aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xconfig/snort/snort.inc74
-rw-r--r--config/snort/snort_migrate_config.php12
-rw-r--r--config/snort/snort_post_install.php56
-rwxr-xr-xconfig/snort/snort_preprocessors.php13
4 files changed, 91 insertions, 64 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index af1c0993..c71c0d0c 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -52,17 +52,13 @@ $snort_version = $snortver[0];
/* package version */
$pfSense_snort_version = "3.0.0";
-$snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}";
-
-// Define SNORTDIR and SNORTLIBDIR constants according to FreeBSD version (PBI support or no PBI)
-if (floatval(php_uname("r")) >= 8.3) {
- exec("/usr/local/sbin/pbi_info | grep 'snort-{$snort_version}' | xargs /usr/local/sbin/pbi_info | awk '/Prefix/ {print $2}'",$pbidirarray);
- $snort_pbidir = "{$pbidirarray[0]}";
- /* In case this is an initial Snort install and pbi_info() above returned null, set a sane default value */
- if (empty($snort_pbidir))
- $snort_pbidir = "/usr/pbi/snort-" . php_uname("m");
- define("SNORTDIR", "{$snort_pbidir}/etc/snort");
- define("SNORTLIBDIR", "{$snort_pbidir}/lib/snort");
+$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}";
+
+// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version
+$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pfs_version > 2.0) {
+ define("SNORTDIR", "/usr/pbi/snort-" . php_uname("m") . "/etc/snort");
+ define("SNORTLIBDIR", "/usr/pbi/snort-" . php_uname("m") . "/lib/snort");
}
else {
define("SNORTDIR", "/usr/local/etc/snort");
@@ -2700,32 +2696,38 @@ EOD;
// Setup the standard FTP commands used for all FTP Server engines
$ftp_cmds = <<<EOD
- ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
- ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
- ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
- ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
- ftp_cmds { FEAT CEL CMD MACB } \
- ftp_cmds { MDTM REST SIZE MLST MLSD } \
- ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
- alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
- alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
- alt_max_param_len 256 { RNTO CWD } \
+ ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
+ ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
+ ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
+ ftp_cmds { LPSV MACB MAIL MDTM MFMT MIC MKD MLSD MLST } \
+ ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
+ ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
+ ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
+ ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
+ ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
+ ftp_cmds { XSEN XSHA1 XSHA256 } \
+ alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
+ alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
+ alt_max_param_len 256 { CWD RNTO } \
alt_max_param_len 400 { PORT } \
- alt_max_param_len 512 { SIZE } \
- chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
- chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
- chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
- chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
- chk_str_fmt { FEAT CEL CMD } \
- chk_str_fmt { MDTM REST SIZE MLST MLSD } \
- chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- cmd_validity MODE < char ASBCZ > \
- cmd_validity STRU < char FRP > \
- cmd_validity ALLO < int [ char R int ] > \
- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
+ alt_max_param_len 512 { MFMT SIZE } \
+ chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
+ chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
+ chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
+ chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
+ chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
+ chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
+ chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \
+ chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
+ cmd_validity MACB < string > \
cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
- cmd_validity PORT < host_port >
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity PORT < host_port > \
+ cmd_validity PROT < char CSEP > \
+ cmd_validity STRU < char FRPO [ string ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
EOD;
@@ -3123,6 +3125,8 @@ EOD;
$sdf_mask_output = "\\\n\tmask_output";
else
$sdf_mask_output = "";
+ if (empty($snortcfg['sdf_alert_threshold']))
+ $snortcfg['sdf_alert_threshold'] = 25;
$sensitive_data = <<<EOD
# SDF preprocessor #
preprocessor sensitive_data: \
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index 35dd3847..78ccb737 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -279,6 +279,18 @@ foreach ($rule as &$r) {
$pconfig['ftp_server_engine']['item'][] = $default;
}
+ // Set sensible defaults for new SDF options if SDF is enabled
+ if ($pconfig['sensitive_data'] == 'on') {
+ if (empty($pconfig['sdf_alert_threshold'])) {
+ $pconfig['sdf_alert_threshold'] = 25;
+ $updated_cfg = true;
+ }
+ if (empty($pconfig['sdf_alert_data_type'])) {
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
+ $updated_cfg = true;
+ }
+ }
+
// Save the new configuration data into the $config array pointer
$r = $pconfig;
}
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 2ef0bde9..ef73b892 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -282,32 +282,38 @@ EOD;
// Setup the standard FTP commands used for all FTP Server engines
$ftp_cmds = <<<EOD
- ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
- ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
- ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
- ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
- ftp_cmds { FEAT CEL CMD MACB } \
- ftp_cmds { MDTM REST SIZE MLST MLSD } \
- ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
- alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
- alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
- alt_max_param_len 256 { RNTO CWD } \
+ ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
+ ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
+ ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
+ ftp_cmds { LPSV MACB MAIL MDTM MFMT MIC MKD MLSD MLST } \
+ ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
+ ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
+ ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
+ ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
+ ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
+ ftp_cmds { XSEN XSHA1 XSHA256 } \
+ alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
+ alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
+ alt_max_param_len 256 { CWD RNTO } \
alt_max_param_len 400 { PORT } \
- alt_max_param_len 512 { SIZE } \
- chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
- chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
- chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
- chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
- chk_str_fmt { FEAT CEL CMD } \
- chk_str_fmt { MDTM REST SIZE MLST MLSD } \
- chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- cmd_validity MODE < char ASBCZ > \
- cmd_validity STRU < char FRP > \
- cmd_validity ALLO < int [ char R int ] > \
- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
+ alt_max_param_len 512 { MFMT SIZE } \
+ chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
+ chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
+ chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
+ chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
+ chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
+ chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
+ chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \
+ chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
+ cmd_validity MACB < string > \
cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
- cmd_validity PORT < host_port >
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity PORT < host_port > \
+ cmd_validity PROT < char CSEP > \
+ cmd_validity STRU < char FRPO [ string ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
EOD;
@@ -705,6 +711,8 @@ EOD;
$sdf_mask_output = "\\\n\tmask_output";
else
$sdf_mask_output = "";
+ if (empty($snortcfg['sdf_alert_threshold']))
+ $snortcfg['sdf_alert_threshold'] = 25;
$sensitive_data = <<<EOD
# SDF preprocessor #
preprocessor sensitive_data: \
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 1d47ccdb..468d1c14 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -263,6 +263,8 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ftp_telnet_detect_anomalies'] = 'on';
if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0)
$pconfig['ftp_telnet_ayt_attack_threshold'] = '20';
+ if (empty($pconfig['sdf_alert_data_type']))
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
if (empty($pconfig['sdf_alert_threshold']))
$pconfig['sdf_alert_threshold'] = '25';
if (empty($pconfig['sdf_mask_output']))
@@ -411,7 +413,7 @@ if ($_POST['ResetAll']) {
$pconfig['dce_rpc_2'] = "on";
$pconfig['dns_preprocessor'] = "on";
$pconfig['sensitive_data'] = "off";
- $pconfig['sdf_alert_data_type'] = "";
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
$pconfig['sdf_alert_threshold'] = "25";
$pconfig['sdf_mask_output'] = "off";
$pconfig['ssl_preproc'] = "on";
@@ -437,8 +439,8 @@ elseif ($_POST['Submit']) {
// Validate SDF alert threshold and alert data type values if SDF is enabled
if ($_POST['sensitive_data'] == 'on') {
- if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 4294067295)
- $input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 4,294,067,295.");
+ if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 65535)
+ $input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 65,535.");
if (empty($_POST['sdf_alert_data_type']))
$input_errors[] = gettext("You must select at least one sensitive data type to inspect for when Sensitive Data detection is enabled.");
}
@@ -469,6 +471,9 @@ elseif ($_POST['Submit']) {
if ($_POST['ftp_telnet_ayt_attack_threshold'] != "") { $natent['ftp_telnet_ayt_attack_threshold'] = $_POST['ftp_telnet_ayt_attack_threshold']; }else{ $natent['ftp_telnet_ayt_attack_threshold'] = "20"; }
if ($_POST['sdf_alert_threshold'] != "") { $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold']; }else{ $natent['sdf_alert_threshold'] = "25"; }
+ // Set SDF inspection types
+ $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']);
+
$natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off';
$natent['host_attribute_table'] = $_POST['host_attribute_table'] ? 'on' : 'off';
$natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off';
@@ -484,8 +489,6 @@ elseif ($_POST['Submit']) {
$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
$natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
$natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off';
- $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']);
- $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold'];
$natent['sdf_mask_output'] = $_POST['sdf_mask_output'] ? 'on' : 'off';
$natent['ssl_preproc'] = $_POST['ssl_preproc'] ? 'on' : 'off';
$natent['pop_preproc'] = $_POST['pop_preproc'] ? 'on' : 'off';
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 21:42:09 +0000