aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/snort/snort_define_servers.xml364
-rw-r--r--config/snort/snort_threshold.xml129
2 files changed, 493 insertions, 0 deletions
diff --git a/config/snort/snort_define_servers.xml b/config/snort/snort_define_servers.xml
new file mode 100644
index 00000000..7df880d0
--- /dev/null
+++ b/config/snort/snort_define_servers.xml
@@ -0,0 +1,364 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2007 to whom it may belong
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>SnortDefServers</name>
+ <version>none</version>
+ <title>Services: Snort Define Servers</title>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
+ <tabs>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Update Rules</text>
+ <url>/snort_download_rules.php</url>
+ </tab>
+ <tab>
+ <text>Categories</text>
+ <url>/snort_rulesets.php</url>
+ </tab>
+ <tab>
+ <text>Rules</text>
+ <url>/snort_rules.php</url>
+ </tab>
+ <tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Blocked</text>
+ <url>/snort_blocked.php</url>
+ </tab>
+ <tab>
+ <text>Whitelist</text>
+ <url>/pkg.php?xml=snort_whitelist.xml</url>
+ </tab>
+ <tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort_threshold.xml</url>
+ </tab>
+ <tab>
+ <text>Alerts</text>
+ <url>/snort_alerts.php</url>
+ </tab>
+ <tab>
+ <text>Advanced</text>
+ <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <fielddescr>Define DNS_SERVERS</fielddescr>
+ <fieldname>def_dns_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define DNS_PORTS</fielddescr>
+ <fieldname>def_dns_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SMTP_SERVERS</fielddescr>
+ <fieldname>def_smtp_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SMTP_PORTS</fielddescr>
+ <fieldname>def_smtp_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define Mail_Ports</fielddescr>
+ <fieldname>def_mail_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define HTTP_SERVERS</fielddescr>
+ <fieldname>def_http_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define WWW_SERVERS</fielddescr>
+ <fieldname>def_www_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define HTTP_PORTS</fielddescr>
+ <fieldname>def_http_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SQL_SERVERS</fielddescr>
+ <fieldname>def_sql_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define ORACLE_PORTS</fielddescr>
+ <fieldname>def_oracle_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define MSSQL_PORTS</fielddescr>
+ <fieldname>def_mssql_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define TELNET_SERVERS</fielddescr>
+ <fieldname>def_telnet_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define TELNET_PORTS</fielddescr>
+ <fieldname>def_telnet_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SNMP_SERVERS</fielddescr>
+ <fieldname>def_snmp_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SNMP_PORTS</fielddescr>
+ <fieldname>def_snmp_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define FTP_SERVERS</fielddescr>
+ <fieldname>def_ftp_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define FTP_PORTS</fielddescr>
+ <fieldname>def_ftp_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SSH_SERVERS</fielddescr>
+ <fieldname>def_ssh_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SSH_PORTS</fielddescr>
+ <fieldname>def_ssh_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define POP_SERVERS</fielddescr>
+ <fieldname>def_pop_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define POP2_PORTS</fielddescr>
+ <fieldname>def_pop2_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define POP3_PORTS</fielddescr>
+ <fieldname>def_pop3_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define IMAP_SERVERS</fielddescr>
+ <fieldname>def_imap_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define IMAP_PORTS</fielddescr>
+ <fieldname>def_imap_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SIP_PROXY_IP</fielddescr>
+ <fieldname>def_sip_proxy_ip</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SIP_PROXY_PORTS</fielddescr>
+ <fieldname>def_sip_proxy_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define AUTH_PORTS</fielddescr>
+ <fieldname>def_auth_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define FINGER_PORTS</fielddescr>
+ <fieldname>def_finger_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define IRC_PORTS</fielddescr>
+ <fieldname>def_irc_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define NNTP_PORTS</fielddescr>
+ <fieldname>def_nntp_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define RLOGIN_PORTS</fielddescr>
+ <fieldname>def_rlogin_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define RSH_PORTS</fielddescr>
+ <fieldname>def_rsh_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SSL_PORTS</fielddescr>
+ <fieldname>def_ssl_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ </fields>
+ <custom_php_deinstall_command>
+ snort_define_servers();
+ </custom_php_deinstall_command>
+</packagegui>
diff --git a/config/snort/snort_threshold.xml b/config/snort/snort_threshold.xml
new file mode 100644
index 00000000..f9075d3d
--- /dev/null
+++ b/config/snort/snort_threshold.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2007 to whom it may belong
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>snort-threshold</name>
+ <version>0.1.0</version>
+ <title>Snort: Alert Thresholding and Suppression</title>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
+ <!-- Menu is where this packages menu will appear -->
+ <tabs>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Update Rules</text>
+ <url>/snort_download_rules.php</url>
+ </tab>
+ <tab>
+ <text>Categories</text>
+ <url>/snort_rulesets.php</url>
+ </tab>
+ <tab>
+ <text>Rules</text>
+ <url>/snort_rules.php</url>
+ </tab>
+ <tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Blocked</text>
+ <url>/snort_blocked.php</url>
+ </tab>
+ <tab>
+ <text>Whitelist</text>
+ <url>/pkg.php?xml=snort_whitelist.xml</url>
+ </tab>
+ <tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort_threshold.xml</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Alerts</text>
+ <url>/snort_alerts.php</url>
+ </tab>
+ <tab>
+ <text>Advanced</text>
+ <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
+ </tab>
+ </tabs>
+ <adddeleteeditpagefields>
+ <columnitem>
+ <fielddescr>Thresholding or Suppression Rule</fielddescr>
+ <fieldname>threshrule</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Description</fielddescr>
+ <fieldname>description</fieldname>
+ </columnitem>
+ </adddeleteeditpagefields>
+ <fields>
+ <field>
+ <fielddescr>Thresholding or Suppression Rule</fielddescr>
+ <fieldname>threshrule</fieldname>
+ <description>Enter the Rule. Example; "suppress gen_id 125, sig_id 4" or "threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60"</description>
+ <type>input</type>
+ <size>40</size>
+ </field>
+ <field>
+ <fielddescr>Description</fielddescr>
+ <fieldname>description</fieldname>
+ <description>Enter the description for this item</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ </fields>
+ <custom_php_command_before_form>
+ </custom_php_command_before_form>
+ <custom_delete_php_command>
+ </custom_delete_php_command>
+ <custom_php_resync_config_command>
+ create_snort_conf();
+ </custom_php_resync_config_command>
+</packagegui> \ No newline at end of file