diff options
23 files changed, 215 insertions, 206 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index af1c0993..79fef4fa 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -5,6 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009-2010 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2013 Bill Meeks * part of pfSense * All rights reserved. * @@ -45,24 +46,22 @@ ini_set("memory_limit", "192M"); // Explicitly declare this as global so it works through function call includes global $rebuild_rules, $pfSense_snort_version; -// Grab the Snort binary version programmatically +// Grab the Snort binary version programmatically, but if that fails use a safe default $snortver = array(); exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); $snort_version = $snortver[0]; +if (empty($snort_version)) + $snort_version = "2.9.5.5"; /* package version */ -$pfSense_snort_version = "3.0.0"; -$snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}"; - -// Define SNORTDIR and SNORTLIBDIR constants according to FreeBSD version (PBI support or no PBI) -if (floatval(php_uname("r")) >= 8.3) { - exec("/usr/local/sbin/pbi_info | grep 'snort-{$snort_version}' | xargs /usr/local/sbin/pbi_info | awk '/Prefix/ {print $2}'",$pbidirarray); - $snort_pbidir = "{$pbidirarray[0]}"; - /* In case this is an initial Snort install and pbi_info() above returned null, set a sane default value */ - if (empty($snort_pbidir)) - $snort_pbidir = "/usr/pbi/snort-" . php_uname("m"); - define("SNORTDIR", "{$snort_pbidir}/etc/snort"); - define("SNORTLIBDIR", "{$snort_pbidir}/lib/snort"); +$pfSense_snort_version = "3.0.1"; +$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}"; + +// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version +$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pfs_version > 2.0) { + define("SNORTDIR", "/usr/pbi/snort-" . php_uname("m") . "/etc/snort"); + define("SNORTLIBDIR", "/usr/pbi/snort-" . php_uname("m") . "/lib/snort"); } else { define("SNORTDIR", "/usr/local/etc/snort"); @@ -2700,32 +2699,38 @@ EOD; // Setup the standard FTP commands used for all FTP Server engines $ftp_cmds = <<<EOD - ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \ - ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \ - ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \ - ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \ - ftp_cmds { FEAT CEL CMD MACB } \ - ftp_cmds { MDTM REST SIZE MLST MLSD } \ - ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \ - alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \ - alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \ - alt_max_param_len 256 { RNTO CWD } \ + ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ + ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ + ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ + ftp_cmds { LPSV MACB MAIL MDTM MFMT MIC MKD MLSD MLST } \ + ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ + ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ + ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ + ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ + ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ + ftp_cmds { XSEN XSHA1 XSHA256 } \ + alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ + alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ + alt_max_param_len 256 { CWD RNTO } \ alt_max_param_len 400 { PORT } \ - alt_max_param_len 512 { SIZE } \ - chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \ - chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \ - chk_str_fmt { LIST NLST SITE SYST STAT HELP } \ - chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \ - chk_str_fmt { FEAT CEL CMD } \ - chk_str_fmt { MDTM REST SIZE MLST MLSD } \ - chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity STRU < char FRP > \ - cmd_validity ALLO < int [ char R int ] > \ - cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \ + alt_max_param_len 512 { MFMT SIZE } \ + chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ + chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ + chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ + chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ + chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ + chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ + chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ + chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ + cmd_validity ALLO < int [ char R int ] > \ + cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ + cmd_validity MACB < string > \ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - cmd_validity PORT < host_port > + cmd_validity MODE < char ASBCZ > \ + cmd_validity PORT < host_port > \ + cmd_validity PROT < char CSEP > \ + cmd_validity STRU < char FRPO [ string ] > \ + cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > EOD; @@ -3123,6 +3128,8 @@ EOD; $sdf_mask_output = "\\\n\tmask_output"; else $sdf_mask_output = ""; + if (empty($snortcfg['sdf_alert_threshold'])) + $snortcfg['sdf_alert_threshold'] = 25; $sensitive_data = <<<EOD # SDF preprocessor # preprocessor sensitive_data: \ diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 412974b5..c50c066a 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -42,12 +42,12 @@ /* ========================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> + <description>Snort IDS/IPS Package</description> + <requirements>None</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.9.5.5</version> - <title>Services:2.9.5.5 pkg v. 3.0.0</title> + <title>Services:2.9.5.5 pkg v3.0.1</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -244,7 +244,7 @@ </custom_add_php_command> <custom_php_resync_config_command> <![CDATA[ - if ($GLOBALS['pfSense_snort_version'] == "3.0.0") + if ($GLOBALS['pfSense_snort_version'] == "3.0.1") sync_snort_package_config(); ]]> </custom_php_resync_config_command> @@ -254,7 +254,8 @@ ]]> </custom_php_install_command> <custom_php_deinstall_command> + <![CDATA[ snort_deinstall(); + ]]> </custom_php_deinstall_command> </packagegui> - diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 28539f1f..a93aef56 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -5,6 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -88,10 +89,15 @@ $et_enabled = $config['installedpackages']['snortglobal']['emergingthreats']; $tmpfname = "{$snortdir}/tmp/snort_rules_up"; /* Grab the Snort binary version programmatically and use it to construct */ -/* the proper Snort VRT rules tarball and md5 filenames. */ +/* the proper Snort VRT rules tarball and md5 filenames. Fallback to a */ +/* default in the event we fail. */ +$snortver = array(); exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); // Save the version with decimal delimiters for use in extracting the rules $snort_version = $snortver[0]; +if (empty($snort_version)) + $snort_version = "2.9.5.5"; + // Create a collapsed version string for use in the tarball filename $snortver[0] = str_replace(".", "", $snortver[0]); $snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz"; @@ -695,8 +701,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = } /* Start the rules rebuild proccess for each configured interface */ - if (is_array($config['installedpackages']['snortglobal']['rule']) && - !empty($config['installedpackages']['snortglobal']['rule'])) { + if (is_array($config['installedpackages']['snortglobal']['rule'])) { /* Set the flag to force rule rebuilds since we downloaded new rules, */ /* except when in post-install mode. Post-install does its own rebuild. */ diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 1db5b6a0..5c9b8210 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -43,9 +43,14 @@ $log = $snort_rules_upd_log; /* Grab the Snort binary version programmatically and */ /* use it to construct the proper Snort VRT rules */ -/* tarball filename. */ +/* tarball filename. Fallback to a safe default if */ +/* we fail. */ +$snortver = array(); exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); +if (empty($snortver[0])) + $snortver[0] = "2.9.5.5"; $snortver[0] = str_replace(".", "", $snortver[0]); + $snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz"; //$snort_rules_file = VRT_DNLD_FILENAME; $snort_community_rules_filename = GPLV2_DNLD_FILENAME; diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php index f344771b..89a21dc8 100644 --- a/config/snort/snort_frag3_engine.php +++ b/config/snort/snort_frag3_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_frag3_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -246,7 +237,7 @@ if ($savemsg) <td class="vexpl"><input name="frag3_bind_to" type="text" class="formfldalias" id="frag3_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes'" + <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php index a9f5e82b..b039df5b 100644 --- a/config/snort/snort_ftp_client_engine.php +++ b/config/snort/snort_ftp_client_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_ftp_client_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -277,7 +268,7 @@ if ($savemsg) <td class="vexpl"><input name="ftp_bind_to" type="text" class="formfldalias" id="ftp_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off" > <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -337,7 +328,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['bounce_to_net']);?>" title="<?=trim(filter_expand_alias($pconfig['bounce_to_net']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default is ") . "<strong>" . gettext("blank") . "</strong>.";?></span> </td> - <td class="vexpl"> <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bounce_to_net&act=import'" + <td class="vexpl"> <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bounce_to_net&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/> </td> </tr> @@ -347,7 +338,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['bounce_to_port']);?>" title="<?=trim(filter_expand_alias($pconfig['bounce_to_port']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default is ") . "<strong>" . gettext("blank") . "</strong>.";?></span> </td> - <td class="vexpl"> <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=bounce_to_port&act=import'" + <td class="vexpl"> <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=bounce_to_port&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/> </td> </tr> diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php index 8f462ca9..e70033e7 100644 --- a/config/snort/snort_ftp_server_engine.php +++ b/config/snort/snort_ftp_server_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_ftp_server_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -248,7 +239,7 @@ if ($savemsg) <td class="vexpl"><input name="ftp_bind_to" type="text" class="formfldalias" id="ftp_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php index 58488f2d..94d3364f 100644 --- a/config/snort/snort_httpinspect_engine.php +++ b/config/snort/snort_httpinspect_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_httpinspect_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -357,7 +348,7 @@ if ($savemsg) <td class="vexpl"><input name="httpinspect_bind_to" type="text" class="formfldalias" id="httpinspect_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -381,7 +372,7 @@ if ($savemsg) <td class="vexpl"><input name="httpinspect_ports" type="text" class="formfldalias" id="httpinspect_ports" size="25" value="<?=htmlspecialchars($pconfig['ports']);?>" title="<?=trim(filter_expand_alias($pconfig['ports']));?>"> <?php echo gettext("Specifiy which ports to check for HTTP data.");?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/></td> </tr> <tr> diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index d9f751cd..77cd5490 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -2,11 +2,7 @@ /* $Id$ */ /* snort_import_aliases.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2013 Bill Meeks All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 9fb97be1..cbc31378 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -274,7 +274,7 @@ if ($savemsg) <td width="78%" class="vtable"> <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" title="<?=trim(filter_expand_alias($pconfig['address']));?>" /> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes'" + <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/> </td> </tr> diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 35dd3847..1a555408 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -2,10 +2,7 @@ /* * snort_migrate_config.inc * - * Copyright (C) 2006 Scott Ullrich - * Copyright (C) 2009-2010 Robert Zelaya - * Copyright (C) 2011-2012 Ermal Luci - * part of pfSense + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -279,6 +276,18 @@ foreach ($rule as &$r) { $pconfig['ftp_server_engine']['item'][] = $default; } + // Set sensible defaults for new SDF options if SDF is enabled + if ($pconfig['sensitive_data'] == 'on') { + if (empty($pconfig['sdf_alert_threshold'])) { + $pconfig['sdf_alert_threshold'] = 25; + $updated_cfg = true; + } + if (empty($pconfig['sdf_alert_data_type'])) { + $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers"; + $updated_cfg = true; + } + } + // Save the new configuration data into the $config array pointer $r = $pconfig; } @@ -287,7 +296,7 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.0"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.1"; log_error("[Snort] Saving configuration settings in new format..."); write_config(); log_error("[Snort] Settings successfully migrated to new configuration format..."); diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 2ef0bde9..a7b54503 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -5,6 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009-2010 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2013 Bill Meeks * part of pfSense * All rights reserved. * @@ -282,32 +283,38 @@ EOD; // Setup the standard FTP commands used for all FTP Server engines $ftp_cmds = <<<EOD - ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \ - ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \ - ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \ - ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \ - ftp_cmds { FEAT CEL CMD MACB } \ - ftp_cmds { MDTM REST SIZE MLST MLSD } \ - ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \ - alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \ - alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \ - alt_max_param_len 256 { RNTO CWD } \ + ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ + ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ + ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ + ftp_cmds { LPSV MACB MAIL MDTM MFMT MIC MKD MLSD MLST } \ + ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ + ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ + ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ + ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ + ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ + ftp_cmds { XSEN XSHA1 XSHA256 } \ + alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ + alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ + alt_max_param_len 256 { CWD RNTO } \ alt_max_param_len 400 { PORT } \ - alt_max_param_len 512 { SIZE } \ - chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \ - chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \ - chk_str_fmt { LIST NLST SITE SYST STAT HELP } \ - chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \ - chk_str_fmt { FEAT CEL CMD } \ - chk_str_fmt { MDTM REST SIZE MLST MLSD } \ - chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity STRU < char FRP > \ - cmd_validity ALLO < int [ char R int ] > \ - cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \ + alt_max_param_len 512 { MFMT SIZE } \ + chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ + chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ + chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ + chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ + chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ + chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ + chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ + chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ + cmd_validity ALLO < int [ char R int ] > \ + cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ + cmd_validity MACB < string > \ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - cmd_validity PORT < host_port > + cmd_validity MODE < char ASBCZ > \ + cmd_validity PORT < host_port > \ + cmd_validity PROT < char CSEP > \ + cmd_validity STRU < char FRPO [ string ] > \ + cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > EOD; @@ -705,6 +712,8 @@ EOD; $sdf_mask_output = "\\\n\tmask_output"; else $sdf_mask_output = ""; + if (empty($snortcfg['sdf_alert_threshold'])) + $snortcfg['sdf_alert_threshold'] = 25; $sensitive_data = <<<EOD # SDF preprocessor # preprocessor sensitive_data: \ @@ -1443,6 +1452,10 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { } } +/* Update Snort package version in configuration */ +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.1"; +write_config(); + /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); log_error(gettext("[Snort] Package post-installation tasks completed...")); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 1d47ccdb..289a3941 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -6,6 +6,7 @@ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -263,6 +264,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['ftp_telnet_detect_anomalies'] = 'on'; if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0) $pconfig['ftp_telnet_ayt_attack_threshold'] = '20'; + if (empty($pconfig['sdf_alert_data_type'])) + $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers"; if (empty($pconfig['sdf_alert_threshold'])) $pconfig['sdf_alert_threshold'] = '25'; if (empty($pconfig['sdf_mask_output'])) @@ -411,7 +414,7 @@ if ($_POST['ResetAll']) { $pconfig['dce_rpc_2'] = "on"; $pconfig['dns_preprocessor'] = "on"; $pconfig['sensitive_data'] = "off"; - $pconfig['sdf_alert_data_type'] = ""; + $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers"; $pconfig['sdf_alert_threshold'] = "25"; $pconfig['sdf_mask_output'] = "off"; $pconfig['ssl_preproc'] = "on"; @@ -437,8 +440,8 @@ elseif ($_POST['Submit']) { // Validate SDF alert threshold and alert data type values if SDF is enabled if ($_POST['sensitive_data'] == 'on') { - if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 4294067295) - $input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 4,294,067,295."); + if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 65535) + $input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 65,535."); if (empty($_POST['sdf_alert_data_type'])) $input_errors[] = gettext("You must select at least one sensitive data type to inspect for when Sensitive Data detection is enabled."); } @@ -469,6 +472,9 @@ elseif ($_POST['Submit']) { if ($_POST['ftp_telnet_ayt_attack_threshold'] != "") { $natent['ftp_telnet_ayt_attack_threshold'] = $_POST['ftp_telnet_ayt_attack_threshold']; }else{ $natent['ftp_telnet_ayt_attack_threshold'] = "20"; } if ($_POST['sdf_alert_threshold'] != "") { $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold']; }else{ $natent['sdf_alert_threshold'] = "25"; } + // Set SDF inspection types + $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']); + $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off'; $natent['host_attribute_table'] = $_POST['host_attribute_table'] ? 'on' : 'off'; $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off'; @@ -484,8 +490,6 @@ elseif ($_POST['Submit']) { $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off'; $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off'; $natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off'; - $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']); - $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold']; $natent['sdf_mask_output'] = $_POST['sdf_mask_output'] ? 'on' : 'off'; $natent['ssl_preproc'] = $_POST['ssl_preproc'] ? 'on' : 'off'; $natent['pop_preproc'] = $_POST['pop_preproc'] ? 'on' : 'off'; @@ -1220,7 +1224,7 @@ include_once("head.inc"); value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>"> <?php echo gettext("Leave blank for default. ") . gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.</td> <td class="vexpl" align="right"> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes'" + <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 48d26d1d..0434f88f 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -528,7 +528,7 @@ if ($savemsg) { <tr> <td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" . gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") . - "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" . + "<a href='snort_rules_flowbits.php?id={$id}&openruleset={$currentruleset}&returl=" . urlencode($_SERVER['PHP_SELF']) . "' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" . gettext("clicking here") . ".</a>";?></td> </tr> <?php endif;?> diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index 2f13d6bc..325276ee 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -1,16 +1,7 @@ <?php /* * snort_rules_flowbits.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -51,18 +42,23 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $a_nat = &$config['installedpackages']['snortglobal']['rule']; // Set who called us so we can return to the correct page with -// the RETURN button. We will just trust this User-Agent supplied -// string for now. +// the RETURN button. Save the original referrer and the query +// string in session variables. session_start(); -if(!isset($_SESSION['org_referer'])) - $_SESSION['org_referer'] = $_SERVER['HTTP_REFERER']; -$referrer = $_SESSION['org_referer']; +if (!isset($_SESSION['org_referrer']) || isset($_GET['returl'])) { + $_SESSION['org_referrer'] = urldecode($_GET['returl']); + $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING']; +} +$referrer = $_SESSION['org_referrer']; +$querystr = $_SESSION['org_querystr']; +session_write_close(); if ($_POST['cancel']) { session_start(); - unset($_SESSION['org_referer']); + unset($_SESSION['org_referrer']); + unset($_SESSION['org_querystr']); session_write_close(); - header("Location: {$referrer}"); + header("Location: {$referrer}?{$querystr}"); exit; } @@ -71,7 +67,8 @@ if (isset($_POST['id'])) $id = $_POST['id']; if (is_null($id)) { session_start(); - unset($_SESSION['org_referer']); + unset($_SESSION['org_referrer']); + unset($_SESSION['org_querystr']); session_write_close(); header("Location: /snort/snort_interfaces.php"); exit; diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 3b7ef916..62b68a1b 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -330,7 +330,7 @@ if ($savemsg) { </tr> <tr> <td width="15%" class="listn"><?php echo gettext("Auto Flowbit Rules"); ?></td> - <td width="85%"><input type="button" class="formbtns" value="View" onclick="parent.location='snort_rules_flowbits.php?id=<?=$id;?>'" <?php echo $btn_view_flowb_rules; ?>/> + <td width="85%"><input type="button" class="formbtns" value="View" onclick="parent.location='snort_rules_flowbits.php?id=<?=$id;?>&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" <?php echo $btn_view_flowb_rules; ?>/> <span class="vexpl"><?php echo gettext("Click to view auto-enabled rules required to satisfy flowbit dependencies"); ?></span></td> </tr> <tr> diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index bd0a02e2..c5c6347e 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -2,11 +2,7 @@ /* $Id$ */ /* snort_select_alias.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2013 Bill Meeks All rights reserved. Redistribution and use in source and binary forms, with or without @@ -35,38 +31,37 @@ require("guiconfig.inc"); require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -// Set who called us so we can return to the correct page with -// the RETURN button. We will just trust this User-Agent supplied -// string for now. Check and make sure we don't store this page -// as the referrer so we don't stick the user in a loop. -session_start(); -if(!isset($_SESSION['org_referer']) && strpos($_SERVER['HTTP_REFERER'], $SERVER['PHP_SELF']) === false) - $_SESSION['org_referer'] = substr($_SERVER['HTTP_REFERER'], 0, strpos($_SERVER['HTTP_REFERER'], "?")); -$referrer = $_SESSION['org_referer']; +// Need to keep track of who called us so we can return to the correct page +// when the SAVE button is clicked. On initial entry, a GET variable is +// passed with the referrer's URL encoded within. That value is saved and +// used when SAVE or CANCEL is clicked to return to the referring page. +// -// Get the QUERY_STRING from our referrer so we can return it. -if(!isset($_SESSION['org_querystr'])) - $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING']; -$querystr = $_SESSION['org_querystr']; +// Retrieve the QUERY STRING of the original referrer so we can return it. +// On the initial pass, we will save it in a hidden POST field so we won't +// overwrite it on subsequent POST-BACKs to this page. +if (!isset($_POST['org_querystr'])) + $querystr = $_SERVER['QUERY_STRING']; // Retrieve any passed QUERY STRING or POST variables $type = $_GET['type']; $varname = $_GET['varname']; $multi_ip = $_GET['multi_ip']; +$referrer = urldecode($_GET['returl']); if (isset($_POST['type'])) $type = $_POST['type']; if (isset($_POST['varname'])) $varname = $_POST['varname']; if (isset($_POST['multi_ip'])) $multi_ip = $_POST['multi_ip']; +if (isset($_POST['returl'])) + $referrer = urldecode($_POST['returl']); +if (isset($_POST['org_querystr'])) + $querystr = $_POST['org_querystr']; // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. if (is_null($type) || is_null($varname)) { - session_start(); - unset($_SESSION['org_referer']); - unset($_SESSION['org_querystr']); - session_write_close(); header("Location: http://{$referrer}?{$querystr}"); exit; } @@ -103,10 +98,6 @@ switch (count($a_types)) { } if ($_POST['cancel']) { - session_start(); - unset($_SESSION['org_referer']); - unset($_SESSION['org_querystr']); - session_write_close(); header("Location: {$referrer}?{$querystr}"); exit; } @@ -118,10 +109,6 @@ if ($_POST['save']) { // if no errors, write new entry to conf if (!$input_errors) { $selection = $_POST['alias']; - session_start(); - unset($_SESSION['org_referer']); - unset($_SESSION['org_querystr']); - session_write_close(); header("Location: {$referrer}?{$querystr}&varvalue={$selection}"); exit; } @@ -138,6 +125,8 @@ include("head.inc"); <input type="hidden" name="varname" value="<?=$varname;?>"> <input type="hidden" name="type" value="<?=$type;?>"> <input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"> +<input type="hidden" name="returl" value="<?=$referrer;?>"> +<input type="hidden" name="org_querystr" value="<?=$querystr;?>"> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php index 33fade40..b3d81f37 100644 --- a/config/snort/snort_stream5_engine.php +++ b/config/snort/snort_stream5_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_stream5_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -390,7 +381,7 @@ if ($savemsg) <td class="vexpl"><input name="stream5_bind_to" type="text" class="formfldalias" id="stream5_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> <?php echo gettext("IP address or network to bind this engine to."); ?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=no'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=no&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -435,7 +426,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['ports_client']);?>" title="<?=trim(filter_expand_alias($pconfig['ports_client']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default value is the keyword ") . "<strong>" . gettext("default") . "</strong>.";?></span> </td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_client&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_client&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/> </td> </tr> @@ -445,7 +436,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['ports_server']);?>" title="<?=trim(filter_expand_alias($pconfig['ports_server']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default value is the keyword ") . "<strong>" . gettext("none") . "</strong>.";?></span> </td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_server&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_server&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/> </td> </tr> @@ -455,7 +446,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['ports_both']);?>" title="<?=trim(filter_expand_alias($pconfig['ports_both']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default value is the keyword ") . "<strong>" . gettext("default") . "</strong>.";?></span> </td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_both&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_both&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/> </td> </tr> diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js index 0c2d9ca6..c5c743df 100644 --- a/config/widget-snort/snort_alerts.js +++ b/config/widget-snort/snort_alerts.js @@ -1,7 +1,7 @@ var snortlines = Array(); var snorttimer; -var snortupdateDelay = 25500; +var snortupdateDelay = 22000; var snortisBusy = false; var snortisPaused = false; diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php index f4eaa140..691b03a3 100644 --- a/config/widget-snort/snort_alerts.widget.php +++ b/config/widget-snort/snort_alerts.widget.php @@ -26,6 +26,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +require_once("guiconfig.inc"); require_once("/usr/local/www/widgets/include/widget-snort.inc"); global $config, $g; @@ -61,7 +62,14 @@ function sksort(&$array, $subkey="id", $sort_ascending=false) { }; /* check if firewall widget variable is set */ -if (!isset($nentries)) $nentries = 5; +$nentries = $config['widgets']['widget_snort_display_lines']; +if (!isset($nentries) || $nentries < 0) $nentries = 5; + +if(isset($_POST['widget_snort_display_lines'])) { + $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines']; + write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard"); + header("Location: ../../index.php"); +} /* check if Snort include file exists before we use it */ if (file_exists("/usr/local/pkg/snort/snort.inc")) { @@ -121,6 +129,16 @@ if (file_exists("/usr/local/pkg/snort/snort.inc")) { /* display the result */ ?> + +<input type="hidden" id="snort_alerts-config" name="snort_alerts-config" value="" /> +<div id="snort_alerts-settings" class="widgetconfigdiv" style="display:none;"> + <form action="/widgets/widgets/snort_alerts.widget.php" method="post" name="iformd"> + Enter number of recent alerts to display (default is 5)<br/> + <input type="text" size="5" name="widget_snort_display_lines" class="formfld unknown" id="widget_snort_display_lines" value="<?= $config['widgets']['widget_snort_display_lines'] ?>" /> + <input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" /> + </form> +</div> + <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tbody> <tr class="snort-alert-header"> @@ -150,3 +168,13 @@ if (is_array($snort_alerts)) { ?> </tbody> </table> + +<!-- needed to display the widget settings menu --> +<script type="text/javascript"> +//<![CDATA[ + selectIntLink = "snort_alerts-configure"; + textlink = document.getElementById(selectIntLink); + textlink.style.display = "inline"; +//]]> +</script> + diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml index 29edcc3f..1a371ca5 100644 --- a/config/widget-snort/widget-snort.xml +++ b/config/widget-snort/widget-snort.xml @@ -46,7 +46,7 @@ <requirements>Dashboard package and Snort</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>widget-snort</name> - <version>0.3.5</version> + <version>0.3.6</version> <title>Widget - Snort</title> <include_file>/usr/local/www/widgets/include/widget-snort.inc</include_file> <additional_files_needed> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 0a04d15c..e75f5abf 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -497,7 +497,7 @@ <configurationfile>vhosts.xml</configurationfile> </package> <package> - <name>snort</name> + <name>Snort</name> <pkginfolink></pkginfolink> <website>http://www.snort.org</website> <descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr> @@ -525,7 +525,7 @@ <!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. --> <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_SET=TARGETBASED PERFPROFILE DECODERPRE REACT FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITH_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options> <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.9.5.5 pkg v. 3.0.0</version> + <version>2.9.5.5 pkg v3.0.1</version> <required_version>2.0</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -1559,7 +1559,7 @@ <descr>Dashboard widget for Snort.</descr> <category>System</category> <config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file> - <version>0.3.5</version> + <version>0.3.6</version> <status>BETA</status> <required_version>1.2</required_version> <configurationfile>widget-snort.xml</configurationfile> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 0376a7df..0a7baf69 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -484,7 +484,7 @@ <configurationfile>vhosts.xml</configurationfile> </package> <package> - <name>snort</name> + <name>Snort</name> <pkginfolink></pkginfolink> <website>http://www.snort.org</website> <descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr> @@ -512,7 +512,7 @@ <!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. --> <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_SET=TARGETBASED PERFPROFILE DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITH_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options> <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.9.5.5 pkg v. 3.0.0</version> + <version>2.9.5.5 pkg v3.0.1</version> <required_version>2.0</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -1546,7 +1546,7 @@ <descr>Dashboard widget for Snort.</descr> <category>System</category> <config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file> - <version>0.3.5</version> + <version>0.3.6</version> <status>BETA</status> <required_version>1.2</required_version> <configurationfile>widget-snort.xml</configurationfile> |