diff options
| author | jim-p <jimp@pfsense.org> | 2012-06-18 09:39:40 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-06-18 09:39:40 -0400 |
| commit | fd05dadfde942aeca2305c2c5d60d3b47c8427a0 (patch) | |
| tree | 07b5529a982b9876da330541c0506dc4ae194fe1 /config | |
| parent | d68fd3866c79f5849e0e0c98da4eed2e7ed07e1b (diff) | |
| download | pfsense-packages-fd05dadfde942aeca2305c2c5d60d3b47c8427a0.tar.gz pfsense-packages-fd05dadfde942aeca2305c2c5d60d3b47c8427a0.tar.bz2 pfsense-packages-fd05dadfde942aeca2305c2c5d60d3b47c8427a0.zip | |
Fix newlines.
Diffstat (limited to 'config')
22 files changed, 8670 insertions, 8670 deletions
diff --git a/config/snort-dev/css/sexybuttons.css b/config/snort-dev/css/sexybuttons.css index db36a287..c3834b44 100644 --- a/config/snort-dev/css/sexybuttons.css +++ b/config/snort-dev/css/sexybuttons.css @@ -1,342 +1,342 @@ -/*
- * Sexy Buttons
- *
- * DESCRIPTION:
- * Sexy, skinnable HTML/CSS buttons with icons.
- *
- * PROJECT URL:
- * http://code.google.com/p/sexybuttons/
- *
- * AUTHOR:
- * Richard Davies
- * http://www.richarddavies.us
- * Richard@richarddavies.us
- *
- * VERSION:
- * 1.1
- *
- * LICENSE:
- * Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
- * Creative Commons 3.0 Attribution (http://creativecommons.org/licenses/by/3.0/)
- *
- * CREDITS:
- * Inspired by, derived from, and thanks to:
- * http://www.p51labs.com/simply-buttons-v2/
- * http://www.oscaralexander.com/tutorials/how-to-make-sexy-buttons-with-css.html
- * http://www.zurb.com/article/266/super-awesome-buttons-with-css3-and-rgba
- * http://www.elctech.com/snippets/make-your-buttons-look-super-awesome
- *
- * USAGE:
- * Simply add class="sexybutton [skin]" to a <button> or <a> element and wrap the label text with double <span>s.
- * You can optionally add a "silk" icon to the button text by using a third <span> with class to identify the icon.
- *
- * EXAMPLE:
- * <button id="btn1" class="sexybutton" name="btn1" type="submit" value="Submit">
- * <span><span><span class="ok">Submit</span></span></span>
- * </button>
- */
-
-
-/*
- * Generic styles for all Sexy Buttons
- */
-
-.sexybutton {
- display: inline-block;
- margin: 0;
- padding: 0;
- font: bold 13px "Helvetica Neue", Helvetica, Arial !important;
- text-decoration: none !important;
- text-shadow: 1px 1px 2px rgba(0,0,0,0.20);
- background: none;
- border: none;
- white-space: nowrap;
- cursor: pointer;
- user-select: none;
- -moz-user-select: none;
-
- /* Fix extra width padding in IE */
- _width: 0;
- overflow: visible;
-}
-
-.sexybutton span {
- display: block; /* Prevents :active from working in IE--oh well! */
- height: 24px;
- padding-right: 12px;
- background-repeat: no-repeat;
- background-position: right top;
-}
-
-.sexybutton span span {
- padding-right: 0;
- padding-left: 12px;
- line-height: 24px;
- background-position: left top;
-}
-
-.sexybutton span span span {
- padding-left: 21px;
- background-image: none;
- background-repeat: no-repeat;
- background-position: left center;
- /* IE6 still requires a PNG transparency fix */
- /* _background-image: none; Or just hide icons from the undeserving IE6 */
- /* _padding-left: 0; Or just hide icons from the undeserving IE6 */
-}
-
-.sexybutton span span span.after {
- padding-left: 0px;
- padding-right: 21px;
- background-position: right center;
- /* IE6 still requires a PNG transparency fix */
- /* _padding-right: 0; Or just hide icons from the undeserving IE6 */
-}
-
-.sexybutton[disabled],
-.sexybutton[disabled]:hover,
-.sexybutton[disabled]:focus,
-.sexybutton[disabled]:active,
-.sexybutton.disabled,
-.sexybutton.disabled:hover,
-.sexybutton.disabled:focus,
-.sexybutton.disabled:active {
- color: #333 !important;
- cursor: inherit;
- text-shadow: none;
- opacity: 0.33;
-}
-
-.sexybutton:hover span,
-.sexybutton:focus span {
- background-position: 100% -24px;
-}
-
-.sexybutton:hover span span,
-.sexybutton:focus span span {
- background-position: 0% -24px;
-}
-
-.sexybutton:active span {
- background-position: 100% -48px;
-}
-
-.sexybutton:active span span {
- background-position: 0% -48px;
-}
-
-.sexybutton[disabled] span,
-.sexybutton.disabled span {
- background-position: 100% -72px;
-}
-
-.sexybutton[disabled] span span,
-.sexybutton.disabled span span {
- background-position: 0% -72px;
-}
-
-.sexybutton:hover span span span,
-.sexybutton:focus span span span,
-.sexybutton:active span span span,
-.sexybutton[disabled] span span span,
-.sexybutton.disabled span span span {
- background-position: left center;
-}
-
-.sexybutton:hover span span span.after,
-.sexybutton:focus span span span.after,
-.sexybutton:active span span span.after,
-.sexybutton[disabled] span span span.after,
-.sexybutton.disabled span span span.after {
- background-position: right center;
-}
-
-.sexybutton img {
- margin-right: 5px;
- vertical-align: text-top;
- /* IE6 Hack */
- _margin-top: 4px;
- _vertical-align: text-bottom;
- /* IE6 still requires a PNG transparency fix */
- /* _display: none; Or just hide icons from the undeserving IE6 */
-}
-
-.sexybutton img.after {
- margin-right: 0;
- margin-left: 5px;
- /* IE6 still requires a PNG transparency fix */
- /* _margin-left: 0; Or just hide icons from the undeserving IE6 */
-}
-
-.sexybutton.sexysmalls { font-size:.8em !important; }
-.sexybutton.sexymedium { font-size: 15px !important; }
-.sexybutton.sexylarge { font-size: 18px !important; }
-
-
-/*
- * Button Skins
- *
- * .PNG background images with alpha transparency are also supplied if you'd rather use them instead of the
- * default .GIF images. (Just beware of IE6's lack of support.)
- *
- * Additional skins can be added below. The images/skins/ButtonTemplate.psd can be used to create new skins.
- * Prefix the skin name with "sexy" to avoid any potential conflicts with other class names.
- */
-
-/*
- * Simple Skin Buttons
- */
-
-.sexybutton.sexysimple {
- position: relative;
- padding: 5px 10px 5px;
- font: inherit;
- font-size: .85em !important;
- font-style: normal !important;
- font-weight: bold !important;
- color: #fff !important;
- line-height: 1;
- background-image: url(/snort/images//awesome-overlay-sprite.png);
- background-repeat: repeat-x;
- background-position: 0 0;
-
- /* Special effects */
- text-shadow: 0 -1px 1px rgba(0,0,0,0.25), -2px 0 1px rgba(0,0,0,0.25);
- border-radius: 5px;
- -moz-border-radius: 5px;
- -webkit-border-radius: 5px;
- -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
- -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
-
- /* IE only stuff */
- border-bottom: 1px solid transparent\9;
- _background-image: none;
-
- /* Cross browser inline block hack - http://blog.mozilla.com/webdev/2009/02/20/cross-browser-inline-block/ */
- display: -moz-inline-stack;
- display: inline-block;
- vertical-align: middle;
- *display: inline !important;
- position: relative;
-
- /* Force hasLayout in IE */
- zoom: 1;
-
- /* Disable text selection (Firefox only)*/
- -moz-user-select: none;
-}
-
-.sexybutton.sexysimple::selection {
- background: transparent;
-}
-
-.sexybutton.sexysimple:hover,
-.sexybutton.sexysimple:focus {
- background-position: 0 -50px;
- color: #fff !important;
-}
-
-.sexybutton.sexysimple:active {
- background-position: 0 -100px;
- -moz-box-shadow: inset 0 1px 2px rgba(0,0,0,0.7);
- /* Unfortunately, Safari doesn't support inset yet */
- -webkit-box-shadow: none;
-
- /* IE only stuff */
- border-bottom: 0\9;
- border-top: 1px solid #666\9;
-}
-
-.sexybutton.sexysimple[disabled],
-.sexybutton.sexysimple.disabled {
- background-position: 0 -150px;
- color: #333 !important;
- text-shadow: none;
-}
-
-.sexybutton.sexysimple[disabled]:hover,
-.sexybutton.sexysimple[disabled]:focus,
-.sexybutton.sexysimple[disabled]:active,
-.sexybutton.sexysimple.disabled:hover,
-.sexybutton.sexysimple.disabled:focus,
-.sexybutton.sexysimple.disabled:active {
- -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
- -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
-}
-
-.sexybutton.sexysimple span {
- height: auto;
- padding-left: 24px;
- padding-right: 0;
- background-position: left center;
- background-repeat: no-repeat;
- /* IE6 still requires a PNG transparency fix */
- /* _padding-left: 0; Or just hide icons from the undeserving IE6 */
-}
-
-.sexybutton.sexysimple span.after {
- padding-left: 0;
- padding-right: 24px;
- background-position: right center;
- /* IE6 still requires a PNG transparency fix */
- /* _padding-right: 0; Or just hide icons from the undeserving IE6 */
-}
-
-/* Simple button colors */
-.sexybutton.sexysimple { background-color: #333; } /* Default */
-.sexybutton.sexysimple.sexyblack { background-color: #333; }
-.sexybutton.sexysimple.sexyred { background-color: #a90118; }
-.sexybutton.sexysimple.sexyorange { background-color: #ff8a00; }
-.sexybutton.sexysimple.sexyyellow { background-color: #ffb515; }
-.sexybutton.sexysimple.sexygreen { background-color: #59a901; }
-.sexybutton.sexysimple.sexyblue { background-color: #015ea9; }
-.sexybutton.sexysimple.sexyteal { background-color: #2daebf; }
-.sexybutton.sexysimple.sexymagenta { background-color: #a9014b; }
-.sexybutton.sexysimple.sexypurple { background-color: #9d01a9; }
-
-/* Simple button sizes */
-.sexybutton.sexysimple.sexysmall { padding: 4px 7px 5px; font-size: 10px !important; }
-.sexybutton.sexysimple.sexysmall:active { padding: 5px 7px 4px; }
-.sexybutton.sexysimple { /* default */ }
-.sexybutton.sexysimple:active { padding: 6px 10px 4px; }
-.sexybutton.sexysimple.sexymedium { /* default */ }
-.sexybutton.sexysimple.sexymedium:active { padding: 6px 10px 4px; }
-.sexybutton.sexysimple.sexylarge { padding: 8px 14px 8px; font-size: 14px !important; }
-.sexybutton.sexysimple.sexylarge:active { padding: 9px 14px 7px; }
-.sexybutton.sexysimple.sexyxl { padding: 8px 14px 8px; font-size: 16px !important; }
-.sexybutton.sexysimple.sexyxl:active { padding: 9px 14px 7px; }
-.sexybutton.sexysimple.sexyxxl { padding: 8px 14px 8px; font-size: 20px !important; }
-.sexybutton.sexysimple.sexyxxl:active { padding: 9px 14px 7px; }
-.sexybutton.sexysimple.sexyxxxl { padding: 8px 14px 8px; font-size: 26px !important; }
-.sexybutton.sexysimple.sexyxxxl:active { padding: 9px 14px 7px; }
-
-.sexybutton.sexysimple.sexysmall[disabled]:active,
-.sexybutton.sexysimple.sexysmall.disabled:active { padding: 4px 7px 5px; }
-.sexybutton.sexysimple[disabled]:active,
-.sexybutton.sexysimple.disabled:active { padding: 5px 10px 5px; }
-.sexybutton.sexysimple.sexymedium[disabled]:active,
-.sexybutton.sexysimple.sexymedium.disabled:active { padding: 6px 10px 4px; }
-.sexybutton.sexysimple.sexylarge[disabled]:active,
-.sexybutton.sexysimple.sexylarge.disabled:active { padding: 8px 14px 8px; }
-.sexybutton.sexysimple.sexyxl[disabled]:active,
-.sexybutton.sexysimple.sexyxl.disabled:active { padding: 8px 14px 8px; }
-.sexybutton.sexysimple.sexyxxl[disabled]:active,
-.sexybutton.sexysimple.sexyxxl.disabled:active { padding: 8px 14px 8px; }
-.sexybutton.sexysimple.sexyxxxl[disabled]:active,
-.sexybutton.sexysimple.sexyxxxl.disabled:active { padding: 8px 14px 8px; }
-
-
-/*
- * Icon Definitions
- */
-
-/* Silk Icons - http://www.famfamfam.com/lab/icons/silk/ */
-/* (Obviously not all Silk icons are defined here. Feel free to define any other icons that you may need.) */
-
-.sexybutton span.ok { background-image: url(/snort/images//tick.png) !important; }
-.sexybutton span.cancel { background-image: url(/snort/images//cross.png) !important; }
-.sexybutton span.add { background-image: url(/snort/images//add.png) !important; }
-.sexybutton span.delete { background-image: url(/snort/images//delete.png) !important; }
-.sexybutton span.download { background-image: url(/snort/images//arrow_down.png) !important; }
-.sexybutton span.pwhitetxt { background-image: url(/snort/images//page_white_text.png) !important; }
-
+/* + * Sexy Buttons + * + * DESCRIPTION: + * Sexy, skinnable HTML/CSS buttons with icons. + * + * PROJECT URL: + * http://code.google.com/p/sexybuttons/ + * + * AUTHOR: + * Richard Davies + * http://www.richarddavies.us + * Richard@richarddavies.us + * + * VERSION: + * 1.1 + * + * LICENSE: + * Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0) + * Creative Commons 3.0 Attribution (http://creativecommons.org/licenses/by/3.0/) + * + * CREDITS: + * Inspired by, derived from, and thanks to: + * http://www.p51labs.com/simply-buttons-v2/ + * http://www.oscaralexander.com/tutorials/how-to-make-sexy-buttons-with-css.html + * http://www.zurb.com/article/266/super-awesome-buttons-with-css3-and-rgba + * http://www.elctech.com/snippets/make-your-buttons-look-super-awesome + * + * USAGE: + * Simply add class="sexybutton [skin]" to a <button> or <a> element and wrap the label text with double <span>s. + * You can optionally add a "silk" icon to the button text by using a third <span> with class to identify the icon. + * + * EXAMPLE: + * <button id="btn1" class="sexybutton" name="btn1" type="submit" value="Submit"> + * <span><span><span class="ok">Submit</span></span></span> + * </button> + */ + + +/* + * Generic styles for all Sexy Buttons + */ + +.sexybutton { + display: inline-block; + margin: 0; + padding: 0; + font: bold 13px "Helvetica Neue", Helvetica, Arial !important; + text-decoration: none !important; + text-shadow: 1px 1px 2px rgba(0,0,0,0.20); + background: none; + border: none; + white-space: nowrap; + cursor: pointer; + user-select: none; + -moz-user-select: none; + + /* Fix extra width padding in IE */ + _width: 0; + overflow: visible; +} + +.sexybutton span { + display: block; /* Prevents :active from working in IE--oh well! */ + height: 24px; + padding-right: 12px; + background-repeat: no-repeat; + background-position: right top; +} + +.sexybutton span span { + padding-right: 0; + padding-left: 12px; + line-height: 24px; + background-position: left top; +} + +.sexybutton span span span { + padding-left: 21px; + background-image: none; + background-repeat: no-repeat; + background-position: left center; + /* IE6 still requires a PNG transparency fix */ + /* _background-image: none; Or just hide icons from the undeserving IE6 */ + /* _padding-left: 0; Or just hide icons from the undeserving IE6 */ +} + +.sexybutton span span span.after { + padding-left: 0px; + padding-right: 21px; + background-position: right center; + /* IE6 still requires a PNG transparency fix */ + /* _padding-right: 0; Or just hide icons from the undeserving IE6 */ +} + +.sexybutton[disabled], +.sexybutton[disabled]:hover, +.sexybutton[disabled]:focus, +.sexybutton[disabled]:active, +.sexybutton.disabled, +.sexybutton.disabled:hover, +.sexybutton.disabled:focus, +.sexybutton.disabled:active { + color: #333 !important; + cursor: inherit; + text-shadow: none; + opacity: 0.33; +} + +.sexybutton:hover span, +.sexybutton:focus span { + background-position: 100% -24px; +} + +.sexybutton:hover span span, +.sexybutton:focus span span { + background-position: 0% -24px; +} + +.sexybutton:active span { + background-position: 100% -48px; +} + +.sexybutton:active span span { + background-position: 0% -48px; +} + +.sexybutton[disabled] span, +.sexybutton.disabled span { + background-position: 100% -72px; +} + +.sexybutton[disabled] span span, +.sexybutton.disabled span span { + background-position: 0% -72px; +} + +.sexybutton:hover span span span, +.sexybutton:focus span span span, +.sexybutton:active span span span, +.sexybutton[disabled] span span span, +.sexybutton.disabled span span span { + background-position: left center; +} + +.sexybutton:hover span span span.after, +.sexybutton:focus span span span.after, +.sexybutton:active span span span.after, +.sexybutton[disabled] span span span.after, +.sexybutton.disabled span span span.after { + background-position: right center; +} + +.sexybutton img { + margin-right: 5px; + vertical-align: text-top; + /* IE6 Hack */ + _margin-top: 4px; + _vertical-align: text-bottom; + /* IE6 still requires a PNG transparency fix */ + /* _display: none; Or just hide icons from the undeserving IE6 */ +} + +.sexybutton img.after { + margin-right: 0; + margin-left: 5px; + /* IE6 still requires a PNG transparency fix */ + /* _margin-left: 0; Or just hide icons from the undeserving IE6 */ +} + +.sexybutton.sexysmalls { font-size:.8em !important; } +.sexybutton.sexymedium { font-size: 15px !important; } +.sexybutton.sexylarge { font-size: 18px !important; } + + +/* + * Button Skins + * + * .PNG background images with alpha transparency are also supplied if you'd rather use them instead of the + * default .GIF images. (Just beware of IE6's lack of support.) + * + * Additional skins can be added below. The images/skins/ButtonTemplate.psd can be used to create new skins. + * Prefix the skin name with "sexy" to avoid any potential conflicts with other class names. + */ + +/* + * Simple Skin Buttons + */ + +.sexybutton.sexysimple { + position: relative; + padding: 5px 10px 5px; + font: inherit; + font-size: .85em !important; + font-style: normal !important; + font-weight: bold !important; + color: #fff !important; + line-height: 1; + background-image: url(/snort/images//awesome-overlay-sprite.png); + background-repeat: repeat-x; + background-position: 0 0; + + /* Special effects */ + text-shadow: 0 -1px 1px rgba(0,0,0,0.25), -2px 0 1px rgba(0,0,0,0.25); + border-radius: 5px; + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5); + -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5); + + /* IE only stuff */ + border-bottom: 1px solid transparent\9; + _background-image: none; + + /* Cross browser inline block hack - http://blog.mozilla.com/webdev/2009/02/20/cross-browser-inline-block/ */ + display: -moz-inline-stack; + display: inline-block; + vertical-align: middle; + *display: inline !important; + position: relative; + + /* Force hasLayout in IE */ + zoom: 1; + + /* Disable text selection (Firefox only)*/ + -moz-user-select: none; +} + +.sexybutton.sexysimple::selection { + background: transparent; +} + +.sexybutton.sexysimple:hover, +.sexybutton.sexysimple:focus { + background-position: 0 -50px; + color: #fff !important; +} + +.sexybutton.sexysimple:active { + background-position: 0 -100px; + -moz-box-shadow: inset 0 1px 2px rgba(0,0,0,0.7); + /* Unfortunately, Safari doesn't support inset yet */ + -webkit-box-shadow: none; + + /* IE only stuff */ + border-bottom: 0\9; + border-top: 1px solid #666\9; +} + +.sexybutton.sexysimple[disabled], +.sexybutton.sexysimple.disabled { + background-position: 0 -150px; + color: #333 !important; + text-shadow: none; +} + +.sexybutton.sexysimple[disabled]:hover, +.sexybutton.sexysimple[disabled]:focus, +.sexybutton.sexysimple[disabled]:active, +.sexybutton.sexysimple.disabled:hover, +.sexybutton.sexysimple.disabled:focus, +.sexybutton.sexysimple.disabled:active { + -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5); + -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5); +} + +.sexybutton.sexysimple span { + height: auto; + padding-left: 24px; + padding-right: 0; + background-position: left center; + background-repeat: no-repeat; + /* IE6 still requires a PNG transparency fix */ + /* _padding-left: 0; Or just hide icons from the undeserving IE6 */ +} + +.sexybutton.sexysimple span.after { + padding-left: 0; + padding-right: 24px; + background-position: right center; + /* IE6 still requires a PNG transparency fix */ + /* _padding-right: 0; Or just hide icons from the undeserving IE6 */ +} + +/* Simple button colors */ +.sexybutton.sexysimple { background-color: #333; } /* Default */ +.sexybutton.sexysimple.sexyblack { background-color: #333; } +.sexybutton.sexysimple.sexyred { background-color: #a90118; } +.sexybutton.sexysimple.sexyorange { background-color: #ff8a00; } +.sexybutton.sexysimple.sexyyellow { background-color: #ffb515; } +.sexybutton.sexysimple.sexygreen { background-color: #59a901; } +.sexybutton.sexysimple.sexyblue { background-color: #015ea9; } +.sexybutton.sexysimple.sexyteal { background-color: #2daebf; } +.sexybutton.sexysimple.sexymagenta { background-color: #a9014b; } +.sexybutton.sexysimple.sexypurple { background-color: #9d01a9; } + +/* Simple button sizes */ +.sexybutton.sexysimple.sexysmall { padding: 4px 7px 5px; font-size: 10px !important; } +.sexybutton.sexysimple.sexysmall:active { padding: 5px 7px 4px; } +.sexybutton.sexysimple { /* default */ } +.sexybutton.sexysimple:active { padding: 6px 10px 4px; } +.sexybutton.sexysimple.sexymedium { /* default */ } +.sexybutton.sexysimple.sexymedium:active { padding: 6px 10px 4px; } +.sexybutton.sexysimple.sexylarge { padding: 8px 14px 8px; font-size: 14px !important; } +.sexybutton.sexysimple.sexylarge:active { padding: 9px 14px 7px; } +.sexybutton.sexysimple.sexyxl { padding: 8px 14px 8px; font-size: 16px !important; } +.sexybutton.sexysimple.sexyxl:active { padding: 9px 14px 7px; } +.sexybutton.sexysimple.sexyxxl { padding: 8px 14px 8px; font-size: 20px !important; } +.sexybutton.sexysimple.sexyxxl:active { padding: 9px 14px 7px; } +.sexybutton.sexysimple.sexyxxxl { padding: 8px 14px 8px; font-size: 26px !important; } +.sexybutton.sexysimple.sexyxxxl:active { padding: 9px 14px 7px; } + +.sexybutton.sexysimple.sexysmall[disabled]:active, +.sexybutton.sexysimple.sexysmall.disabled:active { padding: 4px 7px 5px; } +.sexybutton.sexysimple[disabled]:active, +.sexybutton.sexysimple.disabled:active { padding: 5px 10px 5px; } +.sexybutton.sexysimple.sexymedium[disabled]:active, +.sexybutton.sexysimple.sexymedium.disabled:active { padding: 6px 10px 4px; } +.sexybutton.sexysimple.sexylarge[disabled]:active, +.sexybutton.sexysimple.sexylarge.disabled:active { padding: 8px 14px 8px; } +.sexybutton.sexysimple.sexyxl[disabled]:active, +.sexybutton.sexysimple.sexyxl.disabled:active { padding: 8px 14px 8px; } +.sexybutton.sexysimple.sexyxxl[disabled]:active, +.sexybutton.sexysimple.sexyxxl.disabled:active { padding: 8px 14px 8px; } +.sexybutton.sexysimple.sexyxxxl[disabled]:active, +.sexybutton.sexysimple.sexyxxxl.disabled:active { padding: 8px 14px 8px; } + + +/* + * Icon Definitions + */ + +/* Silk Icons - http://www.famfamfam.com/lab/icons/silk/ */ +/* (Obviously not all Silk icons are defined here. Feel free to define any other icons that you may need.) */ + +.sexybutton span.ok { background-image: url(/snort/images//tick.png) !important; } +.sexybutton span.cancel { background-image: url(/snort/images//cross.png) !important; } +.sexybutton span.add { background-image: url(/snort/images//add.png) !important; } +.sexybutton span.delete { background-image: url(/snort/images//delete.png) !important; } +.sexybutton span.download { background-image: url(/snort/images//arrow_down.png) !important; } +.sexybutton span.pwhitetxt { background-image: url(/snort/images//page_white_text.png) !important; } + diff --git a/config/snort-dev/css/style.css b/config/snort-dev/css/style.css index 7fca38f3..b484966c 100644 --- a/config/snort-dev/css/style.css +++ b/config/snort-dev/css/style.css @@ -1,206 +1,206 @@ -.alert {
- position:absolute;
- top:10px;
- left:0px;
- width:94%;
-background:#FCE9C0;
-background-position: 15px;
-border-top:2px solid #DBAC48;
-border-bottom:2px solid #DBAC48;
-padding: 15px 10px 85% 50px;
-}
-
-.formpre {
-font-family:arial;
-font-size: 1.1em;
-}
-
-#download_rules {
-font-family: arial;
-font-size: 13px;
-font-weight: bold;
-text-align: center
-}
-
-#download_rules_td {
-font-family: arial;
-font-size: 13px;
-font-weight: bold;
-text-align: center
-}
-
-/* hack fix the hard coded fbegin link */
-#header-left2 {
-position: absolute;
-background-position: center center;
-height: 67px;
-width: 147px;
-top: -77px;
-left: 8px;
-float: left;
-z-index:999;
-}
-#header-left2 #status-link2 {
- position: relative;
- top: 3px;
- left: 2px;
-}
-/* end of fbegin hack */
-
-.body2 {
-font-family:arial;
-font-size:12px;
-}
-
-
-
-
-/* Start of main css Pfsense */
-/* Start of main css Pfsense */
-
-@charset "utf-8";
-.textstyle {
- font-family: Arial, Helvetica, sans-serif;
- font-size: 12px;
- font-style: normal;
- background-color: #666;
- color: #CCC;
-}
-.textstyle p2 a {
- font-family: Arial, Helvetica, sans-serif;
- font-size: 12px;
- font-style: normal;
- color: #CCC;
-}
-
-.textstyle p {
- font-family: Arial, Helvetica, sans-serif;
- font-size: 24px;
- font-weight: bold;
- color: #FFF;
- text-decoration: underline;
-}
-.textstyle p2 {
- font-family: Arial, Helvetica, sans-serif;
- font-size: 12px;
- color: #CCC;
-}
-
-/* Start of main css for table sort */
-/* Start of main css for table sort */
-
-table {
- margin: 0;
- padding: 0;
- border: 0;
- font-weight: inherit;
- font-style: inherit;
- font-size: 9;
- font-family: Arial, Helvetica, sans-serif;
- vertical-align: baseline;
-}
-
-/* Tables still need 'cellspacing="0"' in the markup. */
-table { border-collapse: separate; border-spacing: 0; }
-caption, th, td { text-align: left; font-weight:400; }
-
-/* Remove possible quote marks (") from <q>, <blockquote>. */
-blockquote:before, blockquote:after, q:before, q:after { content: ""; }
-blockquote, q { quotes: "" ""; }
-
-#container {
- width: auto;
- margin: 0px;
- padding-top: 10px;
- padding-bottom: 10px;
-}
-
-
-
-/**************************************************************
-
- Sortable Table
- v 1.4
-
-**************************************************************/
-
-
-
-th {
- background-color: #eee;
- background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px;
- padding: 4px 4px 4px 14px;
-}
-
-.allRow {
- background-color: #eee;
- padding: 4px;
-}
-
-tr.altRow {
- background-color: #fff;
-}
-
-.leftAlign {
- text-align: left;
-}
-
-.centerAlign {
- text-align: center;
-}
-
-.rightAlign {
- text-align: right;
-}
-
-.sortedASC {
- background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee;
-}
-
-.sortedDESC {
- background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee;
-}
-
-.tableHeaderOver {
- cursor: pointer;
- color: #354158;
-}
-
-
-tr.selected {
- background-color: 9999ff;
- color: #000000;
-}
-
-tr.over {
- background-color: #993333;
- color: #fff;
- cursor: pointer;
-}
-
-tr.hide {
- display: none;
-}
-/***************************/
-
-.mainTableFilter {
- position: absolute;
- top: 0;
- left: -10px;
- width: auto;
-}
-
-.tableFilter {
- border: 1px solid #ccc;
- padding: 2px;
- margin: 5px 0 10px 0;
-}
-
-.tableFilter input {
- border: 1px solid #ccc;
-}
-
-.tableFilter select {
- border: 1px solid #ccc;
-}
-
+.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 85% 50px; +} + +.formpre { +font-family:arial; +font-size: 1.1em; +} + +#download_rules { +font-family: arial; +font-size: 13px; +font-weight: bold; +text-align: center +} + +#download_rules_td { +font-family: arial; +font-size: 13px; +font-weight: bold; +text-align: center +} + +/* hack fix the hard coded fbegin link */ +#header-left2 { +position: absolute; +background-position: center center; +height: 67px; +width: 147px; +top: -77px; +left: 8px; +float: left; +z-index:999; +} +#header-left2 #status-link2 { + position: relative; + top: 3px; + left: 2px; +} +/* end of fbegin hack */ + +.body2 { +font-family:arial; +font-size:12px; +} + + + + +/* Start of main css Pfsense */ +/* Start of main css Pfsense */ + +@charset "utf-8"; +.textstyle { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + font-style: normal; + background-color: #666; + color: #CCC; +} +.textstyle p2 a { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + font-style: normal; + color: #CCC; +} + +.textstyle p { + font-family: Arial, Helvetica, sans-serif; + font-size: 24px; + font-weight: bold; + color: #FFF; + text-decoration: underline; +} +.textstyle p2 { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + color: #CCC; +} + +/* Start of main css for table sort */ +/* Start of main css for table sort */ + +table { + margin: 0; + padding: 0; + border: 0; + font-weight: inherit; + font-style: inherit; + font-size: 9; + font-family: Arial, Helvetica, sans-serif; + vertical-align: baseline; +} + +/* Tables still need 'cellspacing="0"' in the markup. */ +table { border-collapse: separate; border-spacing: 0; } +caption, th, td { text-align: left; font-weight:400; } + +/* Remove possible quote marks (") from <q>, <blockquote>. */ +blockquote:before, blockquote:after, q:before, q:after { content: ""; } +blockquote, q { quotes: "" ""; } + +#container { + width: auto; + margin: 0px; + padding-top: 10px; + padding-bottom: 10px; +} + + + +/************************************************************** + + Sortable Table + v 1.4 + +**************************************************************/ + + + +th { + background-color: #eee; + background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px; + padding: 4px 4px 4px 14px; +} + +.allRow { + background-color: #eee; + padding: 4px; +} + +tr.altRow { + background-color: #fff; +} + +.leftAlign { + text-align: left; +} + +.centerAlign { + text-align: center; +} + +.rightAlign { + text-align: right; +} + +.sortedASC { + background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee; +} + +.sortedDESC { + background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee; +} + +.tableHeaderOver { + cursor: pointer; + color: #354158; +} + + +tr.selected { + background-color: 9999ff; + color: #000000; +} + +tr.over { + background-color: #993333; + color: #fff; + cursor: pointer; +} + +tr.hide { + display: none; +} +/***************************/ + +.mainTableFilter { + position: absolute; + top: 0; + left: -10px; + width: auto; +} + +.tableFilter { + border: 1px solid #ccc; + padding: 2px; + margin: 5px 0 10px 0; +} + +.tableFilter input { + border: 1px solid #ccc; +} + +.tableFilter select { + border: 1px solid #ccc; +} + diff --git a/config/snort-dev/help_and_info.php b/config/snort-dev/help_and_info.php index 95693ef4..af8eb4ae 100644 --- a/config/snort-dev/help_and_info.php +++ b/config/snort-dev/help_and_info.php @@ -1,247 +1,247 @@ -<?php
-
-require_once("guiconfig.inc");
-
-echo '
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-<title>The Snort Package Help Page</title>
-<style type="text/css">
-body {
- background: #f0f0f0;
- margin: 0;
- padding: 0;
- font: 10px normal Verdana, Arial, Helvetica, sans-serif;
- color: #444;
-}
-h1 {font-size: 3em; margin: 20px 0;}
-.container {width: 800px; margin: 10px auto;}
-ul.tabs {
- margin: 0;
- padding: 0;
- float: left;
- list-style: none;
- height: 25px;
- border-bottom: 1px solid #999;
- border-left: 1px solid #999;
- width: 100%;
-}
-ul.tabs li {
- float: left;
- margin: 0;
- padding: 0;
- height: 24px;
- line-height: 24px;
- border: 1px solid #000000;
- border-left: none;
- margin-bottom: -1px;
- background: #ffffff;
- overflow: hidden;
- position: relative;
-}
-ul.tabs li a {
- text-decoration: none;
- color: #000000;
- display: block;
- font-size: 1.2em;
- padding: 0 20px;
- border: 1px solid #fff;
- outline: none;
-}
-ul.tabs li a:hover {
- background: #eeeeee;
-}
-
-html ul.tabs li.active, html ul.tabs li.active a:hover {
- background: #fff;
- border-bottom: 1px solid #fff;
- color: #000000;
-}
-.tab_container {
- border: 1px solid #999;
- border-top: none;
- clear: both;
- float: left;
- width: 100%;
- background: #fff;
- -moz-border-radius-bottomright: 5px;
- -khtml-border-radius-bottomright: 5px;
- -webkit-border-bottom-right-radius: 5px;
- -moz-border-radius-bottomleft: 5px;
- -khtml-border-radius-bottomleft: 5px;
- -webkit-border-bottom-left-radius: 5px;
-}
-.tab_content {
- padding: 20px;
- font-size: 1.2em;
-}
-.tab_content h2 {
- font-weight: normal;
- padding-bottom: 10px;
- border-bottom: 1px dashed #ddd;
- font-size: 1.8em;
-}
-.tab_content h3 a{
- color: #254588;
-}
-.tab_content img {
- float: left;
- margin: 0 20px 20px 0;
- border: 1px solid #ddd;
- padding: 5px;
-}
-</style>
-
-<script type="text/javascript" src="./javascript/jquery-1.4.2.min.js"></script>
-
-<script type="text/javascript">
-
-jQuery(document).ready(function() {
-
- //Default Action
- jQuery(".tab_content").hide(); //Hide all content
- jQuery("ul.tabs li:first").addClass("active").show(); //Activate first tab
- jQuery(".tab_content:first").show(); //Show first tab content
-
- //On Click Event
- jQuery("ul.tabs li").click(function() {
- jQuery("ul.tabs li").removeClass("active"); //Remove any "active" class
- jQuery(this).addClass("active"); //Add "active" class to selected tab
- jQuery(".tab_content").hide(); //Hide all tab content
- var activeTab = jQuery(this).find("a").attr("href"); //Find the rel attribute value to identify the active tab + content
- jQuery(activeTab).fadeIn(); //Fade in the active content
- return false;
- });
-
-});
-
-</script>
-
-</head>
-
-<body>
-
-<div class="container">
- <ul class="tabs">
- <li><a href="#tab1">Home</a></li>
- <li><a href="#tab2">Change Log</a></li>
- <li><a href="#tab3">Getting Help</a></li>
- <li><a href="#tab4">Heros</a></li>
- </ul>
- <div class="tab_container">
- <div id="tab1" class="tab_content">
- <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
-
- <p>
- <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire\'s Snort ® IDS/IPS software. The Snort Package goal is to be
- the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for
- network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create
- software.
- </p>
- <p>
- <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and
- can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port
- scans, CGI attacks, SMB probes, and much more.
- </p>
- <p>
- <font size="5"><strong>Requirements :</strong></font><br>
- Minimum requirement 256 mb ram, 500 MHz CPU.<br>
- Recommended 500 mb ram, 1 Ghz CPU.<br>
- The more rules you run the more memory you need.<br>
- The more interfaces you select the more memory you need.<br><br>
- Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM).
- </p>
-
- </div>
-
- <div id="tab2" class="tab_content">
- <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
-
- <p><font size="5"><strong>Change Log</strong></font><p>
-
- <p>Changes to this package can be viewed by following <a href="https://github.com/bsdperimeter/pfsense-packages" target="_blank"><font size="2" color="#990000"><strong>packages repository</strong></font></a></p>
- </div>
-
- <div id="tab3" class="tab_content">
- <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
-
- <p><font size="5"><strong>Getting Help</strong></font></p>
-
-<p>
-<font size="2"><strong>Obtaining Support</strong></font><br>
-
-We provide several means of obtaining support for pfSense.
-</p>
-
-<p>
-<font color="#990000" size="4"><strong>Free Options</strong></font><br>
-Our free options include our <a href="http://forum.pfsense.org/" target="_blank"><font color="#990000"><strong>forum</strong></font></a>, <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71" target="_blank"><font color="#990000"><strong>mailing list</strong></font></a> , and <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=64&Itemid=72" target="_blank"><font color="#990000"><strong>IRC channel</strong></font></a>. Before using any of these resources, please review the Project Rules below.
-</p>
-
-<p>
-<font color="#990000" size="4"><strong>Commercial Support</strong></font><br>
-
-<a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>Commercial support</strong></font></a> is available from the company founded by the founders of the pfSense project, <a href="http://www.bsdperimeter.com/" target="_blank"><font color="#990000"><strong>BSD Perimeter</strong></font></a>. Phone and email support is available for <a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>support subscribers</strong></font></a> only.
-</p>
-
-<p>
-<font color="#990000" size="4"><strong>Project Rules</strong></font><br>
-To keep things orderly, and be fair to everyone, we must enforce these rules.
-</p>
-
-<p>
-Please do not post support questions to the blog comments. The comments are for discussion of the post, and letting people ask questions there would make a mess of the purpose of those comments. Any support questions will not be moderator approved.
-</p>
-
-<p>
-Please do not cross post questions between the forum and mailing list, unless your inquiry has gone unanswered for at least 24 hours. Do not bump your mailing list or forum posts for at least 24 hours. If you have not received a reply after more than 24 hours, you are welcome to bump your thread.
-</p>
-
-<p>
-Please do not email individuals, the coreteam address, or private message people on the forum to ask questions. We provide a wide variety of means for obtaining help in a public forum, where it helps others who have the same questions in the future. We don\'t have enough time to answer all the questions our users post in the public forums, much less via email and private messages. Since we cannot possibly reply to everyone\'s email and private messages, to be fair we will not reply to anyone. Individual attention via phone and email support is available for commercial support customers.
-</p>
- </div>
-
- <div id="tab4" class="tab_content">
- <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
-
- <p><font size="5"><strong>Heros</strong></font></p>
-
- <p>Pfsense Snort Package users who have cared enough to donate to this project. I can\'t thank you enough for all your help. With-out your support I would have stoped long time ago.</p>
-
- <p>If your not on this list PM me and I will add you. If you would like to be removed pm me and I will remove you.</p>
-
- <p><font size="5"><strong>Names</strong></font></p>
-
- <p>sandro tavella</p>
- <p>João Kemp Filho</p>
- <p>Julio Fumoso</p>
- <p>Rolland Hart</p>
- <p>DiMarco Technology Solutions Inc.</p>
- <p>Brett Burley</p>
- <p>Tomasz Iskra</p>
- <p>Bruno Buchschacher</p>
- <p>Marco Pannetto</p>
- <p>Christopher Weakland</p>
- <p>Antonio Riveros</p>
- <p>DigitalJer</p>
- <p>Serialdie</p>
- <p>Dlawley</p>
- <p>Onhel</p>
- <p>Jerrygoldsmith</p>
-
-
- </div>
- </div>
-</div>
-
-</body>
-</html>
-
-';
-
-?>
+<?php + +require_once("guiconfig.inc"); + +echo ' + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" +"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> +<title>The Snort Package Help Page</title> +<style type="text/css"> +body { + background: #f0f0f0; + margin: 0; + padding: 0; + font: 10px normal Verdana, Arial, Helvetica, sans-serif; + color: #444; +} +h1 {font-size: 3em; margin: 20px 0;} +.container {width: 800px; margin: 10px auto;} +ul.tabs { + margin: 0; + padding: 0; + float: left; + list-style: none; + height: 25px; + border-bottom: 1px solid #999; + border-left: 1px solid #999; + width: 100%; +} +ul.tabs li { + float: left; + margin: 0; + padding: 0; + height: 24px; + line-height: 24px; + border: 1px solid #000000; + border-left: none; + margin-bottom: -1px; + background: #ffffff; + overflow: hidden; + position: relative; +} +ul.tabs li a { + text-decoration: none; + color: #000000; + display: block; + font-size: 1.2em; + padding: 0 20px; + border: 1px solid #fff; + outline: none; +} +ul.tabs li a:hover { + background: #eeeeee; +} + +html ul.tabs li.active, html ul.tabs li.active a:hover { + background: #fff; + border-bottom: 1px solid #fff; + color: #000000; +} +.tab_container { + border: 1px solid #999; + border-top: none; + clear: both; + float: left; + width: 100%; + background: #fff; + -moz-border-radius-bottomright: 5px; + -khtml-border-radius-bottomright: 5px; + -webkit-border-bottom-right-radius: 5px; + -moz-border-radius-bottomleft: 5px; + -khtml-border-radius-bottomleft: 5px; + -webkit-border-bottom-left-radius: 5px; +} +.tab_content { + padding: 20px; + font-size: 1.2em; +} +.tab_content h2 { + font-weight: normal; + padding-bottom: 10px; + border-bottom: 1px dashed #ddd; + font-size: 1.8em; +} +.tab_content h3 a{ + color: #254588; +} +.tab_content img { + float: left; + margin: 0 20px 20px 0; + border: 1px solid #ddd; + padding: 5px; +} +</style> + +<script type="text/javascript" src="./javascript/jquery-1.4.2.min.js"></script> + +<script type="text/javascript"> + +jQuery(document).ready(function() { + + //Default Action + jQuery(".tab_content").hide(); //Hide all content + jQuery("ul.tabs li:first").addClass("active").show(); //Activate first tab + jQuery(".tab_content:first").show(); //Show first tab content + + //On Click Event + jQuery("ul.tabs li").click(function() { + jQuery("ul.tabs li").removeClass("active"); //Remove any "active" class + jQuery(this).addClass("active"); //Add "active" class to selected tab + jQuery(".tab_content").hide(); //Hide all tab content + var activeTab = jQuery(this).find("a").attr("href"); //Find the rel attribute value to identify the active tab + content + jQuery(activeTab).fadeIn(); //Fade in the active content + return false; + }); + +}); + +</script> + +</head> + +<body> + +<div class="container"> + <ul class="tabs"> + <li><a href="#tab1">Home</a></li> + <li><a href="#tab2">Change Log</a></li> + <li><a href="#tab3">Getting Help</a></li> + <li><a href="#tab4">Heros</a></li> + </ul> + <div class="tab_container"> + <div id="tab1" class="tab_content"> + <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> + + <p> + <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire\'s Snort ® IDS/IPS software. The Snort Package goal is to be + the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for + network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create + software. + </p> + <p> + <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and + can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port + scans, CGI attacks, SMB probes, and much more. + </p> + <p> + <font size="5"><strong>Requirements :</strong></font><br> + Minimum requirement 256 mb ram, 500 MHz CPU.<br> + Recommended 500 mb ram, 1 Ghz CPU.<br> + The more rules you run the more memory you need.<br> + The more interfaces you select the more memory you need.<br><br> + Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM). + </p> + + </div> + + <div id="tab2" class="tab_content"> + <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> + + <p><font size="5"><strong>Change Log</strong></font><p> + + <p>Changes to this package can be viewed by following <a href="https://github.com/bsdperimeter/pfsense-packages" target="_blank"><font size="2" color="#990000"><strong>packages repository</strong></font></a></p> + </div> + + <div id="tab3" class="tab_content"> + <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> + + <p><font size="5"><strong>Getting Help</strong></font></p> + +<p> +<font size="2"><strong>Obtaining Support</strong></font><br> + +We provide several means of obtaining support for pfSense. +</p> + +<p> +<font color="#990000" size="4"><strong>Free Options</strong></font><br> +Our free options include our <a href="http://forum.pfsense.org/" target="_blank"><font color="#990000"><strong>forum</strong></font></a>, <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71" target="_blank"><font color="#990000"><strong>mailing list</strong></font></a> , and <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=64&Itemid=72" target="_blank"><font color="#990000"><strong>IRC channel</strong></font></a>. Before using any of these resources, please review the Project Rules below. +</p> + +<p> +<font color="#990000" size="4"><strong>Commercial Support</strong></font><br> + +<a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>Commercial support</strong></font></a> is available from the company founded by the founders of the pfSense project, <a href="http://www.bsdperimeter.com/" target="_blank"><font color="#990000"><strong>BSD Perimeter</strong></font></a>. Phone and email support is available for <a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>support subscribers</strong></font></a> only. +</p> + +<p> +<font color="#990000" size="4"><strong>Project Rules</strong></font><br> +To keep things orderly, and be fair to everyone, we must enforce these rules. +</p> + +<p> +Please do not post support questions to the blog comments. The comments are for discussion of the post, and letting people ask questions there would make a mess of the purpose of those comments. Any support questions will not be moderator approved. +</p> + +<p> +Please do not cross post questions between the forum and mailing list, unless your inquiry has gone unanswered for at least 24 hours. Do not bump your mailing list or forum posts for at least 24 hours. If you have not received a reply after more than 24 hours, you are welcome to bump your thread. +</p> + +<p> +Please do not email individuals, the coreteam address, or private message people on the forum to ask questions. We provide a wide variety of means for obtaining help in a public forum, where it helps others who have the same questions in the future. We don\'t have enough time to answer all the questions our users post in the public forums, much less via email and private messages. Since we cannot possibly reply to everyone\'s email and private messages, to be fair we will not reply to anyone. Individual attention via phone and email support is available for commercial support customers. +</p> + </div> + + <div id="tab4" class="tab_content"> + <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> + + <p><font size="5"><strong>Heros</strong></font></p> + + <p>Pfsense Snort Package users who have cared enough to donate to this project. I can\'t thank you enough for all your help. With-out your support I would have stoped long time ago.</p> + + <p>If your not on this list PM me and I will add you. If you would like to be removed pm me and I will remove you.</p> + + <p><font size="5"><strong>Names</strong></font></p> + + <p>sandro tavella</p> + <p>João Kemp Filho</p> + <p>Julio Fumoso</p> + <p>Rolland Hart</p> + <p>DiMarco Technology Solutions Inc.</p> + <p>Brett Burley</p> + <p>Tomasz Iskra</p> + <p>Bruno Buchschacher</p> + <p>Marco Pannetto</p> + <p>Christopher Weakland</p> + <p>Antonio Riveros</p> + <p>DigitalJer</p> + <p>Serialdie</p> + <p>Dlawley</p> + <p>Onhel</p> + <p>Jerrygoldsmith</p> + + + </div> + </div> +</div> + +</body> +</html> + +'; + +?> diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 62c029f8..5fe7d0ab 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -1,205 +1,205 @@ -<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.xml
- part of pfSense (http://www.pfsense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>Snort</name>
- <version>2.9.2.3</version>
- <title>Services:2.9.2.3 pkg v. 2.2</title>
- <include_file>/usr/local/pkg/snort/snort.inc</include_file>
- <menu>
- <name>Snort</name>
- <tooltiptext>Setup snort specific settings</tooltiptext>
- <section>Services</section>
- <url>/snort/snort_interfaces.php</url>
- </menu>
- <service>
- <name>snort</name>
- <rcfile>snort.sh</rcfile>
- <executable>snort</executable>
- <description>Snort is the most widely deployed IDS/IPS technology
- worldwide.</description>
- </service>
- <tabs>
- </tabs>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_check_cron_misc.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_check_for_rule_updates.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/help_and_info.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php</item>
- </additional_files_needed>
- <fields>
- </fields>
- <custom_add_php_command>
- </custom_add_php_command>
- <custom_php_resync_config_command>
- sync_snort_package_config();
- </custom_php_resync_config_command>
- <custom_php_install_command>
- snort_postinstall();
- </custom_php_install_command>
- <custom_php_deinstall_command>
- snort_deinstall();
- </custom_php_deinstall_command>
-</packagegui>
+<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfsense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>Snort</name> + <version>2.9.2.3</version> + <title>Services:2.9.2.3 pkg v. 2.2</title> + <include_file>/usr/local/pkg/snort/snort.inc</include_file> + <menu> + <name>Snort</name> + <tooltiptext>Setup snort specific settings</tooltiptext> + <section>Services</section> + <url>/snort/snort_interfaces.php</url> + </menu> + <service> + <name>snort</name> + <rcfile>snort.sh</rcfile> + <executable>snort</executable> + <description>Snort is the most widely deployed IDS/IPS technology + worldwide.</description> + </service> + <tabs> + </tabs> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_check_cron_misc.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/bin/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/bin/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/bin/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_check_for_rule_updates.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/help_and_info.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php</item> + </additional_files_needed> + <fields> + </fields> + <custom_add_php_command> + </custom_add_php_command> + <custom_php_resync_config_command> + sync_snort_package_config(); + </custom_php_resync_config_command> + <custom_php_install_command> + snort_postinstall(); + </custom_php_install_command> + <custom_php_deinstall_command> + snort_deinstall(); + </custom_php_deinstall_command> +</packagegui> diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index 538d49c7..3eafcf21 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -1,587 +1,587 @@ -<?php
-/* $Id$ */
-/*
- snort_alerts.php
- part of pfSense
-
- Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Modified for the Pfsense snort package v. 1.8+
- Copyright (C) 2009 Robert Zelaya Sr. Developer
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-/* load only javascript that is needed */
-$snort_load_sortabletable = 'yes';
-$snort_load_mootools = 'yes';
-
-$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
-
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- $config['installedpackages']['snortglobal']['rule'] = array();
-$a_instance = &$config['installedpackages']['snortglobal']['rule'];
-$snort_uuid = $a_instance[0]['uuid'];
-$if_real = snort_get_real_interface($a_instance[0]['interface']);
-
-if ($_POST['instance']) {
- $snort_uuid = $a_instance[$_POST]['instance']['uuid'];
- $if_real = snort_get_real_interface($a_instance[$_POST]['instance']['interface']);
-}
-
-
-if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
- $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
- $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
- $anentries = $pconfig['alertnumber'];
-} else {
- $anentries = '250';
- $pconfig['alertnumber'] = '250';
- $pconfig['arefresh'] = 'off';
-}
-
-if ($_POST['save'])
-{
- //unset($input_errors);
- //$pconfig = $_POST;
-
- /* input validation */
- if ($_POST['save'])
- {
-
- // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
- // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
- // }
-
- }
-
- /* no errors */
- if (!$input_errors) {
- if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
- $config['installedpackages']['snortglobal']['alertsblocks'] = array();
- $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
- $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
-
- write_config();
-
- header("Location: /snort/snort_alerts.php");
- exit;
- }
-
-}
-
-if ($_GET['action'] == "clear" || $_POST['clear'])
-{
- if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))
- {
- conf_mount_rw();
- @file_put_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert", "");
- post_delete_logs();
- /* XXX: This is needed is snort is run as snort user */
- //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
- mwexec('/bin/chmod 660 /var/log/snort/*', true);
- mwexec('/usr/bin/killall -HUP snort', true);
- conf_mount_ro();
- }
- header("Location: /snort/snort_alerts.php");
- exit;
-}
-
-if ($_POST['download'])
-{
-
- $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
- $file_name = "snort_logs_{$save_date}.tar.gz";
- exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/{$snort_uuid}_{$if_real}");
-
- if (file_exists("/tmp/{$file_name}")) {
- $file = "/tmp/snort_logs_{$save_date}.tar.gz";
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
- header("Pragma: private"); // needed for IE
- header("Cache-Control: private, must-revalidate"); // needed for IE
- header('Content-type: application/force-download');
- header('Content-Transfer-Encoding: Binary');
- header("Content-length: ".filesize($file));
- header("Content-disposition: attachment; filename = {$file_name}");
- readfile("$file");
- exec("/bin/rm /tmp/{$file_name}");
- }
-
- header("Location: /snort/snort_alerts.php");
- exit;
-}
-
-
-/* WARNING: took me forever to figure reg expression, dont lose */
-// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50';
-function get_snort_alert_date($fileline)
-{
- /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
- if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))
- $alert_date = "$matches1[0]";
-
- return $alert_date;
-}
-
-function get_snort_alert_disc($fileline)
-{
- /* disc */
- if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- $alert_disc = "$matches[2]";
-
- return $alert_disc;
-}
-
-function get_snort_alert_class($fileline)
-{
- /* class */
- if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2))
- $alert_class = "$matches2[0]";
-
- return $alert_class;
-}
-
-function get_snort_alert_priority($fileline)
-{
- /* Priority */
- if (preg_match('/Priority:\s\d/', $fileline, $matches3))
- $alert_priority = "$matches3[0]";
-
- return $alert_priority;
-}
-
-function get_snort_alert_proto($fileline)
-{
- /* Priority */
- if (preg_match('/\{.+\}/', $fileline, $matches3))
- $alert_proto = "$matches3[0]";
-
- return $alert_proto;
-}
-
-function get_snort_alert_proto_full($fileline)
-{
- /* Protocal full */
- if (preg_match('/.+\sTTL/', $fileline, $matches2))
- $alert_proto_full = "$matches2[0]";
-
- return $alert_proto_full;
-}
-
-function get_snort_alert_ip_src($fileline)
-{
- /* SRC IP */
- $re1='.*?'; # Non-greedy match on filler
- $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
-
- if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
- $alert_ip_src = $matches4[1][0];
-
- return $alert_ip_src;
-}
-
-function get_snort_alert_src_p($fileline)
-{
- /* source port */
- if (preg_match('/:\d+\s-/', $fileline, $matches5))
- $alert_src_p = "$matches5[0]";
-
- return $alert_src_p;
-}
-
-function get_snort_alert_flow($fileline)
-{
- /* source port */
- if (preg_match('/(->|<-)/', $fileline, $matches5))
- $alert_flow = "$matches5[0]";
-
- return $alert_flow;
-}
-
-function get_snort_alert_ip_dst($fileline)
-{
- /* DST IP */
- $re1dp='.*?'; # Non-greedy match on filler
- $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress
- $re3dp='.*?'; # Non-greedy match on filler
- $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
-
- if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6))
- $alert_ip_dst = $matches6[1][0];
-
- return $alert_ip_dst;
-}
-
-function get_snort_alert_dst_p($fileline)
-{
- /* dst port */
- if (preg_match('/:\d+$/', $fileline, $matches7))
- $alert_dst_p = "$matches7[0]";
-
- return $alert_dst_p;
-}
-
-function get_snort_alert_dst_p_full($fileline)
-{
- /* dst port full */
- if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7))
- $alert_dst_p = "$matches7[0]";
-
- return $alert_dst_p;
-}
-
-function get_snort_alert_sid($fileline)
-{
- /* SID */
- if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8))
- $alert_sid = "$matches8[0]";
-
- return $alert_sid;
-}
-
-$pgtitle = "Services: Snort: Snort Alerts";
-include_once("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php
-
-include_once("fbegin.inc");
-echo $snort_general_css;
-
-/* refresh every 60 secs */
-if ($pconfig['arefresh'] == 'on')
- echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n";
-?>
-
-<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
- display_top_tabs($tab_array);
-?>
-</td></tr>
-<tr>
- <td>
- <div id="mainarea2">
- <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0">
- <form action="/snort/snort_alerts.php" method="post" id="formalert">
- <tr>
- <td width="22%" colspan="0" class="listtopic">Last <?=$anentries;?> Alert Entries.</td>
- <td width="78%" class="listtopic">Latest Alert Entries Are Listed First.</td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Instance to inspect</td>
- <td width="78%" class="vtable">
- <br/> <select name="instance" id="instance" class="formfld unkown" onChange="document.getElementById('formalert').submit()">
- <?php
- foreach ($a_instance as $id => $instance) {
- echo "<option value='{$id}'> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
- }
- ?>
- </select><br/> Choose which instance alerts you want to inspect.
- </td>
- <tr>
- <td width="22%" class="vncell">Save or Remove Logs</td>
- <td width="78%" class="vtable">
- <input name="download" type="submit" class="formbtn" value="Download"> All
- log files will be saved. <a href="/snort/snort_alerts.php?action=clear">
- <input name="delete" type="button" class="formbtn" value="Clear"
- onclick="return confirm('Do you really want to remove all instance logs?')"></a>
- <span class="red"><strong>Warning:</strong></span> all log files will be deleted.
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Auto Refresh and Log View</td>
- <td width="78%" class="vtable">
- <input name="save" type="submit" class="formbtn" value="Save">
- Refresh <input name="arefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
- <strong>Default</strong> is <strong>ON</strong>.
- <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
- Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>.
- </td>
- </tr>
- </form>
- </table>
- </div>
- </td>
- </tr>
-</table>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <td width="100%"><br>
- <div class="tableFilter">
- <form id="tableFilter"
- onsubmit="myTable.filter(this.id); return false;">Filter: <select
- id="column">
- <option value="1">PRIORITY</option>
- <option value="2">PROTO</option>
- <option value="3">DESCRIPTION</option>
- <option value="4">CLASS</option>
- <option value="5">SRC</option>
- <option value="6">SRC PORT</option>
- <option value="7">FLOW</option>
- <option value="8">DST</option>
- <option value="9">DST PORT</option>
- <option value="10">SID</option>
- <option value="11">Date</option>
- </select> <input type="text" id="keyword" /> <input type="submit"
- value="Submit" /> <input type="reset" value="Clear" /></form>
- </div>
- <table class="allRow" id="myTable" width="100%" border="2"
- cellpadding="1" cellspacing="1">
- <thead>
- <th axis="number">#</th>
- <th axis="string">PRI</th>
- <th axis="string">PROTO</th>
- <th axis="string">DESCRIPTION</th>
- <th axis="string">CLASS</th>
- <th axis="string">SRC</th>
- <th axis="string">SPORT</th>
- <th axis="string">FLOW</th>
- <th axis="string">DST</th>
- <th axis="string">DPORT</th>
- <th axis="string">SID</th>
- <th axis="date">Date</th>
- </thead>
- <tbody>
- <?php
-
- /* make sure alert file exists */
- if (!file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))
- exec("/usr/bin/touch /var/log/snort/{$snort_uuid}_{$if_real}/alert");
-
- $logent = $anentries;
-
- /* detect the alert file type */
- if ($snortalertlogt == 'full')
- $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))));
- else
- $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))));
-
-
-
- if (is_array($alerts_array)) {
-
- $counter = 0;
- foreach($alerts_array as $fileline)
- {
-
- if($logent <= $counter)
- continue;
-
- $counter++;
-
- /* Date */
- $alert_date_str = get_snort_alert_date($fileline);
-
- if($alert_date_str != '')
- {
- $alert_date = $alert_date_str;
- }else{
- $alert_date = 'empty';
- }
-
- /* Discription */
- $alert_disc_str = get_snort_alert_disc($fileline);
-
- if($alert_disc_str != '')
- {
- $alert_disc = $alert_disc_str;
- }else{
- $alert_disc = 'empty';
- }
-
- /* Classification */
- $alert_class_str = get_snort_alert_class($fileline);
-
- if($alert_class_str != '')
- {
-
- $alert_class_match = array('[Classification:',']');
- $alert_class = str_replace($alert_class_match, '', "$alert_class_str");
- }else{
- $alert_class = 'Prep';
- }
-
- /* Priority */
- $alert_priority_str = get_snort_alert_priority($fileline);
-
- if($alert_priority_str != '')
- {
- $alert_priority_match = array('Priority: ',']');
- $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str");
- }else{
- $alert_priority = 'empty';
- }
-
- /* Protocol */
- /* Detect alert file type */
- if ($snortalertlogt == 'full')
- {
- $alert_proto_str = get_snort_alert_proto_full($fileline);
- }else{
- $alert_proto_str = get_snort_alert_proto($fileline);
- }
-
- if($alert_proto_str != '')
- {
- $alert_proto_match = array(" TTL",'{','}');
- $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str");
- }else{
- $alert_proto = 'empty';
- }
-
- /* IP SRC */
- $alert_ip_src_str = get_snort_alert_ip_src($fileline);
-
- if($alert_ip_src_str != '')
- {
- $alert_ip_src = $alert_ip_src_str;
- }else{
- $alert_ip_src = 'empty';
- }
-
- /* IP SRC Port */
- $alert_src_p_str = get_snort_alert_src_p($fileline);
-
- if($alert_src_p_str != '')
- {
- $alert_src_p_match = array(' -',':');
- $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str");
- }else{
- $alert_src_p = 'empty';
- }
-
- /* Flow */
- $alert_flow_str = get_snort_alert_flow($fileline);
-
- if($alert_flow_str != '')
- {
- $alert_flow = $alert_flow_str;
- }else{
- $alert_flow = 'empty';
- }
-
- /* IP Destination */
- $alert_ip_dst_str = get_snort_alert_ip_dst($fileline);
-
- if($alert_ip_dst_str != '')
- {
- $alert_ip_dst = $alert_ip_dst_str;
- }else{
- $alert_ip_dst = 'empty';
- }
-
- /* IP DST Port */
- if ($snortalertlogt == 'full')
- {
- $alert_dst_p_str = get_snort_alert_dst_p_full($fileline);
- }else{
- $alert_dst_p_str = get_snort_alert_dst_p($fileline);
- }
-
- if($alert_dst_p_str != '')
- {
- $alert_dst_p_match = array(':',"\n"," TTL");
- $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str");
- $alert_dst_p_match2 = array('/[A-Z]/');
- $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2");
- }else{
- $alert_dst_p = 'empty';
- }
-
- /* SID */
- $alert_sid_str = get_snort_alert_sid($fileline);
-
- if($alert_sid_str != '')
- {
- $alert_sid_match = array('[',']');
- $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str");
- }else{
- $alert_sid_str = 'empty';
- }
-
- /* NOTE: using one echo improves performance by 2x */
- if ($alert_disc != 'empty')
- {
- echo "<tr id=\"{$counter}\">
- <td class=\"centerAlign\">{$counter}</td>
- <td class=\"centerAlign\">{$alert_priority}</td>
- <td class=\"centerAlign\">{$alert_proto}</td>
- <td>{$alert_disc}</td>
- <td class=\"centerAlign\">{$alert_class}</td>
- <td>{$alert_ip_src}</td>
- <td class=\"centerAlign\">{$alert_src_p}</td>
- <td class=\"centerAlign\">{$alert_flow}</td>
- <td>{$alert_ip_dst}</td>
- <td class=\"centerAlign\">{$alert_dst_p}</td>
- <td class=\"centerAlign\">{$alert_sid}</td>
- <td>{$alert_date}</td>
- </tr>\n";
- }
-
- // <script type="text/javascript">
- // var myTable = {};
- // window.addEvent('domready', function(){
- // myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}});
- // });
- // </script>
-
- }
- }
-
- ?>
- </tbody>
- </table>
- </td>
-</table>
-
-</div>
-
-<?php
-include("fend.inc");
-
-echo $snort_custom_rnd_box;
-
-?>
-</body>
-</html>
+<?php +/* $Id$ */ +/* + snort_alerts.php + part of pfSense + + Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Modified for the Pfsense snort package v. 1.8+ + Copyright (C) 2009 Robert Zelaya Sr. Developer + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +/* load only javascript that is needed */ +$snort_load_sortabletable = 'yes'; +$snort_load_mootools = 'yes'; + +$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); +$a_instance = &$config['installedpackages']['snortglobal']['rule']; +$snort_uuid = $a_instance[0]['uuid']; +$if_real = snort_get_real_interface($a_instance[0]['interface']); + +if ($_POST['instance']) { + $snort_uuid = $a_instance[$_POST]['instance']['uuid']; + $if_real = snort_get_real_interface($a_instance[$_POST]['instance']['interface']); +} + + +if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) { + $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; + $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber']; + $anentries = $pconfig['alertnumber']; +} else { + $anentries = '250'; + $pconfig['alertnumber'] = '250'; + $pconfig['arefresh'] = 'off'; +} + +if ($_POST['save']) +{ + //unset($input_errors); + //$pconfig = $_POST; + + /* input validation */ + if ($_POST['save']) + { + + // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { + // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; + // } + + } + + /* no errors */ + if (!$input_errors) { + if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) + $config['installedpackages']['snortglobal']['alertsblocks'] = array(); + $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; + + write_config(); + + header("Location: /snort/snort_alerts.php"); + exit; + } + +} + +if ($_GET['action'] == "clear" || $_POST['clear']) +{ + if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert")) + { + conf_mount_rw(); + @file_put_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert", ""); + post_delete_logs(); + /* XXX: This is needed is snort is run as snort user */ + //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true); + mwexec('/bin/chmod 660 /var/log/snort/*', true); + mwexec('/usr/bin/killall -HUP snort', true); + conf_mount_ro(); + } + header("Location: /snort/snort_alerts.php"); + exit; +} + +if ($_POST['download']) +{ + + $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $file_name = "snort_logs_{$save_date}.tar.gz"; + exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/{$snort_uuid}_{$if_real}"); + + if (file_exists("/tmp/{$file_name}")) { + $file = "/tmp/snort_logs_{$save_date}.tar.gz"; + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); + header("Pragma: private"); // needed for IE + header("Cache-Control: private, must-revalidate"); // needed for IE + header('Content-type: application/force-download'); + header('Content-Transfer-Encoding: Binary'); + header("Content-length: ".filesize($file)); + header("Content-disposition: attachment; filename = {$file_name}"); + readfile("$file"); + exec("/bin/rm /tmp/{$file_name}"); + } + + header("Location: /snort/snort_alerts.php"); + exit; +} + + +/* WARNING: took me forever to figure reg expression, dont lose */ +// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50'; +function get_snort_alert_date($fileline) +{ + /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */ + if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1)) + $alert_date = "$matches1[0]"; + + return $alert_date; +} + +function get_snort_alert_disc($fileline) +{ + /* disc */ + if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) + $alert_disc = "$matches[2]"; + + return $alert_disc; +} + +function get_snort_alert_class($fileline) +{ + /* class */ + if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2)) + $alert_class = "$matches2[0]"; + + return $alert_class; +} + +function get_snort_alert_priority($fileline) +{ + /* Priority */ + if (preg_match('/Priority:\s\d/', $fileline, $matches3)) + $alert_priority = "$matches3[0]"; + + return $alert_priority; +} + +function get_snort_alert_proto($fileline) +{ + /* Priority */ + if (preg_match('/\{.+\}/', $fileline, $matches3)) + $alert_proto = "$matches3[0]"; + + return $alert_proto; +} + +function get_snort_alert_proto_full($fileline) +{ + /* Protocal full */ + if (preg_match('/.+\sTTL/', $fileline, $matches2)) + $alert_proto_full = "$matches2[0]"; + + return $alert_proto_full; +} + +function get_snort_alert_ip_src($fileline) +{ + /* SRC IP */ + $re1='.*?'; # Non-greedy match on filler + $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 + + if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) + $alert_ip_src = $matches4[1][0]; + + return $alert_ip_src; +} + +function get_snort_alert_src_p($fileline) +{ + /* source port */ + if (preg_match('/:\d+\s-/', $fileline, $matches5)) + $alert_src_p = "$matches5[0]"; + + return $alert_src_p; +} + +function get_snort_alert_flow($fileline) +{ + /* source port */ + if (preg_match('/(->|<-)/', $fileline, $matches5)) + $alert_flow = "$matches5[0]"; + + return $alert_flow; +} + +function get_snort_alert_ip_dst($fileline) +{ + /* DST IP */ + $re1dp='.*?'; # Non-greedy match on filler + $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress + $re3dp='.*?'; # Non-greedy match on filler + $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 + + if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6)) + $alert_ip_dst = $matches6[1][0]; + + return $alert_ip_dst; +} + +function get_snort_alert_dst_p($fileline) +{ + /* dst port */ + if (preg_match('/:\d+$/', $fileline, $matches7)) + $alert_dst_p = "$matches7[0]"; + + return $alert_dst_p; +} + +function get_snort_alert_dst_p_full($fileline) +{ + /* dst port full */ + if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7)) + $alert_dst_p = "$matches7[0]"; + + return $alert_dst_p; +} + +function get_snort_alert_sid($fileline) +{ + /* SID */ + if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8)) + $alert_sid = "$matches8[0]"; + + return $alert_sid; +} + +$pgtitle = "Services: Snort: Snort Alerts"; +include_once("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php + +include_once("fbegin.inc"); +echo $snort_general_css; + +/* refresh every 60 secs */ +if ($pconfig['arefresh'] == 'on') + echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n"; +?> + +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea2"> + <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0"> + <form action="/snort/snort_alerts.php" method="post" id="formalert"> + <tr> + <td width="22%" colspan="0" class="listtopic">Last <?=$anentries;?> Alert Entries.</td> + <td width="78%" class="listtopic">Latest Alert Entries Are Listed First.</td> + </tr> + <tr> + <td width="22%" class="vncell">Instance to inspect</td> + <td width="78%" class="vtable"> + <br/> <select name="instance" id="instance" class="formfld unkown" onChange="document.getElementById('formalert').submit()"> + <?php + foreach ($a_instance as $id => $instance) { + echo "<option value='{$id}'> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n"; + } + ?> + </select><br/> Choose which instance alerts you want to inspect. + </td> + <tr> + <td width="22%" class="vncell">Save or Remove Logs</td> + <td width="78%" class="vtable"> + <input name="download" type="submit" class="formbtn" value="Download"> All + log files will be saved. <a href="/snort/snort_alerts.php?action=clear"> + <input name="delete" type="button" class="formbtn" value="Clear" + onclick="return confirm('Do you really want to remove all instance logs?')"></a> + <span class="red"><strong>Warning:</strong></span> all log files will be deleted. + </td> + </tr> + <tr> + <td width="22%" class="vncell">Auto Refresh and Log View</td> + <td width="78%" class="vtable"> + <input name="save" type="submit" class="formbtn" value="Save"> + Refresh <input name="arefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>> + <strong>Default</strong> is <strong>ON</strong>. + <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"> + Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>. + </td> + </tr> + </form> + </table> + </div> + </td> + </tr> +</table> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <td width="100%"><br> + <div class="tableFilter"> + <form id="tableFilter" + onsubmit="myTable.filter(this.id); return false;">Filter: <select + id="column"> + <option value="1">PRIORITY</option> + <option value="2">PROTO</option> + <option value="3">DESCRIPTION</option> + <option value="4">CLASS</option> + <option value="5">SRC</option> + <option value="6">SRC PORT</option> + <option value="7">FLOW</option> + <option value="8">DST</option> + <option value="9">DST PORT</option> + <option value="10">SID</option> + <option value="11">Date</option> + </select> <input type="text" id="keyword" /> <input type="submit" + value="Submit" /> <input type="reset" value="Clear" /></form> + </div> + <table class="allRow" id="myTable" width="100%" border="2" + cellpadding="1" cellspacing="1"> + <thead> + <th axis="number">#</th> + <th axis="string">PRI</th> + <th axis="string">PROTO</th> + <th axis="string">DESCRIPTION</th> + <th axis="string">CLASS</th> + <th axis="string">SRC</th> + <th axis="string">SPORT</th> + <th axis="string">FLOW</th> + <th axis="string">DST</th> + <th axis="string">DPORT</th> + <th axis="string">SID</th> + <th axis="date">Date</th> + </thead> + <tbody> + <?php + + /* make sure alert file exists */ + if (!file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert")) + exec("/usr/bin/touch /var/log/snort/{$snort_uuid}_{$if_real}/alert"); + + $logent = $anentries; + + /* detect the alert file type */ + if ($snortalertlogt == 'full') + $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert")))); + else + $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert")))); + + + + if (is_array($alerts_array)) { + + $counter = 0; + foreach($alerts_array as $fileline) + { + + if($logent <= $counter) + continue; + + $counter++; + + /* Date */ + $alert_date_str = get_snort_alert_date($fileline); + + if($alert_date_str != '') + { + $alert_date = $alert_date_str; + }else{ + $alert_date = 'empty'; + } + + /* Discription */ + $alert_disc_str = get_snort_alert_disc($fileline); + + if($alert_disc_str != '') + { + $alert_disc = $alert_disc_str; + }else{ + $alert_disc = 'empty'; + } + + /* Classification */ + $alert_class_str = get_snort_alert_class($fileline); + + if($alert_class_str != '') + { + + $alert_class_match = array('[Classification:',']'); + $alert_class = str_replace($alert_class_match, '', "$alert_class_str"); + }else{ + $alert_class = 'Prep'; + } + + /* Priority */ + $alert_priority_str = get_snort_alert_priority($fileline); + + if($alert_priority_str != '') + { + $alert_priority_match = array('Priority: ',']'); + $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str"); + }else{ + $alert_priority = 'empty'; + } + + /* Protocol */ + /* Detect alert file type */ + if ($snortalertlogt == 'full') + { + $alert_proto_str = get_snort_alert_proto_full($fileline); + }else{ + $alert_proto_str = get_snort_alert_proto($fileline); + } + + if($alert_proto_str != '') + { + $alert_proto_match = array(" TTL",'{','}'); + $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str"); + }else{ + $alert_proto = 'empty'; + } + + /* IP SRC */ + $alert_ip_src_str = get_snort_alert_ip_src($fileline); + + if($alert_ip_src_str != '') + { + $alert_ip_src = $alert_ip_src_str; + }else{ + $alert_ip_src = 'empty'; + } + + /* IP SRC Port */ + $alert_src_p_str = get_snort_alert_src_p($fileline); + + if($alert_src_p_str != '') + { + $alert_src_p_match = array(' -',':'); + $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str"); + }else{ + $alert_src_p = 'empty'; + } + + /* Flow */ + $alert_flow_str = get_snort_alert_flow($fileline); + + if($alert_flow_str != '') + { + $alert_flow = $alert_flow_str; + }else{ + $alert_flow = 'empty'; + } + + /* IP Destination */ + $alert_ip_dst_str = get_snort_alert_ip_dst($fileline); + + if($alert_ip_dst_str != '') + { + $alert_ip_dst = $alert_ip_dst_str; + }else{ + $alert_ip_dst = 'empty'; + } + + /* IP DST Port */ + if ($snortalertlogt == 'full') + { + $alert_dst_p_str = get_snort_alert_dst_p_full($fileline); + }else{ + $alert_dst_p_str = get_snort_alert_dst_p($fileline); + } + + if($alert_dst_p_str != '') + { + $alert_dst_p_match = array(':',"\n"," TTL"); + $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str"); + $alert_dst_p_match2 = array('/[A-Z]/'); + $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2"); + }else{ + $alert_dst_p = 'empty'; + } + + /* SID */ + $alert_sid_str = get_snort_alert_sid($fileline); + + if($alert_sid_str != '') + { + $alert_sid_match = array('[',']'); + $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str"); + }else{ + $alert_sid_str = 'empty'; + } + + /* NOTE: using one echo improves performance by 2x */ + if ($alert_disc != 'empty') + { + echo "<tr id=\"{$counter}\"> + <td class=\"centerAlign\">{$counter}</td> + <td class=\"centerAlign\">{$alert_priority}</td> + <td class=\"centerAlign\">{$alert_proto}</td> + <td>{$alert_disc}</td> + <td class=\"centerAlign\">{$alert_class}</td> + <td>{$alert_ip_src}</td> + <td class=\"centerAlign\">{$alert_src_p}</td> + <td class=\"centerAlign\">{$alert_flow}</td> + <td>{$alert_ip_dst}</td> + <td class=\"centerAlign\">{$alert_dst_p}</td> + <td class=\"centerAlign\">{$alert_sid}</td> + <td>{$alert_date}</td> + </tr>\n"; + } + + // <script type="text/javascript"> + // var myTable = {}; + // window.addEvent('domready', function(){ + // myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}}); + // }); + // </script> + + } + } + + ?> + </tbody> + </table> + </td> +</table> + +</div> + +<?php +include("fend.inc"); + +echo $snort_custom_rnd_box; + +?> +</body> +</html> diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index 39008284..b647c007 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -1,269 +1,269 @@ -<?php
-/* $Id$ */
-/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
-
-TODO: Nov 12 09
-Clean this code up its ugly
-Important add error checking
-
-*/
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g;
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
-}
-
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- $config['installedpackages']['snortglobal']['rule'] = array();
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
-}
-
-$pconfig = array();
-if (isset($id) && $a_nat[$id]) {
- /* old options */
- $pconfig = $a_nat[$id];
- $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
- $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
- $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
-}
-
-if (isset($_GET['dup']))
- unset($id);
-
-$if_real = snort_get_real_interface($pconfig['interface']);
-$snort_uuid = $pconfig['uuid'];
-
-/* alert file */
-$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-
-if ($_POST) {
-
- /* XXX: Mising error reporting?!
- * check for overlaps
- foreach ($a_nat as $natent) {
- if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
- continue;
- if ($natent['interface'] != $_POST['interface'])
- continue;
- }
- */
-
- /* if no errors write to conf */
- if (!$input_errors) {
- $natent = array();
- /* repost the options already in conf */
- $natent = $pconfig;
-
- $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off';
- $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql'];
- $natent['barnconfigpassthru'] = $_POST['barnconfigpassthru'] ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru'];
- if ($_POST['barnyard_enable'] == "on")
- $natent['snortunifiedlog'] = 'on';
- else
- $natent['snortunifiedlog'] = 'off';
-
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
- else {
- if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
- else
- $a_nat[] = $natent;
- }
-
- write_config();
- sync_snort_package_config();
-
- /* after click go to this page */
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: snort_barnyard.php?id=$id");
- exit;
- }
-}
-
-$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit";
-include_once("head.inc");
-
-?>
-<body
- link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-
-<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php
-echo "{$snort_general_css}\n";
-?>
-
-<div class="body2">
-
-<noscript>
-<div class="alert" ALIGN=CENTER><img
- src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
-enable JavaScript to view this content
-</CENTER></div>
-</noscript>
-
-<script language="JavaScript">
-<!--
-
-function enable_change(enable_change) {
- endis = !(document.iform.barnyard_enable.checked || enable_change);
- // make shure a default answer is called if this is envoked.
- endis2 = (document.iform.barnyard_enable);
-
- document.iform.barnyard_mysql.disabled = endis;
- document.iform.barnconfigpassthru.disabled = endis;
-}
-//-->
-</script>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<form action="snort_barnyard.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform"><?php
-
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box2($savemsg);
- }
-
- ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tabid = 0;
- $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tabid++;
- $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
-?>
-</td></tr>
- <tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic">General Barnyard2
- Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq2">Enable</td>
- <td width="78%" class="vtable">
- <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)">
- <strong>Enable Barnyard2 </strong><br>
- This will enable barnyard2 for this interface. You will also have to set the database credentials.</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Mysql Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td>
- <td width="78%" class="vtable"><input name="barnyard_mysql"
- type="text" class="formfld" id="barnyard_mysql" size="100"
- value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br>
- <span class="vexpl">Example: output database: alert, mysql,
- dbname=snort user=snort host=localhost password=xyz<br>
- Example: output database: log, mysql, dbname=snort user=snort
- host=localhost password=xyz</span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Advanced Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Advanced configuration
- pass through</td>
- <td width="78%" class="vtable"><textarea name="barnconfigpassthru"
- cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
- <br>
- Arguments here will be automatically inserted into the running
- barnyard2 configuration.</td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="id" type="hidden" value="<?=$id;?>"> </td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <br>
- Please save your settings befor you click start. </td>
- </tr>
- </table>
-
-</table>
-</form>
-
-</div>
-
-<script language="JavaScript">
-<!--
-enable_change(false);
-//-->
-</script>
-<?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +/* + +TODO: Nov 12 09 +Clean this code up its ugly +Important add error checking + +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; +} + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + +$pconfig = array(); +if (isset($id) && $a_nat[$id]) { + /* old options */ + $pconfig = $a_nat[$id]; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); +} + +if (isset($_GET['dup'])) + unset($id); + +$if_real = snort_get_real_interface($pconfig['interface']); +$snort_uuid = $pconfig['uuid']; + +/* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + +if ($_POST) { + + /* XXX: Mising error reporting?! + * check for overlaps + foreach ($a_nat as $natent) { + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + continue; + if ($natent['interface'] != $_POST['interface']) + continue; + } + */ + + /* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + /* repost the options already in conf */ + $natent = $pconfig; + + $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off'; + $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; + $natent['barnconfigpassthru'] = $_POST['barnconfigpassthru'] ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru']; + if ($_POST['barnyard_enable'] == "on") + $natent['snortunifiedlog'] = 'on'; + else + $natent['snortunifiedlog'] = 'off'; + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + sync_snort_package_config(); + + /* after click go to this page */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: snort_barnyard.php?id=$id"); + exit; + } +} + +$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit"; +include_once("head.inc"); + +?> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC"> + + +<?php include("fbegin.inc"); ?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<?php +echo "{$snort_general_css}\n"; +?> + +<div class="body2"> + +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> + +<script language="JavaScript"> +<!-- + +function enable_change(enable_change) { + endis = !(document.iform.barnyard_enable.checked || enable_change); + // make shure a default answer is called if this is envoked. + endis2 = (document.iform.barnyard_enable); + + document.iform.barnyard_mysql.disabled = endis; + document.iform.barnconfigpassthru.disabled = endis; +} +//--> +</script> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<form action="snort_barnyard.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"><?php + + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">General Barnyard2 + Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq2">Enable</td> + <td width="78%" class="vtable"> + <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"> + <strong>Enable Barnyard2 </strong><br> + This will enable barnyard2 for this interface. You will also have to set the database credentials.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Mysql Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td> + <td width="78%" class="vtable"><input name="barnyard_mysql" + type="text" class="formfld" id="barnyard_mysql" size="100" + value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br> + <span class="vexpl">Example: output database: alert, mysql, + dbname=snort user=snort host=localhost password=xyz<br> + Example: output database: log, mysql, dbname=snort user=snort + host=localhost password=xyz</span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Advanced Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Advanced configuration + pass through</td> + <td width="78%" class="vtable"><textarea name="barnconfigpassthru" + cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> + <br> + Arguments here will be automatically inserted into the running + barnyard2 configuration.</td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input name="id" type="hidden" value="<?=$id;?>"> </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings befor you click start. </td> + </tr> + </table> + +</table> +</form> + +</div> + +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php index d81f561f..932e0983 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/snort_blocked.php @@ -1,426 +1,426 @@ -<?php
-/* $Id$ */
-/*
- snort_blocked.php
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Modified for the Pfsense snort package v. 1.8+
- Copyright (C) 2009 Robert Zelaya Sr. Developer
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
- $config['installedpackages']['snortglobal']['alertsblocks'] = array();
-
-$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'];
-$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'];
-
-if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0')
-{
- $bnentries = '500';
-}else{
- $bnentries = $pconfig['blertnumber'];
-}
-
-if($_POST['todelete'] or $_GET['todelete']) {
- if($_POST['todelete'])
- $ip = $_POST['todelete'];
- if($_GET['todelete'])
- $ip = $_GET['todelete'];
- exec("/sbin/pfctl -t snort2c -T delete {$ip}");
-}
-
-if ($_POST['remove']) {
- exec("/sbin/pfctl -t snort2c -T flush");
- sleep(1);
- header("Location: /snort/snort_blocked.php");
- exit;
-
-}
-
-/* TODO: build a file with block ip and disc */
-if ($_POST['download'])
-{
-
- ob_start(); //important or other posts will fail
- $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
- $file_name = "snort_blocked_{$save_date}.tar.gz";
- exec('/bin/mkdir /tmp/snort_blocked');
- exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf');
-
- $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf'))));
-
- if ($blocked_ips_array_save[0] != '') {
- /* build the list */
- file_put_contents("/tmp/snort_blocked/snort_block.pf", "");
- foreach($blocked_ips_array_save as $counter => $fileline3)
- file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline3}\n", FILE_APPEND);
- }
-
- exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked");
-
- if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) {
- $file = "/tmp/snort_blocked_{$save_date}.tar.gz";
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
- header("Pragma: private"); // needed for IE
- header("Cache-Control: private, must-revalidate"); // needed for IE
- header('Content-type: application/force-download');
- header('Content-Transfer-Encoding: Binary');
- header("Content-length: ".filesize($file));
- header("Content-disposition: attachment; filename = {$file_name}");
- readfile("$file");
- exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz");
- exec("/bin/rm /tmp/snort_block.pf");
- exec("/bin/rm /tmp/snort_blocked/snort_block.pf");
- od_end_clean(); //importanr or other post will fail
- } else
- echo 'Error no saved file.';
-
-}
-
-if ($_POST['save'])
-{
-
- /* input validation */
- if ($_POST['save'])
- {
-
-
- }
-
- /* no errors */
- if (!$input_errors)
- {
- $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
- $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
-
- write_config();
-
- header("Location: /snort/snort_blocked.php");
-
- }
-
-}
-
-/* build filter funcs */
-function get_snort_alert_ip_src($fileline)
-{
- /* SRC IP */
- $re1='.*?'; # Non-greedy match on filler
- $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
-
- if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
- $alert_ip_src = $matches4[1][0];
-
- return $alert_ip_src;
-}
-
-function get_snort_alert_disc($fileline)
-{
- /* disc */
- if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- $alert_disc = "$matches[2]";
-
- return $alert_disc;
-}
-
-/* build sec filters */
-function get_snort_block_ip($fileline)
-{
- /* ip */
- if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches))
- $alert_block_ip = "$matches[0]";
-
- return $alert_block_ip;
-}
-
-function get_snort_block_disc($fileline)
-{
- /* disc */
- if (preg_match("/\]\s\[.+\]$/", $fileline, $matches))
- $alert_block_disc = "$matches[0]";
-
- return $alert_block_disc;
-}
-
-/* tell the user what settings they have */
-$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked'];
-if ($blockedtab_msg_chk == "1h_b") {
- $blocked_msg = "hour";
-}
-if ($blockedtab_msg_chk == "3h_b") {
- $blocked_msg = "3 hours";
-}
-if ($blockedtab_msg_chk == "6h_b") {
- $blocked_msg = "6 hours";
-}
-if ($blockedtab_msg_chk == "12h_b") {
- $blocked_msg = "12 hours";
-}
-if ($blockedtab_msg_chk == "1d_b") {
- $blocked_msg = "day";
-}
-if ($blockedtab_msg_chk == "4d_b") {
- $blocked_msg = "4 days";
-}
-if ($blockedtab_msg_chk == "7d_b") {
- $blocked_msg = "7 days";
-}
-if ($blockedtab_msg_chk == "28d_b") {
- $blocked_msg = "28 days";
-}
-
-if ($blockedtab_msg_chk != "never_b")
-{
- $blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>.";
-}else{
- $blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts.";
-}
-
-$pgtitle = "Services: Snort Blocked Hosts";
-include_once("head.inc");
-
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-
-<?php
-
-include_once("fbegin.inc");
-echo $snort_general_css;
-
-/* refresh every 60 secs */
-if ($pconfig['brefresh'] == 'on')
- echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
-?>
-
-<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
- display_top_tabs($tab_array);
-?>
-</td></tr>
- <tr>
- <td>
- <div id="mainarea2">
-
- <table id="maintable" class="tabcont" width="100%" border="0"
- cellpadding="0" cellspacing="0">
- <tr>
- <td width="22%" colspan="0" class="listtopic">Last <?=$bnentries;?>
- Blocked.</td>
- <td width="78%" class="listtopic">This page lists hosts that have
- been blocked by Snort. <?=$blocked_msg_txt;?></td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Save or Remove Hosts</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_blocked.php" method="post"><input
- name="download" type="submit" class="formbtn" value="Download"> All
- blocked hosts will be saved. <input name="remove" type="submit"
- class="formbtn" value="Clear"> <span class="red"><strong>Warning:</strong></span>
- all hosts will be removed.</form>
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Auto Refresh and Log View</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_blocked.php" method="post"><input
- name="save" type="submit" class="formbtn" value="Save"> Refresh <input
- name="brefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
- <strong>Default</strong> is <strong>ON</strong>. <input
- name="blertnumber" type="text" class="formfld" id="blertnumber"
- size="5" value="<?=htmlspecialchars($bnentries);?>"> Enter the
- number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>.
- </form>
- </td>
- </tr>
- </table>
- </div>
- <br>
- </td>
- </tr>
-
- <table class="tabcont" width="100%" border="0" cellspacing="0"
- cellpadding="0">
- <tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0"
- cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">Remove</td>
- <td class="listhdrr">#</td>
- <td class="listhdrr">IP</td>
- <td class="listhdrr">Alert Description</td>
- </tr>
- <?php
-
- /* set the arrays */
- exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache');
- $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache'))));
- foreach (glob("/var/log/snort/alert_*") as $alert) {
- $alerts_array = array_reverse(explode("\n\n", file_get_contents("{$alert}")));
-
- $logent = $bnentries;
-
- if ($blocked_ips_array[0] != '' && $alerts_array[0] != '')
- {
-
- /* build the list and compare blocks to alerts */
- $counter = 0;
- foreach($alerts_array as $fileline)
- {
-
- $counter++;
-
- $alert_ip_src = get_snort_alert_ip_src($fileline);
- $alert_ip_disc = get_snort_alert_disc($fileline);
- $alert_ip_src_array[] = get_snort_alert_ip_src($fileline);
-
- if (in_array("$alert_ip_src", $blocked_ips_array))
- $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
- }
-
- foreach($blocked_ips_array as $alert_block_ip)
- {
-
- if (!in_array($alert_block_ip, $alert_ip_src_array))
- {
- $input[] = "[$alert_block_ip] " . "[N\A]\n";
- }
- }
-
- /* reduce double occurrences */
- $result = array_unique($input);
-
- /* buil final list, preg_match, buld html */
- $counter2 = 0;
-
- foreach($result as $fileline2)
- {
- if($logent <= $counter2)
- continue;
-
- $counter2++;
-
- $alert_block_ip_str = get_snort_block_ip($fileline2);
-
- if($alert_block_ip_str != '')
- {
- $alert_block_ip_match = array('[',']');
- $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str");
- }else{
- $alert_block_ip = 'empty';
- }
-
- $alert_block_disc_str = get_snort_block_disc($fileline2);
-
- if($alert_block_disc_str != '')
- {
- $alert_block_disc_match = array('] [',']');
- $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str");
- }else{
- $alert_block_disc = 'empty';
- }
-
- /* use one echo to do the magic*/
- echo "<tr>
- <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
- <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
- <td> {$counter2}</td>
- <td> {$alert_block_ip}</td>
- <td> {$alert_block_disc}</td>
- </tr>\n";
-
- }
-
- }else{
-
- /* if alerts file is empty and blocked table is not empty */
- $counter2 = 0;
-
- foreach($blocked_ips_array as $alert_block_ip)
- {
- if($logent <= $counter2)
- continue;
-
- $counter2++;
-
- $alert_block_disc = 'N/A';
-
- /* use one echo to do the magic*/
- echo "<tr>
- <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
- <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
- <td> {$counter2}</td>
- <td> {$alert_block_ip}</td>
- <td> {$alert_block_disc}</td>
- </tr>\n";
- }
- }
- }
-
- echo '</table>' . "\n";
-
- if (empty($blocked_ips_array[0]))
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
- else
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>";
-
- ?>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </div>
-
- <?php
-
- include("fend.inc");
-
-echo $snort_custom_rnd_box;
-
-?>
-
-</body>
-</html>
+<?php +/* $Id$ */ +/* + snort_blocked.php + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Modified for the Pfsense snort package v. 1.8+ + Copyright (C) 2009 Robert Zelaya Sr. Developer + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) + $config['installedpackages']['snortglobal']['alertsblocks'] = array(); + +$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']; +$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber']; + +if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0') +{ + $bnentries = '500'; +}else{ + $bnentries = $pconfig['blertnumber']; +} + +if($_POST['todelete'] or $_GET['todelete']) { + if($_POST['todelete']) + $ip = $_POST['todelete']; + if($_GET['todelete']) + $ip = $_GET['todelete']; + exec("/sbin/pfctl -t snort2c -T delete {$ip}"); +} + +if ($_POST['remove']) { + exec("/sbin/pfctl -t snort2c -T flush"); + sleep(1); + header("Location: /snort/snort_blocked.php"); + exit; + +} + +/* TODO: build a file with block ip and disc */ +if ($_POST['download']) +{ + + ob_start(); //important or other posts will fail + $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $file_name = "snort_blocked_{$save_date}.tar.gz"; + exec('/bin/mkdir /tmp/snort_blocked'); + exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf'); + + $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); + + if ($blocked_ips_array_save[0] != '') { + /* build the list */ + file_put_contents("/tmp/snort_blocked/snort_block.pf", ""); + foreach($blocked_ips_array_save as $counter => $fileline3) + file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline3}\n", FILE_APPEND); + } + + exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); + + if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) { + $file = "/tmp/snort_blocked_{$save_date}.tar.gz"; + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); + header("Pragma: private"); // needed for IE + header("Cache-Control: private, must-revalidate"); // needed for IE + header('Content-type: application/force-download'); + header('Content-Transfer-Encoding: Binary'); + header("Content-length: ".filesize($file)); + header("Content-disposition: attachment; filename = {$file_name}"); + readfile("$file"); + exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz"); + exec("/bin/rm /tmp/snort_block.pf"); + exec("/bin/rm /tmp/snort_blocked/snort_block.pf"); + od_end_clean(); //importanr or other post will fail + } else + echo 'Error no saved file.'; + +} + +if ($_POST['save']) +{ + + /* input validation */ + if ($_POST['save']) + { + + + } + + /* no errors */ + if (!$input_errors) + { + $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; + + write_config(); + + header("Location: /snort/snort_blocked.php"); + + } + +} + +/* build filter funcs */ +function get_snort_alert_ip_src($fileline) +{ + /* SRC IP */ + $re1='.*?'; # Non-greedy match on filler + $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 + + if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) + $alert_ip_src = $matches4[1][0]; + + return $alert_ip_src; +} + +function get_snort_alert_disc($fileline) +{ + /* disc */ + if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) + $alert_disc = "$matches[2]"; + + return $alert_disc; +} + +/* build sec filters */ +function get_snort_block_ip($fileline) +{ + /* ip */ + if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches)) + $alert_block_ip = "$matches[0]"; + + return $alert_block_ip; +} + +function get_snort_block_disc($fileline) +{ + /* disc */ + if (preg_match("/\]\s\[.+\]$/", $fileline, $matches)) + $alert_block_disc = "$matches[0]"; + + return $alert_block_disc; +} + +/* tell the user what settings they have */ +$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; +if ($blockedtab_msg_chk == "1h_b") { + $blocked_msg = "hour"; +} +if ($blockedtab_msg_chk == "3h_b") { + $blocked_msg = "3 hours"; +} +if ($blockedtab_msg_chk == "6h_b") { + $blocked_msg = "6 hours"; +} +if ($blockedtab_msg_chk == "12h_b") { + $blocked_msg = "12 hours"; +} +if ($blockedtab_msg_chk == "1d_b") { + $blocked_msg = "day"; +} +if ($blockedtab_msg_chk == "4d_b") { + $blocked_msg = "4 days"; +} +if ($blockedtab_msg_chk == "7d_b") { + $blocked_msg = "7 days"; +} +if ($blockedtab_msg_chk == "28d_b") { + $blocked_msg = "28 days"; +} + +if ($blockedtab_msg_chk != "never_b") +{ + $blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>."; +}else{ + $blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts."; +} + +$pgtitle = "Services: Snort Blocked Hosts"; +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php + +include_once("fbegin.inc"); +echo $snort_general_css; + +/* refresh every 60 secs */ +if ($pconfig['brefresh'] == 'on') + echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n"; +?> + +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="99%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); + display_top_tabs($tab_array); +?> +</td></tr> + <tr> + <td> + <div id="mainarea2"> + + <table id="maintable" class="tabcont" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr> + <td width="22%" colspan="0" class="listtopic">Last <?=$bnentries;?> + Blocked.</td> + <td width="78%" class="listtopic">This page lists hosts that have + been blocked by Snort. <?=$blocked_msg_txt;?></td> + </tr> + <tr> + <td width="22%" class="vncell">Save or Remove Hosts</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_blocked.php" method="post"><input + name="download" type="submit" class="formbtn" value="Download"> All + blocked hosts will be saved. <input name="remove" type="submit" + class="formbtn" value="Clear"> <span class="red"><strong>Warning:</strong></span> + all hosts will be removed.</form> + </td> + </tr> + <tr> + <td width="22%" class="vncell">Auto Refresh and Log View</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_blocked.php" method="post"><input + name="save" type="submit" class="formbtn" value="Save"> Refresh <input + name="brefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>> + <strong>Default</strong> is <strong>ON</strong>. <input + name="blertnumber" type="text" class="formfld" id="blertnumber" + size="5" value="<?=htmlspecialchars($bnentries);?>"> Enter the + number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>. + </form> + </td> + </tr> + </table> + </div> + <br> + </td> + </tr> + + <table class="tabcont" width="100%" border="0" cellspacing="0" + cellpadding="0"> + <tr> + <td> + <table id="sortabletable1" class="sortable" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="listhdrr">Remove</td> + <td class="listhdrr">#</td> + <td class="listhdrr">IP</td> + <td class="listhdrr">Alert Description</td> + </tr> + <?php + + /* set the arrays */ + exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); + $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); + foreach (glob("/var/log/snort/alert_*") as $alert) { + $alerts_array = array_reverse(explode("\n\n", file_get_contents("{$alert}"))); + + $logent = $bnentries; + + if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') + { + + /* build the list and compare blocks to alerts */ + $counter = 0; + foreach($alerts_array as $fileline) + { + + $counter++; + + $alert_ip_src = get_snort_alert_ip_src($fileline); + $alert_ip_disc = get_snort_alert_disc($fileline); + $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); + + if (in_array("$alert_ip_src", $blocked_ips_array)) + $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; + } + + foreach($blocked_ips_array as $alert_block_ip) + { + + if (!in_array($alert_block_ip, $alert_ip_src_array)) + { + $input[] = "[$alert_block_ip] " . "[N\A]\n"; + } + } + + /* reduce double occurrences */ + $result = array_unique($input); + + /* buil final list, preg_match, buld html */ + $counter2 = 0; + + foreach($result as $fileline2) + { + if($logent <= $counter2) + continue; + + $counter2++; + + $alert_block_ip_str = get_snort_block_ip($fileline2); + + if($alert_block_ip_str != '') + { + $alert_block_ip_match = array('[',']'); + $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str"); + }else{ + $alert_block_ip = 'empty'; + } + + $alert_block_disc_str = get_snort_block_disc($fileline2); + + if($alert_block_disc_str != '') + { + $alert_block_disc_match = array('] [',']'); + $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str"); + }else{ + $alert_block_disc = 'empty'; + } + + /* use one echo to do the magic*/ + echo "<tr> + <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> + <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> + <td> {$counter2}</td> + <td> {$alert_block_ip}</td> + <td> {$alert_block_disc}</td> + </tr>\n"; + + } + + }else{ + + /* if alerts file is empty and blocked table is not empty */ + $counter2 = 0; + + foreach($blocked_ips_array as $alert_block_ip) + { + if($logent <= $counter2) + continue; + + $counter2++; + + $alert_block_disc = 'N/A'; + + /* use one echo to do the magic*/ + echo "<tr> + <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> + <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> + <td> {$counter2}</td> + <td> {$alert_block_ip}</td> + <td> {$alert_block_disc}</td> + </tr>\n"; + } + } + } + + echo '</table>' . "\n"; + + if (empty($blocked_ips_array[0])) + echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>"; + else + echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>"; + + ?> + </td> + </tr> + </table> + </td> + </tr> + </table> + </div> + + <?php + + include("fend.inc"); + +echo $snort_custom_rnd_box; + +?> + +</body> +</html> diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php index d959a1d5..41995e9d 100644 --- a/config/snort-dev/snort_check_for_rule_updates.php +++ b/config/snort-dev/snort_check_for_rule_updates.php @@ -1,690 +1,690 @@ -<?php
-/*
- snort_check_for_rule_updates.php
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Setup enviroment */
-
-/* TODO: review if include files are needed */
-require_once("functions.inc");
-require_once("service-utils.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-$pkg_interface = "console";
-
-$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
-$snortdir = "/usr/local/etc/snort";
-$snortdir_wan = "/usr/local/etc/snort";
-$snort_filename_md5 = "{$snort_rules_file}.md5";
-$snort_filename = "{$snort_rules_file}";
-$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
-$emergingthreats_filename = "emerging.rules.tar.gz";
-$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
-$pfsense_rules_filename = "pfsense_rules.tar.gz";
-
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
-
-$up_date_time = date('l jS \of F Y h:i:s A');
-echo "\n";
-echo "#########################\n";
-echo "$up_date_time\n";
-echo "#########################\n";
-echo "\n\n";
-
-/* define checks */
-$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-
-if ($snortdownload == 'off' && $emergingthreats != 'on')
- $snort_emrging_info = 'stop';
-
-if ($oinkid == "" && $snortdownload != 'off')
- $snort_oinkid_info = 'stop';
-
-/* check if main rule directory is empty */
-$if_mrule_dir = "/usr/local/etc/snort/rules";
-$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
-if (file_exists('/var/run/snort.conf.dirty'))
- $snort_dirty_d = 'stop';
-
-/* Start of code */
-conf_mount_rw();
-
-if (!is_dir('/usr/local/etc/snort/tmp'))
- exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
-
-$snort_md5_check_ok = 'off';
-$emerg_md5_check_ok = 'off';
-$pfsense_md5_check_ok = 'off';
-
-/* Set user agent to Mozilla */
-ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-ini_set("memory_limit","150M");
-
-/* mark the time update started */
-$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
-
-/* send current buffer */
-ob_flush();
-
-/* send current buffer */
-ob_flush();
-
-/* remove old $tmpfname files */
-if (is_dir("{$tmpfname}")) {
- update_status(gettext("Removing old tmp files..."));
- exec("/bin/rm -r {$tmpfname}");
- apc_clear_cache();
-}
-
-/* Make shure snortdir exits */
-exec("/bin/mkdir -p {$snortdir}");
-exec("/bin/mkdir -p {$snortdir}/rules");
-exec("/bin/mkdir -p {$snortdir}/signatures");
-exec("/bin/mkdir -p {$tmpfname}");
-exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
-
-/* send current buffer */
-ob_flush();
-
-$pfsensedownload = 'on';
-
-/* download md5 sig from snort.org */
-if ($snortdownload == 'on')
-{
- if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
- filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
- update_status(gettext("snort.org md5 temp file exists..."));
- } else {
- update_status(gettext("Downloading snort.org md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-
- //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
- $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
- @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
- update_status(gettext("Done downloading snort.org md5"));
- }
-}
-
-/* download md5 sig from emergingthreats.net */
-if ($emergingthreats == 'on')
-{
- update_status(gettext("Downloading emergingthreats md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');
- @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
- update_status(gettext("Done downloading emergingthreats md5"));
-}
-
-/* download md5 sig from pfsense.org */
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- update_status(gettext("pfsense md5 temp file exists..."));
-} else {
- update_status(gettext("Downloading pfsense md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
- @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);
- update_status(gettext("Done downloading pfsense md5."));
-}
-
-/* If md5 file is empty wait 15min exit */
-if ($snortdownload == 'on')
-{
- if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))
- {
- update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
- $snortdownload = 'off';
- }
-}
-
-/* If pfsense md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
- update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released to support Pfsense packages."));
- $pfsensedownload = 'off';
-}
-
-/* Check if were up to date snort.org */
-if ($snortdownload == 'on')
-{
- if (file_exists("{$snortdir}/{$snort_filename_md5}"))
- {
- $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
- $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($md5_check_new == $md5_check_old)
- {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now, check update."));
- $snort_md5_check_ok = 'on';
- } else {
- update_status(gettext("Your rules are not up to date..."));
- $snort_md5_check_ok = 'off';
- }
- }
-}
-
-/* Check if were up to date emergingthreats.net */
-if ($emergingthreats == 'on')
-{
- if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))
- {
- $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
- $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
- $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($emerg_md5_check_new == $emerg_md5_check_old)
- {
- $emerg_md5_check_ok = 'on';
- } else
- $emerg_md5_check_ok = 'off';
- }
-}
-
-/* Check if were up to date pfsense.org */
-if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
-{
- $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($pfsense_md5_check_new == $pfsense_md5_check_old)
- {
- $pfsense_md5_check_ok = 'on';
- } else
- $pfsense_md5_check_ok = 'off';
-}
-
-if ($snortdownload == 'on') {
- if ($snort_md5_check_ok == 'on')
- {
- update_status(gettext("Your snort.org rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- $snortdownload = 'off';
- }
-}
-if ($emergingthreats == 'on') {
- if ($emerg_md5_check_ok == 'on')
- {
- update_status(gettext("Your Emergingthreats rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- $emergingthreats = 'off';
- }
-}
-
-/* download snortrules file */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- if (300000 > filesize("{$tmpfname}/$snort_filename")){
- update_status(gettext("Error with the snort rules download..."));
- update_output_window(gettext("Snort rules file downloaded failed..."));
- $snortdownload = 'off';
- }
- }
- }
-}
-
-/* download emergingthreats rules file */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext('Emergingthreats tar file exists...'));
- }else{
- update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
- update_status(gettext('Done downloading Emergingthreats rules file.'));
- }
- }
-}
-
-/* download pfsense rules file */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- }
-}
-
-/* Compair md5 sig to file sig */
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk == on) {
-//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md5 == $file_md5_ondisk) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// return;
-// }
-//}
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk != on) {
-//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
-//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md55 == $file_md5_ondisk2) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// return;
-// }
-//}
-
-/* Untar snort rules file individually to help people with low system specs */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
-
- if ($pfsense_stable == 'yes')
- $freebsd_version_so = 'FreeBSD-7-2';
- else
- $freebsd_version_so = 'FreeBSD-8-1';
-
- update_status(gettext("Extracting Snort.org rules..."));
- update_output_window(gettext("May take a while..."));
- /* extract snort.org rules and add prefix to all snort.org files*/
- exec("/bin/rm -r {$snortdir}/rules");
- sleep(2);
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- chdir ("/usr/local/etc/snort/rules");
- sleep(2);
- exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
-
- /* extract so rules */
- exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- if($snort_arch == 'x86'){
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/");
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
- } else if ($snort_arch == 'x64') {
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/");
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
- }
- /* extract so rules none bin and rename */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
- " so_rules/chat.rules/" .
- " so_rules/dos.rules/" .
- " so_rules/exploit.rules/" .
- " so_rules/icmp.rules/" .
- " so_rules/imap.rules/" .
- " so_rules/misc.rules/" .
- " so_rules/multimedia.rules/" .
- " so_rules/netbios.rules/" .
- " so_rules/nntp.rules/" .
- " so_rules/p2p.rules/" .
- " so_rules/smtp.rules/" .
- " so_rules/sql.rules/" .
- " so_rules/web-activex.rules/" .
- " so_rules/web-client.rules/" .
- " so_rules/web-iis.rules/" .
- " so_rules/web-misc.rules/");
-
- exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- }
-
- /* extract base etc files */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
- update_status(gettext("Done extracting Snort.org Rules."));
- }else{
- update_status(gettext("Error extracting Snort.org Rules..."));
- update_output_window(gettext("Error Line 755"));
- $snortdownload = 'off';
- }
-}
-
-/* Untar emergingthreats rules to tmp */
-if ($emergingthreats == 'on')
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
- }
-}
-
-/* Untar Pfsense rules to tmp */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Extracting Pfsense rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
- }
-}
-
-/* Untar snort signatures */
-if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == 'on') {
- update_status(gettext("Extracting Signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- update_status(gettext("Done extracting Signatures."));
- }
- }
-}
-
-/* Copy md5 sig to snort dir */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
- }else{
- update_status(gettext("The md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $snortdownload = 'off';
- }
- }
-}
-
-/* Copy emergingthreats md5 sig to snort dir */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
- {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
- }else{
- update_status(gettext("The emergingthreats md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $emergingthreats = 'off';
- }
- }
-}
-
-/* Copy Pfsense md5 sig to snort dir */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
- } else {
- update_status(gettext("The Pfsense md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $pfsensedownload = 'off';
- }
-}
-
-/* Copy signatures dir to snort dir */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on')
- {
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == 'on')
- {
- if (file_exists("{$snortdir}/doc/signatures")) {
- update_status(gettext("Copying signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- update_status(gettext("Done copying signatures."));
- }else{
- update_status(gettext("Directory signatures exist..."));
- update_output_window(gettext("Error copying signature..."));
- $snortdownload = 'off';
- }
- }
- }
-}
-
-/* double make shure cleanup emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
- apc_clear_cache();
- @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
-}
-
-if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
-}
-
-/* make shure default rules are in the right format */
-exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-
-/* create a msg-map for snort */
-update_status(gettext("Updating Alert Messages..."));
-update_output_window(gettext("Please Wait..."));
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
-
-
-//////////////////
-/* open oinkmaster_conf for writing" function */
-function oinkmaster_conf($id, $if_real, $iface_uuid)
-{
- global $config, $g, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
-
- @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
-
- /* enable disable setting will carry over with updates */
- /* TODO carry signature changes with the updates */
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
-
- $selected_sid_on_section = "";
- $selected_sid_off_sections = "";
-
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
- $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
- $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
- foreach($enabled_sid_on_array as $enabled_item_on)
- $selected_sid_on_sections .= "$enabled_item_on\n";
- }
-
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
- $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
- foreach($enabled_sid_off_array as $enabled_item_off)
- $selected_sid_off_sections .= "$enabled_item_off\n";
- }
-
- if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) {
- $snort_sid_text = <<<EOD
-
-###########################################
-# #
-# this is auto generated on snort updates #
-# #
-###########################################
-
-path = /bin:/usr/bin:/usr/local/bin
-
-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-
-url = dir:///usr/local/etc/snort/rules
-
-$selected_sid_on_sections
-
-$selected_sid_off_sections
-
-EOD;
-
- /* open snort's oinkmaster.conf for writing */
- @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
- }
- }
-}
-
-/* Run oinkmaster to snort_wan and cp configs */
-/* If oinkmaster is not needed cp rules normally */
-/* TODO add per interface settings here */
-function oinkmaster_run($id, $if_real, $iface_uuid)
-{
- global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
-
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
- if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- update_status(gettext("Your first set of rules are being copied..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- } else {
- update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
-
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
-
- }
- }
-}
-
-/* Start the proccess for every interface rule */
-/* TODO: try to make the code smother */
-if (is_array($config['installedpackages']['snortglobal']['rule']))
-{
- foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
- $iface_uuid = $value['uuid'];
-
- /* make oinkmaster.conf for each interface rule */
- oinkmaster_conf($id, $if_real, $iface_uuid);
-
- /* run oinkmaster for each interface rule */
- oinkmaster_run($id, $if_real, $iface_uuid);
- }
-}
-
-//////////////
-
-/* mark the time update finnished */
-$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
-
-/* remove old $tmpfname files */
-if (is_dir('/usr/local/etc/snort/tmp')) {
- update_status(gettext("Cleaning up..."));
- exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
- sleep(2);
- exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
-}
-
-/* XXX: These are needed if snort is run as snort user
-mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
-mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);
-mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);
-*/
-/* make all dirs snorts */
-mwexec("/bin/chmod -R 755 /var/log/snort", true);
-mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
-mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
-
-if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
- update_output_window(gettext("Finished..."));
-else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')
- update_output_window(gettext("Finished..."));
-else {
- /* You are Not Up to date, always stop snort when updating rules for low end machines */;
- update_status(gettext("You are NOT up to date..."));
- exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
- update_status(gettext("The Rules update finished..."));
- update_output_window(gettext("Snort has restarted with your new set of rules..."));
- exec("/bin/rm /tmp/snort_download_halt.pid");
-}
-
-update_status(gettext("The Rules update finished..."));
-conf_mount_ro();
-
-?>
+<?php +/* + snort_check_for_rule_updates.php + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya + Copyright (C) 2011 Ermal Luci + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +/* Setup enviroment */ + +/* TODO: review if include files are needed */ +require_once("functions.inc"); +require_once("service-utils.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +$pkg_interface = "console"; + +$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; +$snortdir = "/usr/local/etc/snort"; +$snortdir_wan = "/usr/local/etc/snort"; +$snort_filename_md5 = "{$snort_rules_file}.md5"; +$snort_filename = "{$snort_rules_file}"; +$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5"; +$emergingthreats_filename = "emerging.rules.tar.gz"; +$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; +$pfsense_rules_filename = "pfsense_rules.tar.gz"; + +/* Time stamps define */ +$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; +$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; + +$up_date_time = date('l jS \of F Y h:i:s A'); +echo "\n"; +echo "#########################\n"; +echo "$up_date_time\n"; +echo "#########################\n"; +echo "\n\n"; + +/* define checks */ +$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; + +if ($snortdownload == 'off' && $emergingthreats != 'on') + $snort_emrging_info = 'stop'; + +if ($oinkid == "" && $snortdownload != 'off') + $snort_oinkid_info = 'stop'; + +/* check if main rule directory is empty */ +$if_mrule_dir = "/usr/local/etc/snort/rules"; +$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; + +if (file_exists('/var/run/snort.conf.dirty')) + $snort_dirty_d = 'stop'; + +/* Start of code */ +conf_mount_rw(); + +if (!is_dir('/usr/local/etc/snort/tmp')) + exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); + +$snort_md5_check_ok = 'off'; +$emerg_md5_check_ok = 'off'; +$pfsense_md5_check_ok = 'off'; + +/* Set user agent to Mozilla */ +ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); +ini_set("memory_limit","150M"); + +/* mark the time update started */ +$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); + +/* send current buffer */ +ob_flush(); + +/* send current buffer */ +ob_flush(); + +/* remove old $tmpfname files */ +if (is_dir("{$tmpfname}")) { + update_status(gettext("Removing old tmp files...")); + exec("/bin/rm -r {$tmpfname}"); + apc_clear_cache(); +} + +/* Make shure snortdir exits */ +exec("/bin/mkdir -p {$snortdir}"); +exec("/bin/mkdir -p {$snortdir}/rules"); +exec("/bin/mkdir -p {$snortdir}/signatures"); +exec("/bin/mkdir -p {$tmpfname}"); +exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/"); + +/* send current buffer */ +ob_flush(); + +$pfsensedownload = 'on'; + +/* download md5 sig from snort.org */ +if ($snortdownload == 'on') +{ + if (file_exists("{$tmpfname}/{$snort_filename_md5}") && + filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { + update_status(gettext("snort.org md5 temp file exists...")); + } else { + update_status(gettext("Downloading snort.org md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + + //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); + $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); + @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image); + update_status(gettext("Done downloading snort.org md5")); + } +} + +/* download md5 sig from emergingthreats.net */ +if ($emergingthreats == 'on') +{ + update_status(gettext("Downloading emergingthreats md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); + $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5'); + @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); + update_status(gettext("Done downloading emergingthreats md5")); +} + +/* download md5 sig from pfsense.org */ +if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { + update_status(gettext("pfsense md5 temp file exists...")); +} else { + update_status(gettext("Downloading pfsense md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); + $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); + @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image); + update_status(gettext("Done downloading pfsense md5.")); +} + +/* If md5 file is empty wait 15min exit */ +if ($snortdownload == 'on') +{ + if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) + { + update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); + update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); + $snortdownload = 'off'; + } +} + +/* If pfsense md5 file is empty wait 15min exit */ +if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ + update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); + update_output_window(gettext("Rules are released to support Pfsense packages.")); + $pfsensedownload = 'off'; +} + +/* Check if were up to date snort.org */ +if ($snortdownload == 'on') +{ + if (file_exists("{$snortdir}/{$snort_filename_md5}")) + { + $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); + $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + if ($md5_check_new == $md5_check_old) + { + update_status(gettext("Your rules are up to date...")); + update_output_window(gettext("You may start Snort now, check update.")); + $snort_md5_check_ok = 'on'; + } else { + update_status(gettext("Your rules are not up to date...")); + $snort_md5_check_ok = 'off'; + } + } +} + +/* Check if were up to date emergingthreats.net */ +if ($emergingthreats == 'on') +{ + if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}")) + { + $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); + $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); + $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + if ($emerg_md5_check_new == $emerg_md5_check_old) + { + $emerg_md5_check_ok = 'on'; + } else + $emerg_md5_check_ok = 'off'; + } +} + +/* Check if were up to date pfsense.org */ +if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) +{ + $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + if ($pfsense_md5_check_new == $pfsense_md5_check_old) + { + $pfsense_md5_check_ok = 'on'; + } else + $pfsense_md5_check_ok = 'off'; +} + +if ($snortdownload == 'on') { + if ($snort_md5_check_ok == 'on') + { + update_status(gettext("Your snort.org rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + $snortdownload = 'off'; + } +} +if ($emergingthreats == 'on') { + if ($emerg_md5_check_ok == 'on') + { + update_status(gettext("Your Emergingthreats rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + $emergingthreats = 'off'; + } +} + +/* download snortrules file */ +if ($snortdownload == 'on') +{ + if ($snort_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + update_status(gettext("Snortrule tar file exists...")); + } else { + update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); + download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}"); + update_all_status($static_output); + update_status(gettext("Done downloading rules file.")); + if (300000 > filesize("{$tmpfname}/$snort_filename")){ + update_status(gettext("Error with the snort rules download...")); + update_output_window(gettext("Snort rules file downloaded failed...")); + $snortdownload = 'off'; + } + } + } +} + +/* download emergingthreats rules file */ +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != 'on') + { + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + update_status(gettext('Emergingthreats tar file exists...')); + }else{ + update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); + download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}"); + update_status(gettext('Done downloading Emergingthreats rules file.')); + } + } +} + +/* download pfsense rules file */ +if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { + update_status(gettext("Snortrule tar file exists...")); + } else { + update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); + download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}"); + update_all_status($static_output); + update_status(gettext("Done downloading rules file.")); + } +} + +/* Compair md5 sig to file sig */ + +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk == on) { +//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); +//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md5 == $file_md5_ondisk) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); +// update_output_window(gettext("Error md5 Mismatch...")); +// return; +// } +//} + +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk != on) { +//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; +//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md55 == $file_md5_ondisk2) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...Not P")); +// update_output_window(gettext("Error md5 Mismatch...")); +// return; +// } +//} + +/* Untar snort rules file individually to help people with low system specs */ +if ($snortdownload == 'on') +{ + if ($snort_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + + if ($pfsense_stable == 'yes') + $freebsd_version_so = 'FreeBSD-7-2'; + else + $freebsd_version_so = 'FreeBSD-8-1'; + + update_status(gettext("Extracting Snort.org rules...")); + update_output_window(gettext("May take a while...")); + /* extract snort.org rules and add prefix to all snort.org files*/ + exec("/bin/rm -r {$snortdir}/rules"); + sleep(2); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); + chdir ("/usr/local/etc/snort/rules"); + sleep(2); + exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); + + /* extract so rules */ + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); + if($snort_arch == 'x86'){ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/"); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); + } else if ($snort_arch == 'x64') { + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/"); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); + } + /* extract so rules none bin and rename */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . + " so_rules/chat.rules/" . + " so_rules/dos.rules/" . + " so_rules/exploit.rules/" . + " so_rules/icmp.rules/" . + " so_rules/imap.rules/" . + " so_rules/misc.rules/" . + " so_rules/multimedia.rules/" . + " so_rules/netbios.rules/" . + " so_rules/nntp.rules/" . + " so_rules/p2p.rules/" . + " so_rules/smtp.rules/" . + " so_rules/sql.rules/" . + " so_rules/web-activex.rules/" . + " so_rules/web-client.rules/" . + " so_rules/web-iis.rules/" . + " so_rules/web-misc.rules/"); + + exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); + exec("/bin/rm -r {$snortdir}/so_rules"); + } + + /* extract base etc files */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); + exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); + exec("/bin/rm -r {$snortdir}/etc"); + + update_status(gettext("Done extracting Snort.org Rules.")); + }else{ + update_status(gettext("Error extracting Snort.org Rules...")); + update_output_window(gettext("Error Line 755")); + $snortdownload = 'off'; + } +} + +/* Untar emergingthreats rules to tmp */ +if ($emergingthreats == 'on') +{ + if ($emerg_md5_check_ok != 'on') + { + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + update_status(gettext("Extracting rules...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); + } + } +} + +/* Untar Pfsense rules to tmp */ +if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { + update_status(gettext("Extracting Pfsense rules...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); + } +} + +/* Untar snort signatures */ +if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; + if ($premium_url_chk == 'on') { + update_status(gettext("Extracting Signatures...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); + update_status(gettext("Done extracting Signatures.")); + } + } +} + +/* Copy md5 sig to snort dir */ +if ($snortdownload == 'on') +{ + if ($snort_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/$snort_filename_md5")) { + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); + }else{ + update_status(gettext("The md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + $snortdownload = 'off'; + } + } +} + +/* Copy emergingthreats md5 sig to snort dir */ +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != 'on') + { + if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) + { + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); + }else{ + update_status(gettext("The emergingthreats md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + $emergingthreats = 'off'; + } + } +} + +/* Copy Pfsense md5 sig to snort dir */ +if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { + update_status(gettext("Copying Pfsense md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); + } else { + update_status(gettext("The Pfsense md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + $pfsensedownload = 'off'; + } +} + +/* Copy signatures dir to snort dir */ +if ($snortdownload == 'on') +{ + if ($snort_md5_check_ok != 'on') + { + $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; + if ($premium_url_chk == 'on') + { + if (file_exists("{$snortdir}/doc/signatures")) { + update_status(gettext("Copying signatures...")); + update_output_window(gettext("May take a while...")); + exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); + exec("/bin/rm -r {$snortdir}/doc/signatures"); + update_status(gettext("Done copying signatures.")); + }else{ + update_status(gettext("Directory signatures exist...")); + update_output_window(gettext("Error copying signature...")); + $snortdownload = 'off'; + } + } + } +} + +/* double make shure cleanup emerg rules that dont belong */ +if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { + apc_clear_cache(); + @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); +} + +if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { + exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); + exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); +} + +/* make shure default rules are in the right format */ +exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); +exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); +exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); + +/* create a msg-map for snort */ +update_status(gettext("Updating Alert Messages...")); +update_output_window(gettext("Please Wait...")); +exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); + + +////////////////// +/* open oinkmaster_conf for writing" function */ +function oinkmaster_conf($id, $if_real, $iface_uuid) +{ + global $config, $g, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + + @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf"); + + /* enable disable setting will carry over with updates */ + /* TODO carry signature changes with the updates */ + if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { + + $selected_sid_on_section = ""; + $selected_sid_off_sections = ""; + + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { + $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']); + $enabled_sid_on_array = split('\|\|', $enabled_sid_on); + foreach($enabled_sid_on_array as $enabled_item_on) + $selected_sid_on_sections .= "$enabled_item_on\n"; + } + + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { + $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']); + $enabled_sid_off_array = split('\|\|', $enabled_sid_off); + foreach($enabled_sid_off_array as $enabled_item_off) + $selected_sid_off_sections .= "$enabled_item_off\n"; + } + + if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) { + $snort_sid_text = <<<EOD + +########################################### +# # +# this is auto generated on snort updates # +# # +########################################### + +path = /bin:/usr/bin:/usr/local/bin + +update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ + +url = dir:///usr/local/etc/snort/rules + +$selected_sid_on_sections + +$selected_sid_off_sections + +EOD; + + /* open snort's oinkmaster.conf for writing */ + @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text); + } + } +} + +/* Run oinkmaster to snort_wan and cp configs */ +/* If oinkmaster is not needed cp rules normally */ +/* TODO add per interface settings here */ +function oinkmaster_run($id, $if_real, $iface_uuid) +{ + global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + + if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { + if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { + update_status(gettext("Your first set of rules are being copied...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + } else { + update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + + /* might have to add a sleep for 3sec for flash drives or old drives */ + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); + + } + } +} + +/* Start the proccess for every interface rule */ +/* TODO: try to make the code smother */ +if (is_array($config['installedpackages']['snortglobal']['rule'])) +{ + foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { + $result_lan = $value['interface']; + $if_real = snort_get_real_interface($result_lan); + $iface_uuid = $value['uuid']; + + /* make oinkmaster.conf for each interface rule */ + oinkmaster_conf($id, $if_real, $iface_uuid); + + /* run oinkmaster for each interface rule */ + oinkmaster_run($id, $if_real, $iface_uuid); + } +} + +////////////// + +/* mark the time update finnished */ +$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); + +/* remove old $tmpfname files */ +if (is_dir('/usr/local/etc/snort/tmp')) { + update_status(gettext("Cleaning up...")); + exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); + sleep(2); + exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); +} + +/* XXX: These are needed if snort is run as snort user +mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); +mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); +mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); +*/ +/* make all dirs snorts */ +mwexec("/bin/chmod -R 755 /var/log/snort", true); +mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); +mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); + +if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off') + update_output_window(gettext("Finished...")); +else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on') + update_output_window(gettext("Finished...")); +else { + /* You are Not Up to date, always stop snort when updating rules for low end machines */; + update_status(gettext("You are NOT up to date...")); + exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); + update_status(gettext("The Rules update finished...")); + update_output_window(gettext("Snort has restarted with your new set of rules...")); + exec("/bin/rm /tmp/snort_download_halt.pid"); +} + +update_status(gettext("The Rules update finished...")); +conf_mount_ro(); + +?> diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php index 853d2a9b..497f0a79 100644 --- a/config/snort-dev/snort_define_servers.php +++ b/config/snort-dev/snort_define_servers.php @@ -1,541 +1,541 @@ -<?php
-/* $Id$ */
-/*
- snort_define_servers.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
-
-TODO: Nov 12 09
-Clean this code up its ugly
-Important add error checking
-
-*/
-
-//require_once("globals.inc");
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g;
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
-}
-
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-$pconfig = array();
-if (isset($id) && $a_nat[$id]) {
- $pconfig = $a_nat[$id];
-
- /* old options */
- $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
- $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
- $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
- $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
- $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
- $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
- $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
- $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
- $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
- $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
- $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
- $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
- $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
- $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
- $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
- $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
- $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
- $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
- $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
- $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
- $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
- $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
- $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
- $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
- $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
- $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers'];
- $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
- $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
- $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
- $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
- $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
- $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
- $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
- $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
- $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
-}
-
-/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
-$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
-
-/* alert file */
-$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-
-if ($_POST) {
-
- $natent = array();
- $natent = $pconfig;
-
- /* if no errors write to conf */
- if (!$input_errors) {
- /* post new options */
- if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; }
- if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; }
- if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; }
- if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; }
- if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; }
- if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; }
- if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; }
- if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; }
- if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; }
- if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; }
- if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; }
- if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; }
- if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; }
- if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; }
- if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; }
- if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; }
- if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; }
- if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; }
- if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; }
- if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; }
- if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; }
- if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; }
- if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; }
- if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; }
- if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; }
- if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; }
- if ($_POST['def_sip_servers'] != "") { $natent['def_sip_servers'] = $_POST['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; }
- if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
- if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; }
- if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; }
- if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; }
- if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; }
- if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; }
- if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; }
- if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; }
-
-
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
- else {
- if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
- else
- $a_nat[] = $natent;
- }
-
- write_config();
-
- sync_snort_package_config();
-
- /* after click go to this page */
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: snort_define_servers.php?id=$id");
- exit;
- }
-}
-
-$pgtitle = "Snort: Interface $id$if_real Define Servers";
-include_once("head.inc");
-
-?>
-<body
- link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php
-include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-echo "{$snort_general_css}\n";
-?>
-
-<form action="snort_define_servers.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform"><?php
-
- /* Display Alert message */
-
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box2($savemsg);
- }
-
- ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tabid = 0;
- $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tabid++;
- $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Servers"), true, "/snort/snort_define_servers.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
-?>
-</td></tr>
-<tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br>
- Please save your settings before you click start.<br>
- Please make sure there are <strong>no spaces</strong> in your
- definitions. </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Define Servers</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_dns_servers"
- type="text" class="formfld" id="def_dns_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td>
- <td width="78%" class="vtable"><input name="def_dns_ports"
- type="text" class="formfld" id="def_dns_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 53.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_smtp_servers"
- type="text" class="formfld" id="def_smtp_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td>
- <td width="78%" class="vtable"><input name="def_smtp_ports"
- type="text" class="formfld" id="def_smtp_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 25.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td>
- <td width="78%" class="vtable"><input name="def_mail_ports"
- type="text" class="formfld" id="def_mail_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 25,143,465,691.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_http_servers"
- type="text" class="formfld" id="def_http_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_www_servers"
- type="text" class="formfld" id="def_www_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td>
- <td width="78%" class="vtable"><input name="def_http_ports"
- type="text" class="formfld" id="def_http_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 80.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_sql_servers"
- type="text" class="formfld" id="def_sql_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td>
- <td width="78%" class="vtable"><input name="def_oracle_ports"
- type="text" class="formfld" id="def_oracle_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 1521.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td>
- <td width="78%" class="vtable"><input name="def_mssql_ports"
- type="text" class="formfld" id="def_mssql_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 1433.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_telnet_servers"
- type="text" class="formfld" id="def_telnet_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td>
- <td width="78%" class="vtable"><input name="def_telnet_ports"
- type="text" class="formfld" id="def_telnet_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 23.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_snmp_servers"
- type="text" class="formfld" id="def_snmp_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td>
- <td width="78%" class="vtable"><input name="def_snmp_ports"
- type="text" class="formfld" id="def_snmp_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 161.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_ftp_servers"
- type="text" class="formfld" id="def_ftp_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td>
- <td width="78%" class="vtable"><input name="def_ftp_ports"
- type="text" class="formfld" id="def_ftp_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 21.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_ssh_servers"
- type="text" class="formfld" id="def_ssh_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td>
- <td width="78%" class="vtable"><input name="def_ssh_ports"
- type="text" class="formfld" id="def_ssh_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is the firewall's SSH port.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_pop_servers"
- type="text" class="formfld" id="def_pop_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td>
- <td width="78%" class="vtable"><input name="def_pop2_ports"
- type="text" class="formfld" id="def_pop2_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 109.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td>
- <td width="78%" class="vtable"><input name="def_pop3_ports"
- type="text" class="formfld" id="def_pop3_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 110.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_imap_servers"
- type="text" class="formfld" id="def_imap_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td>
- <td width="78%" class="vtable"><input name="def_imap_ports"
- type="text" class="formfld" id="def_imap_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 143.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td>
- <td width="78%" class="vtable"><input name="def_sip_proxy_ip"
- type="text" class="formfld" id="def_sip_proxy_ip" size="40"
- value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td>
- <td width="78%" class="vtable"><input name="def_sip_proxy_ports"
- type="text" class="formfld" id="def_sip_proxy_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td>
- <td width="78%" class="vtable"><input name="def_sip_servers"
- type="text" class="formfld" id="def_sip_servers" size="40"
- value="<?=htmlspecialchars($pconfig['def_sip_servers']);?>"> <br>
- <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
- blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td>
- <td width="78%" class="vtable"><input name="def_sip_ports"
- type="text" class="formfld" id="def_sip_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td>
- <td width="78%" class="vtable"><input name="def_auth_ports"
- type="text" class="formfld" id="def_auth_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 113.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td>
- <td width="78%" class="vtable"><input name="def_finger_ports"
- type="text" class="formfld" id="def_finger_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 79.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td>
- <td width="78%" class="vtable"><input name="def_irc_ports"
- type="text" class="formfld" id="def_irc_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td>
- <td width="78%" class="vtable"><input name="def_nntp_ports"
- type="text" class="formfld" id="def_nntp_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 119.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td>
- <td width="78%" class="vtable"><input name="def_rlogin_ports"
- type="text" class="formfld" id="def_rlogin_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 513.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td>
- <td width="78%" class="vtable"><input name="def_rsh_ports"
- type="text" class="formfld" id="def_rsh_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 514.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td>
- <td width="78%" class="vtable"><input name="def_ssl_ports"
- type="text" class="formfld" id="def_ssl_ports" size="40"
- value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> <br>
- <span class="vexpl">Example: Specific ports "25,443" or All ports
- betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="id" type="hidden" value="<?=$id;?>">
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <br>
- Please save your settings before you click start. </td>
- </tr>
- </table>
-
-</table>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* $Id$ */ +/* + snort_define_servers.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +/* + +TODO: Nov 12 09 +Clean this code up its ugly +Important add error checking + +*/ + +//require_once("globals.inc"); +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; +} + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$pconfig = array(); +if (isset($id) && $a_nat[$id]) { + $pconfig = $a_nat[$id]; + + /* old options */ + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers']; + $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; + $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; +} + +/* convert fake interfaces to real */ +$if_real = snort_get_real_interface($pconfig['interface']); +$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + +/* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + +if ($_POST) { + + $natent = array(); + $natent = $pconfig; + + /* if no errors write to conf */ + if (!$input_errors) { + /* post new options */ + if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } + if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } + if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; } + if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; } + if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; } + if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } + if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; } + if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; } + if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; } + if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } + if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; } + if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; } + if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; } + if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } + if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; } + if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; } + if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; } + if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } + if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; } + if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; } + if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; } + if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } + if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; } + if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } + if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } + if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } + if ($_POST['def_sip_servers'] != "") { $natent['def_sip_servers'] = $_POST['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; } + if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } + if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } + if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } + if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } + if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } + if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; } + if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; } + if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; } + + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + sync_snort_package_config(); + + /* after click go to this page */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: snort_define_servers.php?id=$id"); + exit; + } +} + +$pgtitle = "Snort: Interface $id$if_real Define Servers"; +include_once("head.inc"); + +?> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include("fbegin.inc"); +if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} + +echo "{$snort_general_css}\n"; +?> + +<form action="snort_define_servers.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"><?php + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), true, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> + Please save your settings before you click start.<br> + Please make sure there are <strong>no spaces</strong> in your + definitions. </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Define Servers</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td> + <td width="78%" class="vtable"><input name="def_dns_servers" + type="text" class="formfld" id="def_dns_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td> + <td width="78%" class="vtable"><input name="def_dns_ports" + type="text" class="formfld" id="def_dns_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 53.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_smtp_servers" + type="text" class="formfld" id="def_smtp_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td> + <td width="78%" class="vtable"><input name="def_smtp_ports" + type="text" class="formfld" id="def_smtp_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 25.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td> + <td width="78%" class="vtable"><input name="def_mail_ports" + type="text" class="formfld" id="def_mail_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 25,143,465,691.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_http_servers" + type="text" class="formfld" id="def_http_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td> + <td width="78%" class="vtable"><input name="def_www_servers" + type="text" class="formfld" id="def_www_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td> + <td width="78%" class="vtable"><input name="def_http_ports" + type="text" class="formfld" id="def_http_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 80.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td> + <td width="78%" class="vtable"><input name="def_sql_servers" + type="text" class="formfld" id="def_sql_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td> + <td width="78%" class="vtable"><input name="def_oracle_ports" + type="text" class="formfld" id="def_oracle_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 1521.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td> + <td width="78%" class="vtable"><input name="def_mssql_ports" + type="text" class="formfld" id="def_mssql_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 1433.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td> + <td width="78%" class="vtable"><input name="def_telnet_servers" + type="text" class="formfld" id="def_telnet_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td> + <td width="78%" class="vtable"><input name="def_telnet_ports" + type="text" class="formfld" id="def_telnet_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 23.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_snmp_servers" + type="text" class="formfld" id="def_snmp_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td> + <td width="78%" class="vtable"><input name="def_snmp_ports" + type="text" class="formfld" id="def_snmp_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 161.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_ftp_servers" + type="text" class="formfld" id="def_ftp_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td> + <td width="78%" class="vtable"><input name="def_ftp_ports" + type="text" class="formfld" id="def_ftp_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 21.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td> + <td width="78%" class="vtable"><input name="def_ssh_servers" + type="text" class="formfld" id="def_ssh_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td> + <td width="78%" class="vtable"><input name="def_ssh_ports" + type="text" class="formfld" id="def_ssh_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is the firewall's SSH port.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_pop_servers" + type="text" class="formfld" id="def_pop_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td> + <td width="78%" class="vtable"><input name="def_pop2_ports" + type="text" class="formfld" id="def_pop2_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 109.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td> + <td width="78%" class="vtable"><input name="def_pop3_ports" + type="text" class="formfld" id="def_pop3_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 110.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_imap_servers" + type="text" class="formfld" id="def_imap_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td> + <td width="78%" class="vtable"><input name="def_imap_ports" + type="text" class="formfld" id="def_imap_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 143.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td> + <td width="78%" class="vtable"><input name="def_sip_proxy_ip" + type="text" class="formfld" id="def_sip_proxy_ip" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td> + <td width="78%" class="vtable"><input name="def_sip_proxy_ports" + type="text" class="formfld" id="def_sip_proxy_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_sip_servers" + type="text" class="formfld" id="def_sip_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td> + <td width="78%" class="vtable"><input name="def_sip_ports" + type="text" class="formfld" id="def_sip_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td> + <td width="78%" class="vtable"><input name="def_auth_ports" + type="text" class="formfld" id="def_auth_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 113.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td> + <td width="78%" class="vtable"><input name="def_finger_ports" + type="text" class="formfld" id="def_finger_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 79.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td> + <td width="78%" class="vtable"><input name="def_irc_ports" + type="text" class="formfld" id="def_irc_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td> + <td width="78%" class="vtable"><input name="def_nntp_ports" + type="text" class="formfld" id="def_nntp_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 119.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td> + <td width="78%" class="vtable"><input name="def_rlogin_ports" + type="text" class="formfld" id="def_rlogin_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 513.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td> + <td width="78%" class="vtable"><input name="def_rsh_ports" + type="text" class="formfld" id="def_rsh_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 514.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td> + <td width="78%" class="vtable"><input name="def_ssl_ports" + type="text" class="formfld" id="def_ssl_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input name="id" type="hidden" value="<?=$id;?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click start. </td> + </tr> + </table> + +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php index dd4ca524..521a7b0f 100644 --- a/config/snort-dev/snort_download_rules.php +++ b/config/snort-dev/snort_download_rules.php @@ -1,776 +1,776 @@ -<?php
-/*
- snort_download_rules.php
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Setup enviroment */
-require_once("guiconfig.inc");
-require_once("functions.inc");
-require_once("service-utils.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if ($_GET['return']) {
- header("Location: /snort/snort_download_updates.php");
- exit;
-}
-
-$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
-$snortdir = "/usr/local/etc/snort";
-$snortdir_wan = "/usr/local/etc/snort";
-$snort_filename_md5 = "{$snort_rules_file}.md5";
-$snort_filename = "{$snort_rules_file}";
-$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
-$emergingthreats_filename = "emerging.rules.tar.gz";
-$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
-$pfsense_rules_filename = "pfsense_rules.tar.gz";
-
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
-
-/* define checks */
-$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-
-if ($snortdownload == 'off' && $emergingthreats != 'on')
- $snort_emrging_info = 'stop';
-
-if ($oinkid == "" && $snortdownload != 'off')
- $snort_oinkid_info = 'stop';
-
-/* check if main rule directory is empty */
-$if_mrule_dir = "/usr/local/etc/snort/rules";
-$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
-if (file_exists('/var/run/snort.conf.dirty'))
- $snort_dirty_d = 'stop';
-
-$pgtitle = "Services: Snort: Update Rules";
-
-include("head.inc");
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<form action="/snort/snort_download_updates.php" method="GET">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td ><!-- progress bar -->
- <table id="progholder" width='320'
- style='border-collapse: collapse; border: 1px solid #000000;'
- cellpadding='2' cellspacing='2'>
- <tr>
- <td><img border='0'
- src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif'
- width='280' height='23' name='progressbar' id='progressbar'
- alt='' />
- </td>
- </tr>
- </table>
- <br />
- <!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
- <?=gettext("Initializing...");?>
- </textarea>
- <!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
- </textarea>
- </td>
- </tr>
- </table>
- </div>
- </td>
-</tr>
-<tr><td><input type="submit" Value="Return"></td></tr>
-</table>
-</form>
-<?php include("fend.inc");?>
-</body>
-</html>
-
-<?php
-/* Start of code */
-conf_mount_rw();
-
-if (!is_dir('/usr/local/etc/snort/tmp'))
- exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
-
-$snort_md5_check_ok = 'off';
-$emerg_md5_check_ok = 'off';
-$pfsense_md5_check_ok = 'off';
-
-/* Set user agent to Mozilla */
-ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-ini_set("memory_limit","150M");
-
-/* mark the time update started */
-$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
-
-/* send current buffer */
-ob_flush();
-
-/* hide progress bar */
-hide_progress_bar_status();
-
-/* send current buffer */
-ob_flush();
-
-/* remove old $tmpfname files */
-if (is_dir("{$tmpfname}")) {
- update_status(gettext("Removing old tmp files..."));
- exec("/bin/rm -r {$tmpfname}");
- apc_clear_cache();
-}
-
-/* Make shure snortdir exits */
-exec("/bin/mkdir -p {$snortdir}");
-exec("/bin/mkdir -p {$snortdir}/rules");
-exec("/bin/mkdir -p {$snortdir}/signatures");
-exec("/bin/mkdir -p {$tmpfname}");
-exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
-
-/* send current buffer */
-ob_flush();
-
-/* unhide progress bar and lets end this party */
-unhide_progress_bar_status();
-
-$pfsensedownload = 'on';
-
-/* download md5 sig from snort.org */
-if ($snortdownload == 'on')
-{
- if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
- filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
- update_status(gettext("snort.org md5 temp file exists..."));
- } else {
- update_status(gettext("Downloading snort.org md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-
- //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
- $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
- @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
- update_status(gettext("Done downloading snort.org md5"));
- }
-}
-
-/* download md5 sig from emergingthreats.net */
-if ($emergingthreats == 'on')
-{
- update_status(gettext("Downloading emergingthreats md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');
- @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
- update_status(gettext("Done downloading emergingthreats md5"));
-}
-
-/* download md5 sig from pfsense.org */
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- update_status(gettext("pfsense md5 temp file exists..."));
-} else {
- update_status(gettext("Downloading pfsense md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
- @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);
- update_status(gettext("Done downloading pfsense md5."));
-}
-
-/* If md5 file is empty wait 15min exit */
-if ($snortdownload == 'on')
-{
- if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))
- {
- update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
- hide_progress_bar_status();
- $snortdownload = 'off';
- }
-}
-
-/* If pfsense md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
- update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released to support Pfsense packages."));
- hide_progress_bar_status();
- $pfsensedownload = 'off';
-}
-
-/* Check if were up to date snort.org */
-if ($snortdownload == 'on')
-{
- if (file_exists("{$snortdir}/{$snort_filename_md5}"))
- {
- $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
- $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($md5_check_new == $md5_check_old)
- {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now, check update."));
- hide_progress_bar_status();
- $snort_md5_check_ok = 'on';
- } else {
- update_status(gettext("Your rules are not up to date..."));
- $snort_md5_check_ok = 'off';
- }
- }
-}
-
-/* Check if were up to date emergingthreats.net */
-if ($emergingthreats == 'on')
-{
- if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))
- {
- $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
- $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
- $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($emerg_md5_check_new == $emerg_md5_check_old)
- {
- hide_progress_bar_status();
- $emerg_md5_check_ok = 'on';
- } else
- $emerg_md5_check_ok = 'off';
- }
-}
-
-/* Check if were up to date pfsense.org */
-if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
-{
- $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- if ($pfsense_md5_check_new == $pfsense_md5_check_old)
- {
- hide_progress_bar_status();
- $pfsense_md5_check_ok = 'on';
- } else
- $pfsense_md5_check_ok = 'off';
-}
-
-if ($snortdownload == 'on') {
- if ($snort_md5_check_ok == 'on')
- {
- update_status(gettext("Your snort.org rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- $snortdownload = 'off';
- }
-}
-if ($emergingthreats == 'on') {
- if ($emerg_md5_check_ok == 'on')
- {
- update_status(gettext("Your Emergingthreats rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- $emergingthreats = 'off';
- }
-}
-
-/* download snortrules file */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- if (150000 > filesize("{$tmpfname}/$snort_filename")){
- update_status(gettext("Error with the snort rules download..."));
-
- update_output_window(gettext("Snort rules file downloaded failed..."));
- $snortdownload = 'off';
- }
- }
- }
-}
-
-/* download emergingthreats rules file */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext('Emergingthreats tar file exists...'));
- }else{
- update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
- update_status(gettext('Done downloading Emergingthreats rules file.'));
- }
- }
-}
-
-/* download pfsense rules file */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- }
-}
-
-/* Compair md5 sig to file sig */
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk == on) {
-//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md5 == $file_md5_ondisk) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// return;
-// }
-//}
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk != on) {
-//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
-//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md55 == $file_md5_ondisk2) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// return;
-// }
-//}
-
-/* Untar snort rules file individually to help people with low system specs */
-if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
-
- // find out if were in 1.2.3-RELEASE
- $pfsense_ver_chk = exec('/bin/cat /etc/version');
- if ($pfsense_ver_chk === '1.2.3-RELEASE') {
- $pfsense_stable = 'yes';
- }else{
- $pfsense_stable = 'no';
- }
-
- // get the system arch
- $snort_arch_ck = exec('/usr/bin/uname -m');
- if ($snort_arch_ck === 'i386') {
- $snort_arch = 'i386';
- }else{
- $snort_arch = 'x86-64'; // amd64
- }
-
- if ($pfsense_stable === 'yes') {
- $freebsd_version_so = 'FreeBSD-7-3';
- }else{
- $freebsd_version_so = 'FreeBSD-8-1';
- }
-
- update_status(gettext("Extracting Snort.org rules..."));
- update_output_window(gettext("May take a while..."));
- /* extract snort.org rules and add prefix to all snort.org files*/
- exec("/bin/rm -r {$snortdir}/rules");
- sleep(2);
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- chdir ("/usr/local/etc/snort/rules");
- sleep(2);
-
- $snort_dirList = scandir("{$snortdir}/rules"); // Waning: only in php 5
- $snortrules_filterList = snortscandirfilter($snort_dirList, '/.*\.rules/', '/\.rules/', '');
-
- if (!empty($snortrules_filterList)) {
- foreach ($snortrules_filterList as $snort_rule_move)
- {
- exec("/bin/mv -f {$snortdir}/rules/{$snort_rule_move}.rules {$snortdir}/rules/snort_{$snort_rule_move}.rules");
- }
- }
-
- /* extract so_rules */
-
- // list so_rules and exclude dir
- exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list);
-
- $so_rulesPattr = array('/\//', '/\.rules/');
- $so_rulesPattw = array('', '');
-
- // build list of so_rules
- $so_rules_filterList = snortscandirfilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
-
- if (!empty($so_rules_filterList)) {
- // cp rule to so tmp dir
- foreach ($so_rules_filterList as $so_rule)
- {
-
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/{$so_rule}.rules");
-
- }
- // mv and rename so rules
- foreach ($so_rules_filterList as $so_rule_move)
- {
- exec("/bin/mv -f {$snortdir}/so_rules/{$so_rule_move}.rules {$snortdir}/rules/snort_{$so_rule_move}.so.rules");
- }
- }
-
- /* extract preproc_rules */
-
- // list so_rules and exclude dir
- exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} preproc_rules", $preproc_rules_list);
-
- $preproc_rules_filterList = snortscandirfilter($preproc_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
-
- if (!empty($preproc_rules_filterList)) {
- // cp rule to so tmp dir
- foreach ($preproc_rules_filterList as $preproc_rule)
- {
-
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} preproc_rules/{$preproc_rule}.rules");
-
- }
- // mv and rename preproc_rules
- foreach ($preproc_rules_filterList as $preproc_rule_move)
- {
- exec("/bin/mv -f {$snortdir}/preproc_rules/{$preproc_rule_move}.rules {$snortdir}/rules/snort_{$preproc_rule_move}.preproc.rules");
- }
- }
-
- /* extract base etc files */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
- update_status(gettext("Done extracting Snort.org Rules."));
- }else{
- update_status(gettext("Error extracting Snort.org Rules..."));
- update_output_window(gettext("Error Line 755"));
- $snortdownload = 'off';
- }
-}
-
-/* Untar emergingthreats rules to tmp */
-if ($emergingthreats == 'on')
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
- }
-}
-
-/* Untar Pfsense rules to tmp */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Extracting Pfsense rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
- }
-}
-
-/* Untar snort signatures */
-if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == 'on') {
- update_status(gettext("Extracting Signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- update_status(gettext("Done extracting Signatures."));
- }
- }
-}
-
-/* Copy md5 sig to snort dir */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
- }else{
- update_status(gettext("The md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $snortdownload = 'off';
- }
- }
-}
-
-/* Copy emergingthreats md5 sig to snort dir */
-if ($emergingthreats == "on")
-{
- if ($emerg_md5_check_ok != 'on')
- {
- if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
- {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
- }else{
- update_status(gettext("The emergingthreats md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $emergingthreats = 'off';
- }
- }
-}
-
-/* Copy Pfsense md5 sig to snort dir */
-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
- if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
- } else {
- update_status(gettext("The Pfsense md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- $pfsensedownload = 'off';
- }
-}
-
-/* Copy signatures dir to snort dir */
-if ($snortdownload == 'on')
-{
- if ($snort_md5_check_ok != 'on')
- {
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == 'on')
- {
- if (file_exists("{$snortdir}/doc/signatures")) {
- update_status(gettext("Copying signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- update_status(gettext("Done copying signatures."));
- }else{
- update_status(gettext("Directory signatures exist..."));
- update_output_window(gettext("Error copying signature..."));
- $snortdownload = 'off';
- }
- }
- }
-}
-
-/* double make shure cleanup emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
- apc_clear_cache();
- @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
- @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
-}
-
-if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
-}
-
-/* make shure default rules are in the right format */
-exec("/usr/bin/sed -i '' 's/^[ \t]*//' /usr/local/etc/snort/rules/*.rules"); // remove white spaces from begining of line
-exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
-exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
-
-/* create a msg-map for snort */
-update_status(gettext("Updating Alert Messages..."));
-update_output_window(gettext("Please Wait..."));
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
-
-
-//////////////////
-
-/* open oinkmaster_conf for writing" function */
-function oinkmaster_conf($id, $if_real, $iface_uuid)
-{
- global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
-
- @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
-
- /* enable disable setting will carry over with updates */
- /* TODO carry signature changes with the updates */
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
-
- $selected_sid_on_sections = "";
- $selected_sid_off_sections = "";
-
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
- $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
- $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
- foreach($enabled_sid_on_array as $enabled_item_on)
- $selected_sid_on_sections .= "$enabled_item_on\n";
- }
-
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
- $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
- foreach($enabled_sid_off_array as $enabled_item_off)
- $selected_sid_off_sections .= "$enabled_item_off\n";
- }
-
- if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) {
- $snort_sid_text = <<<EOD
-
-###########################################
-# #
-# this is auto generated on snort updates #
-# #
-###########################################
-
-path = /bin:/usr/bin:/usr/local/bin
-
-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-
-url = dir:///usr/local/etc/snort/rules
-
-$selected_sid_on_sections
-
-$selected_sid_off_sections
-
-EOD;
-
- /* open snort's oinkmaster.conf for writing */
- @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
- }
- }
-}
-
-/* Run oinkmaster to snort_wan and cp configs */
-/* If oinkmaster is not needed cp rules normally */
-/* TODO add per interface settings here */
-function oinkmaster_run($id, $if_real, $iface_uuid)
-{
- global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
-
- if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
- if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
- update_status(gettext("Your first set of rules are being copied..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- } else {
- update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
-
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
- }
- }
-}
-
-/* Start the proccess for every interface rule */
-/* TODO: try to make the code smother */
-if (is_array($config['installedpackages']['snortglobal']['rule']))
-{
- foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
- $iface_uuid = $value['uuid'];
-
- /* make oinkmaster.conf for each interface rule */
- oinkmaster_conf($id, $if_real, $iface_uuid);
-
- /* run oinkmaster for each interface rule */
- oinkmaster_run($id, $if_real, $iface_uuid);
- }
-}
-
-//////////////
-
-/* mark the time update finnished */
-$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
-
-/* remove old $tmpfname files */
-if (is_dir('/usr/local/etc/snort/tmp')) {
- update_status(gettext("Cleaning up..."));
- exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
- sleep(2);
- exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
-}
-
-/* XXX: These are needed if snort is run as snort user
-mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
-mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);
-mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);
-*/
-/* make all dirs snorts */
-mwexec("/bin/chmod -R 755 /var/log/snort", true);
-mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
-mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
-
-/* hide progress bar and lets end this party */
-hide_progress_bar_status();
-
-if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
- update_output_window(gettext("Finished..."));
-else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')
- update_output_window(gettext("Finished..."));
-else {
- /* You are Not Up to date, always stop snort when updating rules for low end machines */;
- update_status(gettext("You are NOT up to date..."));
- exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
- update_status(gettext("The Rules update finished..."));
- update_output_window(gettext("Snort has restarted with your new set of rules..."));
- exec("/bin/rm /tmp/snort_download_halt.pid");
-}
-
-update_status(gettext("The Rules update finished..."));
-conf_mount_ro();
-
-?>
+<?php +/* + snort_download_rules.php + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya + Copyright (C) 2011 Ermal Luci + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +/* Setup enviroment */ +require_once("guiconfig.inc"); +require_once("functions.inc"); +require_once("service-utils.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +if ($_GET['return']) { + header("Location: /snort/snort_download_updates.php"); + exit; +} + +$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; +$snortdir = "/usr/local/etc/snort"; +$snortdir_wan = "/usr/local/etc/snort"; +$snort_filename_md5 = "{$snort_rules_file}.md5"; +$snort_filename = "{$snort_rules_file}"; +$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5"; +$emergingthreats_filename = "emerging.rules.tar.gz"; +$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; +$pfsense_rules_filename = "pfsense_rules.tar.gz"; + +/* Time stamps define */ +$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; +$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; + +/* define checks */ +$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; + +if ($snortdownload == 'off' && $emergingthreats != 'on') + $snort_emrging_info = 'stop'; + +if ($oinkid == "" && $snortdownload != 'off') + $snort_oinkid_info = 'stop'; + +/* check if main rule directory is empty */ +$if_mrule_dir = "/usr/local/etc/snort/rules"; +$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; + +if (file_exists('/var/run/snort.conf.dirty')) + $snort_dirty_d = 'stop'; + +$pgtitle = "Services: Snort: Update Rules"; + +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<form action="/snort/snort_download_updates.php" method="GET"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td ><!-- progress bar --> + <table id="progholder" width='320' + style='border-collapse: collapse; border: 1px solid #000000;' + cellpadding='2' cellspacing='2'> + <tr> + <td><img border='0' + src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' + width='280' height='23' name='progressbar' id='progressbar' + alt='' /> + </td> + </tr> + </table> + <br /> + <!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard"> + <?=gettext("Initializing...");?> + </textarea> + <!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard"> + </textarea> + </td> + </tr> + </table> + </div> + </td> +</tr> +<tr><td><input type="submit" Value="Return"></td></tr> +</table> +</form> +<?php include("fend.inc");?> +</body> +</html> + +<?php +/* Start of code */ +conf_mount_rw(); + +if (!is_dir('/usr/local/etc/snort/tmp')) + exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); + +$snort_md5_check_ok = 'off'; +$emerg_md5_check_ok = 'off'; +$pfsense_md5_check_ok = 'off'; + +/* Set user agent to Mozilla */ +ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); +ini_set("memory_limit","150M"); + +/* mark the time update started */ +$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); + +/* send current buffer */ +ob_flush(); + +/* hide progress bar */ +hide_progress_bar_status(); + +/* send current buffer */ +ob_flush(); + +/* remove old $tmpfname files */ +if (is_dir("{$tmpfname}")) { + update_status(gettext("Removing old tmp files...")); + exec("/bin/rm -r {$tmpfname}"); + apc_clear_cache(); +} + +/* Make shure snortdir exits */ +exec("/bin/mkdir -p {$snortdir}"); +exec("/bin/mkdir -p {$snortdir}/rules"); +exec("/bin/mkdir -p {$snortdir}/signatures"); +exec("/bin/mkdir -p {$tmpfname}"); +exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/"); + +/* send current buffer */ +ob_flush(); + +/* unhide progress bar and lets end this party */ +unhide_progress_bar_status(); + +$pfsensedownload = 'on'; + +/* download md5 sig from snort.org */ +if ($snortdownload == 'on') +{ + if (file_exists("{$tmpfname}/{$snort_filename_md5}") && + filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { + update_status(gettext("snort.org md5 temp file exists...")); + } else { + update_status(gettext("Downloading snort.org md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + + //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); + $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); + @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image); + update_status(gettext("Done downloading snort.org md5")); + } +} + +/* download md5 sig from emergingthreats.net */ +if ($emergingthreats == 'on') +{ + update_status(gettext("Downloading emergingthreats md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); + $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5'); + @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); + update_status(gettext("Done downloading emergingthreats md5")); +} + +/* download md5 sig from pfsense.org */ +if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { + update_status(gettext("pfsense md5 temp file exists...")); +} else { + update_status(gettext("Downloading pfsense md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); + $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); + @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image); + update_status(gettext("Done downloading pfsense md5.")); +} + +/* If md5 file is empty wait 15min exit */ +if ($snortdownload == 'on') +{ + if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) + { + update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); + update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); + hide_progress_bar_status(); + $snortdownload = 'off'; + } +} + +/* If pfsense md5 file is empty wait 15min exit */ +if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ + update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); + update_output_window(gettext("Rules are released to support Pfsense packages.")); + hide_progress_bar_status(); + $pfsensedownload = 'off'; +} + +/* Check if were up to date snort.org */ +if ($snortdownload == 'on') +{ + if (file_exists("{$snortdir}/{$snort_filename_md5}")) + { + $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); + $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + if ($md5_check_new == $md5_check_old) + { + update_status(gettext("Your rules are up to date...")); + update_output_window(gettext("You may start Snort now, check update.")); + hide_progress_bar_status(); + $snort_md5_check_ok = 'on'; + } else { + update_status(gettext("Your rules are not up to date...")); + $snort_md5_check_ok = 'off'; + } + } +} + +/* Check if were up to date emergingthreats.net */ +if ($emergingthreats == 'on') +{ + if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}")) + { + $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); + $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); + $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + if ($emerg_md5_check_new == $emerg_md5_check_old) + { + hide_progress_bar_status(); + $emerg_md5_check_ok = 'on'; + } else + $emerg_md5_check_ok = 'off'; + } +} + +/* Check if were up to date pfsense.org */ +if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) +{ + $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + if ($pfsense_md5_check_new == $pfsense_md5_check_old) + { + hide_progress_bar_status(); + $pfsense_md5_check_ok = 'on'; + } else + $pfsense_md5_check_ok = 'off'; +} + +if ($snortdownload == 'on') { + if ($snort_md5_check_ok == 'on') + { + update_status(gettext("Your snort.org rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + $snortdownload = 'off'; + } +} +if ($emergingthreats == 'on') { + if ($emerg_md5_check_ok == 'on') + { + update_status(gettext("Your Emergingthreats rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + $emergingthreats = 'off'; + } +} + +/* download snortrules file */ +if ($snortdownload == 'on') +{ + if ($snort_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + update_status(gettext("Snortrule tar file exists...")); + } else { + unhide_progress_bar_status(); + update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); + download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}"); + update_all_status($static_output); + update_status(gettext("Done downloading rules file.")); + if (150000 > filesize("{$tmpfname}/$snort_filename")){ + update_status(gettext("Error with the snort rules download...")); + + update_output_window(gettext("Snort rules file downloaded failed...")); + $snortdownload = 'off'; + } + } + } +} + +/* download emergingthreats rules file */ +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != 'on') + { + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + update_status(gettext('Emergingthreats tar file exists...')); + }else{ + update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); + download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}"); + update_status(gettext('Done downloading Emergingthreats rules file.')); + } + } +} + +/* download pfsense rules file */ +if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { + update_status(gettext("Snortrule tar file exists...")); + } else { + unhide_progress_bar_status(); + update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); + download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}"); + update_all_status($static_output); + update_status(gettext("Done downloading rules file.")); + } +} + +/* Compair md5 sig to file sig */ + +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk == on) { +//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); +//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md5 == $file_md5_ondisk) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); +// update_output_window(gettext("Error md5 Mismatch...")); +// return; +// } +//} + +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk != on) { +//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; +//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md55 == $file_md5_ondisk2) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...Not P")); +// update_output_window(gettext("Error md5 Mismatch...")); +// return; +// } +//} + +/* Untar snort rules file individually to help people with low system specs */ +if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + + // find out if were in 1.2.3-RELEASE + $pfsense_ver_chk = exec('/bin/cat /etc/version'); + if ($pfsense_ver_chk === '1.2.3-RELEASE') { + $pfsense_stable = 'yes'; + }else{ + $pfsense_stable = 'no'; + } + + // get the system arch + $snort_arch_ck = exec('/usr/bin/uname -m'); + if ($snort_arch_ck === 'i386') { + $snort_arch = 'i386'; + }else{ + $snort_arch = 'x86-64'; // amd64 + } + + if ($pfsense_stable === 'yes') { + $freebsd_version_so = 'FreeBSD-7-3'; + }else{ + $freebsd_version_so = 'FreeBSD-8-1'; + } + + update_status(gettext("Extracting Snort.org rules...")); + update_output_window(gettext("May take a while...")); + /* extract snort.org rules and add prefix to all snort.org files*/ + exec("/bin/rm -r {$snortdir}/rules"); + sleep(2); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); + chdir ("/usr/local/etc/snort/rules"); + sleep(2); + + $snort_dirList = scandir("{$snortdir}/rules"); // Waning: only in php 5 + $snortrules_filterList = snortscandirfilter($snort_dirList, '/.*\.rules/', '/\.rules/', ''); + + if (!empty($snortrules_filterList)) { + foreach ($snortrules_filterList as $snort_rule_move) + { + exec("/bin/mv -f {$snortdir}/rules/{$snort_rule_move}.rules {$snortdir}/rules/snort_{$snort_rule_move}.rules"); + } + } + + /* extract so_rules */ + + // list so_rules and exclude dir + exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list); + + $so_rulesPattr = array('/\//', '/\.rules/'); + $so_rulesPattw = array('', ''); + + // build list of so_rules + $so_rules_filterList = snortscandirfilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw); + + if (!empty($so_rules_filterList)) { + // cp rule to so tmp dir + foreach ($so_rules_filterList as $so_rule) + { + + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/{$so_rule}.rules"); + + } + // mv and rename so rules + foreach ($so_rules_filterList as $so_rule_move) + { + exec("/bin/mv -f {$snortdir}/so_rules/{$so_rule_move}.rules {$snortdir}/rules/snort_{$so_rule_move}.so.rules"); + } + } + + /* extract preproc_rules */ + + // list so_rules and exclude dir + exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} preproc_rules", $preproc_rules_list); + + $preproc_rules_filterList = snortscandirfilter($preproc_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw); + + if (!empty($preproc_rules_filterList)) { + // cp rule to so tmp dir + foreach ($preproc_rules_filterList as $preproc_rule) + { + + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} preproc_rules/{$preproc_rule}.rules"); + + } + // mv and rename preproc_rules + foreach ($preproc_rules_filterList as $preproc_rule_move) + { + exec("/bin/mv -f {$snortdir}/preproc_rules/{$preproc_rule_move}.rules {$snortdir}/rules/snort_{$preproc_rule_move}.preproc.rules"); + } + } + + /* extract base etc files */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); + exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); + exec("/bin/rm -r {$snortdir}/etc"); + + update_status(gettext("Done extracting Snort.org Rules.")); + }else{ + update_status(gettext("Error extracting Snort.org Rules...")); + update_output_window(gettext("Error Line 755")); + $snortdownload = 'off'; + } +} + +/* Untar emergingthreats rules to tmp */ +if ($emergingthreats == 'on') +{ + if ($emerg_md5_check_ok != 'on') + { + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + update_status(gettext("Extracting rules...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); + } + } +} + +/* Untar Pfsense rules to tmp */ +if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { + update_status(gettext("Extracting Pfsense rules...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); + } +} + +/* Untar snort signatures */ +if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; + if ($premium_url_chk == 'on') { + update_status(gettext("Extracting Signatures...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); + update_status(gettext("Done extracting Signatures.")); + } + } +} + +/* Copy md5 sig to snort dir */ +if ($snortdownload == 'on') +{ + if ($snort_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/$snort_filename_md5")) { + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); + }else{ + update_status(gettext("The md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + $snortdownload = 'off'; + } + } +} + +/* Copy emergingthreats md5 sig to snort dir */ +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != 'on') + { + if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) + { + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); + }else{ + update_status(gettext("The emergingthreats md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + $emergingthreats = 'off'; + } + } +} + +/* Copy Pfsense md5 sig to snort dir */ +if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { + if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { + update_status(gettext("Copying Pfsense md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); + } else { + update_status(gettext("The Pfsense md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + $pfsensedownload = 'off'; + } +} + +/* Copy signatures dir to snort dir */ +if ($snortdownload == 'on') +{ + if ($snort_md5_check_ok != 'on') + { + $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; + if ($premium_url_chk == 'on') + { + if (file_exists("{$snortdir}/doc/signatures")) { + update_status(gettext("Copying signatures...")); + update_output_window(gettext("May take a while...")); + exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); + exec("/bin/rm -r {$snortdir}/doc/signatures"); + update_status(gettext("Done copying signatures.")); + }else{ + update_status(gettext("Directory signatures exist...")); + update_output_window(gettext("Error copying signature...")); + $snortdownload = 'off'; + } + } + } +} + +/* double make shure cleanup emerg rules that dont belong */ +if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { + apc_clear_cache(); + @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); + @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); +} + +if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { + exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); + exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); +} + +/* make shure default rules are in the right format */ +exec("/usr/bin/sed -i '' 's/^[ \t]*//' /usr/local/etc/snort/rules/*.rules"); // remove white spaces from begining of line +exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); +exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); +exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); + +/* create a msg-map for snort */ +update_status(gettext("Updating Alert Messages...")); +update_output_window(gettext("Please Wait...")); +exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); + + +////////////////// + +/* open oinkmaster_conf for writing" function */ +function oinkmaster_conf($id, $if_real, $iface_uuid) +{ + global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + + @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf"); + + /* enable disable setting will carry over with updates */ + /* TODO carry signature changes with the updates */ + if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { + + $selected_sid_on_sections = ""; + $selected_sid_off_sections = ""; + + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { + $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']); + $enabled_sid_on_array = split('\|\|', $enabled_sid_on); + foreach($enabled_sid_on_array as $enabled_item_on) + $selected_sid_on_sections .= "$enabled_item_on\n"; + } + + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { + $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']); + $enabled_sid_off_array = split('\|\|', $enabled_sid_off); + foreach($enabled_sid_off_array as $enabled_item_off) + $selected_sid_off_sections .= "$enabled_item_off\n"; + } + + if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) { + $snort_sid_text = <<<EOD + +########################################### +# # +# this is auto generated on snort updates # +# # +########################################### + +path = /bin:/usr/bin:/usr/local/bin + +update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ + +url = dir:///usr/local/etc/snort/rules + +$selected_sid_on_sections + +$selected_sid_off_sections + +EOD; + + /* open snort's oinkmaster.conf for writing */ + @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text); + } + } +} + +/* Run oinkmaster to snort_wan and cp configs */ +/* If oinkmaster is not needed cp rules normally */ +/* TODO add per interface settings here */ +function oinkmaster_run($id, $if_real, $iface_uuid) +{ + global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + + if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { + if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { + update_status(gettext("Your first set of rules are being copied...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + } else { + update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + + /* might have to add a sleep for 3sec for flash drives or old drives */ + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); + } + } +} + +/* Start the proccess for every interface rule */ +/* TODO: try to make the code smother */ +if (is_array($config['installedpackages']['snortglobal']['rule'])) +{ + foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { + $result_lan = $value['interface']; + $if_real = snort_get_real_interface($result_lan); + $iface_uuid = $value['uuid']; + + /* make oinkmaster.conf for each interface rule */ + oinkmaster_conf($id, $if_real, $iface_uuid); + + /* run oinkmaster for each interface rule */ + oinkmaster_run($id, $if_real, $iface_uuid); + } +} + +////////////// + +/* mark the time update finnished */ +$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); + +/* remove old $tmpfname files */ +if (is_dir('/usr/local/etc/snort/tmp')) { + update_status(gettext("Cleaning up...")); + exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); + sleep(2); + exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); +} + +/* XXX: These are needed if snort is run as snort user +mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); +mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); +mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); +*/ +/* make all dirs snorts */ +mwexec("/bin/chmod -R 755 /var/log/snort", true); +mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); +mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); + +/* hide progress bar and lets end this party */ +hide_progress_bar_status(); + +if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off') + update_output_window(gettext("Finished...")); +else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on') + update_output_window(gettext("Finished...")); +else { + /* You are Not Up to date, always stop snort when updating rules for low end machines */; + update_status(gettext("You are NOT up to date...")); + exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); + update_status(gettext("The Rules update finished...")); + update_output_window(gettext("Snort has restarted with your new set of rules...")); + exec("/bin/rm /tmp/snort_download_halt.pid"); +} + +update_status(gettext("The Rules update finished...")); +conf_mount_ro(); + +?> diff --git a/config/snort-dev/snort_download_updates.php b/config/snort-dev/snort_download_updates.php index 22b8fcba..e902cd64 100644 --- a/config/snort-dev/snort_download_updates.php +++ b/config/snort-dev/snort_download_updates.php @@ -1,322 +1,322 @@ -<?php
-/*
- snort_download_updates.php
- part of pfSense
- Copyright (C) 2004 Scott Ullrich
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- part of m0n0wall as reboot.php (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g;
-
-/* load only javascript that is needed */
-$snort_load_jquery = 'yes';
-$snort_load_jquery_colorbox = 'yes';
-
-
-/* quick md5s chk */
-$snort_org_sig_chk_local = 'N/A';
-if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5"))
- $snort_org_sig_chk_local = exec("/bin/cat /usr/local/etc/snort/{$snort_rules_file}.md5");
-
-$emergingt_net_sig_chk_local = 'N/A';
-if(file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5'))
- $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/emerging.rules.tar.gz.md5');
-
-$pfsense_org_sig_chk_local = 'N/A';
-if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5'))
- $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5');
-
-/* define checks */
-$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-
-if ($snortdownload != 'on' && $emergingthreats != 'on')
- $snort_emrging_info = 'stop';
-
-if ($oinkid == '' && $snortdownload != 'off')
- $snort_oinkid_info = 'stop';
-
-if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop')
- $error_stop = 'true';
-
-/* check if main rule directory is empty */
-$if_mrule_dir = "/usr/local/etc/snort/rules";
-$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
-/* check for logfile */
-$update_logfile_chk = 'no';
-if (file_exists('/usr/local/etc/snort/snort_update.log'))
- $update_logfile_chk = 'yes';
-
-header("snort_help_info.php");
-header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );
-header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" );
-header( "Cache-Control: no-cache, must-revalidate" );
-header( "Pragma: no-cache" );
-
-
-$pgtitle = "Services: Snort: Updates";
-include_once("head.inc");
-
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-
-<?php
-echo "{$snort_general_css}\n";
-echo "$snort_interfaces_css\n";
-?>
-
-<?php include("fbegin.inc"); ?>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<noscript>
-<div class="alert" ALIGN=CENTER><img
- src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
-enable JavaScript to view this content
-</CENTER></div>
-</noscript>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
- display_top_tabs($tab_array);
-?>
-</td></tr>
-<tr>
- <td>
- <div id="mainarea3">
- <table id="maintable4" class="tabcont" width="100%" border="0"
- cellpadding="0" cellspacing="0">
- <tr>
- <td><!-- grey line -->
- <table height="12px" width="725px" border="0" cellpadding="5px"
- cellspacing="0">
- <tr>
- <td style='background-color: #eeeeee'>
- <div height="12px" width="725px" style='background-color: #dddddd'>
- </div>
- </td>
- </tr>
- </table>
-
- <br>
-
- <table id="download_rules" height="32px" width="725px" border="0"
- cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style="background-color: #eeeeee">
- <div height="32" width="725px" style="background-color: #eeeeee">
-
- <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br>
- <br>
- <p style="text-align: left; margin-left: 225px;"><font
- color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font
- size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br>
- <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font
- size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br>
- <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font
- size="1px" color="#000000"> <? echo $pfsense_org_sig_chk_local; ?></font><br>
- </p>
-
- </div>
- </td>
- </tr>
- </table>
-
- <br>
-
- <!-- grey line -->
- <table height="12px" width="725px" border="0" cellpadding="5px"
- cellspacing="0">
- <tr>
- <td style='background-color: #eeeeee'>
- <div height="12px" width="725px" style='background-color: #eeeeee'>
- </div>
- </td>
- </tr>
- </table>
-
- <br>
-
- <table id="download_rules" height="32px" width="725px" border="0"
- cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
-
- <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br>
- <br>
-
- <?php
-
- if ($error_stop == 'true') {
- echo '
-
- <button class="sexybutton disabled" disabled="disabled"><span class="download">Update Rules </span></button><br/>
- <p style="text-align:left; margin-left:150px;">
- <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> No rule types have been selected for download. "Global Settings Tab"</font><br>';
-
- if ($mfolder_chk == 'empty') {
-
- echo '
- <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font>' ."\n";
- }
-
- echo '</p>' . "\n";
-
- }else{
-
- echo '
-
- <a href="/snort/snort_download_rules.php"><button class="sexybutton disabled"><span class="download">Update Rules </span></button></a><br/>' . "\n";
-
- if ($mfolder_chk == 'empty') {
-
- echo '
- <p style="text-align:left; margin-left:150px;">
- <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font>
- </p>';
- }
-
- }
-
- ?> <br>
-
- </div>
- </td>
- </tr>
- </table>
-
- <br>
-
- <table id="download_rules" height="32px" width="725px" border="0"
- cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
-
- <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br>
- <br>
-
- <?php
-
- if ($update_logfile_chk == 'yes') {
- echo '
- <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n";
- }else{
- echo '
- <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n";
- }
-
- ?> <br>
- <br>
-
- </div>
- </td>
- </tr>
- </table>
-
- <br>
-
- <table height="12px" width="725px" border="0" cellpadding="5px"
- cellspacing="0">
- <tr>
- <td style='background-color: #eeeeee'>
- <div height="12px" width="725px" style='background-color: #eeeeee'>
- </div>
- </td>
- </tr>
- </table>
-
- <br>
-
- <table id="download_rules" height="32px" width="725px" border="0"
- cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
-
- <img style='vertical-align: middle'
- src="/snort/images/icon_excli.png" width="40" height="32"> <font
- color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px'
- color='#000000'> Snort.org and Emergingthreats.net
- will go down from time to time. Please be patient.</font></div>
- </td>
- </tr>
- </table>
-
- <br>
-
- <table height="12px" width="725px" border="0" cellpadding="5px"
- cellspacing="0">
- <tr>
- <td style='background-color: #eeeeee'>
- <div height="12px" width="725px" style='background-color: #eeeeee'>
- </div>
- </td>
- </tr>
- </table>
-
- </td>
- </tr>
- </table>
- </div>
-
-
-
-
-
- <br>
- </td>
- </tr>
-</table>
-<!-- end of final table --></div>
-
-<?php include("fend.inc"); ?>
-
-<?php echo "$snort_custom_rnd_box\n"; ?>
-
-</body>
-</html>
+<?php +/* + snort_download_updates.php + part of pfSense + Copyright (C) 2004 Scott Ullrich + Copyright (C) 2011 Ermal Luci + All rights reserved. + + part of m0n0wall as reboot.php (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +/* load only javascript that is needed */ +$snort_load_jquery = 'yes'; +$snort_load_jquery_colorbox = 'yes'; + + +/* quick md5s chk */ +$snort_org_sig_chk_local = 'N/A'; +if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5")) + $snort_org_sig_chk_local = exec("/bin/cat /usr/local/etc/snort/{$snort_rules_file}.md5"); + +$emergingt_net_sig_chk_local = 'N/A'; +if(file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5')) + $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/emerging.rules.tar.gz.md5'); + +$pfsense_org_sig_chk_local = 'N/A'; +if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5')) + $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5'); + +/* define checks */ +$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; + +if ($snortdownload != 'on' && $emergingthreats != 'on') + $snort_emrging_info = 'stop'; + +if ($oinkid == '' && $snortdownload != 'off') + $snort_oinkid_info = 'stop'; + +if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop') + $error_stop = 'true'; + +/* check if main rule directory is empty */ +$if_mrule_dir = "/usr/local/etc/snort/rules"; +$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; + +/* check for logfile */ +$update_logfile_chk = 'no'; +if (file_exists('/usr/local/etc/snort/snort_update.log')) + $update_logfile_chk = 'yes'; + +header("snort_help_info.php"); +header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); +header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); +header( "Cache-Control: no-cache, must-revalidate" ); +header( "Pragma: no-cache" ); + + +$pgtitle = "Services: Snort: Updates"; +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +echo "{$snort_general_css}\n"; +echo "$snort_interfaces_css\n"; +?> + +<?php include("fbegin.inc"); ?> + +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea3"> + <table id="maintable4" class="tabcont" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr> + <td><!-- grey line --> + <table height="12px" width="725px" border="0" cellpadding="5px" + cellspacing="0"> + <tr> + <td style='background-color: #eeeeee'> + <div height="12px" width="725px" style='background-color: #dddddd'> + </div> + </td> + </tr> + </table> + + <br> + + <table id="download_rules" height="32px" width="725px" border="0" + cellpadding="5px" cellspacing="0"> + <tr> + <td id="download_rules_td" style="background-color: #eeeeee"> + <div height="32" width="725px" style="background-color: #eeeeee"> + + <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br> + <br> + <p style="text-align: left; margin-left: 225px;"><font + color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font + size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br> + <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font + size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br> + <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font + size="1px" color="#000000"> <? echo $pfsense_org_sig_chk_local; ?></font><br> + </p> + + </div> + </td> + </tr> + </table> + + <br> + + <!-- grey line --> + <table height="12px" width="725px" border="0" cellpadding="5px" + cellspacing="0"> + <tr> + <td style='background-color: #eeeeee'> + <div height="12px" width="725px" style='background-color: #eeeeee'> + </div> + </td> + </tr> + </table> + + <br> + + <table id="download_rules" height="32px" width="725px" border="0" + cellpadding="5px" cellspacing="0"> + <tr> + <td id="download_rules_td" style='background-color: #eeeeee'> + <div height="32" width="725px" style='background-color: #eeeeee'> + + <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br> + <br> + + <?php + + if ($error_stop == 'true') { + echo ' + + <button class="sexybutton disabled" disabled="disabled"><span class="download">Update Rules </span></button><br/> + <p style="text-align:left; margin-left:150px;"> + <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> No rule types have been selected for download. "Global Settings Tab"</font><br>'; + + if ($mfolder_chk == 'empty') { + + echo ' + <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font>' ."\n"; + } + + echo '</p>' . "\n"; + + }else{ + + echo ' + + <a href="/snort/snort_download_rules.php"><button class="sexybutton disabled"><span class="download">Update Rules </span></button></a><br/>' . "\n"; + + if ($mfolder_chk == 'empty') { + + echo ' + <p style="text-align:left; margin-left:150px;"> + <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font> + </p>'; + } + + } + + ?> <br> + + </div> + </td> + </tr> + </table> + + <br> + + <table id="download_rules" height="32px" width="725px" border="0" + cellpadding="5px" cellspacing="0"> + <tr> + <td id="download_rules_td" style='background-color: #eeeeee'> + <div height="32" width="725px" style='background-color: #eeeeee'> + + <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br> + <br> + + <?php + + if ($update_logfile_chk == 'yes') { + echo ' + <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; + }else{ + echo ' + <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; + } + + ?> <br> + <br> + + </div> + </td> + </tr> + </table> + + <br> + + <table height="12px" width="725px" border="0" cellpadding="5px" + cellspacing="0"> + <tr> + <td style='background-color: #eeeeee'> + <div height="12px" width="725px" style='background-color: #eeeeee'> + </div> + </td> + </tr> + </table> + + <br> + + <table id="download_rules" height="32px" width="725px" border="0" + cellpadding="5px" cellspacing="0"> + <tr> + <td id="download_rules_td" style='background-color: #eeeeee'> + <div height="32" width="725px" style='background-color: #eeeeee'> + + <img style='vertical-align: middle' + src="/snort/images/icon_excli.png" width="40" height="32"> <font + color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px' + color='#000000'> Snort.org and Emergingthreats.net + will go down from time to time. Please be patient.</font></div> + </td> + </tr> + </table> + + <br> + + <table height="12px" width="725px" border="0" cellpadding="5px" + cellspacing="0"> + <tr> + <td style='background-color: #eeeeee'> + <div height="12px" width="725px" style='background-color: #eeeeee'> + </div> + </td> + </tr> + </table> + + </td> + </tr> + </table> + </div> + + + + + + <br> + </td> + </tr> +</table> +<!-- end of final table --></div> + +<?php include("fend.inc"); ?> + +<?php echo "$snort_custom_rnd_box\n"; ?> + +</body> +</html> diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index a9d9f99b..c5fc59c1 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -1,448 +1,448 @@ -<?php
-/* $Id$ */
-/*
-
-originally part of m0n0wall (http://m0n0.ch/wall)
-Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
-Copyright (C) 2008-2009 Robert Zelaya.
-Copyright (C) 2011 Ermal Luci
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice,
-this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-*/
-
-$nocsrf = true;
-require_once("/usr/local/www/guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g;
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- $config['installedpackages']['snortglobal']['rule'] = array();
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-$id_gen = count($config['installedpackages']['snortglobal']['rule']);
-
-if (isset($_POST['del_x'])) {
- /* delete selected rules */
- if (is_array($_POST['rule'])) {
- conf_mount_rw();
- foreach ($_POST['rule'] as $rulei) {
-
- /* convert fake interfaces to real */
- $if_real = snort_get_real_interface($a_nat[$rulei]['interface']);
- $snort_uuid = $a_nat[$rulei]['uuid'];
-
- Running_Stop($snort_uuid,$if_real, $rulei);
-
- /* delete iface rule dirs */
- if (file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) {
- exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
- }
- if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}")) {
- exec("/bin/rm -r /var/log/snort/{$snort_uuid}_{$if_real}");
- }
- if (file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}")) {
- exec("/bin/rm -r /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}");
- }
-
- unset($a_nat[$rulei]);
- }
- conf_mount_ro();
-
- write_config();
- sleep(2);
-
- /* if there are no ifaces do not create snort.sh */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
- create_snort_sh();
- else {
- conf_mount_rw();
- exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
- conf_mount_ro();
- }
-
- sync_snort_package_config();
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: /snort/snort_interfaces.php");
- exit;
- }
-
-}
-
-
-/* start/stop snort */
-if ($_GET['act'] == 'toggle' && is_numeric($id)) {
-
- $if_real = snort_get_real_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
-
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'");
-
- sync_snort_package_config();
-
- $tester2 = Running_Ck($snort_uuid, $if_real, $id);
-
- if ($tester2 == 'yes') {
- Running_Stop($snort_uuid, $if_real, $id);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
-
- } else {
- Running_Start($snort_uuid, $if_real, $id);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- }
- sleep(4); // So the GUI reports correctly
- header("Location: /snort/snort_interfaces.php");
- exit;
-}
-
-
-$pgtitle = "Services: $snort_package_version";
-include_once("head.inc");
-
-?>
-<body link="#000000" vlink="#000000" alink="#000000">
-
-<?php
-echo "{$snort_general_css}\n";
-echo "$snort_interfaces_css\n";
-
-include_once("fbegin.inc");
-if ($pfsense_stable == 'yes')
- echo '<p class="pgtitle">' . $pgtitle . '</p>';
-?>
-
-<noscript>
-<div class="alert" ALIGN=CENTER><img
- src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
-enable JavaScript to view this content
-</CENTER></div>
-</noscript>
-
-<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php
- /* Display Alert message */
- if ($input_errors)
- print_input_errors($input_errors); // TODO: add checks
-
- if ($savemsg)
- print_info_box2($savemsg);
-
- //if (file_exists($d_snortconfdirty_path)) {
- if ($d_snortconfdirty_path_ls != '') {
- echo '<p>';
-
- if($savemsg)
- print_info_box_np2("{$savemsg}");
- else {
- print_info_box_np2('
- The Snort configuration has changed for one or more interfaces.<br>
- You must apply the changes in order for them to take effect.<br>
- ');
- }
- }
-?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
- display_top_tabs($tab_array);
-?>
-</td></tr>
-<tr>
- <td>
- <div id="mainarea2">
- <table class="tabcont" width="100%" border="0" cellpadding="0"
- cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="list"> </td>
- <td width="1%" class="list"> </td>
- <td width="10%" class="listhdrr">If</td>
- <td width="10%" class="listhdrr">Snort</td>
- <td width="10%" class="listhdrr">Performance</td>
- <td width="10%" class="listhdrr">Block</td>
- <td width="10%" class="listhdrr">Barnyard2</td>
- <td width="50%" class="listhdr">Description</td>
- <td width="3%" class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td width="17"></td>
- <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
- <tr valign="top" id="fr<?=$nnats;?>">
- <?php
-
- /* convert fake interfaces to real and check if iface is up */
- /* There has to be a smarter way to do this */
- $if_real = snort_get_real_interface($natent['interface']);
- $snort_uuid = $natent['uuid'];
-
- $tester2 = Running_Ck($snort_uuid, $if_real, $id);
-
- if ($tester2 == 'no') {
- $iconfn = 'pass';
- $class_color_up = 'listbg';
- }else{
- $class_color_up = 'listbg2';
- $iconfn = 'block';
- }
-
- ?>
- <td class="listt">
- <a href="?act=toggle&id=<?=$i;?>">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif"
- width="13" height="13" border="0"
- title="click to toggle start/stop snort"></a>
- <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
- <td class="listt" align="center"></td>
- <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)"
- id="frd<?=$nnats;?>"
- ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- echo snort_get_friendly_interface($natent['interface']);
- ?></td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
- id="frd<?=$nnats;?>"
- ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
- if ($check_snort_info == "on")
- {
- $check_snort = enabled;
- } else {
- $check_snort = disabled;
- }
- ?> <?=strtoupper($check_snort);?></td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
- id="frd<?=$nnats;?>"
- ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance'];
- if ($check_performance_info != "") {
- $check_performance = $check_performance_info;
- }else{
- $check_performance = "lowmem";
- }
- ?> <?=strtoupper($check_performance);?></td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
- id="frd<?=$nnats;?>"
- ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
- if ($check_blockoffenders_info == "on")
- {
- $check_blockoffenders = enabled;
- } else {
- $check_blockoffenders = disabled;
- }
- ?> <?=strtoupper($check_blockoffenders);?></td>
- <?php
-
- $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id);
-
- if ($color2_upb == 'yes') {
- $class_color_upb = 'listbg2';
- }else{
- $class_color_upb = 'listbg';
- }
-
- ?>
- <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)"
- id="frd<?=$nnats;?>"
- ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
- if ($check_snortbarnyardlog_info == "on")
- {
- $check_snortbarnyardlog = strtoupper(enabled);
- }else{
- $check_snortbarnyardlog = strtoupper(disabled);
- }
- ?> <?php echo "$check_snortbarnyardlog";?></td>
- <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)"
- ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>
- </td>
- <td valign="middle" class="list" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="edit rule"></a></td>
- </tr>
- </table>
-
- </tr>
- <?php $i++; $nnats++; endforeach; ?>
- <tr>
- <td class="list" colspan="8"></td>
- <td class="list" valign="middle" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><?php if ($nnats == 0): ?><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
- width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input
- name="del" type="image"
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" title="delete selected mappings"
- onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-
-<br>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <div id="mainarea4">
- <table class="tabcont" width="100%" border="0" cellpadding="0"
- cellspacing="0">
- <tr id="frheader">
- <td width="100%"><span class="red"><strong>Note:</strong></span> <br>
- This is the <strong>Snort Menu</strong> where you can see an over
- view of all your interface settings. <br>
- Please edit the <strong>Global Settings</strong> tab before adding
- an interface. <br>
- <br>
- <span class="red"><strong>Warning:</strong></span> <br>
- <strong>New settings will not take effect until interface restart.</strong>
- <br>
- <br>
- <strong>Click</strong> on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="Add Icon"> icon to add a
- interface.<strong> Click</strong>
- on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif"
- width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong>
- snort and barnyard2. <br>
- <strong>Click</strong> on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="Edit Icon"> icon to edit a
- interface and settings.<strong> Click</strong>
- on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
- width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong>
- snort and barnyard2. <br>
- <strong> Click</strong> on the <img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="Delete Icon"> icon to
- delete a interface and settings.</td>
- </tr>
- </table>
- </div>
-
- </tr>
- </td>
-</table>
-
- <?php
- if ($pkg['tabs'] <> "") {
- echo "</td></tr></table>";
- }
- ?></form>
-</div>
-
-<br>
-<br>
-<br>
-
-<style type="text/css">
-#footer2 {
- position: relative;
- background-color: transparent;
- background-image: url("./images/logo22.png");
- background-repeat: no-repeat;
- background-attachment: scroll;
- background-position: 0% 0%;
- top: 10px;
- left: 0px;
- width: 770px;
- height: 60px;
- color: #000000;
- text-align: center;
- font-size: 0.8em;
- padding-top: 40px;
- margin-bottom: -35px;
- clear: both;
-}
-</style>
-
-<div id="footer2">SNORT registered � by Sourcefire, Inc, Barnyard2
-registered � by securixlive.com, Orion registered � by Robert Zelaya,
-Emergingthreats registered � by emergingthreats.net, Mysql registered �
-by Mysql.com</div>
-<!-- Footer DIV -->
-
- <?php
-
- include("fend.inc");
-
- echo $snort_custom_rnd_box;
-
- ?>
-
-
-
-</body>
-</html>
+<?php +/* $Id$ */ +/* + +originally part of m0n0wall (http://m0n0.ch/wall) +Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. +Copyright (C) 2008-2009 Robert Zelaya. +Copyright (C) 2011 Ermal Luci +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. +*/ + +$nocsrf = true; +require_once("/usr/local/www/guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; +$id_gen = count($config['installedpackages']['snortglobal']['rule']); + +if (isset($_POST['del_x'])) { + /* delete selected rules */ + if (is_array($_POST['rule'])) { + conf_mount_rw(); + foreach ($_POST['rule'] as $rulei) { + + /* convert fake interfaces to real */ + $if_real = snort_get_real_interface($a_nat[$rulei]['interface']); + $snort_uuid = $a_nat[$rulei]['uuid']; + + Running_Stop($snort_uuid,$if_real, $rulei); + + /* delete iface rule dirs */ + if (file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) { + exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + } + if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}")) { + exec("/bin/rm -r /var/log/snort/{$snort_uuid}_{$if_real}"); + } + if (file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}")) { + exec("/bin/rm -r /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}"); + } + + unset($a_nat[$rulei]); + } + conf_mount_ro(); + + write_config(); + sleep(2); + + /* if there are no ifaces do not create snort.sh */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) + create_snort_sh(); + else { + conf_mount_rw(); + exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); + conf_mount_ro(); + } + + sync_snort_package_config(); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_interfaces.php"); + exit; + } + +} + + +/* start/stop snort */ +if ($_GET['act'] == 'toggle' && is_numeric($id)) { + + $if_real = snort_get_real_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); + + sync_snort_package_config(); + + $tester2 = Running_Ck($snort_uuid, $if_real, $id); + + if ($tester2 == 'yes') { + Running_Stop($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + + } else { + Running_Start($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + } + sleep(4); // So the GUI reports correctly + header("Location: /snort/snort_interfaces.php"); + exit; +} + + +$pgtitle = "Services: $snort_package_version"; +include_once("head.inc"); + +?> +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +echo "{$snort_general_css}\n"; +echo "$snort_interfaces_css\n"; + +include_once("fbegin.inc"); +if ($pfsense_stable == 'yes') + echo '<p class="pgtitle">' . $pgtitle . '</p>'; +?> + +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> + +<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<?php + /* Display Alert message */ + if ($input_errors) + print_input_errors($input_errors); // TODO: add checks + + if ($savemsg) + print_info_box2($savemsg); + + //if (file_exists($d_snortconfdirty_path)) { + if ($d_snortconfdirty_path_ls != '') { + echo '<p>'; + + if($savemsg) + print_info_box_np2("{$savemsg}"); + else { + print_info_box_np2(' + The Snort configuration has changed for one or more interfaces.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea2"> + <table class="tabcont" width="100%" border="0" cellpadding="0" + cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="list"> </td> + <td width="1%" class="list"> </td> + <td width="10%" class="listhdrr">If</td> + <td width="10%" class="listhdrr">Snort</td> + <td width="10%" class="listhdrr">Performance</td> + <td width="10%" class="listhdrr">Block</td> + <td width="10%" class="listhdrr">Barnyard2</td> + <td width="50%" class="listhdr">Description</td> + <td width="3%" class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17"></td> + <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> + <tr valign="top" id="fr<?=$nnats;?>"> + <?php + + /* convert fake interfaces to real and check if iface is up */ + /* There has to be a smarter way to do this */ + $if_real = snort_get_real_interface($natent['interface']); + $snort_uuid = $natent['uuid']; + + $tester2 = Running_Ck($snort_uuid, $if_real, $id); + + if ($tester2 == 'no') { + $iconfn = 'pass'; + $class_color_up = 'listbg'; + }else{ + $class_color_up = 'listbg2'; + $iconfn = 'block'; + } + + ?> + <td class="listt"> + <a href="?act=toggle&id=<?=$i;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" + width="13" height="13" border="0" + title="click to toggle start/stop snort"></a> + <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td> + <td class="listt" align="center"></td> + <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" + id="frd<?=$nnats;?>" + ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + echo snort_get_friendly_interface($natent['interface']); + ?></td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" + id="frd<?=$nnats;?>" + ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable']; + if ($check_snort_info == "on") + { + $check_snort = enabled; + } else { + $check_snort = disabled; + } + ?> <?=strtoupper($check_snort);?></td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" + id="frd<?=$nnats;?>" + ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance']; + if ($check_performance_info != "") { + $check_performance = $check_performance_info; + }else{ + $check_performance = "lowmem"; + } + ?> <?=strtoupper($check_performance);?></td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" + id="frd<?=$nnats;?>" + ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7']; + if ($check_blockoffenders_info == "on") + { + $check_blockoffenders = enabled; + } else { + $check_blockoffenders = disabled; + } + ?> <?=strtoupper($check_blockoffenders);?></td> + <?php + + $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id); + + if ($color2_upb == 'yes') { + $class_color_upb = 'listbg2'; + }else{ + $class_color_upb = 'listbg'; + } + + ?> + <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)" + id="frd<?=$nnats;?>" + ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable']; + if ($check_snortbarnyardlog_info == "on") + { + $check_snortbarnyardlog = strtoupper(enabled); + }else{ + $check_snortbarnyardlog = strtoupper(disabled); + } + ?> <?php echo "$check_snortbarnyardlog";?></td> + <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" + ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?> + </td> + <td valign="middle" class="list" nowrap> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="edit rule"></a></td> + </tr> + </table> + + </tr> + <?php $i++; $nnats++; endforeach; ?> + <tr> + <td class="list" colspan="8"></td> + <td class="list" valign="middle" nowrap> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><?php if ($nnats == 0): ?><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" + width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input + name="del" type="image" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" title="delete selected mappings" + onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> + +<br> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <div id="mainarea4"> + <table class="tabcont" width="100%" border="0" cellpadding="0" + cellspacing="0"> + <tr id="frheader"> + <td width="100%"><span class="red"><strong>Note:</strong></span> <br> + This is the <strong>Snort Menu</strong> where you can see an over + view of all your interface settings. <br> + Please edit the <strong>Global Settings</strong> tab before adding + an interface. <br> + <br> + <span class="red"><strong>Warning:</strong></span> <br> + <strong>New settings will not take effect until interface restart.</strong> + <br> + <br> + <strong>Click</strong> on the <img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="Add Icon"> icon to add a + interface.<strong> Click</strong> + on the <img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" + width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> + snort and barnyard2. <br> + <strong>Click</strong> on the <img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="Edit Icon"> icon to edit a + interface and settings.<strong> Click</strong> + on the <img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" + width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> + snort and barnyard2. <br> + <strong> Click</strong> on the <img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" border="0" title="Delete Icon"> icon to + delete a interface and settings.</td> + </tr> + </table> + </div> + + </tr> + </td> +</table> + + <?php + if ($pkg['tabs'] <> "") { + echo "</td></tr></table>"; + } + ?></form> +</div> + +<br> +<br> +<br> + +<style type="text/css"> +#footer2 { + position: relative; + background-color: transparent; + background-image: url("./images/logo22.png"); + background-repeat: no-repeat; + background-attachment: scroll; + background-position: 0% 0%; + top: 10px; + left: 0px; + width: 770px; + height: 60px; + color: #000000; + text-align: center; + font-size: 0.8em; + padding-top: 40px; + margin-bottom: -35px; + clear: both; +} +</style> + +<div id="footer2">SNORT registered � by Sourcefire, Inc, Barnyard2 +registered � by securixlive.com, Orion registered � by Robert Zelaya, +Emergingthreats registered � by emergingthreats.net, Mysql registered � +by Mysql.com</div> +<!-- Footer DIV --> + + <?php + + include("fend.inc"); + + echo $snort_custom_rnd_box; + + ?> + + + +</body> +</html> diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 01eed2e7..cdf23825 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -1,755 +1,755 @@ -<?php
-/*
- snort_interfaces_edit.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("/usr/local/www/guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g;
-
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- $config['installedpackages']['snortglobal']['rule'] = array();
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
-}
-
-if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
-}
-
-
-/* always have a limit of (65535) numbers only or snort will not start do to id limits */
-/* TODO: When inline gets added make the uuid the port number lisstening */
-$pconfig = array();
-
-/* gen uuid for each iface !inportant */
-if (empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) {
- //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
- $snort_uuid = 0;
- while ($snort_uuid > 65535 || $snort_uuid == 0) {
- $snort_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $snort_uuid;
- }
-} else {
- $snort_uuid = $a_nat[$id]['uuid'];
- $pconfig['uuid'] = $snort_uuid;
-}
-
-if (isset($id) && $a_nat[$id]) {
-
- /* old options */
- $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
- $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
- $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
- $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
- $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
- $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
- $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
- $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
- $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
- $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
- $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
- $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
- $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
- $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
- $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
- $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
- $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
- $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
- $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
- $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
- $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
- $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
- $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
- $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
- $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
- $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
- $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
- $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
- $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
- $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
- $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
- $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
- $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
- $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
- $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
- $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
- $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
- $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers'];
- $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
- $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
- $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
- $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
- $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
- $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
- $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
- $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
- $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
- $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
- $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
- $pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['descr'] = $a_nat[$id]['descr'];
- $pconfig['performance'] = $a_nat[$id]['performance'];
- $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
- $pconfig['blockoffenderskill'] = $a_nat[$id]['blockoffenderskill'];
- $pconfig['blockoffendersip'] = $a_nat[$id]['blockoffendersip'];
- $pconfig['whitelistname'] = $a_nat[$id]['whitelistname'];
- $pconfig['homelistname'] = $a_nat[$id]['homelistname'];
- $pconfig['externallistname'] = $a_nat[$id]['externallistname'];
- $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname'];
- $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype'];
- $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
- $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
- $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
- $pconfig['snortalertcvs'] = $a_nat[$id]['snortalertcvs'];
- $pconfig['snortunifiedlogbasic'] = $a_nat[$id]['snortunifiedlogbasic'];
- $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']);
- $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru'];
- $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
- $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
- $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
-
-
- if (!$pconfig['interface'])
- $pconfig['interface'] = "wan";
- } else
- $pconfig['interface'] = "wan";
-
-/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
-
-if (isset($_GET['dup']))
- unset($id);
-
- /* alert file */
- $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-
- if ($_POST["Submit"]) {
-
- if ($_POST['descr'] == '' && $pconfig['descr'] == '') {
- $input_errors[] = "Please enter a description for your reference.";
- }
-
- if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
-
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
-
- $result_lan = $value['interface'];
- $if_real = snort_get_real_interface($result_lan);
-
- if ($_POST['interface'] == $result_lan)
- $input_errors[] = "Interface $result_lan is in use. Please select another interface.";
- }
- }
-
- /* XXX: Void code
- * check for overlaps
- foreach ($a_nat as $natent) {
- if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
- continue;
- if ($natent['interface'] != $_POST['interface'])
- continue;
- }
- */
-
- /* if no errors write to conf */
- if (!$input_errors) {
- $natent = array();
-
- /* write to conf for 1st time or rewrite the answer */
- if ($_POST['interface'])
- $natent['interface'] = $_POST['interface'];
-
- /* if post write to conf or rewite the answer */
- $natent['enable'] = $_POST['enable'] ? 'on' : 'off';
- $natent['uuid'] = $pconfig['uuid'];
- $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr'];
- $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance'];
- /* if post = on use on off or rewrite the conf */
- if ($_POST['blockoffenders7'] == "on")
- $natent['blockoffenders7'] = 'on';
- else
- $natent['blockoffenders7'] = 'off';
- if ($_POST['blockoffenderskill'] == "on")
- $natent['blockoffenderskill'] = 'on';
- if ($_POST['blockoffendersip'])
- $natent['blockoffendersip'] = $_POST['blockoffendersip'];
-
- $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname'];
- $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname'];
- $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname'];
- $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname'];
- $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype'];
- if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
- if ($_POST['enable']) { $natent['enable'] = 'on'; } else unset($natent['enable']);
- if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; }
- if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; }
- if ($_POST['snortalertcvs'] == "on") { $natent['snortalertcvs'] = 'on'; }else{ $natent['snortalertcvs'] = 'off'; }
- if ($_POST['snortunifiedlogbasic'] == "on") { $natent['snortunifiedlogbasic'] = 'on'; }else{ $natent['snortunifiedlogbasic'] = 'off'; }
- $natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru'];
- /* if optiion = 0 then the old descr way will not work */
-
- /* rewrite the options that are not in post */
- /* make shure values are set befor repost or conf.xml will be broken */
- if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
- if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
- if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
- if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
- if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
- if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
- if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
- if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
- if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
- if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
- if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
- if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
- if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
- if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
- if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
- if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
- if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
- if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
- if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
- if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
- if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
- if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
- if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
- if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
- if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
- if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
- if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
- if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
- if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
- if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
- if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
- if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
- if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
- if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
- if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
- if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
- if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
- if ($pconfig['def_sip_servers'] != "") { $natent['def_sip_servers'] = $pconfig['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; }
- if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
- if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
- if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
- if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
- if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
- if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
- if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
- if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
- if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
- if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
- if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
- if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
- if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
- if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
- if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
-
-
- $if_real = snort_get_real_interface($natent['interface']);
-
- if (isset($id) && $a_nat[$id]) {
- if ($natent['interface'] != $a_nat[$id]['interface'])
- Running_Stop($snort_uuid, $if_real, $id);
- $a_nat[$id] = $natent;
- } else {
- if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
- else
- $a_nat[] = $natent;
- }
-
- write_config();
-
- sync_snort_package_config();
- sleep(1);
-
- /* if snort.sh crashed this will remove the pid */
- exec('/bin/rm /tmp/snort.sh.pid');
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: /snort/snort_interfaces.php");
-
- exit;
- }
- }
-
- if ($_POST["Submit2"]) {
-
- sync_snort_package_config();
- sleep(1);
-
- Running_Start($snort_uuid, $if_real, $id);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: /snort/snort_interfaces_edit.php?id=$id");
- exit;
- }
-
-$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
-include_once("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php
- include("fbegin.inc");
- echo "{$snort_general_css}\n";
-?>
-
-<noscript>
-<div class="alert" ALIGN=CENTER><img
- src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
-enable JavaScript to view this content</strong></div>
-</noscript>
-<script language="JavaScript">
-<!--
-
-function enable_blockoffenders() {
- var endis = !(document.iform.blockoffenders7.checked);
- document.iform.blockoffenderskill.disabled=endis;
- document.iform.blockoffendersip.disabled=endis;
-}
-
-function enable_change(enable_change) {
- endis = !(document.iform.enable.checked || enable_change);
- // make shure a default answer is called if this is envoked.
- endis2 = (document.iform.enable);
- document.iform.performance.disabled = endis;
- document.iform.blockoffenders7.disabled = endis;
- document.iform.alertsystemlog.disabled = endis;
- document.iform.externallistname.disabled = endis;
- document.iform.homelistname.disabled = endis;
- document.iform.suppresslistname.disabled = endis;
- document.iform.tcpdumplog.disabled = endis;
- document.iform.snortunifiedlog.disabled = endis;
- document.iform.snortalertcvs.disabled = endis;
- document.iform.snortunifiedlogbasic.disabled = endis;
- document.iform.configpassthru.disabled = endis;
-}
-//-->
-</script>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box2($savemsg);
- }
-
- //if (file_exists($d_snortconfdirty_path)) {
- if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
- echo '<p>';
-
- if($savemsg)
- print_info_box_np2("{$savemsg}");
- else {
- print_info_box_np2('
- The Snort configuration has changed and snort needs to be restarted on this interface.<br>
- You must apply the changes in order for them to take effect.<br>
- ');
- }
- }
-?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tabid = 0;
- $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tabid++;
- $tab_array[$tabid] = array(gettext("If Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
-?>
-</td></tr>
- <tr>
- <td class="tabnavtbl">
- <?php
- if ($a_nat[$id]['interface'] != '') {
- /* get the interface name */
- $snortInterfaces = array(); /* -gtm */
-
- $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_array = split(',', $if_list);
- if($if_array) {
- foreach($if_array as $iface2) {
- /* build a list of user specified interfaces -gtm */
- $if2 = snort_get_real_interface($iface2);
- if ($if2)
- array_push($snortInterfaces, $if2);
- }
-
- if (count($snortInterfaces) < 1)
- log_error("Snort will not start. You must select an interface for it to listen on.");
- }
-
- }
- ?>
- </td>
- </tr>
- <tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic">General Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq2">Enable</td>
- <td width="22%" valign="top" class="vtable"> <?php
- // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
- // care with spaces
- if ($pconfig['enable'] == "on")
- $checked = checked;
-
- $onclick_enable = "onClick=\"enable_change(false)\">";
-
- echo "
- <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable
- Enable or Disable</td>\n\n";
- ?></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq2">Interface</td>
- <td width="78%" class="vtable">
- <select name="interface" class="formfld">
- <?php
- if (function_exists('get_configured_interface_with_descr'))
- $interfaces = get_configured_interface_with_descr();
- else {
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
- }
- }
- foreach ($interfaces as $iface => $ifacename): ?>
- <option value="<?=$iface;?>"
- <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?>
- </option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Choose which interface this rule applies to.<br>
- Hint: in most cases, you'll want to use WAN here.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq2">Description</td>
- <td width="78%" class="vtable"><input name="descr" type="text"
- class="formfld" id="descr" size="40"
- value="<?=htmlspecialchars($pconfig['descr']);?>"> <br>
- <span class="vexpl">You may enter a description here for your
- reference (not parsed).</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Memory Performance</td>
- <td width="78%" class="vtable"><select name="performance"
- class="formfld" id="performance">
- <?php
- $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS');
- foreach ($interfaces2 as $iface2 => $ifacename2): ?>
- <option value="<?=$iface2;?>"
- <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename2);?></option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Lowmem and ac-bnfa are recommended for low end
- systems, Ac: high memory, best performance, ac-std: moderate
- memory,high performance, acs: small memory, moderateperformance,
- ac-banded: small memory,moderate performance, ac-sparsebands: small
- memory, high performance.<br>
- </span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Choose the networks
- snort should inspect and whitelist.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Home net</td>
- <td width="78%" class="vtable"><select name="homelistname"
- class="formfld" id="homelistname">
- <?php
- echo "<option value='default' >default</option>";
- /* find whitelist names and filter by type */
- if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
- foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
- if ($value['snortlisttype'] == 'netlist') {
- $ilistname = $value['name'];
- if ($ilistname == $pconfig['homelistname'])
- echo "<option value='$ilistname' selected>";
- else
- echo "<option value='$ilistname'>";
- echo htmlspecialchars($ilistname) . '</option>';
- }
- }
- }
- ?>
- </select><br>
- <span class="vexpl">Choose the home net you will like this rule to
- use. </span> <br/><span class="red">Note:</span> Default home
- net adds only local networks.<br>
- <span class="red">Hint:</span> Most users add a list of
- friendly ips that the firewall cant see.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">External net</td>
- <td width="78%" class="vtable"><select name="externallistname"
- class="formfld" id="externallistname">
- <?php
- echo "<option value='default' >default</option>";
- /* find whitelist names and filter by type */
- if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
- foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
- if ($value['snortlisttype'] == 'netlist') {
- $ilistname = $value['name'];
- if ($ilistname == $pconfig['externallistname'])
- echo "<option value='$ilistname' selected>";
- else
- echo "<option value='$ilistname'>";
- echo htmlspecialchars($ilistname) . '</option>';
- }
- }
- }
- ?>
- </select><br/>
- <span class="vexpl">Choose the external net you will like this rule
- to use. </span> <br/><span class="red">Note:</span> Default
- external net, networks that are not home net.<br>
- <span class="red">Hint:</span> Most users should leave this
- setting at default.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Block offenders</td>
- <td width="78%" class="vtable">
- <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on"
- <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?>
- onClick="enable_blockoffenders()"><br>
- Checking this option will automatically block hosts that generate a
- Snort alert.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Kill states</td>
- <td width="78%" class="vtable">
- <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>>
- <br/>Should firewall states be killed for the blocked ip
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Which ip to block</td>
- <td width="78%" class="vtable">
- <select name="blockoffendersip" class="formfld" id="blockoffendersip">
- <?php
- foreach (array("src", "dst", "both") as $btype) {
- if ($btype == $pconfig['blockoffendersip'])
- echo "<option value='{$btype}' selected>";
- else
- echo "<option value='{$btype}'>";
- echo htmlspecialchars($btype) . '</option>';
- }
- ?>
- </select>
- <br/> Which ip extracted from the packet you want to block
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Whitelist</td>
- <td width="78%" class="vtable">
- <select name="whitelistname" class="formfld" id="whitelistname">
- <?php
- /* find whitelist names and filter by type, make sure to track by uuid */
- echo "<option value='default' >default</option>\n";
- if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
- foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
- if ($value['snortlisttype'] == 'whitelist') {
- if ($value['name'] == $pconfig['whitelistname'])
- echo "<option value='{$value['name']}' selected>";
- else
- echo "<option value='{$value['name']}'>";
- echo htmlspecialchars($value['name']) . '</option>';
- }
- }
- }
- ?>
- </select><br>
- <span class="vexpl">Choose the whitelist you will like this rule to
- use. </span> <br/><span class="red">Note:</span> Default
- whitelist adds only local networks.<br/>
- <span class="red">Note:</span> This option will only be used when block offenders is on.
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Suppression and
- filtering</td>
- <td width="78%" class="vtable">
- <select name="suppresslistname" class="formfld" id="suppresslistname">
- <?php
- echo "<option value='default' >default</option>\n";
- if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
- $slist_select = $config['installedpackages']['snortglobal']['suppress']['item'];
- foreach ($slist_select as $value) {
- $ilistname = $value['name'];
- if ($ilistname == $pconfig['suppresslistname'])
- echo "<option value='$ilistname' selected>";
- else
- echo "<option value='$ilistname'>";
- echo htmlspecialchars($ilistname) . '</option>';
- }
- }
- ?>
- </select><br>
- <span class="vexpl">Choose the suppression or filtering file you
- will like this rule to use. </span> <br/><span class="red">Note:</span> Default
- option disables suppression and filtering.</td>
- </tr>
-
- <tr>
- <td colspan="2" valign="top" class="listtopic">Choose the types of
- logs snort should create.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Send alerts to main
- System logs</td>
- <td width="78%" class="vtable"><input name="alertsystemlog"
- type="checkbox" value="on"
- <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- Snort will send Alerts to the firewall's system logs.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td>
- <td width="78%" class="vtable"><input name="tcpdumplog"
- type="checkbox" value="on"
- <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- Snort will log packets to a tcpdump-formatted file. The file then
- can be analyzed by an application such as Wireshark which
- understands pcap file formats. <span class="red"><strong>WARNING:</strong></span>
- File may become large.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Log Alerts to a snort unified file</td>
- <td width="78%" class="vtable">
- <input name="snortunifiedlogbasic" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlogbasic'] == "on") echo "checked"; ?> onClick="enable_change(false)">
- <br>
- Snort will log Alerts to a file in the UNIFIED format.
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Log Alerts to a snort
- unified2 file</td>
- <td width="78%" class="vtable"><input name="snortunifiedlog"
- type="checkbox" value="on"
- <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- Snort will log Alerts to a file in the UNIFIED2 format. This is a
- requirement for barnyard2.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Log Alerts to a snort cvs file</td>
- <td width="78%" class="vtable">
- <input name="snortalertcvs" type="checkbox" value="on" <?php if ($pconfig['snortalertcvs'] == "on") echo "checked"; ?> onClick="enable_change(false)">
- <br>
- Snort will log Alerts to a file in the CVS format.
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Arguments here will
- be automatically inserted into the snort configuration.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Advanced configuration
- pass through</td>
- <td width="78%" class="vtable"><textarea wrap="off"
- name="configpassthru" cols="75" rows="12" id="configpassthru"
- class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top"></td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save">
- <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
- <?php endif; ?></td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <br>
- Please save your settings before you click start. </td>
- </tr>
- </table>
-
-</table>
-</form>
-
-<script language="JavaScript">
-<!--
-enable_change(false);
-enable_blockoffenders();
-//-->
-</script>
-
-<?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* + snort_interfaces_edit.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + Copyright (C) 2011 Ermal Luci + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("/usr/local/www/guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; +} + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + + +/* always have a limit of (65535) numbers only or snort will not start do to id limits */ +/* TODO: When inline gets added make the uuid the port number lisstening */ +$pconfig = array(); + +/* gen uuid for each iface !inportant */ +if (empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); + $snort_uuid = 0; + while ($snort_uuid > 65535 || $snort_uuid == 0) { + $snort_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $snort_uuid; + } +} else { + $snort_uuid = $a_nat[$id]['uuid']; + $pconfig['uuid'] = $snort_uuid; +} + +if (isset($id) && $a_nat[$id]) { + + /* old options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; + $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers']; + $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; + $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['blockoffenderskill'] = $a_nat[$id]['blockoffenderskill']; + $pconfig['blockoffendersip'] = $a_nat[$id]['blockoffendersip']; + $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; + $pconfig['homelistname'] = $a_nat[$id]['homelistname']; + $pconfig['externallistname'] = $a_nat[$id]['externallistname']; + $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname']; + $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['snortalertcvs'] = $a_nat[$id]['snortalertcvs']; + $pconfig['snortunifiedlogbasic'] = $a_nat[$id]['snortunifiedlogbasic']; + $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']); + $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; + $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; + + + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; + } else + $pconfig['interface'] = "wan"; + +/* convert fake interfaces to real */ +$if_real = snort_get_real_interface($pconfig['interface']); + +if (isset($_GET['dup'])) + unset($id); + + /* alert file */ + $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + + if ($_POST["Submit"]) { + + if ($_POST['descr'] == '' && $pconfig['descr'] == '') { + $input_errors[] = "Please enter a description for your reference."; + } + + if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { + + $result_lan = $value['interface']; + $if_real = snort_get_real_interface($result_lan); + + if ($_POST['interface'] == $result_lan) + $input_errors[] = "Interface $result_lan is in use. Please select another interface."; + } + } + + /* XXX: Void code + * check for overlaps + foreach ($a_nat as $natent) { + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + continue; + if ($natent['interface'] != $_POST['interface']) + continue; + } + */ + + /* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + + /* write to conf for 1st time or rewrite the answer */ + if ($_POST['interface']) + $natent['interface'] = $_POST['interface']; + + /* if post write to conf or rewite the answer */ + $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; + $natent['uuid'] = $pconfig['uuid']; + $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; + $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; + /* if post = on use on off or rewrite the conf */ + if ($_POST['blockoffenders7'] == "on") + $natent['blockoffenders7'] = 'on'; + else + $natent['blockoffenders7'] = 'off'; + if ($_POST['blockoffenderskill'] == "on") + $natent['blockoffenderskill'] = 'on'; + if ($_POST['blockoffendersip']) + $natent['blockoffendersip'] = $_POST['blockoffendersip']; + + $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname']; + $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname']; + $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; + $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname']; + $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; + if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['enable']) { $natent['enable'] = 'on'; } else unset($natent['enable']); + if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; } + if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; } + if ($_POST['snortalertcvs'] == "on") { $natent['snortalertcvs'] = 'on'; }else{ $natent['snortalertcvs'] = 'off'; } + if ($_POST['snortunifiedlogbasic'] == "on") { $natent['snortunifiedlogbasic'] = 'on'; }else{ $natent['snortunifiedlogbasic'] = 'off'; } + $natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; + /* if optiion = 0 then the old descr way will not work */ + + /* rewrite the options that are not in post */ + /* make shure values are set befor repost or conf.xml will be broken */ + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } + if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_servers'] != "") { $natent['def_sip_servers'] = $pconfig['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; } + if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } + if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + + + $if_real = snort_get_real_interface($natent['interface']); + + if (isset($id) && $a_nat[$id]) { + if ($natent['interface'] != $a_nat[$id]['interface']) + Running_Stop($snort_uuid, $if_real, $id); + $a_nat[$id] = $natent; + } else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + sync_snort_package_config(); + sleep(1); + + /* if snort.sh crashed this will remove the pid */ + exec('/bin/rm /tmp/snort.sh.pid'); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_interfaces.php"); + + exit; + } + } + + if ($_POST["Submit2"]) { + + sync_snort_package_config(); + sleep(1); + + Running_Start($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_interfaces_edit.php?id=$id"); + exit; + } + +$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; +include_once("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php + include("fbegin.inc"); + echo "{$snort_general_css}\n"; +?> + +<noscript> +<div class="alert" ALIGN=CENTER><img + src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content</strong></div> +</noscript> +<script language="JavaScript"> +<!-- + +function enable_blockoffenders() { + var endis = !(document.iform.blockoffenders7.checked); + document.iform.blockoffenderskill.disabled=endis; + document.iform.blockoffendersip.disabled=endis; +} + +function enable_change(enable_change) { + endis = !(document.iform.enable.checked || enable_change); + // make shure a default answer is called if this is envoked. + endis2 = (document.iform.enable); + document.iform.performance.disabled = endis; + document.iform.blockoffenders7.disabled = endis; + document.iform.alertsystemlog.disabled = endis; + document.iform.externallistname.disabled = endis; + document.iform.homelistname.disabled = endis; + document.iform.suppresslistname.disabled = endis; + document.iform.tcpdumplog.disabled = endis; + document.iform.snortunifiedlog.disabled = endis; + document.iform.snortalertcvs.disabled = endis; + document.iform.snortunifiedlogbasic.disabled = endis; + document.iform.configpassthru.disabled = endis; +} +//--> +</script> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<?php + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + //if (file_exists($d_snortconfdirty_path)) { + if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + echo '<p>'; + + if($savemsg) + print_info_box_np2("{$savemsg}"); + else { + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> + <tr> + <td class="tabnavtbl"> + <?php + if ($a_nat[$id]['interface'] != '') { + /* get the interface name */ + $snortInterfaces = array(); /* -gtm */ + + $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_array = split(',', $if_list); + if($if_array) { + foreach($if_array as $iface2) { + /* build a list of user specified interfaces -gtm */ + $if2 = snort_get_real_interface($iface2); + if ($if2) + array_push($snortInterfaces, $if2); + } + + if (count($snortInterfaces) < 1) + log_error("Snort will not start. You must select an interface for it to listen on."); + } + + } + ?> + </td> + </tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">General Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq2">Enable</td> + <td width="22%" valign="top" class="vtable"> <?php + // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> + // care with spaces + if ($pconfig['enable'] == "on") + $checked = checked; + + $onclick_enable = "onClick=\"enable_change(false)\">"; + + echo " + <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable + Enable or Disable</td>\n\n"; + ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq2">Interface</td> + <td width="78%" class="vtable"> + <select name="interface" class="formfld"> + <?php + if (function_exists('get_configured_interface_with_descr')) + $interfaces = get_configured_interface_with_descr(); + else { + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" + <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose which interface this rule applies to.<br> + Hint: in most cases, you'll want to use WAN here.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq2">Description</td> + <td width="78%" class="vtable"><input name="descr" type="text" + class="formfld" id="descr" size="40" + value="<?=htmlspecialchars($pconfig['descr']);?>"> <br> + <span class="vexpl">You may enter a description here for your + reference (not parsed).</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Memory Performance</td> + <td width="78%" class="vtable"><select name="performance" + class="formfld" id="performance"> + <?php + $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); + foreach ($interfaces2 as $iface2 => $ifacename2): ?> + <option value="<?=$iface2;?>" + <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename2);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Lowmem and ac-bnfa are recommended for low end + systems, Ac: high memory, best performance, ac-std: moderate + memory,high performance, acs: small memory, moderateperformance, + ac-banded: small memory,moderate performance, ac-sparsebands: small + memory, high performance.<br> + </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Choose the networks + snort should inspect and whitelist.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Home net</td> + <td width="78%" class="vtable"><select name="homelistname" + class="formfld" id="homelistname"> + <?php + echo "<option value='default' >default</option>"; + /* find whitelist names and filter by type */ + if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { + foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { + if ($value['snortlisttype'] == 'netlist') { + $ilistname = $value['name']; + if ($ilistname == $pconfig['homelistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; + } + } + } + ?> + </select><br> + <span class="vexpl">Choose the home net you will like this rule to + use. </span> <br/><span class="red">Note:</span> Default home + net adds only local networks.<br> + <span class="red">Hint:</span> Most users add a list of + friendly ips that the firewall cant see.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">External net</td> + <td width="78%" class="vtable"><select name="externallistname" + class="formfld" id="externallistname"> + <?php + echo "<option value='default' >default</option>"; + /* find whitelist names and filter by type */ + if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { + foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { + if ($value['snortlisttype'] == 'netlist') { + $ilistname = $value['name']; + if ($ilistname == $pconfig['externallistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; + } + } + } + ?> + </select><br/> + <span class="vexpl">Choose the external net you will like this rule + to use. </span> <br/><span class="red">Note:</span> Default + external net, networks that are not home net.<br> + <span class="red">Hint:</span> Most users should leave this + setting at default.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Block offenders</td> + <td width="78%" class="vtable"> + <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on" + <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> + onClick="enable_blockoffenders()"><br> + Checking this option will automatically block hosts that generate a + Snort alert.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Kill states</td> + <td width="78%" class="vtable"> + <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>> + <br/>Should firewall states be killed for the blocked ip + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Which ip to block</td> + <td width="78%" class="vtable"> + <select name="blockoffendersip" class="formfld" id="blockoffendersip"> + <?php + foreach (array("src", "dst", "both") as $btype) { + if ($btype == $pconfig['blockoffendersip']) + echo "<option value='{$btype}' selected>"; + else + echo "<option value='{$btype}'>"; + echo htmlspecialchars($btype) . '</option>'; + } + ?> + </select> + <br/> Which ip extracted from the packet you want to block + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Whitelist</td> + <td width="78%" class="vtable"> + <select name="whitelistname" class="formfld" id="whitelistname"> + <?php + /* find whitelist names and filter by type, make sure to track by uuid */ + echo "<option value='default' >default</option>\n"; + if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { + foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { + if ($value['snortlisttype'] == 'whitelist') { + if ($value['name'] == $pconfig['whitelistname']) + echo "<option value='{$value['name']}' selected>"; + else + echo "<option value='{$value['name']}'>"; + echo htmlspecialchars($value['name']) . '</option>'; + } + } + } + ?> + </select><br> + <span class="vexpl">Choose the whitelist you will like this rule to + use. </span> <br/><span class="red">Note:</span> Default + whitelist adds only local networks.<br/> + <span class="red">Note:</span> This option will only be used when block offenders is on. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Suppression and + filtering</td> + <td width="78%" class="vtable"> + <select name="suppresslistname" class="formfld" id="suppresslistname"> + <?php + echo "<option value='default' >default</option>\n"; + if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { + $slist_select = $config['installedpackages']['snortglobal']['suppress']['item']; + foreach ($slist_select as $value) { + $ilistname = $value['name']; + if ($ilistname == $pconfig['suppresslistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; + } + } + ?> + </select><br> + <span class="vexpl">Choose the suppression or filtering file you + will like this rule to use. </span> <br/><span class="red">Note:</span> Default + option disables suppression and filtering.</td> + </tr> + + <tr> + <td colspan="2" valign="top" class="listtopic">Choose the types of + logs snort should create.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Send alerts to main + System logs</td> + <td width="78%" class="vtable"><input name="alertsystemlog" + type="checkbox" value="on" + <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Snort will send Alerts to the firewall's system logs.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td> + <td width="78%" class="vtable"><input name="tcpdumplog" + type="checkbox" value="on" + <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Snort will log packets to a tcpdump-formatted file. The file then + can be analyzed by an application such as Wireshark which + understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> + File may become large.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Log Alerts to a snort unified file</td> + <td width="78%" class="vtable"> + <input name="snortunifiedlogbasic" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlogbasic'] == "on") echo "checked"; ?> onClick="enable_change(false)"> + <br> + Snort will log Alerts to a file in the UNIFIED format. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Log Alerts to a snort + unified2 file</td> + <td width="78%" class="vtable"><input name="snortunifiedlog" + type="checkbox" value="on" + <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Snort will log Alerts to a file in the UNIFIED2 format. This is a + requirement for barnyard2.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Log Alerts to a snort cvs file</td> + <td width="78%" class="vtable"> + <input name="snortalertcvs" type="checkbox" value="on" <?php if ($pconfig['snortalertcvs'] == "on") echo "checked"; ?> onClick="enable_change(false)"> + <br> + Snort will log Alerts to a file in the CVS format. + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Arguments here will + be automatically inserted into the snort configuration.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Advanced configuration + pass through</td> + <td width="78%" class="vtable"><textarea wrap="off" + name="configpassthru" cols="75" rows="12" id="configpassthru" + class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> + </td> + </tr> + <tr> + <td width="22%" valign="top"></td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click start. </td> + </tr> + </table> + +</table> +</form> + +<script language="JavaScript"> +<!-- +enable_change(false); +enable_blockoffenders(); +//--> +</script> + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php index 1ad9016a..a267f561 100644 --- a/config/snort-dev/snort_interfaces_global.php +++ b/config/snort-dev/snort_interfaces_global.php @@ -1,437 +1,437 @@ -<?php
-/*
- snort_interfaces_global.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- Copyright (C) 2008-2009 Robert Zelaya
- Modified for the Pfsense snort package.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g;
-
-$d_snort_global_dirty_path = '/var/run/snort_global.dirty';
-
-/* make things short */
-$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
-$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
-$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
-$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
-$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit'];
-$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize'];
-$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7'];
-$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype'];
-$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
-
-/* if no errors move foward */
-if (!$input_errors) {
-
- if ($_POST["Submit"]) {
-
- $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'];
- $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];
- $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
- $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked'];
- if ($_POST['snortloglimitsize']) {
- $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit'];
- $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize'];
- } else {
- $config['installedpackages']['snortglobal']['snortloglimit'] = 'on';
-
- /* code will set limit to 21% of slice that is unused */
- $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024);
- $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize;
- }
- $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7'];
- $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype'];
- $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
-
- $retval = 0;
-
- $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
- snort_snortloglimit_install_cron($snort_snortloglimit_info_ck == 'ok' ? true : false);
-
- /* set the snort block hosts time IMPORTANT */
- $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "never_b")
- $snort_rm_blocked_false = false;
- else
- $snort_rm_blocked_false = true;
-
- snort_rm_blocked_install_cron($snort_rm_blocked_false);
-
- /* set the snort rules update time */
- $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "never_up")
- $snort_rules_up_false = false;
- else
- $snort_rules_up_false = true;
-
- snort_rules_up_install_cron($snort_rules_up_false);
-
- configure_cron();
- write_config();
-
- /* create whitelist and homenet file then sync files */
- sync_snort_package_config();
-
- /* forces page to reload new settings */
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: /snort/snort_interfaces_global.php");
- exit;
- }
-}
-
-
-if ($_POST["Reset"]) {
-
- function snort_deinstall_settings() {
- global $config, $g, $id, $if_real;
-
- exec("/usr/usr/bin/killall snort");
- sleep(2);
- exec("/usr/usr/bin/killall -9 snort");
- sleep(2);
- exec("/usr/usr/bin/killall barnyard2");
- sleep(2);
- exec("/usr/usr/bin/killall -9 barnyard2");
- sleep(2);
-
- /* Remove snort cron entries Ugly code needs smoothness*/
- if (!function_exists('snort_deinstall_cron')) {
- function snort_deinstall_cron($cronmatch) {
- global $config, $g;
-
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], $cronmatch)) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- if($is_installed == true)
- unset($config['cron']['item'][$x]);
-
- configure_cron();
- }
- }
-
- snort_deinstall_cron("snort2c");
- snort_deinstall_cron("snort_check_for_rule_updates.php");
-
-
- /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
- /* Keep this as a last step */
- unset($config['installedpackages']['snortglobal']);
-
- /* remove all snort iface dir */
- exec('rm -r /usr/local/etc/snort/snort_*');
- exec('rm /var/log/snort/*');
- }
-
- snort_deinstall_settings();
- write_config(); /* XXX */
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: /snort/snort_interfaces_global.php");
- exit;
-}
-
-$pgtitle = 'Services: Snort: Global Settings';
-include_once("head.inc");
-
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-
-<?php
-echo "{$snort_general_css}\n";
-echo "$snort_interfaces_css\n";
-
-include_once("fbegin.inc");
-
-if($pfsense_stable == 'yes')
- echo '<p class="pgtitle">' . $pgtitle . '</p>';
-?>
-
-<noscript>
-<div class="alert" ALIGN=CENTER><img
- src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
-enable JavaScript to view this content
-</CENTER></div>
-</noscript>
-
-<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php
- /* Display Alert message, under form tag or no refresh */
- if ($input_errors)
- print_input_errors($input_errors); // TODO: add checks
-
- if (!$input_errors) {
- if (file_exists($d_snort_global_dirty_path)) {
- print_info_box_np2('
- The Snort configuration has changed and snort needs to be restarted on this interface.<br>
- You must apply the changes in order for them to take effect.<br>
- ');
- }
- }
-?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), true, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
- display_top_tabs($tab_array);
-?>
-</td></tr>
-<tr>
- <td class="tabcont">
- <table id="maintable2" width="100%" border="0" cellpadding="6"
- cellspacing="0">
- <tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Please Choose The
- Type Of Rules You Wish To Download</td>
- </tr>
- <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td>
- <td width="78%" class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td colspan="2"><input name="snortdownload" type="radio"
- id="snortdownload" value="off" onClick="enable_change(false)"
- <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>>
- Do <strong>NOT</strong> Install</td>
- </tr>
- <tr>
- <td colspan="2"><input name="snortdownload" type="radio"
- id="snortdownload" value="on" onClick="enable_change(false)"
- <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install
- Basic Rules or Premium rules <br>
- <a
- href="https://www.snort.org/signup" target="_blank">Sign Up for a
- Basic Rule Account</a><br>
- <a
- href="http://www.snort.org/vrt/buy-a-subscription"
- target="_blank">Sign Up for Sourcefire VRT Certified Premium
- Rules. This Is Highly Recommended</a></td>
- </tr>
- <tr>
- <td> </td>
- </tr>
- </table>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td>
- </tr>
- <tr>
- <td class="vncell2" valign="top">Code</td>
- <td class="vtable"><input name="oinkmastercode" type="text"
- class="formfld" id="oinkmastercode" size="52"
- value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br>
- Obtain a snort.org Oinkmaster code and paste here.</td>
-
- </table>
-
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong>
- rules</td>
- <td width="78%" class="vtable"><input name="emergingthreats"
- type="checkbox" value="yes"
- <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- Emerging Threats is an open source community that produces fastest
- moving and diverse Snort Rules.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Update rules
- automatically</td>
- <td width="78%" class="vtable"><select name="autorulesupdate7"
- class="formfld" id="autorulesupdate7">
- <?php
- $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS');
- foreach ($interfaces3 as $iface3 => $ifacename3): ?>
- <option value="<?=$iface3;?>"
- <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename3);?></option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Please select the update times for rules.<br>
- Hint: in most cases, every 12 hours is a good choice.</span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">General Settings</td>
- </tr>
-
- <tr>
- <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
- <td width="22%" valign="top" class="vncell2">Log Directory Size
- Limit<br>
- <br>
- <br>
- <br>
- <br>
- <br>
- <span class="red"><strong>Note</span>:</strong><br>
- Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td>
- <td width="78%" class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td colspan="2"><input name="snortloglimit" type="radio"
- id="snortloglimit" value="on" onClick="enable_change(false)"
- <?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>>
- <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td>
- </tr>
- <tr>
- <td colspan="2"><input name="snortloglimit" type="radio"
- id="snortloglimit" value="off" onClick="enable_change(false)"
- <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong>
- directory size limit<br>
- <br>
- <span class="red"><strong>Warning</span>:</strong> Nanobsd
- should use no more than 10MB of space.</td>
- </tr>
- <tr>
- <td> </td>
- </tr>
- </table>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td class="vncell3">Size in <strong>MB</strong></td>
- <td class="vtable"><input name="snortloglimitsize" type="text"
- class="formfld" id="snortloglimitsize" size="7"
- value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>">
- Default is <strong>20%</strong> of available space.</td>
-
- </table>
-
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell2">Remove blocked hosts
- every</td>
- <td width="78%" class="vtable"><select name="rm_blocked"
- class="formfld" id="rm_blocked">
- <?php
- $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS');
- foreach ($interfaces3 as $iface3 => $ifacename3): ?>
- <option value="<?=$iface3;?>"
- <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename3);?></option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Please select the amount of time you would like
- hosts to be blocked for.<br>
- Hint: in most cases, 1 hour is a good choice.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Alerts file description
- type</td>
- <td width="78%" class="vtable"><select name="snortalertlogtype"
- class="formfld" id="snortalertlogtype">
- <?php
- $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT');
- foreach ($interfaces4 as $iface4 => $ifacename4): ?>
- <option value="<?=$iface4;?>"
- <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename4);?></option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Please choose the type of Alert logging you will
- like see in your alert file.<br>
- Hint: Best pratice is to chose full logging.</span> <span
- class="red"><strong>WARNING:</strong></span> <strong>On
- change, alert file will be cleared.</strong></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Keep snort settings
- after deinstall</td>
- <td width="78%" class="vtable"><input name="forcekeepsettings"
- id="forcekeepsettings" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- Settings will not be removed during deinstall.</td>
- </tr>
- <tr>
- <td width="22%" valign="top"><input name="Reset" type="submit"
- class="formbtn" value="Reset"
- onclick="return confirm('Do you really want to delete all global and interface settings?')"><span
- class="red"><strong> WARNING:</strong><br>
- This will reset all global and interface settings.</span></td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn"
- value="Save" onClick="enable_change(true)">
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
- </strong></span> Changing any settings on this page will affect all
- interfaces. Please, double check if your oink code is correct and
- the type of snort.org account you hold.</span></td>
- </tr>
- </table>
- </td>
- </tr>
-</table>
-</form>
-
-</div>
-
- <?php include("fend.inc"); ?>
-
- <?php echo "$snort_custom_rnd_box\n"; ?>
-
-</body>
-</html>
+<?php +/* + snort_interfaces_global.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2011 Ermal Luci + All rights reserved. + + Copyright (C) 2008-2009 Robert Zelaya + Modified for the Pfsense snort package. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +$d_snort_global_dirty_path = '/var/run/snort_global.dirty'; + +/* make things short */ +$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; +$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; +$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; +$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; +$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; +$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; +$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; +$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; +$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; + +/* if no errors move foward */ +if (!$input_errors) { + + if ($_POST["Submit"]) { + + $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload']; + $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; + $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; + if ($_POST['snortloglimitsize']) { + $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit']; + $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize']; + } else { + $config['installedpackages']['snortglobal']['snortloglimit'] = 'on'; + + /* code will set limit to 21% of slice that is unused */ + $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024); + $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize; + } + $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; + $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; + $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; + + $retval = 0; + + $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit']; + snort_snortloglimit_install_cron($snort_snortloglimit_info_ck == 'ok' ? true : false); + + /* set the snort block hosts time IMPORTANT */ + $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; + if ($snort_rm_blocked_info_ck == "never_b") + $snort_rm_blocked_false = false; + else + $snort_rm_blocked_false = true; + + snort_rm_blocked_install_cron($snort_rm_blocked_false); + + /* set the snort rules update time */ + $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; + if ($snort_rules_up_info_ck == "never_up") + $snort_rules_up_false = false; + else + $snort_rules_up_false = true; + + snort_rules_up_install_cron($snort_rules_up_false); + + configure_cron(); + write_config(); + + /* create whitelist and homenet file then sync files */ + sync_snort_package_config(); + + /* forces page to reload new settings */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_interfaces_global.php"); + exit; + } +} + + +if ($_POST["Reset"]) { + + function snort_deinstall_settings() { + global $config, $g, $id, $if_real; + + exec("/usr/usr/bin/killall snort"); + sleep(2); + exec("/usr/usr/bin/killall -9 snort"); + sleep(2); + exec("/usr/usr/bin/killall barnyard2"); + sleep(2); + exec("/usr/usr/bin/killall -9 barnyard2"); + sleep(2); + + /* Remove snort cron entries Ugly code needs smoothness*/ + if (!function_exists('snort_deinstall_cron')) { + function snort_deinstall_cron($cronmatch) { + global $config, $g; + + + if(!$config['cron']['item']) + return; + + $x=0; + $is_installed = false; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], $cronmatch)) { + $is_installed = true; + break; + } + $x++; + } + if($is_installed == true) + unset($config['cron']['item'][$x]); + + configure_cron(); + } + } + + snort_deinstall_cron("snort2c"); + snort_deinstall_cron("snort_check_for_rule_updates.php"); + + + /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ + /* Keep this as a last step */ + unset($config['installedpackages']['snortglobal']); + + /* remove all snort iface dir */ + exec('rm -r /usr/local/etc/snort/snort_*'); + exec('rm /var/log/snort/*'); + } + + snort_deinstall_settings(); + write_config(); /* XXX */ + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_interfaces_global.php"); + exit; +} + +$pgtitle = 'Services: Snort: Global Settings'; +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +echo "{$snort_general_css}\n"; +echo "$snort_interfaces_css\n"; + +include_once("fbegin.inc"); + +if($pfsense_stable == 'yes') + echo '<p class="pgtitle">' . $pgtitle . '</p>'; +?> + +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> + +<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<?php + /* Display Alert message, under form tag or no refresh */ + if ($input_errors) + print_input_errors($input_errors); // TODO: add checks + + if (!$input_errors) { + if (file_exists($d_snort_global_dirty_path)) { + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), true, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td class="tabcont"> + <table id="maintable2" width="100%" border="0" cellpadding="6" + cellspacing="0"> + <tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Please Choose The + Type Of Rules You Wish To Download</td> + </tr> + <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2"><input name="snortdownload" type="radio" + id="snortdownload" value="off" onClick="enable_change(false)" + <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>> + Do <strong>NOT</strong> Install</td> + </tr> + <tr> + <td colspan="2"><input name="snortdownload" type="radio" + id="snortdownload" value="on" onClick="enable_change(false)" + <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install + Basic Rules or Premium rules <br> + <a + href="https://www.snort.org/signup" target="_blank">Sign Up for a + Basic Rule Account</a><br> + <a + href="http://www.snort.org/vrt/buy-a-subscription" + target="_blank">Sign Up for Sourcefire VRT Certified Premium + Rules. This Is Highly Recommended</a></td> + </tr> + <tr> + <td> </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td> + </tr> + <tr> + <td class="vncell2" valign="top">Code</td> + <td class="vtable"><input name="oinkmastercode" type="text" + class="formfld" id="oinkmastercode" size="52" + value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br> + Obtain a snort.org Oinkmaster code and paste here.</td> + + </table> + + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong> + rules</td> + <td width="78%" class="vtable"><input name="emergingthreats" + type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Emerging Threats is an open source community that produces fastest + moving and diverse Snort Rules.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Update rules + automatically</td> + <td width="78%" class="vtable"><select name="autorulesupdate7" + class="formfld" id="autorulesupdate7"> + <?php + $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please select the update times for rules.<br> + Hint: in most cases, every 12 hours is a good choice.</span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">General Settings</td> + </tr> + + <tr> + <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> + <td width="22%" valign="top" class="vncell2">Log Directory Size + Limit<br> + <br> + <br> + <br> + <br> + <br> + <span class="red"><strong>Note</span>:</strong><br> + Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2"><input name="snortloglimit" type="radio" + id="snortloglimit" value="on" onClick="enable_change(false)" + <?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>> + <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td> + </tr> + <tr> + <td colspan="2"><input name="snortloglimit" type="radio" + id="snortloglimit" value="off" onClick="enable_change(false)" + <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong> + directory size limit<br> + <br> + <span class="red"><strong>Warning</span>:</strong> Nanobsd + should use no more than 10MB of space.</td> + </tr> + <tr> + <td> </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vncell3">Size in <strong>MB</strong></td> + <td class="vtable"><input name="snortloglimitsize" type="text" + class="formfld" id="snortloglimitsize" size="7" + value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>"> + Default is <strong>20%</strong> of available space.</td> + + </table> + + </tr> + + <tr> + <td width="22%" valign="top" class="vncell2">Remove blocked hosts + every</td> + <td width="78%" class="vtable"><select name="rm_blocked" + class="formfld" id="rm_blocked"> + <?php + $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please select the amount of time you would like + hosts to be blocked for.<br> + Hint: in most cases, 1 hour is a good choice.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Alerts file description + type</td> + <td width="78%" class="vtable"><select name="snortalertlogtype" + class="formfld" id="snortalertlogtype"> + <?php + $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); + foreach ($interfaces4 as $iface4 => $ifacename4): ?> + <option value="<?=$iface4;?>" + <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename4);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please choose the type of Alert logging you will + like see in your alert file.<br> + Hint: Best pratice is to chose full logging.</span> <span + class="red"><strong>WARNING:</strong></span> <strong>On + change, alert file will be cleared.</strong></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Keep snort settings + after deinstall</td> + <td width="78%" class="vtable"><input name="forcekeepsettings" + id="forcekeepsettings" type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Settings will not be removed during deinstall.</td> + </tr> + <tr> + <td width="22%" valign="top"><input name="Reset" type="submit" + class="formbtn" value="Reset" + onclick="return confirm('Do you really want to delete all global and interface settings?')"><span + class="red"><strong> WARNING:</strong><br> + This will reset all global and interface settings.</span></td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" + value="Save" onClick="enable_change(true)"> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br> + </strong></span> Changing any settings on this page will affect all + interfaces. Please, double check if your oink code is correct and + the type of snort.org account you hold.</span></td> + </tr> + </table> + </td> + </tr> +</table> +</form> + +</div> + + <?php include("fend.inc"); ?> + + <?php echo "$snort_custom_rnd_box\n"; ?> + +</body> +</html> diff --git a/config/snort-dev/snort_interfaces_suppress.php b/config/snort-dev/snort_interfaces_suppress.php index cde6d3eb..4eeed42d 100644 --- a/config/snort-dev/snort_interfaces_suppress.php +++ b/config/snort-dev/snort_interfaces_suppress.php @@ -1,171 +1,171 @@ -<?php
-/* $Id$ */
-/*
- Copyright (C) 2004 Scott Ullrich
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-
-if (!is_array($config['installedpackages']['snortglobal']['suppress']))
- $config['installedpackages']['snortglobal']['suppress'] = array();
-if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
- $config['installedpackages']['snortglobal']['suppress']['item'] = array();
-$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
-$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
-
-$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty';
-
-if ($_GET['act'] == "del") {
- if ($a_suppress[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
-
- unset($a_suppress[$_GET['id']]);
- write_config();
- filter_configure();
- header("Location: /snort/snort_interfaces_suppress.php");
- exit;
- }
-}
-
-$pgtitle = "Services: Snort: Suppression";
-include_once("head.inc");
-
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-
-<?php
-include_once("fbegin.inc");
-echo $snort_general_css;
-?>
-
-<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
-<?php if (file_exists($d_suppresslistdirty_path)): ?>
-<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
-<?php endif; ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td class="tabcont">
-
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
-
- <tr>
- <td width="30%" class="listhdrr">File Name</td>
- <td width="70%" class="listhdr">Description</td>
-
- <td width="10%" class="list"></td>
- </tr>
- <?php $i = 0; foreach ($a_suppress as $list): ?>
- <tr>
- <td class="listlr"
- ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?></td>
- <td class="listbg"
- ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>
- </td>
-
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a
- href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="edit whitelist"></a></td>
- <td><a
- href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>"
- onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="delete whitelist"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="2"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17"> </td>
- <td valign="middle"><a
- href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="add a new list"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </td>
- </tr>
-</table>
-<br>
-<table class="tabcont" width="100%" border="0" cellpadding="0"
- cellspacing="0">
- <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <p><span class="vexpl">Here you can create event filtering and
- suppression for your snort package rules.<br>
- Please note that you must restart a running rule so that changes can
- take effect.</span></p></td>
-</table>
-
-</form>
-
-</div>
-
-<?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* $Id$ */ +/* + Copyright (C) 2004 Scott Ullrich + Copyright (C) 2011 Ermal Luci + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + + +if (!is_array($config['installedpackages']['snortglobal']['suppress'])) + $config['installedpackages']['snortglobal']['suppress'] = array(); +if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) + $config['installedpackages']['snortglobal']['suppress']['item'] = array(); +$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; +$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']); + +$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty'; + +if ($_GET['act'] == "del") { + if ($a_suppress[$_GET['id']]) { + /* make sure rule is not being referenced by any nat or filter rules */ + + unset($a_suppress[$_GET['id']]); + write_config(); + filter_configure(); + header("Location: /snort/snort_interfaces_suppress.php"); + exit; + } +} + +$pgtitle = "Services: Snort: Suppression"; +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); +echo $snort_general_css; +?> + +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_suppresslistdirty_path)): ?> +<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> +<?php endif; ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td class="tabcont"> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr> + <td width="30%" class="listhdrr">File Name</td> + <td width="70%" class="listhdr">Description</td> + + <td width="10%" class="list"></td> + </tr> + <?php $i = 0; foreach ($a_suppress as $list): ?> + <tr> + <td class="listlr" + ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?></td> + <td class="listbg" + ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> + </td> + + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a + href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="edit whitelist"></a></td> + <td><a + href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" + onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" border="0" title="delete whitelist"></a></td> + </tr> + </table> + </td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="2"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a + href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="add a new list"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> +</table> +<br> +<table class="tabcont" width="100%" border="0" cellpadding="0" + cellspacing="0"> + <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <p><span class="vexpl">Here you can create event filtering and + suppression for your snort package rules.<br> + Please note that you must restart a running rule so that changes can + take effect.</span></p></td> +</table> + +</form> + +</div> + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_interfaces_suppress_edit.php b/config/snort-dev/snort_interfaces_suppress_edit.php index 559ea76c..7303349f 100644 --- a/config/snort-dev/snort_interfaces_suppress_edit.php +++ b/config/snort-dev/snort_interfaces_suppress_edit.php @@ -1,295 +1,295 @@ -<?php
-/* $Id$ */
-/*
- firewall_aliases_edit.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['suppress']))
- $config['installedpackages']['snortglobal']['suppress'] = array();
-if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
- $config['installedpackages']['snortglobal']['suppress']['item'] = array();
-$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (!is_numeric($id))
- $id = 0; // XXX: safety belt
-
-
-/* gen uuid for each iface */
-if (is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) {
- if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') {
- //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
- $suppress_uuid = 0;
- while ($suppress_uuid > 65535 || $suppress_uuid == 0) {
- $suppress_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $suppress_uuid;
- }
- } else if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') {
- $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'];
- }
-}
-
-$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty';
-
-/* returns true if $name is a valid name for a whitelist file name or ip */
-function is_validwhitelistname($name) {
- if (!is_string($name))
- return false;
-
- if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
- return true;
-
- return false;
-}
-
-if (isset($id) && $a_suppress[$id]) {
-
- /* old settings */
- $pconfig['name'] = $a_suppress[$id]['name'];
- $pconfig['uuid'] = $a_suppress[$id]['uuid'];
- $pconfig['descr'] = $a_suppress[$id]['descr'];
- $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
-}
-
-if ($_POST['submit']) {
-
- unset($input_errors);
- $pconfig = $_POST;
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if(strtolower($_POST['name']) == "defaultwhitelist")
- $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
-
- $x = is_validwhitelistname($_POST['name']);
- if (!isset($x)) {
- $input_errors[] = "Reserved word used for whitelist file name.";
- } else {
- if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
- }
-
-
- /* check for name conflicts */
- foreach ($a_suppress as $s_list) {
- if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list))
- continue;
-
- if ($s_list['name'] == $_POST['name']) {
- $input_errors[] = "A whitelist file name with this name already exists.";
- break;
- }
- }
-
-
- if (!$input_errors) {
- $s_list = array();
- $s_list['name'] = $_POST['name'];
- $s_list['uuid'] = $suppress_uuid;
- $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
-
- if (isset($id) && $a_suppress[$id])
- $a_suppress[$id] = $s_list;
- else
- $a_suppress[] = $s_list;
-
- write_config();
-
- sync_snort_package_config();
-
- header("Location: /snort/snort_interfaces_suppress.php");
- exit;
- }
-
-}
-
-$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid";
-include_once("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php
-include("fbegin.inc");
-echo $snort_general_css;
-?>
-
-<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="inputerrors"></div>
-
-<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>"
- method="post" name="iform" id="iform"><?php
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box2($savemsg);
- }
-
- //if (file_exists($d_snortconfdirty_path)) {
- if (file_exists($d_snort_suppress_dirty_path)) {
- echo '<p>';
-
- if($savemsg) {
- print_info_box_np2("{$savemsg}");
- }else{
- print_info_box_np2('
- The Snort configuration has changed and snort needs to be restarted on this interface.<br>
- You must apply the changes in order for them to take effect.<br>
- ');
- }
- }
- ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl">
-
- <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
- <ul class="newtabmenu">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global
- Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li class="newtabmenu_active"><a
- href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
- </div>
-
- </td>
- </tr>
-
- <tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add the name and
- description of the file.</td>
- </tr>
- <tr>
- <td valign="top" class="vncellreq2">Name</td>
- <td class="vtable"><input name="name" type="text" id="name"
- size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
- <span class="vexpl"> The list name may only consist of the
- characters a-z, A-Z and 0-9. <span class="red">Note: </span> No
- Spaces. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Description</td>
- <td width="78%" class="vtable"><input name="descr" type="text"
- id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
- <span class="vexpl"> You may enter a description here for your
- reference (not parsed). </span></td>
- </tr>
- </table>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <table height="32" width="100%">
- <tr>
- <td>
- <div style='background-color: #E0E0E0' id='redbox'>
- <table width='100%'>
- <tr>
- <td width='8%'> <img
- style='vertical-align: middle'
- src="/snort/images/icon_excli.png" width="40" height="32"></td>
- <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font>
- <font size="2" color='#000000'> The threshold keyword
- is deprecated as of version 2.8.5. Use the event_filter keyword
- instead.</font></td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
- <script type="text/javascript">
- NiftyCheck();
- Rounded("div#redbox","all","#FFF","#E0E0E0","smooth");
- Rounded("td#blackbox","all","#FFF","#000000","smooth");
- </script>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Apply suppression or
- filters to rules. Valid keywords are 'suppress', 'event_filter' and
- 'rate_filter'.</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="vncell"><b>Example 1;</b>
- suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br>
- <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit,
- track by_src, count 1, seconds 60<br>
- <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src,
- count 100, seconds 1, new_action log, timeout 10</td>
- </tr>
- <tr>
- <td width="100%" class="vtable"><textarea wrap="off"
- name="suppresspassthru" cols="142" rows="28" id="suppresspassthru"
- class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
- </td>
- </tr>
- <tr>
- <td width="78%"><input id="submit" name="submit" type="submit"
- class="formbtn" value="Save" /> <input id="cancelbutton"
- name="cancelbutton" type="button" class="formbtn" value="Cancel"
- onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?>
- </td>
- </tr>
- </table>
- </table>
- </td>
- </tr>
-</table>
-</form>
-
-</div>
-
- <?php include("fend.inc"); ?>
-
-</body>
-</html>
+<?php +/* $Id$ */ +/* + firewall_aliases_edit.php + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['suppress'])) + $config['installedpackages']['snortglobal']['suppress'] = array(); +if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) + $config['installedpackages']['snortglobal']['suppress']['item'] = array(); +$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (!is_numeric($id)) + $id = 0; // XXX: safety belt + + +/* gen uuid for each iface */ +if (is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) { + if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); + $suppress_uuid = 0; + while ($suppress_uuid > 65535 || $suppress_uuid == 0) { + $suppress_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $suppress_uuid; + } + } else if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') { + $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid']; + } +} + +$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty'; + +/* returns true if $name is a valid name for a whitelist file name or ip */ +function is_validwhitelistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) + return true; + + return false; +} + +if (isset($id) && $a_suppress[$id]) { + + /* old settings */ + $pconfig['name'] = $a_suppress[$id]['name']; + $pconfig['uuid'] = $a_suppress[$id]['uuid']; + $pconfig['descr'] = $a_suppress[$id]['descr']; + $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); +} + +if ($_POST['submit']) { + + unset($input_errors); + $pconfig = $_POST; + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultwhitelist") + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + + $x = is_validwhitelistname($_POST['name']); + if (!isset($x)) { + $input_errors[] = "Reserved word used for whitelist file name."; + } else { + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + } + + + /* check for name conflicts */ + foreach ($a_suppress as $s_list) { + if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list)) + continue; + + if ($s_list['name'] == $_POST['name']) { + $input_errors[] = "A whitelist file name with this name already exists."; + break; + } + } + + + if (!$input_errors) { + $s_list = array(); + $s_list['name'] = $_POST['name']; + $s_list['uuid'] = $suppress_uuid; + $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); + + if (isset($id) && $a_suppress[$id]) + $a_suppress[$id] = $s_list; + else + $a_suppress[] = $s_list; + + write_config(); + + sync_snort_package_config(); + + header("Location: /snort/snort_interfaces_suppress.php"); + exit; + } + +} + +$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid"; +include_once("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include("fbegin.inc"); +echo $snort_general_css; +?> + +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<?php if ($input_errors) print_input_errors($input_errors); ?> +<div id="inputerrors"></div> + +<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" + method="post" name="iform" id="iform"><?php + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + //if (file_exists($d_snortconfdirty_path)) { + if (file_exists($d_snort_suppress_dirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global + Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li class="newtabmenu_active"><a + href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> + </ul> + </div> + + </td> + </tr> + + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Add the name and + description of the file.</td> + </tr> + <tr> + <td valign="top" class="vncellreq2">Name</td> + <td class="vtable"><input name="name" type="text" id="name" + size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> + <span class="vexpl"> The list name may only consist of the + characters a-z, A-Z and 0-9. <span class="red">Note: </span> No + Spaces. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Description</td> + <td width="78%" class="vtable"><input name="descr" type="text" + id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> + <span class="vexpl"> You may enter a description here for your + reference (not parsed). </span></td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table height="32" width="100%"> + <tr> + <td> + <div style='background-color: #E0E0E0' id='redbox'> + <table width='100%'> + <tr> + <td width='8%'> <img + style='vertical-align: middle' + src="/snort/images/icon_excli.png" width="40" height="32"></td> + <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font> + <font size="2" color='#000000'> The threshold keyword + is deprecated as of version 2.8.5. Use the event_filter keyword + instead.</font></td> + </tr> + </table> + </div> + </td> + </tr> + <script type="text/javascript"> + NiftyCheck(); + Rounded("div#redbox","all","#FFF","#E0E0E0","smooth"); + Rounded("td#blackbox","all","#FFF","#000000","smooth"); + </script> + <tr> + <td colspan="2" valign="top" class="listtopic">Apply suppression or + filters to rules. Valid keywords are 'suppress', 'event_filter' and + 'rate_filter'.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="vncell"><b>Example 1;</b> + suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> + <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, + track by_src, count 1, seconds 60<br> + <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, + count 100, seconds 1, new_action log, timeout 10</td> + </tr> + <tr> + <td width="100%" class="vtable"><textarea wrap="off" + name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" + class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> + </td> + </tr> + <tr> + <td width="78%"><input id="submit" name="submit" type="submit" + class="formbtn" value="Save" /> <input id="cancelbutton" + name="cancelbutton" type="button" class="formbtn" value="Cancel" + onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> + </td> + </tr> + </table> + </table> + </td> + </tr> +</table> +</form> + +</div> + + <?php include("fend.inc"); ?> + +</body> +</html> diff --git a/config/snort-dev/snort_interfaces_whitelist.php b/config/snort-dev/snort_interfaces_whitelist.php index 72a08629..2dc2d491 100644 --- a/config/snort-dev/snort_interfaces_whitelist.php +++ b/config/snort-dev/snort_interfaces_whitelist.php @@ -1,189 +1,189 @@ -<?php
-/* $Id$ */
-/*
- firewall_aliases.php
- Copyright (C) 2004 Scott Ullrich
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
-$config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-
-//aliases_sort(); << what ?
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-
-if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) {
- $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
-}else{
- $id_gen = '0';
-}
-
-$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty';
-
-if ($_GET['act'] == "del") {
- if ($a_whitelist[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
-
- unset($a_whitelist[$_GET['id']]);
- write_config();
- filter_configure();
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
- }
-}
-
-$pgtitle = "Services: Snort: Whitelist";
-include_once("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php
-include_once("fbegin.inc");
-echo $snort_general_css;
-?>
-
-<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
-<?php if (file_exists($d_whitelistdirty_path)): ?>
-<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
-<?php endif; ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td class="tabcont">
-
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
-
- <tr>
- <td width="20%" class="listhdrr">File Name</td>
- <td width="40%" class="listhdrr">Values</td>
- <td width="40%" class="listhdr">Description</td>
- <td width="10%" class="list"></td>
- </tr>
- <?php $i = 0; foreach ($a_whitelist as $list): ?>
- <tr>
- <td class="listlr"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?></td>
- <td class="listr"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?php
- $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
- echo $addresses;
- if(count($addresses) < 10) {
- echo " ";
- } else {
- echo "...";
- }
- ?></td>
- <td class="listbg"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>
- </td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a
- href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="edit whitelist"></a></td>
- <td><a
- href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>"
- onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="delete whitelist"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="3"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17"> </td>
- <td valign="middle"><a
- href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="add a new list"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </td>
- </tr>
-</table>
-<br>
-<table class="tabcont" width="100%" border="0" cellpadding="0"
- cellspacing="0">
- <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <p><span class="vexpl">Here you can create whitelist files for your
- snort package rules.<br>
- Please add all the ips or networks you want to protect against snort
- block decisions.<br>
- Remember that the default whitelist only includes local networks.<br>
- Be careful, it is very easy to get locked out of you system.</span></p></td>
-</table>
-
-</form>
-
-</div>
-
-<?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* $Id$ */ +/* + firewall_aliases.php + Copyright (C) 2004 Scott Ullrich + Copyright (C) 2011 Ermal Luci + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + + +if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) +$config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + +//aliases_sort(); << what ? +$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; + +if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) { + $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); +}else{ + $id_gen = '0'; +} + +$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty'; + +if ($_GET['act'] == "del") { + if ($a_whitelist[$_GET['id']]) { + /* make sure rule is not being referenced by any nat or filter rules */ + + unset($a_whitelist[$_GET['id']]); + write_config(); + filter_configure(); + header("Location: /snort/snort_interfaces_whitelist.php"); + exit; + } +} + +$pgtitle = "Services: Snort: Whitelist"; +include_once("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include_once("fbegin.inc"); +echo $snort_general_css; +?> + +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_whitelistdirty_path)): ?> +<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> +<?php endif; ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td class="tabcont"> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr> + <td width="20%" class="listhdrr">File Name</td> + <td width="40%" class="listhdrr">Values</td> + <td width="40%" class="listhdr">Description</td> + <td width="10%" class="list"></td> + </tr> + <?php $i = 0; foreach ($a_whitelist as $list): ?> + <tr> + <td class="listlr" + ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?></td> + <td class="listr" + ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <?php + $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); + echo $addresses; + if(count($addresses) < 10) { + echo " "; + } else { + echo "..."; + } + ?></td> + <td class="listbg" + ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> + </td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a + href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="edit whitelist"></a></td> + <td><a + href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" + onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" border="0" title="delete whitelist"></a></td> + </tr> + </table> + </td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a + href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="add a new list"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> +</table> +<br> +<table class="tabcont" width="100%" border="0" cellpadding="0" + cellspacing="0"> + <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <p><span class="vexpl">Here you can create whitelist files for your + snort package rules.<br> + Please add all the ips or networks you want to protect against snort + block decisions.<br> + Remember that the default whitelist only includes local networks.<br> + Be careful, it is very easy to get locked out of you system.</span></p></td> +</table> + +</form> + +</div> + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php index 854c2a9a..fe3c54a5 100644 --- a/config/snort-dev/snort_interfaces_whitelist_edit.php +++ b/config/snort-dev/snort_interfaces_whitelist_edit.php @@ -1,414 +1,414 @@ -<?php
-/* $Id$ */
-/*
- firewall_aliases_edit.php
- Copyright (C) 2004 Scott Ullrich
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
-}
-
-/* gen uuid for each iface !inportant */
-if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') {
- $whitelist_uuid = 0;
- while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
- $whitelist_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $whitelist_uuid;
- }
-} else if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') {
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'];
-}
-
-$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty';
-
-/* returns true if $name is a valid name for a whitelist file name or ip */
-function is_validwhitelistname($name) {
- if (!is_string($name))
- return false;
-
- if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
- return true;
-
- return false;
-}
-
-
-if (isset($id) && $a_whitelist[$id]) {
-
- /* old settings */
- $pconfig = array();
- $pconfig['name'] = $a_whitelist[$id]['name'];
- $pconfig['uuid'] = $a_whitelist[$id]['uuid'];
- $pconfig['detail'] = $a_whitelist[$id]['detail'];
- $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype'];
- $pconfig['address'] = $a_whitelist[$id]['address'];
- $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
- $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
- $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
- $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
- $pconfig['vips'] = $a_whitelist[$id]['vips'];
- $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
- $addresses = explode(' ', $pconfig['address']);
- $address = explode(" ", $addresses[0]);
-}
-
-if ($_POST['submit']) {
-
- conf_mount_rw();
-
- unset($input_errors);
- $pconfig = $_POST;
-
- /* input validation */
- $reqdfields = explode(" ", "name");
- $reqdfieldsn = explode(",", "Name");
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if(strtolower($_POST['name']) == "defaultwhitelist")
- $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
-
- $x = is_validwhitelistname($_POST['name']);
- if (!isset($x)) {
- $input_errors[] = "Reserved word used for whitelist file name.";
- } else {
- if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
- }
-
- /* check for name conflicts */
- foreach ($a_whitelist as $w_list) {
- if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
- continue;
-
- if ($w_list['name'] == $_POST['name']) {
- $input_errors[] = "A whitelist file name with this name already exists.";
- break;
- }
- }
-
- $isfirst = 0;
- $address = "";
- $final_address_details .= "";
- /* add another entry code */
- for($x=0; $x<499; $x++) {
- if (!empty($_POST["address{$x}"])) {
- if ($is_first > 0)
- $address .= " ";
- $address .= $_POST["address{$x}"];
- if ($_POST["address_subnet{$x}"] <> "")
- $address .= "" . $_POST["address_subnet{$x}"];
-
- /* Compress in details to a single key, data separated by pipes.
- Pulling details here lets us only pull in details for valid
- address entries, saving us from having to track which ones to
- process later. */
- $final_address_detail = mb_convert_encoding($_POST["detail{$x}"],'HTML-ENTITIES','auto');
- if ($final_address_detail <> "")
- $final_address_details .= $final_address_detail;
- else {
- $final_address_details .= "Entry added" . " ";
- $final_address_details .= date('r');
- }
- $final_address_details .= "||";
- $is_first++;
- }
- }
-
- if (!$input_errors) {
- $w_list = array();
- /* post user input */
- $w_list['name'] = $_POST['name'];
- $w_list['uuid'] = $whitelist_uuid;
- $w_list['snortlisttype'] = $_POST['snortlisttype'];
- $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
- $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
- $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
- $w_list['vips'] = $_POST['vips']? 'yes' : 'no';
- $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
-
- $w_list['address'] = $address;
- $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $w_list['detail'] = $final_address_details;
-
- if (isset($id) && $a_whitelist[$id])
- $a_whitelist[$id] = $w_list;
- else
- $a_whitelist[] = $w_list;
-
- write_config();
-
- /* create whitelist and homenet file then sync files */
- sync_snort_package_config();
-
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
- } else {
- $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $pconfig['address'] = $address;
- $pconfig['detail'] = $final_address_details;
- }
-
-}
-
-$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
-include_once("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
-
-<?php
-include("fbegin.inc");
-echo $snort_general_css;
-?>
-<script type="text/javascript" src="/javascript/row_helper.js"></script>
- <input type='hidden' name='address_type' value='textbox' />
- <script type="text/javascript">
-
- rowname[0] = "address";
- rowtype[0] = "textbox";
- rowsize[0] = "20";
-
- rowname[1] = "detail";
- rowtype[1] = "textbox";
- rowsize[1] = "30";
-</script>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="inputerrors"></div>
-
-<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform">
-<?php
- /* Display Alert message */
- if ($input_errors)
- print_input_errors($input_errors); // TODO: add checks
-
- if ($savemsg)
- print_info_box2($savemsg);
-
-?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabcont">
-
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add the name and
- description of the file.</td>
- </tr>
- <tr>
- <td valign="top" class="vncellreq2">Name</td>
- <td class="vtable"><input name="name" type="text" id="name"
- size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
- <span class="vexpl"> The list name may only consist of the
- characters a-z, A-Z and 0-9. <span class="red">Note: </span> No
- Spaces. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Description</td>
- <td width="78%" class="vtable"><input name="descr" type="text"
- id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
- <span class="vexpl"> You may enter a description here for your
- reference (not parsed). </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">List Type</td>
- <td width="78%" class="vtable">
-
- <div
- style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"
- id="itemhelp"><strong>WHITELIST:</strong> This
- list specifies addresses that Snort Package should not block.<br>
- <br>
- <strong>NETLIST:</strong> This list is for defining
- addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div>
-
- <select name="snortlisttype" class="formfld" id="snortlisttype">
- <?php
- $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST');
- foreach ($interfaces4 as $iface4 => $ifacename4): ?>
- <option value="<?=$iface4;?>"
- <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename4);?></option>
- <?php endforeach; ?>
- </select> <span class="vexpl"> Choose the type of
- list you will like see in your <span class="red">Interface Edit Tab</span>.
- </span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add auto generated
- ips.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">WAN IPs</td>
- <td width="78%" class="vtable"><input name="wanips" type="checkbox"
- id="wanips" size="40" value="yes"
- <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> Add WAN IPs to the list. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Wan Gateways</td>
- <td width="78%" class="vtable"><input name="wangateips"
- type="checkbox" id="wangateips" size="40" value="yes"
- <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> Add WAN Gateways to the list. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Wan DNS servers</td>
- <td width="78%" class="vtable"><input name="wandnsips"
- type="checkbox" id="wandnsips" size="40" value="yes"
- <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> Add WAN DNS servers to the list. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td>
- <td width="78%" class="vtable"><input name="vips" type="checkbox"
- id="vips" size="40" value="yes"
- <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">VPNs</td>
- <td width="78%" class="vtable"><input name="vpnips" type="checkbox"
- id="vpnips" size="40" value="yes"
- <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> Add VPN Addresses to the list. </span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add your own custom
- ips.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq2">
- <div id="addressnetworkport">IP or CIDR items</div>
- </td>
- <td width="78%" class="vtable">
- <table id="maintable">
- <tbody>
- <tr>
- <td colspan="4">
- <div
- style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"
- id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY
- IPs not CIDRs</strong>. Example: 192.168.4.1<br>
- <br>
- For <strong>NETLIST's</strong> you may enter <strong>IPs and
- CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div>
- </td>
- </tr>
- <tr>
- <td>
- <div id="onecolumn">IP or CIDR</div>
- </td>
- <td>
- <div id="threecolumn">Add a Description or leave blank and a date
- will be added.</div>
- </td>
- </tr>
-
- <?php
- /* cleanup code */
- $counter = 0;
- $address = $pconfig['address'];
- if ($address <> ""):
- $item = explode(" ", $address);
- $item3 = explode("||", $pconfig['detail']);
- foreach($item as $ww):
- $address = $item[$counter];
- $item4 = $item3[$counter];
- ?>
- <tr>
- <td><input name="address<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" /></td>
- <td><input name="detail<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="50" value="<?=$item4;?>" /></td>
- <td>
- <?php echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; ?>
- </td>
- </tr>
- <?php
- $counter++;
-
- endforeach; endif;
- ?>
- </tbody>
- </table>
- <a onclick="javascript:addRowTo('maintable'); return false;"
- href="#"><img border="0"
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt=""
- title="add another entry" /> </a></td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%">
- <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
- <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
- <input name="id" type="hidden" value="<?=$id;?>" />
- </td>
- </tr>
- </table>
- </td>
- </tr>
-</table>
-</form>
-
-<script type="text/javascript">
- /* row and col adjust when you add extra entries */
-
- field_counter_js = 3;
- rows = 1;
- totalrows = <?php echo $counter; ?>;
- loaded = <?php echo $counter; ?>;
-
-</script>
-
-<?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* $Id$ */ +/* + firewall_aliases_edit.php + Copyright (C) 2004 Scott Ullrich + Copyright (C) 2011 Ermal Luci + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + +$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces_whitelist.php"); + exit; +} + +/* gen uuid for each iface !inportant */ +if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') { + $whitelist_uuid = 0; + while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { + $whitelist_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $whitelist_uuid; + } +} else if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; +} + +$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; + +/* returns true if $name is a valid name for a whitelist file name or ip */ +function is_validwhitelistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) + return true; + + return false; +} + + +if (isset($id) && $a_whitelist[$id]) { + + /* old settings */ + $pconfig = array(); + $pconfig['name'] = $a_whitelist[$id]['name']; + $pconfig['uuid'] = $a_whitelist[$id]['uuid']; + $pconfig['detail'] = $a_whitelist[$id]['detail']; + $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; + $pconfig['address'] = $a_whitelist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); + $pconfig['wanips'] = $a_whitelist[$id]['wanips']; + $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; + $pconfig['vips'] = $a_whitelist[$id]['vips']; + $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; + $addresses = explode(' ', $pconfig['address']); + $address = explode(" ", $addresses[0]); +} + +if ($_POST['submit']) { + + conf_mount_rw(); + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "name"); + $reqdfieldsn = explode(",", "Name"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultwhitelist") + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + + $x = is_validwhitelistname($_POST['name']); + if (!isset($x)) { + $input_errors[] = "Reserved word used for whitelist file name."; + } else { + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + } + + /* check for name conflicts */ + foreach ($a_whitelist as $w_list) { + if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) + continue; + + if ($w_list['name'] == $_POST['name']) { + $input_errors[] = "A whitelist file name with this name already exists."; + break; + } + } + + $isfirst = 0; + $address = ""; + $final_address_details .= ""; + /* add another entry code */ + for($x=0; $x<499; $x++) { + if (!empty($_POST["address{$x}"])) { + if ($is_first > 0) + $address .= " "; + $address .= $_POST["address{$x}"]; + if ($_POST["address_subnet{$x}"] <> "") + $address .= "" . $_POST["address_subnet{$x}"]; + + /* Compress in details to a single key, data separated by pipes. + Pulling details here lets us only pull in details for valid + address entries, saving us from having to track which ones to + process later. */ + $final_address_detail = mb_convert_encoding($_POST["detail{$x}"],'HTML-ENTITIES','auto'); + if ($final_address_detail <> "") + $final_address_details .= $final_address_detail; + else { + $final_address_details .= "Entry added" . " "; + $final_address_details .= date('r'); + } + $final_address_details .= "||"; + $is_first++; + } + } + + if (!$input_errors) { + $w_list = array(); + /* post user input */ + $w_list['name'] = $_POST['name']; + $w_list['uuid'] = $whitelist_uuid; + $w_list['snortlisttype'] = $_POST['snortlisttype']; + $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; + $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; + $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; + $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; + $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; + + $w_list['address'] = $address; + $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $w_list['detail'] = $final_address_details; + + if (isset($id) && $a_whitelist[$id]) + $a_whitelist[$id] = $w_list; + else + $a_whitelist[] = $w_list; + + write_config(); + + /* create whitelist and homenet file then sync files */ + sync_snort_package_config(); + + header("Location: /snort/snort_interfaces_whitelist.php"); + exit; + } else { + $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $pconfig['address'] = $address; + $pconfig['detail'] = $final_address_details; + } + +} + +$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; +include_once("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" > + +<?php +include("fbegin.inc"); +echo $snort_general_css; +?> +<script type="text/javascript" src="/javascript/row_helper.js"></script> + <input type='hidden' name='address_type' value='textbox' /> + <script type="text/javascript"> + + rowname[0] = "address"; + rowtype[0] = "textbox"; + rowsize[0] = "20"; + + rowname[1] = "detail"; + rowtype[1] = "textbox"; + rowsize[1] = "30"; +</script> + +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<?php if ($input_errors) print_input_errors($input_errors); ?> +<div id="inputerrors"></div> + +<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform"> +<?php + /* Display Alert message */ + if ($input_errors) + print_input_errors($input_errors); // TODO: add checks + + if ($savemsg) + print_info_box2($savemsg); + +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabcont"> + + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Add the name and + description of the file.</td> + </tr> + <tr> + <td valign="top" class="vncellreq2">Name</td> + <td class="vtable"><input name="name" type="text" id="name" + size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> + <span class="vexpl"> The list name may only consist of the + characters a-z, A-Z and 0-9. <span class="red">Note: </span> No + Spaces. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Description</td> + <td width="78%" class="vtable"><input name="descr" type="text" + id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> + <span class="vexpl"> You may enter a description here for your + reference (not parsed). </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">List Type</td> + <td width="78%" class="vtable"> + + <div + style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" + id="itemhelp"><strong>WHITELIST:</strong> This + list specifies addresses that Snort Package should not block.<br> + <br> + <strong>NETLIST:</strong> This list is for defining + addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div> + + <select name="snortlisttype" class="formfld" id="snortlisttype"> + <?php + $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); + foreach ($interfaces4 as $iface4 => $ifacename4): ?> + <option value="<?=$iface4;?>" + <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename4);?></option> + <?php endforeach; ?> + </select> <span class="vexpl"> Choose the type of + list you will like see in your <span class="red">Interface Edit Tab</span>. + </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Add auto generated + ips.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">WAN IPs</td> + <td width="78%" class="vtable"><input name="wanips" type="checkbox" + id="wanips" size="40" value="yes" + <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add WAN IPs to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Wan Gateways</td> + <td width="78%" class="vtable"><input name="wangateips" + type="checkbox" id="wangateips" size="40" value="yes" + <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add WAN Gateways to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Wan DNS servers</td> + <td width="78%" class="vtable"><input name="wandnsips" + type="checkbox" id="wandnsips" size="40" value="yes" + <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add WAN DNS servers to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td> + <td width="78%" class="vtable"><input name="vips" type="checkbox" + id="vips" size="40" value="yes" + <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">VPNs</td> + <td width="78%" class="vtable"><input name="vpnips" type="checkbox" + id="vpnips" size="40" value="yes" + <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add VPN Addresses to the list. </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Add your own custom + ips.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq2"> + <div id="addressnetworkport">IP or CIDR items</div> + </td> + <td width="78%" class="vtable"> + <table id="maintable"> + <tbody> + <tr> + <td colspan="4"> + <div + style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" + id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY + IPs not CIDRs</strong>. Example: 192.168.4.1<br> + <br> + For <strong>NETLIST's</strong> you may enter <strong>IPs and + CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div> + </td> + </tr> + <tr> + <td> + <div id="onecolumn">IP or CIDR</div> + </td> + <td> + <div id="threecolumn">Add a Description or leave blank and a date + will be added.</div> + </td> + </tr> + + <?php + /* cleanup code */ + $counter = 0; + $address = $pconfig['address']; + if ($address <> ""): + $item = explode(" ", $address); + $item3 = explode("||", $pconfig['detail']); + foreach($item as $ww): + $address = $item[$counter]; + $item4 = $item3[$counter]; + ?> + <tr> + <td><input name="address<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" /></td> + <td><input name="detail<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="50" value="<?=$item4;?>" /></td> + <td> + <?php echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; ?> + </td> + </tr> + <?php + $counter++; + + endforeach; endif; + ?> + </tbody> + </table> + <a onclick="javascript:addRowTo('maintable'); return false;" + href="#"><img border="0" + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" + title="add another entry" /> </a></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> + <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> + <input name="id" type="hidden" value="<?=$id;?>" /> + </td> + </tr> + </table> + </td> + </tr> +</table> +</form> + +<script type="text/javascript"> + /* row and col adjust when you add extra entries */ + + field_counter_js = 3; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; + +</script> + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php index 0faf4257..7f89d433 100644 --- a/config/snort-dev/snort_preprocessors.php +++ b/config/snort-dev/snort_preprocessors.php @@ -1,391 +1,391 @@ -<?php
-/* $Id$ */
-/*
- snort_preprocessors.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g;
-
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
-}
-
-$pconfig = array();
-if (isset($id) && $a_nat[$id]) {
- $pconfig = $a_nat[$id];
-
- /* new options */
- $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
- $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
- $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
- $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
- $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
- $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
- $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
- $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
- $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
- $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
- $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
- $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
- $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
-}
-
-/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
-$snort_uuid = $pconfig['uuid'];
-
-/* alert file */
-$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-
-if ($_POST) {
-
- $natent = array();
- $natent = $pconfig;
-
- /* if no errors write to conf */
- if (!$input_errors) {
- /* post new options */
- $natent['perform_stat'] = $_POST['perform_stat'];
- if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; }
- if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; }
- if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; }
- if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; }
-
- $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off';
- $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off';
- $natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off';
- $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off';
- $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off';
- $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off';
- $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
- $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
-
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
- else {
- if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
- else
- $a_nat[] = $natent;
- }
-
- write_config();
-
- $if_real = snort_get_real_interface($pconfig['interface']);
- sync_snort_package_config();
-
- /* after click go to this page */
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: snort_preprocessors.php?id=$id");
- exit;
- }
-}
-
-$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow";
-include_once("head.inc");
-
-?>
-<body
- link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php
-echo "{$snort_general_css}\n";
-?>
-
-<div class="body2">
-
-<noscript>
-<div class="alert" ALIGN=CENTER><img
- src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
-enable JavaScript to view this content
-</CENTER></div>
-</noscript>
-
-
-<form action="snort_preprocessors.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform"><?php
-
- /* Display Alert message */
-
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box2($savemsg);
- }
-
- ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tabid = 0;
- $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tabid++;
- $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
-?>
-</td></tr>
- <tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <?php
- /* display error code if there is no id */
- if($id == "")
- {
- echo "
- <style type=\"text/css\">
- .noid {
- position:absolute;
- top:10px;
- left:0px;
- width:94%;
- background:#FCE9C0;
- background-position: 15px;
- border-top:2px solid #DBAC48;
- border-bottom:2px solid #DBAC48;
- padding: 15px 10px 85% 50px;
- }
- </style>
- <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/{$g['theme']}/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n";
-
- }
- ?>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:
- </strong></span><br>
- Rules may be dependent on preprocessors!<br>
- Defaults will be used when there is no user input.<br></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Performance
- Statistics</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable</td>
- <td width="78%" class="vtable"><input name="perform_stat"
- type="checkbox" value="on"
- <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>
- onClick="enable_change(false)"> Performance Statistics for this
- interface.</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable</td>
- <td width="78%" class="vtable"><input name="http_inspect"
- type="checkbox" value="on"
- <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?>
- onClick="enable_change(false)"> Use HTTP Inspect to
- Normalize/Decode and detect HTTP traffic and protocol anomalies.</td>
- </tr>
- <tr>
- <td valign="top" class="vncell2">HTTP server flow depth</td>
- <td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="flow_depth" type="text" class="formfld"
- id="flow_depth" size="5"
- value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong>
- to <strong>1460</strong> (<strong>-1</strong> disables HTTP
- inspect, <strong>0</strong> enables all HTTP inspect)</td>
- </tr>
- </table>
- Amount of HTTP server response payload to inspect. Snort's
- performance may increase by adjusting this value.<br>
- Setting this value too low may cause false negatives. Values above 0
- are specified in bytes. Default value is <strong>0</strong><br>
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td>
- </tr>
- <tr>
- <td valign="top" class="vncell2">Max Queued Bytes</td>
- <td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="max_queued_bytes" type="text" class="formfld"
- id="max_queued_bytes" size="5"
- value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>">
- Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong>
- ( default value is <strong>1048576</strong>, <strong>0</strong>
- means Maximum )</td>
- </tr>
- </table>
- The number of bytes to be queued for reassembly for TCP sessions in
- memory. Default value is <strong>1048576</strong><br>
- </td>
- </tr>
- <tr>
- <td valign="top" class="vncell2">Max Queued Segs</td>
- <td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="max_queued_segs" type="text" class="formfld"
- id="max_queued_segs" size="5"
- value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>">
- Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong>
- ( default value is <strong>2621</strong>, <strong>0</strong> means
- Maximum )</td>
- </tr>
- </table>
- The number of segments to be queued for reassembly for TCP sessions
- in memory. Default value is <strong>2621</strong><br>
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">General Preprocessor
- Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>
- RPC Decode and Back Orifice detector</td>
- <td width="78%" class="vtable"><input name="other_preprocs"
- type="checkbox" value="on"
- <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- Normalize/Decode RPC traffic and detects Back Orifice traffic on the
- network.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>
- FTP and Telnet Normalizer</td>
- <td width="78%" class="vtable"><input name="ftp_preprocessor"
- type="checkbox" value="on"
- <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>
- SMTP Normalizer</td>
- <td width="78%" class="vtable"><input name="smtp_preprocessor"
- type="checkbox" value="on"
- <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>
- Portscan Detection</td>
- <td width="78%" class="vtable"><input name="sf_portscan"
- type="checkbox" value="on"
- <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- Detects various types of portscans and portsweeps.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>
- DCE/RPC2 Detection</td>
- <td width="78%" class="vtable"><input name="dce_rpc_2"
- type="checkbox" value="on"
- <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC
- traffic.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>
- DNS Detection</td>
- <td width="78%" class="vtable"><input name="dns_preprocessor"
- type="checkbox" value="on"
- <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>
- onClick="enable_change(false)"><br>
- The DNS preprocessor decodes DNS Response traffic and detects some
- vulnerabilities.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td>
- <td width="78%" class="vtable"><input name="def_ssl_ports_ignore"
- type="text" class="formfld" id="def_ssl_ports_ignore" size="40"
- value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br>
- <span class="vexpl"> Encrypted traffic should be ignored by Snort
- for both performance reasons and to reduce false positives.<br>
- Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please
- use spaces and not commas.</strong></td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="id" type="hidden" value="<?=$id;?>"></td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <br>
- Please save your settings before you click Start. </td>
- </tr>
- </table>
-
-</table>
-</form>
-
-</div>
-
- <?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* $Id$ */ +/* + snort_preprocessors.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + Copyright (C) 2011 Ermal Luci + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; +} + +$pconfig = array(); +if (isset($id) && $a_nat[$id]) { + $pconfig = $a_nat[$id]; + + /* new options */ + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; + $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; +} + +/* convert fake interfaces to real */ +$if_real = snort_get_real_interface($pconfig['interface']); +$snort_uuid = $pconfig['uuid']; + +/* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + +if ($_POST) { + + $natent = array(); + $natent = $pconfig; + + /* if no errors write to conf */ + if (!$input_errors) { + /* post new options */ + $natent['perform_stat'] = $_POST['perform_stat']; + if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } + if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } + if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; } + if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; } + + $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off'; + $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off'; + $natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off'; + $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off'; + $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off'; + $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off'; + $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off'; + $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off'; + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + $if_real = snort_get_real_interface($pconfig['interface']); + sync_snort_package_config(); + + /* after click go to this page */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: snort_preprocessors.php?id=$id"); + exit; + } +} + +$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow"; +include_once("head.inc"); + +?> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<?php +echo "{$snort_general_css}\n"; +?> + +<div class="body2"> + +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> + + +<form action="snort_preprocessors.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"><?php + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + /* display error code if there is no id */ + if($id == "") + { + echo " + <style type=\"text/css\"> + .noid { + position:absolute; + top:10px; + left:0px; + width:94%; + background:#FCE9C0; + background-position: 15px; + border-top:2px solid #DBAC48; + border-bottom:2px solid #DBAC48; + padding: 15px 10px 85% 50px; + } + </style> + <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/{$g['theme']}/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; + + } + ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note: + </strong></span><br> + Rules may be dependent on preprocessors!<br> + Defaults will be used when there is no user input.<br></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Performance + Statistics</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable</td> + <td width="78%" class="vtable"><input name="perform_stat" + type="checkbox" value="on" + <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> + onClick="enable_change(false)"> Performance Statistics for this + interface.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable</td> + <td width="78%" class="vtable"><input name="http_inspect" + type="checkbox" value="on" + <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> + onClick="enable_change(false)"> Use HTTP Inspect to + Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> + </tr> + <tr> + <td valign="top" class="vncell2">HTTP server flow depth</td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td><input name="flow_depth" type="text" class="formfld" + id="flow_depth" size="5" + value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> + to <strong>1460</strong> (<strong>-1</strong> disables HTTP + inspect, <strong>0</strong> enables all HTTP inspect)</td> + </tr> + </table> + Amount of HTTP server response payload to inspect. Snort's + performance may increase by adjusting this value.<br> + Setting this value too low may cause false negatives. Values above 0 + are specified in bytes. Default value is <strong>0</strong><br> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td> + </tr> + <tr> + <td valign="top" class="vncell2">Max Queued Bytes</td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td><input name="max_queued_bytes" type="text" class="formfld" + id="max_queued_bytes" size="5" + value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>"> + Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> + ( default value is <strong>1048576</strong>, <strong>0</strong> + means Maximum )</td> + </tr> + </table> + The number of bytes to be queued for reassembly for TCP sessions in + memory. Default value is <strong>1048576</strong><br> + </td> + </tr> + <tr> + <td valign="top" class="vncell2">Max Queued Segs</td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td><input name="max_queued_segs" type="text" class="formfld" + id="max_queued_segs" size="5" + value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>"> + Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> + ( default value is <strong>2621</strong>, <strong>0</strong> means + Maximum )</td> + </tr> + </table> + The number of segments to be queued for reassembly for TCP sessions + in memory. Default value is <strong>2621</strong><br> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">General Preprocessor + Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + RPC Decode and Back Orifice detector</td> + <td width="78%" class="vtable"><input name="other_preprocs" + type="checkbox" value="on" + <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Normalize/Decode RPC traffic and detects Back Orifice traffic on the + network.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + FTP and Telnet Normalizer</td> + <td width="78%" class="vtable"><input name="ftp_preprocessor" + type="checkbox" value="on" + <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + SMTP Normalizer</td> + <td width="78%" class="vtable"><input name="smtp_preprocessor" + type="checkbox" value="on" + <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + Portscan Detection</td> + <td width="78%" class="vtable"><input name="sf_portscan" + type="checkbox" value="on" + <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Detects various types of portscans and portsweeps.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + DCE/RPC2 Detection</td> + <td width="78%" class="vtable"><input name="dce_rpc_2" + type="checkbox" value="on" + <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC + traffic.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + DNS Detection</td> + <td width="78%" class="vtable"><input name="dns_preprocessor" + type="checkbox" value="on" + <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + The DNS preprocessor decodes DNS Response traffic and detects some + vulnerabilities.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td> + <td width="78%" class="vtable"><input name="def_ssl_ports_ignore" + type="text" class="formfld" id="def_ssl_ports_ignore" size="40" + value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br> + <span class="vexpl"> Encrypted traffic should be ignored by Snort + for both performance reasons and to reduce false positives.<br> + Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please + use spaces and not commas.</strong></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input name="id" type="hidden" value="<?=$id;?>"></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click Start. </td> + </tr> + </table> + +</table> +</form> + +</div> + + <?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index bfb9da81..871eb39e 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -1,458 +1,458 @@ -<?php
-/*
- snort_rules.php
- Copyright (C) 2004, 2005 Scott Ullrich
- Copyright (C) 2008, 2009 Robert Zelaya
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g;
-
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- $config['installedpackages']['snortglobal']['rule'] = array();
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
-}
-
-if (isset($id) && $a_nat[$id]) {
- $pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
-}
-
-/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
-$iface_uuid = $a_nat[$id]['uuid'];
-
-/* Check if the rules dir is empy if so warn the user */
-/* TODO give the user the option to delete the installed rules rules */
-if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"))
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules");
-
-$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
-if ($isrulesfolderempty == "") {
- $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules");
- if ($isrulesfolderempty == "") {
- include_once("head.inc");
- include_once("fbegin.inc");
-
- echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-
- if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
- echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n";
-
- $tab_array = array();
- $tabid = 0;
- $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tabid++;
- $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
- echo "</td>\n
- </tr>\n
- <tr>\n
- <td>\n
- <div id=\"mainarea\">\n
- <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n
- # The rules directory is empty.\n
- </td>\n
- </tr>\n
- </table>\n
- </div>\n
- </td>\n
- </tr>\n
- </table>\n
- \n
- </form>\n
- \n
- <p>\n\n";
-
- echo "Please click on the Update Rules tab to install your selected rule sets.";
- include("fend.inc");
-
- echo "</body>";
- echo "</html>";
-
- exit(0);
- } else {
- /* Make sure that we have the rules */
- mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true);
- }
-}
-
-function get_middle($source, $beginning, $ending, $init_pos) {
- $beginning_pos = strpos($source, $beginning, $init_pos);
- $middle_pos = $beginning_pos + strlen($beginning);
- $ending_pos = strpos($source, $ending, $beginning_pos);
- $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
- return $middle;
-}
-
-function write_rule_file($content_changed, $received_file)
-{
- @file_put_contents($received_file, implode("\n", $content_changed));
-}
-
-function load_rule_file($incoming_file)
-{
- //read file into string, and get filesize
- $contents = @file_get_contents($incoming_file);
-
- //split the contents of the string file into an array using the delimiter
- return explode("\n", $contents);
-}
-
-$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
-//$ruledir = "/usr/local/etc/snort/rules/";
-$dh = opendir($ruledir);
-while (false !== ($filename = readdir($dh)))
-{
- //only populate this array if its a rule file
- $isrulefile = strstr($filename, ".rules");
- if ($isrulefile !== false)
- $files[] = basename($filename);
-}
-sort($files);
-
-if ($_GET['openruleset'])
- $rulefile = $_GET['openruleset'];
-else
- $rulefile = $ruledir.$files[0];
-
-//Load the rule file
-$splitcontents = load_rule_file($rulefile);
-
-if ($_GET['act'] == "toggle" && $_GET['ids']) {
-
- $lineid= $_GET['ids'];
-
- //copy rule contents from array into string
- $tempstring = $splitcontents[$lineid];
-
- //explode rule contents into an array, (delimiter is space)
- $rule_content = explode(' ', $tempstring);
-
- $findme = "# alert"; //find string for disabled alerts
- $disabled = strstr($tempstring, $findme);
-
- //if find alert is false, then rule is disabled
- if ($disabled !== false) {
- //rule has been enabled
- $tempstring = substr($tempstring, 2);
- } else
- $tempstring = "# ". $tempstring;
-
- //copy string into array for writing
- $splitcontents[$lineid] = $tempstring;
-
- //write the new .rules file
- write_rule_file($splitcontents, $rulefile);
-
- //write disable/enable sid to config.xml
- $sid = get_middle($tempstring, 'sid:', ';', 0);
- if (is_numeric($sid)) {
- // rule_sid_on registers
- if (!empty($a_nat[$id]['rule_sid_on']))
- $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']);
- if (!empty($a_nat[$id]['rule_sid_on']))
- $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']);
- if ($disabled === false)
- $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
- else
- $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
- }
-
- write_config();
-
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}");
- exit;
-}
-
-$currentruleset = basename($rulefile);
-
-$ifname = strtoupper($pconfig['interface']);
-
-require_once("guiconfig.inc");
-include_once("head.inc");
-
-$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset";
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php
-include("fbegin.inc");
-if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-echo "{$snort_general_css}\n";
-?>
-<form action="snort_rules.php" method="post" name="iform" id="iform">
-
-<script language="javascript" type="text/javascript">
-function go()
-{
- var box = document.iform.selectbox;
- destination = box.options[box.selectedIndex].value;
- if (destination)
- location.href = destination;
-}
-function popup(url)
-{
- params = 'width='+screen.width;
- params += ', height='+screen.height;
- params += ', top=0, left=0'
- params += ', fullscreen=yes';
-
- newwin=window.open(url,'windowname4', params);
- if (window.focus) {newwin.focus()}
- return false;
-}
-</script>
-
-<table style="table-layout:fixed;" width="99%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tabid = 0;
- $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tabid++;
- $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
-?>
-</td></tr>
-<tr>
- <td>
- <div id="mainarea2">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="listt" colspan="8">
- <br>Category:
- <select id="selectbox" name="selectbox" class="formfld" onChange="go()">
- <?php
- foreach ($files as $value) {
- echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' ";
- if ($value === $currentruleset)
- echo "selected";
- echo ">{$value}</option>\n";
- }
- ?>
- </select>
- </td>
- </tr>
- <tr id="frheader">
- <td width="3%" class="list"> </td>
- <td width="5%" class="listhdr">SID</td>
- <td width="6%" class="listhdrr">Proto</td>
- <td width="15%" class="listhdrr">Source</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="15%" class="listhdrr">Destination</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="32%" class="listhdrr">Message</td>
- </tr>
- <?php
- foreach ( $splitcontents as $counter => $value )
- {
- $disabled = "False";
- $comments = "False";
- $findme = "# alert"; //find string for disabled alerts
- $disabled_pos = strstr($value, $findme);
-
- $counter2 = 1;
- $sid = get_middle($value, 'sid:', ';', 0);
- //check to see if the sid is numberical
- if (!is_numeric($sid))
- continue;
-
- //if find alert is false, then rule is disabled
- if ($disabled_pos !== false){
- $counter2 = $counter2+1;
- $textss = "<span class=\"gray\">";
- $textse = "</span>";
- $iconb = "icon_block_d.gif";
-
- $ischecked = "";
- } else {
- $textss = $textse = "";
- $iconb = "icon_block.gif";
-
- $ischecked = "checked";
- }
-
- $rule_content = explode(' ', $value);
-
- $protocol = $rule_content[$counter2];//protocol location
- $counter2++;
- $source = substr($rule_content[$counter2], 0, 20) . "...";//source location
- $counter2++;
- $source_port = $rule_content[$counter2];//source port location
- $counter2 = $counter2+2;
- $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location
- $counter2++;
- $destination_port = $rule_content[$counter2];//destination port location
-
- if (strstr($value, 'msg: "'))
- $message = get_middle($value, 'msg: "', '";', 0);
- else if (strstr($value, 'msg:"'))
- $message = get_middle($value, 'msg:"', '";', 0);
-
- echo "<tr><td class=\"listt\"> $textss\n";
- ?>
- <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>"
- width="10" height="10" border="0"
- title="click to toggle enabled/disabled status"></a>
- <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> -->
- <!-- TODO: add checkbox and save so that that disabling is nicer -->
- <?php
- echo "$textse
- </td>
- <td width='5%' class=\"listlr\">
- $textss
- $sid
- $textse
- </td>
- <td width='6%' class=\"listlr\">
- $textss
- $protocol";
- echo "$textse
- </td>
- <td width='20%' class=\"listlr\">
- $textss
- $source
- $textse
- </td>
- <td width='5%' class=\"listlr\">
- $textss
- $source_port
- $textse
- </td>
- <td width='20%' class=\"listlr\">
- $textss
- $destination
- $textse
- </td>
- <td width='5%' class=\"listlr\">
- $textss
- $destination_port
- $textse
- </td>
- <td width='30%' class=\"listbg\"><font color=\"white\">
- $textss
- $message
- $textse
- </td>";
- ?>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="javascript: void(0)"
- onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- title="edit rule" width="17" height="17" border="0"></a></td>
- <!-- Codes by Quackit.com -->
- </tr>
- </table>
- </td>
- <?php
- }
- ?>
-
- </table>
- </td>
- </tr>
- <tr>
- <td class="listlr">
- <?php echo " <strong><span class='red'>There are {$counter} rules in this category. <br/><br/></span></strong>"; ?>
- </td>
- </tr>
- <tr>
- <td>
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td width="16"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
- width="11" height="11"></td>
- <td>Rule Enabled</td>
- </tr>
- <tr>
- <td><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif"
- width="11" height="11"></td>
- <td nowrap>Rule Disabled</td>
- </tr>
- <tr>
- <!-- TODO: add save and cancel for checkbox options -->
- <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
- </tr>
- <tr>
- <td colspan="10">
- <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>-->
- </td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* + snort_rules.php + Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2008, 2009 Robert Zelaya + Copyright (C) 2011 Ermal Luci + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; +} + +if (isset($id) && $a_nat[$id]) { + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; +} + +/* convert fake interfaces to real */ +$if_real = snort_get_real_interface($pconfig['interface']); +$iface_uuid = $a_nat[$id]['uuid']; + +/* Check if the rules dir is empy if so warn the user */ +/* TODO give the user the option to delete the installed rules rules */ +if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules")) + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"); + +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); +if ($isrulesfolderempty == "") { + $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); + if ($isrulesfolderempty == "") { + include_once("head.inc"); + include_once("fbegin.inc"); + + echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; + + if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} + + echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n"; + + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); + echo "</td>\n + </tr>\n + <tr>\n + <td>\n + <div id=\"mainarea\">\n + <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n + # The rules directory is empty.\n + </td>\n + </tr>\n + </table>\n + </div>\n + </td>\n + </tr>\n + </table>\n + \n + </form>\n + \n + <p>\n\n"; + + echo "Please click on the Update Rules tab to install your selected rule sets."; + include("fend.inc"); + + echo "</body>"; + echo "</html>"; + + exit(0); + } else { + /* Make sure that we have the rules */ + mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); + } +} + +function get_middle($source, $beginning, $ending, $init_pos) { + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; +} + +function write_rule_file($content_changed, $received_file) +{ + @file_put_contents($received_file, implode("\n", $content_changed)); +} + +function load_rule_file($incoming_file) +{ + //read file into string, and get filesize + $contents = @file_get_contents($incoming_file); + + //split the contents of the string file into an array using the delimiter + return explode("\n", $contents); +} + +$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; +//$ruledir = "/usr/local/etc/snort/rules/"; +$dh = opendir($ruledir); +while (false !== ($filename = readdir($dh))) +{ + //only populate this array if its a rule file + $isrulefile = strstr($filename, ".rules"); + if ($isrulefile !== false) + $files[] = basename($filename); +} +sort($files); + +if ($_GET['openruleset']) + $rulefile = $_GET['openruleset']; +else + $rulefile = $ruledir.$files[0]; + +//Load the rule file +$splitcontents = load_rule_file($rulefile); + +if ($_GET['act'] == "toggle" && $_GET['ids']) { + + $lineid= $_GET['ids']; + + //copy rule contents from array into string + $tempstring = $splitcontents[$lineid]; + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + + $findme = "# alert"; //find string for disabled alerts + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) { + //rule has been enabled + $tempstring = substr($tempstring, 2); + } else + $tempstring = "# ". $tempstring; + + //copy string into array for writing + $splitcontents[$lineid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $rulefile); + + //write disable/enable sid to config.xml + $sid = get_middle($tempstring, 'sid:', ';', 0); + if (is_numeric($sid)) { + // rule_sid_on registers + if (!empty($a_nat[$id]['rule_sid_on'])) + $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); + if (!empty($a_nat[$id]['rule_sid_on'])) + $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); + if ($disabled === false) + $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; + else + $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; + } + + write_config(); + + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}"); + exit; +} + +$currentruleset = basename($rulefile); + +$ifname = strtoupper($pconfig['interface']); + +require_once("guiconfig.inc"); +include_once("head.inc"); + +$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("fbegin.inc"); +if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} + +echo "{$snort_general_css}\n"; +?> +<form action="snort_rules.php" method="post" name="iform" id="iform"> + +<script language="javascript" type="text/javascript"> +function go() +{ + var box = document.iform.selectbox; + destination = box.options[box.selectedIndex].value; + if (destination) + location.href = destination; +} +function popup(url) +{ + params = 'width='+screen.width; + params += ', height='+screen.height; + params += ', top=0, left=0' + params += ', fullscreen=yes'; + + newwin=window.open(url,'windowname4', params); + if (window.focus) {newwin.focus()} + return false; +} +</script> + +<table style="table-layout:fixed;" width="99%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea2"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listt" colspan="8"> + <br>Category: + <select id="selectbox" name="selectbox" class="formfld" onChange="go()"> + <?php + foreach ($files as $value) { + echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' "; + if ($value === $currentruleset) + echo "selected"; + echo ">{$value}</option>\n"; + } + ?> + </select> + </td> + </tr> + <tr id="frheader"> + <td width="3%" class="list"> </td> + <td width="5%" class="listhdr">SID</td> + <td width="6%" class="listhdrr">Proto</td> + <td width="15%" class="listhdrr">Source</td> + <td width="10%" class="listhdrr">Port</td> + <td width="15%" class="listhdrr">Destination</td> + <td width="10%" class="listhdrr">Port</td> + <td width="32%" class="listhdrr">Message</td> + </tr> + <?php + foreach ( $splitcontents as $counter => $value ) + { + $disabled = "False"; + $comments = "False"; + $findme = "# alert"; //find string for disabled alerts + $disabled_pos = strstr($value, $findme); + + $counter2 = 1; + $sid = get_middle($value, 'sid:', ';', 0); + //check to see if the sid is numberical + if (!is_numeric($sid)) + continue; + + //if find alert is false, then rule is disabled + if ($disabled_pos !== false){ + $counter2 = $counter2+1; + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + + $ischecked = ""; + } else { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + + $ischecked = "checked"; + } + + $rule_content = explode(' ', $value); + + $protocol = $rule_content[$counter2];//protocol location + $counter2++; + $source = substr($rule_content[$counter2], 0, 20) . "...";//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + if (strstr($value, 'msg: "')) + $message = get_middle($value, 'msg: "', '";', 0); + else if (strstr($value, 'msg:"')) + $message = get_middle($value, 'msg:"', '";', 0); + + echo "<tr><td class=\"listt\"> $textss\n"; + ?> + <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img + src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" + width="10" height="10" border="0" + title="click to toggle enabled/disabled status"></a> + <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> + <!-- TODO: add checkbox and save so that that disabling is nicer --> + <?php + echo "$textse + </td> + <td width='5%' class=\"listlr\"> + $textss + $sid + $textse + </td> + <td width='6%' class=\"listlr\"> + $textss + $protocol"; + echo "$textse + </td> + <td width='20%' class=\"listlr\"> + $textss + $source + $textse + </td> + <td width='5%' class=\"listlr\"> + $textss + $source_port + $textse + </td> + <td width='20%' class=\"listlr\"> + $textss + $destination + $textse + </td> + <td width='5%' class=\"listlr\"> + $textss + $destination_port + $textse + </td> + <td width='30%' class=\"listbg\"><font color=\"white\"> + $textss + $message + $textse + </td>"; + ?> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><a href="javascript: void(0)" + onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + title="edit rule" width="17" height="17" border="0"></a></td> + <!-- Codes by Quackit.com --> + </tr> + </table> + </td> + <?php + } + ?> + + </table> + </td> + </tr> + <tr> + <td class="listlr"> + <?php echo " <strong><span class='red'>There are {$counter} rules in this category. <br/><br/></span></strong>"; ?> + </td> + </tr> + <tr> + <td> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td width="16"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" + width="11" height="11"></td> + <td>Rule Enabled</td> + </tr> + <tr> + <td><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" + width="11" height="11"></td> + <td nowrap>Rule Disabled</td> + </tr> + <tr> + <!-- TODO: add save and cancel for checkbox options --> + <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> + </tr> + <tr> + <td colspan="10"> + <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>--> + </td> + </tr> + </table> + </td> + </tr> + </table> + </td> +</tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort-dev/snort_rules_edit.php b/config/snort-dev/snort_rules_edit.php index 6edc88c2..330630f4 100644 --- a/config/snort-dev/snort_rules_edit.php +++ b/config/snort-dev/snort_rules_edit.php @@ -1,188 +1,188 @@ -<?php
-/*
- snort_rules_edit.php
- Copyright (C) 2004, 2005 Scott Ullrich
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
- Copyright (C) 2006-2009 Volker Theile
-
- Adapted for Pfsense Snort package by Robert Zelaya
- Copyright (C) 2008-2009 Robert Zelaya
-
- Using dp.SyntaxHighlighter for syntax highlighting
- http://www.dreamprojections.com/SyntaxHighlighter
- Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-$ids = $_GET['ids'];
-if (isset($_POST['ids']))
- $ids = $_POST['ids'];
-
-if (isset($id) && $a_nat[$id]) {
- $pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
-}
-
-//get rule id
-$lineid = $_GET['ids'];
-if (isset($_POST['ids']))
- $lineid = $_POST['ids'];
-
-$file = $_GET['openruleset'];
-if (isset($_POST['openruleset']))
- $file = $_POST['openruleset'];
-
-//read file into string, and get filesize also chk for empty files
-$contents = '';
-if (filesize($file) > 0 )
- $contents = file_get_contents($file);
-
-//delimiter for each new rule is a new line
-$delimiter = "\n";
-
-//split the contents of the string file into an array using the delimiter
-$splitcontents = explode($delimiter, $contents);
-$findme = "# alert"; //find string for disabled alerts
-$highlight = "yes";
-if (strstr($splitcontents[$lineid], $findme))
- $highlight = "no";
-if ($highlight == "no")
- $splitcontents[$lineid] = substr($splitcontents[$lineid], 2);
-
-if (!function_exists('get_middle')) {
- function get_middle($source, $beginning, $ending, $init_pos) {
- $beginning_pos = strpos($source, $beginning, $init_pos);
- $middle_pos = $beginning_pos + strlen($beginning);
- $ending_pos = strpos($source, $ending, $beginning_pos);
- $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
- return $middle;
- }
-}
-
-if ($_POST) {
- if ($_POST['save']) {
-
- //copy string into file array for writing
- if ($_POST['highlight'] == "yes")
- $splitcontents[$lineid] = $_POST['code'];
- else
- $splitcontents[$lineid] = "# " . $_POST['code'];
-
- //write disable/enable sid to config.xml
- $sid = get_middle($splitcontents[$lineid], 'sid:', ';', 0);
- if (is_numeric($sid)) {
- // rule_sid_on registers
- if (!empty($a_nat[$id]['rule_sid_on']))
- $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']);
- if (!empty($a_nat[$id]['rule_sid_on']))
- $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']);
- if ($_POST['highlight'] == "yes")
- $a_nat[$id]['rule_sid_on'] = "||enablesid $sid" . $a_nat[$id]['rule_sid_on'];
- else
- $a_nat[$id]['rule_sid_off'] = "||disablesid $sid" . $a_nat[$id]['rule_sid_off'];
- }
-
- //write the new .rules file
- @file_put_contents($file, implode($delimiter, $splitcontents));
-
- write_config();
-
- echo "<script> opener.window.location.reload(); window.close(); </script>";
- exit;
- }
-}
-
-$pgtitle = array(gettext("Advanced"), gettext("File Editor"));
-
-?>
-
-<?php include("head.inc");?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<form action="snort_rules_edit.php" method="post">
- <?php if ($savemsg) print_info_box($savemsg); ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
- <td class="tabcont">
-
-
- <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
- <tr>
- <td>
- <input name="save" type="submit" class="formbtn" id="save" value="save" />
- <input type='hidden' name='id' value='<?=$id;?>' />
- <input type='hidden' name='ids' value='<?=$ids;?>' />
- <input type='hidden' name='openruleset' value='<?=$file;?>' />
- <input type="button" class="formbtn" value="Cancel" onclick="window.close()">
- <hr noshade="noshade" />
- Disable original rule :<br/>
-
- <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> />
- <label for="highlighting_enabled"><?=gettext("Enabled");?> </label>
- <input id="highlighting_disabled" name="highlight2" type="radio" value="no" <?php if($highlight == "no") echo " checked=\"checked\""; ?> />
- <label for="highlighting_disabled"> <?=gettext("Disabled");?></label>
- </td>
- </tr>
- <tr>
- <td valign="top" class="label">
- <textarea wrap="off" style="width: 98%; margin: 7px;"
- class="<?php echo $language; ?>:showcolumns" rows="3"
- cols="66" name="code"><?=$splitcontents[$lineid];?></textarea>
- </div>
- </td>
- </tr>
- <tr>
- <td valign="top" class="label">
- <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea disabled
- wrap="off" style="width: 98%; margin: 7px;"
- class="<?php echo $language; ?>:showcolumns" rows="33"
- cols="66" name="code2"><?=$contents;?></textarea>
- </div>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</form>
-<?php include("fend.inc");?>
-</body>
-</html>
+<?php +/* + snort_rules_edit.php + Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2011 Ermal Luci + All rights reserved. + + Adapted for FreeNAS by Volker Theile (votdev@gmx.de) + Copyright (C) 2006-2009 Volker Theile + + Adapted for Pfsense Snort package by Robert Zelaya + Copyright (C) 2008-2009 Robert Zelaya + + Using dp.SyntaxHighlighter for syntax highlighting + http://www.dreamprojections.com/SyntaxHighlighter + Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +$ids = $_GET['ids']; +if (isset($_POST['ids'])) + $ids = $_POST['ids']; + +if (isset($id) && $a_nat[$id]) { + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; +} + +//get rule id +$lineid = $_GET['ids']; +if (isset($_POST['ids'])) + $lineid = $_POST['ids']; + +$file = $_GET['openruleset']; +if (isset($_POST['openruleset'])) + $file = $_POST['openruleset']; + +//read file into string, and get filesize also chk for empty files +$contents = ''; +if (filesize($file) > 0 ) + $contents = file_get_contents($file); + +//delimiter for each new rule is a new line +$delimiter = "\n"; + +//split the contents of the string file into an array using the delimiter +$splitcontents = explode($delimiter, $contents); +$findme = "# alert"; //find string for disabled alerts +$highlight = "yes"; +if (strstr($splitcontents[$lineid], $findme)) + $highlight = "no"; +if ($highlight == "no") + $splitcontents[$lineid] = substr($splitcontents[$lineid], 2); + +if (!function_exists('get_middle')) { + function get_middle($source, $beginning, $ending, $init_pos) { + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; + } +} + +if ($_POST) { + if ($_POST['save']) { + + //copy string into file array for writing + if ($_POST['highlight'] == "yes") + $splitcontents[$lineid] = $_POST['code']; + else + $splitcontents[$lineid] = "# " . $_POST['code']; + + //write disable/enable sid to config.xml + $sid = get_middle($splitcontents[$lineid], 'sid:', ';', 0); + if (is_numeric($sid)) { + // rule_sid_on registers + if (!empty($a_nat[$id]['rule_sid_on'])) + $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); + if (!empty($a_nat[$id]['rule_sid_on'])) + $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); + if ($_POST['highlight'] == "yes") + $a_nat[$id]['rule_sid_on'] = "||enablesid $sid" . $a_nat[$id]['rule_sid_on']; + else + $a_nat[$id]['rule_sid_off'] = "||disablesid $sid" . $a_nat[$id]['rule_sid_off']; + } + + //write the new .rules file + @file_put_contents($file, implode($delimiter, $splitcontents)); + + write_config(); + + echo "<script> opener.window.location.reload(); window.close(); </script>"; + exit; + } +} + +$pgtitle = array(gettext("Advanced"), gettext("File Editor")); + +?> + +<?php include("head.inc");?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<form action="snort_rules_edit.php" method="post"> + <?php if ($savemsg) print_info_box($savemsg); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td class="tabcont"> + + + <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> + <tr> + <td> + <input name="save" type="submit" class="formbtn" id="save" value="save" /> + <input type='hidden' name='id' value='<?=$id;?>' /> + <input type='hidden' name='ids' value='<?=$ids;?>' /> + <input type='hidden' name='openruleset' value='<?=$file;?>' /> + <input type="button" class="formbtn" value="Cancel" onclick="window.close()"> + <hr noshade="noshade" /> + Disable original rule :<br/> + + <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> /> + <label for="highlighting_enabled"><?=gettext("Enabled");?> </label> + <input id="highlighting_disabled" name="highlight2" type="radio" value="no" <?php if($highlight == "no") echo " checked=\"checked\""; ?> /> + <label for="highlighting_disabled"> <?=gettext("Disabled");?></label> + </td> + </tr> + <tr> + <td valign="top" class="label"> + <textarea wrap="off" style="width: 98%; margin: 7px;" + class="<?php echo $language; ?>:showcolumns" rows="3" + cols="66" name="code"><?=$splitcontents[$lineid];?></textarea> + </div> + </td> + </tr> + <tr> + <td valign="top" class="label"> + <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea disabled + wrap="off" style="width: 98%; margin: 7px;" + class="<?php echo $language; ?>:showcolumns" rows="33" + cols="66" name="code2"><?=$contents;?></textarea> + </div> + </td> + </tr> + </table> + </td> +</tr> +</table> +</form> +<?php include("fend.inc");?> +</body> +</html> diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php index 3d55f773..313daea2 100644 --- a/config/snort-dev/snort_rulesets.php +++ b/config/snort-dev/snort_rulesets.php @@ -1,313 +1,313 @@ -<?php
-/* $Id$ */
-/*
- snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
- Copyright (C) 2011 Ermal Luci
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-global $g;
-
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
-}
-
-if (isset($id) && $a_nat[$id]) {
- $pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
-
- /* convert fake interfaces to real */
- $if_real = snort_get_real_interface($pconfig['interface']);
-
- $iface_uuid = $a_nat[$id]['uuid'];
-}
-
-$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories";
-
-
-/* Check if the rules dir is empy if so warn the user */
-/* TODO give the user the option to delete the installed rules rules */
-$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
-if ($isrulesfolderempty == "") {
- $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules");
- if ($isrulesfolderempty == "") {
- include_once("head.inc");
- include("fbegin.inc");
-
- echo "<p class=\"pgtitle\">";
- if($pfsense_stable == 'yes'){echo $pgtitle;}
- echo "</p>\n";
-
- echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-
- echo "
- <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr><td>\n";
-
- $tab_array = array();
- $tabid = 0;
- $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tabid++;
- $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
- echo "
- </td></tr>
- <tr>\n
- <td>\n
- <div id=\"mainarea\">\n
- <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n
- # The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n
- </td>\n
- </tr>\n
- </table>\n
- </div>\n
- </td>\n
- </tr>\n
- </table>\n
- \n
- </form>\n
- \n
- <p>\n\n";
-
- echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty";
- include("fend.inc");
-
- echo "</body>";
- echo "</html>";
-
- exit(0);
- } else {
- /* Make sure that we have the rules */
- mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true);
- }
-}
-
-/* alert file */
-$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty";
-if ($_POST["Submit"]) {
- $enabled_items = "";
- $isfirst = true;
- if (is_array($_POST['toenable']))
- $enabled_items = implode("||", $_POST['toenable']);
- else
- $enabled_items = $_POST['toenable'];
- $a_nat[$id]['rulesets'] = $enabled_items;
-
- write_config();
- sync_snort_package_config();
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
-}
-
-$enabled_rulesets = $a_nat[$id]['rulesets'];
-if($enabled_rulesets)
- $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
-
-include_once("head.inc");
-
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-
-<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php
-echo "{$snort_general_css}\n";
-?>
-
-<div class="body2">
-
-<noscript>
-<div class="alert" ALIGN=CENTER><img
- src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
-enable JavaScript to view this content
-</CENTER></div>
-</noscript>
-
-<?php
-
-echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
-
-?> <?php
-
-/* Display message */
-
-if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
-}
-
-if ($savemsg) {
- print_info_box2($savemsg);
-}
-
-if (file_exists($d_snortconfdirty_path)) {
- echo '<p>';
-
- if($savemsg) {
- print_info_box_np2("{$savemsg}");
- }else{
- print_info_box_np2('
- The Snort configuration has changed and snort needs to be restarted on this interface.<br>
- You must apply the changes in order for them to take effect.<br>
- ');
- }
-}
-
-?>
-
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tabid = 0;
- $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tabid++;
- $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tabid++;
- $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
-?>
-</td></tr>
- <tr>
- <td>
- <div id="mainarea2">
- <table id="maintable" class="tabcont" width="100%" border="0"
- cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0"
- cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">Enabled</td>
- <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on 64 bit architectures.';}?></td>
- <!-- <td class="listhdrr">Description</td> -->
- </tr>
- <?php
- $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
- $dh = opendir($dir);
- while (false !== ($filename = readdir($dh))) {
- $files[] = basename($filename);
- }
- sort($files);
- foreach($files as $file) {
- if(!stristr($file, ".rules"))
- continue;
- echo "<tr>\n";
- echo "<td align=\"center\" valign=\"top\">";
- if(is_array($enabled_rulesets_array))
- if(in_array($file, $enabled_rulesets_array)) {
- $CHECKED = " checked=\"checked\"";
- } else {
- $CHECKED = "";
- }
- else
- $CHECKED = "";
- echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n";
- echo "</td>\n";
- echo "<td>\n";
- echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
- echo "</td>\n</tr>\n\n";
- //echo "<td>";
- //echo "description";
- //echo "</td>";
- }
-
- ?>
- </table>
- </td>
- </tr>
- <tr>
- <td> </td>
- </tr>
- <tr>
- <td>Check the rulesets that you would like Snort to load at startup.</td>
- </tr>
- <tr>
- <td> </td>
- </tr>
- <tr>
- <td><input value="Save" type="submit" name="Submit" id="Submit" /></td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-
-</form>
-
-<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.</p>
-
-</div>
-
-<?php
-include("fend.inc");
-echo $snort_custom_rnd_box;
-?>
-
-</body>
-</html>
+<?php +/* $Id$ */ +/* + snort_rulesets.php + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya + Copyright (C) 2011 Ermal Luci + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; +} + +if (isset($id) && $a_nat[$id]) { + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + + /* convert fake interfaces to real */ + $if_real = snort_get_real_interface($pconfig['interface']); + + $iface_uuid = $a_nat[$id]['uuid']; +} + +$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories"; + + +/* Check if the rules dir is empy if so warn the user */ +/* TODO give the user the option to delete the installed rules rules */ +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); +if ($isrulesfolderempty == "") { + $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); + if ($isrulesfolderempty == "") { + include_once("head.inc"); + include("fbegin.inc"); + + echo "<p class=\"pgtitle\">"; + if($pfsense_stable == 'yes'){echo $pgtitle;} + echo "</p>\n"; + + echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; + + echo " + <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr><td>\n"; + + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); + echo " + </td></tr> + <tr>\n + <td>\n + <div id=\"mainarea\">\n + <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n + # The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n + </td>\n + </tr>\n + </table>\n + </div>\n + </td>\n + </tr>\n + </table>\n + \n + </form>\n + \n + <p>\n\n"; + + echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty"; + include("fend.inc"); + + echo "</body>"; + echo "</html>"; + + exit(0); + } else { + /* Make sure that we have the rules */ + mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); + } +} + +/* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty"; +if ($_POST["Submit"]) { + $enabled_items = ""; + $isfirst = true; + if (is_array($_POST['toenable'])) + $enabled_items = implode("||", $_POST['toenable']); + else + $enabled_items = $_POST['toenable']; + $a_nat[$id]['rulesets'] = $enabled_items; + + write_config(); + sync_snort_package_config(); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_rulesets.php?id=$id"); + exit; +} + +$enabled_rulesets = $a_nat[$id]['rulesets']; +if($enabled_rulesets) + $enabled_rulesets_array = split("\|\|", $enabled_rulesets); + +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php include("fbegin.inc"); ?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<?php +echo "{$snort_general_css}\n"; +?> + +<div class="body2"> + +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> + +<?php + +echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; + +?> <?php + +/* Display message */ + +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} + +if ($savemsg) { + print_info_box2($savemsg); +} + +if (file_exists($d_snortconfdirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } +} + +?> + +<table width="99%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> + <tr> + <td> + <div id="mainarea2"> + <table id="maintable" class="tabcont" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="sortabletable1" class="sortable" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="listhdrr">Enabled</td> + <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on 64 bit architectures.';}?></td> + <!-- <td class="listhdrr">Description</td> --> + </tr> + <?php + $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; + $dh = opendir($dir); + while (false !== ($filename = readdir($dh))) { + $files[] = basename($filename); + } + sort($files); + foreach($files as $file) { + if(!stristr($file, ".rules")) + continue; + echo "<tr>\n"; + echo "<td align=\"center\" valign=\"top\">"; + if(is_array($enabled_rulesets_array)) + if(in_array($file, $enabled_rulesets_array)) { + $CHECKED = " checked=\"checked\""; + } else { + $CHECKED = ""; + } + else + $CHECKED = ""; + echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; + echo "</td>\n</tr>\n\n"; + //echo "<td>"; + //echo "description"; + //echo "</td>"; + } + + ?> + </table> + </td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td>Check the rulesets that you would like Snort to load at startup.</td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td><input value="Save" type="submit" name="Submit" id="Submit" /></td> + </tr> + </table> + </div> + </td> + </tr> +</table> + +</form> + +<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.</p> + +</div> + +<?php +include("fend.inc"); +echo $snort_custom_rnd_box; +?> + +</body> +</html> |