diff options
| -rw-r--r-- | config/snort/snort.inc | 1127 | ||||
| -rw-r--r-- | config/snort/snort_barnyard.php | 20 | ||||
| -rw-r--r-- | config/snort/snort_blocked.php | 1 | ||||
| -rw-r--r-- | config/snort/snort_define_servers.php | 3 | ||||
| -rw-r--r-- | config/snort/snort_download_updates.php | 10 | ||||
| -rw-r--r-- | config/snort/snort_interfaces.php | 25 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_edit.php | 574 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_suppress.php | 1 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_suppress_edit.php | 34 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_whitelist_edit.php | 26 | ||||
| -rw-r--r-- | config/snort/snort_preprocessors.php | 23 | ||||
| -rw-r--r-- | config/snort/snort_rules.php | 3 | ||||
| -rw-r--r-- | config/snort/snort_rulesets.php | 59 |
13 files changed, 496 insertions, 1410 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 003a48a6..ad8899f4 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -43,57 +43,77 @@ $snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version} $snort_rules_file = "snortrules-snapshot-2923.tar.gz"; $emerging_threats_version = "2.9.0"; define("SNORTDIR", "/usr/local/etc/snort"); +define("SNORTLOGDIR", "/var/log/snort"); if (!is_array($config['installedpackages']['snortglobal'])) $config['installedpackages']['snortglobal'] = array(); -/* func builds custom white lists */ -function find_whitelist_key($find_wlist_number) { - global $config, $g; - - if (!is_array($config['installedpackages']['snortglobal']['whitelist'])) - $config['installedpackages']['snortglobal']['whitelist'] = array(); - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - return 0; /* XXX */ +function snort_generate_id() { + global $config; - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $w_key => $value) { - if ($value['name'] == $find_wlist_number) - return $w_key; + $snortglob = $config['installedpackages']['snortglobal']['rule']; + while (true) { + $snort_uuid = mt_rand(1, 65535); + foreach ($snortglob as $value) { + if ($value['uuid'] == $snort_uuid) + continue 2; + } + break; } + + return $snort_uuid; } -/* func builds custom suppress lists */ -function find_suppress_key($find_slist_number) { - global $config, $g; +/* func builds custom white lists */ +function snort_find_list($find_name, $type = 'whitelist') { + global $config; - if (!is_array($config['installedpackages']['snortglobal']['suppress'])) - $config['installedpackages']['snortglobal']['suppress'] = array(); - if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - return 0; /* XXX */ + $snortglob = $config['installedpackages']['snortglobal']; + if (!is_array($snortglob[$type])) + return ""; + if (!is_array($snortglob[$type]['item'])) + return ""; - foreach ($config['installedpackages']['snortglobal']['suppress']['item'] as $s_key => $value) { - if ($value['name'] == $find_slist_number) - return $s_key; + foreach ($snortglob[$type]['item'] as $value) { + if ($value['name'] == $find_name) + return $value; } + + return array(); } /* func builds custom whitelests */ -function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) { +function snort_build_list($listname = "") { global $config, $g; + /* Add loopback to whitelist (ftphelper) */ + $home_net = "127.0.0.1 "; + + if ($listname == 'default' || empty($listname)) { + $wanip = 'yes'; $wangw = 'yes'; $wandns = 'yes'; $vips = 'yes'; $vpns = 'yes'; + } else { + $whitelist = snort_find_list($listname); + if (empty($whitelist)) + return $whitelist; + $wanip = $whitelist['wanips']; + $wangw = $whitelist['wangateips']; + $wandns = $whitelist['wandnsips']; + $vips = $whitelist['vips']; + $vpns = $whitelist['vpnips']; + if (!empty($whitelist['address'])) + $home_net .= trim($whitelist['address']); + } + /* build an interface array list */ if (function_exists('get_configured_interface_list')) $int_array = get_configured_interface_list(); else { $int_array = array('lan'); for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) - if(isset($config['interfaces']['opt' . $j]['enable'])) - if(isset($config['interfaces']['opt' . $j]['gateway'])) - $int_array[] = "opt{$j}"; + if(isset($config['interfaces']['opt' . $j]['enable'])) + $int_array[] = "opt{$j}"; } - $home_net = ""; - /* iterate through interface list and write out whitelist items * and also compile a home_net list for snort. */ @@ -103,7 +123,7 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v $subnet = get_interface_ip($int); if (is_ipaddr($subnet)) { $sn = get_interface_subnet($int); - $home_net .= "{$subnet}/{$sn} "; + $home_net = "{$subnet}/{$sn} "; } } else { $ifcfg = $config['interfaces'][$int]; @@ -117,37 +137,29 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v $subnet = find_interface_ip("ng0"); if (is_ipaddr($subnet)) - $home_net .= "{$subnet} "; + $home_net = "{$subnet} "; break; case "dhcp": $subnet = find_interface_ip(snort_get_real_interface($int)); if (is_ipaddr($subnet)) - $home_net .= "{$subnet} "; + $home_net = "{$subnet} "; break; default: if (is_ipaddr($ifcfg['ipaddr'])) { $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); if ($ifcfg['subnet']) - $home_net .= "{$subnet}/{$ifcfg['subnet']} "; + $home_net = "{$subnet}/{$ifcfg['subnet']} "; } break; } } } - if ($config['version'] <= 6 && $wanip == 'yes') { - /* add all WAN ips to the whitelist */ - $wan_if = get_real_wan_interface(); - $ip = find_interface_ip($wan_if); - if (is_ipaddr($ip)) - $home_net .= "{$ip} "; - } - if ($wangw == 'yes') { /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ $gw = get_interface_gateway('wan'); - if($gw) - $home_net .= "{$gw} "; + if (is_ipaddr($gw)) + $home_net = "{$gw} "; } if($wandns == 'yes') { @@ -155,7 +167,7 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v $dns_servers = get_dns_servers(); foreach ($dns_servers as $dns) { if($dns) - $home_net .= "{$dns} "; + $home_net = "{$dns} "; } } @@ -163,14 +175,11 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v /* iterate all vips and add to whitelist */ if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $vip) - if($vip['subnet']) + if ($vip['subnet'] && $vip['mode'] != 'proxyarp') $home_net .= "{$vip['subnet']} "; } } - /* Add loopback to whitelist (ftphelper) */ - $home_net .= "127.0.0.1 "; - /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ if ($vpns == 'yes') { if ($config['version'] <= 6) // chk what pfsense version were on @@ -182,63 +191,32 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v $home_net .= "{$vpns_list} "; } - /* never ever compair numbers to words */ - if ($userwips > -1) { - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - - $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address']; - } - $home_net = trim($home_net); - - /* this foe whitelistfile, convert spaces to carriage returns */ - if ($build_netlist == 'whitelist') { - $whitelist_home_net = str_replace(" ", "\n", $home_net); - $whitelist_home_net = str_replace(" ", "\n", $home_net); - return $whitelist_home_net; - } - - /* this is for snort.conf */ $validator = explode(" ", $home_net); $valresult = array(); foreach ($validator as $vald) { if (empty($vald)) continue; - $valresult[] = $vald; + $valresult[] = trim($vald); } - $home_net = implode(",", $valresult); - $home_net = "[{$home_net}]"; - return $home_net; + return $valresult; } - -/* checks to see if snort is running yes/no and stop/start */ -function Running_Ck($snort_uuid, $if_real, $id) { - global $config, $g; - - $snort_uph = 'no'; - if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) - $snort_uph = 'yes'; - - return $snort_uph; -} - -/* checks to see if barnyard2 is running yes/no */ -function Running_Ck_b($snort_uuid, $if_real, $id) { +/* checks to see if service is running yes/no and stop/start */ +function snort_is_running($snort_uuid, $if_real, $type = 'snort') { global $config, $g; - $snort_up_b = 'no'; - if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) - $snort_up_b = 'yes'; + if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) + return 'yes'; - return $snort_up_b; + return 'no'; } -function Running_Stop($snort_uuid, $if_real, $id) { +function snort_stop($snortcfg, $if_real) { global $config, $g; + $snort_uuid = $snortcfg['uuid']; if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); exec("/bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); @@ -249,31 +227,29 @@ function Running_Stop($snort_uuid, $if_real, $id) { @unlink("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } - $snortconf = $config['installedpackages']['snortglobal']['rule'][$id]; /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snortconf['descr']}({$snort_uuid}_{$if_real})...'"); + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snortcfg['descr']}({$snort_uuid}_{$if_real})...'"); sleep(2); // Give time so GUI displays correctly } -function Running_Start($snort_uuid, $if_real, $id) { +function snort_start($snortcfg, $if_real) { global $config, $g; $snortdir = SNORTDIR; + $snort_uuid = $snortcfg['uuid']; - $snortconf = $config['installedpackages']['snortglobal']['rule'][$id]; - - if ($snortconf['enable'] == 'on') + if ($snortcfg['enable'] == 'on') exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); else return; /* define snortbarnyardlog_chk */ /* top will have trouble if the uuid is to far back */ - if ($snortconf['barnyard_enable'] == 'on' && !empty($snortconf['barnyard_mysql'])) + if ($snortcfg['barnyard_enable'] == 'on' && !empty($snortcfg['barnyard_mysql'])) exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q"); /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$snortconf['descr']}({$snort_uuid}_{$if_real})...'"); + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$snortcfg['descr']}({$snort_uuid}_{$if_real})...'"); sleep(2); // Give time so GUI displays correctly } @@ -354,10 +330,6 @@ function snort_post_delete_logs($snort_uuid = 0) { foreach ($filelist as $file) @unlink($file); - /* create barnyard2 configuration file */ - //if ($value['barnyard_enable'] == 'on') - //create_barnyard2_conf($id, $if_real, $snort_uuid); - if ($value['perform_stat'] == 'on') @file_put_contents("{$snort_log_dir}/{$if_real}.stats", ""); } @@ -400,7 +372,6 @@ function snort_postinstall() { mwexec("/usr/sbin/chown -R snort:snort {$snortdir}", true); mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); - mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); /* remake saved settings */ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { @@ -654,7 +625,6 @@ function sync_snort_package_config() { //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); conf_mount_rw(); - /* do not start config build if rules is empty */ if (!is_array($config['installedpackages']['snortglobal']['rule'])) { exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); @@ -662,171 +632,42 @@ function sync_snort_package_config() { return; } - foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { + $snortconf = $config['installedpackages']['snortglobal']['rule']; + foreach ($snortconf as $value) { $if_real = snort_get_real_interface($value['interface']); - $snort_uuid = $value['uuid']; - - if ($if_real != '' && $snort_uuid != '') { - - /* only build whitelist when needed */ - if ($value['blockoffenders7'] == 'on') - create_snort_whitelist($id, $if_real); - /* only build threshold when needed */ - if ($value['suppresslistname'] != 'default') - create_snort_suppress($id, $if_real); + /* create snort configuration file */ + snort_generate_conf($value); - /* create snort configuration file */ - snort_create_conf($id, $if_real, $snort_uuid); + /* populate rules */ + snort_create_rules_iface($if_real, $value['uuid']); - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); - - /* create barnyard2 configuration file */ - if ($value['barnyard_enable'] == 'on') - create_barnyard2_conf($id, $if_real, $snort_uuid); - } + /* create barnyard2 configuration file */ + if ($value['barnyard_enable'] == 'on') + snort_create_barnyard2_conf($value, $if_real); } /* create snort bootup file snort.sh only create once */ snort_create_rc(); if (is_array($config['installedpackages']['snortglobal'])) { - $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit']; - snort_snortloglimit_install_cron($snort_snortloglimit_info_ck == 'ok' ? true : false); + $snortglob = $config['installedpackages']['snortglobal']; + + snort_snortloglimit_install_cron($snortglob['snortloglimit'] == 'ok' ? true : false); /* set the snort block hosts time IMPORTANT */ - $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; - if ($snort_rm_blocked_info_ck == "never_b") - $snort_rm_blocked_false = false; - else - $snort_rm_blocked_false = true; - - snort_rm_blocked_install_cron($snort_rm_blocked_false); + snort_rm_blocked_install_cron($snortglob['rm_blocked'] == "never_b" ? true : false); /* set the snort rules update time */ - $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; - if ($snort_rules_up_info_ck == "never_up") - $snort_rules_up_false = false; - else - $snort_rules_up_false = true; - - snort_rules_up_install_cron($snort_rules_up_false); + snort_rules_up_install_cron($snortglob['autorulesupdate7'] == "never_up" ? true : false); + configure_cron(); } - /* all new files are for the user snort nologin */ - if (!is_dir('/var/log/snort')) - exec('/bin/mkdir -p /var/log/snort'); - conf_mount_ro(); } /* Start of main config files */ - -/* create threshold file */ -function create_snort_suppress($id, $if_real) { - global $config, $g; - - $snortdir = SNORTDIR; - - /* make sure dir is there */ - if (!is_dir("{$snortdir}/suppress")) - exec("/bin/mkdir -p {$snortdir}/suppress"); - - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - - if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') { - $whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']); - - /* file name */ - $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; - - /* Message */ - $s_data = '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; - - /* user added arguments */ - $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); - - /* open snort's whitelist for writing */ - @file_put_contents("{$snortdir}/suppress/$suppress_file_name", $s_data); - } -} - -function create_snort_whitelist($id, $if_real) { - global $config, $g; - - $snortdir = SNORTDIR; - - /* make sure dir is there */ - if (!is_dir("{$snortdir}/whitelist")) - exec("/bin/mkdir -p {$snortdir}/whitelist"); - - if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') { - - $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); - - /* open snort's whitelist for writing */ - @file_put_contents("{$snortdir}/whitelist/defaultwlist", $w_data); - - } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) { - $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']); - - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - return; - - $whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]; - $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'], - $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w); - - /* open snort's whitelist for writing */ - @file_put_contents("{$snortdir}/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); - } -} - -function create_snort_homenet($id, $if_real) { - global $config, $g; - - if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') - return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); - else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'])) { - $whitelist_key_h = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['homelistname']); - - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - return; - - $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype']; - $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips']; - $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips']; - $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips']; - $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips']; - $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips']; - - return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h); - } -} - -function create_snort_externalnet($id, $if_real) { - global $config, $g; - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'])) { - $whitelist_key_ex = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['externallistname']); - - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - return; - - $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype']; - $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips']; - $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips']; - $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips']; - $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips']; - $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips']; - - return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex); - } -} - /* open snort.sh for writing" */ function snort_create_rc() { global $config, $g; @@ -956,7 +797,7 @@ EOD; } /* if rules exist copy to new interfaces */ -function create_rules_iface($id, $if_real, $snort_uuid) { +function snort_create_rules_iface($if_real, $snort_uuid) { global $config, $g; $snortdir = SNORTDIR; @@ -974,10 +815,11 @@ function create_rules_iface($id, $if_real, $snort_uuid) { } /* open barnyard2.conf for writing */ -function create_barnyard2_conf($id, $if_real, $snort_uuid) { +function snort_create_barnyard2_conf($snortcfg, $if_real) { global $config, $g; $snortdir = SNORTDIR; + $snort_uuid = $snortcfg['uuid']; if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) exec("/usr/bin/touch {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); @@ -987,25 +829,24 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) { mwexec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true); } - $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); + $barnyard2_conf_text = snort_generate_barnyard2_conf($snortcfg, $if_real); /* write out barnyard2_conf */ @file_put_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text); } /* open barnyard2.conf for writing" */ -function generate_barnyard2_conf($id, $if_real, $snort_uuid) { +function snort_generate_barnyard2_conf($snortcfg, $if_real) { global $config, $g; $snortdir = SNORTDIR; + $snort_uuid = $snortcfg['uuid']; - /* define snortbarnyardlog */ /* TODO: add support for the other 5 output plugins */ - $snortconf = $config['installedpackages']['snortglobal']['rule'][$id]; - $snortbarnyardlog_database_info_chk = $snortconf['barnyard_mysql']; + $snortbarnyardlog_database_info_chk = $snortcfg['barnyard_mysql']; $snortbarnyardlog_hostname_info_chk = php_uname("n"); /* user add arguments */ - $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($snortconf['barnconfigpassthru'])); + $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['barnconfigpassthru'])); $barnyard2_conf_text = <<<EOD @@ -1045,34 +886,6 @@ EOD; return $barnyard2_conf_text; } -function snort_create_conf($id, $if_real, $snort_uuid) { - global $config, $g; - - $snortdir = SNORTDIR; - - if (!empty($if_real) && !empty($snort_uuid)) { - if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}")) { - if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}")) - @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}"); - exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}"); - @touch("{$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf"); - } - - $snort_conf_text = snort_generate_conf($id, $if_real, $snort_uuid); - if (empty($snort_conf_text)) - return; - - /* write out snort.conf */ - $conf = fopen("{$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); - if(!$conf) { - log_error("Could not open {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); - return -1; - } - fwrite($conf, $snort_conf_text); - fclose($conf); - } -} - function snort_deinstall() { global $config, $g; @@ -1127,68 +940,59 @@ function snort_deinstall() { unset($config['installedpackages']['snortglobal']); } -function snort_generate_conf($id, $if_real, $snort_uuid) { +function snort_generate_conf($snortcfg) { global $config, $g; $snortdir = SNORTDIR; + $snortlogdir = SNORTLOGDIR; if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; - $snortcfg =& $config['installedpackages']['snortglobal']['rule'][$id]; + $if_real = snort_get_real_interface($snortcfg['interface']); + $snort_uuid = $snortcfg['uuid']; + $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; /* custom home nets */ - $home_net = create_snort_homenet($id, $if_real); - - if ($snortcfg['externallistname'] == 'default') - $external_net = '!$HOME_NET'; - else - $external_net = create_snort_externalnet($id, $if_real); + $home_net_list = snort_build_list($snortcfg['homelistname']); + $home_net = implode(",", $home_net_list); - /* obtain external interface */ - $snort_ext_int = $snortcfg['interface']; + $external_net = '!$HOME_NET'; + if (!empty($snortcfg['externallistname']) && $snortcfg['externallistname'] != 'default') { + $external_net_list = snort_build_list($snortcfg['externallistname']); + $external_net = implode(",", $external_net_list); + } /* user added arguments */ $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru'])); /* create a few directories and ensure the sample files are in place */ - if (!is_dir("{$snortdir}")) - exec("/bin/mkdir -p {$snortdir}/custom_rules"); - if (!is_dir("{$snortdir}/snort/snort_{$snort_uuid}_{$if_real}")) - exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}"); - if (!is_dir("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p {$snortdir}/snort_{$snort_uuid}_{$if_real}/rules"); - if (!is_dir("{$snortdir}/whitelist")) - exec("/bin/mkdir -p {$snortdir}/whitelist/"); - if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}")) - exec("/bin/mkdir -p /var/log/snort/snort_{$if_real}{$snort_uuid}"); - if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2")) - exec("/bin/mkdir -p /var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2"); - if (!is_dir('/usr/local/lib/snort/dynamicrules')) - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules'); - if (!is_dir('/usr/local/lib/snort/dynamicengine')) - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicengine'); - if (!is_dir('/usr/local/lib/snort/dynamicpreprocessor')) - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicpreprocessor'); - if (!file_exists('/var/db/whitelist')) - @touch('/var/db/whitelist'); - - @copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map"); - @copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config"); - @copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config"); - @copy("{$snortdir}/sid-msg.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map"); - @copy("{$snortdir}/unicode.map", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/unicode.map"); - @copy("{$snortdir}/threshold.conf", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/threshold.conf"); - @touch("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + $snort_dirs = array( $snortdir, "{$snortdir}/custom_rules", $snortcfgdir, "{$snortcfgdir}/rules", + "{$snortlogdir}/snort_{$if_real}{$snort_uuid}", + "{$snortlogdir}/snort_{$if_real}{$snort_uuid}/barnyard2", + "/usr/local/lib/snort/dynamicrules", "/usr/local/lib/snort/dynamicengine", + "/usr/local/lib/snort/dynamicpreprocessor" + ); + foreach ($snort_dirs as $dir) { + if (!is_dir($dir)) + safe_mkdir($dir); + } + + $snort_files = array("gen-msg.map", "classification.config", "reference.config", + "sid-msg.map", "unicode.map", "threshold.conf" + ); + foreach ($snort_files as $file) { + if (file_exists("{$snortdir}/{$file}")) + @copy("{$snortdir}/{$file}", "{$snortcfgdir}/{$file}"); + } /* define basic log filename */ $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128"; /* define snortalertlogtype */ + $snortalertlogtype_type = "output alert_full: alert"; if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast") $snortalertlogtype_type = "output alert_fast: alert"; - else - $snortalertlogtype_type = "output alert_full: alert"; /* define alertsystemlog */ $alertsystemlog_type = ""; @@ -1208,287 +1012,25 @@ function snort_generate_conf($id, $if_real, $snort_uuid) { /* define spoink */ $spoink_type = ""; if ($snortcfg['blockoffenders7'] == "on") { - if ($snortcfg['whitelistname'] == "default") - $spoink_whitelist_name = 'defaultwlist'; - else if (file_exists("{$snortdir}/whitelist/{$snortcfg['whitelistname']}")) - $spoink_whitelist_name = $snortcfg['whitelistname']; - $pfkill = ""; if ($snortcfg['blockoffenderskill'] == "on") $pfkill = "kill"; - - $spoink_type = "output alert_pf: {$snortdir}/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; - } - - /* define threshold file */ - $threshold_file_name = ""; - if ($snortcfg['suppresslistname'] != 'default') { - if (file_exists("{$snortdir}/suppress/{$snortcfg['suppresslistname']}")) - $threshold_file_name = "include {$snortdir}/suppress/{$snortcfg['suppresslistname']}"; + $spoink_wlist = snort_build_list($snortcfg['whitelistname']); + /* write whitelist */ + @file_put_contents("{$snortcfgdir}/{$snortcfg['whitelistname']}", implode("\n", $spoink_wlist)); + $spoink_type = "output alert_pf: {$snortcfgdir}/{$snortcfg['whitelistname']},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; } - /* define servers and ports snortdefservers */ - /* def DNS_SERVSERS */ - $def_dns_servers_info_chk = $snortcfg['def_dns_servers']; - if ($def_dns_servers_info_chk == "") - $def_dns_servers_type = "\$HOME_NET"; - else - $def_dns_servers_type = "$def_dns_servers_info_chk"; - - /* def DNS_PORTS */ - $def_dns_ports_info_chk = $snortcfg['def_dns_ports']; - if ($def_dns_ports_info_chk == "") - $def_dns_ports_type = "53"; - else - $def_dns_ports_type = "$def_dns_ports_info_chk"; - - /* def SMTP_SERVSERS */ - $def_smtp_servers_info_chk = $snortcfg['def_smtp_servers']; - if ($def_smtp_servers_info_chk == "") - $def_smtp_servers_type = "\$HOME_NET"; - else - $def_smtp_servers_type = "$def_smtp_servers_info_chk"; - - /* def SMTP_PORTS */ - $def_smtp_ports_info_chk = $snortcfg['def_smtp_ports']; - if ($def_smtp_ports_info_chk == "") - $def_smtp_ports_type = "25"; - else - $def_smtp_ports_type = "$def_smtp_ports_info_chk"; - - /* def MAIL_PORTS */ - $def_mail_ports_info_chk = $snortcfg['def_mail_ports']; - if ($def_mail_ports_info_chk == "") - $def_mail_ports_type = "25,143,465,691"; - else - $def_mail_ports_type = "$def_mail_ports_info_chk"; - - /* def HTTP_SERVSERS */ - $def_http_servers_info_chk = $snortcfg['def_http_servers']; - if ($def_http_servers_info_chk == "") - $def_http_servers_type = "\$HOME_NET"; - else - $def_http_servers_type = "$def_http_servers_info_chk"; - - /* def WWW_SERVSERS */ - $def_www_servers_info_chk = $snortcfg['def_www_servers']; - if ($def_www_servers_info_chk == "") - $def_www_servers_type = "\$HOME_NET"; - else - $def_www_servers_type = "$def_www_servers_info_chk"; - - /* def HTTP_PORTS */ - $def_http_ports_info_chk = $snortcfg['def_http_ports']; - if ($def_http_ports_info_chk == "") - $def_http_ports_type = "80"; - else - $def_http_ports_type = "$def_http_ports_info_chk"; - - /* def SQL_SERVSERS */ - $def_sql_servers_info_chk = $snortcfg['def_sql_servers']; - if ($def_sql_servers_info_chk == "") - $def_sql_servers_type = "\$HOME_NET"; - else - $def_sql_servers_type = "$def_sql_servers_info_chk"; - - /* def ORACLE_PORTS */ - $def_oracle_ports_info_chk = $snortcfg['def_oracle_ports']; - if ($def_oracle_ports_info_chk == "") - $def_oracle_ports_type = "1521"; - else - $def_oracle_ports_type = "$def_oracle_ports_info_chk"; - - /* def MSSQL_PORTS */ - $def_mssql_ports_info_chk = $snortcfg['def_mssql_ports']; - if ($def_mssql_ports_info_chk == "") - $def_mssql_ports_type = "1433"; - else - $def_mssql_ports_type = "$def_mssql_ports_info_chk"; - - /* def TELNET_SERVSERS */ - $def_telnet_servers_info_chk = $snortcfg['def_telnet_servers']; - if ($def_telnet_servers_info_chk == "") - $def_telnet_servers_type = "\$HOME_NET"; - else - $def_telnet_servers_type = "$def_telnet_servers_info_chk"; - - /* def TELNET_PORTS */ - $def_telnet_ports_info_chk = $snortcfg['def_telnet_ports']; - if ($def_telnet_ports_info_chk == "") - $def_telnet_ports_type = "23"; - else - $def_telnet_ports_type = "$def_telnet_ports_info_chk"; - - /* def SNMP_SERVSERS */ - $def_snmp_servers_info_chk = $snortcfg['def_snmp_servers']; - if ($def_snmp_servers_info_chk == "") - $def_snmp_servers_type = "\$HOME_NET"; - else - $def_snmp_servers_type = "$def_snmp_servers_info_chk"; - - /* def SNMP_PORTS */ - $def_snmp_ports_info_chk = $snortcfg['def_snmp_ports']; - if ($def_snmp_ports_info_chk == "") - $def_snmp_ports_type = "161"; - else - $def_snmp_ports_type = "$def_snmp_ports_info_chk"; - - /* def FTP_SERVSERS */ - $def_ftp_servers_info_chk = $snortcfg['def_ftp_servers']; - if ($def_ftp_servers_info_chk == "") - $def_ftp_servers_type = "\$HOME_NET"; - else - $def_ftp_servers_type = "$def_ftp_servers_info_chk"; - - /* def FTP_PORTS */ - $def_ftp_ports_info_chk = $snortcfg['def_ftp_ports']; - if ($def_ftp_ports_info_chk == "") - $def_ftp_ports_type = "21"; - else - $def_ftp_ports_type = "$def_ftp_ports_info_chk"; - - /* def SSH_SERVSERS */ - $def_ssh_servers_info_chk = $snortcfg['def_ssh_servers']; - if ($def_ssh_servers_info_chk == "") - $def_ssh_servers_type = "\$HOME_NET"; - else - $def_ssh_servers_type = "$def_ssh_servers_info_chk"; - - /* if user has defined a custom ssh port, use it */ - if(isset($config['system']['ssh']['port'])) - $ssh_port = $config['system']['ssh']['port']; - else - $ssh_port = "22"; - - /* def SSH_PORTS */ - $def_ssh_ports_info_chk = $snortcfg['def_ssh_ports']; - if ($def_ssh_ports_info_chk == "") - $def_ssh_ports_type = "{$ssh_port}"; - else - $def_ssh_ports_type = "$def_ssh_ports_info_chk"; - - /* def POP_SERVSERS */ - $def_pop_servers_info_chk = $snortcfg['def_pop_servers']; - if ($def_pop_servers_info_chk == "") - $def_pop_servers_type = "\$HOME_NET"; - else - $def_pop_servers_type = "$def_pop_servers_info_chk"; - - /* def POP2_PORTS */ - $def_pop2_ports_info_chk = $snortcfg['def_pop2_ports']; - if ($def_pop2_ports_info_chk == "") - $def_pop2_ports_type = "109"; - else - $def_pop2_ports_type = "$def_pop2_ports_info_chk"; - - /* def POP3_PORTS */ - $def_pop3_ports_info_chk = $snortcfg['def_pop3_ports']; - if ($def_pop3_ports_info_chk == "") - $def_pop3_ports_type = "110"; - else - $def_pop3_ports_type = "$def_pop3_ports_info_chk"; - - /* def IMAP_SERVSERS */ - $def_imap_servers_info_chk = $snortcfg['def_imap_servers']; - if ($def_imap_servers_info_chk == "") - $def_imap_servers_type = "\$HOME_NET"; - else - $def_imap_servers_type = "$def_imap_servers_info_chk"; - - /* def IMAP_PORTS */ - $def_imap_ports_info_chk = $snortcfg['def_imap_ports']; - if ($def_imap_ports_info_chk == "") - $def_imap_ports_type = "143"; - else - $def_imap_ports_type = "$def_imap_ports_info_chk"; - - /* def SIP_PROXY_IP */ - $def_sip_proxy_ip_info_chk = $snortcfg['def_sip_proxy_ip']; - if ($def_sip_proxy_ip_info_chk == "") - $def_sip_proxy_ip_type = "\$HOME_NET"; - else - $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk"; - - /* def SIP_PROXY_PORTS */ - $def_sip_proxy_ports_info_chk = $snortcfg['def_sip_proxy_ports']; - if ($def_sip_proxy_ports_info_chk == "") - $def_sip_proxy_ports_type = "5060:5090,16384:32768"; - else - $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk"; - - /* def SIP_SERVERS */ - $def_sip_servers_info_chk = $snortcfg['def_sip_servers']; - if ($def_sip_servers_info_chk == "") - $def_sip_servers_type = "\$HOME_NET"; - else - $def_sip_servers_type = "$def_sip_servers_info_chk"; - - /* def SIP_PORTS */ - $def_sip_ports_info_chk = $snortcfg['def_sip_ports']; - if ($def_sip_ports_info_chk == "") - $def_sip_ports_type = "5060:5090,16384:32768"; - else - $def_sip_ports_type = "$def_sip_ports_info_chk"; - - /* def AUTH_PORTS */ - $def_auth_ports_info_chk = $snortcfg['def_auth_ports']; - if ($def_auth_ports_info_chk == "") - $def_auth_ports_type = "113"; - else - $def_auth_ports_type = "$def_auth_ports_info_chk"; - - /* def FINGER_PORTS */ - $def_finger_ports_info_chk = $snortcfg['def_finger_ports']; - if ($def_finger_ports_info_chk == "") - $def_finger_ports_type = "79"; - else - $def_finger_ports_type = "$def_finger_ports_info_chk"; - - /* def IRC_PORTS */ - $def_irc_ports_info_chk = $snortcfg['def_irc_ports']; - if ($def_irc_ports_info_chk == "") - $def_irc_ports_type = "6665,6666,6667,6668,6669,7000"; - else - $def_irc_ports_type = "$def_irc_ports_info_chk"; - - /* def NNTP_PORTS */ - $def_nntp_ports_info_chk = $snortcfg['def_nntp_ports']; - if ($def_nntp_ports_info_chk == "") - $def_nntp_ports_type = "119"; - else - $def_nntp_ports_type = "$def_nntp_ports_info_chk"; - - /* def RLOGIN_PORTS */ - $def_rlogin_ports_info_chk = $snortcfg['def_rlogin_ports']; - if ($def_rlogin_ports_info_chk == "") - $def_rlogin_ports_type = "513"; - else - $def_rlogin_ports_type = "$def_rlogin_ports_info_chk"; - - /* def RSH_PORTS */ - $def_rsh_ports_info_chk = $snortcfg['def_rsh_ports']; - if ($def_rsh_ports_info_chk == "") - $def_rsh_ports_type = "514"; - else - $def_rsh_ports_type = "$def_rsh_ports_info_chk"; - - /* def SSL_PORTS */ - $def_ssl_ports_info_chk = $snortcfg['def_ssl_ports']; - if ($def_ssl_ports_info_chk == "") - $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995"; - else - $def_ssl_ports_type = "$def_ssl_ports_info_chk"; - - /* if user is on pppoe, we really want to use ng0 interface */ - if ($config['version'] <= 6 && $snort_ext_int == "wan") - $snort_ext_int = get_real_wan_interface(); + /* define suppress file */ + $suppress = snort_find_list($snortcfg['suppresslistname'], 'suppress'); + $suppress_data = str_replace("\r", "", base64_decode($suppress['suppresspassthru'])); + @file_put_contents("{$snortcfgdir}/{$snortcfg['suppresslistname']}", $suppress_data); + $suppress_file_name = "include {$snortcfgdir}/{$snortcfg['suppresslistname']}"; /* set the snort performance model */ - if($snortcfg['performance']) + $snort_performance = "ac-bnfa"; + if(!empty($snortcfg['performance'])) $snort_performance = $snortcfg['performance']; - else - $snort_performance = "ac-bnfa"; - /* generate rule sections to load */ $enabled_rulesets = $snortcfg['rulesets']; @@ -1496,48 +1038,27 @@ function snort_generate_conf($id, $if_real, $snort_uuid) { if (!empty($enabled_rulesets)) { $enabled_rulesets_array = explode("||", $enabled_rulesets); foreach($enabled_rulesets_array as $enabled_item) { - if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$enabled_item}")) + if (file_exists("{$snortcfgdir}/rules/{$enabled_item}")) $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; } } ///////////////////////////// - /* preprocessor code */ - /* def perform_stat */ - $snort_perform_stat = <<<EOD -########################## - # -# NEW # + $perform_stat = <<<EOD # Performance Statistics # - # -########################## - -preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$if_real}{$snort_uuid}/{$if_real}.stats pktcnt 10000 +preprocessor perfmonitor: time 300 file {$snortlogdir}/snort_{$if_real}{$snort_uuid}/{$if_real}.stats pktcnt 10000 EOD; - $def_perform_stat_info_chk = $snortcfg['perform_stat']; - if ($def_perform_stat_info_chk == "on") - $def_perform_stat_type = "$snort_perform_stat"; - else - $def_perform_stat_type = ""; - - $def_flow_depth_info_chk = $snortcfg['flow_depth']; - if (empty($def_flow_depth_info_chk)) - $def_flow_depth_type = '0'; - else + $def_flow_depth_type = '0'; + if (!empty($snortcfg['flow_depth'])) $def_flow_depth_type = $snortcfg['flow_depth']; /* def http_inspect */ - $snort_http_inspect = <<<EOD -################# - # + $http_inspect = <<<EOD # HTTP Inspect # - # -################# - preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 preprocessor http_inspect_server: server default \ @@ -1564,39 +1085,9 @@ preprocessor http_inspect_server: server default \ EOD; - $def_http_inspect_info_chk = $snortcfg['http_inspect']; - if ($def_http_inspect_info_chk == "on") - $def_http_inspect_type = "$snort_http_inspect"; - else - $def_http_inspect_type = ""; - - /* def other_preprocs */ - $snort_other_preprocs = <<<EOD -################## - # -# Other preprocs # - # -################## - -preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 -preprocessor bo - -EOD; - - $def_other_preprocs_info_chk = $snortcfg['other_preprocs']; - if ($def_other_preprocs_info_chk == "on") - $def_other_preprocs_type = "$snort_other_preprocs"; - else - $def_other_preprocs_type = ""; - /* def ftp_preprocessor */ - $snort_ftp_preprocessor = <<<EOD -##################### - # + $ftp_preprocessor = <<<EOD # ftp preprocessor # - # -##################### - preprocessor ftp_telnet: global \ inspection_type stateless @@ -1642,20 +1133,9 @@ preprocessor ftp_telnet_protocol: ftp client default \ EOD; - $def_ftp_preprocessor_info_chk = $snortcfg['ftp_preprocessor']; - if ($def_ftp_preprocessor_info_chk == "on") - $def_ftp_preprocessor_type = "$snort_ftp_preprocessor"; - else - $def_ftp_preprocessor_type = ""; - /* def smtp_preprocessor */ - $snort_smtp_preprocessor = <<<EOD -##################### - # + $smtp_preprocessor = <<<EOD # SMTP preprocessor # - # -##################### - preprocessor SMTP: \ ports { 25 465 691 } \ inspection_type stateful \ @@ -1677,20 +1157,9 @@ PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB EOD; - $def_smtp_preprocessor_info_chk = $snortcfg['smtp_preprocessor']; - if ($def_smtp_preprocessor_info_chk == "on") - $def_smtp_preprocessor_type = "$snort_smtp_preprocessor"; - else - $def_smtp_preprocessor_type = ""; - /* def sf_portscan */ - $snort_sf_portscan = <<<EOD -################ - # + $sf_portscan = <<<EOD # sf Portscan # - # -################ - preprocessor sfportscan: scan_type { all } \ proto { all } \ memcap { 10000000 } \ @@ -1699,21 +1168,17 @@ preprocessor sfportscan: scan_type { all } \ EOD; - $def_sf_portscan_info_chk = $snortcfg['sf_portscan']; - if ($def_sf_portscan_info_chk == "on") - $def_sf_portscan_type = "$snort_sf_portscan"; - else - $def_sf_portscan_type = ""; + /* def other_preprocs */ + $other_preprocs = <<<EOD +# Other preprocs # +preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 +preprocessor bo + +EOD; /* def dce_rpc_2 */ - $snort_dce_rpc_2 = <<<EOD -############### - # -# NEW # + $dce_rpc_2 = <<<EOD # DCE/RPC 2 # - # -############### - preprocessor dcerpc2: memcap 102400, events [smb, co, cl] preprocessor dcerpc2_server: default, policy WinXP, \ detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ @@ -1722,160 +1187,114 @@ preprocessor dcerpc2_server: default, policy WinXP, \ EOD; - $def_dce_rpc_2_info_chk = $snortcfg['dce_rpc_2']; - if ($def_dce_rpc_2_info_chk == "on") - $def_dce_rpc_2_type = "$snort_dce_rpc_2"; - else - $def_dce_rpc_2_type = ""; - /* def dns_preprocessor */ - $snort_dns_preprocessor = <<<EOD -#################### - # + $dns_preprocessor = <<<EOD # DNS preprocessor # - # -#################### - preprocessor dns: \ ports { 53 } \ enable_rdata_overflow EOD; - $def_dns_preprocessor_info_chk = $snortcfg['dns_preprocessor']; - if ($def_dns_preprocessor_info_chk == "on") - $def_dns_preprocessor_type = "$snort_dns_preprocessor"; - else - $def_dns_preprocessor_type = ""; - - /* def SSL_PORTS IGNORE */ - $def_ssl_ports_ignore_info_chk = $snortcfg['def_ssl_ports_ignore']; - if ($def_ssl_ports_ignore_info_chk == "") - $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995"; - else - $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk"; - /* stream5 queued settings */ + $def_max_queued_bytes_type = ''; + if (!empty($snortcfg['max_queued_bytes'])) + $def_max_queued_bytes_type = ", max_queued_bytes {$snortcfg['max_queued_bytes']}"; + $def_max_queued_segs_type = ''; + if (!empty($snortcfg['max_queued_segs'])) + $def_max_queued_segs_type = ", max_queued_segs {$snortcfg['max_queued_segs']}"; - $def_max_queued_bytes_info_chk = $snortcfg['max_queued_bytes']; - if ($def_max_queued_bytes_info_chk == '') - $def_max_queued_bytes_type = ''; - else - $def_max_queued_bytes_type = ', max_queued_bytes ' . $snortcfg['max_queued_bytes'] . ','; + /* define servers and ports snortdefservers */ + $servers = array ( + "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", + "www_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", + "snmp_servers" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET", + "pop_servers" => "\$HOME_NET", "imap_servers" => "\$HOME_NET", "sip_proxy_ip" => "\$HOME_NET", + "sip_servers" => "\$HOME_NET", "rpc_servers" => "\$HOME_NET", + "aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24" + ); - $def_max_queued_segs_info_chk = $snortcfg['max_queued_segs']; - if ($def_max_queued_segs_info_chk == '') - $def_max_queued_segs_type = ''; + /* if user has defined a custom ssh port, use it */ + if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port'])) + $ssh_port = $config['system']['ssh']['port']; else - $def_max_queued_segs_type = ', max_queued_segs ' . $snortcfg['max_queued_segs'] . ','; + $ssh_port = "22"; + $ports = array( + "dns_ports" => "53", "smtp_ports" => "25", "mail_ports" => "25,143,465,691", + "http_ports" => "80", "oracle_ports" => "1521", "mssql_ports" => "1433", + "telnet_ports" => "23","snmp_ports" => "161", "ftp_ports" => "21", + "ssh_ports" => $ssh_port, "pop2_ports" => "109", "pop3_ports" => "110", + "imap_ports" => "143", "sip_proxy_ports" => "5060:5090,16384:32768", + "sip_ports" => "5060:5090,16384:32768", "auth_ports" => "113", "finger_ports" => "79", + "irc_ports" => "6665,6666,6667,6668,6669,7000", + "nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514", + "ssl_ports" => "443,465,563,636,989,990,992,993,994,995", + "ssl_ports_ignore" => "443,465,563,636,989,990,992,993,994,995", + "DCERPC_NCACN_IP_TCP" => "139,445", "DCERPC_NCADG_IP_UDP" => "138,1024:", + "DCERPC_NCACN_IP_LONG" => "135,139,445,593,1024:", "DCERPC_NCACN_UDP_LONG" => "135,1024:", + "DCERPC_NCACN_UDP_SHORT" => "135,593,1024:", "DCERPC_NCACN_TCP" => "2103,2105,2107", + "DCERPC_BRIGHTSTORE" => "6503,6504" + ); + + $vardef = ""; + foreach ($servers as $alias => $avalue) { + if (!empty($snortcfg[$alias])) + $avalue = $snortcfg[$alias]; + $vardef .= "var " . strtoupper($alias) . " [{$avalue}]\n"; + } + + $portvardef = ""; + foreach ($ports as $alias => $avalue) { + if (!empty($snortcfg["def_{$alias}"])) + $ports[$alias] = $snortcfg["def_{$alias}"]; + $portvardef .= "portvar " . strtoupper($alias) . " [" . $ports[$alias] . "]\n"; + } + + $snort_preproc = array ( + "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", + "sf_portscan", "dce_rpc_2", "dns_preprocessor" + ); + $snort_preprocessors = ""; + foreach ($snort_preproc as $preproc) { + if ($snortcfg[$preproc] == 'on') { + /* NOTE: The $$ is not a bug. Its a advanced feature of php */ + $snort_preprocessors .= $$preproc; + $snort_preprocessors .= "\n"; + } + } - $snort_preprocessor_decoder_rules = ""; + $snort_misc_include_rules = ""; + if (file_exists("{$snortcfgdir}/reference.config")) + $snort_misc_include_rules .= "include {$snortcfgdir}/reference.config\n"; + if (file_exists("{$snortcfgdir}/classification.config")) + $snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n"; if (file_exists("{$snortdir}/preproc_rules/preprocessor.rules")) - $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; + $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; if (file_exists("{$snortdir}/preproc_rules/decoder.rules")) - $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; + $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; /* build snort configuration file */ $snort_conf_text = <<<EOD # snort configuration file -# generated by the pfSense -# package manager system -# see /usr/local/pkg/snort.inc -# for more information -# snort.conf -# Snort can be found at http://www.snort.org/ - -######################### - # +# generated automatically by the pfSense subsystems do not modify manually + # Define Local Network # - # -######################### +var HOME_NET [{$home_net}] +var EXTERNAL_NET [{$external_net}] -var HOME_NET {$home_net} -var EXTERNAL_NET {$external_net} +# Define Rule Paths # +var RULE_PATH {$snortcfgdir}/rules +var PREPROC_RULE_PATH {$snortdir}/preproc_rules -################### - # # Define Servers # - # -################### - -var DNS_SERVERS [{$def_dns_servers_type}] -var SMTP_SERVERS [{$def_smtp_servers_type}] -var HTTP_SERVERS [{$def_http_servers_type}] -var SQL_SERVERS [{$def_sql_servers_type}] -var TELNET_SERVERS [{$def_telnet_servers_type}] -var SNMP_SERVERS [{$def_snmp_servers_type}] -var FTP_SERVERS [{$def_ftp_servers_type}] -var SSH_SERVERS [{$def_ssh_servers_type}] -var POP_SERVERS [{$def_pop_servers_type}] -var IMAP_SERVERS [{$def_imap_servers_type}] -var RPC_SERVERS \$HOME_NET -var WWW_SERVERS [{$def_www_servers_type}] -var SIP_PROXY_IP [{$def_sip_proxy_ip_type}] -var SIP_SERVERS [{$def_sip_servers_type}] -var AIM_SERVERS \ -[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] - -######################## - # -# Define Server Ports # - # -######################## - -portvar HTTP_PORTS [{$def_http_ports_type}] -portvar FILE_DATA_PORTS [\$HTTP_PORTS,110,143] -portvar SHELLCODE_PORTS !80 -portvar ORACLE_PORTS [{$def_oracle_ports_type}] -portvar AUTH_PORTS [{$def_auth_ports_type}] -portvar DNS_PORTS [{$def_dns_ports_type}] -portvar FINGER_PORTS [{$def_finger_ports_type}] -portvar FTP_PORTS [{$def_ftp_ports_type}] -portvar IMAP_PORTS [{$def_imap_ports_type}] -portvar IRC_PORTS [{$def_irc_ports_type}] -portvar MSSQL_PORTS [{$def_mssql_ports_type}] -portvar NNTP_PORTS [{$def_nntp_ports_type}] -portvar POP2_PORTS [{$def_pop2_ports_type}] -portvar POP3_PORTS [{$def_pop3_ports_type}] -portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779] -portvar RLOGIN_PORTS [{$def_rlogin_ports_type}] -portvar RSH_PORTS [{$def_rsh_ports_type}] -portvar SMB_PORTS [139,445] -portvar SMTP_PORTS [{$def_smtp_ports_type}] -portvar SNMP_PORTS [{$def_snmp_ports_type}] -portvar SSH_PORTS [{$def_ssh_ports_type}] -portvar TELNET_PORTS [{$def_telnet_ports_type}] -portvar MAIL_PORTS [{$def_mail_ports_type}] -portvar SSL_PORTS [{$def_ssl_ports_type}] -portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}] -portvar SIP_PORTS [{$def_sip_ports_type}] - -# DCERPC NCACN-IP-TCP -portvar DCERPC_NCACN_IP_TCP [139,445] -portvar DCERPC_NCADG_IP_UDP [138,1024:] -portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:] -portvar DCERPC_NCACN_UDP_LONG [135,1024:] -portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:] -portvar DCERPC_NCACN_TCP [2103,2105,2107] -portvar DCERPC_BRIGHTSTORE [6503,6504] - -##################### - # -# Define Rule Paths # - # -##################### +{$vardef} -var RULE_PATH {$snortdir}/snort_{$snort_uuid}_{$if_real}/rules -var PREPROC_RULE_PATH {$snortdir}/preproc_rules +# Define Server Ports # +{$portvardef} -################################ - # # Configure the snort decoder # - # -################################ - config checksum_mode: all config disable_decode_alerts config disable_tcpopt_experimental_alerts @@ -1885,13 +1304,7 @@ config disable_tcpopt_alerts config disable_ipopt_alerts config disable_decode_drops -################################### - # # Configure the detection engine # -# Use lower memory models # - # -################################### - config detection: search-method {$snort_performance} max_queue_events 5 config event_queue: max_queue 8 log 3 order_events content_length @@ -1900,86 +1313,50 @@ dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor dynamicengine directory /usr/local/lib/snort/dynamicengine dynamicdetection directory /usr/local/lib/snort/dynamicrules -################### - # # Flow and stream # - # -################### - preprocessor frag3_global: max_frags 8192 preprocessor frag3_engine: policy bsd detect_anomalies preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp yes - preprocessor stream5_tcp: policy BSD, ports both all{$def_max_queued_bytes_type}{$def_max_queued_segs_type} preprocessor stream5_udp: preprocessor stream5_icmp: - {$def_perform_stat_type} - - {$def_http_inspect_type} - - {$def_other_preprocs_type} - - {$def_ftp_preprocessor_type} +{$snort_preprocessors} - {$def_smtp_preprocessor_type} - - {$def_sf_portscan_type} - - {$def_dce_rpc_2_type} - - {$def_dns_preprocessor_type} - -############################## - # -# NEW # # Ignore SSL and Encryption # - # -############################## +preprocessor ssl: ports { {$ports['ssl_ports_ignore']} }, trustservers, noinspect_encrypted -preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted - -##################### - # # Snort Output Logs # - # -##################### - - $snortunifiedlogbasic_type - $snortalertlogtype_type - $alertsystemlog_type - $tcpdumplog_type - $snortmysqllog_info_chk - $snortunifiedlog_type - $spoink_type +{$snortunifiedlogbasic_type} +{$snortalertlogtype_type} +{$alertsystemlog_type} +{$tcpdumplog_type} +{$snortmysqllog_info_chk} +{$snortunifiedlog_type} +{$spoink_type} -################# - # # Misc Includes # - # -################# - -include {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config -include {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config -{$snort_preprocessor_decoder_rules} +{$snort_misc_include_rules} -$threshold_file_name +{$suppress_file_name} # Snort user pass through configuration {$snort_config_pass_thru} -################### - # # Rules Selection # - # -################### - - {$selected_rules_sections} +{$selected_rules_sections} EOD; - return $snort_conf_text; + /* write out snort.conf */ + $conf = fopen("{$snortcfgdir}/snort.conf", "w"); + if(!$conf) { + log_error("Could not open {$snortcfgdir}/snort.conf for writing."); + return -1; + } + fwrite($conf, $snort_conf_text); + fclose($conf); } ?> diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 7102e36d..61078550 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -56,31 +56,20 @@ $pconfig = array(); if (isset($id) && $a_nat[$id]) { /* old options */ $pconfig = $a_nat[$id]; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); } if (isset($_GET['dup'])) unset($id); -$if_real = snort_get_real_interface($pconfig['interface']); -$snort_uuid = $pconfig['uuid']; - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - if ($_POST) { - /* XXX: Mising error reporting?! - * check for overlaps foreach ($a_nat as $natent) { if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) continue; if ($natent['interface'] != $_POST['interface']) - continue; + $input_error[] = "This interface has already an instance defined"; } - */ /* if no errors write to conf */ if (!$input_errors) { @@ -89,8 +78,8 @@ if ($_POST) { $natent = $pconfig; $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off'; - $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; - $natent['barnconfigpassthru'] = $_POST['barnconfigpassthru'] ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru']; + if ($_POST['barnyard_mysql']) $natent['barnyard_mysql'] = $_POST['barnyard_mysql']; unset($natent['barnyard_mysql']); + if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); unset($natent['barnconfigpassthru']); if ($_POST['barnyard_enable'] == "on") $natent['snortunifiedlog'] = 'on'; else @@ -119,7 +108,8 @@ if ($_POST) { } } -$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit"; +$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$pgtitle = "Snort: Interface: {$if_friendly} Barnyard2 Edit"; include_once("head.inc"); ?> diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 858a51c2..b9a5a471 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -38,6 +38,7 @@ if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']; $pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber']; +$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber']; if (empty($pconfig['blertnumber'])) $bnentries = '500'; diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index e3c5ac32..48f20876 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -167,7 +167,8 @@ if ($_POST) { } } -$pgtitle = "Snort: Interface $id$if_real Define Servers"; +$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$pgtitle = "Snort: Interface {$if_friendly} Define Servers"; include_once("head.inc"); ?> diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index c8d57e8d..cb3c5164 100644 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -177,11 +177,11 @@ include_once("head.inc"); <tr> <td id="download_rules_td" style='background-color: #eeeeee'> <div height="32" width="725px" style='background-color: #eeeeee'> - - <font - color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px' - color='#000000'> Snort.org and Emergingthreats.net - will go down from time to time. Please be patient.</font></div> + <font color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px' + color='#000000'> Snort.org and Emergingthreats.net + will go down from time to time. Please be patient. + </font> + </div> </td> </tr> </table> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index f72bf391..fe9df2ec 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -52,12 +52,10 @@ if (isset($_POST['del_x'])) { if (is_array($_POST['rule'])) { conf_mount_rw(); foreach ($_POST['rule'] as $rulei) { - /* convert fake interfaces to real */ $if_real = snort_get_real_interface($a_nat[$rulei]['interface']); $snort_uuid = $a_nat[$rulei]['uuid']; - - Running_Stop($snort_uuid,$if_real, $rulei); + snort_stop($a_nat[$rulei], $if_real); exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}"); exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}"); @@ -95,17 +93,15 @@ if (isset($_POST['del_x'])) { if ($_GET['act'] == 'toggle' && is_numeric($id)) { $if_real = snort_get_real_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id]; /* Log Iface stop */ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); sync_snort_package_config(); - $tester2 = Running_Ck($snort_uuid, $if_real, $id); - - if ($tester2 == 'yes') { - Running_Stop($snort_uuid, $if_real, $id); + if (snort_is_running($snortcfg['uuid'], $if_real) == 'yes') { + snort_stop($snortcfg, $if_real); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -114,7 +110,7 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { header( 'Pragma: no-cache' ); } else { - Running_Start($snort_uuid, $if_real, $id); + snort_start($snortcfg, $if_real); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -203,7 +199,7 @@ if ($pfsense_stable == 'yes') </table> </td> </tr> - <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> + <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> <tr valign="top" id="fr<?=$nnats;?>"> <?php @@ -211,10 +207,7 @@ if ($pfsense_stable == 'yes') /* There has to be a smarter way to do this */ $if_real = snort_get_real_interface($natent['interface']); $snort_uuid = $natent['uuid']; - - $tester2 = Running_Ck($snort_uuid, $if_real, $id); - - if ($tester2 == 'no') { + if (snort_is_running($snort_uuid, $if_real) == 'no') { $iconfn = 'pass'; $class_color_up = 'listbg'; }else{ @@ -273,7 +266,7 @@ if ($pfsense_stable == 'yes') ?> <?=strtoupper($check_blockoffenders);?></td> <?php - $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id); + $color2_upb = snort_is_running($snort_uuid, $if_real, 'barnyard2'); if ($color2_upb == 'yes') $color_status = 'listr'; @@ -305,7 +298,7 @@ if ($pfsense_stable == 'yes') </table> </tr> - <?php $i++; $nnats++; endforeach; ?> + <?php $i++; $nnats++; endforeach; ?> <tr> <td class="list" colspan="8"></td> <td class="list" valign="middle" nowrap> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 314a0200..170de480 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -35,9 +35,13 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g; +if (!is_array($config['installedpackages']['snortglobal'])) + $config['installedpackages']['snortglobal'] = array(); +$snortglob = $config['installedpackages']['snortglobal']; + if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; +$a_rule = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) @@ -47,284 +51,86 @@ if (is_null($id)) { exit; } -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - - -/* always have a limit of (65535) numbers only or snort will not start do to id limits */ -/* TODO: When inline gets added make the uuid the port number lisstening */ $pconfig = array(); - -/* gen uuid for each iface !inportant */ -if (empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); - $snort_uuid = 0; - while ($snort_uuid > 65535 || $snort_uuid == 0) { - $snort_uuid = mt_rand(1, 65535); +if (empty($snortglob['rule'][$id]['uuid'])) + $pconfig['uuid'] = snort_generate_id(); +else + $pconfig['uuid'] = $a_rule[$id]['uuid']; +$snort_uuid = $pconfig['uuid']; + +if (isset($id) && $a_rule[$id]) { + /* old options */ + $pconfig = $a_rule[$id]; + if (empty($pconfig['uuid'])) $pconfig['uuid'] = $snort_uuid; - } -} else { - $snort_uuid = $a_nat[$id]['uuid']; - $pconfig['uuid'] = $snort_uuid; -} - -if (isset($id) && $a_nat[$id]) { - - /* old options */ - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; - $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers']; - $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['descr'] = $a_nat[$id]['descr']; - $pconfig['performance'] = $a_nat[$id]['performance']; - $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['blockoffenderskill'] = $a_nat[$id]['blockoffenderskill']; - $pconfig['blockoffendersip'] = $a_nat[$id]['blockoffendersip']; - $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; - $pconfig['homelistname'] = $a_nat[$id]['homelistname']; - $pconfig['externallistname'] = $a_nat[$id]['externallistname']; - $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; - $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; - $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']); - $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; - $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - - - if (!$pconfig['interface']) - $pconfig['interface'] = "wan"; - } else + if (!$pconfig['interface']) $pconfig['interface'] = "wan"; - -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); +} if (isset($_GET['dup'])) unset($id); - /* alert file */ - $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - - if ($_POST["Submit"]) { - - if ($_POST['descr'] == '' && $pconfig['descr'] == '') { - $input_errors[] = "Please enter a description for your reference."; - } - - if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - - if ($_POST['interface'] == $result_lan) - $input_errors[] = "Interface $result_lan is in use. Please select another interface."; - } - } - - /* XXX: Void code - * check for overlaps - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; - if ($natent['interface'] != $_POST['interface']) - continue; - } - */ - - /* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - - /* write to conf for 1st time or rewrite the answer */ - if ($_POST['interface']) - $natent['interface'] = $_POST['interface']; - - /* if post write to conf or rewite the answer */ - $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; - $natent['uuid'] = $pconfig['uuid']; - $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; - $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; - /* if post = on use on off or rewrite the conf */ - if ($_POST['blockoffenders7'] == "on") - $natent['blockoffenders7'] = 'on'; - else - $natent['blockoffenders7'] = 'off'; - if ($_POST['blockoffenderskill'] == "on") - $natent['blockoffenderskill'] = 'on'; - if ($_POST['blockoffendersip']) - $natent['blockoffendersip'] = $_POST['blockoffendersip']; - - $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname']; - $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname']; - $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; - $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname']; - $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; - if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } - if ($_POST['enable']) { $natent['enable'] = 'on'; } else unset($natent['enable']); - if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; } - if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; } - $natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; - /* if optiion = 0 then the old descr way will not work */ - - /* rewrite the options that are not in post */ - /* make shure values are set befor repost or conf.xml will be broken */ - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } - if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_servers'] != "") { $natent['def_sip_servers'] = $pconfig['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; } - if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - - - $if_real = snort_get_real_interface($natent['interface']); - - if (isset($id) && $a_nat[$id]) { - if ($natent['interface'] != $a_nat[$id]['interface']) - Running_Stop($snort_uuid, $if_real, $id); - $a_nat[$id] = $natent; - } else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - sync_snort_package_config(); - sleep(1); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces.php"); - - exit; - } +if ($_POST["Submit"]) { + if ($_POST['descr'] == '' && $pconfig['descr'] == '') { + $input_errors[] = "Please enter a description for your reference."; } - if ($_POST["Submit2"]) { + if (!$_POST['interface']) + $input_errors[] = "Interface is mandatory"; + foreach ($a_rule as $natent) { + if (isset($id) && ($a_rule[$id]) && ($a_rule[$id] === $natent)) + continue; + if ($natent['interface'] == $_POST['interface']) + $input_errors[] = "This interface is already configured for another instance"; + } + /* if no errors write to conf */ + if (!$input_errors) { + $natent = $a_rule[$id]; + $natent['interface'] = $_POST['interface']; + $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; + $natent['uuid'] = $pconfig['uuid']; + if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else unset($natent['descr']); + if ($_POST['performance']) $natent['performance'] = $_POST['performance']; else unset($natent['performance']); + /* if post = on use on off or rewrite the conf */ + if ($_POST['blockoffenders7'] == "on") $natent['blockoffenders7'] = 'on'; else $natent['blockoffenders7'] = 'off'; + if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); + if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); + if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); + if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); + if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); + if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); + if ($_POST['snortalertlogtype']) $natent['snortalertlogtype'] = $_POST['snortalertlogtype']; else $pconfig['snortalertlogtype']; + if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['enable']) { $natent['enable'] = 'on'; } else unset($natent['enable']); + if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; } else{ $natent['tcpdumplog'] = 'off'; } + if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; } + if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); + + $if_real = snort_get_real_interface($natent['interface']); + if (isset($id) && $a_rule[$id]) { + if ($natent['interface'] != $a_rule[$id]['interface']) + snort_stop($a_rule[$id], $if_real); + $a_rule[$id] = $natent; + } else + $a_rule[] = $natent; + + write_config(); sync_snort_package_config(); - sleep(1); - - Running_Start($snort_uuid, $if_real, $id); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); + header("Location: /snort/snort_interfaces.php"); exit; - } + } else + $pconfig = $_POST; +} -$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; +$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$pgtitle = "Snort: Interface Edit: {$if_friendly}"; include_once("head.inc"); ?> @@ -463,16 +269,14 @@ function enable_change(enable_change) { <?php echo "<option value='default' >default</option>"; /* find whitelist names and filter by type */ - if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { - if ($value['snortlisttype'] == 'netlist') { - $ilistname = $value['name']; - if ($ilistname == $pconfig['homelistname']) - echo "<option value='$ilistname' selected>"; - else - echo "<option value='$ilistname'>"; - echo htmlspecialchars($ilistname) . '</option>'; - } + if (is_array($snortglob['whitelist']['item'])) { + foreach ($snortglob['whitelist']['item'] as $value) { + $ilistname = $value['name']; + if ($ilistname == $pconfig['homelistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; } } ?> @@ -490,16 +294,14 @@ function enable_change(enable_change) { <?php echo "<option value='default' >default</option>"; /* find whitelist names and filter by type */ - if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { - if ($value['snortlisttype'] == 'netlist') { - $ilistname = $value['name']; - if ($ilistname == $pconfig['externallistname']) - echo "<option value='$ilistname' selected>"; - else - echo "<option value='$ilistname'>"; - echo htmlspecialchars($ilistname) . '</option>'; - } + if (is_array($snortglob['whitelist']['item'])) { + foreach ($snortglob['whitelist']['item'] as $value) { + $ilistname = $value['name']; + if ($ilistname == $pconfig['externallistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; } } ?> @@ -544,114 +346,112 @@ function enable_change(enable_change) { </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">Whitelist</td> - <td width="78%" class="vtable"> - <select name="whitelistname" class="formselect" id="whitelistname"> - <?php - /* find whitelist names and filter by type, make sure to track by uuid */ - echo "<option value='default' >default</option>\n"; - if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { - if ($value['snortlisttype'] == 'whitelist') { - if ($value['name'] == $pconfig['whitelistname']) - echo "<option value='{$value['name']}' selected>"; - else - echo "<option value='{$value['name']}'>"; - echo htmlspecialchars($value['name']) . '</option>'; - } - } - } - ?> - </select><br> - <span class="vexpl">Choose the whitelist you will like this rule to - use. </span><br/> <br/><span class="red">Note:</span><br/> Default - whitelist adds only local networks.<br/> - <span class="red">Note:</span><br/> This option will only be used when block offenders is on. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Suppression and - filtering</td> - <td width="78%" class="vtable"> - <select name="suppresslistname" class="formselect" id="suppresslistname"> - <?php - echo "<option value='default' >default</option>\n"; - if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { - $slist_select = $config['installedpackages']['snortglobal']['suppress']['item']; - foreach ($slist_select as $value) { - $ilistname = $value['name']; - if ($ilistname == $pconfig['suppresslistname']) - echo "<option value='$ilistname' selected>"; - else - echo "<option value='$ilistname'>"; - echo htmlspecialchars($ilistname) . '</option>'; - } - } - ?> - </select><br> - <span class="vexpl">Choose the suppression or filtering file you - will like this rule to use. </span><br/> <br/><span class="red">Note:</span><br/> Default - option disables suppression and filtering.</td> - </tr> + <td width="22%" valign="top" class="vncell">Whitelist</td> + <td width="78%" class="vtable"> + <select name="whitelistname" class="formselect" id="whitelistname"> + <?php + /* find whitelist names and filter by type, make sure to track by uuid */ + echo "<option value='default' >default</option>\n"; + if (is_array($snortglob['whitelist']['item'])) { + foreach ($snortglob['whitelist']['item'] as $value) { + if ($value['name'] == $pconfig['whitelistname']) + echo "<option value='{$value['name']}' selected>"; + else + echo "<option value='{$value['name']}'>"; + echo htmlspecialchars($value['name']) . '</option>'; + } + } + ?> + </select><br> + <span class="vexpl">Choose the whitelist you will like this rule to + use. </span><br/> <br/><span class="red">Note:</span><br/> Default + whitelist adds only local networks.<br/> + <span class="red">Note:</span><br/> This option will only be used when block offenders is on. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Suppression and + filtering</td> + <td width="78%" class="vtable"> + <select name="suppresslistname" class="formselect" id="suppresslistname"> + <?php + echo "<option value='default' >default</option>\n"; + if (is_array($snortglob['suppress']['item'])) { + $slist_select = $snortglob['suppress']['item']; + foreach ($slist_select as $value) { + $ilistname = $value['name']; + if ($ilistname == $pconfig['suppresslistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; + } + } + ?> + </select><br> + <span class="vexpl">Choose the suppression or filtering file you + will like this rule to use. </span><br/> <br/><span class="red">Note:</span><br/> Default + option disables suppression and filtering.</td> + </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the types of - logs snort should create.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Send alerts to main - System logs</td> - <td width="78%" class="vtable"><input name="alertsystemlog" - type="checkbox" value="on" - <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Snort will send Alerts to the firewall's system logs.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td> - <td width="78%" class="vtable"><input name="tcpdumplog" - type="checkbox" value="on" - <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Snort will log packets to a tcpdump-formatted file. The file then - can be analyzed by an application such as Wireshark which - understands pcap file formats. <span class="red"><strong>WARNING:</strong></span><br/> - File may become large.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Log Alerts to a snort - unified2 file</td> - <td width="78%" class="vtable"><input name="snortunifiedlog" - type="checkbox" value="on" - <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Snort will log Alerts to a file in the UNIFIED2 format. This is a - requirement for barnyard2.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Arguments here will - be automatically inserted into the snort configuration.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Advanced configuration pass through</td> - <td width="78%" class="vtable"> - <textarea wrap="off" name="configpassthru" cols="65" rows="12" id="configpassthru"> - <?=htmlspecialchars($pconfig['configpassthru']);?></textarea> - </td> - </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br/> - <br> - Please save your settings before you click start. </td> - </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Choose the types of + logs snort should create.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Send alerts to main + System logs</td> + <td width="78%" class="vtable"><input name="alertsystemlog" + type="checkbox" value="on" + <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Snort will send Alerts to the firewall's system logs.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td> + <td width="78%" class="vtable"><input name="tcpdumplog" + type="checkbox" value="on" + <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Snort will log packets to a tcpdump-formatted file. The file then + can be analyzed by an application such as Wireshark which + understands pcap file formats. <span class="red"><strong>WARNING:</strong></span><br/> + File may become large.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Log Alerts to a snort + unified2 file</td> + <td width="78%" class="vtable"><input name="snortunifiedlog" + type="checkbox" value="on" + <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Snort will log Alerts to a file in the UNIFIED2 format. This is a + requirement for barnyard2.</td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic">Arguments here will + be automatically inserted into the snort configuration.</td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell">Advanced configuration pass through</td> + <td width="78%" class="vtable"> + <textarea wrap="off" name="configpassthru" cols="65" rows="12" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> + + </td> +</tr> +<tr> + <td width="22%" valign="top"></td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save"> + <input name="id" type="hidden" value="<?=$id;?>"> + </td> +</tr> +<tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br/> + <br> + Please save your settings before you click start. + </td> +</tr> </table> </td></tr> </table> diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index d4fe44ac..0b3b03ca 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -51,7 +51,6 @@ if ($_GET['act'] == "del") { unset($a_suppress[$_GET['id']]); write_config(); - filter_configure(); header("Location: /snort/snort_interfaces_suppress.php"); exit; } diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 6118c33a..dbe69e5b 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -38,6 +38,11 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); + +if (!is_array($config['installedpackages']['snortglobal'])) + $config['installedpackages']['snortglobal'] = array(); +$snortglob = $config['installedpackages']['snortglobal']; + if (!is_array($config['installedpackages']['snortglobal']['suppress'])) $config['installedpackages']['snortglobal']['suppress'] = array(); if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) @@ -49,20 +54,6 @@ if (isset($_POST['id'])) $id = $_POST['id']; -/* gen uuid for each iface */ -if (is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) { - if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); - $suppress_uuid = 0; - while ($suppress_uuid > 65535 || $suppress_uuid == 0) { - $suppress_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $suppress_uuid; - } - } else if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') { - $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid']; - } -} - /* returns true if $name is a valid name for a whitelist file name or ip */ function is_validwhitelistname($name) { if (!is_string($name)) @@ -81,10 +72,11 @@ if (isset($id) && $a_suppress[$id]) { $pconfig['uuid'] = $a_suppress[$id]['uuid']; $pconfig['descr'] = $a_suppress[$id]['descr']; $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); + if (empty($a_suppress[$id]['uuid'])) + $pconfig['uuid'] = uniqid(); } if ($_POST['submit']) { - unset($input_errors); $pconfig = $_POST; @@ -95,14 +87,8 @@ if ($_POST['submit']) { if(strtolower($_POST['name']) == "defaultwhitelist") $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - $x = is_validwhitelistname($_POST['name']); - if (!isset($x)) { - $input_errors[] = "Reserved word used for whitelist file name."; - } else { - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; - } - + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; /* check for name conflicts */ foreach ($a_suppress as $s_list) { @@ -129,8 +115,8 @@ if ($_POST['submit']) { $a_suppress[] = $s_list; write_config(); - sync_snort_package_config(); + header("Location: /snort/snort_interfaces_suppress.php"); exit; } diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 858b50de..0d097b56 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -79,7 +79,6 @@ if (isset($id) && $a_whitelist[$id]) { $pconfig['name'] = $a_whitelist[$id]['name']; $pconfig['uuid'] = $a_whitelist[$id]['uuid']; $pconfig['detail'] = $a_whitelist[$id]['detail']; - $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; $pconfig['address'] = $a_whitelist[$id]['address']; $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); $pconfig['wanips'] = $a_whitelist[$id]['wanips']; @@ -157,7 +156,6 @@ if ($_POST['submit']) { /* post user input */ $w_list['name'] = $_POST['name']; $w_list['uuid'] = $whitelist_uuid; - $w_list['snortlisttype'] = $_POST['snortlisttype']; $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; @@ -241,30 +239,6 @@ if ($savemsg) reference (not parsed). </span></td> </tr> <tr> - <td width="22%" valign="top" class="vncell">List Type</td> - <td width="78%" class="vtable"> - - <div - style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" - id="itemhelp"><strong>WHITELIST:</strong> This - list specifies addresses that Snort Package should not block.<br> - <br> - <strong>NETLIST:</strong> This list is for defining - addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div> - - <select name="snortlisttype" class="formselect" id="snortlisttype"> - <?php - $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" - <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?></option> - <?php endforeach; ?> - </select> <span class="vexpl"> Choose the type of - list you will like see in your <span class="red">Interface Edit Tab</span>. - </span></td> - </tr> - <tr> <td colspan="2" valign="top" class="listtopic">Add auto generated ips.</td> </tr> diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index b3fd2510..fbb27ccf 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -56,11 +56,10 @@ if (isset($id) && $a_nat[$id]) { /* new options */ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; @@ -70,23 +69,14 @@ if (isset($id) && $a_nat[$id]) { $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; } -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); -$snort_uuid = $pconfig['uuid']; - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - if ($_POST) { - $natent = array(); $natent = $pconfig; /* if no errors write to conf */ if (!$input_errors) { /* post new options */ - $natent['perform_stat'] = $_POST['perform_stat']; - if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } + if ($_POST['ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; } if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; } @@ -125,7 +115,8 @@ if ($_POST) { } } -$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow"; +$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$pgtitle = "Snort: Interface {$if_real} Preprocessors and Flow"; include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -312,9 +303,9 @@ include_once("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell">Define SSL_IGNORE</td> - <td width="78%" class="vtable"><input name="def_ssl_ports_ignore" - type="text" class="formfld" id="def_ssl_ports_ignore" size="40" - value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br> + <td width="78%" class="vtable"><input name="ssl_ports_ignore" + type="text" class="formfld" id="ssl_ports_ignore" size="40" + value="<?=htmlspecialchars($pconfig['ssl_ports_ignore']);?>"> <br> <span class="vexpl"> Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.<br> Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index bf2970dd..69233889 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -215,7 +215,8 @@ $ifname = strtoupper($pconfig['interface']); require_once("guiconfig.inc"); include_once("head.inc"); -$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; +$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$pgtitle = "Snort: $id $iface_uuid {$if_friendly} Category: $currentruleset"; ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 44ac902c..77e02d58 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -60,7 +60,8 @@ if (isset($id) && $a_nat[$id]) { $iface_uuid = $a_nat[$id]['uuid']; } -$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories"; +$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$pgtitle = "Snort: Interface {$if_friendly} Categories"; /* Check if the rules dir is empy if so warn the user */ @@ -83,20 +84,13 @@ if ($isrulesfolderempty == "") { <tr><td>\n"; $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); echo " </td></tr> @@ -133,7 +127,6 @@ if ($isrulesfolderempty == "") { } /* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty"; if ($_POST["Submit"]) { $enabled_items = ""; $isfirst = true; @@ -184,39 +177,19 @@ if ($savemsg) { print_info_box($savemsg); } -if (file_exists($d_snortconfdirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np("{$savemsg}"); - }else{ - print_info_box_np(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } -} - ?> <table width="99%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?> </td></tr> |