snort']['config'][0]['performance'])
+ $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
+ else
+ $snort_performance = "ac-bnfa";
+
+ conf_mount_rw();
+ /* create a few directories and ensure the sample files are in place */
+ exec("/bin/mkdir -p /usr/local/etc/snort");
+ exec("/bin/mkdir -p /var/log/snort");
+ exec("/bin/mkdir -p /usr/local/etc/snort/rules");
+ exec("/bin/rm /usr/local/etc/snort/snort.conf-sample");
+ exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample");
+ exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample");
+ exec("/bin/rm /usr/local/etc/snort/unicode.map-sample");
+ exec("/bin/rm /usr/local/etc/snort/classification.config-sample");
+ exec("/bin/rm /usr/local/etc/snort/generators-sample");
+ exec("/bin/rm /usr/local/etc/snort/reference.config-sample");
+ exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample");
+ exec("/bin/rm /usr/local/etc/snort/sid");
+ exec("/bin/rm -f /usr/local/etc/rc.d/snort");
+
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+
+ if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
+ $if = "ng0";
+ }
+
+ /* build a list of user specified interfaces -gtm */
+ if($if){
+ array_push($snortInterfaces, $if);
+ $first = 1;
+ }
+ }
+
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
+ }
+ }
+ //print_r($snortInterfaces);
+
+ /* create log directory */
+ $start = "/bin/mkdir -p /var/log/snort\n";
+
+ /* snort advanced features - bpf tuning */
+ if($bpfbufsize)
+ $start .= "sysctl net.bpf.bufsize={$bpfbufsize}\n";
+ if($bpfmaxbufsize)
+ $start .= "sysctl net.bpf.maxbufsize={$bpfmaxbufsize}\n";
+ if($bpfmaxinsns)
+ $start .= "sysctl net.bpf.maxinsns={$bpfmaxinsns}\n";
+
+ /* go ahead and issue bpf changes */
+ if($bpfbufsize)
+ mwexec_bg("sysctl net.bpf.bufsize={$bpfbufsize}");
+ if($bpfmaxbufsize)
+ mwexec_bg("sysctl net.bpf.maxbufsize={$bpfmaxbufsize}");
+ if($bpfmaxinsns)
+ mwexec_bg("sysctl net.bpf.maxinsns={$bpfmaxinsns}");
+
+ /* always stop barnyard2 before starting snort -gtm */
+ $start .= "/usr/bin/killall barnyard2\n";
+
+ /* start a snort process for each interface -gtm */
+ /* Note the sleep delay. Seems to help getting mult interfaces to start -gtm */
+ /* snort start options are; config file, log file, demon, interface, packet flow, alert type, quiet */
+ /* TODO; get snort to start under nologin shell */
+ foreach($snortInterfaces as $snortIf)
+ {
+ $start .= "sleep 4\n";
+ $start .= "snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -q\n";
+ /* define snortbarnyardlog_chk */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
+ if ($snortbarnyardlog_info_chk == on)
+ $start .= "\nsleep 4;barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n";
+ }
+ $check_if_snort_runs = "\n\tif [ \"`ls -A /usr/local/etc/snort/rules`\" ] ; then\n\techo \"rules exist\"\n\telse\n\techo \"rules DONT exist\"\n\texit 2\n\tfi \n\n\tif [ \"`pgrep -x snort`\" = \"\" ] ; then\n\t/bin/rm /tmp/snort.sh.pid\n\tfi \n\n\tif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\t/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php\n\texit 1\n\tfi\n\n";
+ $if_snort_pid = "\nif ls /tmp/snort.sh.pid > /dev/null\nthen\n echo \"snort.sh is running\"\n exit 0\nelse\n echo \"snort.sh is not running\"\nfi\n";
+ $echo_snort_sh_pid = "\necho \"snort.sh run\" > /tmp/snort.sh.pid\n";
+ $echo_snort_sh_startup_log = "\necho \"snort.sh run\" >> /tmp/snort.sh_startup.log\n";
+ $del_old_pids = "\nrm -f /var/run/snort_*\n";
+ $sample_before = "BEFORE_MEM=`top | grep Wired | awk '{print \$12}'`\n";
+ $sample_after = "\n\tAFTER_MEM=`top | grep Wired | awk '{print \$12}'`\n";
+ if ($snort_performance == "ac-bnfa")
+ $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=60\n";
+ else
+ $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=300\n";
+ $sleep_before_final .= "while [ \"\$MYSNORTLOG\" = \"\" -a \$WAITSECURE -gt 0 ] ; do\n\tsleep 2\n\tMYSNORTLOG=`/usr/sbin/clog /var/log/system.log | grep snort | tail | grep 'Snort initialization completed successfully'`\n\tWAITSECURE=`expr \$WAITSECURE - 1`\ndone\n";
+ $total_used_after = "TOTAL_USAGE=`top | grep snort | grep -v grep | awk '{ print \$6 }'`\n";
+ $echo_usage .= $sample_after . "\t" . $total_used_after . "\techo \"Ram free BEFORE starting Snort: \$BEFORE_MEM -- Ram free AFTER starting Snort: \$AFTER_MEM -- Mode " . $snort_performance . " -- Snort memory usage: \$TOTAL_USAGE\" | logger -p daemon.info -i -t SnortStartup\n\n";
+
+ /* write out rc.d start/stop file */
+ write_rcfile(array(
+ "file" => "snort.sh",
+ "start" => "{$check_if_snort_runs}{$if_snort_pid}{$echo_snort_sh_pid}{$echo_snort_sh_startup_log}{$del_old_pids}{$sample_before}{$start}{$sleep_before_final}{$echo_usage}",
+ "stop" => "/usr/bin/killall snort; killall barnyard2"
+ )
+ );
+
+ /* create snort configuration file */
+ create_snort_conf();
+
+/* create barnyard2 configuration file */
+$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
+if ($snortbarnyardlog_info_chk == on)
+ create_barnyard2_conf();
+
+ /* snort will not start on install untill setting are set */
+if ($config['installedpackages']['snort']['config'][0]['autorulesupdate7'] != "") {
+ /* start snort service */
+ conf_mount_ro();
+ start_service("snort");
+ }
+}
+
+/* open barnyard2.conf for writing */
+function create_barnyard2_conf() {
+ global $bconfig, $bg;
+ /* write out barnyard2_conf */
+ $barnyard2_conf_text = generate_barnyard2_conf();
+ $bconf = fopen("/usr/local/etc/barnyard2.conf", "w");
+ if(!$bconf) {
+ log_error("Could not open /usr/local/etc/barnyard2.conf for writing.");
+ exit;
+ }
+ fwrite($bconf, $barnyard2_conf_text);
+ fclose($bconf);
+}
+/* open barnyard2.conf for writing" */
+function generate_barnyard2_conf() {
+
+ global $config, $g;
+ conf_mount_rw();
+
+/* define snortbarnyardlog */
+/* TODO add support for the other 5 output plugins */
+
+$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_database'];
+$snortbarnyardlog_hostname_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_hostname'];
+$snortbarnyardlog_interface_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_interface'];
+
+$barnyard2_conf_text = <<<EOD
+
+# barnyard2.conf
+# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
+
+# Copyright (C) 2006 Robert Zelaya
+# part of pfSense
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+# set the appropriate paths to the file(s) your Snort process is using
+config reference-map: /usr/local/etc/snort/reference.config
+config class-map: /usr/local/etc/snort/classification.config
+config gen-msg-map: /usr/local/etc/snort/gen-msg.map
+config sid-msg-map: /usr/local/etc/snort/sid-msg.map
+
+config hostname: $snortbarnyardlog_hostname_info_chk
+config interface: $snortbarnyardlog_interface_info_chk
+
+# Step 2: setup the input plugins
+input unified2
+
+# database: log to a variety of databases
+# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
+
+$snortbarnyardlog_database_info_chk
+
+EOD;
+
+ return $barnyard2_conf_text;
+
+}
+
+function create_snort_conf() {
+ global $config, $g;
+ /* write out snort.conf */
+ $snort_conf_text = generate_snort_conf();
+ conf_mount_rw();
+ $conf = fopen("/usr/local/etc/snort/snort.conf", "w");
+ if(!$conf) {
+ log_error("Could not open /usr/local/etc/snort/snort.conf for writing.");
+ exit;
+ }
+ fwrite($conf, $snort_conf_text);
+ fclose($conf);
+ conf_mount_ro();
+}
+
+function snort_deinstall() {
+
+ global $config, $g;
+
+ /* remove custom sysctl */
+ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
+ /* decrease bpf buffers back to 4096, from 20480 */
+ exec("/sbin/sysctl net.bpf.bufsize=4096");
+ exec("/usr/bin/killall snort");
+ sleep(5);
+ exec("/usr/bin/killall -9 snort");
+ exec("rm -f /usr/local/etc/rc.d/snort*");
+ exec("rm -rf /usr/local/etc/snort*");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep snort`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep libdnet`");
+ exec("/usr/bin/killall -9 snort");
+ exec("/usr/bin/killall snort");
+
+ /* Remove snort cron entries Ugly code needs smoothness*/
+
+ function snort_rm_blocked_deinstall_cron($should_install) {
+ global $config, $g;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort2c")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ }
+ configure_cron();
+ }
+ }
+
+ function snort_rules_up_deinstall_cron($should_install) {
+ global $config, $g;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ }
+ configure_cron();
+ }
+ }
+
+snort_rm_blocked_deinstall_cron("");
+snort_rules_up_deinstall_cron("");
+
+
+ /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
+ /* Keep this as a last step */
+ unset($config['installedpackages']['snort']['config'][0]['autorulesupdate7']);
+ unset($config['installedpackages']['snort']['config'][0]['rm_blocked']);
+ write_config();
+
+}
+
+function generate_snort_conf() {
+
+ global $config, $g;
+ conf_mount_rw();
+ /* obtain external interface */
+ /* XXX: make multi wan friendly */
+ $snort_ext_int = $config['installedpackages']['snort']['config'][0]['iface_array'][0];
+
+ $snort_config_pass_thru = $config['installedpackages']['snortadvanced']['config'][0]['configpassthru'];
+
+/* define snortalertlogtype */
+$snortalertlogtype = $config['installedpackages']['snortadvanced']['config'][0]['snortalertlogtype'];
+if ($snortalertlogtype == fast)
+ $snortalertlogtype_type = "output alert_fast: alert";
+else
+ $snortalertlogtype_type = "output alert_full: alert";
+
+/* define alertsystemlog */
+$alertsystemlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['alertsystemlog'];
+if ($alertsystemlog_info_chk == on)
+ $alertsystemlog_type = "output alert_syslog: log_alert";
+
+/* define tcpdumplog */
+$tcpdumplog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['tcpdumplog'];
+if ($tcpdumplog_info_chk == on)
+ $tcpdumplog_type = "output log_tcpdump: snorttcpd.log";
+
+/* define snortbarnyardlog_chk */
+$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
+if ($snortbarnyardlog_info_chk == on)
+ $snortbarnyardlog_type = "barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D";
+
+/* define snortunifiedlog */
+$snortunifiedlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortunifiedlog'];
+if ($snortunifiedlog_info_chk == on)
+ $snortunifiedlog_type = "output unified2: filename snort.u2, limit 128";
+
+/* define spoink */
+$spoink_info_chk = $config['installedpackages']['snort']['config'][0]['blockoffenders7'];
+if ($spoink_info_chk == on)
+ $spoink_type = "output alert_pf: /var/db/whitelist,snort2c";
+
+ /* define servers and ports snortdefservers */
+
+/* def DNS_SERVSERS */
+$def_dns_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_servers'];
+if ($def_dns_servers_info_chk == "")
+ $def_dns_servers_type = "\$HOME_NET";
+else
+ $def_dns_servers_type = "$def_dns_servers_info_chk";
+
+/* def DNS_PORTS */
+$def_dns_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_ports'];
+if ($def_dns_ports_info_chk == "")
+ $def_dns_ports_type = "53";
+else
+ $def_dns_ports_type = "$def_dns_ports_info_chk";
+
+/* def SMTP_SERVSERS */
+$def_smtp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_servers'];
+if ($def_smtp_servers_info_chk == "")
+ $def_smtp_servers_type = "\$HOME_NET";
+else
+ $def_smtp_servers_type = "$def_smtp_servers_info_chk";
+
+/* def SMTP_PORTS */
+$def_smtp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_ports'];
+if ($def_smtp_ports_info_chk == "")
+ $def_smtp_ports_type = "25";
+else
+ $def_smtp_ports_type = "$def_smtp_ports_info_chk";
+
+/* def MAIL_PORTS */
+$def_mail_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mail_ports'];
+if ($def_mail_ports_info_chk == "")
+ $def_mail_ports_type = "25,143,465,691";
+else
+ $def_mail_ports_type = "$def_mail_ports_info_chk";
+
+/* def HTTP_SERVSERS */
+$def_http_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_servers'];
+if ($def_http_servers_info_chk == "")
+ $def_http_servers_type = "\$HOME_NET";
+else
+ $def_http_servers_type = "$def_http_servers_info_chk";
+
+/* def WWW_SERVSERS */
+$def_www_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_www_servers'];
+if ($def_www_servers_info_chk == "")
+ $def_www_servers_type = "\$HOME_NET";
+else
+ $def_www_servers_type = "$def_www_servers_info_chk";
+
+/* def HTTP_PORTS */
+$def_http_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_ports'];
+if ($def_http_ports_info_chk == "")
+ $def_http_ports_type = "80";
+else
+ $def_http_ports_type = "$def_http_ports_info_chk";
+
+/* def SQL_SERVSERS */
+$def_sql_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sql_servers'];
+if ($def_sql_servers_info_chk == "")
+ $def_sql_servers_type = "\$HOME_NET";
+else
+ $def_sql_servers_type = "$def_sql_servers_info_chk";
+
+/* def ORACLE_PORTS */
+$def_oracle_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_oracle_ports'];
+if ($def_oracle_ports_info_chk == "")
+ $def_oracle_ports_type = "1521";
+else
+ $def_oracle_ports_type = "$def_oracle_ports_info_chk";
+
+/* def MSSQL_PORTS */
+$def_mssql_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mssql_ports'];
+if ($def_mssql_ports_info_chk == "")
+ $def_mssql_ports_type = "1433";
+else
+ $def_mssql_ports_type = "$def_mssql_ports_info_chk";
+
+/* def TELNET_SERVSERS */
+$def_telnet_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_servers'];
+if ($def_telnet_servers_info_chk == "")
+ $def_telnet_servers_type = "\$HOME_NET";
+else
+ $def_telnet_servers_type = "$def_telnet_servers_info_chk";
+
+/* def TELNET_PORTS */
+$def_telnet_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_ports'];
+if ($def_telnet_ports_info_chk == "")
+ $def_telnet_ports_type = "23";
+else
+ $def_telnet_ports_type = "$def_telnet_ports_info_chk";
+
+/* def SNMP_SERVSERS */
+$def_snmp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_servers'];
+if ($def_snmp_servers_info_chk == "")
+ $def_snmp_servers_type = "\$HOME_NET";
+else
+ $def_snmp_servers_type = "$def_snmp_servers_info_chk";
+
+/* def SNMP_PORTS */
+$def_snmp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_ports'];
+if ($def_snmp_ports_info_chk == "")
+ $def_snmp_ports_type = "161";
+else
+ $def_snmp_ports_type = "$def_snmp_ports_info_chk";
+
+/* def FTP_SERVSERS */
+$def_ftp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_servers'];
+if ($def_ftp_servers_info_chk == "")
+ $def_ftp_servers_type = "\$HOME_NET";
+else
+ $def_ftp_servers_type = "$def_ftp_servers_info_chk";
+
+/* def FTP_PORTS */
+$def_ftp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_ports'];
+if ($def_ftp_ports_info_chk == "")
+ $def_ftp_ports_type = "21";
+else
+ $def_ftp_ports_type = "$def_ftp_ports_info_chk";
+
+/* def SSH_SERVSERS */
+$def_ssh_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_servers'];
+if ($def_ssh_servers_info_chk == "")
+ $def_ssh_servers_type = "\$HOME_NET";
+else
+ $def_ssh_servers_type = "$def_ssh_servers_info_chk";
+
+/* if user has defined a custom ssh port, use it */
+if($config['system']['ssh']['port'])
+ $ssh_port = $config['system']['ssh']['port'];
+else
+ $ssh_port = "22";
+
+/* def SSH_PORTS */
+$def_ssh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_ports'];
+if ($def_ssh_ports_info_chk == "")
+ $def_ssh_ports_type = "{$ssh_port}";
+else
+ $def_ssh_ports_type = "$def_ssh_ports_info_chk";
+
+/* def POP_SERVSERS */
+$def_pop_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop_servers'];
+if ($def_pop_servers_info_chk == "")
+ $def_pop_servers_type = "\$HOME_NET";
+else
+ $def_pop_servers_type = "$def_pop_servers_info_chk";
+
+/* def POP2_PORTS */
+$def_pop2_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop2_ports'];
+if ($def_pop2_ports_info_chk == "")
+ $def_pop2_ports_type = "109";
+else
+ $def_pop2_ports_type = "$def_pop2_ports_info_chk";
+
+/* def POP3_PORTS */
+$def_pop3_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop3_ports'];
+if ($def_pop3_ports_info_chk == "")
+ $def_pop3_ports_type = "110";
+else
+ $def_pop3_ports_type = "$def_pop3_ports_info_chk";
+
+/* def IMAP_SERVSERS */
+$def_imap_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_servers'];
+if ($def_imap_servers_info_chk == "")
+ $def_imap_servers_type = "\$HOME_NET";
+else
+ $def_imap_servers_type = "$def_imap_servers_info_chk";
+
+/* def IMAP_PORTS */
+$def_imap_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_ports'];
+if ($def_imap_ports_info_chk == "")
+ $def_imap_ports_type = "143";
+else
+ $def_imap_ports_type = "$def_imap_ports_info_chk";
+
+/* def SIP_PROXY_IP */
+$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ip'];
+if ($def_sip_proxy_ip_info_chk == "")
+ $def_sip_proxy_ip_type = "\$HOME_NET";
+else
+ $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
+
+/* def SIP_PROXY_PORTS */
+$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ports'];
+if ($def_sip_proxy_ports_info_chk == "")
+ $def_sip_proxy_ports_type = "5060:5090,16384:32768";
+else
+ $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
+
+/* def AUTH_PORTS */
+$def_auth_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_auth_ports'];
+if ($def_auth_ports_info_chk == "")
+ $def_auth_ports_type = "113";
+else
+ $def_auth_ports_type = "$def_auth_ports_info_chk";
+
+/* def FINGER_PORTS */
+$def_finger_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_finger_ports'];
+if ($def_finger_ports_info_chk == "")
+ $def_finger_ports_type = "79";
+else
+ $def_finger_ports_type = "$def_finger_ports_info_chk";
+
+/* def IRC_PORTS */
+$def_irc_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_irc_ports'];
+if ($def_irc_ports_info_chk == "")
+ $def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
+else
+ $def_irc_ports_type = "$def_irc_ports_info_chk";
+
+/* def NNTP_PORTS */
+$def_nntp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_nntp_ports'];
+if ($def_nntp_ports_info_chk == "")
+ $def_nntp_ports_type = "119";
+else
+ $def_nntp_ports_type = "$def_nntp_ports_info_chk";
+
+/* def RLOGIN_PORTS */
+$def_rlogin_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rlogin_ports'];
+if ($def_rlogin_ports_info_chk == "")
+ $def_rlogin_ports_type = "513";
+else
+ $def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
+
+/* def RSH_PORTS */
+$def_rsh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rsh_ports'];
+if ($def_rsh_ports_info_chk == "")
+ $def_rsh_ports_type = "514";
+else
+ $def_rsh_ports_type = "$def_rsh_ports_info_chk";
+
+/* def SSL_PORTS */
+$def_ssl_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssl_ports'];
+if ($def_ssl_ports_info_chk == "")
+ $def_ssl_ports_type = "25,443,465,636,993,995";
+else
+ $def_ssl_ports_type = "$def_ssl_ports_info_chk";
+
+ /* add auto update scripts to /etc/crontab */
+// $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php";
+// $filenamea = "/etc/crontab";
+// remove_text_from_file($filenamea, $text_ww);
+// add_text_to_file($filenamea, $text_ww);
+// exec("killall -HUP cron"); */
+
+ /* should we install a automatic update crontab entry? */
+ $automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate'];
+
+ /* if user is on pppoe, we really want to use ng0 interface */
+ if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe")
+ $snort_ext_int = "ng0";
+
+ /* set the snort performance model */
+ if($config['installedpackages']['snort']['config'][0]['performance'])
+ $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
+ else
+ $snort_performance = "ac-bnfa";
+
+ /* set the snort block hosts time IMPORTANT snort has trouble installing if snort_rm_blocked_info_ck != "" */
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "never_b")
+ $snort_rm_blocked_false = "";
+ else
+ $snort_rm_blocked_false = "true";
+
+if ($snort_rm_blocked_info_ck != "") {
+function snort_rm_blocked_install_cron($should_install) {
+ global $config, $g;
+
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort2c")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "1h_b") {
+ $snort_rm_blocked_min = "*/5";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "3600";
+ }
+ if ($snort_rm_blocked_info_ck == "3h_b") {
+ $snort_rm_blocked_min = "*/15";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "10800";
+ }
+ if ($snort_rm_blocked_info_ck == "6h_b") {
+ $snort_rm_blocked_min = "*/30";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "21600";
+ }
+ if ($snort_rm_blocked_info_ck == "12h_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/1";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "43200";
+ }
+ if ($snort_rm_blocked_info_ck == "1d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/2";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "86400";
+ }
+ if ($snort_rm_blocked_info_ck == "4d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/8";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "345600";
+ }
+ if ($snort_rm_blocked_info_ck == "7d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/14";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "604800";
+ }
+ if ($snort_rm_blocked_info_ck == "28d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "0";
+ $snort_rm_blocked_mday = "*/2";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "2419200";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rm_blocked_min";
+ $cron_item['hour'] = "$snort_rm_blocked_hr";
+ $cron_item['mday'] = "$snort_rm_blocked_mday";
+ $cron_item['month'] = "$snort_rm_blocked_month";
+ $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed 15 minute filter reload for Time Based Rules");
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ }
+ configure_cron();
+ }
+ break;
+ }
+ }
+ snort_rm_blocked_install_cron("");
+ snort_rm_blocked_install_cron($snort_rm_blocked_false);
+}
+
+ /* set the snort rules update time */
+ $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "never_up")
+ $snort_rules_up_false = "";
+ else
+ $snort_rules_up_false = "true";
+
+if ($snort_rules_up_info_ck != "") {
+function snort_rules_up_install_cron($should_install) {
+ global $config, $g;
+
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "6h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/6";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "12h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/12";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "1d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/1";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "4d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/4";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "7d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/7";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "28d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/28";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rules_up_min";
+ $cron_item['hour'] = "$snort_rules_up_hr";
+ $cron_item['mday'] = "$snort_rules_up_mday";
+ $cron_item['month'] = "$snort_rules_up_month";
+ $cron_item['wday'] = "$snort_rules_up_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort_check_for_rule_updates.php >> /usr/local/etc/snort_bkup/snort_update.log";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed 15 minute filter reload for Time Based Rules");
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ }
+ configure_cron();
+ }
+ break;
+ }
+ }
+ snort_rules_up_install_cron("");
+ snort_rules_up_install_cron($snort_rules_up_false);
+}
+
+ /* open snort2c's whitelist for writing */
+ $whitelist = fopen("/var/db/whitelist", "w");
+ if(!$whitelist) {
+ log_error("Could not open /var/db/whitelist for writing.");
+ return;
+ }
+
+ /* build an interface array list */
+ $int_array = array('lan');
+ for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
+ if(isset($config['interfaces']['opt' . $j]['enable']))
+ if(!$config['interfaces']['opt' . $j]['gateway'])
+ $int_array[] = "opt{$j}";
+
+ /* iterate through interface list and write out whitelist items
+ * and also compile a home_net list for snort.
+ */
+ foreach($int_array as $int) {
+ /* calculate interface subnet information */
+ $ifcfg = &$config['interfaces'][$int];
+ $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
+ $subnetmask = gen_subnet_mask($ifcfg['subnet']);
+ if($subnet == "pppoe" or $subnet == "dhcp") {
+ $subnet = find_interface_ip("ng0");
+ if($subnet)
+ $home_net .= "{$subnet} ";
+ } else {
+ if ($subnet)
+ if($ifcfg['subnet'])
+ $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
+ }
+ }
+
+ /* add all WAN ips to the whitelist */
+ $wan_if = get_real_wan_interface();
+ $ip = find_interface_ip($wan_if);
+ if($ip)
+ $home_net .= "{$ip} ";
+
+ /* Add Gateway on WAN interface to whitelist (For RRD graphs) */
+ $int = convert_friendly_interface_to_real_interface_name("WAN");
+ $gw = get_interface_gateway($int);
+ if($gw)
+ $home_net .= "{$gw} ";
+
+ /* Add DNS server for WAN interface to whitelist */
+ $dns_servers = get_dns_servers();
+ foreach($dns_servers as $dns) {
+ if($dns)
+ $home_net .= "{$dns} ";
+ }
+
+ /* Add loopback to whitelist (ftphelper) */
+ $home_net .= "127.0.0.1 ";
+
+ /* iterate all vips and add to whitelist */
+ if($config['virtualip'])
+ foreach($config['virtualip']['vip'] as $vip)
+ if($vip['subnet'])
+ $home_net .= $vip['subnet'] . " ";
+
+ if($config['installedpackages']['snortwhitelist'])
+ foreach($config['installedpackages']['snortwhitelist']['config'] as $snort)
+ if($snort['ip'])
+ $home_net .= $snort['ip'] . " ";
+
+ /* write out whitelist, convert spaces to carriage returns */
+ $whitelist_home_net = str_replace(" ", " ", $home_net);
+ $whitelist_home_net = str_replace(" ", "\n", $home_net);
+
+ /* make $home_net presentable to snort */
+ $home_net = trim($home_net);
+ $home_net = str_replace(" ", ",", $home_net);
+ $home_net = "[{$home_net}]";
+
+ /* foreach through whitelist, writing out to file */
+ $whitelist_split = split("\n", $whitelist_home_net);
+ foreach($whitelist_split as $wl)
+ if(trim($wl))
+ fwrite($whitelist, trim($wl) . "\n");
+
+ /* should we whitelist vpns? */
+ $whitelistvpns = $config['installedpackages']['snort']['config'][0]['whitelistvpns'];
+
+ /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
+ if($whitelistvpns) {
+ $vpns_list = get_vpns_list();
+ $whitelist_vpns = split(" ", $vpns_list);
+ foreach($whitelist_vpns as $wl)
+ if(trim($wl))
+ fwrite($whitelist, trim($wl) . "\n");
+ }
+
+ /* close file */
+ fclose($whitelist);
+
+ /* open snort's threshold.conf for writing */
+ $threshlist = fopen("/usr/local/etc/snort/threshold.conf", "w");
+ if(!$threshlist) {
+ log_error("Could not open /usr/local/etc/snort/threshold.conf for writing.");
+ return;
+ }
+
+ /* list all entries to new lines */
+ if($config['installedpackages']['snortthreshold'])
+ foreach($config['installedpackages']['snortthreshold']['config'] as $snortthreshlist)
+ if($snortthreshlist['threshrule'])
+ $snortthreshlist_r .= $snortthreshlist['threshrule'] . "\n";
+
+
+ /* foreach through threshlist, writing out to file */
+ $threshlist_split = split("\n", $snortthreshlist_r);
+ foreach($threshlist_split as $wl)
+ if(trim($wl))
+ fwrite($threshlist, trim($wl) . "\n");
+
+ /* close snort's threshold.conf file */
+ fclose($threshlist);
+
+ /* generate rule sections to load */
+ $enabled_rulesets = $config['installedpackages']['snort']['rulesets'];
+ if($enabled_rulesets) {
+ $selected_rules_sections = "";
+ $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+ foreach($enabled_rulesets_array as $enabled_item)
+ $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
+ }
+
+ conf_mount_ro();
+
+ /* build snort configuration file */
+ /* TODO; feed back from pfsense users to reduce false positives */
+ $snort_conf_text = <<<EOD
+
+# snort configuration file
+# generated by the pfSense
+# package manager system
+# see /usr/local/pkg/snort.inc
+# for more information
+# snort.conf
+# Snort can be found at http://www.snort.org/
+
+# Copyright (C) 2006 Robert Zelaya
+# part of pfSense
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+#########################
+ #
+# Define Local Network #
+ #
+#########################
+
+var HOME_NET {$home_net}
+var EXTERNAL_NET !\$HOME_NET
+
+###################
+ #
+# Define Servers #
+ #
+###################
+
+var DNS_SERVERS [{$def_dns_servers_type}]
+var SMTP_SERVERS [{$def_smtp_servers_type}]
+var HTTP_SERVERS [{$def_http_servers_type}]
+var SQL_SERVERS [{$def_sql_servers_type}]
+var TELNET_SERVERS [{$def_telnet_servers_type}]
+var SNMP_SERVERS [{$def_snmp_servers_type}]
+var FTP_SERVERS [{$def_ftp_servers_type}]
+var SSH_SERVERS [{$def_ssh_servers_type}]
+var POP_SERVERS [{$def_pop_servers_type}]
+var IMAP_SERVERS [{$def_imap_servers_type}]
+var RPC_SERVERS \$HOME_NET
+var WWW_SERVERS [{$def_www_servers_type}]
+var SIP_PROXY_IP [{$def_sip_proxy_ip_type}]
+var AIM_SERVERS \
+[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
+
+########################
+ #
+# Define Server Ports #
+ #
+########################
+
+portvar HTTP_PORTS [{$def_http_ports_type}]
+portvar SHELLCODE_PORTS !80
+portvar ORACLE_PORTS [{$def_oracle_ports_type}]
+portvar AUTH_PORTS [{$def_auth_ports_type}]
+portvar DNS_PORTS [{$def_dns_ports_type}]
+portvar FINGER_PORTS [{$def_finger_ports_type}]
+portvar FTP_PORTS [{$def_ftp_ports_type}]
+portvar IMAP_PORTS [{$def_imap_ports_type}]
+portvar IRC_PORTS [{$def_irc_ports_type}]
+portvar MSSQL_PORTS [{$def_mssql_ports_type}]
+portvar NNTP_PORTS [{$def_nntp_ports_type}]
+portvar POP2_PORTS [{$def_pop2_ports_type}]
+portvar POP3_PORTS [{$def_pop3_ports_type}]
+portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779]
+portvar RLOGIN_PORTS [{$def_rlogin_ports_type}]
+portvar RSH_PORTS [{$def_rsh_ports_type}]
+portvar SMB_PORTS [139,445]
+portvar SMTP_PORTS [{$def_smtp_ports_type}]
+portvar SNMP_PORTS [{$def_snmp_ports_type}]
+portvar SSH_PORTS [{$def_ssh_ports_type}]
+portvar TELNET_PORTS [{$def_telnet_ports_type}]
+portvar MAIL_PORTS [{$def_mail_ports_type}]
+portvar SSL_PORTS [{$def_ssl_ports_type}]
+portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}]
+
+# DCERPC NCACN-IP-TCP
+portvar DCERPC_NCACN_IP_TCP [139,445]
+portvar DCERPC_NCADG_IP_UDP [138,1024:]
+portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:]
+portvar DCERPC_NCACN_UDP_LONG [135,1024:]
+portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:]
+portvar DCERPC_NCACN_TCP [2103,2105,2107]
+portvar DCERPC_BRIGHTSTORE [6503,6504]
+
+#####################
+ #
+# Define Rule Paths #
+ #
+#####################
+
+var RULE_PATH /usr/local/etc/snort/rules
+# var PREPROC_RULE_PATH ./preproc_rules
+
+################################
+ #
+# Configure the snort decoder #
+ #
+################################
+
+config checksum_mode: all
+config disable_decode_alerts
+config disable_tcpopt_experimental_alerts
+config disable_tcpopt_obsolete_alerts
+config disable_ttcp_alerts
+config disable_tcpopt_alerts
+config disable_ipopt_alerts
+config disable_decode_drops
+
+###################################
+ #
+# Configure the detection engine #
+# Use lower memory models #
+ #
+###################################
+
+config detection: search-method {$snort_performance}
+config detection: max_queue_events 5
+config event_queue: max_queue 8 log 3 order_events content_length
+
+#Configure dynamic loaded libraries
+dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/
+dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
+dynamicdetection directory /usr/local/lib/snort/dynamicrules/
+
+###################
+ #
+# Flow and stream #
+ #
+###################
+
+preprocessor frag3_global: max_frags 8192
+preprocessor frag3_engine: policy windows
+preprocessor frag3_engine: policy linux
+preprocessor frag3_engine: policy first
+preprocessor frag3_engine: policy bsd detect_anomalies
+
+preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
+track_udp yes, track_icmp yes
+preprocessor stream5_tcp: bind_to any, policy windows
+preprocessor stream5_tcp: bind_to any, policy linux
+preprocessor stream5_tcp: bind_to any, policy vista
+preprocessor stream5_tcp: bind_to any, policy macos
+preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes
+preprocessor stream5_udp
+preprocessor stream5_icmp
+
+##########################
+ #
+# NEW #
+# Performance Statistics #
+ #
+##########################
+
+preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
+
+#################
+ #
+# HTTP Inspect #
+ #
+#################
+
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+
+preprocessor http_inspect_server: server default \
+ ports { 80 8080 } \
+ no_alerts \
+ non_strict \
+ non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
+ flow_depth 0 \
+ apache_whitespace yes \
+ directory no \
+ iis_backslash no \
+ u_encode yes \
+ ascii yes \
+ chunk_length 500000 \
+ bare_byte yes \
+ double_decode yes \
+ iis_unicode yes \
+ iis_delimiter yes \
+ multi_slash no
+
+##################
+ #
+# Other preprocs #
+ #
+##################
+
+preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
+preprocessor bo
+
+#####################
+ #
+# ftp preprocessor #
+ #
+#####################
+
+preprocessor ftp_telnet: global \
+inspection_type stateless
+
+preprocessor ftp_telnet_protocol: telnet \
+ normalize \
+ ayt_attack_thresh 200
+
+preprocessor ftp_telnet_protocol: \
+ ftp server default \
+ def_max_param_len 100 \
+ ports { 21 } \
+ ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
+ ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
+ ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
+ ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
+ ftp_cmds { FEAT CEL CMD MACB } \
+ ftp_cmds { MDTM REST SIZE MLST MLSD } \
+ ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
+ alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
+ alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
+ alt_max_param_len 256 { RNTO CWD } \
+ alt_max_param_len 400 { PORT } \
+ alt_max_param_len 512 { SIZE } \
+ chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
+ chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
+ chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
+ chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
+ chk_str_fmt { FEAT CEL CMD } \
+ chk_str_fmt { MDTM REST SIZE MLST MLSD } \
+ chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity STRU < char FRP > \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
+ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+ cmd_validity PORT < host_port >
+
+preprocessor ftp_telnet_protocol: ftp client default \
+ max_resp_len 256 \
+ bounce yes \
+ telnet_cmds yes
+
+#####################
+ #
+# SMTP preprocessor #
+ #
+#####################
+
+preprocessor SMTP: \
+ ports { 25 465 691 } \
+ inspection_type stateful \
+ normalize cmds \
+ valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \
+CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \
+PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ max_header_line_len 1000 \
+ max_response_line_len 512 \
+ alt_max_command_line_len 260 { MAIL } \
+ alt_max_command_line_len 300 { RCPT } \
+ alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
+ alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
+ alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \
+ alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \
+ alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ xlink2state { enable }
+
+################
+ #
+# sf Portscan #
+ #
+################
+
+preprocessor sfportscan: scan_type { all } \
+ proto { all } \
+ memcap { 10000000 } \
+ sense_level { medium } \
+ ignore_scanners { \$HOME_NET }
+
+############################
+ #
+# OLD #
+# preprocessor dcerpc: \ #
+# autodetect \ #
+# max_frag_size 3000 \ #
+# memcap 100000 #
+ #
+############################
+
+###############
+ #
+# NEW #
+# DCE/RPC 2 #
+ #
+###############
+
+preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
+preprocessor dcerpc2_server: default, policy WinXP, \
+ detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
+ autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
+ smb_max_chain 3
+
+####################
+ #
+# DNS preprocessor #
+ #
+####################
+
+preprocessor dns: \
+ ports { 53 } \
+ enable_rdata_overflow
+
+##############################
+ #
+# NEW #
+# Ignore SSL and Encryption #
+ #
+##############################
+
+preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 }, trustservers, noinspect_encrypted
+
+#####################
+ #
+# Snort Output Logs #
+ #
+#####################
+
+$snortalertlogtype_type
+$alertsystemlog_type
+$tcpdumplog_type
+$snortmysqllog_info_chk
+$snortunifiedlog_type
+$spoink_type
+
+#################
+ #
+# Misc Includes #
+ #
+#################
+
+include /usr/local/etc/snort/reference.config
+include /usr/local/etc/snort/classification.config
+include /usr/local/etc/snort/threshold.conf
+
+# Snort user pass through configuration
+{$snort_config_pass_thru}
+
+###################
+ #
+# Rules Selection #
+ #
+###################
+
+{$selected_rules_sections}
+
+EOD;
+
+ return $snort_conf_text;
+}
+
+/* check downloaded text from snort.org to make sure that an error did not occur
+ * for example, if you are not a premium subscriber you can only download rules
+ * so often, etc.
+ */
+function check_for_common_errors($filename) {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+ ob_flush();
+ $contents = file_get_contents($filename);
+ if(stristr($contents, "You don't have permission")) {
+ if(!$console_mode) {
+ update_all_status("An error occured while downloading {$filename}.");
+ hide_progress_bar_status();
+ } else {
+ log_error("An error occured. Scroll down to inspect it's contents.");
+ echo "An error occured. Scroll down to inspect it's contents.";
+ }
+ if(!$console_mode) {
+ update_output_window(strip_tags("$contents"));
+ } else {
+ $contents = strip_tags($contents);
+ log_error("Error downloading snort rules: {$contents}");
+ echo "Error downloading snort rules: {$contents}";
+ }
+ scroll_down_to_bottom_of_page();
+ exit;
+ }
+}
+
+/* force browser to scroll all the way down */
+function scroll_down_to_bottom_of_page() {
+ global $snort_filename, $console_mode;
+ ob_flush();
+ if(!$console_mode)
+ echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>";
+}
+
+/* ensure downloaded file looks sane */
+function verify_downloaded_file($filename) {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+ ob_flush();
+ if(filesize($filename)<9500) {
+ if(!$console_mode) {
+ update_all_status("Checking {$filename}...");
+ check_for_common_errors($filename);
+ }
+ }
+ update_all_status("Verifying {$filename}...");
+ if(!file_exists($filename)) {
+ if(!$console_mode) {
+ update_all_status("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.");
+ hide_progress_bar_status();
+ } else {
+ log_error("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.");
+ echo "Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.";
+ }
+ exit;
+ }
+ update_all_status("Verifyied {$filename}.");
+}
+
+/* extract rules */
+function extract_snort_rules_md5($tmpfname) {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+ ob_flush();
+ if(!$console_mode) {
+ $static_output = gettext("Extracting snort rules...");
+ update_all_status($static_output);
+ }
+ if(!is_dir("/usr/local/etc/snort/rules/"))
+ mkdir("/usr/local/etc/snort/rules/");
+ $cmd = "/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/ rules/";
+ $handle = popen("{$cmd} 2>&1", 'r');
+ while(!feof($handle)) {
+ $buffer = fgets($handle);
+ update_output_window($buffer);
+ }
+ pclose($handle);
+
+ if(!$console_mode) {
+ $static_output = gettext("Snort rules extracted.");
+ update_all_status($static_output);
+ } else {
+ log_error("Snort rules extracted.");
+ echo "Snort rules extracted.";
+ }
+}
+
+/* verify MD5 against downloaded item */
+function verify_snort_rules_md5($tmpfname) {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+ ob_flush();
+ if(!$console_mode) {
+ $static_output = gettext("Verifying md5 signature...");
+ update_all_status($static_output);
+ }
+
+ $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
+ $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+ if($md5 == $file_md5_ondisk) {
+ if(!$console_mode) {
+ $static_output = gettext("snort rules: md5 signature of rules mismatch.");
+ update_all_status($static_output);
+ hide_progress_bar_status();
+ } else {
+ log_error("snort rules: md5 signature of rules mismatch.");
+ echo "snort rules: md5 signature of rules mismatch.";
+ }
+ exit;
+ }
+}
+
+/* hide progress bar */
+function hide_progress_bar_status() {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+ ob_flush();
+ if(!$console_mode)
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
+}
+
+/* unhide progress bar */
+function unhide_progress_bar_status() {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+ ob_flush();
+ if(!$console_mode)
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
+}
+
+/* update both top and bottom text box during an operation */
+function update_all_status($status) {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+ ob_flush();
+ if(!$console_mode) {
+ update_status($status);
+ update_output_window($status);
+ }
+}
+
+/* obtain alert description for an ip address */
+function get_snort_alert($ip) {
+ global $snort_alert_file_split, $snort_config;
+ if(!file_exists("/var/log/snort/alert"))
+ return;
+ if(!$snort_config)
+ $snort_config = read_snort_config_cache();
+ if($snort_config[$ip])
+ return $snort_config[$ip];
+ if(!$snort_alert_file_split)
+ $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert"));
+ foreach($snort_alert_file_split as $fileline) {
+ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
+ $alert_title = $matches[2];
+ if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches))
+ $alert_ip = $matches[0];
+ if($alert_ip == $ip) {
+ if(!$snort_config[$ip])
+ $snort_config[$ip] = $alert_title;
+ return $alert_title;
+ }
+ }
+ return "n/a";
+}
+
+function make_clickable($buffer) {
+ global $config, $g;
+ /* if clickable urls is disabled, simply return buffer back to caller */
+ $clickablalerteurls = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
+ if(!$clickablalerteurls)
+ return $buffer;
+ $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
+ $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
+ $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer);
+ $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer);
+ $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer);
+
+ return $buffer;
+}
+
+function read_snort_config_cache() {
+ global $g, $config, $snort_config;
+ if($snort_config)
+ return $snort_config;
+ if(file_exists($g['tmp_path'] . '/snort_config.cache')) {
+ $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache'));
+ return $snort_config;
+ }
+ return;
+}
+
+function write_snort_config_cache($snort_config) {
+ global $g, $config;
+ conf_mount_rw();
+ $configcache = fopen($g['tmp_path'] . '/snort_config.cache', "w");
+ if(!$configcache) {
+ log_error("Could not open {$g['tmp_path']}/snort_config.cache for writing.");
+ return false;
+ }
+ fwrite($configcache, serialize($snort_config));
+ fclose($configcache);
+ conf_mount_ro();
+ return true;
+}
+
+function snort_advanced() {
+ global $g, $config;
+ sync_package_snort();
+}
+
+function snort_define_servers() {
+ global $g, $config;
+ sync_package_snort();
+}
+
+?>
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
new file mode 100644
index 00000000..e96ccdf7
--- /dev/null
+++ b/config/snort-dev/snort.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfsense.com)
+ Copyright (C) 2007 to whom it may belong
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>Snort</name>
+ <version>2.8.4.1_5</version>
+ <title>Services: Snort 2.8.4.1_5 pkg v. 1.7 alpha</title>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
+ <menu>
+ <name>Snort</name>
+ <tooltiptext>Setup snort specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/snort/snort_interfaces.php</url>
+ </menu>
+ <service>
+ <name>snort</name>
+ <rcfile>snort.sh</rcfile>
+ <executable>snort</executable>
+ <description>Snort is the most widely deployed IDS/IPS technology worldwide..</description>
+ </service>
+ <tabs>
+ </tabs>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_base_files.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item>
+ </additional_files_needed>
+ <fields>
+ </fields>
+ <custom_php_resync_config_command>
+ </custom_php_resync_config_command>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_install_command>
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ snort_deinstall();
+ </custom_php_deinstall_command>
+</packagegui> \ No newline at end of file
diff --git a/config/snort-dev/snort_base_files.php b/config/snort-dev/snort_base_files.inc
index 1bc9cea0..1bc9cea0 100644
--- a/config/snort-dev/snort_base_files.php
+++ b/config/snort-dev/snort_base_files.inc
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index 065ec0dc..773b6f9a 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -3,7 +3,6 @@
/*
snort_interfaces.php
Copyright (C) 2004 Scott Ullrich
- Copyright (C) 2004 Robert Zelaya
All rights reserved.
originally part of m0n0wall (http://m0n0.ch/wall)
@@ -33,11 +32,12 @@
*/
require("guiconfig.inc");
+require("/usr/local/pkg/snort_misc.inc");
-if (!is_array($config['installedpackages']['snortglobal']))
- $config['installedpackages']['snortglobal'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
-$a_nat = &$config['installedpackages']['snortglobal'];
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
/* if a custom message has been passed along, lets process it */
if ($_GET['savemsg'])
@@ -85,7 +85,7 @@ if (isset($_POST['del_x'])) {
}
write_config();
touch($d_natconfdirty_path);
- header("Services: snort_interfaces.php");
+ header("Location: snort_interfaces.php");
exit;
}
@@ -128,38 +128,54 @@ if (isset($_POST['del_x'])) {
$a_nat = $a_nat_new;
write_config();
touch($d_natconfdirty_path);
- header("Services: snort_interfaces.php");
+ header("Location: snort_interfaces.php");
exit;
}
}
-$pgtitle = "Services: Snort 2.8.4.1_5 pkg v. 1.7";
+$pgtitle = "Services: Snort Interfaces";
include("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000">
<?php include("fbegin.inc"); ?>
<p class="pgtitle"><?=$pgtitle?></font></p>
+<style type="text/css">
+.alert {
+ position:absolute;
+ top:10px;
+ left:0px;
+ width:94%;
+background:#FCE9C0;
+background-position: 15px;
+border-top:2px solid #DBAC48;
+border-bottom:2px solid #DBAC48;
+padding: 15px 10px 50% 50px;
+}
+</style>
+<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+
<form action="snort_interfaces.php" method="post" name="iform">
<script type="text/javascript" language="javascript" src="row_toggle.js">
</script>
<?php if (file_exists($d_natconfdirty_path)): ?><p>
<?php
if($savemsg)
- print_info_box_np("{$savemsg}<br>The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");
+ print_info_box_np2("{$savemsg}<br>The Snort configuration has been changed.<br>You must apply the changes in order for them to take effect.");
else
- print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");
+ print_info_box_np2("The Snort configuration has been changed.<br>You must apply the changes in order for them to take effect.");
?>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
- $tab_array = array();
- $tab_array[] = array("Interfaces", true, "snort_interfaces.php");
- $tab_array[] = array("Global Settings", false, "snort_interfaces.php");
- $tab_array[] = array("Rules Update", false, "firewall_nat_1to1.php");
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", true, "snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "firewall_nat_1to1.php");
$tab_array[] = array("Alerts", false, "firewall_nat_out.php");
$tab_array[] = array("Blocked", false, "firewall_nat_out.php");
+ $tab_array[] = array("Whitelists", false, "firewall_nat_out.php");
$tab_array[] = array("Help & Info", false, "firewall_nat_out.php");
display_top_tabs($tab_array);
?>
@@ -170,19 +186,18 @@ include("head.inc");
<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr id="frheader">
<td width="3%" class="list">&nbsp;</td>
- <td width="3%" class="list">&nbsp;</td>
- <td width="5%" class="listhdrr">If</td>
- <td width="5%" class="listhdrr">Inline</td>
- <td width="5%" class="listhdrr">Inline port</td>
- <td width="15%" class="listhdrr">Inline port range</td>
- <td width="5%" class="listhdrr">Block Hosts</td>
- <td width="5%" class="listhdrr">Barnyard2</td>
- <td width="15%" class="listhdr">Description</td>
- <td width="5%" class="list">
+ <td width="1%" class="list">&nbsp;</td>
+ <td width="10%" class="listhdrr">If</td>
+ <td width="10%" class="listhdrr">Snort</td>
+ <td width="10%" class="listhdrr">Snort</td>
+ <td width="10%" class="listhdrr">Block Hosts</td>
+ <td width="10%" class="listhdrr">Barnyard2</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="3%" class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
<td width="17"></td>
- <td><a href="/snort_interfaces_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="snort_interfaces_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
@@ -206,43 +221,52 @@ include("head.inc");
?>
</td>
<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?=strtoupper($natent['protocol']);?>
- </td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- list($beginport, $endport) = split("-", $natent['external-port']);
- if ((!$endport) || ($beginport == $endport)) {
- echo $beginport;
- if ($wkports[$beginport])
- echo " (" . $wkports[$beginport] . ")";
- else
- echo "&nbsp;";
- } else
- echo $beginport . " - " . $endport;
+ <?php
+ $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
+ if ($check_blockoffenders_info == "on")
+ {
+ $check_blockoffenders = enabled;
+ } else {
+ $check_blockoffenders = disabled;
+ }
?>
+ <?=strtoupper($check_blockoffenders);?>
</td>
<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?=$natent['target'];?>
- <?php if ($natent['external-address'])
- echo "<br>(ext.: " . $natent['external-address'] . ")";
- else
- echo "<br>(ext.: " . find_interface_ip(convert_friendly_interface_to_real_interface_name($natent['interface'])) . ")";
- ?>
+ <?php
+ $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
+ if ($check_blockoffenders_info == "on")
+ {
+ $check_blockoffenders = enabled;
+ } else {
+ $check_blockoffenders = disabled;
+ }
+ ?>
+ <?=strtoupper($check_blockoffenders);?>
</td>
<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php if ((!$endport) || ($beginport == $endport)) {
- echo $natent['local-port'];
- if ($wkports[$natent['local-port']])
- echo " (" . $wkports[$natent['local-port']] . ")";
- else
- echo "&nbsp;";
- } else
- echo $natent['local-port'] . " - " .
- ($natent['local-port']+$endport-$beginport);
+ <?php
+ $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
+ if ($check_blockoffenders_info == "on")
+ {
+ $check_blockoffenders = enabled;
+ } else {
+ $check_blockoffenders = disabled;
+ }
?>
+ <?=strtoupper($check_blockoffenders);?>
</td>
<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?=strtoupper($natent['protocol']);?>
+ <?php
+ $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['snortbarnyardlog'];
+ if ($check_snortbarnyardlog_info == "on")
+ {
+ $check_snortbarnyardlog = enabled;
+ } else {
+ $check_snortbarnyardlog = disabled;
+ }
+ ?>
+ <?=strtoupper($check_snortbarnyardlog);?>
</td>
<td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<font color="#ffffff">
@@ -253,10 +277,6 @@ include("head.inc");
<tr>
<td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a></td>
</tr>
- <tr>
- <td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="move selected rules before this rule" height="17" type="image" width="17" border="0"></td>
- <td><a href="snort_interfaces_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add a new nat based on this one" width="17" height="17" border="0"></a></td>
- </tr>
</table>
</tr>
<?php $i++; $nnats++; endforeach; ?>
@@ -265,25 +285,31 @@ include("head.inc");
<td class="list" valign="middle" nowrap>
<table border="0" cellspacing="0" cellpadding="1">
<tr>
- <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php endif; ?></td>
- <td><a href="snort_interfaces_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td>
</tr>
- <tr>
- <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected mappings?')"><?php endif; ?></td>
- </tr>
</table>
- </td>
+ </td>
</tr>
</table>
</div>
</td>
</tr>
</table>
- <td class="tabcont" colspan="3">
- <p><span class="vexpl"><span class="red"><strong>Note:<br></strong></span>Snort Inline mode is disabled and in private testing. Snort Inline release target is pfSense 2.0.</span></p>
- </td>
-
+<br>
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ This is the <strong>Snort Interfaces Menu</strong> where you can see an over view of all your interface settings.
+ <br>
+ Please edit the <strong>Global Settings </strong> tab befor adding an interface.
+ <br><br>
+ Click on the <strong>Plus Icon</strong> to add a interface.
+ <br>
+ Click on the <strong>Edit Icon</strong> to edit interface settings.
+</td>
+ </table>
+
<?php
if ($pkg['tabs'] <> "") {
echo "</td></tr></table>";
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index 4ee9203e..49f40638 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -1,11 +1,11 @@
<?php
/* $Id$ */
/*
- firewall_nat_edit.php
+ snort_interfaces.php
part of m0n0wall (http://m0n0.ch/wall)
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2003-2004 Robert Zelaya
+ Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -48,14 +48,17 @@ if (isset($_GET['dup'])) {
}
if (isset($id) && $a_nat[$id]) {
- $pconfig['proto'] = $a_nat[$id]['protocol'];
- list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']);
- $pconfig['localip'] = $a_nat[$id]['target'];
- $pconfig['localbeginport'] = $a_nat[$id]['local-port'];
- $pconfig['descr'] = $a_nat[$id]['descr'];
+
+ $pconfig['enable'] = $a_nat[$id]['enable'];
$pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['block'] = isset($a_nat[$id]['block']);
- $pconfig['inline'] = isset($a_nat[$id]['inline']);
+ $pconfig['descr'] = $a_nat[$id]['descr'];
+ $pconfig['performance'] = $a_nat[$id]['performance'];
+ $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
+ $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype'];
+ $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
+ $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+
if (!$pconfig['interface'])
$pconfig['interface'] = "wan";
} else {
@@ -67,65 +70,49 @@ if (isset($_GET['dup']))
if ($_POST) {
- if ($_POST['beginport_cust'] && !$_POST['beginport'])
- $_POST['beginport'] = $_POST['beginport_cust'];
- if ($_POST['endport_cust'] && !$_POST['endport'])
- $_POST['endport'] = $_POST['endport_cust'];
- if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
- $_POST['localbeginport'] = $_POST['localbeginport_cust'];
-
- if (!$_POST['endport'])
- $_POST['endport'] = $_POST['beginport'];
- /* Make beginning port end port if not defined and endport is */
- if (!$_POST['beginport'] && $_POST['endport'])
- $_POST['beginport'] = $_POST['endport'];
-
- unset($input_errors);
- $pconfig = $_POST;
-
/* input validation */
- if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
- $reqdfields = explode(" ", "interface proto beginport endport localip localbeginport");
- $reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port");
- } else {
- $reqdfields = explode(" ", "interface proto localip");
- $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP");
- }
+// if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
+// $reqdfields = explode(" ", "interface proto beginport endport localip localbeginport");
+// $reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port");
+// } else {
+// $reqdfields = explode(" ", "interface proto localip");
+// $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP");
+// }
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+// do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
// if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
-// $input_errors[] = "\"{$_POST['localip']}\" is not valid subnet address.";
+// $input_errors[] = "\"{$_POST['localip']}\" is not valid NAT IP address or host alias.";
// }
/* only validate the ports if the protocol is TCP, UDP or TCP/UDP */
- if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
+// if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
- if (($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport']))) {
- $input_errors[] = "The start port must be an integer between 1 and 65535.";
- }
+// if (($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport']))) {
+// $input_errors[] = "The start port must be an integer between 1 and 65535.";
+// }
- if (($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport']))) {
- $input_errors[] = "The end port must be an integer between 1 and 65535.";
- }
+// if (($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport']))) {
+// $input_errors[] = "The end port must be an integer between 1 and 65535.";
+// }
- if (($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport']))) {
- $input_errors[] = "The local port must be an integer between 1 and 65535.";
- }
+// if (($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport']))) {
+// $input_errors[] = "The local port must be an integer between 1 and 65535.";
+// }
- if ($_POST['beginport'] > $_POST['endport']) {
+// if ($_POST['beginport'] > $_POST['endport']) {
/* swap */
- $tmp = $_POST['endport'];
- $_POST['endport'] = $_POST['beginport'];
- $_POST['beginport'] = $tmp;
- }
+// $tmp = $_POST['endport'];
+// $_POST['endport'] = $_POST['beginport'];
+// $_POST['beginport'] = $tmp;
+// }
- if (!$input_errors) {
- if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535)
- $input_errors[] = "The target port range must be an integer between 1 and 65535.";
- }
+// if (!$input_errors) {
+// if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535)
+// $input_errors[] = "The target port range must be an integer between 1 and 65535.";
+// }
- }
+// }
/* check for overlaps */
foreach ($a_nat as $natent) {
@@ -133,48 +120,21 @@ if ($_POST) {
continue;
if ($natent['interface'] != $_POST['interface'])
continue;
- if ($natent['external-address'] != $_POST['extaddr'])
- continue;
- if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
- continue;
-
- list($begp,$endp) = explode("-", $natent['external-port']);
- if (!$endp)
- $endp = $begp;
-
- if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
- || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
-
- $input_errors[] = "The external port range overlaps with an existing entry.";
- break;
- }
}
+/* if no errors write to conf */
if (!$input_errors) {
$natent = array();
- if ($_POST['extaddr'])
- $natent['external-address'] = $_POST['extaddr'];
- $natent['protocol'] = $_POST['proto'];
-
- if ($_POST['beginport'] == $_POST['endport'])
- $natent['external-port'] = $_POST['beginport'];
- else
- $natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport'];
-
- $natent['target'] = $_POST['localip'];
- $natent['local-port'] = $_POST['localbeginport'];
- $natent['interface'] = $_POST['interface'];
+ $natent['enable'] = $_POST['enable'] ? on : off;
+ /* if option is diabled add a default answer */
+ $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface'];
$natent['descr'] = $_POST['descr'];
-
- if($_POST['block'] == "yes")
- $natent['block'] = true;
- else
- unset($natent['block']);
-
- if($_POST['inline'] == "yes")
- $natent['inline'] = true;
- else
- unset($natent['inline']);
+ $natent['performance'] = $_POST['performance'];
+ $natent['blockoffenders7'] = $_POST['blockoffenders7'] ? on : off;
+ $natent['snortalertlogtype'] = $_POST['snortalertlogtype'];
+ $natent['alertsystemlog'] = $_POST['alertsystemlog'] ? on : off;
+ $natent['tcpdumplog'] = $_POST['tcpdumplog'] ? on : off;
+ $natent['flow_depth'] = $_POST['flow_depth'];
if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
@@ -183,7 +143,9 @@ if ($_POST) {
array_splice($a_nat, $after+1, 0, array($natent));
else
$a_nat[] = $natent;
- }
+ }
+
+ touch($d_natconfdirty_path);
write_config();
@@ -192,21 +154,66 @@ if ($_POST) {
}
}
-$pgtitle = "Services: Snort Interfaces";
+$pgtitle = "Services: Snort Interfaces Edit";
include("head.inc");
?>
-
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php
+include("fbegin.inc");
+?>
+<style type="text/css">
+.alert {
+ position:absolute;
+ top:10px;
+ left:0px;
+ width:94%;
+background:#FCE9C0;
+background-position: 15px;
+border-top:2px solid #DBAC48;
+border-bottom:2px solid #DBAC48;
+padding: 15px 10px 85% 50px;
+}
+</style>
+<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+<script language="JavaScript">
+<!--
+
+function enable_change(enable_change) {
+ endis = !(document.iform.enable.checked || enable_change);
+ // make shure a default answer is called if this is envoked.
+ endis2 = (document.iform.enable);
+
<?php
-include("fbegin.inc"); ?>
+/* make shure all the settings exist or function hide will not work */
+/* if $id is emty allow if and discr to be open */
+if($id != "")
+{
+echo "
+ document.iform.interface.disabled = endis2;
+ document.iform.descr.disabled = endis;\n";
+}
+?>
+ document.iform.flow_depth.disabled = endis;
+ document.iform.performance.disabled = endis;
+ document.iform.blockoffenders7.disabled = endis;
+ document.iform.snortalertlogtype.disabled = endis;
+ document.iform.alertsystemlog.disabled = endis;
+ document.iform.tcpdumplog.disabled = endis;
+}
+//-->
+</script>
<p class="pgtitle"><?=$pgtitle?></p>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php if ($input_errors) print_input_errors($input_errors); ?>
- <form action="snort_interfaces_edit.php" method="post" name="iform" id="iform">
- <tr><td>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<form action="snort_interfaces_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
<?php
- if($id != "") {
-
+if($id != "")
+{
+
/* get the interface name */
$first = 0;
$snortInterfaces = array(); /* -gtm */
@@ -234,28 +241,75 @@ include("fbegin.inc"); ?>
return;
}
}
+
+ /* do for the selected interface */
foreach($snortInterfaces as $snortIf)
-
- $tab_array = array();
- $tab_array[] = array("Interfaces", false, "snort_interfaces.php");
- $tab_array[] = array("Settings", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0");
- $tab_array[] = array("Categories", false, "snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php");
- $tab_array[] = array("Rules", false, "snort/snort_{$snortIf}/snort_rules_{$snortIf}.php");
- $tab_array[] = array("Servers", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&amp;id=0");
- $tab_array[] = array("Threshold", false, "/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml");
- $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0");
- display_top_tabs($tab_array);
-
- }
+ {
+
+ /* if base directories dont exist create them */
+ if(!file_exists("/usr/local/pkg/snort/snort_{$snortIf}_{$id}/"))
+ {
+ exec("/bin/mkdir -p /usr/local/pkg/snort/snort_{$snortIf}_{$id}/");
+ if(!file_exists("/usr/local/www/snort/snort_{$snortIf}_{$id}/"))
+ exec("/bin/mkdir -p /usr/local/www/snort/snort_{$snortIf}_{$id}/");
+ }
+
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort_interfaces.php");
+ $tab_array[] = array("If Settings", true, "/snort_interfaces_edit.php");
+ $tab_array[] = array("Categories", false, "/snort/snort_{$snortIf}_{$id}/snort_rulesets_{$snortIf}_{$id}.php");
+ $tab_array[] = array("Rules", false, "/snort/snort_{$snortIf}_{$id}/snort_rules_{$snortIf}_{$id}.php");
+ $tab_array[] = array("Servers", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_define_servers_{$snortIf}_{$id}.xml&amp;id=0");
+ $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0");
+ $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0");
+ $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0");
+ display_top_tabs($tab_array);
+ }
+}
?>
- </td></tr>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
+</td>
+</tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <?php
+ if($id == "")
+ {
+ echo "
+ <tr>
+ <td width=\"22%\" valign=\"top\">&nbsp;</td>
+ <td width=\"78%\"><span class=\"vexpl\"><span class=\"red\"><strong>Note:</strong></span><br>
+ You will be redirected to the Snort Interfaces Menu to aprove changes.<br>
+ After approval, interface options will be made available.
+ <br><br>
+ Please select a interface and a description.
+ </td>
+ </tr>\n";
+ }
+ ?>
+ <tr>
+ <td width="22%" valign="top" class="vtable">&nbsp;</td>
+ <td width="78%" class="vtable">
+ <?php
+ // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
+ // care with spaces
+ if ($pconfig['enable'] == "on")
+ $checked = checked;
+ if($id != "")
+ {
+ $onclick_enable = "onClick=\"enable_change(false)\">";
+ }
+ echo "
+ <input name=\"enable\" type=\"checkbox\" value=\"yes\" $checked $onclick_enable
+ <strong>Enable Interface</strong></td>\n\n";
+ ?>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Interface</td>
<td width="78%" class="vtable">
<select name="interface" class="formfld">
<?php
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE');
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
}
@@ -268,133 +322,95 @@ include("fbegin.inc"); ?>
<span class="vexpl">Choose which interface this rule applies to.<br>
Hint: in most cases, you'll want to use WAN here.</span></td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Block all offenders</td>
- <td width="78%" class="vtable">
- <input type="checkbox" value="yes" name="block"<?php if($pconfig['block']) echo " CHECKED"; ?>><br>
- HINT: Block all offenders that trigger an alert on the selected interface.
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Enable Inline Mode</td>
- <td width="78%" class="vtable">
- <input type="checkbox" value="yes" name="inline"<?php if($pconfig['inline']) echo " CHECKED"; ?>><br>
- HINT: This will enable Snort Inline mode on the selected interafce.
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Inline listening port </td>
- <td width="78%" class="vtable">
- <select name="localbeginport" class="formfld" onChange="ext_change();check_for_aliases();">
- <option value="">(other)</option>
- <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
- <?php endforeach; ?>
- </select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['localbeginport']; ?>">
- <br>
- <span class="vexpl">Specify the port Snort Inline should lissten on.<br>
- Hint: Never enter a port that is already being used by the system.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Inline Divert Protocol</td>
- <td width="78%" class="vtable">
- <select name="proto" class="formfld" onChange="proto_change(); check_for_aliases();">
- <?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP All"); foreach ($protocols as $proto): ?>
- <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
- <?php endforeach; ?>
- </select> <br> <span class="vexpl">Choose which IP protocol Snort Inline should divert.<br>
- Hint: in most cases, you should specify <em>All</em> &nbsp;here.</span></td>
- </tr>
<tr>
- <td width="22%" valign="top" class="vncellreq">Inline Divert External port range </td>
- <td width="78%" class="vtable">
- <table border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td>from:&nbsp;&nbsp;</td>
- <td><select name="beginport" class="formfld" onChange="ext_rep_change(); ext_change(); check_for_aliases();">
- <option value="">(other)</option>
- <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
- <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['beginport']) {
- echo "selected";
- $bfound = 1;
- }?>>
- <?=htmlspecialchars($wkportdesc);?>
- </option>
- <?php endforeach; ?>
- </select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="beginport_cust" id="beginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['beginport']; ?>"></td>
- </tr>
- <tr>
- <td>to:</td>
- <td><select name="endport" class="formfld" onChange="ext_change(); check_for_aliases();">
- <option value="">(other)</option>
- <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
- <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['endport']) {
- echo "selected";
- $bfound = 1;
- }?>>
- <?=htmlspecialchars($wkportdesc);?>
- </option>
- <?php endforeach; ?>
- </select> <input onChange="check_for_aliases();" class="formfldalias" autocomplete='off' name="endport_cust" id="endport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['endport']; ?>"></td>
- </tr>
- </table>
- <br> <span class="vexpl">Specify the port or port range Snort Inline should divert on the firewall's external address.<br>
- Hint: you can leave the <em>'to'</em> field empty if you only want to divert a single port<br>
- Hint: you can leave from and to empty to divert all ports.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Inline IP Subnet</td>
- <td width="78%" class="vtable">
- <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
- <br> <span class="vexpl">Enter the internal IP subnet address you wish to sniff. Leave blank for all.<br>
- e.g. <em>192.168.1.0/24</em></span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="22%" valign="top" class="vncellreq">Description</td>
<td width="78%" class="vtable">
<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
<br> <span class="vexpl">You may enter a description here
for your reference (not parsed).</span></td>
</tr>
- <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']))): ?>
- <?php endif; ?>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Memory Performance</td>
+ <td width="78%" class="vtable">
+ <select name="performance" class="formfld" id="performance">
+ <?php
+ $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS');
+ foreach ($interfaces2 as $iface2 => $ifacename2): ?>
+ <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename2);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Block offenders</td>
+ <td width="78%" class="vtable">
+ <input name="blockoffenders7" type="checkbox" value="yes" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Checking this option will automatically block hosts that generate a snort alert.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Alerts Tab description type</td>
+ <td width="78%" class="vtable">
+ <select name="snortalertlogtype" class="formfld" id="snortalertlogtype">
+ <?php
+ $interfaces4 = array('fast' => 'SHORT', 'full' => 'FULL');
+ foreach ($interfaces4 as $iface4 => $ifacename4): ?>
+ <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename4);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please choose the type of Alert logging you will like see in the Alerts Tab.<br>
+ Hint: in most cases, short descriptions are best.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Send alerts to main System logs</td>
+ <td width="78%" class="vtable">
+ <input name="alertsystemlog" type="checkbox" value="yes" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Snort will send Alerts to the Pfsense system logs.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td>
+ <td width="78%" class="vtable">
+ <input name="tcpdumplog" type="checkbox" value="yes" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by a wireshark type of application. WARNING: File may become large.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">HTTP server flow depth</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td>
+ </tr>
+ </table>
+ Amount of HTTP server response payload to inspect. Snort's performance may increase by ajusting this value.<br>
+ Setting this value too low may cause false negatives. Value above 0 is in bytes.<br>
+ <strong>Default value is 0</strong></td>
+ </tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+ <input name="Submit" type="submit" class="formbtn" value="Save"> <input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
<?php if (isset($id) && $a_nat[$id]): ?>
<input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
</td>
</tr>
- </table>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings befor you click start. </td>
+ </tr>
+ </table>
+ </table>
</form>
+
<script language="JavaScript">
<!--
- ext_change();
-//-->
-</script>
-<?php
-$isfirst = 0;
-$aliases = "";
-$addrisfirst = 0;
-$aliasesaddr = "";
-if($config['aliases']['alias'] <> "")
- foreach($config['aliases']['alias'] as $alias_name) {
- if(!stristr($alias_name['address'], ".")) {
- if($isfirst == 1) $aliases .= ",";
- $aliases .= "'" . $alias_name['name'] . "'";
- $isfirst = 1;
- } else {
- if($addrisfirst == 1) $aliasesaddr .= ",";
- $aliasesaddr .= "'" . $alias_name['name'] . "'";
- $addrisfirst = 1;
- }
- }
-?>
-<script language="JavaScript">
-<!--
- var addressarray=new Array(<?php echo $aliasesaddr; ?>);
- var customarray=new Array(<?php echo $aliases; ?>);
+enable_change(false);
//-->
</script>
<?php include("fend.inc"); ?>
diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php
new file mode 100644
index 00000000..43c5cf6c
--- /dev/null
+++ b/config/snort-dev/snort_interfaces_global.php
@@ -0,0 +1,279 @@
+<?php
+/*
+ snort_interfaces_global.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2003-2006 Robert Zelaya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$pgtitle = "Services:[Snort][Global Settings]";
+require("guiconfig.inc");
+
+/* make things short */
+$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
+$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
+$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
+$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+$pconfig['whitelistvpns'] = $config['installedpackages']['snortglobal']['whitelistvpns'];
+$pconfig['clickablalerteurls'] = $config['installedpackages']['snortglobal']['clickablalerteurls'];
+$pconfig['associatealertip'] = $config['installedpackages']['snortglobal']['associatealertip'];
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ if ($_POST['enable']) {
+ $reqdfields = explode(" ", "interface");
+ $reqdfieldsn = explode(",", "Interface");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if ($_POST['httpslogin_enable']) {
+ if (!$_POST['cert'] || !$_POST['key']) {
+ $input_errors[] = "Certificate and key must be specified for HTTPS login.";
+ } else {
+ if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))
+ $input_errors[] = "This certificate does not appear to be valid.";
+ if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY"))
+ $input_errors[] = "This key does not appear to be valid.";
+ }
+
+ if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) {
+ $input_errors[] = "The HTTPS server name must be specified for HTTPS login.";
+ }
+ }
+ }
+
+ if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) {
+ $input_errors[] = "The timeout must be at least 1 minute.";
+ }
+ if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) {
+ $input_errors[] = "The idle timeout must be at least 1 minute.";
+ }
+ if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
+ $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]";
+ }
+ if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
+ $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]";
+ }
+ if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
+ $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
+ }
+ if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
+ $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]";
+ }
+ if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
+ $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
+ }
+ if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) {
+ $input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100.";
+ }
+ $mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16;
+ if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) {
+ $input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum.";
+ }
+
+ if (!$input_errors) {
+
+ $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'];
+ $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];
+ $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? on : off;
+ $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked'];
+ $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7'];
+ $config['installedpackages']['snortglobal']['whitelistvpns'] = $_POST['whitelistvpns'] ? on : off;
+ $config['installedpackages']['snortglobal']['clickablalerteurls'] = $_POST['clickablalerteurls'] ? on : off;
+ $config['installedpackages']['snortglobal']['associatealertip'] = $_POST['associatealertip'] ? on : off;
+
+ write_config();
+
+ $retval = 0;
+
+ config_lock();
+ $retval = captiveportal_configure();
+ config_unlock();
+
+ $savemsg = get_std_save_message($retval);
+ }
+}
+include("head.inc");
+?>
+<?php include("fbegin.inc"); ?>
+<script language="JavaScript">
+<!--
+
+/* make shure all the settings exist or function hide will not work */
+function enable_change(enable_change) {
+ var endis, radius_endis;
+ endis = !(document.iform.enable.checked || enable_change);
+// radius_endis = !((!endis && document.iform.auth_method[2].checked) || enable_change);
+
+ document.iform.snortdownload[0].disabled = endis;
+ document.iform.snortdownload[1].disabled = endis;
+ document.iform.snortdownload[2].disabled = endis;
+ document.iform.oinkmastercode.disabled = endis;
+ document.iform.emergingthreats.disabled = endis;
+ document.iform.rm_blocked.disabled = endis;
+ document.iform.autorulesupdate7.disabled = endis;
+ document.iform.whitelistvpns.disabled = endis;
+ document.iform.clickablalerteurls.disabled = endis;
+ document.iform.associatealertip.disabled = endis;
+}
+//-->
+</script>
+<p class="pgtitle"><?=$pgtitle?></p>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Snort Inertfaces", false, "snort_interfaces.php");
+ $tab_array[] = array("Global Settings", true, "snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "services_captiveportal_ip.php");
+ $tab_array[] = array("Alerts", false, "services_captiveportal_users.php");
+ $tab_array[] = array("Blocked", false, "services_captiveportal_filemanager.php");
+ $tab_array[] = array("Whitelists", false, "services_captiveportal_users.php");
+ $tab_array[] = array("Help & Info", false, "services_captiveportal_filemanager.php");
+ display_top_tabs($tab_array);
+?> </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncell">Install Snort.org rules</td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="off" onClick="enable_change(false)" <?php if($pconfig['snortdownload']!="premium" && $pconfig['snortdownload']!="basic") echo "checked"; ?>>
+ Do <strong>NOT</strong> install</td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="premium" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=="premium") echo "checked"; ?>>
+ Premium rules <a href="http://forum.pfsense.org/index.php/topic,16847.0.html" target="_blank">HIGHLY RECOMMENDED</a></td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="basic" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=="basic") echo "checked"; ?>>
+ Basic Rules</td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td>
+ </tr>
+ <tr>
+ <td class="vncell" valign="top">Code</td>
+ <td class="vtable"><input name="oinkmastercode" type="text" class="formfld" id="oinkmastercode" size="52" value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br>
+ Obtain a snort.org Oinkmaster code and paste here.</td>
+ </td>
+ </table>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Install <strong>Emergingthreats</strong> rules</td>
+ <td width="78%" class="vtable">
+ <input name="emergingthreats" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Remove blocked hosts every</td>
+ <td width="78%" class="vtable">
+ <select name="rm_blocked" class="formfld" id="rm_blocked">
+ <?php
+ $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS');
+ foreach ($interfaces3 as $iface3 => $ifacename3): ?>
+ <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please select the amount of time you would like hosts to be blocked for.<br>
+ Hint: in most cases, 1 hour is a good choice.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Update rules automatically</td>
+ <td width="78%" class="vtable">
+ <select name="autorulesupdate7" class="formfld" id="autorulesupdate7">
+ <?php
+ $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS');
+ foreach ($interfaces3 as $iface3 => $ifacename3): ?>
+ <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please select the update times for rules.<br>
+ Hint: in most cases, every 12 hours is a good choice.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Whitelist VPNs automatically</td>
+ <td width="78%" class="vtable">
+ <input name="whitelistvpns" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['whitelistvpns'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Checking this option will install whitelists for all VPNs.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Convert Snort alerts urls to clickable links</td>
+ <td width="78%" class="vtable">
+ <input name="clickablalerteurls" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['clickablalerteurls'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Checking this option will automatically convert URLs in the Snort alerts tab to clickable links.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Associate events on Blocked tab</td>
+ <td width="78%" class="vtable">
+ <input name="associatealertip" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['associatealertip'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Checking this option will automatically associate the blocked reason from the snort alerts file.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span>Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work. </span></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form>
+<script language="JavaScript">
+<!--
+enable_change(false);
+//-->
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>