diff options
-rw-r--r-- | config/snort/snort_define_servers.xml | 364 | ||||
-rw-r--r-- | config/snort/snort_threshold.xml | 129 |
2 files changed, 493 insertions, 0 deletions
diff --git a/config/snort/snort_define_servers.xml b/config/snort/snort_define_servers.xml new file mode 100644 index 00000000..7df880d0 --- /dev/null +++ b/config/snort/snort_define_servers.xml @@ -0,0 +1,364 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>SnortDefServers</name> + <version>none</version> + <title>Services: Snort Define Servers</title> + <include_file>/usr/local/pkg/snort.inc</include_file> + <tabs> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=snort.xml&id=0</url> + </tab> + <tab> + <text>Update Rules</text> + <url>/snort_download_rules.php</url> + </tab> + <tab> + <text>Categories</text> + <url>/snort_rulesets.php</url> + </tab> + <tab> + <text>Rules</text> + <url>/snort_rules.php</url> + </tab> + <tab> + <text>Servers</text> + <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Blocked</text> + <url>/snort_blocked.php</url> + </tab> + <tab> + <text>Whitelist</text> + <url>/pkg.php?xml=snort_whitelist.xml</url> + </tab> + <tab> + <text>Threshold</text> + <url>/pkg.php?xml=snort_threshold.xml</url> + </tab> + <tab> + <text>Alerts</text> + <url>/snort_alerts.php</url> + </tab> + <tab> + <text>Advanced</text> + <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <fielddescr>Define DNS_SERVERS</fielddescr> + <fieldname>def_dns_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define DNS_PORTS</fielddescr> + <fieldname>def_dns_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define SMTP_SERVERS</fielddescr> + <fieldname>def_smtp_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define SMTP_PORTS</fielddescr> + <fieldname>def_smtp_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define Mail_Ports</fielddescr> + <fieldname>def_mail_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define HTTP_SERVERS</fielddescr> + <fieldname>def_http_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define WWW_SERVERS</fielddescr> + <fieldname>def_www_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define HTTP_PORTS</fielddescr> + <fieldname>def_http_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define SQL_SERVERS</fielddescr> + <fieldname>def_sql_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define ORACLE_PORTS</fielddescr> + <fieldname>def_oracle_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define MSSQL_PORTS</fielddescr> + <fieldname>def_mssql_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define TELNET_SERVERS</fielddescr> + <fieldname>def_telnet_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define TELNET_PORTS</fielddescr> + <fieldname>def_telnet_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define SNMP_SERVERS</fielddescr> + <fieldname>def_snmp_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define SNMP_PORTS</fielddescr> + <fieldname>def_snmp_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define FTP_SERVERS</fielddescr> + <fieldname>def_ftp_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define FTP_PORTS</fielddescr> + <fieldname>def_ftp_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define SSH_SERVERS</fielddescr> + <fieldname>def_ssh_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define SSH_PORTS</fielddescr> + <fieldname>def_ssh_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define POP_SERVERS</fielddescr> + <fieldname>def_pop_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define POP2_PORTS</fielddescr> + <fieldname>def_pop2_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define POP3_PORTS</fielddescr> + <fieldname>def_pop3_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define IMAP_SERVERS</fielddescr> + <fieldname>def_imap_servers</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define IMAP_PORTS</fielddescr> + <fieldname>def_imap_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define SIP_PROXY_IP</fielddescr> + <fieldname>def_sip_proxy_ip</fieldname> + <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> + <type>input</type> + <size>101</size> + <value></value> + </field> + <field> + <fielddescr>Define SIP_PROXY_PORTS</fielddescr> + <fieldname>def_sip_proxy_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define AUTH_PORTS</fielddescr> + <fieldname>def_auth_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define FINGER_PORTS</fielddescr> + <fieldname>def_finger_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define IRC_PORTS</fielddescr> + <fieldname>def_irc_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define NNTP_PORTS</fielddescr> + <fieldname>def_nntp_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define RLOGIN_PORTS</fielddescr> + <fieldname>def_rlogin_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define RSH_PORTS</fielddescr> + <fieldname>def_rsh_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + <field> + <fielddescr>Define SSL_PORTS</fielddescr> + <fieldname>def_ssl_ports</fieldname> + <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</description> + <type>input</type> + <size>43</size> + <value></value> + </field> + </fields> + <custom_php_deinstall_command> + snort_define_servers(); + </custom_php_deinstall_command> +</packagegui> diff --git a/config/snort/snort_threshold.xml b/config/snort/snort_threshold.xml new file mode 100644 index 00000000..f9075d3d --- /dev/null +++ b/config/snort/snort_threshold.xml @@ -0,0 +1,129 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>snort-threshold</name> + <version>0.1.0</version> + <title>Snort: Alert Thresholding and Suppression</title> + <include_file>/usr/local/pkg/snort.inc</include_file> + <!-- Menu is where this packages menu will appear --> + <tabs> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=snort.xml&id=0</url> + </tab> + <tab> + <text>Update Rules</text> + <url>/snort_download_rules.php</url> + </tab> + <tab> + <text>Categories</text> + <url>/snort_rulesets.php</url> + </tab> + <tab> + <text>Rules</text> + <url>/snort_rules.php</url> + </tab> + <tab> + <text>Servers</text> + <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> + </tab> + <tab> + <text>Blocked</text> + <url>/snort_blocked.php</url> + </tab> + <tab> + <text>Whitelist</text> + <url>/pkg.php?xml=snort_whitelist.xml</url> + </tab> + <tab> + <text>Threshold</text> + <url>/pkg.php?xml=snort_threshold.xml</url> + <active/> + </tab> + <tab> + <text>Alerts</text> + <url>/snort_alerts.php</url> + </tab> + <tab> + <text>Advanced</text> + <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Thresholding or Suppression Rule</fielddescr> + <fieldname>threshrule</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fielddescr>Thresholding or Suppression Rule</fielddescr> + <fieldname>threshrule</fieldname> + <description>Enter the Rule. Example; "suppress gen_id 125, sig_id 4" or "threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60"</description> + <type>input</type> + <size>40</size> + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>Enter the description for this item</description> + <type>input</type> + <size>60</size> + </field> + </fields> + <custom_php_command_before_form> + </custom_php_command_before_form> + <custom_delete_php_command> + </custom_delete_php_command> + <custom_php_resync_config_command> + create_snort_conf(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file |