diff options
-rw-r--r-- | config/snort-dev/snort.inc | 73 | ||||
-rw-r--r-- | config/snort-dev/snort_blocked.php | 33 | ||||
-rw-r--r-- | config/snort-dev/snort_rules.php | 64 | ||||
-rw-r--r-- | config/snort-dev/snort_rulesets.php | 66 |
4 files changed, 220 insertions, 16 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index ebcab85c..107dfb3e 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -196,7 +196,6 @@ function create_barnyard2_conf() { global $bconfig, $bg; /* write out barnyard2_conf */ $barnyard2_conf_text = generate_barnyard2_conf(); -// conf_mount_rw(); $bconf = fopen("/usr/local/etc/barnyard2.conf", "w"); if(!$bconf) { log_error("Could not open /usr/local/etc/barnyard2.conf for writing."); @@ -204,7 +203,6 @@ function create_barnyard2_conf() { } fwrite($bconf, $barnyard2_conf_text); fclose($bconf); -// conf_mount_ro(); } /* open barnyard2.conf for writing" */ function generate_barnyard2_conf() { @@ -213,28 +211,56 @@ function generate_barnyard2_conf() { conf_mount_rw(); /* define snortbarnyardlog */ +/* TODO add support for the other 5 output plugins */ + $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_database']; +$snortbarnyardlog_hostname_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_hostname']; +$snortbarnyardlog_interface_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_interface']; $barnyard2_conf_text = <<<EOD - Copyright (C) 2006 Scott Ullrich - part of pfSense - All rights reserved. +# barnyard2.conf +# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php + +# Copyright (C) 2006 Robert Zelaya +# part of pfSense +# All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: + +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. + +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. + +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. # set the appropriate paths to the file(s) your Snort process is using config reference-map: /usr/local/etc/snort/reference.config -config class-map: /usr/local/etc/snort/classification.config +config class-map: /usr/local/etc/snort/classification.config config gen-msg-map: /usr/local/etc/snort/gen-msg.map -config sid-msg-map: /usr/local/etc/snort/sid-msg.map +config sid-msg-map: /usr/local/etc/snort/sid-msg.map -config hostname: pfsense.local -config interface: vr0 +config hostname: $snortbarnyardlog_hostname_info_chk +config interface: $snortbarnyardlog_interface_info_chk # Step 2: setup the input plugins input unified2 # database: log to a variety of databases -# output database: log, mysql, user=snort password=snort123 dbname=snort host=192.168.1.22 +# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx $snortbarnyardlog_database_info_chk @@ -1006,6 +1032,33 @@ function snort_rules_up_install_cron($should_install) { # package manager system # see /usr/local/pkg/snort.inc # for more information +# snort.conf +# Snort can be found at http://www.snort.org/ + +# Copyright (C) 2006 Robert Zelaya +# part of pfSense +# All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: + +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. + +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. + +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. ######################### # diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php index 42048eff..ff158853 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/snort_blocked.php @@ -129,7 +129,38 @@ if(!$pgtitle_output) <p> -This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every 60 minutes. +<?php + +$blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blocked']; + if ($blockedtab_msg_chk == "1h_b") { + $blocked_msg = "hour"; + } + if ($blockedtab_msg_chk == "3h_b") { + $blocked_msg = "3 hours"; + } + if ($blockedtab_msg_chk == "6h_b") { + $blocked_msg = "6 hours"; + } + if ($blockedtab_msg_chk == "12h_b") { + $blocked_msg = "12 hours"; + } + if ($blockedtab_msg_chk == "1d_b") { + $blocked_msg = "day"; + } + if ($blockedtab_msg_chk == "4d_b") { + $blocked_msg = "4 days"; + } + if ($blockedtab_msg_chk == "7d_b") { + $blocked_msg = "7 days"; + } + if ($blockedtab_msg_chk == "28d_b") { + $blocked_msg = "28 days"; + } + +echo "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every $blocked_msg."; + +?> + <?php include("fend.inc"); ?> </body> diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index fa4a5a4a..233841b1 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -2,7 +2,7 @@ /* $Id$ */ /* edit_snortrule.php - Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2004, 2005 Scott Ullrich and Rober Zelaya All rights reserved. Redistribution and use in source and binary forms, with or without @@ -30,7 +30,67 @@ require("guiconfig.inc"); require("config.inc"); if(!is_dir("/usr/local/etc/snort/rules")) - header("Location: snort_rules.php", false); + exec('mkdir /usr/local/etc/snort/rules/'); + +/* Check if the rules dir is empy if so warn the user */ +/* TODO give the user the option to delete the installed rules rules */ +$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules'); +if ($isrulesfolderempty == "") { + +include("head.inc"); +include("fbegin.inc"); + +echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; + +echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n +<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n +<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n"; + + $tab_array = array(); + $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php"); + $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); + $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); + $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); + +echo "</td>\n + </tr>\n + <tr>\n + <td>\n + <div id=\"mainarea\">\n + <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n +# The rules directory is empty.\n + </td>\n + </tr>\n + </table>\n + </div>\n + </td>\n + </tr>\n +</table>\n +\n +</form>\n +\n +<p>\n\n"; + +echo "Please click on the Update Rules tab to install your selected rule sets."; +include("fend.inc"); + +echo "</body>"; +echo "</html>"; + +exit(0); + +} function get_middle($source, $beginning, $ending, $init_pos) { $beginning_pos = strpos($source, $beginning, $init_pos); diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php index 4f16eadd..8e5179d6 100644 --- a/config/snort-dev/snort_rulesets.php +++ b/config/snort-dev/snort_rulesets.php @@ -27,13 +27,73 @@ POSSIBILITY OF SUCH DAMAGE. */ -if(!is_dir("/usr/local/etc/snort/rules")) - Header("Location: snort_download_rules.php"); - require("guiconfig.inc"); require_once("service-utils.inc"); require("/usr/local/pkg/snort.inc"); +if(!is_dir("/usr/local/etc/snort/rules")) + exec('mkdir /usr/local/etc/snort/rules/'); + +/* Check if the rules dir is empy if so warn the user */ +/* TODO give the user the option to delete the installed rules rules */ +$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules'); +if ($isrulesfolderempty == "") { + +include("head.inc"); +include("fbegin.inc"); + +echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; + +echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n +<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n +<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n"; + + $tab_array = array(); + $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); + $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); + $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); + $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); + +echo "</td>\n + </tr>\n + <tr>\n + <td>\n + <div id=\"mainarea\">\n + <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n +# The rules directory is empty.\n + </td>\n + </tr>\n + </table>\n + </div>\n + </td>\n + </tr>\n +</table>\n +\n +</form>\n +\n +<p>\n\n"; + +echo "Please click on the Update Rules tab to install your selected rule sets."; +include("fend.inc"); + +echo "</body>"; +echo "</html>"; + +exit(0); + +} + if($_POST) { $enabled_items = ""; $isfirst = true; |