aboutsummaryrefslogtreecommitdiffstats
path: root/packages/snort
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2006-09-25 22:05:00 +0000
committerScott Ullrich <sullrich@pfsense.org>2006-09-25 22:05:00 +0000
commite65fce8237476ef658e15ade14f2f711de63f489 (patch)
tree45e42ef1c05828694727b0a56168c071164bf4dd /packages/snort
parent4c93431b7a8fecef2453347aafc7b13858d0f89b (diff)
downloadpfsense-packages-e65fce8237476ef658e15ade14f2f711de63f489.tar.gz
pfsense-packages-e65fce8237476ef658e15ade14f2f711de63f489.tar.bz2
pfsense-packages-e65fce8237476ef658e15ade14f2f711de63f489.zip
* Add file that allows Snort rule selection
* Use rule selection items
Diffstat (limited to 'packages/snort')
-rw-r--r--packages/snort/snort.inc118
-rw-r--r--packages/snort/snort.xml9
-rw-r--r--packages/snort/snort_download_rules.php1
-rw-r--r--packages/snort/snort_rulesets.php147
4 files changed, 170 insertions, 105 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc
index da78cf15..1d91b59f 100644
--- a/packages/snort/snort.inc
+++ b/packages/snort/snort.inc
@@ -44,6 +44,13 @@ function sync_package_snort() {
"stop" => "/usr/bin/killall snort; killall snort2c"
)
);
+
+ create_snort_conf();
+
+ start_service("snort");
+}
+
+function create_snort_conf() {
/* write out snort.conf */
$snort_conf = generate_snort_conf();
$conf = fopen("/usr/local/etc/snort/snort.conf","w");
@@ -53,7 +60,6 @@ function sync_package_snort() {
}
fwrite($conf, $snort_conf);
fclose($conf);
- start_service("snort");
}
function generate_snort_conf() {
@@ -103,6 +109,12 @@ function generate_snort_conf() {
/* XXX: generate rule section dynamically from config.xml information
*/
$selected_rules_sections = "";
+ $enabled_rulesets = $config['installedpackages']['snort']['config'][0]['rulesets'];
+ if($enabled_rulesets)
+ $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+
+ foreach($enabled_rulesets_array as $enabled_item)
+ $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
/* build snort configuration file */
$snort_conf = <<<EOD
@@ -195,112 +207,8 @@ include classification.config
include reference.config
#Rulesets, all optional
-
{$selected_rules_sections}
-# XXX: axe below, use $selected_rules_sections
-
-#General
-#include \$RULE_PATH/bleeding.rules
-include \$RULE_PATH/ftp.rules
-include \$RULE_PATH/telnet.rules
-include \$RULE_PATH/dns.rules
-include \$RULE_PATH/tftp.rules
-include \$RULE_PATH/x11.rules
-include \$RULE_PATH/misc.rules
-include \$RULE_PATH/nntp.rules
-include \$RULE_PATH/other-ids.rules
-# include $RULE_PATH/shellcode.rules
-#include \$RULE_PATH/community-ftp.rules
-#include \$RULE_PATH/community-misc.rules
-
-#Mostly Spyware
-#include \$RULE_PATH/bleeding-malware.rules
-
-#Network issues
-include \$RULE_PATH/bad-traffic.rules
-include \$RULE_PATH/snmp.rules
-
-#Exploits and direct attacks
-include \$RULE_PATH/exploit.rules
-
-#Scans and recon
-include \$RULE_PATH/scan.rules
-#include \$RULE_PATH/bleeding-scan.rules
-
-#Unusual stuff
-include \$RULE_PATH/finger.rules
-
-#R-services, etc
-include \$RULE_PATH/rpc.rules
-include \$RULE_PATH/rservices.rules
-
-#DOS
-include \$RULE_PATH/dos.rules
-include \$RULE_PATH/ddos.rules
-#include \$RULE_PATH/bleeding-dos.rules
-
-#Web issues
-include \$RULE_PATH/web-cgi.rules
-include \$RULE_PATH/web-coldfusion.rules
-include \$RULE_PATH/web-iis.rules
-include \$RULE_PATH/web-frontpage.rules
-include \$RULE_PATH/web-misc.rules
-include \$RULE_PATH/web-client.rules
-include \$RULE_PATH/web-php.rules
-include \$RULE_PATH/web-attacks.rules
-#include \$RULE_PATH/bleeding-web.rules
-#include \$RULE_PATH/community-web-cgi.rules
-#include \$RULE_PATH/community-web-client.rules
-#include \$RULE_PATH/community-web-dos.rules
-#include \$RULE_PATH/community-web-misc.rules
-
-#SQL and DB sigs
-include \$RULE_PATH/sql.rules
-include \$RULE_PATH/oracle.rules
-include \$RULE_PATH/mysql.rules
-#include \$RULE_PATH/community-sql-injection.rules
-
-#Informational stuff
-#include $RULE_PATH/icmp.rules
-include \$RULE_PATH/info.rules
-# include $RULE_PATH/icmp-info.rules
-
-#Windows stuff
-include \$RULE_PATH/netbios.rules
-
-#Compromise responses
-include \$RULE_PATH/attack-responses.rules
-#include \$RULE_PATH/bleeding-attack_response.rules
-
-#Mail sigs
-include \$RULE_PATH/smtp.rules
-include \$RULE_PATH/imap.rules
-include \$RULE_PATH/pop2.rules
-include \$RULE_PATH/pop3.rules
-#include \$RULE_PATH/community-mail-client.rules
-
-#Trojans, Viruses, and spyware
-include \$RULE_PATH/backdoor.rules
-include \$RULE_PATH/virus.rules
-#include \$RULE_PATH/bleeding-virus.rules
-#include \$RULE_PATH/community-virus.rules
-
-#Policy Sigs
-include \$RULE_PATH/policy.rules
-include \$RULE_PATH/porn.rules
-include \$RULE_PATH/chat.rules
-include \$RULE_PATH/p2p.rules
-include \$RULE_PATH/multimedia.rules
-#include \$RULE_PATH/bleeding-policy.rules
-#include \$RULE_PATH/bleeding-p2p.rules
-#include \$RULE_PATH/bleeding-inappropriate.rules
-#include \$RULE_PATH/community-game.rules
-#include \$RULE_PATH/community-inappropriate.rules
-
-#Experimental
-include \$RULE_PATH/experimental.rules
-
EOD;
return $snort_conf;
diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml
index ed33adfe..667a1abe 100644
--- a/packages/snort/snort.xml
+++ b/packages/snort/snort.xml
@@ -24,6 +24,11 @@
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item>
+ </additional_files_needed>
<service>
<name>snort</name>
<rcfile>snort.sh</rcfile>
@@ -40,6 +45,10 @@
<text>Update Snort Rules</text>
<url>/snort_download_rules.php</url>
</tab>
+ <tab>
+ <text>Snort Rulesets</text>
+ <url>/snort_rulesets.php</url>
+ </tab>
</tabs>
<fields>
<field>
diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php
index ca91b608..7e7761c5 100644
--- a/packages/snort/snort_download_rules.php
+++ b/packages/snort/snort_download_rules.php
@@ -59,6 +59,7 @@ include("head.inc");
$tab_array = array();
$tab_array[0] = array(gettext("Snort Settings"), false, "pkg.php?xml=snort.xml");
$tab_array[1] = array(gettext("Snort Rules Update"), true, "/usr/local/www/snort_download_rules.php");
+ $tab_array[2] = array(gettext("Snort Rulesets"), false, "/usr/local/www/snort_rulesets.php");
display_top_tabs($tab_array);
?>
</td>
diff --git a/packages/snort/snort_rulesets.php b/packages/snort/snort_rulesets.php
new file mode 100644
index 00000000..de8092c8
--- /dev/null
+++ b/packages/snort/snort_rulesets.php
@@ -0,0 +1,147 @@
+<?php
+/* $Id$ */
+/*
+ snort_rulesets.php
+ Copyright (C) 2006 Scott Ullrich
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/snort.inc");
+
+if($_POST) {
+ $enabled_items = "";
+ $isfirst = true;
+ foreach($_POST['toenable'] as $toenable) {
+ if(!$isfirst)
+ $enabled_items .= "||";
+ $enabled_items .= "{$toenable}";
+ $isfirst = false;
+ }
+ $config['installedpackages']['snort']['config'][0]['rulesets'] = $enabled_items;
+ write_config();
+ create_snort_conf();
+ $savemsg = "The snort ruleset selections have been saved.";
+}
+
+$enabled_rulesets = $config['installedpackages']['snort']['config'][0]['rulesets'];
+if($enabled_rulesets)
+ $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+
+$pgtitle = "Snort: Snort Rulesets";
+include("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></font></p>
+<form action="snort_rulesets.php" method="post" name="iform">
+<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
+<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script>
+<script type="text/javascript" language="javascript" src="row_toggle.js"></script>
+<script src="/javascript/sorttable.js"></script>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Settings"), false, "pkg.php?xml=snort.xml");
+ $tab_array[1] = array(gettext("Snort Rules Update"), false, "/usr/local/www/snort_download_rules.php");
+ $tab_array[2] = array(gettext("Snort Rulesets"), true, "/usr/local/www/snort_rulesets.php");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" name="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" name="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Enabled</td>
+ <td class="listhdrr">Ruleset</td>
+ <!-- <td class="listhdrr">Description</td> -->
+ </tr>
+<?php
+ $dir = "/usr/local/etc/snort/rules/";
+ $dh = opendir($dir);
+ while (false !== ($filename = readdir($dh))) {
+ $files[] = $filename;
+ }
+ sort($files);
+ foreach($files as $file) {
+ if(!stristr($file, ".rules"))
+ continue;
+ echo "<tr>";
+ echo "<td><center>";
+ if(in_array($file, $enabled_rulesets_array)) {
+ $CHECKED = " CHECKED";
+ } else {
+ $CHECKED = "";
+ }
+ echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED}>";
+ echo "</center></td>";
+ echo "<td>";
+ echo "{$file}";
+ echo "</td>";
+ //echo "<td>";
+ //echo "description";
+ //echo "</td>";
+ }
+
+?>
+ </table>
+ </td>
+ </tr>
+ <tr><td>&nbsp;</td></tr>
+ <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr>
+ <tr><td>&nbsp;</td></tr>
+ <tr><td><input value="Save" type="submit"></td></tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+</form>
+
+<br>
+
+<?php include("fend.inc"); ?>
+
+</body>
+</html>
+
+<?php
+
+ function get_snort_rule_file_description($filename) {
+ $filetext = file_get_contents($filename);
+
+ }
+
+?> \ No newline at end of file