diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-09-25 22:05:00 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-09-25 22:05:00 +0000 |
| commit | e65fce8237476ef658e15ade14f2f711de63f489 (patch) | |
| tree | 45e42ef1c05828694727b0a56168c071164bf4dd /packages | |
| parent | 4c93431b7a8fecef2453347aafc7b13858d0f89b (diff) | |
| download | pfsense-packages-e65fce8237476ef658e15ade14f2f711de63f489.tar.gz pfsense-packages-e65fce8237476ef658e15ade14f2f711de63f489.tar.bz2 pfsense-packages-e65fce8237476ef658e15ade14f2f711de63f489.zip | |
* Add file that allows Snort rule selection
* Use rule selection items
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/snort/snort.inc | 118 | ||||
| -rw-r--r-- | packages/snort/snort.xml | 9 | ||||
| -rw-r--r-- | packages/snort/snort_download_rules.php | 1 | ||||
| -rw-r--r-- | packages/snort/snort_rulesets.php | 147 |
4 files changed, 170 insertions, 105 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index da78cf15..1d91b59f 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -44,6 +44,13 @@ function sync_package_snort() { "stop" => "/usr/bin/killall snort; killall snort2c" ) ); + + create_snort_conf(); + + start_service("snort"); +} + +function create_snort_conf() { /* write out snort.conf */ $snort_conf = generate_snort_conf(); $conf = fopen("/usr/local/etc/snort/snort.conf","w"); @@ -53,7 +60,6 @@ function sync_package_snort() { } fwrite($conf, $snort_conf); fclose($conf); - start_service("snort"); } function generate_snort_conf() { @@ -103,6 +109,12 @@ function generate_snort_conf() { /* XXX: generate rule section dynamically from config.xml information */ $selected_rules_sections = ""; + $enabled_rulesets = $config['installedpackages']['snort']['config'][0]['rulesets']; + if($enabled_rulesets) + $enabled_rulesets_array = split("\|\|", $enabled_rulesets); + + foreach($enabled_rulesets_array as $enabled_item) + $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; /* build snort configuration file */ $snort_conf = <<<EOD @@ -195,112 +207,8 @@ include classification.config include reference.config #Rulesets, all optional - {$selected_rules_sections} -# XXX: axe below, use $selected_rules_sections - -#General -#include \$RULE_PATH/bleeding.rules -include \$RULE_PATH/ftp.rules -include \$RULE_PATH/telnet.rules -include \$RULE_PATH/dns.rules -include \$RULE_PATH/tftp.rules -include \$RULE_PATH/x11.rules -include \$RULE_PATH/misc.rules -include \$RULE_PATH/nntp.rules -include \$RULE_PATH/other-ids.rules -# include $RULE_PATH/shellcode.rules -#include \$RULE_PATH/community-ftp.rules -#include \$RULE_PATH/community-misc.rules - -#Mostly Spyware -#include \$RULE_PATH/bleeding-malware.rules - -#Network issues -include \$RULE_PATH/bad-traffic.rules -include \$RULE_PATH/snmp.rules - -#Exploits and direct attacks -include \$RULE_PATH/exploit.rules - -#Scans and recon -include \$RULE_PATH/scan.rules -#include \$RULE_PATH/bleeding-scan.rules - -#Unusual stuff -include \$RULE_PATH/finger.rules - -#R-services, etc -include \$RULE_PATH/rpc.rules -include \$RULE_PATH/rservices.rules - -#DOS -include \$RULE_PATH/dos.rules -include \$RULE_PATH/ddos.rules -#include \$RULE_PATH/bleeding-dos.rules - -#Web issues -include \$RULE_PATH/web-cgi.rules -include \$RULE_PATH/web-coldfusion.rules -include \$RULE_PATH/web-iis.rules -include \$RULE_PATH/web-frontpage.rules -include \$RULE_PATH/web-misc.rules -include \$RULE_PATH/web-client.rules -include \$RULE_PATH/web-php.rules -include \$RULE_PATH/web-attacks.rules -#include \$RULE_PATH/bleeding-web.rules -#include \$RULE_PATH/community-web-cgi.rules -#include \$RULE_PATH/community-web-client.rules -#include \$RULE_PATH/community-web-dos.rules -#include \$RULE_PATH/community-web-misc.rules - -#SQL and DB sigs -include \$RULE_PATH/sql.rules -include \$RULE_PATH/oracle.rules -include \$RULE_PATH/mysql.rules -#include \$RULE_PATH/community-sql-injection.rules - -#Informational stuff -#include $RULE_PATH/icmp.rules -include \$RULE_PATH/info.rules -# include $RULE_PATH/icmp-info.rules - -#Windows stuff -include \$RULE_PATH/netbios.rules - -#Compromise responses -include \$RULE_PATH/attack-responses.rules -#include \$RULE_PATH/bleeding-attack_response.rules - -#Mail sigs -include \$RULE_PATH/smtp.rules -include \$RULE_PATH/imap.rules -include \$RULE_PATH/pop2.rules -include \$RULE_PATH/pop3.rules -#include \$RULE_PATH/community-mail-client.rules - -#Trojans, Viruses, and spyware -include \$RULE_PATH/backdoor.rules -include \$RULE_PATH/virus.rules -#include \$RULE_PATH/bleeding-virus.rules -#include \$RULE_PATH/community-virus.rules - -#Policy Sigs -include \$RULE_PATH/policy.rules -include \$RULE_PATH/porn.rules -include \$RULE_PATH/chat.rules -include \$RULE_PATH/p2p.rules -include \$RULE_PATH/multimedia.rules -#include \$RULE_PATH/bleeding-policy.rules -#include \$RULE_PATH/bleeding-p2p.rules -#include \$RULE_PATH/bleeding-inappropriate.rules -#include \$RULE_PATH/community-game.rules -#include \$RULE_PATH/community-inappropriate.rules - -#Experimental -include \$RULE_PATH/experimental.rules - EOD; return $snort_conf; diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml index ed33adfe..667a1abe 100644 --- a/packages/snort/snort.xml +++ b/packages/snort/snort.xml @@ -24,6 +24,11 @@ <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item> + </additional_files_needed> <service> <name>snort</name> <rcfile>snort.sh</rcfile> @@ -40,6 +45,10 @@ <text>Update Snort Rules</text> <url>/snort_download_rules.php</url> </tab> + <tab> + <text>Snort Rulesets</text> + <url>/snort_rulesets.php</url> + </tab> </tabs> <fields> <field> diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php index ca91b608..7e7761c5 100644 --- a/packages/snort/snort_download_rules.php +++ b/packages/snort/snort_download_rules.php @@ -59,6 +59,7 @@ include("head.inc"); $tab_array = array(); $tab_array[0] = array(gettext("Snort Settings"), false, "pkg.php?xml=snort.xml"); $tab_array[1] = array(gettext("Snort Rules Update"), true, "/usr/local/www/snort_download_rules.php"); + $tab_array[2] = array(gettext("Snort Rulesets"), false, "/usr/local/www/snort_rulesets.php"); display_top_tabs($tab_array); ?> </td> diff --git a/packages/snort/snort_rulesets.php b/packages/snort/snort_rulesets.php new file mode 100644 index 00000000..de8092c8 --- /dev/null +++ b/packages/snort/snort_rulesets.php @@ -0,0 +1,147 @@ +<?php +/* $Id$ */ +/* + snort_rulesets.php + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require("/usr/local/pkg/snort.inc"); + +if($_POST) { + $enabled_items = ""; + $isfirst = true; + foreach($_POST['toenable'] as $toenable) { + if(!$isfirst) + $enabled_items .= "||"; + $enabled_items .= "{$toenable}"; + $isfirst = false; + } + $config['installedpackages']['snort']['config'][0]['rulesets'] = $enabled_items; + write_config(); + create_snort_conf(); + $savemsg = "The snort ruleset selections have been saved."; +} + +$enabled_rulesets = $config['installedpackages']['snort']['config'][0]['rulesets']; +if($enabled_rulesets) + $enabled_rulesets_array = split("\|\|", $enabled_rulesets); + +$pgtitle = "Snort: Snort Rulesets"; +include("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></font></p> +<form action="snort_rulesets.php" method="post" name="iform"> +<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> +<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script> +<script type="text/javascript" language="javascript" src="row_toggle.js"></script> +<script src="/javascript/sorttable.js"></script> +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="99%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Settings"), false, "pkg.php?xml=snort.xml"); + $tab_array[1] = array(gettext("Snort Rules Update"), false, "/usr/local/www/snort_download_rules.php"); + $tab_array[2] = array(gettext("Snort Rulesets"), true, "/usr/local/www/snort_rulesets.php"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table id="maintable" name="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="sortabletable1" name="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="listhdrr">Enabled</td> + <td class="listhdrr">Ruleset</td> + <!-- <td class="listhdrr">Description</td> --> + </tr> +<?php + $dir = "/usr/local/etc/snort/rules/"; + $dh = opendir($dir); + while (false !== ($filename = readdir($dh))) { + $files[] = $filename; + } + sort($files); + foreach($files as $file) { + if(!stristr($file, ".rules")) + continue; + echo "<tr>"; + echo "<td><center>"; + if(in_array($file, $enabled_rulesets_array)) { + $CHECKED = " CHECKED"; + } else { + $CHECKED = ""; + } + echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED}>"; + echo "</center></td>"; + echo "<td>"; + echo "{$file}"; + echo "</td>"; + //echo "<td>"; + //echo "description"; + //echo "</td>"; + } + +?> + </table> + </td> + </tr> + <tr><td> </td></tr> + <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr> + <tr><td> </td></tr> + <tr><td><input value="Save" type="submit"></td></tr> + </table> + </div> + </td> + </tr> +</table> + +</form> + +<br> + +<?php include("fend.inc"); ?> + +</body> +</html> + +<?php + + function get_snort_rule_file_description($filename) { + $filetext = file_get_contents($filename); + + } + +?>
\ No newline at end of file |