diff options
41 files changed, 1049 insertions, 2156 deletions
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index 0ef32a07..f61936a7 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -32,7 +32,13 @@ require_once("util.inc"); require("globals.inc"); #require("guiconfig.inc"); -$uname=posix_uname(); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('DANSGUARDIAN_DIR', '/usr/pbi/dansguardian-' . php_uname("m")); +else + define('DANSGUARDIAN_DIR', '/usr/local'); + + $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); @@ -423,7 +429,7 @@ function sync_package_dansguardian() { file_put_contents($dansguardian_dir."/lists/logsitelist.".$dansguardian_site['name'],($dansguardian_site['urlsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']):""),LOCK_EX); $count++; } - + #URL ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianurlacl']['config'])) @@ -682,11 +688,12 @@ function sync_package_dansguardian() { $dansguardian_log['report_file']=base64_encode($report_file); $load_samples++; } + #exception ip list #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianips']['config'])) - $config['installedpackages']['dansguardianips']['config'][0]=array(); - if($config['installedpackages']['dansguardianips']['config'][0]['exceptioniplist']){ + $config['installedpackages']['dansguardianips']['config'][0]=array("exceptioniplist" => ""); + if($config['installedpackages']['dansguardianips']['config'][0]['exceptioniplist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptioniplist.sample')){ $config['installedpackages']['dansguardianips']['config'][0]['exceptioniplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptioniplist.sample')); $load_samples++; } diff --git a/config/snort/css/sexybuttons.css b/config/snort/css/sexybuttons.css deleted file mode 100644 index c3834b44..00000000 --- a/config/snort/css/sexybuttons.css +++ /dev/null @@ -1,342 +0,0 @@ -/* - * Sexy Buttons - * - * DESCRIPTION: - * Sexy, skinnable HTML/CSS buttons with icons. - * - * PROJECT URL: - * http://code.google.com/p/sexybuttons/ - * - * AUTHOR: - * Richard Davies - * http://www.richarddavies.us - * Richard@richarddavies.us - * - * VERSION: - * 1.1 - * - * LICENSE: - * Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0) - * Creative Commons 3.0 Attribution (http://creativecommons.org/licenses/by/3.0/) - * - * CREDITS: - * Inspired by, derived from, and thanks to: - * http://www.p51labs.com/simply-buttons-v2/ - * http://www.oscaralexander.com/tutorials/how-to-make-sexy-buttons-with-css.html - * http://www.zurb.com/article/266/super-awesome-buttons-with-css3-and-rgba - * http://www.elctech.com/snippets/make-your-buttons-look-super-awesome - * - * USAGE: - * Simply add class="sexybutton [skin]" to a <button> or <a> element and wrap the label text with double <span>s. - * You can optionally add a "silk" icon to the button text by using a third <span> with class to identify the icon. - * - * EXAMPLE: - * <button id="btn1" class="sexybutton" name="btn1" type="submit" value="Submit"> - * <span><span><span class="ok">Submit</span></span></span> - * </button> - */ - - -/* - * Generic styles for all Sexy Buttons - */ - -.sexybutton { - display: inline-block; - margin: 0; - padding: 0; - font: bold 13px "Helvetica Neue", Helvetica, Arial !important; - text-decoration: none !important; - text-shadow: 1px 1px 2px rgba(0,0,0,0.20); - background: none; - border: none; - white-space: nowrap; - cursor: pointer; - user-select: none; - -moz-user-select: none; - - /* Fix extra width padding in IE */ - _width: 0; - overflow: visible; -} - -.sexybutton span { - display: block; /* Prevents :active from working in IE--oh well! */ - height: 24px; - padding-right: 12px; - background-repeat: no-repeat; - background-position: right top; -} - -.sexybutton span span { - padding-right: 0; - padding-left: 12px; - line-height: 24px; - background-position: left top; -} - -.sexybutton span span span { - padding-left: 21px; - background-image: none; - background-repeat: no-repeat; - background-position: left center; - /* IE6 still requires a PNG transparency fix */ - /* _background-image: none; Or just hide icons from the undeserving IE6 */ - /* _padding-left: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton span span span.after { - padding-left: 0px; - padding-right: 21px; - background-position: right center; - /* IE6 still requires a PNG transparency fix */ - /* _padding-right: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton[disabled], -.sexybutton[disabled]:hover, -.sexybutton[disabled]:focus, -.sexybutton[disabled]:active, -.sexybutton.disabled, -.sexybutton.disabled:hover, -.sexybutton.disabled:focus, -.sexybutton.disabled:active { - color: #333 !important; - cursor: inherit; - text-shadow: none; - opacity: 0.33; -} - -.sexybutton:hover span, -.sexybutton:focus span { - background-position: 100% -24px; -} - -.sexybutton:hover span span, -.sexybutton:focus span span { - background-position: 0% -24px; -} - -.sexybutton:active span { - background-position: 100% -48px; -} - -.sexybutton:active span span { - background-position: 0% -48px; -} - -.sexybutton[disabled] span, -.sexybutton.disabled span { - background-position: 100% -72px; -} - -.sexybutton[disabled] span span, -.sexybutton.disabled span span { - background-position: 0% -72px; -} - -.sexybutton:hover span span span, -.sexybutton:focus span span span, -.sexybutton:active span span span, -.sexybutton[disabled] span span span, -.sexybutton.disabled span span span { - background-position: left center; -} - -.sexybutton:hover span span span.after, -.sexybutton:focus span span span.after, -.sexybutton:active span span span.after, -.sexybutton[disabled] span span span.after, -.sexybutton.disabled span span span.after { - background-position: right center; -} - -.sexybutton img { - margin-right: 5px; - vertical-align: text-top; - /* IE6 Hack */ - _margin-top: 4px; - _vertical-align: text-bottom; - /* IE6 still requires a PNG transparency fix */ - /* _display: none; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton img.after { - margin-right: 0; - margin-left: 5px; - /* IE6 still requires a PNG transparency fix */ - /* _margin-left: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton.sexysmalls { font-size:.8em !important; } -.sexybutton.sexymedium { font-size: 15px !important; } -.sexybutton.sexylarge { font-size: 18px !important; } - - -/* - * Button Skins - * - * .PNG background images with alpha transparency are also supplied if you'd rather use them instead of the - * default .GIF images. (Just beware of IE6's lack of support.) - * - * Additional skins can be added below. The images/skins/ButtonTemplate.psd can be used to create new skins. - * Prefix the skin name with "sexy" to avoid any potential conflicts with other class names. - */ - -/* - * Simple Skin Buttons - */ - -.sexybutton.sexysimple { - position: relative; - padding: 5px 10px 5px; - font: inherit; - font-size: .85em !important; - font-style: normal !important; - font-weight: bold !important; - color: #fff !important; - line-height: 1; - background-image: url(/snort/images//awesome-overlay-sprite.png); - background-repeat: repeat-x; - background-position: 0 0; - - /* Special effects */ - text-shadow: 0 -1px 1px rgba(0,0,0,0.25), -2px 0 1px rgba(0,0,0,0.25); - border-radius: 5px; - -moz-border-radius: 5px; - -webkit-border-radius: 5px; - -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5); - -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5); - - /* IE only stuff */ - border-bottom: 1px solid transparent\9; - _background-image: none; - - /* Cross browser inline block hack - http://blog.mozilla.com/webdev/2009/02/20/cross-browser-inline-block/ */ - display: -moz-inline-stack; - display: inline-block; - vertical-align: middle; - *display: inline !important; - position: relative; - - /* Force hasLayout in IE */ - zoom: 1; - - /* Disable text selection (Firefox only)*/ - -moz-user-select: none; -} - -.sexybutton.sexysimple::selection { - background: transparent; -} - -.sexybutton.sexysimple:hover, -.sexybutton.sexysimple:focus { - background-position: 0 -50px; - color: #fff !important; -} - -.sexybutton.sexysimple:active { - background-position: 0 -100px; - -moz-box-shadow: inset 0 1px 2px rgba(0,0,0,0.7); - /* Unfortunately, Safari doesn't support inset yet */ - -webkit-box-shadow: none; - - /* IE only stuff */ - border-bottom: 0\9; - border-top: 1px solid #666\9; -} - -.sexybutton.sexysimple[disabled], -.sexybutton.sexysimple.disabled { - background-position: 0 -150px; - color: #333 !important; - text-shadow: none; -} - -.sexybutton.sexysimple[disabled]:hover, -.sexybutton.sexysimple[disabled]:focus, -.sexybutton.sexysimple[disabled]:active, -.sexybutton.sexysimple.disabled:hover, -.sexybutton.sexysimple.disabled:focus, -.sexybutton.sexysimple.disabled:active { - -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5); - -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5); -} - -.sexybutton.sexysimple span { - height: auto; - padding-left: 24px; - padding-right: 0; - background-position: left center; - background-repeat: no-repeat; - /* IE6 still requires a PNG transparency fix */ - /* _padding-left: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton.sexysimple span.after { - padding-left: 0; - padding-right: 24px; - background-position: right center; - /* IE6 still requires a PNG transparency fix */ - /* _padding-right: 0; Or just hide icons from the undeserving IE6 */ -} - -/* Simple button colors */ -.sexybutton.sexysimple { background-color: #333; } /* Default */ -.sexybutton.sexysimple.sexyblack { background-color: #333; } -.sexybutton.sexysimple.sexyred { background-color: #a90118; } -.sexybutton.sexysimple.sexyorange { background-color: #ff8a00; } -.sexybutton.sexysimple.sexyyellow { background-color: #ffb515; } -.sexybutton.sexysimple.sexygreen { background-color: #59a901; } -.sexybutton.sexysimple.sexyblue { background-color: #015ea9; } -.sexybutton.sexysimple.sexyteal { background-color: #2daebf; } -.sexybutton.sexysimple.sexymagenta { background-color: #a9014b; } -.sexybutton.sexysimple.sexypurple { background-color: #9d01a9; } - -/* Simple button sizes */ -.sexybutton.sexysimple.sexysmall { padding: 4px 7px 5px; font-size: 10px !important; } -.sexybutton.sexysimple.sexysmall:active { padding: 5px 7px 4px; } -.sexybutton.sexysimple { /* default */ } -.sexybutton.sexysimple:active { padding: 6px 10px 4px; } -.sexybutton.sexysimple.sexymedium { /* default */ } -.sexybutton.sexysimple.sexymedium:active { padding: 6px 10px 4px; } -.sexybutton.sexysimple.sexylarge { padding: 8px 14px 8px; font-size: 14px !important; } -.sexybutton.sexysimple.sexylarge:active { padding: 9px 14px 7px; } -.sexybutton.sexysimple.sexyxl { padding: 8px 14px 8px; font-size: 16px !important; } -.sexybutton.sexysimple.sexyxl:active { padding: 9px 14px 7px; } -.sexybutton.sexysimple.sexyxxl { padding: 8px 14px 8px; font-size: 20px !important; } -.sexybutton.sexysimple.sexyxxl:active { padding: 9px 14px 7px; } -.sexybutton.sexysimple.sexyxxxl { padding: 8px 14px 8px; font-size: 26px !important; } -.sexybutton.sexysimple.sexyxxxl:active { padding: 9px 14px 7px; } - -.sexybutton.sexysimple.sexysmall[disabled]:active, -.sexybutton.sexysimple.sexysmall.disabled:active { padding: 4px 7px 5px; } -.sexybutton.sexysimple[disabled]:active, -.sexybutton.sexysimple.disabled:active { padding: 5px 10px 5px; } -.sexybutton.sexysimple.sexymedium[disabled]:active, -.sexybutton.sexysimple.sexymedium.disabled:active { padding: 6px 10px 4px; } -.sexybutton.sexysimple.sexylarge[disabled]:active, -.sexybutton.sexysimple.sexylarge.disabled:active { padding: 8px 14px 8px; } -.sexybutton.sexysimple.sexyxl[disabled]:active, -.sexybutton.sexysimple.sexyxl.disabled:active { padding: 8px 14px 8px; } -.sexybutton.sexysimple.sexyxxl[disabled]:active, -.sexybutton.sexysimple.sexyxxl.disabled:active { padding: 8px 14px 8px; } -.sexybutton.sexysimple.sexyxxxl[disabled]:active, -.sexybutton.sexysimple.sexyxxxl.disabled:active { padding: 8px 14px 8px; } - - -/* - * Icon Definitions - */ - -/* Silk Icons - http://www.famfamfam.com/lab/icons/silk/ */ -/* (Obviously not all Silk icons are defined here. Feel free to define any other icons that you may need.) */ - -.sexybutton span.ok { background-image: url(/snort/images//tick.png) !important; } -.sexybutton span.cancel { background-image: url(/snort/images//cross.png) !important; } -.sexybutton span.add { background-image: url(/snort/images//add.png) !important; } -.sexybutton span.delete { background-image: url(/snort/images//delete.png) !important; } -.sexybutton span.download { background-image: url(/snort/images//arrow_down.png) !important; } -.sexybutton span.pwhitetxt { background-image: url(/snort/images//page_white_text.png) !important; } - diff --git a/config/snort/css/style.css b/config/snort/css/style.css deleted file mode 100644 index b484966c..00000000 --- a/config/snort/css/style.css +++ /dev/null @@ -1,206 +0,0 @@ -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} - -.formpre { -font-family:arial; -font-size: 1.1em; -} - -#download_rules { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -#download_rules_td { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -/* hack fix the hard coded fbegin link */ -#header-left2 { -position: absolute; -background-position: center center; -height: 67px; -width: 147px; -top: -77px; -left: 8px; -float: left; -z-index:999; -} -#header-left2 #status-link2 { - position: relative; - top: 3px; - left: 2px; -} -/* end of fbegin hack */ - -.body2 { -font-family:arial; -font-size:12px; -} - - - - -/* Start of main css Pfsense */ -/* Start of main css Pfsense */ - -@charset "utf-8"; -.textstyle { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - background-color: #666; - color: #CCC; -} -.textstyle p2 a { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - color: #CCC; -} - -.textstyle p { - font-family: Arial, Helvetica, sans-serif; - font-size: 24px; - font-weight: bold; - color: #FFF; - text-decoration: underline; -} -.textstyle p2 { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - color: #CCC; -} - -/* Start of main css for table sort */ -/* Start of main css for table sort */ - -table { - margin: 0; - padding: 0; - border: 0; - font-weight: inherit; - font-style: inherit; - font-size: 9; - font-family: Arial, Helvetica, sans-serif; - vertical-align: baseline; -} - -/* Tables still need 'cellspacing="0"' in the markup. */ -table { border-collapse: separate; border-spacing: 0; } -caption, th, td { text-align: left; font-weight:400; } - -/* Remove possible quote marks (") from <q>, <blockquote>. */ -blockquote:before, blockquote:after, q:before, q:after { content: ""; } -blockquote, q { quotes: "" ""; } - -#container { - width: auto; - margin: 0px; - padding-top: 10px; - padding-bottom: 10px; -} - - - -/************************************************************** - - Sortable Table - v 1.4 - -**************************************************************/ - - - -th { - background-color: #eee; - background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px; - padding: 4px 4px 4px 14px; -} - -.allRow { - background-color: #eee; - padding: 4px; -} - -tr.altRow { - background-color: #fff; -} - -.leftAlign { - text-align: left; -} - -.centerAlign { - text-align: center; -} - -.rightAlign { - text-align: right; -} - -.sortedASC { - background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee; -} - -.sortedDESC { - background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee; -} - -.tableHeaderOver { - cursor: pointer; - color: #354158; -} - - -tr.selected { - background-color: 9999ff; - color: #000000; -} - -tr.over { - background-color: #993333; - color: #fff; - cursor: pointer; -} - -tr.hide { - display: none; -} -/***************************/ - -.mainTableFilter { - position: absolute; - top: 0; - left: -10px; - width: auto; -} - -.tableFilter { - border: 1px solid #ccc; - padding: 2px; - margin: 5px 0 10px 0; -} - -.tableFilter input { - border: 1px solid #ccc; -} - -.tableFilter select { - border: 1px solid #ccc; -} - diff --git a/config/snort/images/alert.jpg b/config/snort/images/alert.jpg Binary files differdeleted file mode 100644 index 96c24e35..00000000 --- a/config/snort/images/alert.jpg +++ /dev/null diff --git a/config/snort/images/arrow_down.png b/config/snort/images/arrow_down.png Binary files differdeleted file mode 100644 index 2c4e2793..00000000 --- a/config/snort/images/arrow_down.png +++ /dev/null diff --git a/config/snort/images/awesome-overlay-sprite.png b/config/snort/images/awesome-overlay-sprite.png Binary files differdeleted file mode 100644 index c3af7dd9..00000000 --- a/config/snort/images/awesome-overlay-sprite.png +++ /dev/null diff --git a/config/snort/images/down.gif b/config/snort/images/down.gif Binary files differdeleted file mode 100644 index 2b3c99fc..00000000 --- a/config/snort/images/down.gif +++ /dev/null diff --git a/config/snort/images/down2.gif b/config/snort/images/down2.gif Binary files differdeleted file mode 100644 index 71bf92eb..00000000 --- a/config/snort/images/down2.gif +++ /dev/null diff --git a/config/snort/images/footer.jpg b/config/snort/images/footer.jpg Binary files differdeleted file mode 100644 index 4af05707..00000000 --- a/config/snort/images/footer.jpg +++ /dev/null diff --git a/config/snort/images/footer2.jpg b/config/snort/images/footer2.jpg Binary files differdeleted file mode 100644 index 3332e085..00000000 --- a/config/snort/images/footer2.jpg +++ /dev/null diff --git a/config/snort/images/icon-table-sort-asc.png b/config/snort/images/icon-table-sort-asc.png Binary files differdeleted file mode 100644 index 0c127919..00000000 --- a/config/snort/images/icon-table-sort-asc.png +++ /dev/null diff --git a/config/snort/images/icon-table-sort-desc.png b/config/snort/images/icon-table-sort-desc.png Binary files differdeleted file mode 100644 index 5c52f2d0..00000000 --- a/config/snort/images/icon-table-sort-desc.png +++ /dev/null diff --git a/config/snort/images/icon-table-sort.png b/config/snort/images/icon-table-sort.png Binary files differdeleted file mode 100644 index 3cae604b..00000000 --- a/config/snort/images/icon-table-sort.png +++ /dev/null diff --git a/config/snort/images/icon_excli.png b/config/snort/images/icon_excli.png Binary files differdeleted file mode 100644 index 4b54fa31..00000000 --- a/config/snort/images/icon_excli.png +++ /dev/null diff --git a/config/snort/images/logo.jpg b/config/snort/images/logo.jpg Binary files differdeleted file mode 100644 index fa01d818..00000000 --- a/config/snort/images/logo.jpg +++ /dev/null diff --git a/config/snort/images/logo22.png b/config/snort/images/logo22.png Binary files differdeleted file mode 100644 index 64ed9d75..00000000 --- a/config/snort/images/logo22.png +++ /dev/null diff --git a/config/snort/images/page_white_text.png b/config/snort/images/page_white_text.png Binary files differdeleted file mode 100644 index 813f712f..00000000 --- a/config/snort/images/page_white_text.png +++ /dev/null diff --git a/config/snort/images/up.gif b/config/snort/images/up.gif Binary files differdeleted file mode 100644 index 89596771..00000000 --- a/config/snort/images/up.gif +++ /dev/null diff --git a/config/snort/images/up2.gif b/config/snort/images/up2.gif Binary files differdeleted file mode 100644 index 21c5a254..00000000 --- a/config/snort/images/up2.gif +++ /dev/null diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 68f92bb2..3cb3cf26 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -38,11 +38,10 @@ require_once("filter.inc"); /* package version */ $snort_version = "2.9.2.3"; -$pfSense_snort_version = "2.2.5"; +$pfSense_snort_version = "2.3.0"; $snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}"; $snort_rules_file = "snortrules-snapshot-2923.tar.gz"; $emerging_threats_version = "2.9.0"; -$snortdir = "/usr/local/etc/snort"; /* Allow additional execution time 0 = no limit. */ ini_set('max_execution_time', '9999'); @@ -58,7 +57,7 @@ else $snort_pfsense_basever = 'yes'; /* find out what arch where in x86 , x64 */ -global $snortdir, $snort_arch; +global $snort_arch; $snort_arch = 'x86'; $snort_arch_ck = php_uname("m"); if ($snort_arch_ck == 'i386') @@ -279,11 +278,11 @@ function Running_Stop($snort_uuid, $if_real, $id) { } function Running_Start($snort_uuid, $if_real, $id) { - global $snortdir, $config, $g; + global $config, $g; $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; if ($snort_info_chk == 'on') - exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); else return; @@ -292,7 +291,7 @@ function Running_Start($snort_uuid, $if_real, $id) { $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') - exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q"); + exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q"); /* Log Iface stop */ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'"); @@ -387,8 +386,9 @@ function snort_post_delete_logs($snort_uuid = 0) } } -function snort_postinstall() { - global $snortdir, $config, $g, $snort_pfsense_basever, $snort_arch; +function snort_postinstall() +{ + global $config, $g, $snort_pfsense_basever, $snort_arch; /* snort -> advanced features */ if (is_array($config['installedpackages']['snortglobal'])) { @@ -398,17 +398,17 @@ function snort_postinstall() { } /* cleanup default files */ - @rename("{$snortdir}/snort.conf-sample", "{$snortdir}/snort.conf"); - @rename("{$snortdir}/threshold.conf-sample", "{$snortdir}/threshold.conf"); - @rename("{$snortdir}/sid-msg.map-sample", "{$snortdir}/sid-msg.map"); - @rename("{$snortdir}/unicode.map-sample", "{$snortdir}/unicode.map"); - @rename("{$snortdir}/classification.config-sample", "{$snortdir}/classification.config"); - @rename("{$snortdir}/generators-sample", "{$snortdir}/generators"); - @rename("{$snortdir}/reference.config-sample", "{$snortdir}/reference.config"); - @rename("{$snortdir}/gen-msg.map-sample", "{$snortdir}/gen-msg.map"); - @unlink("{$snortdir}/sid"); - @unlink("/usr/local/etc/rc.d/snort"); - @unlink("/usr/local/etc/rc.d/barnyard2"); + @rename('/usr/local/etc/snort/snort.conf-sample', '/usr/local/etc/snort/snort.conf'); + @rename('/usr/local/etc/snort/threshold.conf-sample', '/usr/local/etc/snort/threshold.conf'); + @rename('/usr/local/etc/snort/sid-msg.map-sample', '/usr/local/etc/snort/sid-msg.map'); + @rename('/usr/local/etc/snort/unicode.map-sample', '/usr/local/etc/snort/unicode.map'); + @rename('/usr/local/etc/snort/classification.config-sample', '/usr/local/etc/snort/classification.config'); + @rename('/usr/local/etc/snort/generators-sample', '/usr/local/etc/snort/generators'); + @rename('/usr/local/etc/snort/reference.config-sample', '/usr/local/etc/snort/reference.config'); + @rename('/usr/local/etc/snort/gen-msg.map-sample', '/usr/local/etc/snort/gen-msg.map'); + @unlink('/usr/local/etc/snort/sid'); + @unlink('/usr/local/etc/rc.d/snort'); + @unlink('/usr/local/etc/rc.d/barnyard2'); /* remove example files */ if (file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) @@ -417,35 +417,12 @@ function snort_postinstall() { if (file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); - mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); - mwexec("/usr/sbin/chown -R snort:snort {$snortdir}", true); + mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); + mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); - /* move files around, make it look clean */ - mwexec('/bin/mkdir -p /usr/local/www/snort/css'); - mwexec('/bin/mkdir -p /usr/local/www/snort/images'); - - chdir ("/usr/local/www/snort/css/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/sexybuttons.css'); - chdir("/usr/local/www/snort/images/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/alert.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-asc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-desc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon_excli.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/arrow_down.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/awesome-overlay-sprite.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo22.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/page_white_text.png'); - /* remake saved settings */ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { update_status(gettext("Saved settings detected...")); @@ -473,7 +450,7 @@ function snort_snortloglimit_install_cron($should_install) { $x=0; $is_installed = false; foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) { + if (strstr($item['command'], 'snort_check_cron_misc.inc')) { $is_installed = true; break; } @@ -747,11 +724,11 @@ function sync_snort_package_config() /* create threshold file */ function create_snort_suppress($id, $if_real) { - global $snortdir, $config, $g; + global $config, $g; /* make sure dir is there */ - if (!is_dir("{$snortdir}/suppress")) - exec("/bin/mkdir -p {$snortdir}/suppress"); + if (!is_dir('/usr/local/etc/snort/suppress')) + exec('/bin/mkdir -p /usr/local/etc/snort/suppress'); if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -769,23 +746,23 @@ function create_snort_suppress($id, $if_real) { $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); /* open snort's whitelist for writing */ - @file_put_contents("{$snortdir}/suppress/$suppress_file_name", $s_data); + @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data); } } function create_snort_whitelist($id, $if_real) { - global $snortdir, $config, $g; + global $config, $g; /* make sure dir is there */ - if (!is_dir("{$snortdir}/whitelist")) - exec("/bin/mkdir -p {$snortdir}/whitelist"); + if (!is_dir('/usr/local/etc/snort/whitelist')) + exec('/bin/mkdir -p /usr/local/etc/snort/whitelist'); if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') { $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); /* open snort's whitelist for writing */ - @file_put_contents("{$snortdir}/whitelist/defaultwlist", $w_data); + @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data); } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) { $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']); @@ -798,7 +775,7 @@ function create_snort_whitelist($id, $if_real) { $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w); /* open snort's whitelist for writing */ - @file_put_contents("{$snortdir}/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); + @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); } } @@ -846,7 +823,7 @@ function create_snort_externalnet($id, $if_real) { /* open snort.sh for writing" */ function create_snort_sh() { - global $snortdir, $config, $g; + global $config, $g; if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -865,13 +842,13 @@ function create_snort_sh() { $start_barnyard = <<<EOE if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - /bin/pgrep -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' > {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid + /bin/pgrep -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' > {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid fi /bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid if [ $? = 0 ]; then /bin/pkill -HUP -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a else - /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q + /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q fi EOE; @@ -881,7 +858,7 @@ EOE; /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid else - /bin/pkill -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' + /bin/pkill -xf '/usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q' fi EOE; @@ -895,7 +872,7 @@ EOE; ###### For Each Iface #### Only try to restart if snort is running on Iface if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then - /bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' > {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid + /bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' > {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid fi /bin/pgrep -nF {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid if [ $? = 0 ]; then @@ -904,7 +881,7 @@ EOE; else # Start snort and barnyard2 /bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid - /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START For {$value['descr']}({$snort_uuid}_{$if_real})..." fi @@ -920,7 +897,7 @@ EOE; /bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a /bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid else - /bin/pkill -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' + /bin/pkill -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}' fi sleep 2 @@ -971,27 +948,28 @@ EOD; } /* if rules exist copy to new interfaces */ -function create_rules_iface($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g; +function create_rules_iface($id, $if_real, $snort_uuid) +{ + global $config, $g; - $if_rule_dir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; + $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"; $folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full'; if ($folder_chk == "empty") { if (!is_dir("{$if_rule_dir}/rules")) exec("/bin/mkdir -p {$if_rule_dir}/rules"); - exec("/bin/cp {$snortdir}/rules/* {$if_rule_dir}/rules"); - if (file_exists("{$snortdir}/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) - exec("/bin/cp {$snortdir}/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules"); + exec("/bin/cp /usr/local/etc/snort/rules/* {$if_rule_dir}/rules"); + if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) + exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules"); } } /* open barnyard2.conf for writing */ function create_barnyard2_conf($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g; + global $config, $g; - if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) - exec("/usr/bin/touch {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) + exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); if (!file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo")) { @touch("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo"); @@ -1001,12 +979,12 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) { $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); /* write out barnyard2_conf */ - @file_put_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text); + @file_put_contents("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text); } /* open barnyard2.conf for writing" */ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g; + global $config, $g; /* define snortbarnyardlog */ /* TODO: add support for the other 5 output plugins */ @@ -1023,10 +1001,10 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { # # set the appropriate paths to the file(s) your Snort process is using -config reference_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config -config classification_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config -config gen_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map -config sid_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map +config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config +config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config +config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map +config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map config hostname: $snortbarnyardlog_hostname_info_chk config interface: {$snort_uuid}_{$if_real} @@ -1054,13 +1032,14 @@ EOD; return $barnyard2_conf_text; } -function create_snort_conf($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g; +function create_snort_conf($id, $if_real, $snort_uuid) +{ + global $config, $g; if (!empty($if_real) && !empty($snort_uuid)) { - if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}")) { - exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}"); - @touch("{$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf"); + if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) { + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf"); } $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid); @@ -1068,9 +1047,9 @@ function create_snort_conf($id, $if_real, $snort_uuid) { return; /* write out snort.conf */ - $conf = fopen("{$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); + $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); if(!$conf) { - log_error("Could not open {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); + log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); return -1; } fwrite($conf, $snort_conf_text); @@ -1079,7 +1058,7 @@ function create_snort_conf($id, $if_real, $snort_uuid) { } function snort_deinstall() { - global $snortdir, $config, $g; + global $config, $g; /* remove custom sysctl */ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); @@ -1095,7 +1074,7 @@ function snort_deinstall() { mwexec('/usr/bin/killall -9 barnyard2', true); sleep(2); mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true); - mwexec("/bin/rm -rf {$snortdir}*; /bin/rm -rf /usr/local/pkg/snort*", true); + mwexec('/bin/rm -rf /usr/local/etc/snort*; /bin/rm -rf /usr/local/pkg/snort*', true); mwexec('/bin/rm -rf /usr/local/www/snort; /bin/rm -rf /var/log/snort', true); /* Remove snort cron entries Ugly code needs smoothness*/ @@ -1122,17 +1101,17 @@ function snort_deinstall() { snort_deinstall_cron("snort2c"); snort_deinstall_cron("snort_check_for_rule_updates.php"); - snort_deinstall_cron("/usr/local/pkg/snort/snort_check_cron_misc.inc"); + snort_deinstall_cron("snort_check_cron_misc.inc"); configure_cron(); - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ /* Keep this as a last step */ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') unset($config['installedpackages']['snortglobal']); } -function generate_snort_conf($id, $if_real, $snort_uuid) { - global $snortdir, $config, $g, $snort_pfsense_basever; +function generate_snort_conf($id, $if_real, $snort_uuid) +{ + global $config, $g, $snort_pfsense_basever; if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -1154,14 +1133,14 @@ function generate_snort_conf($id, $if_real, $snort_uuid) { $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru'])); /* create a few directories and ensure the sample files are in place */ - if (!is_dir("{$snortdir}")) - exec("/bin/mkdir -p {$snortdir}/custom_rules"); - if (!is_dir("{$snortdir}/snort/snort_{$snort_uuid}_{$if_real}")) - exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}"); - if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}/rules"); - if (!is_dir("{$snortdir}/whitelist")) - exec("/bin/mkdir -p {$snortdir}/whitelist/"); + if (!is_dir('/usr/local/etc/snort')) + exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules'); + if (!is_dir("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}")) + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules")) + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); + if (!is_dir('/usr/local/etc/snort/whitelist')) + exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}")) exec("/bin/mkdir -p /var/log/snort/snort_{$if_real}{$snort_uuid}"); if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2")) @@ -1175,13 +1154,13 @@ function generate_snort_conf($id, $if_real, $snort_uuid) { if (!file_exists('/var/db/whitelist')) @touch('/var/db/whitelist'); - @copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map"); - @copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config"); - @copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config"); - @copy("{$snortdir}/sid-msg.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map"); - @copy("{$snortdir}/unicode.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/unicode.map"); - @copy("{$snortdir}/threshold.conf", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/threshold.conf"); - @touch("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + @copy("/usr/local/etc/snort/gen-msg.map", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"); + @copy("/usr/local/etc/snort/classification.config", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config"); + @copy("/usr/local/etc/snort/reference.config", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config"); + @copy("/usr/local/etc/snort/sid-msg.map", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map"); + @copy("/usr/local/etc/snort/unicode.map", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map"); + @copy("/usr/local/etc/snort/threshold.conf", "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf"); + @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); /* define basic log filename */ $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128"; @@ -1212,21 +1191,21 @@ function generate_snort_conf($id, $if_real, $snort_uuid) { if ($snortcfg['blockoffenders7'] == "on") { if ($snortcfg['whitelistname'] == "default") $spoink_whitelist_name = 'defaultwlist'; - else if (file_exists("{$snortdir}/whitelist/{$snortcfg['whitelistname']}")) + else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}")) $spoink_whitelist_name = $snortcfg['whitelistname']; $pfkill = ""; if ($snortcfg['blockoffenderskill'] == "on") $pfkill = "kill"; - $spoink_type = "output alert_pf: {$snortdir}/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; + $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; } /* define threshold file */ $threshold_file_name = ""; if ($snortcfg['suppresslistname'] != 'default') { - if (file_exists("{$snortdir}/suppress/{$snortcfg['suppresslistname']}")) - $threshold_file_name = "include {$snortdir}/suppress/{$snortcfg['suppresslistname']}"; + if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}")) + $threshold_file_name = "include /usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}"; } /* define servers and ports snortdefservers */ @@ -1496,11 +1475,9 @@ function generate_snort_conf($id, $if_real, $snort_uuid) { $enabled_rulesets = $snortcfg['rulesets']; $selected_rules_sections = ""; if (!empty($enabled_rulesets)) { - $enabled_rulesets_array = explode("||", $enabled_rulesets); - foreach($enabled_rulesets_array as $enabled_item) { - if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$enabled_item}")) - $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; - } + $enabled_rulesets_array = split("\|\|", $enabled_rulesets); + foreach($enabled_rulesets_array as $enabled_item) + $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; } ///////////////////////////// @@ -1540,7 +1517,7 @@ EOD; # ################# -preprocessor http_inspect: global {$snortdir}, iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 +preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 preprocessor http_inspect_server: server default \ ports { 80 8080 } \ @@ -1599,7 +1576,7 @@ EOD; # ##################### -preprocessor ftp_telnet: global {$snortdir}, \ +preprocessor ftp_telnet: global \ inspection_type stateless preprocessor ftp_telnet_protocol: telnet \ @@ -1773,9 +1750,9 @@ EOD; $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ','; $snort_preprocessor_decoder_rules = ""; - if (file_exists("{$snortdir}/preproc_rules/preprocessor.rules")) + if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules")) $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; - if (file_exists("{$snortdir}/preproc_rules/decoder.rules")) + if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules")) $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; /* build snort configuration file */ @@ -1869,8 +1846,8 @@ portvar DCERPC_BRIGHTSTORE [6503,6504] # ##################### -var RULE_PATH {$snortdir}/snort_{$snort_uuid}_{$if_real}/rules -var PREPROC_RULE_PATH {$snortdir}/preproc_rules +var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules +var PREPROC_RULE_PATH /usr/local/etc/snort/preproc_rules ################################ # @@ -1908,10 +1885,10 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules # ################### -preprocessor frag3_global {$snortdir}: max_frags 8192 +preprocessor frag3_global: max_frags 8192 preprocessor frag3_engine: policy bsd detect_anomalies -preprocessor stream5_global {$snortdir}: track_tcp yes, track_udp yes, track_icmp yes +preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp yes preprocessor stream5_tcp: policy BSD, ports both all, {$def_max_queued_bytes_type}{$def_max_queued_segs_type} preprocessor stream5_udp: @@ -1962,8 +1939,8 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec # ################# -include {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config -include {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config +include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config +include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config {$snort_preprocessor_decoder_rules} $threshold_file_name diff --git a/config/snort/snort.xml b/config/snort/snort.xml index db6c3366..087e1fca 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.9.2.3</version> - <title>Services:2.9.2.3 pkg v. 2.2.5</title> + <title>Services:2.9.2.3 pkg v. 2.3.0</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -59,8 +59,7 @@ <name>snort</name> <rcfile>snort.sh</rcfile> <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology - worldwide.</description> + <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description> </service> <tabs> </tabs> @@ -72,11 +71,6 @@ <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_gui.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.inc</item> </additional_files_needed> <additional_files_needed> diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index ae441131..645a3f8d 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -35,7 +35,6 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); /* load only javascript that is needed */ @@ -259,7 +258,7 @@ if ($pconfig['arefresh'] == 'on') echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n"; ?> -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -519,7 +518,6 @@ if ($pconfig['arefresh'] == 'on') </table> </td> </table> -</div> <?php include("fend.inc"); ?> diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index b647c007..7102e36d 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -30,16 +30,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* - -TODO: Nov 12 09 -Clean this code up its ugly -Important add error checking - -*/ - require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; @@ -139,19 +130,9 @@ include_once("head.inc"); <?php include("fbegin.inc"); ?> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> -<?php -echo "{$snort_general_css}\n"; +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include_once("fbegin.inc"); ?> - -<div class="body2"> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - <script language="JavaScript"> <!-- @@ -165,39 +146,33 @@ function enable_change(enable_change) { } //--> </script> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<form action="snort_barnyard.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"><?php + +<?php /* Display Alert message */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { - print_info_box2($savemsg); + print_info_box($savemsg); } ?> +<form action="snort_barnyard.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array(gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?> </td></tr> @@ -209,7 +184,7 @@ function enable_change(enable_change) { Settings</td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq2">Enable</td> + <td width="22%" valign="top" class="vncellreq">Enable</td> <td width="78%" class="vtable"> <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"> <strong>Enable Barnyard2 </strong><br> @@ -219,7 +194,7 @@ function enable_change(enable_change) { <td colspan="2" valign="top" class="listtopic">Mysql Settings</td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td> + <td width="22%" valign="top" class="vncell">Log to a Mysql Database</td> <td width="78%" class="vtable"><input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="100" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br> @@ -232,10 +207,10 @@ function enable_change(enable_change) { <td colspan="2" valign="top" class="listtopic">Advanced Settings</td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration + <td width="22%" valign="top" class="vncell">Advanced configuration pass through</td> <td width="78%" class="vtable"><textarea name="barnconfigpassthru" - cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> + cols="60" rows="7" id="barnconfigpassthru" ><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> <br> Arguments here will be automatically inserted into the running barnyard2 configuration.</td> @@ -256,9 +231,6 @@ function enable_change(enable_change) { </table> </form> - -</div> - <script language="JavaScript"> <!-- enable_change(false); diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index aedb3dc0..858a51c2 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -31,7 +31,6 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) @@ -181,14 +180,13 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -echo $snort_general_css; /* refresh every 60 secs */ if ($pconfig['brefresh'] == 'on') echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n"; ?> -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="99%" border="0" cellpadding="0" cellspacing="0"> @@ -331,7 +329,6 @@ if ($pconfig['brefresh'] == 'on') </td> </tr> </table> -</div> <?php include("fend.inc"); ?> diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 00a93ad5..b8d86ff8 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -32,12 +32,13 @@ require_once("functions.inc"); require_once("service-utils.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $snort_gui_include, $snortdir; +global $snort_gui_include; if (!isset($snort_gui_include)) $pkg_interface = "console"; -$tmpfname = "{$snortdir}/tmp/snort_rules_up"; +$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; +$snortdir = "/usr/local/etc/snort"; $snort_filename_md5 = "{$snort_rules_file}.md5"; $snort_filename = "{$snort_rules_file}"; $emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5"; @@ -51,8 +52,8 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats' /* Start of code */ conf_mount_rw(); -if (!is_dir($tmpfname)) - exec("/bin/mkdir -p {$tmpfname}"); +if (!is_dir('/usr/local/etc/snort/tmp')) + exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); /* Set user agent to Mozilla */ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); @@ -158,7 +159,7 @@ if ($snortdownload == 'on') { /* extract snort.org rules and add prefix to all snort.org files*/ exec("/bin/rm -r {$snortdir}/rules/*"); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - chdir ("{$snortdir}/rules"); + chdir ("/usr/local/etc/snort/rules"); exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); /* extract so rules */ @@ -240,15 +241,15 @@ if ($snortdownload == 'on') { /* XXX: Convert this to sed? */ /* make shure default rules are in the right format */ - exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' {$snortdir}/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' {$snortdir}/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' {$snortdir}/rules/*.rules"); + exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); + exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); + exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); /* create a msg-map for snort */ update_status(gettext("Updating Alert Messages...")); exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir}/rules > {$snortdir}/sid-msg.map"); - if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { + if (file_exists("{$tmpfname}/$snort_filename_md5")) { update_status(gettext("Copying md5 sig to snort directory...")); exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); } @@ -313,7 +314,7 @@ path = /bin:/usr/bin:/usr/local/bin update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ -url = dir://{$snortdir}/rules +url = dir:///usr/local/etc/snort/rules {$selected_sid_on_sections} diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 497f0a79..e3c5ac32 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -30,17 +30,8 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* - -TODO: Nov 12 09 -Clean this code up its ugly -Important add error checking - -*/ - //require_once("globals.inc"); require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; @@ -186,13 +177,10 @@ include_once("head.inc"); <?php include("fbegin.inc"); if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - -echo "{$snort_general_css}\n"; ?> -<form action="snort_define_servers.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"><?php +<?php /* Display Alert message */ if ($input_errors) { @@ -200,29 +188,24 @@ echo "{$snort_general_css}\n"; } if ($savemsg) { - print_info_box2($savemsg); + print_info_box($savemsg); } ?> +<form action="snort_define_servers.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), true, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array(gettext("Servers"), true, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?> </td></tr> @@ -240,7 +223,7 @@ echo "{$snort_general_css}\n"; <td colspan="2" valign="top" class="listtopic">Define Servers</td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define DNS_SERVERS</td> <td width="78%" class="vtable"><input name="def_dns_servers" type="text" class="formfld" id="def_dns_servers" size="40" value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> <br> @@ -248,7 +231,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td> + <td width="22%" valign="top" class="vncell">Define DNS_PORTS</td> <td width="78%" class="vtable"><input name="def_dns_ports" type="text" class="formfld" id="def_dns_ports" size="40" value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> <br> @@ -256,7 +239,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 53.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define SMTP_SERVERS</td> <td width="78%" class="vtable"><input name="def_smtp_servers" type="text" class="formfld" id="def_smtp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> <br> @@ -264,7 +247,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td> + <td width="22%" valign="top" class="vncell">Define SMTP_PORTS</td> <td width="78%" class="vtable"><input name="def_smtp_ports" type="text" class="formfld" id="def_smtp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> <br> @@ -272,7 +255,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 25.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td> + <td width="22%" valign="top" class="vncell">Define Mail_Ports</td> <td width="78%" class="vtable"><input name="def_mail_ports" type="text" class="formfld" id="def_mail_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> <br> @@ -280,7 +263,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 25,143,465,691.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define HTTP_SERVERS</td> <td width="78%" class="vtable"><input name="def_http_servers" type="text" class="formfld" id="def_http_servers" size="40" value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> <br> @@ -288,7 +271,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define WWW_SERVERS</td> <td width="78%" class="vtable"><input name="def_www_servers" type="text" class="formfld" id="def_www_servers" size="40" value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> <br> @@ -296,7 +279,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td> + <td width="22%" valign="top" class="vncell">Define HTTP_PORTS</td> <td width="78%" class="vtable"><input name="def_http_ports" type="text" class="formfld" id="def_http_ports" size="40" value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> <br> @@ -304,7 +287,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 80.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define SQL_SERVERS</td> <td width="78%" class="vtable"><input name="def_sql_servers" type="text" class="formfld" id="def_sql_servers" size="40" value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> <br> @@ -312,7 +295,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td> + <td width="22%" valign="top" class="vncell">Define ORACLE_PORTS</td> <td width="78%" class="vtable"><input name="def_oracle_ports" type="text" class="formfld" id="def_oracle_ports" size="40" value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> <br> @@ -320,7 +303,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 1521.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td> + <td width="22%" valign="top" class="vncell">Define MSSQL_PORTS</td> <td width="78%" class="vtable"><input name="def_mssql_ports" type="text" class="formfld" id="def_mssql_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> <br> @@ -328,7 +311,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 1433.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define TELNET_SERVERS</td> <td width="78%" class="vtable"><input name="def_telnet_servers" type="text" class="formfld" id="def_telnet_servers" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> <br> @@ -336,7 +319,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td> + <td width="22%" valign="top" class="vncell">Define TELNET_PORTS</td> <td width="78%" class="vtable"><input name="def_telnet_ports" type="text" class="formfld" id="def_telnet_ports" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> <br> @@ -344,7 +327,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 23.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define SNMP_SERVERS</td> <td width="78%" class="vtable"><input name="def_snmp_servers" type="text" class="formfld" id="def_snmp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> <br> @@ -352,7 +335,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td> + <td width="22%" valign="top" class="vncell">Define SNMP_PORTS</td> <td width="78%" class="vtable"><input name="def_snmp_ports" type="text" class="formfld" id="def_snmp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> <br> @@ -360,7 +343,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 161.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define FTP_SERVERS</td> <td width="78%" class="vtable"><input name="def_ftp_servers" type="text" class="formfld" id="def_ftp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> <br> @@ -368,7 +351,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td> + <td width="22%" valign="top" class="vncell">Define FTP_PORTS</td> <td width="78%" class="vtable"><input name="def_ftp_ports" type="text" class="formfld" id="def_ftp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> <br> @@ -376,7 +359,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 21.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define SSH_SERVERS</td> <td width="78%" class="vtable"><input name="def_ssh_servers" type="text" class="formfld" id="def_ssh_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> <br> @@ -384,7 +367,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td> + <td width="22%" valign="top" class="vncell">Define SSH_PORTS</td> <td width="78%" class="vtable"><input name="def_ssh_ports" type="text" class="formfld" id="def_ssh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> <br> @@ -392,7 +375,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is the firewall's SSH port.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define POP_SERVERS</td> <td width="78%" class="vtable"><input name="def_pop_servers" type="text" class="formfld" id="def_pop_servers" size="40" value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> <br> @@ -400,7 +383,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td> + <td width="22%" valign="top" class="vncell">Define POP2_PORTS</td> <td width="78%" class="vtable"><input name="def_pop2_ports" type="text" class="formfld" id="def_pop2_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> <br> @@ -408,7 +391,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 109.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td> + <td width="22%" valign="top" class="vncell">Define POP3_PORTS</td> <td width="78%" class="vtable"><input name="def_pop3_ports" type="text" class="formfld" id="def_pop3_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> <br> @@ -416,7 +399,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 110.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define IMAP_SERVERS</td> <td width="78%" class="vtable"><input name="def_imap_servers" type="text" class="formfld" id="def_imap_servers" size="40" value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> <br> @@ -424,7 +407,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td> + <td width="22%" valign="top" class="vncell">Define IMAP_PORTS</td> <td width="78%" class="vtable"><input name="def_imap_ports" type="text" class="formfld" id="def_imap_ports" size="40" value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> <br> @@ -432,7 +415,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 143.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td> + <td width="22%" valign="top" class="vncell">Define SIP_PROXY_IP</td> <td width="78%" class="vtable"><input name="def_sip_proxy_ip" type="text" class="formfld" id="def_sip_proxy_ip" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> <br> @@ -440,7 +423,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td> + <td width="22%" valign="top" class="vncell">Define SIP_PROXY_PORTS</td> <td width="78%" class="vtable"><input name="def_sip_proxy_ports" type="text" class="formfld" id="def_sip_proxy_ports" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br> @@ -448,7 +431,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td> + <td width="22%" valign="top" class="vncell">Define SIP_SERVERS</td> <td width="78%" class="vtable"><input name="def_sip_servers" type="text" class="formfld" id="def_sip_servers" size="40" value="<?=htmlspecialchars($pconfig['def_sip_servers']);?>"> <br> @@ -456,7 +439,7 @@ echo "{$snort_general_css}\n"; blank to scan all networks.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td> + <td width="22%" valign="top" class="vncell">Define SIP_PORTS</td> <td width="78%" class="vtable"><input name="def_sip_ports" type="text" class="formfld" id="def_sip_ports" size="40" value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br> @@ -464,7 +447,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td> + <td width="22%" valign="top" class="vncell">Define AUTH_PORTS</td> <td width="78%" class="vtable"><input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> <br> @@ -472,7 +455,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 113.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td> + <td width="22%" valign="top" class="vncell">Define FINGER_PORTS</td> <td width="78%" class="vtable"><input name="def_finger_ports" type="text" class="formfld" id="def_finger_ports" size="40" value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> <br> @@ -480,7 +463,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 79.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td> + <td width="22%" valign="top" class="vncell">Define IRC_PORTS</td> <td width="78%" class="vtable"><input name="def_irc_ports" type="text" class="formfld" id="def_irc_ports" size="40" value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> <br> @@ -488,7 +471,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td> + <td width="22%" valign="top" class="vncell">Define NNTP_PORTS</td> <td width="78%" class="vtable"><input name="def_nntp_ports" type="text" class="formfld" id="def_nntp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> <br> @@ -496,7 +479,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 119.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td> + <td width="22%" valign="top" class="vncell">Define RLOGIN_PORTS</td> <td width="78%" class="vtable"><input name="def_rlogin_ports" type="text" class="formfld" id="def_rlogin_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> <br> @@ -504,7 +487,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 513.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td> + <td width="22%" valign="top" class="vncell">Define RSH_PORTS</td> <td width="78%" class="vtable"><input name="def_rsh_ports" type="text" class="formfld" id="def_rsh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> <br> @@ -512,7 +495,7 @@ echo "{$snort_general_css}\n"; betwen "5060:5090 . Default is 514.</span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td> + <td width="22%" valign="top" class="vncell">Define SSL_PORTS</td> <td width="78%" class="vtable"><input name="def_ssl_ports" type="text" class="formfld" id="def_ssl_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> <br> @@ -533,7 +516,7 @@ echo "{$snort_general_css}\n"; Please save your settings before you click start. </td> </tr> </table> - +</td></tr> </table> </form> <?php include("fend.inc"); ?> diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index f2e521c0..b9a8e596 100644 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -33,10 +33,9 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; /* load only javascript that is needed */ $snort_load_jquery = 'yes'; @@ -46,16 +45,16 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats' /* quick md5s chk */ $snort_org_sig_chk_local = 'N/A'; -if (file_exists("{$snortdir}/{$snort_rules_file}.md5")) - $snort_org_sig_chk_local = file_get_contents("{$snortdir}/{$snort_rules_file}.md5"); +if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5")) + $snort_org_sig_chk_local = file_get_contents("/usr/local/etc/snort/{$snort_rules_file}.md5"); $emergingt_net_sig_chk_local = 'N/A'; -if (file_exists("{$snortdir}/emerging.rules.tar.gz.md5")) - $emergingt_net_sig_chk_local = file_get_contents("{$snortdir}/emerging.rules.tar.gz.md5"); +if (file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5')) + $emergingt_net_sig_chk_local = file_get_contents("/usr/local/etc/snort/emerging.rules.tar.gz.md5"); /* check for logfile */ $update_logfile_chk = 'no'; -if (file_exists("{$snortdir}/snort_update.log")) +if (file_exists('/usr/local/etc/snort/snort_update.log')) $update_logfile_chk = 'yes'; $pgtitle = "Services: Snort: Updates"; @@ -122,7 +121,7 @@ include_once("head.inc"); if ($snortdownload != 'on' && $emergingthreats != 'on') { echo ' - <button class="sexybutton disabled" disabled="disabled"><span class="download">Update Rules </span></button><br/> + <button disabled="disabled"><span class="download">Update Rules </span></button><br/> <p style="text-align:left; margin-left:150px;"> <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> No rule types have been selected for download. "Global Settings Tab"</font><br>'; @@ -130,7 +129,7 @@ include_once("head.inc"); } else { echo ' - <a href="/snort/snort_download_rules.php"><button class="sexybutton disabled"><span class="download">Update Rules </span></button></a><br/>' . "\n"; + <a href="/snort/snort_download_rules.php"><button ><span class="download">Update Rules </span></button></a><br/>' . "\n"; } @@ -154,11 +153,11 @@ include_once("head.inc"); <?php if ($update_logfile_chk == 'yes') { - echo " - <button class='sexybutton sexysimple example9' href='/snort/snort_rules_edit.php?openruleset={$snortdir}/snort_update.log'><span class='pwhitetxt'>Update Log </span></button>\n"; + echo ' + <button href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; }else{ - echo " - <button class='sexybutton disabled' disabled='disabled' href='/snort/snort_rules_edit.php?openruleset={$snortdir}/snort_update.log'><span class='pwhitetxt'>Update Log </span></button>\n"; + echo ' + <button disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; } ?> @@ -177,8 +176,7 @@ include_once("head.inc"); <td id="download_rules_td" style='background-color: #eeeeee'> <div height="32" width="725px" style='background-color: #eeeeee'> - <img style='vertical-align: middle' - src="/snort/images/icon_excli.png" width="40" height="32"> <font + <font color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px' color='#000000'> Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</font></div> diff --git a/config/snort/snort_gui.inc b/config/snort/snort_gui.inc deleted file mode 100644 index d2fd4e30..00000000 --- a/config/snort/snort_gui.inc +++ /dev/null @@ -1,203 +0,0 @@ -<?php -/* $Id$ */ -/* - snort.inc - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2006 Robert Zelaya - part of pfSense - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -include_once("/usr/local/pkg/snort/snort.inc"); - -function print_info_box_np2($msg) { - global $config, $g; - - echo "<table height=\"32\" width=\"100%\">\n"; - echo " <tr>\n"; - echo " <td>\n"; - echo " <div style='background-color:#990000' id='redbox'>\n"; - echo " <table width='100%'><tr><td width='8%'>\n"; - echo " <img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n"; - echo " </td>\n"; - echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n"; - echo " </td>"; - if(stristr($msg, "apply") == true) { - echo " <td>"; - echo " <input name=\"apply\" type=\"submit\" class=\"formbtn\" id=\"apply\" value=\"Apply changes\">\n"; - echo " </td>"; - } - echo " </tr></table>\n"; - echo " </div>\n"; - echo " </td>\n"; - echo "</table>\n"; - echo "<script type=\"text/javascript\">\n"; - echo "NiftyCheck();\n"; - echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\");\n"; - echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n"; - echo "</script>\n"; - echo "\n<br>\n"; - - -} - - -/* makes boxes round */ -/* load at bottom */ - -$snort_custom_rnd_box = ' -<script type="text/javascript"> -<!-- - - NiftyCheck(); - Rounded("div#mainarea2","bl br tr","#FFF","#dddddd","smooth"); - Rounded("div#mainarea3","bl br tr","#FFF","#dddddd","smooth"); - Rounded("div#mainarea4","all","#FFF","#dddddd","smooth"); - Rounded("div#mainarea5","all","#eeeeee","#dddddd","smooth"); - -//--> -</script>' . "\n"; - -/* general css code */ -$snort_general_css = ' - -<style type="text/css"> - -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; - height:90%; - -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} - -.formpre { -font-family:arial; -font-size: 1.1em; -} - -#download_rules { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -#download_rules_td { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -body2 { -font-family:arial; -font-size:12px; -} - -.tabcont { -background-color: #dddddd; -padding-right: 12px; -padding-left: 12px; -padding-top: 12px; -padding-bottom: 12px; -} - -.tabcont2 { -background-color: #eeeeee; -padding-right: 12px; -padding-left: 12px; -padding-top: 12px; -padding-bottom: 12px; -} - -.vncell2 { - background-color: #eeeeee; - padding-right: 20px; - padding-left: 8px; - border-bottom: 1px solid #999999; -} - -/* global tab, white lil box */ -.vncell3 { - width: 50px; - background-color: #eeeeee; - padding-right: 2px; - padding-left: 2px; - border-bottom-width: 1px; - border-bottom-style: solid; - border-bottom-color: #999999; -} - -.vncellreq2 { -background-color: #eeeeee; -padding-right: 20px; -padding-left: 8px; -font-weight: bold; -border-bottom-width: 1px; -border-bottom-style: solid; -border-bottom-color: #999999; -} - -</style> ' . "\n"; - - -/* general css code for snort_interface.php */ -$snort_interfaces_css = ' - -<style type="text/css"> - -.listbg2 { - border-right: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #090; - color: #000; - padding-right: 16px; - padding-left: 6px; - padding-top: 4px; - padding-bottom: 4px; -} - -.listbg3 { - border-right: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #777777; - color: #000; - padding-right: 16px; - padding-left: 6px; - padding-top: 4px; - padding-bottom: 4px; -} - -</style>' . "\n"; - -?> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 0d3ee8c1..942e2e4f 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -32,10 +32,9 @@ POSSIBILITY OF SUCH DAMAGE. $nocsrf = true; require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; $id = $_GET['id']; if (isset($_POST['id'])) @@ -58,7 +57,7 @@ if (isset($_POST['del_x'])) { Running_Stop($snort_uuid,$if_real, $rulei); exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}"); - exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}"); + exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); unset($a_nat[$rulei]); } @@ -134,21 +133,11 @@ include_once("head.inc"); <body link="#000000" vlink="#000000" alink="#000000"> <?php -echo "{$snort_general_css}\n"; -echo "$snort_interfaces_css\n"; - include_once("fbegin.inc"); if ($pfsense_stable == 'yes') echo '<p class="pgtitle">' . $pgtitle . '</p>'; ?> -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - <form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <?php /* Display Alert message */ @@ -156,16 +145,16 @@ enable JavaScript to view this content print_input_errors($input_errors); // TODO: add checks if ($savemsg) - print_info_box2($savemsg); + print_info_box($savemsg); //if (file_exists($d_snortconfdirty_path)) { if ($d_snortconfdirty_path_ls != '') { echo '<p>'; if($savemsg) - print_info_box_np2("{$savemsg}"); + print_info_box_np("{$savemsg}"); else { - print_info_box_np2(' + print_info_box_np(' The Snort configuration has changed for one or more interfaces.<br> You must apply the changes in order for them to take effect.<br> '); @@ -239,7 +228,7 @@ enable JavaScript to view this content title="click to toggle start/stop snort"></a> <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td> <td class="listt" align="center"></td> - <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -291,7 +280,7 @@ enable JavaScript to view this content } ?> - <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)" + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -303,7 +292,7 @@ enable JavaScript to view this content $check_snortbarnyardlog = strtoupper(disabled); } ?> <?php echo "$check_snortbarnyardlog";?></td> - <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" + <td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?> </td> @@ -388,7 +377,6 @@ enable JavaScript to view this content </form> <?php include("fend.inc"); -echo $snort_custom_rnd_box; ?> </body> </html> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index dd60af68..b83f4ad2 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -31,7 +31,6 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; @@ -327,20 +326,12 @@ if (isset($_GET['dup'])) $pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; include_once("head.inc"); - ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php - include("fbegin.inc"); - echo "{$snort_general_css}\n"; -?> -<noscript> -<div class="alert" ALIGN=CENTER><img - src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content</strong></div> -</noscript> +<?php include("fbegin.inc"); ?> + <script language="JavaScript"> <!-- @@ -368,9 +359,6 @@ function enable_change(enable_change) { </script> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> <?php /* Display Alert message */ if ($input_errors) { @@ -378,123 +366,75 @@ function enable_change(enable_change) { } if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - echo '<p>'; - - if($savemsg) - print_info_box_np2("{$savemsg}"); - else { - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } + print_info_box($savemsg); } ?> +<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> +<tr><td class="tabnavtbl"> <?php $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[] = array(gettext("If Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?> </td></tr> +</table> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td class="tabnavtbl"> + <td colspan="2" valign="top" class="listtopic">General Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Enable</td> + <td width="78%" valign="top" class="vtable"> <?php - if ($a_nat[$id]['interface'] != '') { - /* get the interface name */ - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_array = explode(',', $if_list); - if($if_array) { - foreach($if_array as $iface2) { - /* build a list of user specified interfaces -gtm */ - $if2 = snort_get_real_interface($iface2); - if ($if2) - array_push($snortInterfaces, $if2); - } - - if (count($snortInterfaces) < 1) - log_error("Snort will not start. You must select an interface for it to listen on."); - } - - } + if ($pconfig['enable'] == "on") + $checked = "checked"; + echo " + <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\"> + Enable or Disable\n"; ?> + <br/> </td> </tr> <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Enable</td> - <td width="22%" valign="top" class="vtable"> <?php - // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> - // care with spaces - if ($pconfig['enable'] == "on") - $checked = checked; - - $onclick_enable = "onClick=\"enable_change(false)\">"; - - echo " - <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable - Enable or Disable</td>\n\n"; - ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Interface</td> - <td width="78%" class="vtable"> - <select name="interface" class="formselect"> - <?php - if (function_exists('get_configured_interface_with_descr')) - $interfaces = get_configured_interface_with_descr(); - else { - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" - <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Description</td> + <td width="22%" valign="top" class="vncellreq">Interface</td> + <td width="78%" class="vtable"> + <select name="interface" class="formselect"> + <?php + if (function_exists('get_configured_interface_with_descr')) + $interfaces = get_configured_interface_with_descr(); + else { + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" + <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose which interface this rule applies to.<br/> + <b>Hint: </b>in most cases, you'll want to use WAN here.</span><br/><br/></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Description</td> <td width="78%" class="vtable"><input name="descr" type="text" class="formfld" id="descr" size="40" - value="<?=htmlspecialchars($pconfig['descr']);?>"> <br> + value="<?=htmlspecialchars($pconfig['descr']);?>"> <br/> <span class="vexpl">You may enter a description here for your - reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Memory Performance</td> + reference (not parsed).</span><br/><br/></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Memory Performance</td> <td width="78%" class="vtable"> <select name="performance" class="formselect" id="performance"> <?php @@ -509,15 +449,15 @@ function enable_change(enable_change) { systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small - memory, high performance.<br> - </span></td> - </tr> - <tr> + memory, high performance. + </span><br/></td> + </tr> + <tr> <td colspan="2" valign="top" class="listtopic">Choose the networks snort should inspect and whitelist.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Home net</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Home net</td> <td width="78%" class="vtable"> <select name="homelistname" class="formselect" id="homelistname"> <?php @@ -536,15 +476,15 @@ function enable_change(enable_change) { } } ?> - </select><br> + </select><br/> <span class="vexpl">Choose the home net you will like this rule to - use. </span> <br/><span class="red">Note:</span> Default home + use. </span><br/> <br/><span class="red">Note:</span> Default home net adds only local networks.<br> <span class="red">Hint:</span> Most users add a list of - friendly ips that the firewall cant see.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">External net</td> + friendly ips that the firewall cant see.<br/></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">External net</td> <td width="78%" class="vtable"> <select name="externallistname" class="formselect" id="externallistname"> <?php @@ -566,28 +506,28 @@ function enable_change(enable_change) { </select><br/> <span class="vexpl">Choose the external net you will like this rule to use. </span> <br/><span class="red">Note:</span> Default - external net, networks that are not home net.<br> + external net, networks that are not home net.<br/> <span class="red">Hint:</span> Most users should leave this - setting at default.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Block offenders</td> + setting at default.<br/></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Block offenders</td> <td width="78%" class="vtable"> <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_blockoffenders()"><br> Checking this option will automatically block hosts that generate a Snort alert.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Kill states</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Kill states</td> <td width="78%" class="vtable"> <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>> <br/>Should firewall states be killed for the blocked ip </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Which ip to block</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Which ip to block</td> <td width="78%" class="vtable"> <select name="blockoffendersip" class="formselect" id="blockoffendersip"> <?php @@ -602,9 +542,9 @@ function enable_change(enable_change) { </select> <br/> Which ip extracted from the packet you want to block </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Whitelist</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Whitelist</td> <td width="78%" class="vtable"> <select name="whitelistname" class="formselect" id="whitelistname"> <?php @@ -624,13 +564,13 @@ function enable_change(enable_change) { ?> </select><br> <span class="vexpl">Choose the whitelist you will like this rule to - use. </span> <br/><span class="red">Note:</span> Default + use. </span><br/> <br/><span class="red">Note:</span><br/> Default whitelist adds only local networks.<br/> - <span class="red">Note:</span> This option will only be used when block offenders is on. + <span class="red">Note:</span><br/> This option will only be used when block offenders is on. </td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Suppression and + <td width="22%" valign="top" class="vncell">Suppression and filtering</td> <td width="78%" class="vtable"> <select name="suppresslistname" class="formselect" id="suppresslistname"> @@ -650,7 +590,7 @@ function enable_change(enable_change) { ?> </select><br> <span class="vexpl">Choose the suppression or filtering file you - will like this rule to use. </span> <br/><span class="red">Note:</span> Default + will like this rule to use. </span><br/> <br/><span class="red">Note:</span><br/> Default option disables suppression and filtering.</td> </tr> @@ -659,7 +599,7 @@ function enable_change(enable_change) { logs snort should create.</td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Send alerts to main + <td width="22%" valign="top" class="vncell">Send alerts to main System logs</td> <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" @@ -668,63 +608,58 @@ function enable_change(enable_change) { Snort will send Alerts to the firewall's system logs.</td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td> + <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td> <td width="78%" class="vtable"><input name="tcpdumplog" type="checkbox" value="on" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which - understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> + understands pcap file formats. <span class="red"><strong>WARNING:</strong></span><br/> File may become large.</td> </tr> <tr> - <td width="22%" valign="top" class="vncell2">Log Alerts to a snort + <td width="22%" valign="top" class="vncell">Log Alerts to a snort unified2 file</td> <td width="78%" class="vtable"><input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will log Alerts to a file in the UNIFIED2 format. This is a - requirement for barnyard2.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Arguments here will - be automatically inserted into the snort configuration.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration - pass through</td> - <td width="78%" class="vtable"><textarea wrap="off" - name="configpassthru" cols="75" rows="12" id="configpassthru" - class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> - </td> - </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - + Snort will log Alerts to a file in the UNIFIED2 format. This is a + requirement for barnyard2.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Arguments here will + be automatically inserted into the snort configuration.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Advanced configuration pass through</td> + <td width="78%" class="vtable"> + <textarea wrap="off" name="configpassthru" cols="65" rows="12" id="configpassthru"> + <?=htmlspecialchars($pconfig['configpassthru']);?></textarea> + </td> + </tr> + <tr> + <td width="22%" valign="top"></td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br/> + <br> + Please save your settings before you click start. </td> + </tr> </table> </form> - <script language="JavaScript"> <!-- enable_change(false); enable_blockoffenders(); //--> </script> - <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index acfcfde9..59b725ab 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -35,10 +35,9 @@ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; $d_snort_global_dirty_path = '/var/run/snort_global.dirty'; @@ -120,7 +119,7 @@ if (!$input_errors) { if ($_POST["Reset"]) { function snort_deinstall_settings() { - global $config, $g, $id, $if_real, $snortdir; + global $config, $g, $id, $if_real; exec("/usr/usr/bin/killall snort"); sleep(2); @@ -165,7 +164,7 @@ if ($_POST["Reset"]) { unset($config['installedpackages']['snortglobal']); /* remove all snort iface dir */ - exec("rm -r {$snortdir}/snort_*"); + exec('rm -r /usr/local/etc/snort/snort_*'); exec('rm /var/log/snort/*'); } @@ -189,23 +188,12 @@ include_once("head.inc"); <body link="#000000" vlink="#000000" alink="#000000"> <?php -echo "{$snort_general_css}\n"; -echo "$snort_interfaces_css\n"; - include_once("fbegin.inc"); if($pfsense_stable == 'yes') echo '<p class="pgtitle">' . $pgtitle . '</p>'; ?> -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <?php /* Display Alert message, under form tag or no refresh */ if ($input_errors) @@ -213,7 +201,7 @@ enable JavaScript to view this content if (!$input_errors) { if (file_exists($d_snort_global_dirty_path)) { - print_info_box_np2(' + print_info_box_np(' The Snort configuration has changed and snort needs to be restarted on this interface.<br> You must apply the changes in order for them to take effect.<br> '); @@ -221,8 +209,9 @@ enable JavaScript to view this content } ?> +<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> +<tr><td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); @@ -237,200 +226,188 @@ enable JavaScript to view this content </td></tr> <tr> <td class="tabcont"> - <table id="maintable2" width="100%" border="0" cellpadding="6" - cellspacing="0"> - <tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Please Choose The - Type Of Rules You Wish To Download</td> - </tr> - <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" - id="snortdownload" value="off" onClick="enable_change(false)" - <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> +<tr> + <td colspan="2" valign="top" class="listtopic">Please Choose The + Type Of Rules You Wish To Download</td> +</tr> + <td width="22%" valign="top" class="vncell">Install Snort.org rules</td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2"><input name="snortdownload" type="radio" + id="snortdownload" value="off" onClick="enable_change(false)" +<?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>> Do <strong>NOT</strong> Install</td> - </tr> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" - id="snortdownload" value="on" onClick="enable_change(false)" - <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install - Basic Rules or Premium rules <br> - <a - href="https://www.snort.org/signup" target="_blank">Sign Up for a - Basic Rule Account</a><br> - <a - href="http://www.snort.org/vrt/buy-a-subscription" - target="_blank">Sign Up for Sourcefire VRT Certified Premium - Rules. This Is Highly Recommended</a></td> - </tr> - <tr> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td> - </tr> - <tr> - <td class="vncell2" valign="top">Code</td> - <td class="vtable"><input name="oinkmastercode" type="text" - class="formfld" id="oinkmastercode" size="52" - value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br> - Obtain a snort.org Oinkmaster code and paste here.</td> - - </table> - - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong> - rules</td> - <td width="78%" class="vtable"><input name="emergingthreats" - type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Emerging Threats is an open source community that produces fastest - moving and diverse Snort Rules.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Update rules - automatically</td> - <td width="78%" class="vtable"> - <select name="autorulesupdate7" class="formselect" id="autorulesupdate7"> - <?php - $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the update times for rules.<br> - Hint: in most cases, every 12 hours is a good choice.</span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - - <tr> - <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> - <td width="22%" valign="top" class="vncell2">Log Directory Size - Limit<br> - <br> - <br> - <br> - <br> - <br> - <span class="red"><strong>Note</span>:</strong><br> - Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" - id="snortloglimit" value="on" onClick="enable_change(false)" - <?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>> - <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td> - </tr> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" - id="snortloglimit" value="off" onClick="enable_change(false)" - <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong> - directory size limit<br> - <br> - <span class="red"><strong>Warning</span>:</strong> Nanobsd - should use no more than 10MB of space.</td> - </tr> - <tr> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vncell3">Size in <strong>MB</strong></td> - <td class="vtable"><input name="snortloglimitsize" type="text" - class="formfld" id="snortloglimitsize" size="7" - value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>"> - Default is <strong>20%</strong> of available space.</td> - - </table> - - </tr> - - <tr> - <td width="22%" valign="top" class="vncell2">Remove blocked hosts - every</td> - <td width="78%" class="vtable"> - <select name="rm_blocked" class="formselect" id="rm_blocked"> - <?php - $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the amount of time you would like - hosts to be blocked for.<br> - Hint: in most cases, 1 hour is a good choice.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Alerts file description - type</td> - <td width="78%" class="vtable"> - <select name="snortalertlogtype" class="formselect" id="snortalertlogtype"> - <?php - $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" - <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please choose the type of Alert logging you will - like see in your alert file.<br> - Hint: Best pratice is to chose full logging.</span> <span - class="red"><strong>WARNING:</strong></span> <strong>On - change, alert file will be cleared.</strong></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Keep snort settings - after deinstall</td> - <td width="78%" class="vtable"><input name="forcekeepsettings" - id="forcekeepsettings" type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Settings will not be removed during deinstall.</td> - </tr> - <tr> - <td width="22%" valign="top"><input name="Reset" type="submit" - class="formbtn" value="Reset" - onclick="return confirm('Do you really want to delete all global and interface settings?')"><span - class="red"><strong> WARNING:</strong><br> - This will reset all global and interface settings.</span></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" - value="Save" onClick="enable_change(true)"> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br> - </strong></span> Changing any settings on this page will affect all - interfaces. Please, double check if your oink code is correct and + </tr> + <tr> + <td colspan="2"><input name="snortdownload" type="radio" + id="snortdownload" value="on" onClick="enable_change(false)" +<?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install + Basic Rules or Premium rules <br> + <a + href="https://www.snort.org/signup" target="_blank">Sign Up for a + Basic Rule Account</a><br> + <a + href="http://www.snort.org/vrt/buy-a-subscription" + target="_blank">Sign Up for Sourcefire VRT Certified Premium + Rules. This Is Highly Recommended</a></td> + </tr> + <tr> + <td> </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td> + </tr> + <tr> + <td class="vncell" valign="top">Code</td> + <td class="vtable"><input name="oinkmastercode" type="text" + class="formfld" id="oinkmastercode" size="52" + value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br> + Obtain a snort.org Oinkmaster code and paste here.</td> + + </table> + +</tr> +<tr> + <td width="22%" valign="top" class="vncell">Install <strong>Emergingthreats</strong> + rules</td> + <td width="78%" class="vtable"><input name="emergingthreats" + type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Emerging Threats is an open source community that produces fastest + moving and diverse Snort Rules.</td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell">Update rules + automatically</td> + <td width="78%" class="vtable"> + <select name="autorulesupdate7" class="formselect" id="autorulesupdate7"> + <?php + $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please select the update times for rules.<br> + Hint: in most cases, every 12 hours is a good choice.</span></td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic">General Settings</td> +</tr> + +<tr> +<?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> + <td width="22%" valign="top" class="vncell">Log Directory Size + Limit<br/> + <br/> + <br/> + <span class="red"><strong>Note</span>:</strong><br> + Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2"><input name="snortloglimit" type="radio" + id="snortloglimit" value="on" onClick="enable_change(false)" +<?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>> + <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td> + </tr> + <tr> + <td colspan="2"><input name="snortloglimit" type="radio" + id="snortloglimit" value="off" onClick="enable_change(false)" +<?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong> + directory size limit<br> + <br> + <span class="red"><strong>Warning</span>:</strong> Nanobsd + should use no more than 10MB of space.</td> + </tr> + <tr> + <td> </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vncell3">Size in <strong>MB</strong></td> + <td class="vtable"><input name="snortloglimitsize" type="text" + class="formfld" id="snortloglimitsize" size="7" + value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>"> + Default is <strong>20%</strong> of available space.</td> + + </table> + +</tr> + +<tr> + <td width="22%" valign="top" class="vncell">Remove blocked hosts + every</td> + <td width="78%" class="vtable"> + <select name="rm_blocked" class="formselect" id="rm_blocked"> + <?php + $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please select the amount of time you would like + hosts to be blocked for.<br> + Hint: in most cases, 1 hour is a good choice.</span></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell">Alerts file description + type</td> + <td width="78%" class="vtable"> + <select name="snortalertlogtype" class="formselect" id="snortalertlogtype"> + <?php + $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); + foreach ($interfaces4 as $iface4 => $ifacename4): ?> + <option value="<?=$iface4;?>" + <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename4);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please choose the type of Alert logging you will + like see in your alert file.<br> + Hint: Best pratice is to chose full logging.</span> <span + class="red"><strong>WARNING:</strong></span> <strong>On + change, alert file will be cleared.</strong></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell">Keep snort settings + after deinstall</td> + <td width="78%" class="vtable"><input name="forcekeepsettings" + id="forcekeepsettings" type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Settings will not be removed during deinstall.</td> +</tr> +<tr> + <td width="22%" valign="top"><input name="Reset" type="submit" + class="formbtn" value="Reset" + onclick="return confirm('Do you really want to delete all global and interface settings?')"><span + class="red"><strong> WARNING:</strong><br> + This will reset all global and interface settings.</span></td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" + value="Save" onClick="enable_change(true)"> + </td> +</tr> +<tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br> + </strong></span> Changing any settings on this page will affect all + interfaces. Please, double check if your oink code is correct and the type of snort.org account you hold.</span></td> - </tr> - </table> - </td> - </tr> +</tr> + </table> +</td></tr> </table> </form> - -</div> - - <?php include("fend.inc"); ?> - - <?php echo "$snort_custom_rnd_box\n"; ?> - +<?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index b0d83e67..eb66b652 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -36,10 +36,8 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); - if (!is_array($config['installedpackages']['snortglobal']['suppress'])) $config['installedpackages']['snortglobal']['suppress'] = array(); if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) @@ -70,10 +68,9 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -echo $snort_general_css; ?> -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> <?php if (file_exists($d_suppresslistdirty_path)): ?> @@ -93,78 +90,67 @@ echo $snort_general_css; $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); display_top_tabs($tab_array); ?> - </td> - </tr> - <tr> - <td class="tabcont"> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - - <tr> - <td width="30%" class="listhdrr">File Name</td> - <td width="70%" class="listhdr">Description</td> - - <td width="10%" class="list"></td> - </tr> - <?php $i = 0; foreach ($a_suppress as $list): ?> - <tr> - <td class="listlr" - ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?></td> - <td class="listbg" - ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> - </td> - - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a - href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="edit whitelist"></a></td> - <td><a - href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" - onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="delete whitelist"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a - href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> - </tr> - </table> - </td> - </tr> +</td> +</tr> +<tr><td class="tabcont"> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> +<tr> + <td width="30%" class="listhdrr">File Name</td> + <td width="60%" class="listhdr">Description</td> + <td width="10%" class="list"></td> +</tr> +<?php $i = 0; foreach ($a_suppress as $list): ?> +<tr> + <td class="listlr" + ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?></td> + <td class="listbg" + ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> + </td> + + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a + href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="edit whitelist"></a></td> + <td><a + href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" + onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" border="0" title="delete whitelist"></a></td> + </tr> + </table> + </td> +</tr> +<?php $i++; endforeach; ?> +<tr> + <td class="list" colspan="2"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a + href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="add a new list"></a></td> + </tr> + </table> + </td> +</tr> </table> -<br> -<table class="tabcont" width="100%" border="0" cellpadding="0" - cellspacing="0"> - <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> +</td></tr> +<tr> + <td colspan="3" width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> <p><span class="vexpl">Here you can create event filtering and suppression for your snort package rules.<br> Please note that you must restart a running rule so that changes can take effect.</span></p></td> +</tr> </table> - </form> - -</div> - <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 7bb7efd1..db2757a9 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -36,7 +36,6 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); if (!is_array($config['installedpackages']['snortglobal']['suppress'])) @@ -66,8 +65,6 @@ if (is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id } } -$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty'; - /* returns true if $name is a valid name for a whitelist file name or ip */ function is_validwhitelistname($name) { if (!is_string($name)) @@ -150,145 +147,86 @@ include_once("head.inc"); <?php include("fbegin.inc"); -echo $snort_general_css; ?> -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <?php if ($input_errors) print_input_errors($input_errors); ?> -<div id="inputerrors"></div> - -<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" - method="post" name="iform" id="iform"><?php - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - +<?php if ($savemsg) { - print_info_box2($savemsg); + print_info_box($savemsg); } - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snort_suppress_dirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global - Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li class="newtabmenu_active"><a - href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - </ul> - </div> - - </td> - </tr> - - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and - description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"><input name="name" type="text" id="name" - size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> - <span class="vexpl"> The list name may only consist of the - characters a-z, A-Z and 0-9. <span class="red">Note: </span> No - Spaces. </span></td> - </tr> +?> +<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> +<tr> + <td colspan="2" class="listtopic">Add the name and description of the file.</td> +</tr> +<tr> + <td width="22%" valign="top" class="vncellreq">Name</td> + <td width="78%" class="vtable"><input name="name" type="text" id="name" + size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> + <span class="vexpl"> The list name may only consist of the + characters a-z, A-Z and 0-9. <span class="red">Note: </span> No + Spaces. </span></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell">Description</td> + <td width="78%" class="vtable"><input name="descr" type="text" + id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> + <span class="vexpl"> You may enter a description here for your + reference (not parsed). </span></td> +</tr> +<tr> + <td colspan="2"> + <div style='background-color: #E0E0E0' id='redbox'> + <table width='100%'> <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"><input name="descr" type="text" - id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> - <span class="vexpl"> You may enter a description here for your - reference (not parsed). </span></td> + <td width='8%'> </td> + <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font> + <font size="2" color='#000000'> The threshold keyword + is deprecated as of version 2.8.5. Use the event_filter keyword + instead.</font></td> </tr> </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <table height="32" width="100%"> - <tr> - <td> - <div style='background-color: #E0E0E0' id='redbox'> - <table width='100%'> - <tr> - <td width='8%'> <img - style='vertical-align: middle' - src="/snort/images/icon_excli.png" width="40" height="32"></td> - <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font> - <font size="2" color='#000000'> The threshold keyword - is deprecated as of version 2.8.5. Use the event_filter keyword - instead.</font></td> - </tr> - </table> - </div> - </td> - </tr> - <script type="text/javascript"> - NiftyCheck(); - Rounded("div#redbox","all","#FFF","#E0E0E0","smooth"); - Rounded("td#blackbox","all","#FFF","#000000","smooth"); - </script> - <tr> - <td colspan="2" valign="top" class="listtopic">Apply suppression or - filters to rules. Valid keywords are 'suppress', 'event_filter' and - 'rate_filter'.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="vncell"><b>Example 1;</b> - suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> - <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, - track by_src, count 1, seconds 60<br> - <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, - count 100, seconds 1, new_action log, timeout 10</td> - </tr> - <tr> - <td width="100%" class="vtable"><textarea wrap="off" - name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" - class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> - </td> - </tr> - <tr> - <td width="78%"><input id="submit" name="submit" type="submit" - class="formbtn" value="Save" /> <input id="cancelbutton" - name="cancelbutton" type="button" class="formbtn" value="Cancel" - onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?> + </div> + </td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic">Apply suppression or + filters to rules. Valid keywords are 'suppress', 'event_filter' and + 'rate_filter'.</td> +</tr> +<tr> + <td colspan="2" valign="top" class="vncell"><b>Example 1;</b> + suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> + <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, + track by_src, count 1, seconds 60<br> + <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, + count 100, seconds 1, new_action log, timeout 10</td> +</tr> +<tr> + <td colspan="2" width="100%" class="vtable"><textarea wrap="off" + name="suppresspassthru" cols="90" rows="28" id="suppresspassthru"> + <?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> + </td> +</tr> +<tr> + <td width="22%"> </td> + <td width="78%"><input id="submit" name="submit" type="submit" + class="formbtn" value="Save" /> <input id="cancelbutton" + name="cancelbutton" type="button" class="formbtn" value="Cancel" + onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> - </td> - </tr> - </table> - </table> - </td> - </tr> + </td> +</tr> </table> </form> - -</div> - - <?php include("fend.inc"); ?> - +<?php include("fend.inc"); ?> +<script type="text/javascript"> +Rounded("div#redbox","all","#FFF","#E0E0E0","smooth"); +Rounded("td#blackbox","all","#FFF","#000000","smooth"); +</script> </body> </html> diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php index 872b69c1..805fffe9 100644 --- a/config/snort/snort_interfaces_whitelist.php +++ b/config/snort/snort_interfaces_whitelist.php @@ -37,7 +37,6 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); @@ -76,16 +75,14 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -echo $snort_general_css; ?> -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> -<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> <?php if (file_exists($d_whitelistdirty_path)): ?> <p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> <?php endif; ?> - +<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -104,7 +101,7 @@ echo $snort_general_css; <tr> <td class="tabcont"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td width="20%" class="listhdrr">File Name</td> @@ -168,7 +165,7 @@ echo $snort_general_css; </tr> </table> <br> -<table class="tabcont" width="100%" border="0" cellpadding="0" +<table width="100%" border="0" cellpadding="0" cellspacing="0"> <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> <p><span class="vexpl">Here you can create whitelist files for your @@ -178,11 +175,7 @@ echo $snort_general_css; Remember that the default whitelist only includes local networks.<br> Be careful, it is very easy to get locked out of you system.</span></p></td> </table> - </form> - -</div> - <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index a546c642..965dd4be 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -37,7 +37,6 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) @@ -205,7 +204,6 @@ include_once("head.inc"); <?php include("fbegin.inc"); -echo $snort_general_css; ?> <script type="text/javascript" src="/javascript/row_helper.js"></script> <input type='hidden' name='address_type' value='textbox' /> @@ -223,186 +221,174 @@ echo $snort_general_css; <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <?php if ($input_errors) print_input_errors($input_errors); ?> -<div id="inputerrors"></div> -<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform"> <?php - /* Display Alert message */ - if ($input_errors) - print_input_errors($input_errors); // TODO: add checks - if ($savemsg) - print_info_box2($savemsg); + print_info_box($savemsg); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Add the name and + description of the file.</td> + </tr> + <tr> + <td valign="top" class="vncellreq">Name</td> + <td class="vtable"><input name="name" type="text" id="name" + size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> + <span class="vexpl"> The list name may only consist of the + characters a-z, A-Z and 0-9. <span class="red">Note: </span> No + Spaces. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Description</td> + <td width="78%" class="vtable"><input name="descr" type="text" + id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> + <span class="vexpl"> You may enter a description here for your + reference (not parsed). </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">List Type</td> + <td width="78%" class="vtable"> + + <div + style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" + id="itemhelp"><strong>WHITELIST:</strong> This + list specifies addresses that Snort Package should not block.<br> + <br> + <strong>NETLIST:</strong> This list is for defining + addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div> + + <select name="snortlisttype" class="formselect" id="snortlisttype"> + <?php + $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); + foreach ($interfaces4 as $iface4 => $ifacename4): ?> + <option value="<?=$iface4;?>" + <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename4);?></option> + <?php endforeach; ?> + </select> <span class="vexpl"> Choose the type of + list you will like see in your <span class="red">Interface Edit Tab</span>. + </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Add auto generated + ips.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">WAN IPs</td> + <td width="78%" class="vtable"><input name="wanips" type="checkbox" + id="wanips" size="40" value="yes" + <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add WAN IPs to the list. </span></td> + </tr> <tr> - <td class="tabcont"> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and - description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"><input name="name" type="text" id="name" - size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> - <span class="vexpl"> The list name may only consist of the - characters a-z, A-Z and 0-9. <span class="red">Note: </span> No - Spaces. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"><input name="descr" type="text" - id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> - <span class="vexpl"> You may enter a description here for your - reference (not parsed). </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">List Type</td> - <td width="78%" class="vtable"> - - <div - style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" - id="itemhelp"><strong>WHITELIST:</strong> This - list specifies addresses that Snort Package should not block.<br> - <br> - <strong>NETLIST:</strong> This list is for defining - addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div> - - <select name="snortlisttype" class="formselect" id="snortlisttype"> - <?php - $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" - <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?></option> - <?php endforeach; ?> - </select> <span class="vexpl"> Choose the type of - list you will like see in your <span class="red">Interface Edit Tab</span>. - </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add auto generated - ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">WAN IPs</td> - <td width="78%" class="vtable"><input name="wanips" type="checkbox" - id="wanips" size="40" value="yes" - <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add WAN IPs to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan Gateways</td> - <td width="78%" class="vtable"><input name="wangateips" - type="checkbox" id="wangateips" size="40" value="yes" - <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add WAN Gateways to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan DNS servers</td> - <td width="78%" class="vtable"><input name="wandnsips" - type="checkbox" id="wandnsips" size="40" value="yes" - <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add WAN DNS servers to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td> - <td width="78%" class="vtable"><input name="vips" type="checkbox" - id="vips" size="40" value="yes" - <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">VPNs</td> - <td width="78%" class="vtable"><input name="vpnips" type="checkbox" - id="vpnips" size="40" value="yes" - <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add VPN Addresses to the list. </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add your own custom - ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2"> - <div id="addressnetworkport">IP or CIDR items</div> - </td> - <td width="78%" class="vtable"> - <table id="maintable"> - <tbody> - <tr> - <td colspan="4"> - <div - style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" - id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY - IPs not CIDRs</strong>. Example: 192.168.4.1<br> - <br> - For <strong>NETLIST's</strong> you may enter <strong>IPs and - CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div> - </td> - </tr> - <tr> - <td> - <div id="onecolumn">IP or CIDR</div> - </td> - <td> - <div id="threecolumn">Add a Description or leave blank and a date - will be added.</div> - </td> - </tr> - - <?php - /* cleanup code */ - $counter = 0; - $address = $pconfig['address']; - if ($address <> ""): - $item = explode(" ", $address); - $item3 = explode("||", $pconfig['detail']); - foreach($item as $ww): - $address = $item[$counter]; - $item4 = $item3[$counter]; - ?> - <tr> - <td><input name="address<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" /></td> - <td><input name="detail<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="50" value="<?=$item4;?>" /></td> - <td> - <?php echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; ?> - </td> - </tr> - <?php - $counter++; - - endforeach; endif; - ?> - </tbody> - </table> - <a onclick="javascript:addRowTo('maintable'); return false;" - href="#"><img border="0" - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" - title="add another entry" /> </a></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> - <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> - <input name="id" type="hidden" value="<?=$id;?>" /> - </td> - </tr> + <td width="22%" valign="top" class="vncell">Wan Gateways</td> + <td width="78%" class="vtable"><input name="wangateips" + type="checkbox" id="wangateips" size="40" value="yes" + <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add WAN Gateways to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Wan DNS servers</td> + <td width="78%" class="vtable"><input name="wandnsips" + type="checkbox" id="wandnsips" size="40" value="yes" + <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add WAN DNS servers to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Virtual IP Addresses</td> + <td width="78%" class="vtable"><input name="vips" type="checkbox" + id="vips" size="40" value="yes" + <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">VPNs</td> + <td width="78%" class="vtable"><input name="vpnips" type="checkbox" + id="vpnips" size="40" value="yes" + <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add VPN Addresses to the list. </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Add your own custom + ips.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"> + <div id="addressnetworkport">IP or CIDR items</div> + </td> + <td width="78%" class="vtable"> + <table id="maintable"> + <tbody> + <tr> + <td colspan="4"> + <div + style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" + id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY + IPs not CIDRs</strong>. Example: 192.168.4.1<br> + <br> + For <strong>NETLIST's</strong> you may enter <strong>IPs and + CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div> + </td> + </tr> + <tr> + <td> + <div id="onecolumn">IP or CIDR</div> + </td> + <td> + <div id="threecolumn">Add a Description or leave blank and a date + will be added.</div> + </td> + </tr> + + <?php + /* cleanup code */ + $counter = 0; + $address = $pconfig['address']; + if ($address <> ""): + $item = explode(" ", $address); + $item3 = explode("||", $pconfig['detail']); + foreach($item as $ww): + $address = $item[$counter]; + $item4 = $item3[$counter]; + ?> + <tr> + <td><input name="address<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" /></td> + <td><input name="detail<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="50" value="<?=$item4;?>" /></td> + <td> + <?php echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; ?> + </td> + </tr> + <?php + $counter++; + + endforeach; endif; + ?> + </tbody> </table> + <a onclick="javascript:addRowTo('maintable'); return false;" + href="#"><img border="0" + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" + title="add another entry" /> </a></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> + <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> + <input name="id" type="hidden" value="<?=$id;?>" /> </td> </tr> </table> </form> <script type="text/javascript"> - /* row and col adjust when you add extra entries */ - - field_counter_js = 3; +/* row and col adjust when you add extra entries */ + +field_counter_js = 3; rows = 1; totalrows = <?php echo $counter; ?>; loaded = <?php echo $counter; ?>; diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 7f89d433..b3fd2510 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -33,7 +33,6 @@ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; @@ -128,30 +127,12 @@ if ($_POST) { $pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow"; include_once("head.inc"); - ?> -<body - link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php -echo "{$snort_general_css}\n"; -?> - -<div class="body2"> +<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - - -<form action="snort_preprocessors.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"><?php /* Display Alert message */ @@ -160,215 +141,187 @@ enable JavaScript to view this content } if ($savemsg) { - print_info_box2($savemsg); + print_info_box($savemsg); } - ?> +?> +<form action="snort_preprocessors.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?> </td></tr> +<tr><td class="tabcont"> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <?php - /* display error code if there is no id */ - if($id == "") - { - echo " - <style type=\"text/css\"> - .noid { - position:absolute; - top:10px; - left:0px; - width:94%; - background:#FCE9C0; - background-position: 15px; - border-top:2px solid #DBAC48; - border-bottom:2px solid #DBAC48; - padding: 15px 10px 85% 50px; - } - </style> - <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/{$g['theme']}/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; - - } - ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note: - </strong></span><br> - Rules may be dependent on preprocessors!<br> - Defaults will be used when there is no user input.<br></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Performance - Statistics</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"><input name="perform_stat" - type="checkbox" value="on" - <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> - onClick="enable_change(false)"> Performance Statistics for this - interface.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"><input name="http_inspect" - type="checkbox" value="on" - <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> - onClick="enable_change(false)"> Use HTTP Inspect to - Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> - </tr> - <tr> - <td valign="top" class="vncell2">HTTP server flow depth</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="flow_depth" type="text" class="formfld" - id="flow_depth" size="5" - value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> - to <strong>1460</strong> (<strong>-1</strong> disables HTTP - inspect, <strong>0</strong> enables all HTTP inspect)</td> - </tr> - </table> - Amount of HTTP server response payload to inspect. Snort's - performance may increase by adjusting this value.<br> - Setting this value too low may cause false negatives. Values above 0 - are specified in bytes. Default value is <strong>0</strong><br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td> - </tr> - <tr> - <td valign="top" class="vncell2">Max Queued Bytes</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="max_queued_bytes" type="text" class="formfld" - id="max_queued_bytes" size="5" - value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>"> - Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> - ( default value is <strong>1048576</strong>, <strong>0</strong> - means Maximum )</td> - </tr> - </table> - The number of bytes to be queued for reassembly for TCP sessions in - memory. Default value is <strong>1048576</strong><br> - </td> - </tr> - <tr> - <td valign="top" class="vncell2">Max Queued Segs</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="max_queued_segs" type="text" class="formfld" - id="max_queued_segs" size="5" - value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>"> - Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> - ( default value is <strong>2621</strong>, <strong>0</strong> means - Maximum )</td> - </tr> - </table> - The number of segments to be queued for reassembly for TCP sessions - in memory. Default value is <strong>2621</strong><br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">General Preprocessor - Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - RPC Decode and Back Orifice detector</td> - <td width="78%" class="vtable"><input name="other_preprocs" - type="checkbox" value="on" - <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Normalize/Decode RPC traffic and detects Back Orifice traffic on the - network.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - FTP and Telnet Normalizer</td> - <td width="78%" class="vtable"><input name="ftp_preprocessor" - type="checkbox" value="on" - <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - SMTP Normalizer</td> - <td width="78%" class="vtable"><input name="smtp_preprocessor" - type="checkbox" value="on" - <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - Portscan Detection</td> - <td width="78%" class="vtable"><input name="sf_portscan" - type="checkbox" value="on" - <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Detects various types of portscans and portsweeps.</td> - </tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note: + </strong></span><br> + Rules may be dependent on preprocessors!<br> + Defaults will be used when there is no user input.<br></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Performance + Statistics</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable</td> + <td width="78%" class="vtable"><input name="perform_stat" + type="checkbox" value="on" + <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> + onClick="enable_change(false)"> Performance Statistics for this + interface.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable</td> + <td width="78%" class="vtable"><input name="http_inspect" + type="checkbox" value="on" + <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> + onClick="enable_change(false)"> Use HTTP Inspect to + Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> + </tr> + <tr> + <td valign="top" class="vncell">HTTP server flow depth</td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0"> <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - DCE/RPC2 Detection</td> - <td width="78%" class="vtable"><input name="dce_rpc_2" - type="checkbox" value="on" - <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC - traffic.</td> + <td><input name="flow_depth" type="text" class="formfld" + id="flow_depth" size="5" + value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> + to <strong>1460</strong> (<strong>-1</strong> disables HTTP + inspect, <strong>0</strong> enables all HTTP inspect)</td> </tr> + </table> + Amount of HTTP server response payload to inspect. Snort's + performance may increase by adjusting this value.<br> + Setting this value too low may cause false negatives. Values above 0 + are specified in bytes. Default value is <strong>0</strong><br> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td> + </tr> + <tr> + <td valign="top" class="vncell">Max Queued Bytes</td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0"> <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - DNS Detection</td> - <td width="78%" class="vtable"><input name="dns_preprocessor" - type="checkbox" value="on" - <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - The DNS preprocessor decodes DNS Response traffic and detects some - vulnerabilities.</td> + <td><input name="max_queued_bytes" type="text" class="formfld" + id="max_queued_bytes" size="5" + value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>"> + Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> + ( default value is <strong>1048576</strong>, <strong>0</strong> + means Maximum )</td> </tr> + </table> + The number of bytes to be queued for reassembly for TCP sessions in + memory. Default value is <strong>1048576</strong><br> + </td> + </tr> + <tr> + <td valign="top" class="vncell">Max Queued Segs</td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0"> <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td> - <td width="78%" class="vtable"><input name="def_ssl_ports_ignore" - type="text" class="formfld" id="def_ssl_ports_ignore" size="40" - value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br> - <span class="vexpl"> Encrypted traffic should be ignored by Snort - for both performance reasons and to reduce false positives.<br> - Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please - use spaces and not commas.</strong></td> + <td><input name="max_queued_segs" type="text" class="formfld" + id="max_queued_segs" size="5" + value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>"> + Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> + ( default value is <strong>2621</strong>, <strong>0</strong> means + Maximum )</td> </tr> - <tr> - <td width="22%" valign="top"> </td> + </table> + The number of segments to be queued for reassembly for TCP sessions + in memory. Default value is <strong>2621</strong><br> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">General Preprocessor + Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br> + RPC Decode and Back Orifice detector</td> + <td width="78%" class="vtable"><input name="other_preprocs" + type="checkbox" value="on" + <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Normalize/Decode RPC traffic and detects Back Orifice traffic on the + network.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br> + FTP and Telnet Normalizer</td> + <td width="78%" class="vtable"><input name="ftp_preprocessor" + type="checkbox" value="on" + <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br> + SMTP Normalizer</td> + <td width="78%" class="vtable"><input name="smtp_preprocessor" + type="checkbox" value="on" + <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br> + Portscan Detection</td> + <td width="78%" class="vtable"><input name="sf_portscan" + type="checkbox" value="on" + <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Detects various types of portscans and portsweeps.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br> + DCE/RPC2 Detection</td> + <td width="78%" class="vtable"><input name="dce_rpc_2" + type="checkbox" value="on" + <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC + traffic.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br> + DNS Detection</td> + <td width="78%" class="vtable"><input name="dns_preprocessor" + type="checkbox" value="on" + <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + The DNS preprocessor decodes DNS Response traffic and detects some + vulnerabilities.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SSL_IGNORE</td> + <td width="78%" class="vtable"><input name="def_ssl_ports_ignore" + type="text" class="formfld" id="def_ssl_ports_ignore" size="40" + value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br> + <span class="vexpl"> Encrypted traffic should be ignored by Snort + for both performance reasons and to reduce false positives.<br> + Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please + use spaces and not commas.</strong></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <input name="id" type="hidden" value="<?=$id;?>"></td> @@ -379,13 +332,9 @@ enable JavaScript to view this content <br> Please save your settings before you click Start. </td> </tr> - </table> - </table> +</td></tr></table> </form> - -</div> - - <?php include("fend.inc"); ?> +<?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 56c68980..75f6c467 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -30,10 +30,9 @@ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); @@ -59,12 +58,12 @@ $iface_uuid = $a_nat[$id]['uuid']; /* Check if the rules dir is empy if so warn the user */ /* TODO give the user the option to delete the installed rules rules */ -if (!is_dir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules"); +if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules")) + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"); -$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules"); + $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); if ($isrulesfolderempty == "") { include_once("head.inc"); include_once("fbegin.inc"); @@ -78,20 +77,13 @@ if ($isrulesfolderempty == "") { <td>\n"; $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); echo "</td>\n </tr>\n @@ -123,7 +115,7 @@ if ($isrulesfolderempty == "") { exit(0); } else { /* Make sure that we have the rules */ - mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true); + mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); } } @@ -149,7 +141,8 @@ function load_rule_file($incoming_file) return explode("\n", $contents); } -$ruledir = "{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/"; +$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; +//$ruledir = "/usr/local/etc/snort/rules/"; $dh = opendir($ruledir); while (false !== ($filename = readdir($dh))) { @@ -228,8 +221,6 @@ $pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; <?php include("fbegin.inc"); if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - -echo "{$snort_general_css}\n"; ?> <form action="snort_rules.php" method="post" name="iform" id="iform"> @@ -258,30 +249,23 @@ function popup(url) <tr><td> <?php $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?> </td></tr> <tr> <td> - <div id="mainarea2"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td class="listt" colspan="8"> - <br>Category: + <td width="3%" class="list"> </td> + <td class="listhdr" colspan="7"> + <br/>Category: <select id="selectbox" name="selectbox" class="formselect" onChange="go()"> <?php foreach ($files as $value) { @@ -292,17 +276,20 @@ function popup(url) } ?> </select> + <br/> </td> + <td width="5%" class="list"> </td> </tr> <tr id="frheader"> <td width="3%" class="list"> </td> - <td width="5%" class="listhdr">SID</td> - <td width="6%" class="listhdrr">Proto</td> + <td width="7%" class="listhdr">SID</td> + <td width="4%" class="listhdrr">Proto</td> <td width="15%" class="listhdrr">Source</td> <td width="10%" class="listhdrr">Port</td> <td width="15%" class="listhdrr">Destination</td> <td width="10%" class="listhdrr">Port</td> - <td width="32%" class="listhdrr">Message</td> + <td width="30%" class="listhdrr">Message</td> + <td width="5%" class="list"> </td> </tr> <?php foreach ( $splitcontents as $counter => $value ) @@ -350,54 +337,36 @@ function popup(url) else if (strstr($value, 'msg:"')) $message = get_middle($value, 'msg:"', '";', 0); - echo "<tr><td class=\"listt\"> $textss\n"; - ?> - <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img - src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" - width="10" height="10" border="0" - title="click to toggle enabled/disabled status"></a> - <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> - <!-- TODO: add checkbox and save so that that disabling is nicer --> - <?php - echo "$textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $sid + echo "<tr><td width='3%' class='listt'> $textss + <a href='?id={$id}&openruleset={$rulefile}&act=toggle&ids={$counter}'> + <img src='../themes/{$g['theme']}/images/icons/{$iconb}' + width='10' height='10' border='0' + title='click to toggle enabled/disabled status'></a> $textse </td> - <td width='6%' class=\"listlr\"> - $textss - $protocol"; - echo "$textse + <td width='7%' class=\"listlr\"> + $textss $sid $textse </td> - <td width='20%' class=\"listlr\"> - $textss - $source - $textse + <td width='4%' class=\"listlr\"> + $textss $protocol $textse </td> - <td width='5%' class=\"listlr\"> - $textss - $source_port - $textse + <td width='15%' class=\"listlr\"> + $textss $source $textse </td> - <td width='20%' class=\"listlr\"> - $textss - $destination - $textse + <td width='10%' class=\"listlr\"> + $textss $source_port $textse </td> - <td width='5%' class=\"listlr\"> - $textss - $destination_port - $textse + <td width='15%' class=\"listlr\"> + $textss $destination $textse </td> - <td width='30%' class=\"listbg\"><font color=\"white\"> - $textss - $message - $textse + <td width='10%' class=\"listlr\"> + $textss $destination_port $textse + </td> + <td width='30%' class=\"listbg\"><font color=\"white\"> + $textss $message $textse </td>"; - ?> - <td valign="middle" nowrap class="list"> + ?> + <td width='5%' valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> <td><a href="javascript: void(0)" @@ -407,7 +376,8 @@ function popup(url) <!-- Codes by Quackit.com --> </tr> </table> - </td> + </td> + </tr> <?php } ?> @@ -416,12 +386,12 @@ function popup(url) </td> </tr> <tr> - <td class="listlr"> + <td colspan="9" class="listlr"> <?php echo " <strong><span class='red'>There are {$counter} rules in this category. <br/><br/></span></strong>"; ?> </td> </tr> <tr> - <td> + <td colspan="9"> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="16"><img diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 330630f4..9e6b033b 100644 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -39,7 +39,6 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); @@ -136,20 +135,20 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor")); <?php include("head.inc");?> <body link="#000000" vlink="#000000" alink="#000000"> -<form action="snort_rules_edit.php" method="post"> <?php if ($savemsg) print_info_box($savemsg); ?> +<?php include("fbegin.inc");?> + +<form action="snort_rules_edit.php" method="post"> +<input type='hidden' name='id' value='<?=$id;?>' /> +<input type='hidden' name='ids' value='<?=$ids;?>' /> +<input type='hidden' name='openruleset' value='<?=$file;?>' /> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> - - - <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> + <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> <tr> <td> <input name="save" type="submit" class="formbtn" id="save" value="save" /> - <input type='hidden' name='id' value='<?=$id;?>' /> - <input type='hidden' name='ids' value='<?=$ids;?>' /> - <input type='hidden' name='openruleset' value='<?=$file;?>' /> <input type="button" class="formbtn" value="Cancel" onclick="window.close()"> <hr noshade="noshade" /> Disable original rule :<br/> @@ -162,19 +161,13 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor")); </tr> <tr> <td valign="top" class="label"> - <textarea wrap="off" style="width: 98%; margin: 7px;" - class="<?php echo $language; ?>:showcolumns" rows="3" - cols="66" name="code"><?=$splitcontents[$lineid];?></textarea> - </div> + <textarea wrap="off" cols="90" rows="3" name="code"><?=$splitcontents[$lineid];?></textarea> </td> </tr> <tr> <td valign="top" class="label"> <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea disabled - wrap="off" style="width: 98%; margin: 7px;" - class="<?php echo $language; ?>:showcolumns" rows="33" - cols="66" name="code2"><?=$contents;?></textarea> + <textarea disabled wrap="off" rows="33" cols="90" name="code2"><?=$contents;?></textarea> </div> </td> </tr> diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index b08d7e6f..f399655e 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -30,10 +30,9 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $snortdir; +global $g; if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); @@ -64,9 +63,9 @@ $pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories"; /* Check if the rules dir is empy if so warn the user */ /* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules"); + $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); if ($isrulesfolderempty == "") { include_once("head.inc"); include("fbegin.inc"); @@ -105,7 +104,7 @@ if ($isrulesfolderempty == "") { <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n <tr>\n <td>\n - # The rules directory is empty. {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules \n + # The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n </td>\n </tr>\n </table>\n @@ -127,7 +126,7 @@ if ($isrulesfolderempty == "") { exit(0); } else { /* Make sure that we have the rules */ - mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true); + mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); } } @@ -167,7 +166,6 @@ include_once("head.inc"); <?php include("fbegin.inc"); ?> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> -<div class="body2"> <?php echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; @@ -181,16 +179,16 @@ if ($input_errors) { } if ($savemsg) { - print_info_box2($savemsg); + print_info_box($savemsg); } if (file_exists($d_snortconfdirty_path)) { echo '<p>'; if($savemsg) { - print_info_box_np2("{$savemsg}"); + print_info_box_np("{$savemsg}"); }else{ - print_info_box_np2(' + print_info_box_np(' The Snort configuration has changed and snort needs to be restarted on this interface.<br> You must apply the changes in order for them to take effect.<br> '); @@ -234,8 +232,9 @@ if (file_exists($d_snortconfdirty_path)) { <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on 64 bit architectures.';}?></td> <!-- <td class="listhdrr">Description</td> --> </tr> - <?php - $dh = opendir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/"); + <?php + $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; + $dh = opendir($dir); while (false !== ($filename = readdir($dh))) { $files[] = basename($filename); } @@ -256,10 +255,14 @@ if (file_exists($d_snortconfdirty_path)) { echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; echo "</td>\n"; echo "<td>\n"; - echo "<a href='snort_rules.php?id={$id}&openruleset={$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; + echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; echo "</td>\n</tr>\n\n"; + //echo "<td>"; + //echo "description"; + //echo "</td>"; } - ?> + + ?> </table> </td> </tr> @@ -282,7 +285,6 @@ if (file_exists($d_snortconfdirty_path)) { </table> </form> <p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.</p> -</div> <?php include("fend.inc"); ?> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index d4718276..134f9694 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -433,7 +433,7 @@ </build_pbi> <build_options>WITH_THREADS=yes WITH_IPV6=true WITH_MPLS=true WITH_GRE=true WITHOUT_TARGETBASED=true WITH_DECODERPRE=true WITH_ZLIB=true WITH_NORMALIZER=true WITH_REACT=true WITH_PERFPROFILE=true WITH_FLEXRESP3=true WITH_MYSQL=true WITHOUT_ODBC=true WITHOUT_POSTGRESQL=true WITHOUT_PRELUDE=true WITH_SNORTSAM=true NOPORTDOCS=true</build_options> <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.9.2.3 pkg v. 2.2.5</version> + <version>2.9.2.3 pkg v. 2.3.0</version> <required_version>2.0</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -545,7 +545,7 @@ <depends_on_package>clamav-0.97.3_1.tbz</depends_on_package> <depends_on_package>ca_root_nss-3.13.3.tbz</depends_on_package> <depends_on_package_pbi>dansguardian-2.12.0.0_1-i386.pbi</depends_on_package_pbi> - <version>2.12.0.0 pkg v.0.1.5.3</version> + <version>2.12.0.0 pkg v.0.1.5.4</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>dansguardian.xml</configurationfile> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 548cfb36..9a63b655 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -420,7 +420,7 @@ </build_pbi> <build_options>WITH_THREADS=yes WITH_IPV6=true WITH_MPLS=true WITH_GRE=true WITHOUT_TARGETBASED=true WITH_DECODERPRE=true WITH_ZLIB=true WITH_NORMALIZER=true WITH_REACT=true WITH_PERFPROFILE=true WITH_FLEXRESP3=true WITH_MYSQL=true WITHOUT_ODBC=true WITHOUT_POSTGRESQL=true WITHOUT_PRELUDE=true WITH_SNORTSAM=true NOPORTDOCS=true</build_options> <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.9.2.3 pkg v. 2.2.5</version> + <version>2.9.2.3 pkg v. 2.3.0</version> <required_version>2.0</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -532,7 +532,7 @@ <depends_on_package>clamav-0.97.3_1.tbz</depends_on_package> <depends_on_package>ca_root_nss-3.13.3.tbz</depends_on_package> <depends_on_package_pbi>dansguardian-2.12.0.0_1-amd64.pbi</depends_on_package_pbi> - <version>2.12.0.0 pkg v.0.1.5.3</version> + <version>2.12.0.0 pkg v.0.1.5.4</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>dansguardian.xml</configurationfile> |
