aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config/snort/snort.inc6
-rw-r--r--config/snort/snort_alerts.php48
-rw-r--r--config/snort/snort_interfaces_global.php32
3 files changed, 37 insertions, 49 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 814cd017..5eb20ff9 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -246,7 +246,7 @@ function Running_Stop($snort_uuid, $if_real, $id) {
if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
- exec("/bin/rm {$g['varrun_path']}/barnyard2_{$snort_uuid}_{$if_real}*");
+ @unlink("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
}
$snortconf = $config['installedpackages']['snortglobal']['rule'][$id];
@@ -1003,7 +1003,7 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
/* TODO: add support for the other 5 output plugins */
$snortconf = $config['installedpackages']['snortglobal']['rule'][$id];
$snortbarnyardlog_database_info_chk = $snortconf['barnyard_mysql'];
- $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname");
+ $snortbarnyardlog_hostname_info_chk = php_uname("n");
/* user add arguments */
$snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($snortconf['barnconfigpassthru']));
@@ -1020,7 +1020,7 @@ config gen_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.m
config sid_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map
config hostname: $snortbarnyardlog_hostname_info_chk
-config interface: {$snort_uuid}_{$if_real}
+config interface: {$if_real}
config decode_data_link
config waldo_file: /var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 645a3f8d..806d4738 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -121,8 +121,8 @@ if ($_POST['download']) {
function get_snort_alert_date($fileline)
{
/* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
- if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))
- $alert_date = "$matches1[0]";
+ if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches))
+ $alert_date = "$matches[0]";
return $alert_date;
}
@@ -139,8 +139,8 @@ function get_snort_alert_disc($fileline)
function get_snort_alert_class($fileline)
{
/* class */
- if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2))
- $alert_class = "$matches2[0]";
+ if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches))
+ $alert_class = "$matches[0]";
return $alert_class;
}
@@ -148,8 +148,8 @@ function get_snort_alert_class($fileline)
function get_snort_alert_priority($fileline)
{
/* Priority */
- if (preg_match('/Priority:\s\d/', $fileline, $matches3))
- $alert_priority = "$matches3[0]";
+ if (preg_match('/Priority:\s\d/', $fileline, $matches))
+ $alert_priority = "$matches[0]";
return $alert_priority;
}
@@ -157,8 +157,8 @@ function get_snort_alert_priority($fileline)
function get_snort_alert_proto($fileline)
{
/* Priority */
- if (preg_match('/\{.+\}/', $fileline, $matches3))
- $alert_proto = "$matches3[0]";
+ if (preg_match('/\{.+\}/', $fileline, $matches))
+ $alert_proto = "$matches[0]";
return $alert_proto;
}
@@ -166,8 +166,8 @@ function get_snort_alert_proto($fileline)
function get_snort_alert_proto_full($fileline)
{
/* Protocal full */
- if (preg_match('/.+\sTTL/', $fileline, $matches2))
- $alert_proto_full = "$matches2[0]";
+ if (preg_match('/.+\sTTL/', $fileline, $matches))
+ $alert_proto_full = "$matches[0]";
return $alert_proto_full;
}
@@ -178,8 +178,8 @@ function get_snort_alert_ip_src($fileline)
$re1='.*?'; # Non-greedy match on filler
$re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
- if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
- $alert_ip_src = $matches4[1][0];
+ if (preg_match_all ("/".$re1.$re2."/is", $fileline, $matches))
+ $alert_ip_src = $matches[1][0];
return $alert_ip_src;
}
@@ -187,8 +187,8 @@ function get_snort_alert_ip_src($fileline)
function get_snort_alert_src_p($fileline)
{
/* source port */
- if (preg_match('/:\d+\s-/', $fileline, $matches5))
- $alert_src_p = "$matches5[0]";
+ if (preg_match('/:\d+\s-/', $fileline, $matches))
+ $alert_src_p = "$matches[0]";
return $alert_src_p;
}
@@ -196,8 +196,8 @@ function get_snort_alert_src_p($fileline)
function get_snort_alert_flow($fileline)
{
/* source port */
- if (preg_match('/(->|<-)/', $fileline, $matches5))
- $alert_flow = "$matches5[0]";
+ if (preg_match('/(->|<-)/', $fileline, $matches))
+ $alert_flow = "$matches[0]";
return $alert_flow;
}
@@ -210,8 +210,8 @@ function get_snort_alert_ip_dst($fileline)
$re3dp='.*?'; # Non-greedy match on filler
$re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
- if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6))
- $alert_ip_dst = $matches6[1][0];
+ if (preg_match_all("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches))
+ $alert_ip_dst = $matches[1][0];
return $alert_ip_dst;
}
@@ -219,8 +219,8 @@ function get_snort_alert_ip_dst($fileline)
function get_snort_alert_dst_p($fileline)
{
/* dst port */
- if (preg_match('/:\d+$/', $fileline, $matches7))
- $alert_dst_p = "$matches7[0]";
+ if (preg_match('/:\d+$/', $fileline, $matches))
+ $alert_dst_p = "$matches[0]";
return $alert_dst_p;
}
@@ -228,8 +228,8 @@ function get_snort_alert_dst_p($fileline)
function get_snort_alert_dst_p_full($fileline)
{
/* dst port full */
- if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7))
- $alert_dst_p = "$matches7[0]";
+ if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches))
+ $alert_dst_p = "$matches[0]";
return $alert_dst_p;
}
@@ -237,8 +237,8 @@ function get_snort_alert_dst_p_full($fileline)
function get_snort_alert_sid($fileline)
{
/* SID */
- if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8))
- $alert_sid = "$matches8[0]";
+ if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches))
+ $alert_sid = "$matches[0]";
return $alert_sid;
}
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index a328012a..3131f774 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -41,8 +41,6 @@ global $g;
$snortdir = SNORTDIR;
-$d_snort_global_dirty_path = '/var/run/snort_global.dirty';
-
/* make things short */
$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
@@ -172,21 +170,11 @@ include_once("fbegin.inc");
if($pfsense_stable == 'yes')
echo '<p class="pgtitle">' . $pgtitle . '</p>';
-?>
-<?php
- /* Display Alert message, under form tag or no refresh */
- if ($input_errors)
- print_input_errors($input_errors); // TODO: add checks
-
- if (!$input_errors) {
- if (file_exists($d_snort_global_dirty_path)) {
- print_info_box_np('
- The Snort configuration has changed and snort needs to be restarted on this interface.<br>
- You must apply the changes in order for them to take effect.<br>
- ');
- }
- }
+/* Display Alert message, under form tag or no refresh */
+if ($input_errors)
+ print_input_errors($input_errors); // TODO: add checks
+
?>
<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
@@ -345,12 +333,12 @@ if($pfsense_stable == 'yes')
<td width="78%" class="vtable">
<select name="snortalertlogtype" class="formselect" id="snortalertlogtype">
<?php
- $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT');
- foreach ($interfaces4 as $iface4 => $ifacename4): ?>
- <option value="<?=$iface4;?>"
- <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename4);?></option>
- <?php endforeach; ?>
+ $logtype = array('full' => 'FULL', 'fast' => 'SHORT');
+ foreach ($logtype as $logt => $logdescr): ?>
+ <option value="<?=$logt;?>"
+ <?php if ($logt == $pconfig['snortalertlogtype']) echo "selected"; ?>>
+ <?=htmlspecialchars($logdescr);?></option>
+ <?php endforeach; ?>
</select><br>
<span class="vexpl">Please choose the type of Alert logging you will
like see in your alert file.<br>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 02:06:34 +0000