diff options
29 files changed, 2684 insertions, 356 deletions
diff --git a/config/snort-dev/javascript/snort_globalsend.js b/config/snort-dev/javascript/snort_globalsend.js index 04912cb3..de7ba57b 100644 --- a/config/snort-dev/javascript/snort_globalsend.js +++ b/config/snort-dev/javascript/snort_globalsend.js @@ -1,3 +1,39 @@ +/* $Id$ */ +/* + + part of pfSense + All rights reserved. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + jQuery.noConflict(); //prepare the form when the DOM is ready diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml new file mode 100644 index 00000000..d0d30ded --- /dev/null +++ b/config/snort-dev/snort.xml @@ -0,0 +1,257 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + part of pfSense (http://www.pfsense.com) + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>Snort</name> + <version>2.9.0.5</version> + <title>Services:2.9.0.5 pkg v. 2.0</title> + <include_file>/usr/local/pkg/snort/snort_install.inc</include_file> + <menu> + <name>Snort</name> + <tooltiptext>Setup snort specific settings</tooltiptext> + <section>Services</section> + <url>/snort/snort_interfaces.php</url> + </menu> + <service> + <name>snort</name> + <rcfile>snort.sh</rcfile> + <executable>snort</executable> + <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description> + </service> + <tabs> + </tabs> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snortDB</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snortDBrules</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snortDBtemp</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_build.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_head.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_headbase.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_install.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_new.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_help_info.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_get.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_post.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/bin/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/bin/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/bin/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item> + </additional_files_needed> + <fields> + </fields> + <custom_add_php_command> + </custom_add_php_command> + <custom_php_resync_config_command> + sync_snort_package(); + </custom_php_resync_config_command> + <custom_php_install_command> + snort_postinstall(); + </custom_php_install_command> + <custom_php_deinstall_command> + snort_deinstall(); + </custom_php_deinstall_command> +</packagegui> diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index 0b7d7d06..cd21f29b 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,6 +38,7 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index 8dde1cd3..868e9f17 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,6 +38,7 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php index 4f81bc6c..01eb5fe4 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/snort_blocked.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,6 +38,7 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); diff --git a/config/snort-dev/snort_build.inc b/config/snort-dev/snort_build.inc new file mode 100644 index 00000000..7ce92f2a --- /dev/null +++ b/config/snort-dev/snort_build.inc @@ -0,0 +1,1117 @@ +<?php +/* $Id$ */ +/* + + part of pfSense + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +// unset crsf checks +if(isset($_POST['__csrf_magic'])) { + unset($_POST['__csrf_magic']); +} + + +// -------------------------- START snort.conf ------------------------- + +/* func builds custom whitelests */ +function build_base_whitelist($lanip, $wanip, $wangw, $wandns, $vips, $vpns, $userwhtips, $netlist) { + + // bring in settings from /etc/inc + global $config; + + /* build an interface array list */ + if ($lanip === 'on') { + $int_array = array('lan'); + for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) + { + if(isset($config['interfaces']['opt' . $j]['enable'])) + if(isset($config['interfaces']['opt' . $j]['gateway'])) + $int_array[] = "opt{$j}"; + } + + /* iterate through interface list and write out whitelist items + * and also compile a home_net list for snort. + */ + foreach($int_array as $int) + { + /* calculate interface subnet information */ + $ifcfg = $config['interfaces'][$int]; + $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); + $subnetmask = gen_subnet_mask($ifcfg['subnet']); + if($subnet == "pppoe" or $subnet == "dhcp") { + $subnet = find_interface_ip("ng0"); + if($subnet) { + $home_net .= "{$subnet} "; + } + } else { + if ($subnet) + if($ifcfg['subnet']) + $home_net .= "{$subnet}/{$ifcfg['subnet']} "; + } + } + } + + if($wanip === 'on') { + // add all WAN ips to the whitelist + $wan_if = get_real_wan_interface(); + $ip = find_interface_ip($wan_if); + if($ip) { + $home_net .= "{$ip} "; + } + } + + if($wangw === 'on') { + // Add Gateway on WAN interface to whitelist (For RRD graphs) + $gw = get_interface_gateway('wan'); + if($gw) { + $home_net .= "{$gw} "; + } + } + + if($wandns === 'on') { + // Add DNS server for WAN interface to whitelist + $dns_servers = get_dns_servers(); + foreach($dns_servers as $dns) { + if($dns) { + $home_net .= "{$dns} "; + } + } + } + + // TESTING: NEEDED 06202011 + if($vips === 'on') { + // iterate all vips and add to whitelist + if($config['virtualip']) + foreach($config['virtualip']['vip'] as $vip) + if($vip['subnet']) + $home_net .= $vip['subnet'] . " "; + } + + // TESTING: NEEDED 06202011 + // grab a list of vpns and whitelist if user desires added by nestorfish 954 + if($vpns == 'on') { + // chk what pfsense version were on + if ($pfsense_stable == 'yes') { + $vpns_list = get_vpns_list(); + } + + // chk what pfsense version were on + if ($pfsense_stable == 'no') { + $vpns_list = filter_get_vpns_list(); + } + + if ($vpns_list != '') { + $home_net .= "$vpns_list "; + } + } + + // Add homenet, NETLIST + if($userwhtips == 'on') { + + $whitelistArray = snortSql_fetchAllSettings('snortDB', 'SnortWhitelistips', 'filename', $netlist); + + foreach ($whitelistArray as $whiteListIp) + { + $home_net .= $whiteListIp['ip'] . ' '; + } + + } + + // Add loopback to whitelist (ftphelper) + if ($lanip === 'on') { + $home_net .= '127.0.0.1'; + } + + // remove empty spaces + $home_net = trim($home_net); + + // this is for snort.conf + $home_net = str_replace(' ', ',', $home_net); + // by Thrae, helps people with more than one gateway, breaks snort as is + $home_net = str_replace(',,', ',', $home_net); + + if ($lanip !== 'on') { + + $snortHomeNetPieces = explode(',', $home_net); + $home_net = ''; + + $i = 1; + $homeNetPieceCount = count($snortHomeNetPieces); + foreach ($snortHomeNetPieces as $homeNetPiece) + { + if (!empty($homeNetPiece) && $homeNetPieceCount !== $i) { + $home_net .= $homeNetPiece . ','; + }else{ + $home_net .= $homeNetPiece . ''; + } + + $i++; + } + + } + + return $home_net; +} + + + +function create_snort_homenet($snortNet, $getSnortHomeNet) { + + if ($snortNet === 'homenet') { + + $listName = $getSnortHomeNet['homelistname']; + + if ($listName == 'default' || $listName == '') { + return build_base_whitelist('on','on', 'on', 'on', 'on', 'on', 'off', ''); + }else{ + $getSnortWhitelist = snortSql_fetchAllSettings('snortDB', 'SnortWhitelist', 'filename', $listName); + return build_base_whitelist('on', $getSnortWhitelist[0]['wanips'], $getSnortWhitelist[0]['wangateips'], $getSnortWhitelist[0]['wandnsips'], $getSnortWhitelist[0]['vips'], $getSnortWhitelist[0]['vpnips'], 'on', $listName); + } + } + + if ($snortNet === 'externalnet') { + $listName = $getSnortHomeNet['externallistname']; + return build_base_whitelist('off', 'off', 'off', 'off', 'off', 'off', 'on', $listName); + } + +} + +function generate_snort_conf($uuid) +{ + + // Iface main setings + $ifaceSettingsArray = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); + + // custom home nets + // might need to make this same ass homenet + $home_net = '[' . create_snort_homenet('homenet', $ifaceSettingsArray) . ']'; + + if ($ifaceSettingsArray['externallistname'] === 'default'){ + $external_net = '!$HOME_NET'; + }else{ + $external_net = '[' . create_snort_homenet('externalnet', $ifaceSettingsArray) . ']'; + } + + // obtain external interface + // XXX: make multi wan friendly + $snort_ext_int = $ifaceSettingsArray['interface']; + + // user added arguments + $snort_config_pass_thru = str_replace("\r", '', base64_decode($ifaceSettingsArray['configpassthru'])); + + // define basic log filename + $snortunifiedlogbasic_type = "output unified: filename snort_{$ifaceSettingsArray['uuid']}.log, limit 128"; + + // define snortalertlogtype + $snortalertlogtype = $ifaceSettingsArray['snortalertlogtype']; + + if ($snortalertlogtype == 'fast' || $snortalertlogtype == 'full') { + $snortalertlogtype_type = "output alert_{$snortalertlogtype}: alert"; + }else{ + $snortalertlogtype_type = ''; + } + + // define alertsystemlog + $alertsystemlog_info_chk = $ifaceSettingsArray['alertsystemlog']; + if ($alertsystemlog_info_chk == on) { + $alertsystemlog_type = "output alert_syslog: log_alert"; + } + + // define tcpdumplog + $tcpdumplog_info_chk = $ifaceSettingsArray['tcpdumplog']; + if ($tcpdumplog_info_chk == on) { + $tcpdumplog_type = "output log_tcpdump: snort_{$ifaceSettingsArray['uuid']}.tcpdump"; + } + + // define snortunifiedlog + $snortunifiedlog_info_chk = $ifaceSettingsArray['snortunifiedlog']; + if ($snortunifiedlog_info_chk == on) { + $snortunifiedlog_type = "output unified2: filename snort_{$ifaceSettingsArray['uuid']}.u2, limit 128"; + } + + // define snortsam + $snortsam_info_chk = $ifaceSettingsArray['blockoffenders7']; + if ($snortsam_info_chk === 'on') { + $snortsam_type = "output alert_fwsam: 127.0.0.1:898/addpasshere"; + }else{ + $snortsam_type = ''; + } + + /* define threshold file */ + $threshold_info_chk = $ifaceSettingsArray['suppresslistname']; + if ($threshold_info_chk !== 'default') { + + $threshold_info_chk = "include /usr/local/etc/snort/suppress/{$threshold_info_chk}"; + } + + /* define servers and ports snortdefservers */ + /* def DNS_SERVSERS */ + $def_dns_servers_info_chk = $ifaceSettingsArray['def_dns_servers']; + if (empty($def_dns_servers_info_chk)) { + $def_dns_servers_type = '$HOME_NET'; + }else{ + $def_dns_servers_type = "$def_dns_servers_info_chk"; + } + + /* def DNS_PORTS */ + $def_dns_ports_info_chk = $ifaceSettingsArray['def_dns_ports']; + if (empty($def_dns_ports_info_chk)) { + $def_dns_ports_type = '53'; + }else{ + $def_dns_ports_type = "$def_dns_ports_info_chk"; + } + + /* def SMTP_SERVSERS */ + $def_smtp_servers_info_chk = $ifaceSettingsArray['def_smtp_servers']; + if (empty($def_smtp_servers_info_chk)) { + $def_smtp_servers_type = '$HOME_NET'; + }else{ + $def_smtp_servers_type = $def_smtp_servers_info_chk; + } + + /* def SMTP_PORTS */ + $def_smtp_ports_info_chk = $ifaceSettingsArray['def_smtp_ports']; + if (empty($def_smtp_ports_info_chk)) { + $def_smtp_ports_type = '25'; + }else{ + $def_smtp_ports_type = $def_smtp_ports_info_chk; + } + + /* def MAIL_PORTS */ + $def_mail_ports_info_chk = $ifaceSettingsArray['def_mail_ports']; + if (empty($def_mail_ports_info_chk)) { + $def_mail_ports_type = '25,143,465,691'; + }else{ + $def_mail_ports_type = $def_mail_ports_info_chk; + } + + /* def HTTP_SERVSERS */ + $def_http_servers_info_chk = $ifaceSettingsArray['def_http_servers']; + if (empty($def_http_servers_info_chk)) { + $def_http_servers_type = '$HOME_NET'; + }else{ + $def_http_servers_type = $def_http_servers_info_chk; + } + + /* def WWW_SERVSERS */ + $def_www_servers_info_chk = $ifaceSettingsArray['def_www_servers']; + if (empty($def_www_servers_info_chk)) { + $def_www_servers_type = '$HOME_NET'; + }else{ + $def_www_servers_type = $def_www_servers_info_chk; + } + + /* def HTTP_PORTS */ + $def_http_ports_info_chk = $ifaceSettingsArray['def_http_ports']; + if (empty($def_http_ports_info_chk)) { + $def_http_ports_type = '80'; + }else{ + $def_http_ports_type = $def_http_ports_info_chk; + } + + /* def SQL_SERVSERS */ + $def_sql_servers_info_chk = $ifaceSettingsArray['def_sql_servers']; + if (empty($def_sql_servers_info_chk)) { + $def_sql_servers_type = '$HOME_NET'; + }else{ + $def_sql_servers_type = $def_sql_servers_info_chk; + } + + /* def ORACLE_PORTS */ + $def_oracle_ports_info_chk = $ifaceSettingsArray['def_oracle_ports']; + if (empty($def_oracle_ports_info_chk)) { + $def_oracle_ports_type = '1521'; + }else{ + $def_oracle_ports_type = $def_oracle_ports_info_chk; + } + + /* def MSSQL_PORTS */ + $def_mssql_ports_info_chk = $ifaceSettingsArray['def_mssql_ports']; + if (empty($def_mssql_ports_info_chk)) { + $def_mssql_ports_type = '1433'; + }else{ + $def_mssql_ports_type = $def_mssql_ports_info_chk; + } + + /* def TELNET_SERVSERS */ + $def_telnet_servers_info_chk = $ifaceSettingsArray['def_telnet_servers']; + if (empty($def_telnet_servers_info_chk)) { + $def_telnet_servers_type = '$HOME_NET'; + }else{ + $def_telnet_servers_type = $def_telnet_servers_info_chk; + } + + /* def TELNET_PORTS */ + $def_telnet_ports_info_chk = $ifaceSettingsArray['def_telnet_ports']; + if (empty($def_telnet_ports_info_chk)) { + $def_telnet_ports_type = '23'; + }else{ + $def_telnet_ports_type = $def_telnet_ports_info_chk; + } + + /* def SNMP_SERVSERS */ + $def_snmp_servers_info_chk = $ifaceSettingsArray['def_snmp_servers']; + if (empty($def_snmp_servers_info_chk)) { + $def_snmp_servers_type = '$HOME_NET'; + }else{ + $def_snmp_servers_type = $def_snmp_servers_info_chk; + } + + /* def SNMP_PORTS */ + $def_snmp_ports_info_chk = $ifaceSettingsArray['def_snmp_ports']; + if (empty($def_snmp_ports_info_chk)) { + $def_snmp_ports_type = '161'; + }else{ + $def_snmp_ports_type = $def_snmp_ports_info_chk; + } + + /* def FTP_SERVSERS */ + $def_ftp_servers_info_chk = $ifaceSettingsArray['def_ftp_servers']; + if (empty($def_ftp_servers_info_chk)) { + $def_ftp_servers_type = '$HOME_NET'; + }else{ + $def_ftp_servers_type = $def_ftp_servers_info_chk; + } + + /* def FTP_PORTS */ + $def_ftp_ports_info_chk = $ifaceSettingsArray['def_ftp_ports']; + if (empty($def_ftp_ports_info_chk)) { + $def_ftp_ports_type = '21'; + }else{ + $def_ftp_ports_type = $def_ftp_ports_info_chk; + } + + /* def SSH_SERVSERS */ + $def_ssh_servers_info_chk = $ifaceSettingsArray['def_ssh_servers']; + if (empty($def_ssh_servers_info_chk)) { + $def_ssh_servers_type = '$HOME_NET'; + }else{ + $def_ssh_servers_type = $def_ssh_servers_info_chk; + } + + /* if user has defined a custom ssh port, use it */ + if($config['system']['ssh']['port']) { + $ssh_port = $config['system']['ssh']['port']; + }else{ + $ssh_port = '22'; + } + + /* def SSH_PORTS */ + $def_ssh_ports_info_chk = $ifaceSettingsArray['def_ssh_ports']; + if (empty($def_ssh_ports_info_chk)) { + $def_ssh_ports_type = $ssh_port; + }else{ + $def_ssh_ports_type = $def_ssh_ports_info_chk; + } + + /* def POP_SERVSERS */ + $def_pop_servers_info_chk = $ifaceSettingsArray['def_pop_servers']; + if (empty($def_pop_servers_info_chk)) { + $def_pop_servers_type = '$HOME_NET'; + }else{ + $def_pop_servers_type = $def_pop_servers_info_chk; + } + + /* def POP2_PORTS */ + $def_pop2_ports_info_chk = $ifaceSettingsArray['def_pop2_ports']; + if (empty($def_pop2_ports_info_chk)) { + $def_pop2_ports_type = '109'; + }else{ + $def_pop2_ports_type = $def_pop2_ports_info_chk; + } + + /* def POP3_PORTS */ + $def_pop3_ports_info_chk = $ifaceSettingsArray['def_pop3_ports']; + if (empty($def_pop3_ports_info_chk)) { + $def_pop3_ports_type = '110'; + }else{ + $def_pop3_ports_type = $def_pop3_ports_info_chk; + } + + /* def IMAP_SERVSERS */ + $def_imap_servers_info_chk = $ifaceSettingsArray['def_imap_servers']; + if (empty($def_imap_servers_info_chk)) { + $def_imap_servers_type = '$HOME_NET'; + }else{ + $def_imap_servers_type = $def_imap_servers_info_chk; + } + + /* def IMAP_PORTS */ + $def_imap_ports_info_chk = $ifaceSettingsArray['def_imap_ports']; + if (empty($def_imap_ports_info_chk)) { + $def_imap_ports_type = '143'; + }else{ + $def_imap_ports_type = $def_imap_ports_info_chk; + } + /* def SIP_PROXY_IP */ + $def_sip_proxy_ip_info_chk = $ifaceSettingsArray['def_sip_proxy_ip']; + if (empty($def_sip_proxy_ip_info_chk)) { + $def_sip_proxy_ip_type = '$HOME_NET'; + }else{ + $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk"; + } + + /* def SIP_PROXY_PORTS */ + $def_sip_proxy_ports_info_chk = $ifaceSettingsArray['def_sip_proxy_ports']; + if (empty($def_sip_proxy_ports_info_chk)) { + $def_sip_proxy_ports_type = '5060:5090,16384:32768'; + }else{ + $def_sip_proxy_ports_type = $def_sip_proxy_ports_info_chk; + } + + /* def AUTH_PORTS */ + $def_auth_ports_info_chk = $ifaceSettingsArray['def_auth_ports']; + if (empty($def_auth_ports_info_chk)) { + $def_auth_ports_type = '113'; + }else{ + $def_auth_ports_type = $def_auth_ports_info_chk; + } + + /* def FINGER_PORTS */ + $def_finger_ports_info_chk = $ifaceSettingsArray['def_finger_ports']; + if (empty($def_finger_ports_info_chk)) { + $def_finger_ports_type = "79"; + }else{ + $def_finger_ports_type = $def_finger_ports_info_chk; + } + + /* def IRC_PORTS */ + $def_irc_ports_info_chk = $ifaceSettingsArray['def_irc_ports']; + if (empty($def_irc_ports_info_chk)) { + $def_irc_ports_type = '6665,6666,6667,6668,6669,7000'; + }else{ + $def_irc_ports_type = $def_irc_ports_info_chk; + } + + /* def NNTP_PORTS */ + $def_nntp_ports_info_chk = $ifaceSettingsArray['def_nntp_ports']; + if (empty($def_nntp_ports_info_chk)) { + $def_nntp_ports_type = '119'; + }else{ + $def_nntp_ports_type = $def_nntp_ports_info_chk; + } + + /* def RLOGIN_PORTS */ + $def_rlogin_ports_info_chk = $ifaceSettingsArray['def_rlogin_ports']; + if (empty($def_rlogin_ports_info_chk)) { + $def_rlogin_ports_type = '513'; + }else{ + $def_rlogin_ports_type = $def_rlogin_ports_info_chk; + } + + /* def RSH_PORTS */ + $def_rsh_ports_info_chk = $ifaceSettingsArray['def_rsh_ports']; + if (empty($def_rsh_ports_info_chk)) { + $def_rsh_ports_type = '514'; + }else{ + $def_rsh_ports_type = $def_rsh_ports_info_chk; + } + + /* def SSL_PORTS */ + $def_ssl_ports_info_chk = $ifaceSettingsArray['def_ssl_ports']; + if (empty($def_ssl_ports_info_chk)) { + $def_ssl_ports_type = '443,465,563,636,989,990,992,993,994,995'; + }else{ + $def_ssl_ports_type = $def_ssl_ports_info_chk; + } + + /* should we install a automatic update crontab entry? + $automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7']; + + // if user is on pppoe, we really want to use ng0 interface + if(isset($config['interfaces'][$snort_ext_int]['ipaddr']) && ($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe")) + $snort_ext_int = "ng0"; + + // set the snort performance model */ + if($ifaceSettingsArray['performance']) { + $snort_performance = $ifaceSettingsArray['performance']; + }else{ + $snort_performance = "ac-bnfa"; + } + + // list rules in db that are on in a array + $listEnabled_rulesets = array(); + $listEnabled_rulesets = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'rdbuuid', $ifaceSettingsArray['ruledbname']); + + if(!empty($listEnabled_rulesets)) { + foreach($listEnabled_rulesets as $enabled_item) + { + $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item['rulesetname']}\n"; + } + } + + + ///////////////////////////// + + /* preprocessor code */ + + /* def perform_stat */ + + + $def_perform_stat_info_chk = $ifaceSettingsArray['perform_stat']; + if ($def_perform_stat_info_chk === 'on') { + $def_perform_stat_type = "preprocessor perfmonitor: time 300 file /var/log/snort/sn_{$ifaceSettingsArray['uuid']}.stats pktcnt 10000"; + }else{ + $def_perform_stat_type = ''; + } + + $def_flow_depth_info_chk = $ifaceSettingsArray['flow_depth']; + if (empty($def_flow_depth_info_chk)) { + $def_flow_depth_type = '0'; + }else{ + $def_flow_depth_type = $ifaceSettingsArray['flow_depth']; + } + + /* def http_inspect */ + $snort_http_inspect = <<<EOD +################# + # +# HTTP Inspect # + # +################# + +preprocessor http_inspect: global iis_unicode_map unicode.map 1252 + +preprocessor http_inspect_server: server default \ + ports { 80 8080 } \ + non_strict \ + non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ + flow_depth {$def_flow_depth_type} \ + apache_whitespace no \ + directory no \ + iis_backslash no \ + u_encode yes \ + ascii no \ + chunk_length 500000 \ + bare_byte yes \ + double_decode yes \ + iis_unicode no \ + iis_delimiter no \ + multi_slash no + +EOD; + + $def_http_inspect_info_chk = $ifaceSettingsArray['http_inspect']; + if ($def_http_inspect_info_chk === 'on') { + $def_http_inspect_type = $snort_http_inspect; + }else{ + $def_http_inspect_type = ''; + } + + + /* def other_preprocs */ + $snort_other_preprocs = <<<EOD +################## + # +# Other preprocs # + # +################## + +preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 +preprocessor bo + +EOD; + + $def_other_preprocs_info_chk = $ifaceSettingsArray['other_preprocs']; + if ($def_other_preprocs_info_chk === 'on') { + $def_other_preprocs_type = $snort_other_preprocs; + }else{ + $def_other_preprocs_type = ''; + } + + /* def ftp_preprocessor */ + $snort_ftp_preprocessor = <<<EOD +##################### + # +# ftp preprocessor # + # +##################### + +preprocessor ftp_telnet: global \ +inspection_type stateless + +preprocessor ftp_telnet_protocol: telnet \ + normalize \ + ayt_attack_thresh 200 + +preprocessor ftp_telnet_protocol: \ + ftp server default \ + def_max_param_len 100 \ + ports { 21 } \ + ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \ + ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \ + ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \ + ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \ + ftp_cmds { FEAT CEL CMD MACB } \ + ftp_cmds { MDTM REST SIZE MLST MLSD } \ + ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ + alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \ + alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \ + alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \ + alt_max_param_len 256 { RNTO CWD } \ + alt_max_param_len 400 { PORT } \ + alt_max_param_len 512 { SIZE } \ + chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \ + chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \ + chk_str_fmt { LIST NLST SITE SYST STAT HELP } \ + chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \ + chk_str_fmt { FEAT CEL CMD } \ + chk_str_fmt { MDTM REST SIZE MLST MLSD } \ + chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ + cmd_validity MODE < char ASBCZ > \ + cmd_validity STRU < char FRP > \ + cmd_validity ALLO < int [ char R int ] > \ + cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \ + cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ + cmd_validity PORT < host_port > + +preprocessor ftp_telnet_protocol: ftp client default \ + max_resp_len 256 \ + bounce yes \ + telnet_cmds yes + +EOD; + + $def_ftp_preprocessor_info_chk = $ifaceSettingsArray['ftp_preprocessor']; + if ($def_ftp_preprocessor_info_chk === 'on') { + $def_ftp_preprocessor_type = $snort_ftp_preprocessor; + }else{ + $def_ftp_preprocessor_type = ""; + } + + /* def smtp_preprocessor */ + $snort_smtp_preprocessor = <<<EOD +##################### + # +# SMTP preprocessor # + # +##################### + +preprocessor SMTP: \ + ports { 25 465 691 } \ + inspection_type stateful \ + normalize cmds \ + valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \ +CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ + normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \ +PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ + max_header_line_len 1000 \ + max_response_line_len 512 \ + alt_max_command_line_len 260 { MAIL } \ + alt_max_command_line_len 300 { RCPT } \ + alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ + alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ + alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \ + alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \ + alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ + xlink2state { enable } + +EOD; + + $def_smtp_preprocessor_info_chk = $ifaceSettingsArray['smtp_preprocessor']; + if ($def_smtp_preprocessor_info_chk === 'on') { + $def_smtp_preprocessor_type = $snort_smtp_preprocessor; + }else{ + $def_smtp_preprocessor_type = ''; + } + + /* def sf_portscan */ + $snort_sf_portscan = <<<EOD +################ + # +# sf Portscan # + # +################ + +preprocessor sfportscan: scan_type { all } \ + proto { all } \ + memcap { 10000000 } \ + sense_level { medium } \ + ignore_scanners { \$HOME_NET } + +EOD; + + $def_sf_portscan_info_chk = $ifaceSettingsArray['sf_portscan']; + if ($def_sf_portscan_info_chk === 'on') { + $def_sf_portscan_type = $snort_sf_portscan; + }else{ + $def_sf_portscan_type = ''; + } + + /* def dce_rpc_2 */ + $snort_dce_rpc_2 = <<<EOD +############### + # +# NEW # +# DCE/RPC 2 # + # +############### + +preprocessor dcerpc2: memcap 102400, events [smb, co, cl] +preprocessor dcerpc2_server: default, policy WinXP, \ + detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ + autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ + smb_max_chain 3 + +EOD; + + $def_dce_rpc_2_info_chk = $ifaceSettingsArray['dce_rpc_2']; + if ($def_dce_rpc_2_info_chk === 'on') { + $def_dce_rpc_2_type = $snort_dce_rpc_2; + }else{ + $def_dce_rpc_2_type = ''; + } + + /* def dns_preprocessor */ + $snort_dns_preprocessor = <<<EOD +#################### + # +# DNS preprocessor # + # +#################### + +preprocessor dns: \ + ports { 53 } \ + enable_rdata_overflow + +EOD; + + $def_dns_preprocessor_info_chk = $ifaceSettingsArray['dns_preprocessor']; + if ($def_dns_preprocessor_info_chk === 'on') { + $def_dns_preprocessor_type = $snort_dns_preprocessor; + }else{ + $def_dns_preprocessor_type = ''; + } + + /* def SSL_PORTS IGNORE */ + $def_ssl_ports_ignore_info_chk = $ifaceSettingsArray['def_ssl_ports_ignore']; + if (empty($def_ssl_ports_ignore_info_chk)) { + $def_ssl_ports_ignore_type = 'preprocessor ssl: ports { 443 465 563 636 989 990 992 993 994 995 }, trustservers, noinspect_encrypted'; + }else{ + $def_ssl_ports_ignore_type = "preprocessor ssl: ports { {$def_ssl_ports_ignore_info_chk} }, trustservers, noinspect_encrypted"; + } + + /* stream5 queued settings */ + + + $def_max_queued_bytes_info_chk = $ifaceSettingsArray['max_queued_bytes']; + if (empty($def_max_queued_bytes_info_chk)) { + $def_max_queued_bytes_type = ''; + }else{ + $def_max_queued_bytes_type = ' max_queued_bytes ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'] . ','; + } + + $def_max_queued_segs_info_chk = $ifaceSettingsArray['max_queued_segs']; + if (empty($def_max_queued_segs_info_chk)) { + $def_max_queued_segs_type = ''; + }else{ + $def_max_queued_segs_type = ' max_queued_segs ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'] . ','; + } + + + /* build snort configuration file */ + /* TODO; feed back from pfsense users to reduce false positives */ + $snort_conf_text = <<<EOD + +# snort configuration file +# generated by the pfSense +# package manager system +# see /usr/local/pkg/snort.inc +# for more information +# snort.conf +# Snort can be found at http://www.snort.org/ +# +# Copyright (C) 2009-2010 Robert Zelaya +# part of pfSense +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +######################### + # +# Define Local Network # + # +######################### + +var HOME_NET {$home_net} +var EXTERNAL_NET {$external_net} + +################### + # +# Define Servers # + # +################### + +var DNS_SERVERS [{$def_dns_servers_type}] +var SMTP_SERVERS [{$def_smtp_servers_type}] +var HTTP_SERVERS [{$def_http_servers_type}] +var SQL_SERVERS [{$def_sql_servers_type}] +var TELNET_SERVERS [{$def_telnet_servers_type}] +var SNMP_SERVERS [{$def_snmp_servers_type}] +var FTP_SERVERS [{$def_ftp_servers_type}] +var SSH_SERVERS [{$def_ssh_servers_type}] +var POP_SERVERS [{$def_pop_servers_type}] +var IMAP_SERVERS [{$def_imap_servers_type}] +var RPC_SERVERS \$HOME_NET +var WWW_SERVERS [{$def_www_servers_type}] +var SIP_PROXY_IP [{$def_sip_proxy_ip_type}] +var AIM_SERVERS \ +[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] + +######################## + # +# Define Server Ports # + # +######################## + +portvar HTTP_PORTS [{$def_http_ports_type}] +portvar SHELLCODE_PORTS !80 +portvar ORACLE_PORTS [{$def_oracle_ports_type}] +portvar AUTH_PORTS [{$def_auth_ports_type}] +portvar DNS_PORTS [{$def_dns_ports_type}] +portvar FINGER_PORTS [{$def_finger_ports_type}] +portvar FTP_PORTS [{$def_ftp_ports_type}] +portvar IMAP_PORTS [{$def_imap_ports_type}] +portvar IRC_PORTS [{$def_irc_ports_type}] +portvar MSSQL_PORTS [{$def_mssql_ports_type}] +portvar NNTP_PORTS [{$def_nntp_ports_type}] +portvar POP2_PORTS [{$def_pop2_ports_type}] +portvar POP3_PORTS [{$def_pop3_ports_type}] +portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779] +portvar RLOGIN_PORTS [{$def_rlogin_ports_type}] +portvar RSH_PORTS [{$def_rsh_ports_type}] +portvar SMB_PORTS [139,445] +portvar SMTP_PORTS [{$def_smtp_ports_type}] +portvar SNMP_PORTS [{$def_snmp_ports_type}] +portvar SSH_PORTS [{$def_ssh_ports_type}] +portvar TELNET_PORTS [{$def_telnet_ports_type}] +portvar MAIL_PORTS [{$def_mail_ports_type}] +portvar SSL_PORTS [{$def_ssl_ports_type}] +portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}] + +# DCERPC NCACN-IP-TCP +portvar DCERPC_NCACN_IP_TCP [139,445] +portvar DCERPC_NCADG_IP_UDP [138,1024:] +portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:] +portvar DCERPC_NCACN_UDP_LONG [135,1024:] +portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:] +portvar DCERPC_NCACN_TCP [2103,2105,2107] +portvar DCERPC_BRIGHTSTORE [6503,6504] + +##################### + # +# Define Rule Paths # + # +##################### + +var RULE_PATH /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/rules +# var PREPROC_RULE_PATH ./preproc_rules + +################################ + # +# Configure the snort decoder # + # +################################ + +config checksum_mode: all +config disable_decode_alerts +config disable_tcpopt_experimental_alerts +config disable_tcpopt_obsolete_alerts +config disable_ttcp_alerts +config disable_tcpopt_alerts +config disable_ipopt_alerts +config disable_decode_drops + +################################### + # +# Configure the detection engine # +# Use lower memory models # + # +################################### + +config detection: search-method {$snort_performance} max_queue_events 5 +config event_queue: max_queue 8 log 3 order_events content_length + +#Configure dynamic loaded libraries +dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/ +dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so +dynamicdetection directory /usr/local/lib/snort/dynamicrules/ + +################### + # +# Flow and stream # + # +################### + +preprocessor frag3_global: max_frags 8192 +preprocessor frag3_engine: policy bsd detect_anomalies + +preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ +track_udp yes, track_icmp yes +preprocessor stream5_tcp: policy BSD, ports both all,{$def_max_queued_bytes_type}{$def_max_queued_segs_type} use_static_footprint_sizes +preprocessor stream5_udp: +preprocessor stream5_icmp: + +########################## + # +# NEW # +# Performance Statistics # + # +########################## + +{$def_perform_stat_type} + +{$def_http_inspect_type} + +{$def_other_preprocs_type} + +{$def_ftp_preprocessor_type} + +{$def_smtp_preprocessor_type} + +{$def_sf_portscan_type} + +############################ + # +# OLD # +# preprocessor dcerpc: \ # +# autodetect \ # +# max_frag_size 3000 \ # +# memcap 100000 # + # +############################ + +{$def_dce_rpc_2_type} + +{$def_dns_preprocessor_type} + +############################## + # +# NEW # +# Ignore SSL and Encryption # + # +############################## + +{$def_ssl_ports_ignore_type} + +##################### + # +# Snort Output Logs # + # +##################### + +$snortunifiedlogbasic_type +$snortalertlogtype_type +$alertsystemlog_type +$tcpdumplog_type +$snortmysqllog_info_chk +$snortunifiedlog_type +$snortsam_type + +################# + # +# Misc Includes # + # +################# + +include /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/reference.config +include /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/classification.config +$threshold_file_name + +# Snort user pass through configuration +{$snort_config_pass_thru} + +################### + # +# Rules Selection # + # +################### + +{$selected_rules_sections} + +EOD; + + return $snort_conf_text; +} + + +function create_snort_conf($uuid) +{ + // write out snort.conf + + if (!file_exists("/usr/local/etc/snort/sn_{$uuid}/snort.conf")) { + exec("/usr/bin/touch /usr/local/etc/snort/sn_{$uuid}/snort.conf"); + } + + $snort_conf_text = generate_snort_conf($uuid); + + conf_mount_rw(); + $conf = fopen("/usr/local/etc/snort/sn_{$uuid}/snort.conf", "w"); + if(!$conf) { + log_error("Could not open /usr/local/etc/snort/sn_{$uuid}/snort.conf for writing."); + exit; + } + + fwrite($conf, $snort_conf_text); + fclose($conf); + conf_mount_ro(); + +} + +// -------------------------- END snort.conf ------------------------- + + + +?> diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php index abb9bcdd..78e033f6 100644 --- a/config/snort-dev/snort_define_servers.php +++ b/config/snort-dev/snort_define_servers.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,6 +38,7 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); diff --git a/config/snort-dev/snort_download_rules.inc b/config/snort-dev/snort_download_rules.inc index 5b6937fb..0d3330b7 100644 --- a/config/snort-dev/snort_download_rules.inc +++ b/config/snort-dev/snort_download_rules.inc @@ -1,11 +1,16 @@ #!/usr/local/bin/php <?php +/* $Id$ */ /* - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + + part of pfSense All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. Pfsense snort GUI - Copyright (C) 2008-2011 Robert Zelaya. + Copyright (C) 2008-2012 Robert Zelaya. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -17,6 +22,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -27,8 +36,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - + +*/ /* * WARNING: THIS FILE SHOULD NEVER BE IN WWWW DIR @@ -887,29 +896,29 @@ function sendUpdateSnortLogDownload($console) foreach ($ifaceConfMaps_array as $preIfaceConfMaps_array) { // create iface dir if missing - if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}")) { - exec("/bin/mkdir -p /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}"); + if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}")) { + exec("/bin/mkdir -p /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); } // create rules dir soft link if setting is default if ($preIfaceConfMaps_array['ruledbname'] === 'default' || $preIfaceConfMaps_array['ruledbname'] === '') { - if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { - exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/default/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}/rules"); + if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { + exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/default/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules"); } } // create rules dir soft link if setting is not default if ($preIfaceConfMaps_array['ruledbname'] !== 'default' || $preIfaceConfMaps_array['ruledbname'] != '') { - if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}/rules") && file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules")) { - exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}/rules"); + if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules")) { + exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules"); } } - exec("/bin/cp {$snortdir}/etc/*.config /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}"); - exec("/bin/cp {$snortdir}/etc/*.conf /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}"); - exec("/bin/cp {$snortdir}/etc/*.map /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}"); - exec("/bin/cp {$snortdir}/etc/generators /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}"); - exec("/bin/cp {$snortdir}/etc/sid /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}_{$preIfaceConfMaps_array['interface']}"); + exec("/bin/cp {$snortdir}/etc/*.config /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); + exec("/bin/cp {$snortdir}/etc/*.conf /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); + exec("/bin/cp {$snortdir}/etc/*.map /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); + exec("/bin/cp {$snortdir}/etc/generators /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); + exec("/bin/cp {$snortdir}/etc/sid /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); reapplyRuleSettings_run($preSid_Array['uuid']); update_output_window2('ms2', 'Done...'); @@ -937,7 +946,7 @@ function sendUpdateSnortLogDownload($console) exec("/bin/chmod -R 755 /usr/local/lib/snort"); - // if snort is running hardrestart, if snort is not running do nothing + // if snort is running hard restart, if snort is not running do nothing // TODO: Restart Ifaces diff --git a/config/snort-dev/snort_download_updates.php b/config/snort-dev/snort_download_updates.php index 6e1a0b0d..a5c3b030 100644 --- a/config/snort-dev/snort_download_updates.php +++ b/config/snort-dev/snort_download_updates.php @@ -1,14 +1,18 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. Pfsense snort GUI - Copyright (C) 2008-2011 Robert Zelaya. + Copyright (C) 2008-2012 Robert Zelaya. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -20,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -30,6 +38,7 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); diff --git a/config/snort-dev/snort_gui.inc b/config/snort-dev/snort_gui.inc index 88debbc6..d0a778ae 100644 --- a/config/snort-dev/snort_gui.inc +++ b/config/snort-dev/snort_gui.inc @@ -1,12 +1,19 @@ <?php /* $Id$ */ /* - snort.inc - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2006 Robert Zelaya + part of pfSense All rights reserved. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -17,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -27,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ //include_once("/usr/local/pkg/snort/snort.inc"); diff --git a/config/snort-dev/snort_head.inc b/config/snort-dev/snort_head.inc index 6addeaaa..2d5aadaa 100644 --- a/config/snort-dev/snort_head.inc +++ b/config/snort-dev/snort_head.inc @@ -1,4 +1,46 @@ <?php +/* $Id$ */ +/* + + part of pfSense + All rights reserved. + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + /* pfSense_MODULE: header */ diff --git a/config/snort-dev/snort_headbase.inc b/config/snort-dev/snort_headbase.inc index d21fedc7..765ae8ed 100644 --- a/config/snort-dev/snort_headbase.inc +++ b/config/snort-dev/snort_headbase.inc @@ -1,4 +1,46 @@ +<?php +/* $Id$ */ +/* + part of pfSense + All rights reserved. + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ +?> <!-- START of Snort Package css and javascript --> diff --git a/config/snort-dev/snort_help_info.php b/config/snort-dev/snort_help_info.php index cd757d3e..d12cfd11 100644 --- a/config/snort-dev/snort_help_info.php +++ b/config/snort-dev/snort_help_info.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,6 +38,7 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); diff --git a/config/snort-dev/snort_install.inc b/config/snort-dev/snort_install.inc new file mode 100644 index 00000000..30f2884e --- /dev/null +++ b/config/snort-dev/snort_install.inc @@ -0,0 +1,412 @@ +<?php +/* $Id$ */ +/* + + part of pfSense + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +// unset crsf checks +if(isset($_POST['__csrf_magic'])) { + unset($_POST['__csrf_magic']); +} + +require_once("pfsense-utils.inc"); +require_once("config.inc"); +require_once("functions.inc"); + +/* Allow additional execution time 0 = no limit. */ +ini_set('max_execution_time', '9999'); +ini_set('max_input_time', '9999'); + +function snort_postinstall() +{ + global $config; + conf_mount_rw(); + + /* find out if were in 1.2.3-RELEASE */ + $pfsense_ver_chk = exec('/bin/cat /etc/version'); + if ($pfsense_ver_chk == '1.2.3-RELEASE') { + $pfsense_stable = 'yes'; + }else{ + $pfsense_stable = 'no'; + } + + /* find out what arch where in x86 , x64 */ + $snort_arch_ck = ''; + exec('/usr/bin/uname -m', $snort_arch_ck); + if($snort_arch_ck[0] == 'i386') { + $snort_arch = 'x86'; + }else{ + $snort_arch = 'x64'; + } + + /* snort -> advanced features */ + //$bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize']; + //$bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize']; + //$bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns']; + + // create a few directories and ensure the sample files are in place + if(!file_exists('/usr/local/etc/snort')) { + exec('/bin/mkdir -p /usr/local/etc/snort'); + } + + if(!file_exists('/usr/local/etc/snort/whitelist')) { + exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); + } + + if(!file_exists('/var/log/snort/run')) { + exec('/bin/mkdir -p /var/log/snort/run'); + } + + if(!file_exists('/var/log/snort/barnyard2')) { + exec('/bin/mkdir -p /var/log/snort/barnyard2/'); + } + + if(!file_exists('/usr/local/lib/snort/dynamicrules/')) { + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); + } + + // for snort2c, remove when snortsam is working + if(!file_exists('/var/db/whitelist')) { + touch('/var/db/whitelist'); + } + + if (!file_exists('/usr/local/etc/snort/etc')) { + exec('/bin/mkdir -p /usr/local/etc/snort/etc'); + } + + if (!file_exists('/usr/local/etc/snort/signatures')) { + exec('/bin/mkdir -p /usr/local/etc/snort/signatures'); + } + + if (!file_exists('/usr/local/etc/snort/snort_download')) { + exec('/bin/mkdir -p /usr/local/etc/snort/snort_download'); + } + + if (!file_exists('/usr/local/etc/snort/snortDBrules/DB')) { + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB'); + } + + if (!file_exists('/usr/local/etc/snort/snortDBrules/custom_rules')) { + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules'); + } + + if (!file_exists('/usr/local/etc/snort/snortDBrules/emerging_rules')) { + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules'); + } + + if (!file_exists('/usr/local/etc/snort/snortDBrules/pfsense_rules')) { + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules'); + } + + if (!file_exists('/usr/local/etc/snort/snortDBrules/snort_rules')) { + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules'); + } + + if (!file_exists('/var/snort/')) { + exec('/bin/mkdir -p /var/snort/'); + } + + // cleanup default files + if(file_exists('/usr/local/etc/snort/snort.conf-sample')) { + exec('/bin/rm /usr/local/etc/snort/classification.config-sample'); + exec('/bin/mv /usr/local/etc/snort/classification.config /usr/local/etc/snort/etc/classification.config'); + exec('/bin/rm /usr/local/etc/snort/gen-msg.map-sample'); + exec('/bin/mv /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/etc/gen-msg.map'); + exec('/bin/rm /usr/local/etc/snort/reference.config-sample'); + exec('/bin/mv /usr/local/etc/snort/reference.config /usr/local/etc/snort/etc/reference.config'); + exec('/bin/rm /usr/local/etc/snort/sid-msg.map-sample'); + exec('/bin/mv /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/etc/sid-msg.map'); + exec('/bin/rm /usr/local/etc/snort/snort.conf-sample'); + exec('/bin/mv /usr/local/etc/snort/snort.conf /usr/local/etc/snort/etc/snort.conf'); + exec('/bin/rm /usr/local/etc/snort/threshold.conf-sample'); + exec('/bin/mv /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/etc/threshold.conf'); + exec('/bin/rm /usr/local/etc/snort/unicode.map-sample'); + exec('/bin/mv /usr/local/etc/snort/unicode.map /usr/local/etc/snort/etc/unicode.map'); + exec('/bin/rm /usr/local/etc/snort/generators-sample'); + exec('/bin/mv /usr/local/etc/snort/generators /usr/local/etc/snort/etc/generators'); + exec('/bin/rm /usr/local/etc/snort/sid'); + exec('/bin/rm /usr/local/etc/rc.d/snort'); + exec('/bin/rm /usr/local/etc/rc.d/bardyard2'); + } + + // remove example files + if(file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) { + exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*'); + } + + if(file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) { + exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); + } + + + // add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0 + exec('/usr/sbin/pw groupadd snort -g 920'); + exec('/usr/sbin/pw useradd snort -u 920 -c "Snort User" -d /nonexistent -g snort -s /sbin/nologin'); + + // if users have old log files delete them */ + if(!file_exists('/var/log/snort/alert')) { + touch('/var/log/snort/alert'); + }else{ + exec('/bin/rm -rf /var/log/snort/*'); + touch('/var/log/snort/alert'); + } + + // rm barnyard2 important */ + if(!file_exists('/usr/local/bin/barnyard2')) { + exec('/bin/rm /usr/local/bin/barnyard2'); + } + + /* important */ + exec('/usr/sbin/chown -R snort:snort /var/log/snort'); + exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort'); + exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort'); + exec('/usr/sbin/chown -R snort:snort /var/snort'); + exec('/usr/sbin/chown snort:snort /tmp/snort*'); + exec('/usr/sbin/chown snort:snort /var/db/whitelist'); + exec('/bin/chmod 660 /var/log/snort/alert'); + exec('/bin/chmod 660 /var/db/whitelist'); + exec('/bin/chmod -R 660 /usr/local/etc/snort/*'); + exec('/bin/chmod -R 660 /tmp/snort*'); + exec('/bin/chmod -R 660 /var/run/snort*'); + exec('/bin/chmod -R 660 /var/snort/run/*'); + exec('/bin/chmod 770 /usr/local/lib/snort'); + exec('/bin/chmod 770 /usr/local/etc/snort'); + exec('/bin/chmod 770 /usr/local/etc/whitelist'); + exec('/bin/chmod 770 /var/log/snort'); + exec('/bin/chmod 770 /var/log/snort/run'); + exec('/bin/chmod 770 /var/log/snort/barnyard2'); + + /* move files around, make it look clean */ + exec('/bin/mkdir -p /usr/local/www/snort/css'); + exec('/bin/mkdir -p /usr/local/www/snort/images'); + exec('/bin/mkdir -p /usr/local/www/snort/javascript'); + + chdir ("/usr/local/www/snort/css/"); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style_snort2.css'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/new_tab_menu.css'); + chdir ("/usr/local/www/snort/images/"); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/alert.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/arrow_down.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/awesome-overlay-sprite.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/controls.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/footer.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/footer2.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-asc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-desc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon_excli.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/loading.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo22.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/page_white_text.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/transparent.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up2.gif'); + chdir ("/usr/local/www/snort/javascript/"); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/jquery-1.6.1.min.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/jquery.form.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/snort_globalsend.js'); + + /* back to default */ + chdir ('/root/'); + + // make sure snort-old is deinstalled + // remove when snort-old is removed + unset($config['installedpackages']['snort']); + unset($config['installedpackages']['snortdefservers']); + unset($config['installedpackages']['snortwhitelist']); + unset($config['installedpackages']['snortthreshold']); + unset($config['installedpackages']['snortadvanced']); + write_config(); + conf_mount_rw(); + + // remake saved settings + // TODO: make sre this works in final release + /* + if($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { + update_status(gettext("Saved settings detected...")); + update_output_window(gettext("Please wait... rebuilding files...")); + sync_snort_package_empty(); + update_output_window(gettext("Finnished Rebuilding files...")); + } + */ + + conf_mount_ro(); + +} + +function snort_deinstall() +{ + + global $config, $g; + conf_mount_rw(); + + // remove custom sysctl // + remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); + + // decrease bpf buffers back to 4096, from 20480 + exec('/sbin/sysctl net.bpf.bufsize=4096'); + + exec('/usr/usr/bin/killall snort'); + sleep(2); + exec('/usr/usr/bin/killall -9 snort'); + sleep(2); + exec('/usr/usr/bin/killall barnyard2'); + sleep(2); + exec('/usr/usr/bin/killall -9 barnyard2'); + sleep(2); + + exec('/usr/sbin/pw userdel snort'); + exec('/usr/sbin/pw groupdel snort'); + exec('rm -rf /usr/local/etc/snort*'); + exec('rm -rf /usr/local/pkg/snort*'); + exec('rm -rf /usr/local/pkg/pf/snort*'); + + exec("cd /var/db/pkg && pkg_delete `ls | grep snort`"); + exec("cd /var/db/pkg && pkg_delete `ls | grep perl-threaded`"); + exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client-5.1.50_1`"); + exec('rm -r /usr/local/bin/barnyard2'); + + // TODO: figure out how to detect pfsense packages that use the same freebsd pkckages and not deinstall + //exec("cd /var/db/pkg && pkg_delete `ls | grep perl`"); + //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`"); + //exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); // Never remove pcre or pfsense will break + + // Remove snort cron entries Ugly code needs smoothness + // TODO: redo code because its a mess + function snort_rm_blocked_deinstall_cron($should_install) + { + global $config, $g; + conf_mount_rw(); + + $is_installed = false; + + if(!$config['cron']['item']) + return; + + $x=0; + foreach($config['cron']['item'] as $item) + { + if (strstr($item['command'], "snort2c")) + { + $is_installed = true; + break; + } + + $x++; + + } + if($is_installed == true) + { + if($x > 0) + { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + + configure_cron(); + + } + conf_mount_ro(); + + } + + function snort_rules_up_deinstall_cron($should_install) + { + global $config, $g; + conf_mount_rw(); + + $is_installed = false; + + if(!$config['cron']['item']) + return; + + $x=0; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], "snort_check_for_rule_updates.php")) { + $is_installed = true; + break; + } + $x++; + } + if($is_installed == true) { + if($x > 0) { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + configure_cron(); + } + } + + snort_rm_blocked_deinstall_cron(""); + snort_rules_up_deinstall_cron(""); + + + /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ + /* Keep this as a last step */ + if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') { + unset($config['installedpackages']['snortglobal']); + } + write_config(); + conf_mount_rw(); + + exec('rm -rf /usr/local/www/snort'); + exec('rm -rf /usr/local/lib/snort/'); + exec('rm -rf /var/log/snort/'); + exec('rm -rf /usr/local/pkg/snort'); + exec('rm -rf /var/snort'); + + conf_mount_ro(); + +} + +// make sure this func on writes to files and does not start snort */ +function sync_snort_package() +{ + global $config, $g; + conf_mount_rw(); + + + + conf_mount_ro(); +} + +?> diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index 59ff381d..55161575 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -1,14 +1,18 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. Pfsense snort GUI - Copyright (C) 2008-2011 Robert Zelaya. + Copyright (C) 2008-2012 Robert Zelaya. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -20,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -30,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 169b0dba..4ac128cf 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,6 +38,7 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); @@ -290,7 +301,7 @@ jQuery(document).ready(function() { if ($a_list['ruledbname'] == 'default') { $selected = 'selected'; } - echo "\n" . '<option value="default" ' . $selected . ' >default</option>' . "\r"; + echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r"; foreach ($a_rules as $value) { $selected = ''; @@ -298,7 +309,7 @@ jQuery(document).ready(function() { $selected = 'selected'; } - echo "\n" . '<option value="' . $value['uuid'] . '" ' . $selected . ' >' . $value['ruledbname'] . '</option>' . "\r"; + echo "\n" . '<option value="' . $value['uuid'] . '" ' . $selected . ' >' . strtoupper($value['ruledbname']) . '</option>' . "\r"; } ?> @@ -322,7 +333,7 @@ jQuery(document).ready(function() { /* find homelist names and filter by type */ $selected = ''; if ($a_list['homelistname'] == 'default'){$selected = 'selected';} - echo "\n" . '<option value="default" ' . $selected . ' >default</option>' . "\r"; + echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r"; foreach ($a_whitelist as $value) { $selected = ''; @@ -330,7 +341,7 @@ jQuery(document).ready(function() { if ($value['snortlisttype'] == 'netlist') // filter { - echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . $value['filename'] . '</option>' . "\r"; + echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r"; } } @@ -352,7 +363,7 @@ jQuery(document).ready(function() { /* find externallist names and filter by type */ $selected = ''; if ($a_list['externallistname'] == 'default'){$selected = 'selected';} - echo "\n" . '<option value="default" ' . $selected . ' >default</option>' . "\r"; + echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r"; foreach ($a_whitelist as $value) { $selected = ''; @@ -360,7 +371,7 @@ jQuery(document).ready(function() { if ($value['snortlisttype'] == 'netlist') // filter { - echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . $value['filename'] . '</option>' . "\r"; + echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r"; } } @@ -391,14 +402,14 @@ jQuery(document).ready(function() { $selected = ''; if ($a_list['suppresslistname'] == 'default'){$selected = 'selected';} - echo "\n" . '<option value="default" ' . $selected . ' >default</option>' . "\r"; + echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r"; foreach ($a_suppresslist as $value) { $selected = ''; if ($value['filename'] == $a_list['suppresslistname']){$selected = 'selected';} - echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . $value['filename'] . '</option>' . "\r"; + echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r"; } ?> @@ -407,11 +418,26 @@ jQuery(document).ready(function() { <span class="vexpl">Choose the suppression or filtering file you will like this rule to use. <span class="red"> Note:</span> Default option disables suppression and filtering.</span> </td> - </tr> + </tr> <tr> <td colspan="2" valign="top" class="listtopic">Choose the types of logs snort should create.</td> </tr> <tr> + <td width="22%" valign="top" class="vncell2">Type of Unified Logging</td> + <td width="78%" class="vtable"> + <select name="snortalertlogtype" class="formfld" id="snortalertlogtype"> + + <?php + $snortalertlogtypePerfList = array('full' => 'FULL', 'fast' => 'FAST', 'disable' => 'DISABLE'); + snortDropDownList($snortalertlogtypePerfList, $a_list['snortalertlogtype']); + ?> + + </select> + <br> + <span class="vexpl">Snort will log Alerts to a file in the UNIFIED format. Full is a requirement for the snort wigdet.</span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell2">Send alerts to mainSystem logs</td> <td width="78%" class="vtable"> <input name="alertsystemlog" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['alertsystemlog'] == 'on' ? 'checked' : '';?> > diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php index 64f81643..1986a727 100644 --- a/config/snort-dev/snort_interfaces_global.php +++ b/config/snort-dev/snort_interfaces_global.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_interfaces_rules.php b/config/snort-dev/snort_interfaces_rules.php index 8f1631a2..51b8cbb4 100644 --- a/config/snort-dev/snort_interfaces_rules.php +++ b/config/snort-dev/snort_interfaces_rules.php @@ -1,15 +1,18 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. - Modified for the Snaort Package By - Copyright (C) 2008-2011 Robert Zelaya. - All rights reserved. + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -21,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -31,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_interfaces_rules_edit.php b/config/snort-dev/snort_interfaces_rules_edit.php index 7db725af..33b2f7e0 100644 --- a/config/snort-dev/snort_interfaces_rules_edit.php +++ b/config/snort-dev/snort_interfaces_rules_edit.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_interfaces_suppress.php b/config/snort-dev/snort_interfaces_suppress.php index 83e87838..4df94ec9 100644 --- a/config/snort-dev/snort_interfaces_suppress.php +++ b/config/snort-dev/snort_interfaces_suppress.php @@ -1,15 +1,18 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. - Modified for the Snaort Package By - Copyright (C) 2008-2011 Robert Zelaya. - All rights reserved. + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -21,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -31,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_interfaces_suppress_edit.php b/config/snort-dev/snort_interfaces_suppress_edit.php index 28bb7868..7f6f178d 100644 --- a/config/snort-dev/snort_interfaces_suppress_edit.php +++ b/config/snort-dev/snort_interfaces_suppress_edit.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_interfaces_whitelist.php b/config/snort-dev/snort_interfaces_whitelist.php index 0ceed8c0..d13b380a 100644 --- a/config/snort-dev/snort_interfaces_whitelist.php +++ b/config/snort-dev/snort_interfaces_whitelist.php @@ -1,15 +1,18 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. - Modified for the Snaort Package By - Copyright (C) 2008-2011 Robert Zelaya. - All rights reserved. + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -21,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -31,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php index 689fb719..44b1d0f2 100644 --- a/config/snort-dev/snort_interfaces_whitelist_edit.php +++ b/config/snort-dev/snort_interfaces_whitelist_edit.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once('guiconfig.inc'); require_once('/usr/local/pkg/snort/snort_new.inc'); diff --git a/config/snort-dev/snort_json_get.php b/config/snort-dev/snort_json_get.php index ecab3a13..84cc8ed7 100644 --- a/config/snort-dev/snort_json_get.php +++ b/config/snort-dev/snort_json_get.php @@ -1,4 +1,45 @@ <?php +/* $Id$ */ +/* + + part of pfSense + All rights reserved. + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php index 37950f91..7ec85d4d 100644 --- a/config/snort-dev/snort_json_post.php +++ b/config/snort-dev/snort_json_post.php @@ -1,5 +1,45 @@ <?php +/* $Id$ */ +/* + part of pfSense + All rights reserved. + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); @@ -14,42 +54,53 @@ function snortJsonReturnCode($returnStatus) { if ($returnStatus == true) { echo '{"snortgeneralsettings":"success","snortUnhideTabs":"true"}'; + return true; }else{ echo '{"snortgeneralsettings":"fail"}'; - } + return false; + } } // row from db by uuid if ($_POST['snortSidRuleEdit'] == 1) { - unset($_POST['snortSidRuleEdit']); + function snortSidRuleEditFunc() + { - snortSidStringRuleEditGUI(); + unset($_POST['snortSidRuleEdit']); + snortSidStringRuleEditGUI(); + + } + snortSidRuleEditFunc(); } // row from db by uuid if ($_POST['snortSaveRuleSets'] == 1) { + + function snortSaveRuleSetsFunc() + { - if ($_POST['ifaceTab'] == 'snort_rulesets') { - // unset POSTs that are markers not in db - unset($_POST['snortSaveRuleSets']); - unset($_POST['ifaceTab']); + if ($_POST['ifaceTab'] == 'snort_rulesets') { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSetList()); + } - snortJsonReturnCode(snortSql_updateRuleSetList()); - - } - - - if ($_POST['ifaceTab'] == 'snort_rules') { - // unset POSTs that are markers not in db - unset($_POST['snortSaveRuleSets']); - unset($_POST['ifaceTab']); - snortJsonReturnCode(snortSql_updateRuleSigList()); - } + if ($_POST['ifaceTab'] == 'snort_rules') { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSigList()); + } + } + snortSaveRuleSetsFunc(); } // END of rulesSets @@ -57,29 +108,35 @@ if ($_POST['snortSaveRuleSets'] == 1) { if ($_POST['RMlistDelRow'] == 1) { - $rm_row_list = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']); - - // list rules in the default dir - if ($_POST['RMlistTable'] == 'SnortIfaces') { - - $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid'] . '_' . $rm_row_list['interface']; - - exec('/bin/rm -r ' . $snortRuleDir); - } + function RMlistDelRowFunc() + { - // rm ruledb and files - if ($_POST['RMlistTable'] == 'Snortrules') { - - $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}"; + $rm_row_list = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']); + + // list rules in the default dir + if ($_POST['RMlistTable'] == 'SnortIfaces') { + + $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid']; + + exec('/bin/rm -r ' . $snortRuleDir); + } - exec('/bin/rm -r ' . $snortRuleDir); - } + // rm ruledb and files + if ($_POST['RMlistTable'] == 'Snortrules') { + + $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}"; + + exec('/bin/rm -r ' . $snortRuleDir); + } + + if ($_POST['RMlistTable'] == 'SnortWhitelist') { + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortWhitelistips', 'filename', $rm_row_list['filename']); + } - if ($_POST['RMlistTable'] == 'SnortWhitelist') { - snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortWhitelistips', 'filename', $rm_row_list['filename']); - } + snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); - snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); + } + RMlistDelRowFunc(); } @@ -87,255 +144,277 @@ if ($_POST['RMlistDelRow'] == 1) { // general settings save if ($_POST['snortSaveSettings'] == 1) { + function snortSaveSettingsFunc() + { - // Save ruleDB settings - if ($_POST['dbTable'] == 'Snortrules') { - - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); - - if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) { - - // creat iface dir and ifcae rules dir - exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - - - // NOTE: code only works on php5 - $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); - $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); - $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); - - if (!empty($listSnortRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - } - if (!empty($listEmergingRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - } - if (!empty($listPfsenseRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - } - - - } //end of mkdir - - snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); - - } - - // Save general settings - if ($_POST['dbTable'] == 'SnortSettings') { - - if ($_POST['ifaceTab'] == 'snort_interfaces_global') { - // checkboxes when set to off never get included in POST thus this code - $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); - } - - if ($_POST['ifaceTab'] == 'snort_alerts') { - - if (!isset($_POST['arefresh'])) - $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); - - } - - if ($_POST['ifaceTab'] == 'snort_blocked') { - - if (!isset($_POST['brefresh'])) - $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); - - } - - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); - - - snortJsonReturnCode(snortSql_updateSettings('id', '1')); - - } // end of dbTable SnortSettings - - // Save rule settings on the interface edit tab - if ($_POST['dbTable'] == 'SnortIfaces') { - - // snort interface edit - if ($_POST['ifaceTab'] == 'snort_interfaces_edit') { - - if (!isset($_POST['enable'])) - $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); - - if (!isset($_POST['blockoffenders7'])) - $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']); - - if (!isset($_POST['alertsystemlog'])) - $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']); - - if (!isset($_POST['tcpdumplog'])) - $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']); - - if (!isset($_POST['snortunifiedlog'])) - $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']); - - // convert textbox to base64 - $_POST['configpassthru'] = base64_encode($_POST['configpassthru']); + // Save ruleDB settings + if ($_POST['dbTable'] == 'Snortrules') { - /* - * make dir for the new iface - * may need to move this as a func to new_snort,inc - */ + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); - $newSnortDir = 'sn_' . $_POST['uuid'] . '_' . $_POST['interface']; - - if (!is_dir("/usr/local/etc/snort/{$newSnortDir}")) { + if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) { // creat iface dir and ifcae rules dir - exec("/bin/mkdir -p /usr/local/etc/snort/{$newSnortDir}"); + exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + - /* // NOTE: code only works on php5 - $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snort_rules/rules', '\.rules'); - $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/emerging_rules/rules', '\.rules'); - $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/pfsense_rules/rules', '\.rules'); + $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); + $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); + $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); if (!empty($listSnortRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snort_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules"); + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); } if (!empty($listEmergingRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/emerging_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules"); + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); } if (!empty($listPfsenseRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/pfsense_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules"); + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); } - */ - + - } //end of mkdir - - } // end of snort_interfaces_edit - - // snort preprocessor edit - if ($_POST['ifaceTab'] == 'snort_preprocessors') { - - if (!isset($_POST['dce_rpc_2'])) - $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']); - - if (!isset($_POST['dns_preprocessor'])) - $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']); - - if (!isset($_POST['ftp_preprocessor'])) - $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']); - - if (!isset($_POST['http_inspect'])) - $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']); - - if (!isset($_POST['other_preprocs'])) - $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']); - - if (!isset($_POST['perform_stat'])) - $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']); - - if (!isset($_POST['sf_portscan'])) - $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']); - - if (!isset($_POST['smtp_preprocessor'])) - $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']); + } //end of mkdir + + snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); } - - // snort barnyard edit - if ($_POST['ifaceTab'] == 'snort_barnyard') { - // make shure iface is lower case - $_POST['interface'] = strtolower($_POST['interface']); + + // Save general settings + if ($_POST['dbTable'] == 'SnortSettings') { + + if ($_POST['ifaceTab'] == 'snort_interfaces_global') { + // checkboxes when set to off never get included in POST thus this code + $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); + } + + if ($_POST['ifaceTab'] == 'snort_alerts') { + + if (!isset($_POST['arefresh'])) + $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); + + } + + if ($_POST['ifaceTab'] == 'snort_blocked') { + + if (!isset($_POST['brefresh'])) + $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); + + } - if (!isset($_POST['barnyard_enable'])) - $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']); + // unset POSTs that are markers not in db + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + - } + snortJsonReturnCode(snortSql_updateSettings('id', '1')); + + } // end of dbTable SnortSettings + + // Save rule settings on the interface edit tab + if ($_POST['dbTable'] == 'SnortIfaces') { + + // snort interface edit + if ($_POST['ifaceTab'] == 'snort_interfaces_edit') { + + if (!isset($_POST['enable'])) + $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); + + if (!isset($_POST['blockoffenders7'])) + $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']); + + if (!isset($_POST['alertsystemlog'])) + $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']); + if (!isset($_POST['tcpdumplog'])) + $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']); - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); + if (!isset($_POST['snortunifiedlog'])) + $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']); + + // convert textbox to base64 + $_POST['configpassthru'] = base64_encode($_POST['configpassthru']); + + /* + * make dir for the new iface, if iface exists or rule dir has changed redo soft link + * may need to move this as a func to new_snort.inc + */ + + $newSnortDir = 'sn_' . $_POST['uuid']; + $pathToSnortDir = '/usr/local/etc/snort'; + + // creat iface dir and ifcae rules dir + if (!is_dir("{$pathToSnortDir}/{$newSnortDir}")) { + createNewIfaceDir($pathToSnortDir, $newSnortDir); + } //end of mkdir + + // change the rule path + if (is_dir("{$pathToSnortDir}/{$newSnortDir}")) { + + $snortCurrentRuleDbName = snortSql_fetchAllSettings('snortDB', 'snortIfaces', 'uuid', $_POST['uuid']); + + if ($_POST['ruledbname'] !== $snortCurrentRuleDbName['ruledbname'] || !file_exists("{$pathToSnortDir}/{$newSnortDir}/rules")) { + + // NOTE: use full paths or link rm will not work, Freebsd love + exec("/bin/rm {$pathToSnortDir}/{$newSnortDir}/rules"); + exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/{$newSnortDir}/rules"); + + } + + } + + } // end of snort_interfaces_edit + + // snort preprocessor edit + if ($_POST['ifaceTab'] == 'snort_preprocessors') { + + if (!isset($_POST['dce_rpc_2'])) + $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']); + + if (!isset($_POST['dns_preprocessor'])) + $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']); + + if (!isset($_POST['ftp_preprocessor'])) + $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']); + + if (!isset($_POST['http_inspect'])) + $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']); + + if (!isset($_POST['other_preprocs'])) + $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']); + + if (!isset($_POST['perform_stat'])) + $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']); + + if (!isset($_POST['sf_portscan'])) + $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']); + + if (!isset($_POST['smtp_preprocessor'])) + $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']); + + } + + // snort barnyard edit + if ($_POST['ifaceTab'] == 'snort_barnyard') { + // make shure iface is lower case + $_POST['interface'] = strtolower($_POST['interface']); + + if (!isset($_POST['barnyard_enable'])) + $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']); + + } + + + // unset POSTs that are markers not in db + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); - snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); - - } // end of dbTable Snortrules + } // end of dbTable SnortIfaces + + } + snortSaveSettingsFunc(); } // STOP General Settings Save // Suppress settings save if ($_POST['snortSaveSuppresslist'] == 1) { + + function snortSaveSuppresslistFunc() + { - // post for supress_edit - if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') { - - // make sure filename is valid - if (!is_validFileName($_POST['filename'])) { - echo 'Error: FileName'; - return false; + // post for supress_edit + if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') { + + // make sure filename is valid + if (!is_validFileName($_POST['filename'])) { + echo 'Error: FileName'; + return false; + } + + // unset POSTs that are markers not in db + unset($_POST['snortSaveSuppresslist']); + unset($_POST['ifaceTab']); + + // convert textbox to base64 + $_POST['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); + + // Write to database + snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); + } - - // unset POSTs that are markers not in db - unset($_POST['snortSaveSuppresslist']); - unset($_POST['ifaceTab']); - - // convert textbox to base64 - $_POST['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); - - // Write to database - snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); - - } + + } + snortSaveSuppresslistFunc(); } // Whitelist settings save if ($_POST['snortSaveWhitelist'] == 1) { + + function snortSaveWhitelistFunc() + { - if ($_POST['ifaceTab'] == 'snort_interfaces_whitelist_edit') { - - if (!is_validFileName($_POST['filename'])) { - echo 'Error: FileName'; - return false; + if ($_POST['ifaceTab'] == 'snort_interfaces_whitelist_edit') { + + if (!is_validFileName($_POST['filename'])) { + echo 'Error: FileName'; + return false; + } + + $_POST['wanips'] = ($_POST['wanips'] == '' ? off : $_POST['wanips']); + $_POST['wangateips'] = ($_POST['wangateips'] == '' ? off : $_POST['wangateips']); + $_POST['wandnsips'] = ($_POST['wandnsips'] == '' ? off : $_POST['wandnsips']); + $_POST['vips'] = ($_POST['vips'] == '' ? off : $_POST['vips']); + $_POST['vpnips'] = ($_POST['vpnips'] == '' ? off : $_POST['vpnips']); + + } + + // unset POSTs that are markers not in db + unset($_POST['snortSaveWhitelist']); + unset($_POST['ifaceTab']); + + // Split the POST for 2 arraus + $whitelistIPs = $_POST['list']; + unset($_POST['list']); + + + if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) { + snortJsonReturnCode(true); + }else{ + snortJsonReturnCode(false); } - - $_POST['wanips'] = ($_POST['wanips'] == '' ? off : $_POST['wanips']); - $_POST['wangateips'] = ($_POST['wangateips'] == '' ? off : $_POST['wangateips']); - $_POST['wandnsips'] = ($_POST['wandnsips'] == '' ? off : $_POST['wandnsips']); - $_POST['vips'] = ($_POST['vips'] == '' ? off : $_POST['vips']); - $_POST['vpnips'] = ($_POST['vpnips'] == '' ? off : $_POST['vpnips']); - - } - - // unset POSTs that are markers not in db - unset($_POST['snortSaveWhitelist']); - unset($_POST['ifaceTab']); - - // Split the POST for 2 arraus - $whitelistIPs = $_POST['list']; - unset($_POST['list']); - - if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) { - snortJsonReturnCode(true); - }else{ - snortJsonReturnCode(false); - } - + } + snortSaveWhitelistFunc(); } // download code for alerts page if ($_POST['snortlogsdownload'] == 1) { - conf_mount_rw(); - snort_downloadAllLogs(); - conf_mount_ro(); + + function snortlogsdownloadFunc() + { + conf_mount_rw(); + snort_downloadAllLogs(); + conf_mount_ro(); + } + snortlogsdownloadFunc(); } // download code for alerts page if ($_POST['snortblockedlogsdownload'] == 1) { - conf_mount_rw(); - snort_downloadBlockedIPs(); - conf_mount_ro(); + + function snortblockedlogsdownloadFunc() + { + conf_mount_rw(); + snort_downloadBlockedIPs(); + conf_mount_ro(); + } + snortblockedlogsdownloadFunc(); } @@ -343,25 +422,37 @@ if ($_POST['snortblockedlogsdownload'] == 1) { // code neeed to be worked on when finnished rules code if ($_POST['snortlogsdelete'] == 1) { - conf_mount_rw(); - snortDeleteLogs(); - conf_mount_ro(); + function snortlogsdeleteFunc() + { + conf_mount_rw(); + snortDeleteLogs(); + conf_mount_ro(); + } + snortlogsdeleteFunc(); } // flushes snort2c table if ($_POST['snortflushpftable'] == 1) { - conf_mount_rw(); - snortRemoveBlockedIPs(); - conf_mount_ro(); + function snortflushpftableFunc() + { + conf_mount_rw(); + snortRemoveBlockedIPs(); + conf_mount_ro(); + } + snortflushpftableFunc(); } // reset db reset_snortgeneralsettings if ($_POST['reset_snortgeneralsettings'] == 1) { - conf_mount_rw(); - reset_snortgeneralsettings(); - conf_mount_ro(); + function reset_snortgeneralsettingsFunc() + { + conf_mount_rw(); + reset_snortgeneralsettings(); + conf_mount_ro(); + } + reset_snortgeneralsettingsFunc(); } diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc index 1f387370..b2e48a2a 100644 --- a/config/snort-dev/snort_new.inc +++ b/config/snort-dev/snort_new.inc @@ -1,10 +1,56 @@ <?php +/* $Id$ */ +/* + + part of pfSense + All rights reserved. + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + // unset crsf checks if(isset($_POST['__csrf_magic'])) { unset($_POST['__csrf_magic']); } +//require_once("pfsense-utils.inc"); +require_once("config.inc"); +require_once("functions.inc"); + // Wites selected sig to file function snortSidStringRuleEditGUI() { @@ -39,6 +85,32 @@ function sendSidStringRuleEditGUI() return true; } +// create new Ifac dirs and soft links +function createNewIfaceDir($pathToSnortDir, $newSnortDir) { + + exec("/bin/mkdir -p {$pathToSnortDir}/{$newSnortDir}"); + + // create rules dir soft link if setting is default + if ($_POST['ruledbname'] === 'default' || $_POST['ruledbname'] === '') { + if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { + exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/default/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules"); + } + } + + // create rules dir soft link if setting is not default + if ($_POST['ruledbname'] !== 'default' || $_POST['ruledbname'] != '') { + if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists("{$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules")) { + exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules"); + } + } + + // cp new rules + exec("/bin/cp {$pathToSnortDir}/etc/*.config {$pathToSnortDir}/sn_{$_POST['uuid']}"); + exec("/bin/cp {$pathToSnortDir}/etc/*.conf {$pathToSnortDir}/sn_{$_POST['uuid']}"); + exec("/bin/cp {$pathToSnortDir}/etc/*.map {$pathToSnortDir}/sn_{$_POST['uuid']}"); + exec("/bin/cp {$pathToSnortDir}/etc/generators {$pathToSnortDir}/sn_{$_POST['uuid']}"); + exec("/bin/cp {$pathToSnortDir}/etc/sid {$pathToSnortDir}/sn_{$_POST['uuid']}"); +} // end of func function escapeJsonString($escapeString) { @@ -422,7 +494,7 @@ function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid) $chktable = sqlite_fetch_array($result, SQLITE_ASSOC); } - if ($type == 'All' || $type == 'ifaceuuid' || $type == 'ruledbname' || $type == 'rdbuuid') { + if ($type == 'All' || $type == 'ifaceuuid' || $type == 'ruledbname' || $type == 'rdbuuid' || $type == 'filename') { $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); } @@ -912,14 +984,13 @@ function post_delete_logs() $id += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - if ($if_real != '' && $snort_uuid != '') + if ($snort_uuid != '') { if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on') { - $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2."; + $snort_log_file_u2 = "{$snort_uuid}.u2."; $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2); if (is_array($snort_list_u2)) { usort($snort_list_u2, "snort_file_sort"); @@ -927,12 +998,12 @@ function post_delete_logs() snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]); } }else{ - exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*"); + exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.u2*"); } if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on') { - $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump."; + $snort_log_file_tcpd = "{$snort_uuid}.tcpdump."; $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd); if (is_array($snort_list_tcpd)) { usort($snort_list_tcpd, "snort_file_sort"); @@ -940,7 +1011,7 @@ function post_delete_logs() snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); } }else{ - exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*"); + exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.tcpdump*"); } /* create barnyard2 configuration file */ @@ -949,7 +1020,7 @@ function post_delete_logs() if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on) { - exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats"); + exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}.stats"); } } } diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php index e0c334ba..dc788045 100644 --- a/config/snort-dev/snort_preprocessors.php +++ b/config/snort-dev/snort_preprocessors.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index 1edc31e2..55cf47ac 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -1,14 +1,18 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. Pfsense snort GUI - Copyright (C) 2008-2011 Robert Zelaya. + Copyright (C) 2008-2012 Robert Zelaya. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -20,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -30,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php index 051a8398..dac80023 100644 --- a/config/snort-dev/snort_rulesets.php +++ b/config/snort-dev/snort_rulesets.php @@ -1,13 +1,19 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + + part of pfSense + All rights reserved. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,7 +38,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); |