aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/snort-dev/bin/oinkmaster_contrib/README.contrib84
-rw-r--r--config/snort-dev/bin/oinkmaster_contrib/addmsg.pl299
-rw-r--r--config/snort-dev/bin/oinkmaster_contrib/addsid.pl382
-rw-r--r--config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl280
-rw-r--r--config/snort-dev/bin/oinkmaster_contrib/make_snortsam_map.pl265
-rw-r--r--config/snort-dev/bin/oinkmaster_contrib/makesidex.pl261
-rw-r--r--config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl1046
-rw-r--r--config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl2754
-rw-r--r--config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl100
-rw-r--r--config/snort-dev/css/sexybuttons.css342
-rw-r--r--config/snort-dev/css/style.css206
-rw-r--r--config/snort-dev/help_and_info.php247
-rw-r--r--config/snort-dev/images/alert.jpgbin0 -> 13730 bytes
-rw-r--r--config/snort-dev/images/arrow_down.pngbin0 -> 379 bytes
-rw-r--r--config/snort-dev/images/awesome-overlay-sprite.pngbin0 -> 214 bytes
-rw-r--r--config/snort-dev/images/down.gifbin0 -> 54 bytes
-rw-r--r--config/snort-dev/images/down2.gifbin0 -> 60 bytes
-rw-r--r--config/snort-dev/images/footer.jpgbin0 -> 57411 bytes
-rw-r--r--config/snort-dev/images/footer2.jpgbin0 -> 31878 bytes
-rw-r--r--config/snort-dev/images/icon-table-sort-asc.pngbin0 -> 2906 bytes
-rw-r--r--config/snort-dev/images/icon-table-sort-desc.pngbin0 -> 2913 bytes
-rw-r--r--config/snort-dev/images/icon-table-sort.pngbin0 -> 3025 bytes
-rw-r--r--config/snort-dev/images/icon_excli.pngbin0 -> 5280 bytes
-rw-r--r--config/snort-dev/images/logo.jpgbin0 -> 74306 bytes
-rw-r--r--config/snort-dev/images/logo22.pngbin0 -> 27841 bytes
-rw-r--r--config/snort-dev/images/page_white_text.pngbin0 -> 342 bytes
-rw-r--r--config/snort-dev/images/up.gifbin0 -> 54 bytes
-rw-r--r--config/snort-dev/images/up2.gifbin0 -> 60 bytes
-rw-r--r--config/snort-dev/snort.inc2510
-rw-r--r--config/snort-dev/snort.xml205
-rw-r--r--config/snort-dev/snort_alerts.php582
-rw-r--r--config/snort-dev/snort_barnyard.php269
-rw-r--r--config/snort-dev/snort_blocked.php426
-rw-r--r--config/snort-dev/snort_check_cron_misc.inc76
-rw-r--r--config/snort-dev/snort_check_for_rule_updates.php690
-rw-r--r--config/snort-dev/snort_define_servers.php541
-rw-r--r--config/snort-dev/snort_download_rules.php776
-rw-r--r--config/snort-dev/snort_download_updates.php322
-rw-r--r--config/snort-dev/snort_gui.inc203
-rw-r--r--config/snort-dev/snort_interfaces.php437
-rw-r--r--config/snort-dev/snort_interfaces_edit.php733
-rw-r--r--config/snort-dev/snort_interfaces_global.php437
-rw-r--r--config/snort-dev/snort_interfaces_suppress.php171
-rw-r--r--config/snort-dev/snort_interfaces_suppress_edit.php295
-rw-r--r--config/snort-dev/snort_interfaces_whitelist.php189
-rw-r--r--config/snort-dev/snort_interfaces_whitelist_edit.php414
-rw-r--r--config/snort-dev/snort_preprocessors.php391
-rw-r--r--config/snort-dev/snort_rules.php458
-rw-r--r--config/snort-dev/snort_rules_edit.php188
-rw-r--r--config/snort-dev/snort_rulesets.php313
-rw-r--r--config/snort-dev/snortsam-package-code/css/new_tab_menu.css110
-rw-r--r--config/snort-dev/snortsam-package-code/css/style_snort2.css571
-rw-r--r--config/snort-dev/snortsam-package-code/images/alert.jpgbin0 -> 13730 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/arrow_down.pngbin0 -> 379 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/awesome-overlay-sprite.pngbin0 -> 214 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/close_9x9.gifbin0 -> 836 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/controls.pngbin0 -> 1633 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/down.gifbin0 -> 54 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/down2.gifbin0 -> 60 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/footer.jpgbin0 -> 57411 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/footer2.jpgbin0 -> 31878 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/icon-table-sort-asc.pngbin0 -> 2906 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/icon-table-sort-desc.pngbin0 -> 2913 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/icon-table-sort.pngbin0 -> 3025 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/icon_excli.pngbin0 -> 5280 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/loading.gifbin0 -> 404 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/logo.jpgbin0 -> 74306 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/logo22.pngbin0 -> 27841 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/new_tab_menu.pngbin0 -> 3257 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/page_white_text.pngbin0 -> 342 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/progress_bar2.gifbin0 -> 63777 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/progressbar.gifbin0 -> 1052 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/top_modal_bar_lil.jpgbin0 -> 11071 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/transparent.gifbin0 -> 156 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/transparentbg.pngbin0 -> 2818 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/up.gifbin0 -> 54 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/images/up2.gifbin0 -> 60 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/javascript/jquery-1.6.2.min.js18
-rw-r--r--config/snort-dev/snortsam-package-code/javascript/jquery.form.js785
-rw-r--r--config/snort-dev/snortsam-package-code/javascript/jquery.progressbar.min.js20
-rw-r--r--config/snort-dev/snortsam-package-code/javascript/snort_globalsend.js442
-rw-r--r--config/snort-dev/snortsam-package-code/patches/SnortSam/TODAO.txt1
-rw-r--r--config/snort-dev/snortsam-package-code/patches/SnortSam/snortsam-2.8.6.1.diff3021
-rw-r--r--config/snort-dev/snortsam-package-code/patches/inlinemode_options_flags.txt0
-rw-r--r--config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.am17
-rw-r--r--config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.in445
-rw-r--r--config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/plugbase.c1544
-rw-r--r--config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/util.c3233
-rw-r--r--config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.c462
-rw-r--r--config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.h60
-rw-r--r--config/snort-dev/snortsam-package-code/snort.xml272
-rw-r--r--config/snort-dev/snortsam-package-code/snortDBbin0 -> 16384 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/snortDBrulesbin0 -> 18432 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/snortDBtempbin0 -> 7168 bytes
-rw-r--r--config/snort-dev/snortsam-package-code/snort_alerts.php189
-rw-r--r--config/snort-dev/snortsam-package-code/snort_barnyard.php289
-rw-r--r--config/snort-dev/snortsam-package-code/snort_blocked.php193
-rw-r--r--config/snort-dev/snortsam-package-code/snort_build.inc1288
-rw-r--r--config/snort-dev/snortsam-package-code/snort_define_servers.php450
-rw-r--r--config/snort-dev/snortsam-package-code/snort_download_rules.inc1036
-rw-r--r--config/snort-dev/snortsam-package-code/snort_download_updates.php365
-rw-r--r--config/snort-dev/snortsam-package-code/snort_gui.inc83
-rw-r--r--config/snort-dev/snortsam-package-code/snort_head.inc148
-rw-r--r--config/snort-dev/snortsam-package-code/snort_headbase.inc73
-rw-r--r--config/snort-dev/snortsam-package-code/snort_help_info.php353
-rw-r--r--config/snort-dev/snortsam-package-code/snort_install.inc429
-rw-r--r--config/snort-dev/snortsam-package-code/snort_interfaces.php415
-rw-r--r--config/snort-dev/snortsam-package-code/snort_interfaces_edit.php536
-rw-r--r--config/snort-dev/snortsam-package-code/snort_interfaces_global.php367
-rw-r--r--config/snort-dev/snortsam-package-code/snort_interfaces_rules.php289
-rw-r--r--config/snort-dev/snortsam-package-code/snort_interfaces_rules_edit.php282
-rw-r--r--config/snort-dev/snortsam-package-code/snort_interfaces_suppress.php211
-rw-r--r--config/snort-dev/snortsam-package-code/snort_interfaces_suppress_edit.php231
-rw-r--r--config/snort-dev/snortsam-package-code/snort_interfaces_whitelist.php241
-rw-r--r--config/snort-dev/snortsam-package-code/snort_interfaces_whitelist_edit.php341
-rw-r--r--config/snort-dev/snortsam-package-code/snort_json_get.php137
-rw-r--r--config/snort-dev/snortsam-package-code/snort_json_post.php568
-rw-r--r--config/snort-dev/snortsam-package-code/snort_new.inc1368
-rw-r--r--config/snort-dev/snortsam-package-code/snort_preprocessors.php337
-rw-r--r--config/snort-dev/snortsam-package-code/snort_rules.php600
-rw-r--r--config/snort-dev/snortsam-package-code/snort_rules_ips.php471
-rw-r--r--config/snort-dev/snortsam-package-code/snort_rulesets.php347
-rw-r--r--config/snort-dev/snortsam-package-code/snort_rulesets_ips.php411
123 files changed, 39941 insertions, 0 deletions
diff --git a/config/snort-dev/bin/oinkmaster_contrib/README.contrib b/config/snort-dev/bin/oinkmaster_contrib/README.contrib
new file mode 100644
index 00000000..6923fa26
--- /dev/null
+++ b/config/snort-dev/bin/oinkmaster_contrib/README.contrib
@@ -0,0 +1,84 @@
+# $Id: README.contrib,v 1.21 2005/10/18 10:41:20 andreas_o Exp $ #
+
+-------------------------------------------------------------------------------
+* oinkgui.pl by Andreas Östling <andreaso@it.su.se>
+
+ A graphical front-end to Oinkmaster written in Perl/Tk.
+ See README.gui for complete documentation.
+-------------------------------------------------------------------------------
+
+
+
+-------------------------------------------------------------------------------
+* addsid.pl by Andreas Östling <andreaso@it.su.se>
+
+ A script that parses *.rules in all specified directories and adds a
+ SID to (active) rules that don't have any. (Actually, rev and classtype
+ are also added if missing, unless you edit addsid.pl and tune this.) The
+ script first looks for the current highest SID (even in inactive rules)
+ and starts at the next one, unless this value is below MIN_SID (defined
+ inside addsid.pl). By default, this value is set to 1000001 since this
+ is the lowest SID assigned for local usage. Handles multi-line rules.
+-------------------------------------------------------------------------------
+
+
+
+-------------------------------------------------------------------------------
+* create-sidmap.pl by Andreas Östling <andreaso@it.su.se>
+
+ A script that parses all active rules in *.rules in all specified
+ directories and creates a SID map. (Like Snort's regen-sidmap, but this
+ one handles multi-line rules.) Result goes to standard output which can
+ be redirected to a sid-msg.map file.
+-------------------------------------------------------------------------------
+
+
+
+-------------------------------------------------------------------------------
+* makesidex.pl, originally by Jerry Applebaum but later rewritten by
+ Andreas Östling <andreaso@it.su.se> to handle multi-line rules and
+ multiple rules directories.
+
+ It reads *.rules in all specified directories, looks for all disabled
+ rules and prints a "disablesid <sid> # <msg>" line for each disabled rule.
+ The output can be appended to oinkmaster.conf.
+ Useful to new Oinkmaster users.
+-------------------------------------------------------------------------------
+
+
+
+-------------------------------------------------------------------------------
+* addmsg.pl by Andreas Östling <andreaso@it.su.se>:
+
+ A script that will parse your oinkmaster.conf for
+ localsid/enablesid/disablesid lines and add their rule message as a #comment.
+ If your oinkmaster.conf looks like this before addmsg.pl has been run:
+
+ disablesid 286
+ disablesid 287
+ disablesid 288
+
+ It will look something like this afterward:
+
+ disablesid 286 # POP3 EXPLOIT x86 bsd overflow
+ disablesid 287 # POP3 EXPLOIT x86 bsd overflow
+ disablesid 288 # POP3 EXPLOIT x86 linux overflow
+
+ addmsg.pl will not touch lines that already has a comment in them.
+ It's not able to handle SID lists when written like this:
+ disablesid 1,2,3, ...
+ But it should handle them if written like this:
+ disablesid \
+ 1, \
+ 2, \
+ 3
+
+ The new config file will be printed to standard output, so you
+ probably want to redirect the output to a file, for example:
+
+ ./addmsg.pl oinkmaster.conf rules/ > oinkmaster.conf.new
+
+ If oinkmaster.conf.new looks ok, simply rename it to oinkmaster.conf.
+ Do NOT redirect to the same file you read from, as this will destroy
+ that file.
+-------------------------------------------------------------------------------
diff --git a/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl b/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl
new file mode 100644
index 00000000..e5866d6f
--- /dev/null
+++ b/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl
@@ -0,0 +1,299 @@
+#!/usr/bin/perl -w
+
+# $Id: addmsg.pl,v 1.19 2005/12/31 13:42:46 andreas_o Exp $ #
+
+# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above
+# copyright notice, this list of conditions and the following
+# disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its
+# contributors may be used to endorse or promote products
+# derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+use strict;
+
+sub get_next_entry($ $ $ $ $ $);
+sub parse_singleline_rule($ $ $);
+
+
+my $USAGE = << "RTFM";
+
+Parse Oinkmaster configuration file and add the rule's "msg" string as a
+#comment for each disablesid/enablesid line.
+
+Usage: $0 <oinkmaster.conf> <rulesdir> [rulesdir2, ...]
+
+The new config file will be printed to standard output, so you
+probably want to redirect the output to a new file (*NOT* the same
+file you used as input, because that will destroy the file!).
+For example:
+
+$0 /etc/oinkmaster.conf /etc/rules/ > oinkmaster.conf.new
+
+If oinkmaster.conf.new looks ok, simply rename it to /etc/oinkmaster.conf.
+
+RTFM
+
+
+# Regexp to match the start of a multi-line rule.
+# %ACTIONS% will be replaced with content of $config{actions} later.
+my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.*\\\\\s*\n$'; # ';
+
+# Regexp to match a single-line rule.
+my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.+;\s*\)\s*$'; # ';
+
+
+my $config = shift || die($USAGE);
+
+my @rulesdirs = @ARGV;
+die($USAGE) unless ($#rulesdirs > -1);
+
+my $verbose = 1;
+my (%sidmsgmap, %config);
+
+$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic";
+
+$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+
+
+
+# Read in oinkmaster.conf.
+open(CONFIG, "<" , "$config") or die("could not open \"$config\" for reading: $!\n");
+my @config = <CONFIG>;
+close(CONFIG);
+
+
+# Read in *.rules in all rulesdirs and create %sidmsgmap ($sidmsgmap{sid} = msg).
+foreach my $rulesdir (@rulesdirs) {
+ opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n");
+
+ while (my $file = readdir(RULESDIR)) {
+ next unless ($file =~ /\.rules$/);
+
+ open(FILE, "<", "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n");
+ my @file = <FILE>;
+ close(FILE);
+
+ my ($single, $multi, $nonrule, $msg, $sid);
+
+ while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
+ $sidmsgmap{$sid} = $msg
+ if (defined($single));
+ }
+ }
+}
+
+
+# Print new oinkmaster.conf.
+while ($_ = shift(@config)) {
+ if (/^\s*(?:disable|enable|local)sid\s+(\d+)\s*$/ || /^\s*(\d+)\s*,\s*\\$/ || /^\s*(\d+)\s*$/) {
+ my $sid = $1;
+ my $is_multiline = 0;
+ chomp;
+
+ if (/\\$/) {
+ $is_multiline = 1;
+ s/\\$//;
+ }
+
+ $_ = sprintf("%-25s", $_);
+ if (exists($sidmsgmap{$sid})) {
+ print "$_ # $sidmsgmap{$sid}";
+ } else {
+ print "$_";
+ }
+ print " \\" if ($is_multiline);
+ print "\n";
+ } else {
+ print;
+ }
+}
+
+
+
+# From oinkmaster.pl.
+sub get_next_entry($ $ $ $ $ $)
+{
+ my $arr_ref = shift;
+ my $single_ref = shift;
+ my $multi_ref = shift;
+ my $nonrule_ref = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ undef($$single_ref);
+ undef($$multi_ref);
+ undef($$nonrule_ref);
+ undef($$msg_ref);
+ undef($$sid_ref);
+
+ my $line = shift(@$arr_ref) || return(0);
+ my $disabled = 0;
+ my $broken = 0;
+
+ # Possible beginning of multi-line rule?
+ if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
+ $$single_ref = $line;
+ $$multi_ref = $line;
+
+ $disabled = 1 if ($line =~ /^\s*#/);
+
+ # Keep on reading as long as line ends with "\".
+ while (!$broken && $line =~ /\\\s*\n$/) {
+
+ # Remove trailing "\" and newline for single-line version.
+ $$single_ref =~ s/\\\s*\n//;
+
+ # If there are no more lines, this can not be a valid multi-line rule.
+ if (!($line = shift(@$arr_ref))) {
+
+ warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
+ if ($config{verbose});
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+
+ # Multi-line continuation.
+ $$multi_ref .= $line;
+
+ # If there are non-comment lines in the middle of a disabled rule,
+ # mark the rule as broken to return as non-rule lines.
+ if ($line !~ /^\s*#/ && $disabled) {
+ $broken = 1;
+ } elsif ($line =~ /^\s*#/ && !$disabled) {
+ # comment line (with trailing slash) in the middle of an active rule - ignore it
+ } else {
+ $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
+ $$single_ref .= $line;
+ }
+
+ } # while line ends with "\"
+
+ # Single-line version should now be a valid rule.
+ # If not, it wasn't a valid multi-line rule after all.
+ if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
+
+ $$single_ref =~ s/^\s*//; # remove leading whitespaces
+ $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
+ $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ $$multi_ref =~ s/^\s*//;
+ $$multi_ref =~ s/\s*\n$/\n/;
+ $$multi_ref =~ s/^#+\s*/#/;
+
+ return (1); # return multi
+ } else {
+ warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
+ if ($config{verbose} && $$multi_ref !~ /^\s*#/);
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+ } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
+ $$single_ref = $line;
+ $$single_ref =~ s/^\s*//;
+ $$single_ref =~ s/^#+\s*/#/;
+ $$single_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return single
+ } else { # non-rule line
+
+ # Do extra check and warn if it *might* be a rule anyway,
+ # but that we just couldn't parse for some reason.
+ warn("\nWARNING: line may be a rule but it could not be parsed ".
+ "(missing sid or msg?): $line\n")
+ if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
+
+ $$nonrule_ref = $line;
+ $$nonrule_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return non-rule
+ }
+}
+
+
+
+# From oinkmaster.pl.
+sub parse_singleline_rule($ $ $)
+{
+ my $line = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
+
+ if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
+ $$msg_ref = $1;
+ } else {
+ return (0);
+ }
+
+ if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
+ $$sid_ref = $1;
+ } else {
+ return (0);
+ }
+
+ return (1);
+ }
+
+ return (0);
+}
diff --git a/config/snort-dev/bin/oinkmaster_contrib/addsid.pl b/config/snort-dev/bin/oinkmaster_contrib/addsid.pl
new file mode 100644
index 00000000..64255d22
--- /dev/null
+++ b/config/snort-dev/bin/oinkmaster_contrib/addsid.pl
@@ -0,0 +1,382 @@
+#!/usr/bin/perl -w
+
+# $Id: addsid.pl,v 1.30 2005/12/31 13:42:46 andreas_o Exp $ #
+
+# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above
+# copyright notice, this list of conditions and the following
+# disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its
+# contributors may be used to endorse or promote products
+# derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+use strict;
+
+
+sub get_next_entry($ $ $ $ $ $);
+sub parse_singleline_rule($ $ $);
+sub get_next_available_sid(@);
+
+
+# Set this to the default classtype you want to add, if missing.
+# Set to 0 or "" if you don't want to add a classtype.
+my $CLASSTYPE = "misc-attack";
+
+# If ADD_REV is set to 1, "rev: 1;" will be added to rule if it has no rev.
+# Set to 0 if you don't want to add it.
+my $ADD_REV = 1;
+
+# Minimum SID to add. Normally, the next available SID will be used,
+# unless it's below this value. Only SIDs >= 1000000 are reserved for
+# personal use.
+my $MIN_SID = 1000001;
+
+# Regexp to match the start of a multi-line rule.
+# %ACTIONS% will be replaced with content of $config{actions} later.
+my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.*\\\\\s*\n$'; # ';
+
+# Regexp to match a single-line rule.
+my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.+;\s*\)\s*$'; # ';
+
+
+my $USAGE = << "RTFM";
+
+Parse *.rules in one or more directories and add "sid:<sid>;" to
+active rules that don't have any "sid" entry, starting with the next
+available SID after parsing all rules files (but $MIN_SID at minumum).
+Also, "rev:1;" is added to rules without a "rev" entry, and
+"classtype:misc-attack;" is added to rules without a "classtype" entry
+(edit options at the top of $0 if you want to change this).
+
+Usage: $0 <rulesdir> [rulesdir2, ...]
+
+RTFM
+
+
+# Start in verbose mode.
+my $verbose = 1;
+
+my (%all_sids, %active_sids, %config);
+
+my @rulesdirs = @ARGV;
+
+die($USAGE) unless ($#rulesdirs > -1);
+
+$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic";
+
+$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+
+
+# Find out the next available SID.
+my $next_sid = get_next_available_sid(@rulesdirs);
+
+# Avoid seeing possible warnings about broken rules twice.
+$verbose = 0;
+
+# Add sid/rev/classtype to active rules that don't have any.
+foreach my $dir (@rulesdirs) {
+ opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n");
+
+ while (my $file = readdir(RULESDIR)) {
+ next unless ($file =~ /\.rules$/);
+
+ open(OLDFILE, "$dir/$file")
+ or die("could not open \"$dir/$file\": $!\n");
+ my @file = <OLDFILE>;
+ close(OLDFILE);
+
+ open(NEWFILE, ">", "$dir/$file")
+ or die("could not open \"$dir/$file\" for writing: $!\n");
+
+ my ($single, $multi, $nonrule, $msg, $sid);
+ while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
+
+ if (defined($nonrule)) {
+ print NEWFILE "$nonrule";
+ next;
+ }
+
+ $multi = $single unless (defined($multi));
+
+ # Don't care about inactive rules.
+ if ($single =~ /^\s*#/) {
+ print NEWFILE "$multi";
+ next;
+ }
+
+ my $added;
+
+ # Add SID.
+ if ($single !~ /sid\s*:\s*\d+\s*;/) {
+ $added .= "SID $next_sid,";
+ $multi =~ s/\)\s*\n/sid:$next_sid;)\n/;
+ $next_sid++;
+ }
+
+ # Add revision.
+ if ($ADD_REV && $single !~ /rev\s*:\s*\d+\s*;/) {
+ $added .= "rev,";
+ $multi =~ s/\)\s*\n/rev:1;)\n/;
+ }
+
+ # Add classtype.
+ if ($CLASSTYPE && $single !~ /classtype\s*:\s*.+\s*;/) {
+ $added .= "classtype $CLASSTYPE,";
+ $multi =~ s/\)\s*\n/classtype:$CLASSTYPE;)\n/;
+ }
+
+ if (defined($added)) {
+ $added =~ s/,$//;
+ print "Adding $added to rule \"$msg\"\n"
+ if (defined($added));
+ }
+
+ print NEWFILE "$multi";
+ }
+
+ close(NEWFILE);
+ }
+
+ closedir(RULESDIR);
+}
+
+
+
+# Read in *.rules in given directory and return highest SID.
+sub get_next_available_sid(@)
+{
+ my @dirs = @_;
+
+ foreach my $dir (@dirs) {
+ opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n");
+
+ # Only care about *.rules.
+ while (my $file = readdir(RULESDIR)) {
+ next unless ($file =~ /\.rules$/);
+
+ open(OLDFILE, "<$dir/$file") or die("could not open \"$dir/$file\": $!\n");
+ my @file = <OLDFILE>;
+ close(OLDFILE);
+
+ my ($single, $multi, $nonrule, $msg, $sid);
+
+ while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
+ if (defined($single) && defined($sid)) {
+ $all_sids{$sid}++;
+
+ # If this is an active rule add to %active_sids and
+ # warn if it already exists.
+ if ($single =~ /^\s*alert/) {
+ print STDERR "WARNING: duplicate SID: $sid\n"
+ if (exists($active_sids{$sid}));
+ $active_sids{$sid}++
+ }
+ }
+ }
+ }
+ }
+
+ # Sort sids and use highest one + 1, unless it's below MIN_SID.
+ @_ = sort {$a <=> $b} keys(%all_sids);
+ my $sid = pop(@_);
+
+ if (!defined($sid)) {
+ $sid = $MIN_SID
+ } else {
+ $sid++;
+ }
+
+ # If it's below MIN_SID, use MIN_SID instead.
+ $sid = $MIN_SID if ($sid < $MIN_SID);
+
+ return ($sid)
+}
+
+
+
+sub get_next_entry($ $ $ $ $ $)
+{
+ my $arr_ref = shift;
+ my $single_ref = shift;
+ my $multi_ref = shift;
+ my $nonrule_ref = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ undef($$single_ref);
+ undef($$multi_ref);
+ undef($$nonrule_ref);
+ undef($$msg_ref);
+ undef($$sid_ref);
+
+ my $line = shift(@$arr_ref) || return(0);
+ my $disabled = 0;
+ my $broken = 0;
+
+ # Possible beginning of multi-line rule?
+ if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
+ $$single_ref = $line;
+ $$multi_ref = $line;
+
+ $disabled = 1 if ($line =~ /^\s*#/);
+
+ # Keep on reading as long as line ends with "\".
+ while (!$broken && $line =~ /\\\s*\n$/) {
+
+ # Remove trailing "\" and newline for single-line version.
+ $$single_ref =~ s/\\\s*\n//;
+
+ # If there are no more lines, this can not be a valid multi-line rule.
+ if (!($line = shift(@$arr_ref))) {
+
+ warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
+ if ($config{verbose});
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+
+ # Multi-line continuation.
+ $$multi_ref .= $line;
+
+ # If there are non-comment lines in the middle of a disabled rule,
+ # mark the rule as broken to return as non-rule lines.
+ if ($line !~ /^\s*#/ && $disabled) {
+ $broken = 1;
+ } elsif ($line =~ /^\s*#/ && !$disabled) {
+ # comment line (with trailing slash) in the middle of an active rule - ignore it
+ } else {
+ $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
+ $$single_ref .= $line;
+ }
+
+ } # while line ends with "\"
+
+ # Single-line version should now be a valid rule.
+ # If not, it wasn't a valid multi-line rule after all.
+ if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
+
+ $$single_ref =~ s/^\s*//; # remove leading whitespaces
+ $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
+ $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ $$multi_ref =~ s/^\s*//;
+ $$multi_ref =~ s/\s*\n$/\n/;
+ $$multi_ref =~ s/^#+\s*/#/;
+
+ return (1); # return multi
+ } else {
+ warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
+ if ($config{verbose} && $$multi_ref !~ /^\s*#/);
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+ } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
+ $$single_ref = $line;
+ $$single_ref =~ s/^\s*//;
+ $$single_ref =~ s/^#+\s*/#/;
+ $$single_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return single
+ } else { # non-rule line
+
+ # Do extra check and warn if it *might* be a rule anyway,
+ # but that we just couldn't parse for some reason.
+ warn("\nWARNING: line may be a rule but it could not be parsed ".
+ "(missing sid or msg?): $line\n")
+ if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
+
+ $$nonrule_ref = $line;
+ $$nonrule_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return non-rule
+ }
+}
+
+
+
+# From oinkmaster.pl except that this version
+# has been modified so that the sid is *optional*.
+sub parse_singleline_rule($ $ $)
+{
+ my $line = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
+
+ if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
+ $$msg_ref = $1;
+ } else {
+ return (0);
+ }
+
+ if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
+ $$sid_ref = $1;
+# } else {
+# return (0);
+ }
+
+ return (1);
+ }
+
+ return (0);
+}
diff --git a/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl b/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl
new file mode 100644
index 00000000..26a9040c
--- /dev/null
+++ b/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl
@@ -0,0 +1,280 @@
+#!/usr/local/bin/perl -w
+
+# $Id: create-sidmap.pl,v 1.21 2005/12/31 13:42:46 andreas_o Exp $ #
+
+# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above
+# copyright notice, this list of conditions and the following
+# disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its
+# contributors may be used to endorse or promote products
+# derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+use strict;
+
+sub get_next_entry($ $ $ $ $ $);
+sub parse_singleline_rule($ $ $);
+
+# Files to ignore.
+my %skipfiles = (
+ 'deleted.rules' => 1,
+);
+
+# Regexp to match the start of a multi-line rule.
+# %ACTIONS% will be replaced with content of $config{actions} later.
+my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.*\\\\\s*\n$'; # ';
+
+# Regexp to match a single-line rule.
+my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.+;\s*\)\s*$'; # ';
+
+my $USAGE = << "RTFM";
+
+Parse active rules in *.rules in one or more directories and create a SID
+map. Result is sent to standard output, which can be redirected to a
+sid-msg.map file.
+
+Usage: $0 <rulesdir> [rulesdir2, ...]
+
+RTFM
+
+my $verbose = 1;
+
+my (%sidmap, %config);
+
+my @rulesdirs = @ARGV;
+
+die($USAGE) unless ($#rulesdirs > -1);
+
+$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic";
+
+$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+
+
+# Read in all rules from each rules file (*.rules) in each rules dir.
+# into %sidmap.
+foreach my $rulesdir (@rulesdirs) {
+ opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n");
+
+ while (my $file = readdir(RULESDIR)) {
+ next unless ($file =~ /\.rules$/);
+ next if ($skipfiles{$file});
+
+ open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n");
+ my @file = <FILE>;
+ close(FILE);
+
+ my ($single, $multi, $nonrule, $msg, $sid);
+
+ while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
+ if (defined($single)) {
+
+ warn("WARNING: duplicate SID: $sid (discarding old)\n")
+ if (exists($sidmap{$sid}));
+
+ $sidmap{$sid} = "$sid || $msg";
+
+ # Print all references. Borrowed from Brian Caswell's regen-sidmap script.
+ my $ref = $single;
+ while ($ref =~ s/(.*)reference\s*:\s*([^\;]+)(.*)$/$1 $3/) {
+ $sidmap{$sid} .= " || $2"
+ }
+
+ $sidmap{$sid} .= "\n";
+ }
+ }
+ }
+}
+
+# Print results.
+foreach my $sid (sort { $a <=> $b } keys(%sidmap)) {
+ print "$sidmap{$sid}";
+}
+
+
+
+# Same as in oinkmaster.pl.
+sub get_next_entry($ $ $ $ $ $)
+{
+ my $arr_ref = shift;
+ my $single_ref = shift;
+ my $multi_ref = shift;
+ my $nonrule_ref = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ undef($$single_ref);
+ undef($$multi_ref);
+ undef($$nonrule_ref);
+ undef($$msg_ref);
+ undef($$sid_ref);
+
+ my $line = shift(@$arr_ref) || return(0);
+ my $disabled = 0;
+ my $broken = 0;
+
+ # Possible beginning of multi-line rule?
+ if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
+ $$single_ref = $line;
+ $$multi_ref = $line;
+
+ $disabled = 1 if ($line =~ /^\s*#/);
+
+ # Keep on reading as long as line ends with "\".
+ while (!$broken && $line =~ /\\\s*\n$/) {
+
+ # Remove trailing "\" and newline for single-line version.
+ $$single_ref =~ s/\\\s*\n//;
+
+ # If there are no more lines, this can not be a valid multi-line rule.
+ if (!($line = shift(@$arr_ref))) {
+
+ warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
+ if ($config{verbose});
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+
+ # Multi-line continuation.
+ $$multi_ref .= $line;
+
+ # If there are non-comment lines in the middle of a disabled rule,
+ # mark the rule as broken to return as non-rule lines.
+ if ($line !~ /^\s*#/ && $disabled) {
+ $broken = 1;
+ } elsif ($line =~ /^\s*#/ && !$disabled) {
+ # comment line (with trailing slash) in the middle of an active rule - ignore it
+ } else {
+ $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
+ $$single_ref .= $line;
+ }
+
+ } # while line ends with "\"
+
+ # Single-line version should now be a valid rule.
+ # If not, it wasn't a valid multi-line rule after all.
+ if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
+
+ $$single_ref =~ s/^\s*//; # remove leading whitespaces
+ $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
+ $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ $$multi_ref =~ s/^\s*//;
+ $$multi_ref =~ s/\s*\n$/\n/;
+ $$multi_ref =~ s/^#+\s*/#/;
+
+ return (1); # return multi
+ } else {
+ warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
+ if ($config{verbose} && $$multi_ref !~ /^\s*#/);
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+ } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
+ $$single_ref = $line;
+ $$single_ref =~ s/^\s*//;
+ $$single_ref =~ s/^#+\s*/#/;
+ $$single_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return single
+ } else { # non-rule line
+
+ # Do extra check and warn if it *might* be a rule anyway,
+ # but that we just couldn't parse for some reason.
+ warn("\nWARNING: line may be a rule but it could not be parsed ".
+ "(missing sid or msg?): $line\n")
+ if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
+
+ $$nonrule_ref = $line;
+ $$nonrule_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return non-rule
+ }
+}
+
+
+
+# Same as in oinkmaster.pl.
+sub parse_singleline_rule($ $ $)
+{
+ my $line = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
+
+ if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
+ $$msg_ref = $1;
+ } else {
+ return (0);
+ }
+
+ if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
+ $$sid_ref = $1;
+ } else {
+ return (0);
+ }
+
+ return (1);
+ }
+
+ return (0);
+}
diff --git a/config/snort-dev/bin/oinkmaster_contrib/make_snortsam_map.pl b/config/snort-dev/bin/oinkmaster_contrib/make_snortsam_map.pl
new file mode 100644
index 00000000..42ce2b3b
--- /dev/null
+++ b/config/snort-dev/bin/oinkmaster_contrib/make_snortsam_map.pl
@@ -0,0 +1,265 @@
+#!/usr/bin/perl -w
+
+# $Id: makesidex.pl,v 1.11 2005/12/31 13:42:46 andreas_o Exp $ #
+
+# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above
+# copyright notice, this list of conditions and the following
+# disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its
+# contributors may be used to endorse or promote products
+# derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Modified by Robert Zelaya for the snort package.
+# gets enabled sids and msgs for all rules in a dir
+
+
+
+use strict;
+
+sub get_next_entry($ $ $ $ $ $);
+sub parse_singleline_rule($ $ $);
+
+
+# Regexp to match the start of a multi-line rule.
+# %ACTIONS% will be replaced with content of $config{actions} later.
+my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.*\\\\\s*\n$'; # ';
+
+# Regexp to match a single-line rule.
+my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.+;\s*\)\s*$'; # ';
+
+my $USAGE = << "RTFM";
+
+Parse *.rules in one or more directories and look for all rules that are
+disabled (i.e. begin with "#") and print "disablesid <sid> # <msg>" to
+standard output for all those rules. This output can be redirected to a
+file, which will be understood by Oinkmaster.
+
+Usage: $0 <rulesdir> [rulesdir2, ...]
+
+RTFM
+
+my $verbose = 1;
+
+my (%disabled, %config);
+
+my @rulesdirs = @ARGV;
+
+die($USAGE) unless ($#rulesdirs > -1);
+
+$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic";
+
+$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+
+foreach my $rulesdir (@rulesdirs) {
+ opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n");
+
+ while (my $file = readdir(RULESDIR)) {
+ next unless ($file =~ /\.rules$/);
+
+ open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n");
+ my @file = <FILE>;
+ close(FILE);
+
+ my ($single, $multi, $nonrule, $msg, $sid);
+
+ while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
+ $single = $multi if (defined($multi));
+ $disabled{$sid} = $msg
+ if (defined($single) && $single =~ /^alert/);
+ }
+ }
+}
+
+# Print results.
+foreach my $sid (sort { $a <=> $b } keys(%disabled)) {
+ printf("%-25s # %s\n", "$sid", $disabled{$sid});
+}
+
+
+
+# Same as in oinkmaster.pl.
+sub get_next_entry($ $ $ $ $ $)
+{
+ my $arr_ref = shift;
+ my $single_ref = shift;
+ my $multi_ref = shift;
+ my $nonrule_ref = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ undef($$single_ref);
+ undef($$multi_ref);
+ undef($$nonrule_ref);
+ undef($$msg_ref);
+ undef($$sid_ref);
+
+ my $line = shift(@$arr_ref) || return(0);
+ my $disabled = 0;
+ my $broken = 0;
+
+ # Possible beginning of multi-line rule?
+ if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
+ $$single_ref = $line;
+ $$multi_ref = $line;
+
+ $disabled = 1 if ($line =~ /^alert/);
+
+ # Keep on reading as long as line ends with "\".
+ while (!$broken && $line =~ /\\\s*\n$/) {
+
+ # Remove trailing "\" and newline for single-line version.
+ $$single_ref =~ s/\\\s*\n//;
+
+ # If there are no more lines, this can not be a valid multi-line rule.
+ if (!($line = shift(@$arr_ref))) {
+
+ warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
+ if ($config{verbose});
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+
+ # Multi-line continuation.
+ $$multi_ref .= $line;
+
+ # If there are non-comment lines in the middle of a disabled rule,
+ # mark the rule as broken to return as non-rule lines.
+ if ($line !~ /^alert/ && $disabled) {
+ $broken = 1;
+ } elsif ($line =~ /^alert/ && !$disabled) {
+ # comment line (with trailing slash) in the middle of an active rule - ignore it
+ } else {
+ $line =~ s/^\s*alert*\s*/alert/; # remove leading # in single-line version
+ $$single_ref .= $line;
+ }
+
+ } # while line ends with "\"
+
+ # Single-line version should now be a valid rule.
+ # If not, it wasn't a valid multi-line rule after all.
+ if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
+
+ $$single_ref =~ s/^\s*//; # remove leading whitespaces
+ $$single_ref =~ s/^alert+\s*/#/; # remove whitespaces next to leading #
+ $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ $$multi_ref =~ s/^\s*//;
+ $$multi_ref =~ s/\s*\n$/\n/;
+ $$multi_ref =~ s/^alert+\s*/alert/;
+
+ return (1); # return multi
+ } else {
+ warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
+ if ($config{verbose} && $$multi_ref !~ /^alert/);
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+ } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
+ $$single_ref = $line;
+ $$single_ref =~ s/^\s*//;
+ $$single_ref =~ s/^alert+\s*/alert/;
+ $$single_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return single
+ } else { # non-rule line
+
+ # Do extra check and warn if it *might* be a rule anyway,
+ # but that we just couldn't parse for some reason.
+ warn("\nWARNING: line may be a rule but it could not be parsed ".
+ "(missing sid or msg?): $line\n")
+ if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
+
+ $$nonrule_ref = $line;
+ $$nonrule_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return non-rule
+ }
+}
+
+
+
+# Same as in oinkmaster.pl.
+sub parse_singleline_rule($ $ $)
+{
+ my $line = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
+
+ if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
+ $$msg_ref = $1;
+ } else {
+ return (0);
+ }
+
+ if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
+ $$sid_ref = $1;
+ } else {
+ return (0);
+ }
+
+ return (1);
+ }
+
+ return (0);
+}
diff --git a/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl b/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl
new file mode 100644
index 00000000..80354735
--- /dev/null
+++ b/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl
@@ -0,0 +1,261 @@
+#!/usr/bin/perl -w
+
+# $Id: makesidex.pl,v 1.11 2005/12/31 13:42:46 andreas_o Exp $ #
+
+# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above
+# copyright notice, this list of conditions and the following
+# disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its
+# contributors may be used to endorse or promote products
+# derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+use strict;
+
+sub get_next_entry($ $ $ $ $ $);
+sub parse_singleline_rule($ $ $);
+
+
+# Regexp to match the start of a multi-line rule.
+# %ACTIONS% will be replaced with content of $config{actions} later.
+my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.*\\\\\s*\n$'; # ';
+
+# Regexp to match a single-line rule.
+my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.+;\s*\)\s*$'; # ';
+
+my $USAGE = << "RTFM";
+
+Parse *.rules in one or more directories and look for all rules that are
+disabled (i.e. begin with "#") and print "disablesid <sid> # <msg>" to
+standard output for all those rules. This output can be redirected to a
+file, which will be understood by Oinkmaster.
+
+Usage: $0 <rulesdir> [rulesdir2, ...]
+
+RTFM
+
+my $verbose = 1;
+
+my (%disabled, %config);
+
+my @rulesdirs = @ARGV;
+
+die($USAGE) unless ($#rulesdirs > -1);
+
+$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic";
+
+$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+
+foreach my $rulesdir (@rulesdirs) {
+ opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n");
+
+ while (my $file = readdir(RULESDIR)) {
+ next unless ($file =~ /\.rules$/);
+
+ open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n");
+ my @file = <FILE>;
+ close(FILE);
+
+ my ($single, $multi, $nonrule, $msg, $sid);
+
+ while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
+ $single = $multi if (defined($multi));
+ $disabled{$sid} = $msg
+ if (defined($single) && $single =~ /^\s*#/);
+ }
+ }
+}
+
+# Print results.
+foreach my $sid (sort { $a <=> $b } keys(%disabled)) {
+ printf("%-25s # %s\n", "disablesid $sid", $disabled{$sid});
+}
+
+
+
+# Same as in oinkmaster.pl.
+sub get_next_entry($ $ $ $ $ $)
+{
+ my $arr_ref = shift;
+ my $single_ref = shift;
+ my $multi_ref = shift;
+ my $nonrule_ref = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ undef($$single_ref);
+ undef($$multi_ref);
+ undef($$nonrule_ref);
+ undef($$msg_ref);
+ undef($$sid_ref);
+
+ my $line = shift(@$arr_ref) || return(0);
+ my $disabled = 0;
+ my $broken = 0;
+
+ # Possible beginning of multi-line rule?
+ if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
+ $$single_ref = $line;
+ $$multi_ref = $line;
+
+ $disabled = 1 if ($line =~ /^\s*#/);
+
+ # Keep on reading as long as line ends with "\".
+ while (!$broken && $line =~ /\\\s*\n$/) {
+
+ # Remove trailing "\" and newline for single-line version.
+ $$single_ref =~ s/\\\s*\n//;
+
+ # If there are no more lines, this can not be a valid multi-line rule.
+ if (!($line = shift(@$arr_ref))) {
+
+ warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
+ if ($config{verbose});
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+
+ # Multi-line continuation.
+ $$multi_ref .= $line;
+
+ # If there are non-comment lines in the middle of a disabled rule,
+ # mark the rule as broken to return as non-rule lines.
+ if ($line !~ /^\s*#/ && $disabled) {
+ $broken = 1;
+ } elsif ($line =~ /^\s*#/ && !$disabled) {
+ # comment line (with trailing slash) in the middle of an active rule - ignore it
+ } else {
+ $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
+ $$single_ref .= $line;
+ }
+
+ } # while line ends with "\"
+
+ # Single-line version should now be a valid rule.
+ # If not, it wasn't a valid multi-line rule after all.
+ if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
+
+ $$single_ref =~ s/^\s*//; # remove leading whitespaces
+ $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
+ $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ $$multi_ref =~ s/^\s*//;
+ $$multi_ref =~ s/\s*\n$/\n/;
+ $$multi_ref =~ s/^#+\s*/#/;
+
+ return (1); # return multi
+ } else {
+ warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
+ if ($config{verbose} && $$multi_ref !~ /^\s*#/);
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+ } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
+ $$single_ref = $line;
+ $$single_ref =~ s/^\s*//;
+ $$single_ref =~ s/^#+\s*/#/;
+ $$single_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return single
+ } else { # non-rule line
+
+ # Do extra check and warn if it *might* be a rule anyway,
+ # but that we just couldn't parse for some reason.
+ warn("\nWARNING: line may be a rule but it could not be parsed ".
+ "(missing sid or msg?): $line\n")
+ if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
+
+ $$nonrule_ref = $line;
+ $$nonrule_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return non-rule
+ }
+}
+
+
+
+# Same as in oinkmaster.pl.
+sub parse_singleline_rule($ $ $)
+{
+ my $line = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
+
+ if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
+ $$msg_ref = $1;
+ } else {
+ return (0);
+ }
+
+ if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
+ $$sid_ref = $1;
+ } else {
+ return (0);
+ }
+
+ return (1);
+ }
+
+ return (0);
+}
diff --git a/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl b/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl
new file mode 100644
index 00000000..4e96f7db
--- /dev/null
+++ b/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl
@@ -0,0 +1,1046 @@
+#!/usr/bin/perl -w
+
+# $Id: oinkgui.pl,v 1.52 2005/12/31 13:42:46 andreas_o Exp $ #
+
+# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above
+# copyright notice, this list of conditions and the following
+# disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its
+# contributors may be used to endorse or promote products
+# derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+use 5.006001;
+
+use strict;
+use File::Spec;
+use Tk;
+use Tk::Balloon;
+use Tk::BrowseEntry;
+use Tk::FileSelect;
+use Tk::NoteBook;
+use Tk::ROText;
+
+use constant CSIDL_DRIVES => 17;
+
+sub update_rules();
+sub clear_messages();
+sub create_cmdline($);
+sub fileDialog($ $ $ $);
+sub load_config();
+sub save_config();
+sub save_messages();
+sub update_file_label_color($ $ $);
+sub create_fileSelectFrame($ $ $ $ $ $);
+sub create_checkbutton($ $ $);
+sub create_radiobutton($ $ $);
+sub create_actionbutton($ $ $);
+sub execute_oinkmaster(@);
+sub logmsg($ $);
+
+
+my $version = 'Oinkmaster GUI v1.1';
+
+my @oinkmaster_conf = qw(
+ /etc/oinkmaster.conf
+ /usr/local/etc/oinkmaster.conf
+);
+
+# List of URLs that will show up in the URL BrowseEntry.
+my @urls = qw(
+ http://www.bleedingsnort.com/bleeding.rules.tar.gz
+ http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
+ http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz
+ http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.3.tar.gz
+);
+
+my %color = (
+ background => 'Bisque3',
+ button => 'Bisque2',
+ label => 'Bisque1',
+ notebook_bg => 'Bisque2',
+ notebook_inact => 'Bisque3',
+ file_label_ok => '#00e000',
+ file_label_not_ok => 'red',
+ out_frame_fg => 'white',
+ out_frame_bg => 'black',
+ entry_bg => 'white',
+ button_active => 'white',
+ button_bg => 'Bisque4',
+);
+
+my %config = (
+ animate => 1,
+ careful => 0,
+ enable_all => 0,
+ check_removed => 0,
+ output_mode => 'normal',
+ diff_mode => 'detailed',
+ perl => $^X,
+ oinkmaster => "",
+ oinkmaster_conf => "",
+ outdir => "",
+ url => "",
+ varfile => "",
+ backupdir => "",
+ editor => "",
+);
+
+my %help = (
+
+ # File locations.
+ oinkscript => 'Location of the executable Oinkmaster script (oinkmaster.pl).',
+ oinkconf => 'The Oinkmaster configuration file to use.',
+ outdir => 'Where to put the new rules. This should be the directory where you '.
+ 'store your current rules.',
+
+ url => 'Alternate location of rules archive to download/copy. '.
+ 'Leave empty to use the location set in oinkmaster.conf.',
+ varfile => 'Variables that exist in downloaded snort.conf but not in '.
+ 'this file will be added to it. Leave empty to skip.',
+ backupdir => 'Directory to put tarball of old rules before overwriting them. '.
+ 'Leave empty to skip backup.',
+ editor => 'Full path to editor to execute when pressing the "edit" button '.
+ '(wordpad is recommended on Windows). ',
+
+ # Checkbuttons.
+ careful => 'In careful mode, Oinkmaster will just check for changes, '.
+ 'not update anything.',
+ enable => 'Some rules may be commented out by default (for a reason!). '.
+ 'This option will make Oinkmaster enable those.',
+ removed => 'Check for rules files that exist in the output directory but not '.
+ 'in the downloaded rules archive.',
+
+ # Action buttons.
+ clear => 'Clear current output messages.',
+ save => 'Save current output messages to file.',
+ exit => 'Exit the GUI.',
+ update => 'Execute Oinkmaster to update the rules.',
+ test => 'Test current Oinkmaster configuration. ' .
+ 'If there are no fatal errors, you are ready to update the rules.',
+ version => 'Request version information from Oinkmaster.',
+);
+
+
+my $gui_config_file = "";
+my $use_fileop = 0;
+
+
+#### MAIN ####
+
+select STDERR;
+$| = 1;
+select STDOUT;
+$| = 1;
+
+# Find out if can use Win32::FileOp.
+if ($^O eq 'MSWin32') {
+ BEGIN { $^W = 0 }
+ $use_fileop = 1 if (eval "require Win32::FileOp");
+}
+
+# Find out which oinkmaster.pl file to default to.
+foreach my $dir (File::Spec->path()) {
+ my $file = "$dir/oinkmaster";
+ if (-f "$file" && (-x "$file" || $^O eq 'MSWin32')) {
+ $config{oinkmaster} = $file;
+ last;
+ } elsif (-f "$file.pl" && (-x "$file" || $^O eq 'MSWin32')) {
+ $config{oinkmaster} = "$file.pl";
+ last;
+ }
+}
+
+# Find out which oinkmaster config file to default to.
+foreach my $file (@oinkmaster_conf) {
+ if (-e "$file") {
+ $config{oinkmaster_conf} = $file;
+ last;
+ }
+}
+
+# Find out where the GUI config file is (it's not required).
+if ($ENV{HOME}) {
+ $gui_config_file = "$ENV{HOME}/.oinkguirc"
+} elsif ($ENV{HOMEDRIVE} && $ENV{HOMEPATH}) {
+ $gui_config_file = "$ENV{HOMEDRIVE}$ENV{HOMEPATH}\\.oinkguirc";
+}
+
+
+# Create main window.
+my $main = MainWindow->new(
+ -background => "$color{background}",
+ -title => "$version",
+);
+
+
+# Create scrolled frame with output messages.
+my $out_frame = $main->Scrolled('ROText',
+ -setgrid => 'true',
+ -scrollbars => 'e',
+ -background => $color{out_frame_bg},
+ -foreground => $color{out_frame_fg},
+);
+
+
+my $help_label = $main->Label(
+ -relief => 'groove',
+ -background => "$color{label}",
+);
+
+my $balloon = $main->Balloon(
+ -statusbar => $help_label,
+);
+
+
+# Create notebook.
+my $notebook = $main->NoteBook(
+ -ipadx => 6,
+ -ipady => 6,
+ -background => $color{notebook_bg},
+ -inactivebackground => $color{notebook_inact},
+ -backpagecolor => $color{background},
+);
+
+
+# Create tab with required files/dirs.
+my $req_tab = $notebook->add("required",
+ -label => "Required files and directories",
+ -underline => 0,
+);
+
+$req_tab->configure(-bg => "$color{notebook_inact}");
+
+
+# Create frame with oinkmaster.pl location.
+my $filetypes = [
+ ['Oinkmaster script', 'oinkmaster.pl'],
+ ['All files', '*' ]
+];
+
+my $oinkscript_frame =
+ create_fileSelectFrame($req_tab, "oinkmaster.pl", 'EXECFILE',
+ \$config{oinkmaster}, 'NOEDIT', $filetypes);
+
+$balloon->attach($oinkscript_frame, -statusmsg => $help{oinkscript});
+
+
+# Create frame with oinkmaster.conf location.
+$filetypes = [
+ ['configuration files', '.conf'],
+ ['All files', '*' ]
+];
+
+my $oinkconf_frame =
+ create_fileSelectFrame($req_tab, "oinkmaster.conf", 'ROFILE',
+ \$config{oinkmaster_conf}, 'EDIT', $filetypes);
+
+$balloon->attach($oinkconf_frame, -statusmsg => $help{oinkconf});
+
+
+# Create frame with output directory.
+my $outdir_frame =
+ create_fileSelectFrame($req_tab, "output directory", 'WRDIR',
+ \$config{outdir}, 'NOEDIT', undef);
+
+$balloon->attach($outdir_frame, -statusmsg => $help{outdir});
+
+
+
+# Create tab with optional files/dirs.
+my $opt_tab = $notebook->add("optional",
+ -label => "Optional files and directories",
+ -underline => 0,
+);
+
+$opt_tab->configure(-bg => "$color{notebook_inact}");
+
+# Create frame with alternate URL location.
+$filetypes = [
+ ['compressed tar files', '.tar.gz']
+];
+
+my $url_frame =
+ create_fileSelectFrame($opt_tab, "Alternate URL", 'URL',
+ \$config{url}, 'NOEDIT', $filetypes);
+
+$balloon->attach($url_frame, -statusmsg => $help{url});
+
+
+# Create frame with variable file.
+$filetypes = [
+ ['Snort configuration files', ['.conf', '.config']],
+ ['All files', '*' ]
+];
+
+my $varfile_frame =
+ create_fileSelectFrame($opt_tab, "Variable file", 'WRFILE',
+ \$config{varfile}, 'EDIT', $filetypes);
+
+$balloon->attach($varfile_frame, -statusmsg => $help{varfile});
+
+
+# Create frame with backup dir location.
+my $backupdir_frame =
+ create_fileSelectFrame($opt_tab, "Backup directory", 'WRDIR',
+ \$config{backupdir}, 'NOEDIT', undef);
+
+$balloon->attach($backupdir_frame, -statusmsg => $help{backupdir});
+
+
+# Create frame with editor location.
+$filetypes = [
+ ['executable files', ['.exe']],
+ ['All files', '*' ]
+];
+
+my $editor_frame =
+ create_fileSelectFrame($opt_tab, "Editor", 'EXECFILE',
+ \$config{editor}, 'NOEDIT', $filetypes);
+
+$balloon->attach($editor_frame, -statusmsg => $help{editor});
+
+
+
+$notebook->pack(
+ -expand => 'no',
+ -fill => 'x',
+ -padx => '5',
+ -pady => '5',
+ -side => 'top'
+);
+
+
+# Create the frame to the left.
+my $left_frame = $main->Frame(
+ -background => "$color{label}",
+ -border => '2',
+)->pack(
+ -side => 'left',
+ -fill => 'y',
+);
+
+
+# Create "GUI settings" label.
+$left_frame->Label(
+ -text => "GUI settings:",
+ -background => "$color{label}",
+)->pack(
+ -side => 'top',
+ -fill => 'x',
+);
+
+
+create_actionbutton($left_frame, "Load saved settings", \&load_config);
+create_actionbutton($left_frame, "Save current settings", \&save_config);
+
+
+# Create "options" label at the top of the left frame.
+$left_frame->Label(
+ -text => "Options:",
+ -background => "$color{label}",
+)->pack(-side => 'top',
+ -fill => 'x',
+);
+
+
+# Create checkbuttons in the left frame.
+$balloon->attach(
+ create_checkbutton($left_frame, "Careful mode", \$config{careful}),
+ -statusmsg => $help{careful}
+);
+
+$balloon->attach(
+ create_checkbutton($left_frame, "Enable all", \$config{enable_all}),
+ -statusmsg => $help{enable}
+);
+
+$balloon->attach(
+ create_checkbutton($left_frame, "Check for removed files", \$config{check_removed}),
+ -statusmsg => $help{removed}
+);
+
+
+# Create "mode" label.
+$left_frame->Label(
+ -text => "Output mode:",
+ -background => "$color{label}",
+)->pack(
+ -side => 'top',
+ -fill => 'x',
+);
+
+# Create mode radiobuttons in the left frame.
+create_radiobutton($left_frame, "super-quiet", \$config{output_mode});
+create_radiobutton($left_frame, "quiet", \$config{output_mode});
+create_radiobutton($left_frame, "normal", \$config{output_mode});
+create_radiobutton($left_frame, "verbose", \$config{output_mode});
+
+# Create "Diff mode" label.
+$left_frame->Label(
+ -text => "Diff mode:",
+ -background => "$color{label}",
+)->pack(
+ -side => 'top',
+ -fill => 'x',
+);
+
+create_radiobutton($left_frame, "detailed", \$config{diff_mode});
+create_radiobutton($left_frame, "summarized", \$config{diff_mode});
+create_radiobutton($left_frame, "remove common", \$config{diff_mode});
+
+
+# Create "activity messages" label.
+$main->Label(
+ -text => "Output messages:",
+ -width => '130',
+ -background => "$color{label}",
+)->pack(
+ -side => 'top',
+ -fill => 'x',
+);
+
+
+
+# Pack output frame.
+$out_frame->pack(
+ -expand => 'yes',
+ -fill => 'both',
+);
+
+
+# Pack help label below output window.
+$help_label->pack(
+ -fill => 'x',
+);
+
+
+# Create "actions" label.
+$left_frame->Label(
+ -text => "Actions:",
+ -background => "$color{label}",
+)->pack(
+ -side => 'top',
+ -fill => 'x',
+);
+
+
+# Create action buttons.
+
+$balloon->attach(
+ create_actionbutton($left_frame, "Update rules!", \&update_rules),
+ -statusmsg => $help{update}
+);
+
+$balloon->attach(
+ create_actionbutton($left_frame, "Clear output messages", \&clear_messages),
+ -statusmsg => $help{clear}
+);
+
+$balloon->attach(
+ create_actionbutton($left_frame, "Save output messages", \&save_messages),
+ -statusmsg => $help{save}
+);
+
+$balloon->attach(
+ create_actionbutton($left_frame, "Exit", \&exit),
+ -statusmsg => $help{exit}
+);
+
+
+
+# Make the mousewheel scroll the output window. Taken from Mastering Perl/Tk.
+if ($^O eq 'MSWin32') {
+ $out_frame->bind('<MouseWheel>' =>
+ [ sub { $_[0]->yview('scroll', -($_[1] / 120) * 3, 'units')},
+ Ev('D') ]
+ );
+} else {
+ $out_frame->bind('<4>' => sub {
+ $_[0]->yview('scroll', -3, 'units') unless $Tk::strictMotif;
+ });
+
+ $out_frame->bind('<5>' => sub {
+ $_[0]->yview('scroll', +3, 'units') unless $Tk::strictMotif;
+ });
+}
+
+
+
+# Now the fun begins.
+if ($config{animate}) {
+ foreach (split(//, "Welcome to $version")) {
+ logmsg("$_", 'MISC');
+ $out_frame->after(5);
+ }
+} else {
+ logmsg("Welcome to $version", 'MISC');
+}
+
+logmsg("\n\n", 'MISC');
+
+# Load gui settings into %config.
+load_config();
+
+
+# Warn if any required file/directory is not set.
+logmsg("No oinkmaster.pl set, please select one above!\n\n", 'ERROR')
+ if ($config{oinkmaster} !~ /\S/);
+
+logmsg("No oinkmaster configuration file set, please select one above!\n\n", 'ERROR')
+ if ($config{oinkmaster_conf} !~ /\S/);
+
+logmsg("Output directory is not set, please select one above!\n\n", 'ERROR')
+ if ($config{outdir} !~ /\S/);
+
+
+MainLoop;
+
+
+
+#### END ####
+
+
+
+sub fileDialog($ $ $ $)
+{
+ my $var_ref = shift;
+ my $title = shift;
+ my $type = shift;
+ my $filetypes = shift;
+ my $dirname;
+
+ if ($type eq 'WRDIR') {
+ if ($use_fileop) {
+ $dirname = Win32::FileOp::BrowseForFolder("title", CSIDL_DRIVES);
+ } else {
+ my $fs = $main->FileSelect();
+ $fs->configure(-verify => ['-d', '-w'], -title => $title);
+ $dirname = $fs->Show;
+ }
+ $$var_ref = $dirname if ($dirname);
+ } elsif ($type eq 'EXECFILE' || $type eq 'ROFILE' || $type eq 'WRFILE' || $type eq 'URL') {
+ my $filename = $main->getOpenFile(-title => $title, -filetypes => $filetypes);
+ $$var_ref = $filename if ($filename);
+ } elsif ($type eq 'SAVEFILE') {
+ my $filename = $main->getSaveFile(-title => $title, -filetypes => $filetypes);
+ $$var_ref = $filename if ($filename);
+ } else {
+ logmsg("Unknown type ($type)\n", 'ERROR');
+ }
+}
+
+
+
+sub update_file_label_color($ $ $)
+{
+ my $label = shift;
+ my $filename = shift;
+ my $type = shift;
+
+ $filename =~ s/^\s+//;
+ $filename =~ s/\s+$//;
+
+ unless ($filename) {
+ $label->configure(-background => $color{file_label_not_ok});
+ return (1);
+ }
+
+ if ($type eq "URL") {
+ if ($filename =~ /^(?:http|ftp|scp):\/\/.+\.tar\.gz$/) {
+ $label->configure(-background => $color{file_label_ok});
+ } elsif ($filename =~ /^(?:file:\/\/)*(.+\.tar\.gz)$/) {
+ my $file = $1;
+ if (-f "$file" && -r "$file") {
+ $label->configure(-background => $color{file_label_ok});
+ } else {
+ $label->configure(-background => $color{file_label_not_ok});
+ }
+ } else {
+ $label->configure(-background => $color{file_label_not_ok});
+ }
+ } elsif ($type eq "ROFILE") {
+ if (-f "$filename" && -r "$filename") {
+ $label->configure(-background => $color{file_label_ok});
+ } else {
+ $label->configure(-background => $color{file_label_not_ok});
+ }
+ } elsif ($type eq "EXECFILE") {
+ if (-f "$filename" && (-x "$filename" || $^O eq 'MSWin32')) {
+ $label->configure(-background => $color{file_label_ok});
+ } else {
+ $label->configure(-background => $color{file_label_not_ok});
+ }
+ } elsif ($type eq "WRFILE") {
+ if (-f "$filename" && -w "$filename") {
+ $label->configure(-background => $color{file_label_ok});
+ } else {
+ $label->configure(-background => $color{file_label_not_ok});
+ }
+ } elsif ($type eq "WRDIR") {
+ if (-d "$filename" && -w "$filename") {
+ $label->configure(-background => $color{file_label_ok});
+ } else {
+ $label->configure(-background => $color{file_label_not_ok});
+ }
+ } else {
+ print STDERR "incorrect type ($type)\n";
+ exit;
+ }
+
+ return (1);
+}
+
+
+
+sub create_checkbutton($ $ $)
+{
+ my $frame = shift;
+ my $name = shift;
+ my $var_ref = shift;
+
+ my $button = $frame->Checkbutton(
+ -text => $name,
+ -background => $color{button},
+ -activebackground => $color{button_active},
+ -highlightbackground => $color{button_bg},
+ -variable => $var_ref,
+ -relief => 'raise',
+ -anchor => 'w',
+ )->pack(
+ -fill => 'x',
+ -side => 'top',
+ -pady => '1',
+ );
+
+ return ($button);
+}
+
+
+
+sub create_actionbutton($ $ $)
+{
+ my $frame = shift;
+ my $name = shift;
+ my $func_ref = shift;
+
+ my $button = $frame->Button(
+ -text => $name,
+ -command => sub {
+ &$func_ref;
+ $out_frame->focus;
+ },
+ -background => $color{button},
+ -activebackground => $color{button_active},
+ -highlightbackground => $color{button_bg},
+ )->pack(
+ -fill => 'x',
+ );
+
+ return ($button);
+}
+
+
+
+sub create_radiobutton($ $ $)
+{
+ my $frame = shift;
+ my $name = shift;
+ my $mode_ref = shift;
+
+ my $button = $frame->Radiobutton(
+ -text => $name,
+ -highlightbackground => $color{button_bg},
+ -background => $color{button},
+ -activebackground => $color{button_active},
+ -variable => $mode_ref,
+ -relief => 'raised',
+ -anchor => 'w',
+ -value => $name,
+ )->pack(
+ -side => 'top',
+ -pady => '1',
+ -fill => 'x',
+ );
+
+ return ($button);
+}
+
+
+
+# Create <label><entry><browsebutton> in given frame.
+sub create_fileSelectFrame($ $ $ $ $ $)
+{
+ my $win = shift;
+ my $name = shift;
+ my $type = shift; # FILE|DIR|URL
+ my $var_ref = shift;
+ my $edtype = shift; # EDIT|NOEDIT
+ my $filetypes = shift;
+
+ # Create frame.
+ my $frame = $win->Frame(
+ -bg => $color{background},
+ )->pack(
+ -padx => '2',
+ -pady => '2',
+ -fill => 'x'
+ );
+
+ # Create label.
+ my $label = $frame->Label(
+ -text => $name,
+ -width => '16',
+ -relief => 'raised',
+ -background => "$color{file_label_not_ok}",
+ )->pack(
+ -side => 'left'
+ );
+
+ my $entry;
+
+ if ($type eq 'URL') {
+ $entry = $frame->BrowseEntry(
+ -textvariable => $var_ref,
+ -background => $color{entry_bg},
+ -width => '80',
+ -choices => \@urls,
+ -validate => 'key',
+ -validatecommand => sub { update_file_label_color($label, $_[0], $type) },
+ )->pack(
+ -side => 'left',
+ -expand => 'yes',
+ -fill => 'x'
+ );
+ } else {
+ $entry = $frame->Entry(
+ -textvariable => $var_ref,
+ -background => $color{entry_bg},
+ -width => '80',
+ -validate => 'key',
+ -validatecommand => sub { update_file_label_color($label, $_[0], $type) },
+ )->pack(
+ -side => 'left',
+ -expand => 'yes',
+ -fill => 'x'
+ );
+ }
+
+ # Create edit-button if file is ediable.
+ if ($edtype eq 'EDIT') {
+ my $edit_but = $frame->Button(
+ -text => "Edit",
+ -background => "$color{button}",
+ -command => sub {
+ unless (-e "$$var_ref") {
+ logmsg("Select an existing file first!\n\n", 'ERROR');
+ return;
+ }
+
+ if ($config{editor}) {
+ $main->Busy(-recurse => 1);
+ logmsg("Launching " . $config{editor} .
+ ", close it to continue the GUI.\n\n", 'MISC');
+ sleep(2);
+ system($config{editor}, $$var_ref); # MainLoop will be put on hold...
+ $main->Unbusy;
+ } else {
+ logmsg("No editor set\n\n", 'ERROR');
+ }
+ }
+ )->pack(
+ -side => 'left',
+ );
+ }
+
+ # Create browse-button.
+ my $but = $frame->Button(
+ -text => "browse ...",
+ -background => $color{button},
+ -command => sub {
+ fileDialog($var_ref, $name, $type, $filetypes);
+ }
+ )->pack(
+ -side => 'left',
+ );
+
+ return ($frame);
+}
+
+
+
+sub logmsg($ $)
+{
+ my $text = shift;
+ my $type = shift;
+
+ return unless (defined($text));
+
+ $out_frame->tag(qw(configure OUTPUT -foreground grey));
+ $out_frame->tag(qw(configure ERROR -foreground red));
+ $out_frame->tag(qw(configure MISC -foreground white));
+ $out_frame->tag(qw(configure EXEC -foreground bisque2));
+
+ $out_frame->insert('end', "$text", "$type");
+ $out_frame->see('end');
+ $out_frame->update;
+}
+
+
+
+
+sub execute_oinkmaster(@)
+{
+ my @cmd = @_;
+ my @obfuscated_cmd;
+
+ # Obfuscate possible password in url.
+ foreach my $line (@cmd) {
+ if ($line =~ /^(\S+:\/\/.+?):.+?@(.+)/) {
+ push(@obfuscated_cmd, "$1:*password*\@$2");
+ } else {
+ push(@obfuscated_cmd, $line);
+ }
+ }
+
+ logmsg("@obfuscated_cmd:\n", 'EXEC');
+
+ $main->Busy(-recurse => 1);
+
+ if ($^O eq 'MSWin32') {
+ open(OINK, "@cmd 2>&1|");
+ while (<OINK>) {
+ logmsg($_, 'OUTPUT');
+ }
+ close(OINK);
+ } else {
+ if (open(OINK,"-|")) {
+ while (<OINK>) {
+ logmsg($_, 'OUTPUT');
+ }
+ } else {
+ open(STDERR, '>&STDOUT');
+ exec(@cmd);
+ }
+ close(OINK);
+ }
+
+ $main->Unbusy;
+ logmsg("done.\n\n", 'EXEC');
+}
+
+
+
+sub clear_messages()
+{
+ $out_frame->delete('1.0','end');
+ $out_frame->update;
+}
+
+
+
+sub save_messages()
+{
+ my $text = $out_frame->get('1.0', 'end');
+ my $title = 'Save output messages';
+ my $filename;
+
+ my $filetypes = [
+ ['Log files', ['.log', '.txt']],
+ ['All files', '*' ]
+ ];
+
+
+ if (length($text) > 1) {
+ fileDialog(\$filename, $title, 'SAVEFILE', $filetypes);
+ if (defined($filename)) {
+
+ unless (open(LOG, ">", "$filename")) {
+ logmsg("Could not open $filename for writing: $!\n\n", 'ERROR');
+ return;
+ }
+
+ print LOG $text;
+ close(LOG);
+ logmsg("Successfully saved output messages to $filename\n\n", 'MISC');
+ }
+
+ } else {
+ logmsg("Nothing to save.\n\n", 'ERROR');
+ }
+}
+
+
+
+sub update_rules()
+{
+ my @cmd;
+
+ create_cmdline(\@cmd) || return;
+ clear_messages();
+ execute_oinkmaster(@cmd);
+}
+
+
+
+sub create_cmdline($)
+{
+ my $cmd_ref = shift;
+
+ my $oinkmaster = $config{oinkmaster};
+ my $oinkmaster_conf = $config{oinkmaster_conf};
+ my $outdir = $config{outdir};
+ my $varfile = $config{varfile};
+ my $url = $config{url};
+ my $backupdir = $config{backupdir};
+
+ # Assume file:// if url prefix is missing.
+ if ($url) {
+ $url = "file://$url" unless ($url =~ /(?:http|ftp|file|scp):\/\//);
+ if ($url =~ /.+<oinkcode>.+/) {
+ logmsg("You must replace <oinkcode> with your real oinkcode, see the FAQ!\n\n", 'ERROR');
+ return (0);
+ }
+ }
+
+ $oinkmaster = File::Spec->rel2abs($oinkmaster)
+ if ($oinkmaster);
+
+ $outdir = File::Spec->canonpath("$outdir");
+ $backupdir = File::Spec->canonpath("$backupdir");
+
+ # Clean leading/trailing whitespaces.
+ foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir,
+ \$varfile, \$url, \$backupdir) {
+ $$var_ref =~ s/^\s+//;
+ $$var_ref =~ s/\s+$//;
+ }
+
+ unless ($config{oinkmaster} && -f "$config{oinkmaster}" &&
+ (-x "$config{oinkmaster}" || $^O eq 'MSWin32')) {
+ logmsg("Location of oinkmaster.pl is not set correctly!\n\n", 'ERROR');
+ return;
+ }
+
+ unless ($oinkmaster_conf && -f "$oinkmaster_conf") {
+ logmsg("Location of configuration file is not set correctlyy!\n\n", 'ERROR');
+ return (0);
+ }
+
+ unless ($outdir && -d "$outdir") {
+ logmsg("Output directory is not set correctly!\n\n", 'ERROR');
+ return (0);
+ }
+
+ # Add leading/trailing "" if win32.
+ foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir,
+ \$varfile, \$url, \$backupdir) {
+ if ($^O eq 'MSWin32' && $$var_ref) {
+ $$var_ref = "\"$$var_ref\"";
+ }
+ }
+
+ push(@$cmd_ref,
+ "$config{perl}", "$oinkmaster",
+ "-C", "$oinkmaster_conf",
+ "-o", "$outdir");
+
+ push(@$cmd_ref, "-c") if ($config{careful});
+ push(@$cmd_ref, "-e") if ($config{enable_all});
+ push(@$cmd_ref, "-r") if ($config{check_removed});
+ push(@$cmd_ref, "-q") if ($config{output_mode} eq "quiet");
+ push(@$cmd_ref, "-Q") if ($config{output_mode} eq "super-quiet");
+ push(@$cmd_ref, "-v") if ($config{output_mode} eq "verbose");
+ push(@$cmd_ref, "-m") if ($config{diff_mode} eq "remove common");
+ push(@$cmd_ref, "-s") if ($config{diff_mode} eq "summarized");
+ push(@$cmd_ref, "-U", "$varfile") if ($varfile);
+ push(@$cmd_ref, "-b", "$backupdir") if ($backupdir);
+
+ push(@$cmd_ref, "-u", "$url")
+ if ($url);
+
+ return (1);
+}
+
+
+
+# Load $config file into %config hash.
+sub load_config()
+{
+ unless (defined($gui_config_file) && $gui_config_file) {
+ logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR');
+ return;
+ }
+
+ unless (-e "$gui_config_file") {
+ logmsg("$gui_config_file does not exist, keeping current/default settings\n\n", 'MISC');
+ return;
+ }
+
+ unless (open(RC, "<", "$gui_config_file")) {
+ logmsg("Could not open $gui_config_file for reading: $!\n\n", 'ERROR');
+ return;
+ }
+
+ while (<RC>) {
+ next unless (/^(\S+)=(.*)/);
+ $config{$1} = $2;
+ }
+
+ close(RC);
+ logmsg("Successfully loaded GUI settings from $gui_config_file\n\n", 'MISC');
+}
+
+
+
+# Save %config into file $config.
+sub save_config()
+{
+ unless (defined($gui_config_file) && $gui_config_file) {
+ logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR');
+ return;
+ }
+
+ unless (open(RC, ">", "$gui_config_file")) {
+ logmsg("Could not open $gui_config_file for writing: $!\n\n", 'ERROR');
+ return;
+ }
+
+ print RC "# Automatically created by Oinkgui. ".
+ "Do not edit directly unless you have to.\n";
+
+ foreach my $option (sort(keys(%config))) {
+ print RC "$option=$config{$option}\n";
+ }
+
+ close(RC);
+ logmsg("Successfully saved current GUI settings to $gui_config_file\n\n", 'MISC');
+}
diff --git a/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl b/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl
new file mode 100644
index 00000000..f9c4d215
--- /dev/null
+++ b/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl
@@ -0,0 +1,2754 @@
+#!/usr/bin/perl -w
+
+# $Id: oinkmaster.pl,v 1.406 2006/02/10 13:02:44 andreas_o Exp $ #
+
+# Copyright (c) 2001-2006 Andreas Östling <andreaso@it.su.se>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above
+# copyright notice, this list of conditions and the following
+# disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials
+# provided with the distribution.
+#
+# 3. Neither the name of the author nor the names of its
+# contributors may be used to endorse or promote products
+# derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+use 5.006001;
+
+use strict;
+use File::Basename;
+use File::Copy;
+use File::Path;
+use File::Spec;
+use Getopt::Long;
+use File::Temp qw(tempdir);
+
+sub show_usage();
+sub parse_cmdline($);
+sub read_config($ $);
+sub sanity_check();
+sub download_file($ $);
+sub unpack_rules_archive($ $ $);
+sub join_tmp_rules_dirs($ $ @);
+sub process_rules($ $ $ $ $ $);
+sub process_rule($ $ $ $ $ $ $ $);
+sub setup_rules_hash($ $);
+sub get_first_only($ $ $);
+sub print_changes($ $);
+sub print_changetype($ $ $ $);
+sub print_summary_change($ $);
+sub make_backup($ $);
+sub get_changes($ $ $);
+sub update_rules($ @);
+sub copy_rules($ $);
+sub is_in_path($);
+sub get_next_entry($ $ $ $ $ $);
+sub get_new_vars($ $ $ $);
+sub add_new_vars($ $);
+sub write_new_vars($ $);
+sub msdos_to_cygwin_path($);
+sub parse_mod_expr($ $ $ $);
+sub untaint_path($);
+sub approve_changes();
+sub parse_singleline_rule($ $ $);
+sub join_multilines($);
+sub minimize_diff($ $);
+sub catch_sigint();
+sub clean_exit($);
+
+
+my $VERSION = 'Oinkmaster v2.0, Copyright (C) 2001-2006 '.
+ 'Andreas Östling <andreaso@it.su.se>';
+my $OUTFILE = 'snortrules.tar.gz';
+my $RULES_DIR = 'rules';
+
+my $PRINT_NEW = 1;
+my $PRINT_OLD = 2;
+my $PRINT_BOTH = 3;
+
+my %config = (
+ careful => 0,
+ check_removed => 0,
+ config_test_mode => 0,
+ enable_all => 0,
+ interactive => 0,
+ make_backup => 0,
+ minimize_diff => 0,
+ min_files => 1,
+ min_rules => 1,
+ quiet => 0,
+ summary_output => 0,
+ super_quiet => 0,
+ update_vars => 0,
+ use_external_bins => 1,
+ verbose => 0,
+ use_path_checks => 1,
+ rule_actions => "alert|drop|log|pass|reject|sdrop|activate|dynamic",
+ tmp_basedir => $ENV{TMP} || $ENV{TMPDIR} || $ENV{TEMPDIR} || '/tmp',
+);
+
+
+# Regexp to match the start of a multi-line rule.
+# %ACTIONS% will be replaced with content of $config{actions} later.
+# sid and msg will then be looked for in parse_singleline_rule().
+my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.*\\\\\s*\n$'; # ';
+
+# Regexp to match a single-line rule.
+# sid and msg will then be looked for in parse_singleline_rule().
+my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
+ '\s.+;\s*\)\s*$'; # ';
+
+# Match var line where var name goes into $1.
+my $VAR_REGEXP = '^\s*var\s+(\S+)\s+(\S+)';
+
+# Allowed characters in misc paths/filenames, including the ones in the tarball.
+my $OK_PATH_CHARS = 'a-zA-Z\d\ _\(\)\[\]\.\-+:\\\/~@,=';
+
+# Default locations for configuration file.
+my @DEFAULT_CONFIG_FILES = qw(
+ /etc/oinkmaster.conf
+ /usr/local/etc/oinkmaster.conf
+);
+
+my @DEFAULT_DIST_VAR_FILES = qw(
+ snort.conf
+);
+
+my (%loaded, $tmpdir);
+
+
+
+#### MAIN ####
+
+# No buffering.
+select(STDERR);
+$| = 1;
+select(STDOUT);
+$| = 1;
+
+
+my $start_date = scalar(localtime);
+
+# Assume the required Perl modules are available if we're on Windows.
+$config{use_external_bins} = 0 if ($^O eq "MSWin32");
+
+# Parse command line arguments and add at least %config{output_dir}.
+parse_cmdline(\%config);
+
+# If no config was specified on command line, look for one in default locations.
+if ($#{$config{config_files}} == -1) {
+ foreach my $config (@DEFAULT_CONFIG_FILES) {
+ if (-e "$config") {
+ push(@{${config{config_files}}}, $config);
+ last;
+ }
+ }
+}
+
+# If no dist var file was specified on command line, set to default file(s).
+if ($#{$config{dist_var_files}} == -1) {
+ foreach my $var_file (@DEFAULT_DIST_VAR_FILES) {
+ push(@{${config{dist_var_files}}}, $var_file);
+ }
+}
+
+# If config is still not defined, we can't continue.
+if ($#{$config{config_files}} == -1) {
+ clean_exit("configuration file not found in default locations\n".
+ "(@DEFAULT_CONFIG_FILES)\n".
+ "Put it there or use the \"-C <file>\" argument.");
+}
+
+read_config($_, \%config) for @{$config{config_files}};
+
+# Now substitute "%ACTIONS%" with $config{rule_actions}, which may have
+# been modified after reading the config file.
+$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
+
+# If we're told not to use external binaries, load the Perl modules now.
+unless ($config{use_external_bins}) {
+ print STDERR "Loading Perl modules.\n" if ($config{verbose});
+
+ eval {
+ require IO::Zlib;
+ require Archive::Tar;
+ require LWP::UserAgent;
+ };
+
+ clean_exit("failed to load required Perl modules:\n\n$@\n".
+ "Install them or set use_external_bins to 1 ".
+ "if you want to use external binaries instead.")
+ if ($@);
+}
+
+
+# Do some basic sanity checking and exit if something fails.
+# A new PATH will be set.
+sanity_check();
+
+$SIG{INT} = \&catch_sigint;
+
+# Create temporary dir.
+$tmpdir = tempdir("oinkmaster.XXXXXXXXXX", DIR => File::Spec->rel2abs($config{tmp_basedir}))
+ or clean_exit("could not create temporary directory in $config{tmp_basedir}: $!");
+
+# If we're in config test mode and have come this far, we're done.
+if ($config{config_test_mode}) {
+ print "No fatal errors in configuration.\n";
+ clean_exit("");
+}
+
+umask($config{umask}) if exists($config{umask});
+
+# Download and unpack all the rules archives into separate tmp dirs.
+my @url_tmpdirs;
+foreach my $url (@{$config{url}}) {
+ my $url_tmpdir = tempdir("url.XXXXXXXXXX", DIR => $tmpdir)
+ or clean_exit("could not create temporary directory in $tmpdir: $!");
+ push(@url_tmpdirs, "$url_tmpdir/$RULES_DIR");
+ if ($url =~ /^dir:\/\/(.+)/) {
+ mkdir("$url_tmpdir/$RULES_DIR")
+ or clean_exit("Could not create $url_tmpdir/$RULES_DIR");
+ copy_rules($1, "$url_tmpdir/$RULES_DIR");
+ } else {
+ download_file($url, "$url_tmpdir/$OUTFILE");
+ unpack_rules_archive("$url", "$url_tmpdir/$OUTFILE", $RULES_DIR);
+ }
+}
+
+# Copy all rules files from the tmp dirs into $RULES_DIR in the tmp directory.
+# File matching 'skipfile' a directive will not be copied.
+# Filenames (with full path) will be stored as %new_files{filename}.
+# Will exit in case of duplicate filenames.
+my $num_files = join_tmp_rules_dirs("$tmpdir/$RULES_DIR", \my %new_files, @url_tmpdirs);
+
+# Make sure we have at least the minimum number of files.
+clean_exit("not enough rules files in downloaded rules archive(s).\n".
+ "Number of rules files is $num_files but minimum is set to $config{min_files}.")
+ if ($num_files < $config{min_files});
+
+# This is to read in possible 'localsid' rules.
+my %rh_tmp = setup_rules_hash(\%new_files, $config{output_dir});
+
+# Disable/modify/clean downloaded rules.
+my $num_rules = process_rules(\@{$config{sid_modify_list}},
+ \%{$config{sid_disable_list}},
+ \%{$config{sid_enable_list}},
+ \%{$config{sid_local_list}},
+ \%rh_tmp,
+ \%new_files);
+
+# Make sure we have at least the minimum number of rules.
+clean_exit("not enough rules in downloaded archive(s).\n".
+ "Number of rules is $num_rules but minimum is set to $config{min_rules}.")
+ if ($num_rules < $config{min_rules});
+
+# Setup a hash containing the content of all processed rules files.
+my %rh = setup_rules_hash(\%new_files, $config{output_dir});
+
+# Compare the new rules to the old ones.
+my %changes = get_changes(\%rh, \%new_files, $RULES_DIR);
+
+# Check for variables that exist in dist snort.conf(s) but not in local snort.conf.
+get_new_vars(\%changes, \@{$config{dist_var_files}}, $config{varfile}, \@url_tmpdirs)
+ if ($config{update_vars});
+
+
+# Find out if something had changed.
+my $something_changed = 0;
+
+$something_changed = 1
+ if (keys(%{$changes{modified_files}}) ||
+ keys(%{$changes{added_files}}) ||
+ keys(%{$changes{removed_files}}) ||
+ $#{$changes{new_vars}} > -1);
+
+
+# Update files listed in %changes{modified_files} (copy the new files
+# from the temporary directory into our output directory) and add new
+# variables to the local snort.conf if requested, unless we're running in
+# careful mode. Create backup first if running with -b.
+my $printed = 0;
+if ($something_changed) {
+ if ($config{careful}) {
+ print STDERR "Skipping backup since we are running in careful mode.\n"
+ if ($config{make_backup} && (!$config{quiet}));
+ } else {
+ if ($config{interactive}) {
+ print_changes(\%changes, \%rh);
+ $printed = 1;
+ }
+
+ if (!$config{interactive} || ($config{interactive} && approve_changes)) {
+ make_backup($config{output_dir}, $config{backup_dir})
+ if ($config{make_backup});
+
+ add_new_vars(\%changes, $config{varfile})
+ if ($config{update_vars});
+
+ update_rules($config{output_dir}, keys(%{$changes{modified_files}}));
+ }
+ }
+} else {
+ print STDERR "No files modified - no need to backup old files, skipping.\n"
+ if ($config{make_backup} && !$config{quiet});
+}
+
+print "\nOinkmaster is running in careful mode - not updating anything.\n"
+ if ($something_changed && $config{careful});
+
+print_changes(\%changes, \%rh)
+ if (!$printed && ($something_changed || !$config{quiet}));
+
+
+# Everything worked. Do a clean exit without any error message.
+clean_exit("");
+
+
+# END OF MAIN #
+
+
+
+# Show usage information and exit.
+sub show_usage()
+{
+ my $progname = basename($0);
+
+ print STDERR << "RTFM";
+
+$VERSION
+
+Usage: $progname -o <outdir> [options]
+
+<outdir> is where to put the new files.
+This should be the directory where you store your Snort rules.
+
+Options:
+-b <dir> Backup your old rules into <dir> before overwriting them
+-c Careful mode (dry run) - check for changes but do not update anything
+-C <file> Use this configuration file instead of the default
+ May be specified multiple times to load multiple files
+-e Enable all rules that are disabled by default
+-h Show this usage information
+-i Interactive mode - you will be asked to approve the changes (if any)
+-m Minimize diff when printing result by removing common parts in rules
+-q Quiet mode - no output unless changes were found
+-Q Super-quiet mode - like -q but even more quiet
+-r Check for rules files that exist in the output directory
+ but not in the downloaded rules archive
+-s Leave out details in rules results, just print SID, msg and filename
+-S <file> Look for new variables in this file in the downloaded archive instead
+ of the default (@DEFAULT_DIST_VAR_FILES). Used in conjunction with -U.
+ May be specified multiple times to search multiple files.
+-T Config test - just check configuration file(s) for errors/warnings
+-u <url> Download from this URL instead of URL(s) in the configuration file
+ (http|https|ftp|file|scp:// ... .tar.gz|.gz, or dir://<dir>)
+ May be specified multiple times to grab multiple rules archives
+-U <file> Merge new variables from downloaded snort.conf(s) into <file>
+-v Verbose mode (debug)
+-V Show version and exit
+
+RTFM
+ exit;
+}
+
+
+
+# Parse the command line arguments and exit if we don't like them.
+sub parse_cmdline($)
+{
+ my $cfg_ref = shift;
+
+ Getopt::Long::Configure("bundling");
+
+ my $cmdline_ok = GetOptions(
+ "b=s" => \$$cfg_ref{backup_dir},
+ "c" => \$$cfg_ref{careful},
+ "C=s" => \@{$$cfg_ref{config_files}},
+ "e" => \$$cfg_ref{enable_all},
+ "h" => \&show_usage,
+ "i" => \$$cfg_ref{interactive},
+ "m" => \$$cfg_ref{minimize_diff},
+ "o=s" => \$$cfg_ref{output_dir},
+ "q" => \$$cfg_ref{quiet},
+ "Q" => \$$cfg_ref{super_quiet},
+ "r" => \$$cfg_ref{check_removed},
+ "s" => \$$cfg_ref{summary_output},
+ "S=s" => \@{$$cfg_ref{dist_var_files}},
+ "T" => \$$cfg_ref{config_test_mode},
+ "u=s" => \@{$$cfg_ref{url}},
+ "U=s" => \$$cfg_ref{varfile},
+ "v" => \$$cfg_ref{verbose},
+ "V" => sub {
+ print "$VERSION\n";
+ exit(0);
+ }
+ );
+
+
+ show_usage unless ($cmdline_ok && $#ARGV == -1);
+
+ $$cfg_ref{quiet} = 1 if ($$cfg_ref{super_quiet});
+ $$cfg_ref{update_vars} = 1 if ($$cfg_ref{varfile});
+
+ if ($$cfg_ref{backup_dir}) {
+ $$cfg_ref{backup_dir} = File::Spec->canonpath($$cfg_ref{backup_dir});
+ $$cfg_ref{make_backup} = 1;
+ }
+
+ # Cannot specify dist var files without specifying var target file.
+ if (@{$$cfg_ref{dist_var_files}} && !$$cfg_ref{update_vars}) {
+ clean_exit("You can not specify distribution variable file(s) without ".
+ "also specifying local file to merge into");
+ }
+
+ # -o <dir> is the only required option in normal usage.
+ if ($$cfg_ref{output_dir}) {
+ $$cfg_ref{output_dir} = File::Spec->canonpath($$cfg_ref{output_dir});
+ } else {
+ warn("Error: no output directory specified.\n");
+ show_usage();
+ }
+
+ # Mark that url was set on command line (so we don't override it later).
+ $$cfg_ref{cmdline_url} = 1 if ($#{$config{url}} > -1);
+}
+
+
+
+# Read in stuff from the configuration file.
+sub read_config($ $)
+{
+ my $config_file = shift;
+ my $cfg_ref = shift;
+ my $linenum = 0;
+ my $multi;
+ my %templates;
+
+ $config_file = File::Spec->canonpath(File::Spec->rel2abs($config_file));
+
+ clean_exit("configuration file \"$config_file\" does not exist.\n")
+ unless (-e "$config_file");
+
+ clean_exit("\"$config_file\" is not a file.\n")
+ unless (-f "$config_file");
+
+ print STDERR "Loading $config_file\n"
+ unless ($config{quiet});
+
+ # Avoid loading the same file multiple times to avoid infinite recursion etc.
+ if ($^O eq "MSWin32") {
+ clean_exit("attempt to load \"$config_file\" twice.")
+ if ($loaded{$config_file}++);
+ } else {
+ my ($dev, $ino) = (stat($config_file))[0,1]
+ or clean_exit("unable to stat $config_file: $!");
+ clean_exit("attempt to load \"$config_file\" twice.")
+ if ($loaded{$dev, $ino}++);
+ }
+
+ open(CONF, "<", "$config_file")
+ or clean_exit("could not open configuration file \"$config_file\": $!");
+ my @conf = <CONF>;
+ close(CONF);
+
+ LINE:while ($_ = shift(@conf)) {
+ $linenum++;
+
+ unless ($multi) {
+ s/^\s*//;
+ s/^#.*//;
+ }
+
+ # Multi-line start/continuation.
+ if (/\\\s*\n$/) {
+ s/\\\s*\n$//;
+ s/^\s*#.*//;
+
+ # Be strict about removing #comments in modifysid/define_template statements, as
+ # they may contain other '#' chars.
+ if (defined($multi) && ($multi =~ /^modifysid/i || $multi =~ /^define_template/i)) {
+ s/#.*// if (/^\s*\d+[,\s\d]+#/);
+ } else {
+ s/\s*\#.*// unless (/^modifysid/i || /^define_template/i);
+ }
+
+ $multi .= $_;
+ next LINE;
+ }
+
+ # Last line of multi-line directive.
+ if (defined($multi)) {
+ $multi .= $_;
+ $_ = $multi;
+ undef($multi);
+ }
+
+ # Remove traling whitespaces (*after* a possible multi-line is rebuilt).
+ s/\s*$//;
+
+ # Remove comments unless it's a modifysid/define_template line
+ # (the "#" may be part of the modifysid expression).
+ s/\s*\#.*// unless (/^modifysid/i || /^define_template/i);
+
+ # Skip blank lines.
+ next unless (/\S/);
+
+ # Use a template and make $_ a "modifysid" line.
+ if (/^use_template\s+(\S+)\s+(\S+[^"]*)\s*(".*")*(?:#.*)*/i) {
+ my ($template_name, $sid, $args) = ($1, $2, $3);
+
+ if (exists($templates{$template_name})) {
+ my $template = $templates{$template_name}; # so we don't substitute %ARGx% globally
+
+ # Evaluate each "%ARGx%" in the template to the corresponding value.
+ if (defined($args)) {
+ my @args = split(/"\s+"/, $args);
+ foreach my $i (1 .. @args) {
+ $args[$i - 1] =~ s/^"//;
+ $args[$i - 1] =~ s/"$//;
+ $template =~ s/%ARG$i%/$args[$i - 1]/g;
+ }
+ }
+
+ # There should be no %ARGx% stuff left now.
+ if ($template =~ /%ARG\d%/) {
+ warn("WARNING: too few arguments for template \"$template_name\"\n");
+ $_ = "error"; # so it will be reported as an invalid line later
+ }
+
+ unless ($_ eq "error") {
+ $_ = "modifysid $sid $template\n";
+ print STDERR "Template \"$template_name\" expanded to: $_"
+ if ($config{verbose});
+ }
+
+ } else {
+ warn("WARNING: template \"$template_name\" has not been defined\n");
+ }
+ }
+
+ # new template definition.
+ if (/^define_template\s+(\S+)\s+(".+"\s+\|\s+".*")\s*(?:#.*)*$/i) {
+ my ($template_name, $template) = ($1, $2);
+
+ if (exists($templates{$template_name})) {
+ warn("WARNING: line $linenum in $config_file: ".
+ "template \"$template_name\" already defined, keeping old\n");
+ } else {
+ $templates{$template_name} = $template;
+ }
+
+ # modifysid <SIDORFILE[,SIDORFILE, ...]> "substthis" | "withthis"
+ } elsif (/^modifysids*\s+(\S+.*)\s+"(.+)"\s+\|\s+"(.*)"\s*(?:#.*)*$/i) {
+ my ($sid_list, $subst, $repl) = ($1, $2, $3);
+ warn("WARNING: line $linenum in $config_file is invalid, ignoring\n")
+ unless(parse_mod_expr(\@{$$cfg_ref{sid_modify_list}},
+ $sid_list, $subst, $repl));
+
+ # disablesid <SID[,SID, ...]>
+ } elsif (/^disablesids*\s+(\d.*)/i) {
+ my $sid_list = $1;
+ foreach my $sid (split(/\s*,\s*/, $sid_list)) {
+ if ($sid =~ /^\d+$/) {
+ $$cfg_ref{sid_disable_list}{$sid}++;
+ } else {
+ warn("WARNING: line $linenum in $config_file: ".
+ "\"$sid\" is not a valid SID, ignoring\n");
+ }
+ }
+
+ # localsid <SID[,SID, ...]>
+ } elsif (/^localsids*\s+(\d.*)/i) {
+ my $sid_list = $1;
+ foreach my $sid (split(/\s*,\s*/, $sid_list)) {
+ if ($sid =~ /^\d+$/) {
+ $$cfg_ref{sid_local_list}{$sid}++;
+ } else {
+ warn("WARNING: line $linenum in $config_file: ".
+ "\"$sid\" is not a valid SID, ignoring\n");
+ }
+ }
+
+ # enablesid <SID[,SID, ...]>
+ } elsif (/^enablesids*\s+(\d.*)/i) {
+ my $sid_list = $1;
+ foreach my $sid (split(/\s*,\s*/, $sid_list)) {
+ if ($sid =~ /^\d+$/) {
+ $$cfg_ref{sid_enable_list}{$sid}++;
+ } else {
+ warn("WARNING: line $linenum in $config_file: ".
+ "\"$sid\" is not a valid SID, ignoring\n");
+ }
+ }
+
+ # skipfile <file[,file, ...]>
+ } elsif (/^skipfiles*\s+(.*)/i) {
+ my $args = $1;
+ foreach my $file (split(/\s*,\s*/, $args)) {
+ if ($file =~ /^\S+$/) {
+ $config{verbose} && print STDERR "Adding file to ignore list: $file.\n";
+ $$cfg_ref{file_ignore_list}{$file}++;
+ } else {
+ warn("WARNING: line $linenum in $config_file is invalid, ignoring\n");
+ }
+ }
+
+ } elsif (/^url\s*=\s*(.*)/i) {
+ push(@{$$cfg_ref{url}}, $1)
+ unless ($$cfg_ref{cmdline_url});
+
+ } elsif (/^path\s*=\s*(.+)/i) {
+ $$cfg_ref{path} = $1;
+
+ } elsif (/^update_files\s*=\s*(.+)/i) {
+ $$cfg_ref{update_files} = $1;
+
+ } elsif (/^rule_actions\s*=\s*(.+)/i) {
+ $$cfg_ref{rule_actions} = $1;
+
+ } elsif (/^umask\s*=\s*([0-7]{4})$/i) {
+ $$cfg_ref{umask} = oct($1);
+
+ } elsif (/^min_files\s*=\s*(\d+)/i) {
+ $$cfg_ref{min_files} = $1;
+
+ } elsif (/^min_rules\s*=\s*(\d+)/i) {
+ $$cfg_ref{min_rules} = $1;
+
+ } elsif (/^tmpdir\s*=\s*(.+)/i) {
+ $$cfg_ref{tmp_basedir} = $1;
+
+ } elsif (/^use_external_bins\s*=\s*([01])/i) {
+ $$cfg_ref{use_external_bins} = $1;
+
+ } elsif (/^scp_key\s*=\s*(.+)/i) {
+ $$cfg_ref{scp_key} = $1;
+
+ } elsif (/^use_path_checks\s*=\s*([01])/i) {
+ $$cfg_ref{use_path_checks} = $1;
+
+ } elsif (/^user_agent\s*=\s*(.+)/i) {
+ $$cfg_ref{user_agent} = $1;
+
+ } elsif (/^include\s+(\S+.*)/i) {
+ my $include = $1;
+ read_config($include, $cfg_ref);
+ } else {
+ warn("WARNING: line $linenum in $config_file is invalid, ignoring\n");
+ }
+ }
+}
+
+
+
+# Make a few basic tests to make sure things look ok.
+# Will also set a new PATH as defined in the config file.
+sub sanity_check()
+{
+ my @req_params = qw(path update_files); # required parameters in conf
+ my @req_binaries = qw(gzip tar); # required binaries (unless we use modules)
+
+ # Can't use both quiet mode and verbose mode.
+ clean_exit("quiet mode and verbose mode at the same time doesn't make sense.")
+ if ($config{quiet} && $config{verbose});
+
+ # Can't use multiple output modes.
+ clean_exit("can't use multiple output modes at the same time.")
+ if ($config{minimize_diff} && $config{summary_output});
+
+ # Make sure all required variables are defined in the config file.
+ foreach my $param (@req_params) {
+ clean_exit("the required parameter \"$param\" is not defined in the configuration file.")
+ unless (exists($config{$param}));
+ }
+
+ # We now know a path was defined in the config, so set it.
+ # If we're under cygwin and path was specified as msdos style, convert
+ # it to cygwin style to avoid problems.
+ if ($^O eq "cygwin" && $config{path} =~ /^[a-zA-Z]:[\/\\]/) {
+ $ENV{PATH} = "";
+ foreach my $path (split(/;/, $config{path})) {
+ $ENV{PATH} .= "$path:" if (msdos_to_cygwin_path(\$path));
+ }
+ chop($ENV{PATH});
+ } else {
+ $ENV{PATH} = $config{path};
+ }
+
+ # Reset environment variables that may cause trouble.
+ delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+
+ # Make sure $config{update_files} is a valid regexp.
+ eval {
+ "foo" =~ /$config{update_files}/;
+ };
+
+ clean_exit("update_files (\"$config{update_files}\") is not a valid regexp: $@")
+ if ($@);
+
+ # Make sure $config{rule_actions} is a valid regexp.
+ eval {
+ "foo" =~ /$config{rule_actions}/;
+ };
+
+ clean_exit("rule_actions (\"$config{rule_actions}\") is not a valid regexp: $@")
+ if ($@);
+
+ # If a variable file (probably local snort.conf) has been specified,
+ # it must exist. It must also be writable unless we're in careful mode.
+ if ($config{update_vars}) {
+ $config{varfile} = untaint_path($config{varfile});
+
+ clean_exit("variable file \"$config{varfile}\" does not exist.")
+ unless (-e "$config{varfile}");
+
+ clean_exit("variable file \"$config{varfile}\" is not a file.")
+ unless (-f "$config{varfile}");
+
+ clean_exit("variable file \"$config{varfile}\" is not writable by you.")
+ if (!$config{careful} && !-w "$config{varfile}");
+
+ # Make sure dist var files don't contain [back]slashes
+ # (probably means user confused it with local var file).
+ my %dist_var_files;
+ foreach my $dist_var_file (@{${config{dist_var_files}}}) {
+ clean_exit("variable file \"$dist_var_file\" specified multiple times")
+ if (exists($dist_var_files{$dist_var_file}));
+ $dist_var_files{$dist_var_file} = 1;
+ clean_exit("variable file \"$dist_var_file\" contains slashes or backslashes ".
+ "but it must be specified as a filename (without path) ".
+ "that exists in the downloaded rules, e.g. \"snort.conf\"")
+ if ($dist_var_file =~ /\// || $dist_var_file =~ /\\/);
+ }
+ }
+
+ # Make sure all required binaries can be found, unless
+ # we're used to use Perl modules instead.
+ # Wget is only required if url is http[s] or ftp.
+ if ($config{use_external_bins}) {
+ foreach my $binary (@req_binaries) {
+ clean_exit("$binary not found in PATH ($ENV{PATH}).")
+ unless (is_in_path($binary));
+ }
+ }
+
+ # Make sure $url is defined (either by -u <url> or url=... in the conf).
+ clean_exit("URL not specified. Specify at least one \"url=<url>\" in the \n".
+ "Oinkmaster configuration file or use the \"-u <url>\" argument")
+ if ($#{$config{url}} == -1);
+
+ # Make sure all urls look ok, and untaint them.
+ my @urls = @{$config{url}};
+ $#{$config{url}} = -1;
+ foreach my $url (@urls) {
+ clean_exit("incorrect URL: \"$url\"")
+ unless ($url =~ /^((?:https*|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/
+ || $url =~ /^(dir:\/\/.+)/);
+ my $ok_url = $1;
+
+ if ($ok_url =~ /^dir:\/\/(.+)/) {
+ my $dir = untaint_path($1);
+ clean_exit("\"$dir\" does not exist or is not a directory")
+ unless (-d $dir);
+
+ # Simple check if the output dir is specified as url (probably a mistake).
+ if (File::Spec->canonpath(File::Spec->rel2abs($dir))
+ eq File::Spec->canonpath(File::Spec->rel2abs($config{output_dir}))) {
+ clean_exit("Download directory can not be same as output directory");
+ }
+ }
+ push(@{$config{url}}, $ok_url);
+ }
+
+ # Wget must be found if url is http[s]:// or ftp://.
+ if ($config{use_external_bins}) {
+ clean_exit("wget not found in PATH ($ENV{PATH}).")
+ if ($config{'url'} =~ /^(https*|ftp):/ && !is_in_path("wget"));
+ }
+
+ # scp must be found if scp://...
+ clean_exit("scp not found in PATH ($ENV{PATH}).")
+ if ($config{'url'} =~ /^scp:/ && !is_in_path("scp"));
+
+ # ssh key must exist if specified and url is scp://...
+ clean_exit("ssh key \"$config{scp_key}\" does not exist.")
+ if ($config{'url'} =~ /^scp:/ && exists($config{scp_key})
+ && !-e $config{scp_key});
+
+ # Untaint output directory string.
+ $config{output_dir} = untaint_path($config{output_dir});
+
+ # Make sure the output directory exists and is readable.
+ clean_exit("the output directory \"$config{output_dir}\" doesn't exist ".
+ "or isn't readable by you.")
+ if (!-d "$config{output_dir}" || !-x "$config{output_dir}");
+
+ # Make sure the output directory is writable unless running in careful mode.
+ clean_exit("the output directory \"$config{output_dir}\" isn't writable by you.")
+ if (!$config{careful} && !-w "$config{output_dir}");
+
+ # Make sure we have read permission on all rules files in the output dir,
+ # and also write permission unless we're in careful mode.
+ # This is to avoid bailing out in the middle of an execution if a copy
+ # fails because of permission problem.
+ opendir(OUTDIR, "$config{output_dir}")
+ or clean_exit("could not open directory $config{output_dir}: $!");
+
+ while ($_ = readdir(OUTDIR)) {
+ next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}));
+
+ if (/$config{update_files}/) {
+ unless (-r "$config{output_dir}/$_") {
+ closedir(OUTDIR);
+ clean_exit("no read permission on \"$config{output_dir}/$_\"\n".
+ "Read permission is required on all rules files ".
+ "inside the output directory.\n")
+ }
+
+ if (!$config{careful} && !-w "$config{output_dir}/$_") {
+ closedir(OUTDIR);
+ clean_exit("no write permission on \"$config{output_dir}/$_\"\n".
+ "Write permission is required on all rules files ".
+ "inside the output directory.\n")
+ }
+ }
+ }
+
+ closedir(OUTDIR);
+
+ # Make sure the backup directory exists and is writable if running with -b.
+ if ($config{make_backup}) {
+ $config{backup_dir} = untaint_path($config{backup_dir});
+ clean_exit("the backup directory \"$config{backup_dir}\" doesn't exist or ".
+ "isn't writable by you.")
+ if (!-d "$config{backup_dir}" || !-w "$config{backup_dir}");
+ }
+
+ # Convert tmp_basedir to cygwin style if running cygwin and msdos style was specified.
+ if ($^O eq "cygwin" && $config{tmp_basedir} =~ /^[a-zA-Z]:[\/\\]/) {
+ msdos_to_cygwin_path(\$config{tmp_basedir})
+ or clean_exit("could not convert temporary dir to cygwin style");
+ }
+
+ # Make sure temporary directory exists.
+ clean_exit("the temporary directory \"$config{tmp_basedir}\" does not ".
+ "exist or isn't writable by you.")
+ if (!-d "$config{tmp_basedir}" || !-w "$config{tmp_basedir}");
+
+ # Also untaint it.
+ $config{tmp_basedir} = untaint_path($config{tmp_basedir});
+
+ # Make sure stdin and stdout are ttys if we're running in interactive mode.
+ clean_exit("you can not run in interactive mode when STDIN/STDOUT is not a TTY.")
+ if ($config{interactive} && !(-t STDIN && -t STDOUT));
+}
+
+
+
+# Download the rules archive.
+sub download_file($ $)
+{
+ my $url = shift;
+ my $localfile = shift;
+ my $log = "$tmpdir/wget.log";
+ my $ret;
+
+ # If there seems to be a password in the url, replace it with "*password*"
+ # and use new string when printing the url to screen.
+ my $obfuscated_url = $url;
+ $obfuscated_url = "$1:*password*\@$2"
+ if ($obfuscated_url =~ /^(\S+:\/\/.+?):.+?@(.+)/);
+
+ # Ofbuscate oinkcode as well.
+ $obfuscated_url = "$1*oinkcode*$2"
+ if ($obfuscated_url =~ /^(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i);
+
+ my @user_agent_opt;
+ @user_agent_opt = ("-U", $config{user_agent}) if (exists($config{user_agent}));
+
+ # Use wget if URL starts with "http[s]" or "ftp" and we use external binaries.
+ if ($config{use_external_bins} && $url =~ /^(?:https*|ftp)/) {
+ print STDERR "Downloading file from $obfuscated_url... "
+ unless ($config{quiet});
+
+ if ($config{verbose}) {
+ print STDERR "\n";
+ my @wget_cmd = ("wget", "-v", "-O", $localfile, $url, @user_agent_opt);
+ clean_exit("could not download from $obfuscated_url")
+ if (system(@wget_cmd));
+
+ } else {
+ my @wget_cmd = ("wget", "-v", "-o", $log, "-O", $localfile, $url, @user_agent_opt);
+ if (system(@wget_cmd)) {
+ my $log_output;
+ open(LOG, "<", "$log")
+ or clean_exit("could not open $log for reading: $!");
+ # Sanitize oinkcode in wget's log (password is automatically sanitized).
+ while (<LOG>) {
+ $_ = "$1*oinkcode*$2"
+ if (/(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i);
+ $log_output .= $_;
+ }
+ close(LOG);
+ clean_exit("could not download from $obfuscated_url. ".
+ "Output from wget follows:\n\n $log_output");
+ }
+ print STDERR "done.\n" unless ($config{quiet});
+ }
+
+ # Use LWP if URL starts with "http[s]" or "ftp" and use_external_bins=0.
+ } elsif (!$config{use_external_bins} && $url =~ /^(?:https*|ftp)/) {
+ print STDERR "Downloading file from $obfuscated_url... "
+ unless ($config{quiet});
+
+ my %lwp_opt;
+ $lwp_opt{agent} = $config{user_agent} if (exists($config{user_agent}));
+
+ my $ua = LWP::UserAgent->new(%lwp_opt);
+ $ua->env_proxy;
+ my $request = HTTP::Request->new(GET => $url);
+ my $response = $ua->request($request, $localfile);
+
+ clean_exit("could not download from $obfuscated_url: " . $response->status_line)
+ unless $response->is_success;
+
+ print "done.\n" unless ($config{quiet});
+
+ # Grab file from local filesystem if file://...
+ } elsif ($url =~ /^file/) {
+ $url =~ s/^file:\/\///;
+
+ clean_exit("the file $url does not exist.")
+ unless (-e "$url");
+
+ clean_exit("the file $url is empty.")
+ unless (-s "$url");
+
+ print STDERR "Copying file from $url... "
+ unless ($config{quiet});
+
+ copy("$url", "$localfile")
+ or clean_exit("unable to copy $url to $localfile: $!");
+
+ print STDERR "done.\n"
+ unless ($config{quiet});
+
+ # Grab file using scp if scp://...
+ } elsif ($url =~ /^scp/) {
+ $url =~ s/^scp:\/\///;
+
+ my @cmd;
+ push(@cmd, "scp");
+ push(@cmd, "-i", "$config{scp_key}") if (exists($config{scp_key}));
+ push(@cmd, "-q") if ($config{quiet});
+ push(@cmd, "-v") if ($config{verbose});
+ push(@cmd, "$url", "$localfile");
+
+ print STDERR "Copying file from $url using scp:\n"
+ unless ($config{quiet});
+
+ clean_exit("scp returned error when trying to copy $url")
+ if (system(@cmd));
+
+ # Unknown download method.
+ } else {
+ clean_exit("unknown or unsupported download method\n");
+ }
+
+ # Make sure the downloaded file actually exists.
+ clean_exit("failed to download $url: ".
+ "local target file $localfile doesn't exist after download.")
+ unless (-e "$localfile");
+
+ # Also make sure it's at least non-empty.
+ clean_exit("failed to download $url: local target file $localfile is empty ".
+ "after download (perhaps you're out of diskspace or file in url is empty?)")
+ unless (-s "$localfile");
+}
+
+
+
+# Copy all rules files from the tmp dirs (one for each url)
+# into a single directory inside the tmp dir, except for files
+# matching a 'skipfile' directive'.
+# Will exit in case of colliding filenames.
+sub join_tmp_rules_dirs($ $ @)
+{
+ my $rules_dir = shift;
+ my $new_files_ref = shift;
+ my @url_tmpdirs = @_;
+
+ my %rules_files;
+
+ clean_exit("failed to create directory \"$rules_dir\": $!")
+ unless (mkdir($rules_dir));
+
+ foreach my $url_tmpdir (@url_tmpdirs) {
+ opendir(URL_TMPDIR, "$url_tmpdir")
+ or clean_exit("could not open directory \"$url_tmpdir\": $!");
+
+ while ($_ = readdir(URL_TMPDIR)) {
+ next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}) || !/$config{update_files}/);
+
+ if (exists($rules_files{$_})) {
+ closedir(URL_TMPDIR);
+ clean_exit("a file called \"$_\" exists in multiple rules archives")
+ }
+
+ # Make sure it's a regular file.
+ unless (-f "$url_tmpdir/$_" && !-l "$url_tmpdir/$_") {
+ closedir(URL_TMPDIR);
+ clean_exit("downloaded \"$_\" is not a regular file.")
+ }
+
+ $rules_files{$_} = 1;
+ $$new_files_ref{"$rules_dir/$_"} = 1;
+
+ my $src_file = untaint_path("$url_tmpdir/$_");
+ unless (copy("$src_file", "$rules_dir")) {
+ closedir(URL_TMPDIR);
+ clean_exit("could not copy \"$src_file\" to \"$rules_dir\": $!");
+ }
+ }
+
+ closedir(URL_TMPDIR);
+ }
+
+ return (keys(%$new_files_ref));
+}
+
+
+
+# Make a few basic sanity checks on the rules archive and then
+# uncompress/untar it if everything looked ok.
+sub unpack_rules_archive($ $ $)
+{
+ my $url = shift; # only used when printing warnings/errors
+ my $archive = shift;
+ my $rules_dir = shift;
+
+ my ($tar, @tar_content);
+
+ my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir()));
+
+ my $dir = dirname($archive);
+ chdir("$dir") or clean_exit("$url: could not change directory to \"$dir\": $!");
+
+ if ($config{use_external_bins}) {
+
+ # Run integrity check on the gzip file.
+ clean_exit("$url: integrity check on gzip file failed (file transfer failed or ".
+ "file in URL not in gzip format?).")
+ if (system("gzip", "-t", "$archive"));
+
+ # Decompress it.
+ system("gzip", "-d", "$archive")
+ and clean_exit("$url: unable to uncompress $archive.");
+
+ # Suffix has now changed from .tar.gz|.tgz to .tar.
+ $archive =~ s/\.gz$//;
+
+ # Make sure the .tar file now exists.
+ # (Gzip may not return an error if it was not a gzipped file...)
+ clean_exit("$url: failed to unpack gzip file (file transfer failed or ".
+ "file in URL not in tar'ed gzip format?).")
+ unless (-e "$archive");
+
+ my $stdout_file = "$tmpdir/tar_content.out";
+
+ open(OLDOUT, ">&STDOUT") or clean_exit("could not dup STDOUT: $!");
+ open(STDOUT, ">$stdout_file") or clean_exit("could not redirect STDOUT: $!");
+
+ my $ret = system("tar", "tf", "$archive");
+
+ close(STDOUT);
+ open(STDOUT, ">&OLDOUT") or clean_exit("could not dup STDOUT: $!");
+ close(OLDOUT);
+
+ clean_exit("$url: could not list files in tar archive (is it broken?)")
+ if ($ret);
+
+ open(TAR, "$stdout_file") or clean_exit("failed to open $stdout_file: $!");
+ @tar_content = <TAR>;
+ close(TAR);
+
+ # use_external_bins=0
+ } else {
+ $tar = Archive::Tar->new($archive, 1);
+ clean_exit("$url: failed to read $archive (file transfer failed or ".
+ "file in URL not in tar'ed gzip format?).")
+ unless (defined($tar));
+ @tar_content = $tar->list_files();
+ }
+
+ # Make sure we could grab some content from the tarball.
+ clean_exit("$url: could not list files in tar archive (is it broken?)")
+ if ($#tar_content < 0);
+
+ # For each filename in the archive, do some basic sanity checks.
+ foreach my $filename (@tar_content) {
+ chomp($filename);
+
+ # We don't want absolute filename.
+ clean_exit("$url: rules archive contains absolute filename. ".
+ "Offending file/line:\n$filename")
+ if ($filename =~ /^\//);
+
+ # We don't want to have any weird characters anywhere in the filename.
+ clean_exit("$url: illegal character in filename in tar archive. Allowed are ".
+ "$OK_PATH_CHARS\nOffending file/line:\n$filename")
+ if ($config{use_path_checks} && $filename =~ /[^$OK_PATH_CHARS]/);
+
+ # We don't want to unpack any "../../" junk (check is useless now though).
+ clean_exit("$url: filename in tar archive contains \"..\".\n".
+ "Offending file/line:\n$filename")
+ if ($filename =~ /\.\./);
+ }
+
+ # Looks good. Now we can untar it.
+ print STDERR "Archive successfully downloaded, unpacking... "
+ unless ($config{quiet});
+
+ if ($config{use_external_bins}) {
+ clean_exit("failed to untar $archive.")
+ if system("tar", "xf", "$archive");
+ } else {
+ mkdir("$rules_dir") or clean_exit("could not create \"$rules_dir\" directory: $!\n");
+ foreach my $file ($tar->list_files) {
+ next unless ($file =~ /^$rules_dir\/[^\/]+$/); # only ^rules/<file>$
+
+ my $content = $tar->get_content($file);
+
+ # Symlinks in the archive will make get_content return undef.
+ clean_exit("could not get content from file \"$file\" in downloaded archive, ".
+ "make sure it is a regular file\n")
+ unless (defined($content));
+
+ open(RULEFILE, ">", "$file")
+ or clean_exit("could not open \"$file\" for writing: $!\n");
+ print RULEFILE $content;
+ close(RULEFILE);
+ }
+ }
+
+ # Make sure that non-empty rules directory existed in archive.
+ # We permit empty rules directory if min_files is set to 0 though.
+ clean_exit("$url: no \"$rules_dir\" directory found in tar file.")
+ unless (-d "$dir/$rules_dir");
+
+ my $num_files = 0;
+ opendir(RULESDIR, "$dir/$rules_dir")
+ or clean_exit("could not open directory \"$dir/$rules_dir\": $!");
+
+ while ($_ = readdir(RULESDIR)) {
+ next if (/^\.\.?$/);
+ $num_files++;
+ }
+
+ closedir(RULESDIR);
+
+ clean_exit("$url: directory \"$rules_dir\" in unpacked archive is empty")
+ if ($num_files == 0 && $config{min_files} != 0);
+
+ chdir($old_dir)
+ or clean_exit("could not change directory back to $old_dir: $!");
+
+ print STDERR "done.\n"
+ unless ($config{quiet});
+}
+
+
+
+# Open all rules files in the temporary directory and disable/modify all
+# rules/lines as requested in oinkmaster.conf, and then write back to the
+# same files. Also clean unwanted whitespaces and duplicate sids from them.
+sub process_rules($ $ $ $ $ $)
+{
+ my $modify_sid_ref = shift;
+ my $disable_sid_ref = shift;
+ my $enable_sid_ref = shift;
+ my $local_sid_ref = shift;
+ my $rh_tmp_ref = shift;
+ my $newfiles_ref = shift;
+ my %sids;
+
+ my %stats = (
+ disabled => 0,
+ enabled => 0,
+ modified => 0,
+ total => 0,
+ );
+
+ warn("WARNING: all rules that are disabled by default will be enabled\n")
+ if ($config{enable_all} && !$config{quiet});
+
+ print STDERR "Processing downloaded rules... "
+ unless ($config{quiet});
+
+ print STDERR "\n"
+ if ($config{verbose});
+
+ # Phase #1 - process all active rules and store in temporary hash.
+ # In case of dups, we use the one with the highest rev.
+ foreach my $file (sort(keys(%$newfiles_ref))) {
+
+ open(INFILE, "<", "$file")
+ or clean_exit("could not open $file for reading: $!");
+ my @infile = <INFILE>;
+ close(INFILE);
+
+ my ($single, $multi, $nonrule, $msg, $sid);
+
+ RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
+
+ # We don't care about non-rules in this phase.
+ next RULELOOP if (defined($nonrule));
+
+ # Even if it was a single-line rule, we want a copy in $multi.
+ $multi = $single unless (defined($multi));
+
+ my %rule = (
+ single => $single,
+ multi => $multi,
+ );
+
+ # modify/disable/enable this rule as requested unless there is a matching
+ # localsid statement. Possible verbose messages and warnings will be printed.
+ unless (exists($$local_sid_ref{$sid})) {
+ process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref,
+ \%rule, $sid, \%stats, 1, basename($file));
+ }
+
+ $stats{total}++;
+
+ $single = $rule{single};
+ $multi = $rule{multi};
+
+ # Only care about active rules in this phase (the rule may have been
+ # disabled by a disablesid or a modifysid statement above, so we can't
+ # do this check earlier).
+ next RULELOOP if ($multi =~ /^#/);
+
+ # Is it a dup? If so, see if this seems to be more recent (higher rev).
+ if (exists($sids{$sid})) {
+ warn("\nWARNING: duplicate SID in downloaded archive, SID=$sid, ".
+ "only keeping rule with highest 'rev'\n")
+ unless($config{super_quiet});
+
+ my ($old_rev) = ($sids{$sid}{single} =~ /\brev\s*:\s*(\d+)\s*;/);
+ my ($new_rev) = ($single =~ /\brev\s*:\s*(\d+)\s*;/);
+
+ # This is so rules with a rev gets higher prio than
+ # rules without any rev.
+ $old_rev = -1 unless (defined($old_rev));
+ $new_rev = -1 unless (defined($new_rev));
+
+ # If this rev is higher than the one in the last stored rule with
+ # this sid, replace rule with this one. This is also done if the
+ # revs are equal because we assume the rule appearing last in the
+ # rules file is the more recent rule.
+ if ($new_rev >= $old_rev) {
+ $sids{$sid}{single} = $single;
+ $sids{$sid}{multi} = $multi;
+ }
+
+ # No dup.
+ } else {
+ $sids{$sid}{single} = $single;
+ $sids{$sid}{multi} = $multi;
+ }
+ }
+ }
+
+ # Phase #2 - read all rules files again, but when writing active rules
+ # back to the files, use the one stored in the sid hash (which is free of dups).
+ foreach my $file (sort(keys(%$newfiles_ref))) {
+
+ open(INFILE, "<", "$file")
+ or clean_exit("could not open $file for reading: $!");
+ my @infile = <INFILE>;
+ close(INFILE);
+
+ # Write back to the same file.
+ open(OUTFILE, ">", "$file")
+ or clean_exit("could not open $file for writing: $!");
+
+ my ($single, $multi, $nonrule, $msg, $sid);
+
+ RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
+ if (defined($nonrule)) {
+ print OUTFILE "$nonrule";
+ next RULELOOP;
+ }
+
+ # Even if it was a single-line rule, we want a copy in $multi.
+ $multi = $single unless (defined($multi));
+
+ # If this rule is marked as localized and has not yet been written,
+ # write the old version to the new rules file.
+ if (exists($$local_sid_ref{$sid}) && !exists($sids{$sid}{printed})) {
+
+ # Just ignore the rule in the downloaded file if it doesn't
+ # exist in the same local file.
+ unless(exists($$rh_tmp_ref{old}{rules}{basename($file)}{$sid})) {
+ warn("WARNING: SID $sid is marked as local and exists in ".
+ "downloaded " . basename($file) . " but the SID does not ".
+ "exist in the local file, ignoring rule\n")
+ if ($config{verbose});
+
+ next RULELOOP;
+ }
+
+ print OUTFILE $$rh_tmp_ref{old}{rules}{basename($file)}{$sid};
+ $sids{$sid}{printed} = 1;
+
+ warn("SID $sid is marked as local, keeping your version from ".
+ basename($file) . ".\n".
+ "Your version: $$rh_tmp_ref{old}{rules}{basename($file)}{$sid}".
+ "Downloaded version: $multi\n")
+ if ($config{verbose});
+
+ next RULELOOP;
+ }
+
+ my %rule = (
+ single => $single,
+ multi => $multi,
+ );
+
+ # modify/disable/enable this rule. Possible verbose messages and warnings
+ # will not be printed (again) as this was done in the first phase.
+ # We send the stats to a dummy var as this was collected on the
+ # first phase as well.
+ process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref,
+ \%rule, $sid, \my %unused_stats, 0, basename($file));
+
+ $single = $rule{single};
+ $multi = $rule{multi};
+
+ # Disabled rules are printed right back to the file, unless
+ # there also is an active rule with the same sid. Als o make
+ # sure we only print the sid once, even though it's disabled.
+ if ($multi =~ /^#/ && !exists($sids{$sid}) && !exists($sids{$sid}{printed})) {
+ print OUTFILE $multi;
+ $sids{$sid}{printed} = 1;
+ next RULELOOP;
+ }
+
+ # If this sid has not yet been printed and this is the place where
+ # the sid with the highest rev was, print the rule to the file.
+ # (There can be multiple totally different rules with the same sid
+ # and we don't want to put the wrong rule in the wrong place.
+ if (!exists($sids{$sid}{printed}) && $single eq $sids{$sid}{single}) {
+ print OUTFILE $multi;
+ $sids{$sid}{printed} = 1;
+ }
+ }
+
+ close(OUTFILE);
+ }
+
+ print STDERR "disabled $stats{disabled}, enabled $stats{enabled}, ".
+ "modified $stats{modified}, total=$stats{total}\n"
+ unless ($config{quiet});
+
+ # Print warnings on attempt at enablesid/disablesid/localsid on non-existent
+ # rule if we're in verbose mode.
+ if ($config{verbose}) {
+ foreach my $sid (keys(%$enable_sid_ref)) {
+ warn("WARNING: attempt to use \"enablesid\" on non-existent SID $sid\n")
+ unless (exists($sids{$sid}));
+ }
+
+ foreach my $sid (keys(%$disable_sid_ref)) {
+ warn("WARNING: attempt to use \"disablesid\" on non-existent SID $sid\n")
+ unless (exists($sids{$sid}));
+ }
+
+ foreach my $sid (keys(%$local_sid_ref)) {
+ warn("WARNING: attempt to use \"localsid\" on non-existent SID $sid\n")
+ unless (exists($sids{$sid}));
+ }
+ }
+
+ # Print warnings on attempt at modifysid'ing non-existent stuff, unless quiet mode.
+ unless ($config{quiet}) {
+ my %new_files;
+ foreach my $file (sort(keys(%$newfiles_ref))) {
+ $new_files{basename($file)} = 1;
+ }
+
+ my %mod_tmp;
+ foreach my $mod_expr (@$modify_sid_ref) {
+ my ($type, $arg) = ($mod_expr->[2], $mod_expr->[3]);
+ $mod_tmp{$type}{$arg} = 1;
+ }
+
+ foreach my $sid (keys(%{$mod_tmp{sid}})) {
+ warn("WARNING: attempt to use \"modifysid\" on non-existent SID $sid\n")
+ unless (exists($sids{$sid}));
+ }
+
+ foreach my $file (keys(%{$mod_tmp{file}})) {
+ warn("WARNING: attempt to use \"modifysid\" on non-existent file $file\n")
+ unless(exists($new_files{$file}));
+ }
+ }
+
+ # Return total number of valid rules.
+ return ($stats{total});
+}
+
+
+
+# Process (modify/enable/disable) a rule as requested.
+sub process_rule($ $ $ $ $ $ $ $)
+{
+ my $modify_sid_ref = shift;
+ my $disable_sid_ref = shift;
+ my $enable_sid_ref = shift;
+ my $rule_ref = shift;
+ my $sid = shift;
+ my $stats_ref = shift;
+ my $print_messages = shift;
+ my $filename = shift;
+
+ # Just for easier access.
+ my $single = $$rule_ref{single};
+ my $multi = $$rule_ref{multi};
+
+ # Some rules may be commented out by default.
+ # Enable them if -e is specified (both single-line and multi-line,
+ # version, because we don't know which version one we're going to
+ # use below.
+ # Enable them if -e is specified.
+ if ($multi =~ /^#/ && $config{enable_all}) {
+ $multi =~ s/^#*//;
+ $multi =~ s/\n#*/\n/g;
+ $single =~ s/^#*//;
+ $$stats_ref{enabled}++;
+ }
+
+ # Modify rule if requested. For disablesid/enablesid we work
+ # on the multi-line version of the rule (if exists). For
+ # modifysid that's no good since we don't know where in the
+ # rule the trailing backslashes and newlines are going to be
+ # and we don't want them to affect the regexp.
+ MOD_EXP:foreach my $mod_expr (@$modify_sid_ref) {
+ my ($subst, $repl, $type, $arg) =
+ ($mod_expr->[0], $mod_expr->[1], $mod_expr->[2], $mod_expr->[3]);
+
+ my $print_modify_warnings = 0;
+ $print_modify_warnings = 1 if (!$config{super_quiet} && $print_messages && $type eq "sid");
+
+ if ($type eq "wildcard" || ($type eq "sid" && $sid eq $arg) ||
+ ($type eq "file" && $filename eq $arg)) {
+
+ if ($single =~ /$subst/si) {
+ print STDERR "Modifying rule, SID=$sid, filename=$filename, ".
+ "match type=$type, subst=$subst, ".
+ "repl=$repl\nBefore: $single"
+ if ($print_messages && $config{verbose});
+
+
+ # If user specified a backreference but the regexp did not set $1 - don't modify rule.
+ if (!defined($1) && ($repl =~ /[^\\]\$\d+/ || $repl =~ /[^\\]\$\{\d+\}/
+ || $repl =~ /^qq\/\$\d+/ || $repl =~ /^qq\/\$\{\d+\}/)) {
+ warn("WARNING: SID $sid matches modifysid expression \"$subst\" but ".
+ "backreference variable \$1 is undefined after match, ".
+ "keeping original rule\n")
+ if ($print_modify_warnings);
+ next MOD_EXP;
+ }
+
+ # Do the substitution on the single-line version and put it
+ # back in $multi.
+ $single =~ s/$subst/$repl/eei;
+ $multi = $single;
+
+ print STDERR "After: $single\n"
+ if ($print_messages && $config{verbose});
+
+ $$stats_ref{modified}++;
+ } else {
+ if ($print_modify_warnings) {
+ warn("WARNING: SID $sid does not match modifysid ".
+ "expression \"$subst\", keeping original rule\n");
+ }
+ }
+ }
+ }
+
+ # Disable rule if requested and it's not already disabled.
+ if (exists($$disable_sid_ref{$sid}) && $multi !~ /^\s*#/) {
+ $multi = "#$multi";
+ $multi =~ s/\n([^#].+)/\n#$1/g;
+ $$stats_ref{disabled}++;
+ }
+
+ # Enable rule if requested and it's not already enabled.
+ if (exists($$enable_sid_ref{$sid}) && $multi =~ /^\s*#/) {
+ $multi =~ s/^#+//;
+ $multi =~ s/\n#+(.+)/\n$1/g;
+ $$stats_ref{enabled}++;
+ }
+
+ $$rule_ref{single} = $single;
+ $$rule_ref{multi} = $multi;
+}
+
+
+
+# Setup rules hash.
+# Format for rules will be: rh{old|new}{rules{filename}{sid} = single-line rule
+# Format for non-rules will be: rh{old|new}{other}{filename} = array of lines
+# List of added files will be stored as rh{added_files}{filename}
+sub setup_rules_hash($ $)
+{
+ my $new_files_ref = shift;
+ my $output_dir = shift;
+
+ my (%rh, %old_sids);
+
+ print STDERR "Setting up rules structures... "
+ unless ($config{quiet});
+
+ foreach my $file (sort(keys(%$new_files_ref))) {
+ warn("\nWARNING: downloaded rules file $file is empty\n")
+ if (!-s "$file" && $config{verbose});
+
+ open(NEWFILE, "<", "$file")
+ or clean_exit("could not open $file for reading: $!");
+ my @newfile = <NEWFILE>;
+ close(NEWFILE);
+
+ # From now on we don't care about the path, so remove it.
+ $file = basename($file);
+
+ my ($single, $multi, $nonrule, $msg, $sid);
+
+ while (get_next_entry(\@newfile, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
+ if (defined($single)) {
+ $rh{new}{rules}{"$file"}{"$sid"} = $single;
+ } else {
+ push(@{$rh{new}{other}{"$file"}}, $nonrule);
+ }
+ }
+
+ # Also read in old (aka local) file if it exists.
+ # We do a sid dup check in these files.
+ if (-f "$output_dir/$file") {
+ open(OLDFILE, "<", "$output_dir/$file")
+ or clean_exit("could not open $output_dir/$file for reading: $!");
+ my @oldfile = <OLDFILE>;
+ close(OLDFILE);
+
+ while (get_next_entry(\@oldfile, \$single, \$multi, \$nonrule, undef, \$sid)) {
+ if (defined($single)) {
+ warn("\nWARNING: duplicate SID in your local rules, SID ".
+ "$sid exists multiple times, you may need to fix this manually!\n")
+ if (exists($old_sids{$sid}));
+
+ $rh{old}{rules}{"$file"}{"$sid"} = $single;
+ $old_sids{$sid}++;
+ } else {
+ push(@{$rh{old}{other}{"$file"}}, $nonrule);
+ }
+ }
+ } else {
+ $rh{added_files}{"$file"}++;
+ }
+ }
+
+ print STDERR "done.\n"
+ unless ($config{quiet});
+
+ return (%rh);
+}
+
+
+
+# Return lines that exist only in first array but not in second one.
+sub get_first_only($ $ $)
+{
+ my $first_only_ref = shift;
+ my $first_arr_ref = shift;
+ my $second_arr_ref = shift;
+ my %arr_hash;
+
+ @arr_hash{@$second_arr_ref} = ();
+
+ foreach my $line (@$first_arr_ref) {
+
+ # Skip blank lines and CVS Id tags.
+ next unless ($line =~ /\S/);
+ next if ($line =~ /^\s*#+\s*\$I\S:.+Exp\s*\$/);
+
+ push(@$first_only_ref, $line)
+ unless(exists($arr_hash{$line}));
+ }
+}
+
+
+
+# Backup files in output dir matching $config{update_files} into the backup dir.
+sub make_backup($ $)
+{
+ my $src_dir = shift; # dir with the rules to be backed up
+ my $dest_dir = shift; # where to put the backup tarball
+
+ my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5];
+
+ my $date = sprintf("%4d%02d%02d-%02d%02d%02d",
+ $year + 1900, $mon + 1, $mday, $hour, $min, $sec);
+
+ my $backup_tarball = "rules-backup-$date.tar";
+ my $backup_tmp_dir = File::Spec->catdir("$tmpdir", "rules-backup-$date");
+ my $dest_file = File::Spec->catfile("$dest_dir", "$backup_tarball.gz");
+
+ print STDERR "Creating backup of old rules..."
+ unless ($config{quiet});
+
+ mkdir("$backup_tmp_dir", 0700)
+ or clean_exit("could not create temporary backup directory $backup_tmp_dir: $!");
+
+ # Copy all rules files from the rules dir to the temporary backup dir.
+ opendir(OLDRULES, "$src_dir")
+ or clean_exit("could not open directory $src_dir: $!");
+
+ while ($_ = readdir(OLDRULES)) {
+ next if (/^\.\.?$/);
+ if (/$config{update_files}/) {
+ my $src_file = untaint_path("$src_dir/$_");
+ copy("$src_file", "$backup_tmp_dir/")
+ or warn("WARNING: could not copy $src_file to $backup_tmp_dir/: $!");
+ }
+ }
+
+ closedir(OLDRULES);
+
+ # Also backup the -U <file> (as "variable-file.conf") if specified.
+ if ($config{update_vars}) {
+ copy("$config{varfile}", "$backup_tmp_dir/variable-file.conf")
+ or warn("WARNING: could not copy $config{varfile} to $backup_tmp_dir: $!")
+ }
+
+ my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir()));
+
+ # Change directory to $tmpdir (so we'll be right below the directory where
+ # we have our rules to be backed up).
+ chdir("$tmpdir") or clean_exit("could not change directory to $tmpdir: $!");
+
+ if ($config{use_external_bins}) {
+ clean_exit("tar command returned error when archiving backup files.\n")
+ if (system("tar","cf","$backup_tarball","rules-backup-$date"));
+
+ clean_exit("gzip command returned error when compressing backup file.\n")
+ if (system("gzip","$backup_tarball"));
+
+ $backup_tarball .= ".gz";
+
+ } else {
+ my $tar = Archive::Tar->new;
+ opendir(RULES, "rules-backup-$date")
+ or clean_exit("unable to open directory \"rules-backup-$date\": $!");
+
+ while ($_ = readdir(RULES)) {
+ next if (/^\.\.?$/);
+ $tar->add_files("rules-backup-$date/$_");
+ }
+
+ closedir(RULES);
+
+ $backup_tarball .= ".gz";
+
+ # Write tarball. Print stupid error message if it fails as
+ # we can't use $tar->error or Tar::error on all platforms.
+ $tar->write("$backup_tarball", 1);
+
+ clean_exit("could not create backup archive: tarball empty after creation\n")
+ unless (-s "$backup_tarball");
+ }
+
+ # Change back to old directory (so it will work with -b <directory> as either
+ # an absolute or a relative path.
+ chdir("$old_dir")
+ or clean_exit("could not change directory back to $old_dir: $!");
+
+ copy("$tmpdir/$backup_tarball", "$dest_file")
+ or clean_exit("unable to copy $tmpdir/$backup_tarball to $dest_file/: $!\n");
+
+ print STDERR " saved as $dest_file.\n"
+ unless ($config{quiet});
+}
+
+
+
+# Print the results.
+sub print_changes($ $)
+{
+ my $ch_ref = shift;
+ my $rh_ref = shift;
+
+ my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5];
+
+ my $date = sprintf("%4d%02d%02d %02d:%02d:%02d",
+ $year + 1900, $mon + 1, $mday, $hour, $min, $sec);
+
+ print "\n[***] Results from Oinkmaster started $date [***]\n";
+
+ # Print new variables.
+ if ($config{update_vars}) {
+ if ($#{$$ch_ref{new_vars}} > -1) {
+ print "\n[*] New variables: [*]\n";
+ foreach my $var (@{$$ch_ref{new_vars}}) {
+ print " $var";
+ }
+ } else {
+ print "\n[*] New variables: [*]\n None.\n"
+ unless ($config{super_quiet});
+ }
+ }
+
+
+ # Print rules modifications.
+ print "\n[*] Rules modifications: [*]\n None.\n"
+ if (!keys(%{$$ch_ref{rules}}) && !$config{super_quiet});
+
+ # Print added rules.
+ if (exists($$ch_ref{rules}{added})) {
+ print "\n[+++] Added rules: [+++]\n";
+ if ($config{summary_output}) {
+ print_summary_change(\%{$$ch_ref{rules}{added}}, $rh_ref);
+ } else {
+ print_changetype($PRINT_NEW, "Added to",
+ \%{$$ch_ref{rules}{added}}, $rh_ref);
+ }
+ }
+
+ # Print enabled rules.
+ if (exists($$ch_ref{rules}{ena})) {
+ print "\n[+++] Enabled rules: [+++]\n";
+ if ($config{summary_output}) {
+ print_summary_change(\%{$$ch_ref{rules}{ena}}, $rh_ref);
+ } else {
+ print_changetype($PRINT_NEW, "Enabled in",
+ \%{$$ch_ref{rules}{ena}}, $rh_ref);
+ }
+ }
+
+ # Print enabled + modified rules.
+ if (exists($$ch_ref{rules}{ena_mod})) {
+ print "\n[+++] Enabled and modified rules: [+++]\n";
+ if ($config{summary_output}) {
+ print_summary_change(\%{$$ch_ref{rules}{ena_mod}}, $rh_ref);
+ } else {
+ print_changetype($PRINT_BOTH, "Enabled and modified in",
+ \%{$$ch_ref{rules}{ena_mod}}, $rh_ref);
+ }
+ }
+
+ # Print modified active rules.
+ if (exists($$ch_ref{rules}{mod_act})) {
+ print "\n[///] Modified active rules: [///]\n";
+
+ if ($config{summary_output}) {
+ print_summary_change(\%{$$ch_ref{rules}{mod_act}}, $rh_ref);
+ } else {
+ print_changetype($PRINT_BOTH, "Modified active in",
+ \%{$$ch_ref{rules}{mod_act}}, $rh_ref);
+ }
+ }
+
+ # Print modified inactive rules.
+ if (exists($$ch_ref{rules}{mod_ina})) {
+ print "\n[///] Modified inactive rules: [///]\n";
+ if ($config{summary_output}) {
+ print_summary_change(\%{$$ch_ref{rules}{mod_ina}}, $rh_ref);
+ } else {
+ print_changetype($PRINT_BOTH, "Modified inactive in",
+ \%{$$ch_ref{rules}{mod_ina}}, $rh_ref);
+ }
+ }
+
+ # Print disabled + modified rules.
+ if (exists($$ch_ref{rules}{dis_mod})) {
+ print "\n[---] Disabled and modified rules: [---]\n";
+ if ($config{summary_output}) {
+ print_summary_change(\%{$$ch_ref{rules}{dis_mod}}, $rh_ref);
+ } else {
+ print_changetype($PRINT_BOTH, "Disabled and modified in",
+ \%{$$ch_ref{rules}{dis_mod}}, $rh_ref);
+ }
+ }
+
+ # Print disabled rules.
+ if (exists($$ch_ref{rules}{dis})) {
+ print "\n[---] Disabled rules: [---]\n";
+ if ($config{summary_output}) {
+ print_summary_change(\%{$$ch_ref{rules}{dis}}, $rh_ref);
+ } else {
+ print_changetype($PRINT_NEW, "Disabled in",
+ \%{$$ch_ref{rules}{dis}}, $rh_ref);
+ }
+ }
+
+ # Print removed rules.
+ if (exists($$ch_ref{rules}{removed})) {
+ print "\n[---] Removed rules: [---]\n";
+ if ($config{summary_output}) {
+ print_summary_change(\%{$$ch_ref{rules}{removed}}, $rh_ref);
+ } else {
+ print_changetype($PRINT_OLD, "Removed from",
+ \%{$$ch_ref{rules}{removed}}, $rh_ref);
+ }
+ }
+
+
+ # Print non-rule modifications.
+ print "\n[*] Non-rule line modifications: [*]\n None.\n"
+ if (!keys(%{$$ch_ref{other}}) && !$config{super_quiet});
+
+ # Print added non-rule lines.
+ if (exists($$ch_ref{other}{added})) {
+ print "\n[+++] Added non-rule lines: [+++]\n";
+ foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{added}}))) {
+ my $num = $#{$$ch_ref{other}{added}{$file}} + 1;
+ print "\n -> Added to $file ($num):\n";
+ foreach my $line (@{$$ch_ref{other}{added}{$file}}) {
+ print " $line";
+ }
+ }
+ }
+
+ # Print removed non-rule lines.
+ if (keys(%{$$ch_ref{other}{removed}}) > 0) {
+ print "\n[---] Removed non-rule lines: [---]\n";
+ foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{removed}}))) {
+ my $num = $#{$$ch_ref{other}{removed}{$file}} + 1;
+ print "\n -> Removed from $file ($num):\n";
+ foreach my $other (@{$$ch_ref{other}{removed}{$file}}) {
+ print " $other";
+ }
+ }
+ }
+
+
+ # Print list of added files.
+ if (keys(%{$$ch_ref{added_files}})) {
+ print "\n[+] Added files (consider updating your snort.conf to include them if needed): [+]\n\n";
+ foreach my $added_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{added_files}}))) {
+ print " -> $added_file\n";
+ }
+ } else {
+ print "\n[*] Added files: [*]\n None.\n"
+ unless ($config{super_quiet} || $config{summary_output});
+ }
+
+ # Print list of possibly removed files if requested.
+ if ($config{check_removed}) {
+ if (keys(%{$$ch_ref{removed_files}})) {
+ print "\n[-] Files possibly removed from the archive ".
+ "(consider removing them from your snort.conf if needed): [-]\n\n";
+ foreach my $removed_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{removed_files}}))) {
+ print " -> $removed_file\n";
+ }
+ } else {
+ print "\n[*] Files possibly removed from the archive: [*]\n None.\n"
+ unless ($config{super_quiet} || $config{summary_output});
+ }
+ }
+
+ print "\n";
+}
+
+
+
+# Helper for print_changes().
+sub print_changetype($ $ $ $)
+{
+ my $type = shift; # $PRINT_OLD|$PRINT_NEW|$PRINT_BOTH
+ my $string = shift; # string to print before filename
+ my $ch_ref = shift; # reference to an entry in the rules changes hash
+ my $rh_ref = shift; # reference to rules hash
+
+ foreach my $file (sort({uc($a) cmp uc($b)} keys(%$ch_ref))) {
+ my $num = keys(%{$$ch_ref{$file}});
+ print "\n -> $string $file ($num):\n";
+ foreach my $sid (keys(%{$$ch_ref{$file}})) {
+ if ($type == $PRINT_OLD) {
+ print " $$rh_ref{old}{rules}{$file}{$sid}"
+ } elsif ($type == $PRINT_NEW) {
+ print " $$rh_ref{new}{rules}{$file}{$sid}"
+ } elsif ($type == $PRINT_BOTH) {
+
+ my $old = $$rh_ref{old}{rules}{$file}{$sid};
+ my $new = $$rh_ref{new}{rules}{$file}{$sid};
+
+ if ($config{minimize_diff}) {
+ my ($old, $new) = minimize_diff($old, $new);
+ print "\n old SID $sid: $old";
+ print " new SID $sid: $new";
+ } else {
+ print "\n old: $old";
+ print " new: $new";
+ }
+ }
+ }
+ }
+}
+
+
+
+# Print changes in bmc style, i.e. only sid and msg, no full details.
+sub print_summary_change($ $)
+{
+ my $ch_ref = shift; # reference to an entry in the rules changes hash
+ my $rh_ref = shift; # reference to rules hash
+
+ my (@sids, %sidmap);
+
+ print "\n";
+
+ # First get all the sids (may be spread across multiple files.
+ foreach my $file (keys(%$ch_ref)) {
+ foreach my $sid (keys(%{$$ch_ref{$file}})) {
+ push(@sids, $sid);
+ if (exists($$rh_ref{new}{rules}{$file}{$sid})) {
+ $sidmap{$sid}{rule} = $$rh_ref{new}{rules}{$file}{$sid};
+ } else {
+ $sidmap{$sid}{rule} = $$rh_ref{old}{rules}{$file}{$sid};
+ }
+ $sidmap{$sid}{file} = $file;
+ }
+ }
+
+ # Print rules, sorted by sid.
+ foreach my $sid (sort {$a <=> $b} (@sids)) {
+ my @rule = $sidmap{$sid}{rule};
+ my $file = $sidmap{$sid}{file};
+ get_next_entry(\@rule, undef, undef, undef, \(my $msg), undef);
+ printf("%8d - %s (%s)\n", $sid, $msg, $file);
+ }
+
+ print "\n";
+}
+
+
+
+# Compare the new rules to the old ones.
+sub get_changes($ $ $)
+{
+ my $rh_ref = shift;
+ my $new_files_ref = shift;
+ my $rules_dir = shift;
+ my %changes;
+
+ print STDERR "Comparing new files to the old ones... "
+ unless ($config{quiet});
+
+ # We have the list of added files (without full path) in $rh_ref{added_files}
+ # but we'd rather want to have it in $changes{added_files} now.
+ $changes{added_files} = $$rh_ref{added_files};
+
+ # New files are also regarded as modified since we want to update
+ # (i.e. add) those as well. Here we want them with full path.
+ foreach my $file (keys(%{$changes{added_files}})) {
+ $changes{modified_files}{"$tmpdir/$rules_dir/$file"}++;
+ }
+
+ # Add list of possibly removed files if requested.
+ if ($config{check_removed}) {
+ opendir(OLDRULES, "$config{output_dir}")
+ or clean_exit("could not open directory $config{output_dir}: $!");
+
+ while ($_ = readdir(OLDRULES)) {
+ next if (/^\.\.?$/);
+ $changes{removed_files}{"$_"} = 1
+ if (/$config{update_files}/ &&
+ !exists($config{file_ignore_list}{$_}) &&
+ !-e "$tmpdir/$rules_dir/$_");
+ }
+
+ closedir(OLDRULES);
+ }
+
+ # For each new rules file...
+ FILELOOP:foreach my $file_w_path (sort(keys(%$new_files_ref))) {
+ my $file = basename($file_w_path);
+
+ # Skip comparison if it's an added file.
+ next FILELOOP if (exists($$rh_ref{added_files}{$file}));
+
+ # For each sid in the new file...
+ foreach my $sid (keys(%{$$rh_ref{new}{rules}{$file}})) {
+ my $new_rule = $$rh_ref{new}{rules}{$file}{$sid};
+
+ # Sid also exists in the old file?
+ if (exists($$rh_ref{old}{rules}{$file}{$sid})) {
+ my $old_rule = $$rh_ref{old}{rules}{$file}{$sid};
+
+ # Are they identical?
+ unless ($new_rule eq $old_rule) {
+ $changes{modified_files}{$file_w_path}++;
+
+ # Find out in which way the rules are different.
+ if ("#$old_rule" eq $new_rule) {
+ $changes{rules}{dis}{$file}{$sid}++;
+ } elsif ($old_rule eq "#$new_rule") {
+ $changes{rules}{ena}{$file}{$sid}++;
+ } elsif ($old_rule =~ /^\s*#/ && $new_rule !~ /^\s*#/) {
+ $changes{rules}{ena_mod}{$file}{$sid}++;
+ } elsif ($old_rule !~ /^\s*#/ && $new_rule =~ /^\s*#/) {
+ $changes{rules}{dis_mod}{$file}{$sid}++;
+ } elsif ($old_rule =~ /^\s*#/ && $new_rule =~ /^\s*#/) {
+ $changes{rules}{mod_ina}{$file}{$sid}++;
+ } else {
+ $changes{rules}{mod_act}{$file}{$sid}++;
+ }
+
+ }
+ } else { # sid not found in old file, i.e. it's added
+ $changes{modified_files}{$file_w_path}++;
+ $changes{rules}{added}{$file}{$sid}++;
+ }
+ } # foreach sid
+
+ # Check for removed rules, i.e. sids that exist in the old file but
+ # not in the new one.
+ foreach my $sid (keys(%{$$rh_ref{old}{rules}{$file}})) {
+ unless (exists($$rh_ref{new}{rules}{$file}{$sid})) {
+ $changes{modified_files}{$file_w_path}++;
+ $changes{rules}{removed}{$file}{$sid}++;
+ }
+ }
+
+ # Check for added non-rule lines.
+ get_first_only(\my @added,
+ \@{$$rh_ref{new}{other}{$file}},
+ \@{$$rh_ref{old}{other}{$file}});
+
+ if (scalar(@added)) {
+ @{$changes{other}{added}{$file}} = @added;
+ $changes{modified_files}{$file_w_path}++;
+ }
+
+ # Check for removed non-rule lines.
+ get_first_only(\my @removed,
+ \@{$$rh_ref{old}{other}{$file}},
+ \@{$$rh_ref{new}{other}{$file}});
+
+ if (scalar(@removed)) {
+ @{$changes{other}{removed}{$file}} = @removed;
+ $changes{modified_files}{$file_w_path}++;
+ }
+
+ } # foreach new file
+
+ print STDERR "done.\n" unless ($config{quiet});
+
+ return (%changes);
+}
+
+
+
+# Simply copy the modified rules files to the output directory.
+sub update_rules($ @)
+{
+ my $dst_dir = shift;
+ my @modified_files = @_;
+
+ print STDERR "Updating local rules files... "
+ if (!$config{quiet} || $config{interactive});
+
+ foreach my $file_w_path (@modified_files) {
+ copy("$file_w_path", "$dst_dir")
+ or clean_exit("could not copy $file_w_path to $dst_dir: $!");
+ }
+
+ print STDERR "done.\n"
+ if (!$config{quiet} || $config{interactive});
+}
+
+
+# Simply copy rules files from one dir to another.
+# Links are not allowed.
+sub copy_rules($ $)
+{
+ my $src_dir = shift;
+ my $dst_dir = shift;
+
+ print STDERR "Copying rules from $src_dir... "
+ if (!$config{quiet} || $config{interactive});
+
+ opendir(SRC_DIR, $src_dir)
+ or clean_exit("could not open directory $src_dir: $!");
+
+ my $num_files = 0;
+ while ($_ = readdir(SRC_DIR)) {
+ next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_})
+ || !/$config{update_files}/);
+
+ my $src_file = untaint_path("$src_dir/$_");
+
+ # Make sure it's a regular file.
+ unless (-f "$src_file" && !-l "$src_file") {
+ closedir(SRC_DIR);
+ clean_exit("\"$src_file\" is not a regular file.")
+ }
+
+ unless (copy($src_file, $dst_dir)) {
+ closedir(SRC_DIR);
+ clean_exit("could not copy \"$src_file\" to \"$dst_dir\"/: $!");
+ }
+ $num_files++;
+ }
+
+ closedir(SRC_DIR);
+
+ print STDERR "$num_files files copied.\n"
+ if (!$config{quiet} || $config{interactive});
+}
+
+
+
+# Return true if file is in PATH and is executable.
+sub is_in_path($)
+{
+ my $file = shift;
+
+ foreach my $dir (File::Spec->path()) {
+ if ((-f "$dir/$file" && -x "$dir/$file")
+ || (-f "$dir/$file.exe" && -x "$dir/$file.exe")) {
+ print STDERR "Found $file binary in $dir\n"
+ if ($config{verbose});
+ return (1);
+ }
+ }
+
+ return (0);
+}
+
+
+
+# get_next_entry() will parse the array referenced in the first arg
+# and return the next entry. The array should contain a rules file,
+# and the returned entry will be removed from the array.
+# An entry is one of:
+# - single-line rule (put in 2nd ref)
+# - multi-line rule (put in 3rd ref)
+# - non-rule line (put in 4th ref)
+# If the entry is a multi-line rule, its single-line version is also
+# returned (put in the 2nd ref).
+# If it's a rule, the msg string will be put in 4th ref and sid in 5th.
+sub get_next_entry($ $ $ $ $ $)
+{
+ my $arr_ref = shift;
+ my $single_ref = shift;
+ my $multi_ref = shift;
+ my $nonrule_ref = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ undef($$single_ref);
+ undef($$multi_ref);
+ undef($$nonrule_ref);
+ undef($$msg_ref);
+ undef($$sid_ref);
+
+ my $line = shift(@$arr_ref) || return(0);
+ my $disabled = 0;
+ my $broken = 0;
+
+ chomp($line);
+ $line .= "\n";
+
+ # Possible beginning of multi-line rule?
+ if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
+ $$single_ref = $line;
+ $$multi_ref = $line;
+
+ $disabled = 1 if ($line =~ /^\s*#/);
+
+ # Keep on reading as long as line ends with "\".
+ while (!$broken && $line =~ /\\\s*\n$/) {
+
+ # Remove trailing "\" and newline for single-line version.
+ $$single_ref =~ s/\\\s*\n//;
+
+ # If there are no more lines, this can not be a valid multi-line rule.
+ if (!($line = shift(@$arr_ref))) {
+
+ warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
+ if ($config{verbose});
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+
+ # Multi-line continuation.
+ $$multi_ref .= $line;
+
+ # If there are non-comment lines in the middle of a disabled rule,
+ # mark the rule as broken to return as non-rule lines.
+ if ($line !~ /^\s*#/ && $disabled) {
+ $broken = 1;
+ } elsif ($line =~ /^\s*#/ && !$disabled) {
+ # comment line (with trailing slash) in the middle of an active rule - ignore it
+ } else {
+ $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
+ $$single_ref .= $line;
+ }
+
+ } # while line ends with "\"
+
+ # Single-line version should now be a valid rule.
+ # If not, it wasn't a valid multi-line rule after all.
+ if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
+
+ $$single_ref =~ s/^\s*//; # remove leading whitespaces
+ $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
+ $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ $$multi_ref =~ s/^\s*//;
+ $$multi_ref =~ s/\s*\n$/\n/;
+ $$multi_ref =~ s/^#+\s*/#/;
+
+ return (1); # return multi
+
+ # Invalid multi-line rule.
+ } else {
+ warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
+ if ($config{verbose} && $$multi_ref !~ /^\s*#/);
+
+ @_ = split(/\n/, $$multi_ref);
+
+ undef($$multi_ref);
+ undef($$single_ref);
+
+ # First line of broken multi-line rule will be returned as a non-rule line.
+ $$nonrule_ref = shift(@_) . "\n";
+ $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
+
+ # The rest is put back to the array again.
+ foreach $_ (reverse((@_))) {
+ unshift(@$arr_ref, "$_\n");
+ }
+
+ return (1); # return non-rule
+ }
+
+ # Check if it's a regular single-line rule.
+ } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
+ $$single_ref = $line;
+ $$single_ref =~ s/^\s*//;
+ $$single_ref =~ s/^#+\s*/#/;
+ $$single_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return single
+
+ # Non-rule line.
+ } else {
+
+ # Do extra check and warn if it *might* be a rule anyway,
+ # but that we just couldn't parse for some reason.
+ warn("\nWARNING: line may be a rule but it could not be parsed ".
+ "(missing sid?): $line\n")
+ if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
+
+ $$nonrule_ref = $line;
+ $$nonrule_ref =~ s/\s*\n$/\n/;
+
+ return (1); # return non-rule
+ }
+}
+
+
+
+# Look for variables that exist in dist var files but not in local var file.
+sub get_new_vars($ $ $ $)
+{
+ my $ch_ref = shift;
+ my $dist_var_files_ref = shift;
+ my $local_var_file = shift;
+ my $url_tmpdirs_ref = shift;
+
+ my %new_vars;
+ my (%old_vars, %dist_var_files, %found_dist_var_files);
+ my $confs_found = 0;
+
+
+ # Warn in case we can't find a specified dist file.
+ foreach my $dir (@$url_tmpdirs_ref) {
+ foreach my $dist_var_file (@$dist_var_files_ref) {
+ if (-e "$dir/$dist_var_file") {
+ $found_dist_var_files{$dist_var_file} = 1;
+ $confs_found++;
+ }
+ }
+ }
+
+ foreach my $dist_var_file (@$dist_var_files_ref) {
+ unless (exists($found_dist_var_files{$dist_var_file})) {
+ warn("WARNING: did not find variable file \"$dist_var_file\" in ".
+ "downloaded archive(s)\n")
+ unless($config{quiet});
+ }
+ }
+
+ unless ($confs_found) {
+ unless ($config{quiet}) {
+ warn("WARNING: no variable files found in downloaded archive(s), ".
+ "aborting check for new variables\n");
+ return;
+ }
+ }
+
+ # Read in variable names from old (target) var file.
+ open(LOCAL_VAR_FILE, "<", "$local_var_file")
+ or clean_exit("could not open $local_var_file for reading: $!");
+
+ my @local_var_conf = <LOCAL_VAR_FILE>;
+
+ foreach $_ (join_multilines(\@local_var_conf)) {
+ $old_vars{lc($1)}++ if (/$VAR_REGEXP/i);
+ }
+
+ close(LOCAL_VAR_FILE);
+
+ # Read in variables from new file(s).
+ foreach my $dir (@$url_tmpdirs_ref) {
+ foreach my $dist_var_file (@$dist_var_files_ref) {
+ my $conf = "$dir/$dist_var_file";
+ if (-e "$conf") {
+ my $num_new = 0;
+ print STDERR "Checking downloaded $dist_var_file for new variables... "
+ unless ($config{quiet});
+
+ open(DIST_CONF, "<", "$conf")
+ or clean_exit("could not open $conf for reading: $!");
+ my @dist_var_conf = <DIST_CONF>;
+ close(DIST_CONF);
+
+ foreach $_ (join_multilines(\@dist_var_conf)) {
+ if (/$VAR_REGEXP/i && !exists($old_vars{lc($1)})) {
+ my ($varname, $varval) = (lc($1), $2);
+ if (exists($new_vars{$varname})) {
+ warn("\nWARNING: new variable \"$varname\" is defined multiple ".
+ "times in downloaded files\n");
+ }
+ s/^\s*//;
+ push(@{$$ch_ref{new_vars}}, "$_\n");
+ $new_vars{$varname} = $varval;
+ $num_new++;
+ }
+ }
+
+ close(DIST_CONF);
+ print STDERR "$num_new new found.\n"
+ unless ($config{quiet});
+ }
+ }
+ }
+}
+
+
+
+# Add new variables to local snort.conf.
+sub add_new_vars($ $)
+{
+ my $ch_ref = shift;
+ my $varfile = shift;
+ my $tmp_varfile = "$tmpdir/tmp_varfile.conf";
+ my $new_content;
+
+ return unless ($#{$changes{new_vars}} > -1);
+
+ print STDERR "Adding new variables to $varfile... "
+ unless ($config{quiet});
+
+ open(OLD_LOCAL_CONF, "<", "$varfile")
+ or clean_exit("could not open $varfile for reading: $!");
+ my @old_content = <OLD_LOCAL_CONF>;
+ close(OLD_LOCAL_CONF);
+
+ open(NEW_LOCAL_CONF, ">", "$tmp_varfile")
+ or clean_exit("could not open $tmp_varfile for writing: $!");
+
+ my @old_vars = grep(/$VAR_REGEXP/i, @old_content);
+
+
+ # If any vars exist in old file, put new vars right after them.
+ if ($#old_vars > -1) {
+ while ($_ = shift(@old_content)) {
+ print NEW_LOCAL_CONF $_;
+ last if ($_ eq $old_vars[$#old_vars]);
+ }
+ }
+
+ print NEW_LOCAL_CONF @{$changes{new_vars}};
+ print NEW_LOCAL_CONF @old_content;
+
+ close(NEW_LOCAL_CONF);
+
+ clean_exit("could not copy $tmp_varfile to $varfile: $!")
+ unless (copy("$tmp_varfile", "$varfile"));
+
+ print STDERR "done.\n"
+ unless ($config{quiet});
+}
+
+
+
+# Convert msdos style path to cygwin style, e.g.
+# c:\foo => /cygdrive/c/foo
+sub msdos_to_cygwin_path($)
+{
+ my $path_ref = shift;
+
+ if ($$path_ref =~ /^([a-zA-Z]):[\/\\](.*)/) {
+ my ($drive, $dir) = ($1, $2);
+ $dir =~ s/\\/\//g;
+ $$path_ref = "/cygdrive/$drive/$dir";
+ return (1);
+ }
+
+ return (0);
+}
+
+
+
+# Parse and process a modifysid expression.
+# Return 1 if valid, or otherwise 0.
+sub parse_mod_expr($ $ $ $)
+{
+ my $mod_list_ref = shift; # where to store valid entries
+ my $sid_arg_list = shift; # comma-separated list of SIDs/files or wildcard
+ my $subst = shift; # regexp to look for
+ my $repl = shift; # regexp to replace it with
+
+ my @tmp_mod_list;
+
+ $sid_arg_list =~ s/\s+$//;
+
+ foreach my $sid_arg (split(/\s*,\s*/, $sid_arg_list)) {
+ my $type = "";
+
+ $type = "sid" if ($sid_arg =~ /^\d+$/);
+ $type = "file" if ($sid_arg =~ /^\S+.*\.\S+$/);
+ $type = "wildcard" if ($sid_arg eq "*");
+
+ return (0) unless ($type);
+
+ # Sanity check to make sure user escaped at least all the "$" in $subst.
+ if ($subst =~ /[^\\]\$./ || $subst =~ /^\$/) {
+ warn("WARNING: unescaped \$ in expression \"$subst\", all special ".
+ "characters must be escaped\n");
+ return (0);
+ }
+
+ # Only allow backreference variables. The check should at least catch some user typos.
+ if (($repl =~ /[^\\]\$(\D.)/ && $1 !~ /{\d/) || $repl =~ /[^\\]\$$/
+ || ($repl =~ /^\$(\D.)/ && $1 !~ /{\d/)) {
+ warn("WARNING: illegal replacement expression \"$repl\": unescaped \$ ".
+ "that isn't a backreference\n");
+ return (0);
+ }
+
+ # Don't permit unescaped @.
+ if ($repl =~ /[^\\]\@/ || $repl =~ /^\@/) {
+ warn("WARNING: illegal replacement expression \"$repl\": unescaped \@\n");
+ return (0);
+ }
+
+ # Make sure the regexp is valid.
+ my $repl_qq = "qq/$repl/";
+ my $dummy = "foo";
+
+ eval {
+ $dummy =~ s/$subst/$repl_qq/ee;
+ };
+
+ # We should probably check for warnings as well as errors...
+ if ($@) {
+ warn("Invalid regexp: $@");
+ return (0);
+ }
+
+ push(@tmp_mod_list, [$subst, $repl_qq, $type, $sid_arg]);
+ }
+
+ # If we come this far, all sids and the regexp were parsed successfully, so
+ # append them to real mod list array.
+ foreach my $mod_entry (@tmp_mod_list) {
+ push(@$mod_list_ref, $mod_entry);
+ }
+
+ return (1);
+}
+
+
+
+# Untaint a path. Die if it contains illegal chars.
+sub untaint_path($)
+{
+ my $path = shift;
+ my $orig_path = $path;
+
+ return $path unless ($config{use_path_checks});
+
+ (($path) = $path =~ /^([$OK_PATH_CHARS]+)$/)
+ or clean_exit("illegal character in path/filename ".
+ "\"$orig_path\", allowed are $OK_PATH_CHARS\n".
+ "Fix this or set use_path_checks=0 in oinkmaster.conf ".
+ "to disable this check completely if it is too strict.\n");
+
+ return ($path);
+}
+
+
+
+# Ask user to approve changes. Return 1 for yes, 0 for no.
+sub approve_changes()
+{
+ my $answer = "";
+
+ while ($answer !~ /^[yn]/i) {
+ print "Do you approve these changes? [Yn] ";
+ $answer = <STDIN>;
+ $answer = "y" unless ($answer =~ /\S/);
+ }
+
+ return ($answer =~ /^y/i);
+}
+
+
+
+# Remove common leading and trailing stuff from two rules.
+sub minimize_diff($ $)
+{
+ my $old_rule = shift;
+ my $new_rule = shift;
+
+ my $original_old = $old_rule;
+ my $original_new = $new_rule;
+
+ # Additional chars to print next to the diffing part.
+ my $additional_chars = 20;
+
+ # Remove the rev keyword from the rules, as it often
+ # makes the whole diff minimizing useless.
+ $old_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//;
+ my $old_rev = $1;
+
+ $new_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//;
+ my $new_rev = $1;
+
+ # If rev was the only thing that changed, we want to restore the rev
+ # before continuing so we don't remove common stuff from rules that
+ # are identical.
+ if ($old_rule eq $new_rule) {
+ $old_rule = $original_old;
+ $new_rule = $original_new;
+ }
+
+ # Temporarily remove possible leading # so it works nicely
+ # with modified rules that are also being either enabled or disabled.
+ my $old_is_disabled = 0;
+ my $new_is_disabled = 0;
+
+ $old_is_disabled = 1 if ($old_rule =~ s/^#//);
+ $new_is_disabled = 1 if ($new_rule =~ s/^#//);
+
+ # Go forward char by char until they aren't equeal.
+ # $i will bet set to the index where they diff.
+ my @old = split(//, $old_rule);
+ my @new = split(//, $new_rule);
+
+ my $i = 0;
+ while ($i <= $#old && $i <= $#new && $old[$i] eq $new[$i]) {
+ $i++;
+ }
+
+ # Now same thing but backwards.
+ # $j will bet set to the index where they diff.
+ @old = reverse(split(//, $old_rule));
+ @new = reverse(split(//, $new_rule));
+
+ my $j = 0;
+ while ($j <= $#old && $j <= $#new && $old[$j] eq $new[$j]) {
+ $j++;
+ }
+
+ # Print some additional chars on either side, if there is room for it.
+ $i -= $additional_chars;
+ $i = 0 if ($i < 0);
+
+ $j = -$j + $additional_chars;
+ $j = 0 if ($j > -1);
+
+ my ($old, $new);
+
+ # Print entire rules (i.e. they can not be shortened).
+ if (!$i && !$j) {
+ $old = $old_rule;
+ $new = $new_rule;
+
+ # Leading and trailing stuff can be removed.
+ } elsif ($i && $j) {
+ $old = "..." . substr($old_rule, $i, $j) . "...";
+ $new = "..." . substr($new_rule, $i, $j) . "...";
+
+ # Trailing stuff can be removed.
+ } elsif (!$i && $j) {
+ $old = substr($old_rule, $i, $j) . "...";
+ $new = substr($new_rule, $i, $j) . "...";
+
+ # Leading stuff can be removed.
+ } elsif ($i && !$j) {
+ $old = "..." . substr($old_rule, $i);
+ $new = "..." . substr($new_rule, $i);
+ }
+
+ chomp($old, $new);
+ $old .= "\n";
+ $new .= "\n";
+
+ # Restore possible leading # now.
+ $old = "#$old" if ($old_is_disabled);
+ $new = "#$new" if ($new_is_disabled);
+
+ return ($old, $new);
+}
+
+
+
+# Check a string and return 1 if it's a valid single-line snort rule.
+# Msg string is put in second arg, sid in third (those are the only
+# required keywords, besides the leading rule actions).
+sub parse_singleline_rule($ $ $)
+{
+ my $line = shift;
+ my $msg_ref = shift;
+ my $sid_ref = shift;
+
+ undef($$msg_ref);
+ undef($$sid_ref);
+
+ if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
+
+ if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
+ $$msg_ref = $1;
+ } else {
+ return (0);
+ }
+
+ if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
+ $$sid_ref = $1;
+ } else {
+ return (0);
+ }
+
+ return (1);
+ }
+
+ return (0);
+}
+
+
+
+# Merge multiline directives in an array by simply removing traling backslashes.
+sub join_multilines($)
+{
+ my $multiline_conf_ref = shift;
+ my $joined_conf = "";
+
+ foreach $_ (@$multiline_conf_ref) {
+ s/\\\s*\n$//;
+ $joined_conf .= $_;
+ }
+
+ return (split/\n/, $joined_conf);
+}
+
+
+
+# Catch SIGINT.
+sub catch_sigint()
+{
+ $SIG{INT} = 'IGNORE';
+ print STDERR "\nInterrupted, cleaning up.\n";
+ sleep(1);
+ clean_exit("interrupted by signal");
+}
+
+
+
+# Remove temporary directory and exit.
+# If a non-empty string is given as argument, it will be regarded
+# as an error message and we will use die() with the message instead
+# of just exit(0).
+sub clean_exit($)
+{
+ my $err_msg = shift;
+
+ $SIG{INT} = 'DEFAULT';
+
+ if (defined($tmpdir) && -d "$tmpdir") {
+ chdir(File::Spec->rootdir());
+ rmtree("$tmpdir", 0, 1);
+ undef($tmpdir);
+ }
+
+ if (!defined($err_msg) || $err_msg eq "") {
+ exit(0);
+ } else {
+ chomp($err_msg);
+ die("\n$0: Error: $err_msg\n\nOink, oink. Exiting...\n");
+ }
+}
+
+
+
+#### EOF ####
diff --git a/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl b/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl
new file mode 100644
index 00000000..e5f0d39e
--- /dev/null
+++ b/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl
@@ -0,0 +1,100 @@
+#!/usr/bin/perl -w
+
+#usage: rename perl_expression [files]
+my $usage = qq{rename [-v] s/pat/repl/ [filenames...]\t (c)2001 hellweg\@snark.de
+rename files read from the commandline or stdin
+
+License to use, modify and redistribute granted to each and every lifeform on
+this planet (as long as credit to hellweg\@snark.de remains). No guarantee that
+'rename' does or does not perform the way you want...
+
+} ;
+$verbose = 0 ;
+$quiet = 0 ;
+
+$op=shift || 0 ;
+if($op eq "-v") {
+ $verbose++ ; $quiet = 0 ;
+ $op=shift || 0 ;
+}
+if($op eq "-q") {
+ $quiet++ ; $verbose = 0 ;
+ $op=shift || 0 ;
+}
+if($op =~ /^-h/) {
+ print $usage; exit(0) ;
+}
+
+if(! $op) {
+ print $usage; exit(-1) ;
+}
+
+if (!@ARGV) {
+ @ARGV = <STDIN>;
+}
+
+$count=0 ;
+my($m, $d, $y, $T) ;
+for (@ARGV) {
+ chomp ;
+ if(-e $_) {
+ $was = $_;
+ if($op =~ /\$[Tdym]/) {
+ my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime((stat($_))[9]);
+ $m = sprintf("%0.2i", $mon+1);
+ $d = sprintf("%0.2i", $mday);
+ $y = $year + 1900 ;
+ $T = "$y$m$d" ;
+ }
+ eval $op;
+ die $@ if $@;
+ if(-f $_) { print("! exists already: $was -> $_ \n") unless $quiet ; }
+ else {
+ if(rename($was, $_)) {
+ print("$was -> $_\n") if $verbose ;
+ $count++;
+ } else {
+ if(/\//) {
+ # maybe we need to create dirs?
+ my $createRes = createDirs($_) ;
+ if($createRes) {
+ print("! fauled to create $createRes for $_\n")
+ unless $quiet ;
+ }
+ else { # try again
+ if(rename($was, $_)) {
+ print("$was -> $_\n") if $verbose ;
+ $count++;
+ } else {
+ print("! failed to rename $was -> $_ \n")
+ unless $quiet ;
+ }
+ }
+ }
+ else {
+ print("! failed to rename $was -> $_ \n") unless $quiet ;
+ }
+ }
+ }
+ }
+ else { print("! not found: $_ \n") ; }
+}
+print("renamed $count files\n") if $verbose ;
+
+
+sub createDirs { # return the dir we failed to create or 0
+ my $file = shift ;
+ my @dirs = split /\//, $file ;
+ pop @dirs ; # don't try to mkdir the file itself
+ my $current = "" ;
+ $current = "/" if ($file =~ /^\//) ;
+ foreach (@dirs) {
+ $current .= $_ ;
+ if(! -d $current) {
+ mkdir $current, 0700 || return $current ;
+ print "mkdir $current\n" if ($verbose) ;
+ }
+ $current .= "/" ;
+ }
+ return 0 ; # success
+}
diff --git a/config/snort-dev/css/sexybuttons.css b/config/snort-dev/css/sexybuttons.css
new file mode 100644
index 00000000..c3834b44
--- /dev/null
+++ b/config/snort-dev/css/sexybuttons.css
@@ -0,0 +1,342 @@
+/*
+ * Sexy Buttons
+ *
+ * DESCRIPTION:
+ * Sexy, skinnable HTML/CSS buttons with icons.
+ *
+ * PROJECT URL:
+ * http://code.google.com/p/sexybuttons/
+ *
+ * AUTHOR:
+ * Richard Davies
+ * http://www.richarddavies.us
+ * Richard@richarddavies.us
+ *
+ * VERSION:
+ * 1.1
+ *
+ * LICENSE:
+ * Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * Creative Commons 3.0 Attribution (http://creativecommons.org/licenses/by/3.0/)
+ *
+ * CREDITS:
+ * Inspired by, derived from, and thanks to:
+ * http://www.p51labs.com/simply-buttons-v2/
+ * http://www.oscaralexander.com/tutorials/how-to-make-sexy-buttons-with-css.html
+ * http://www.zurb.com/article/266/super-awesome-buttons-with-css3-and-rgba
+ * http://www.elctech.com/snippets/make-your-buttons-look-super-awesome
+ *
+ * USAGE:
+ * Simply add class="sexybutton [skin]" to a <button> or <a> element and wrap the label text with double <span>s.
+ * You can optionally add a "silk" icon to the button text by using a third <span> with class to identify the icon.
+ *
+ * EXAMPLE:
+ * <button id="btn1" class="sexybutton" name="btn1" type="submit" value="Submit">
+ * <span><span><span class="ok">Submit</span></span></span>
+ * </button>
+ */
+
+
+/*
+ * Generic styles for all Sexy Buttons
+ */
+
+.sexybutton {
+ display: inline-block;
+ margin: 0;
+ padding: 0;
+ font: bold 13px "Helvetica Neue", Helvetica, Arial !important;
+ text-decoration: none !important;
+ text-shadow: 1px 1px 2px rgba(0,0,0,0.20);
+ background: none;
+ border: none;
+ white-space: nowrap;
+ cursor: pointer;
+ user-select: none;
+ -moz-user-select: none;
+
+ /* Fix extra width padding in IE */
+ _width: 0;
+ overflow: visible;
+}
+
+.sexybutton span {
+ display: block; /* Prevents :active from working in IE--oh well! */
+ height: 24px;
+ padding-right: 12px;
+ background-repeat: no-repeat;
+ background-position: right top;
+}
+
+.sexybutton span span {
+ padding-right: 0;
+ padding-left: 12px;
+ line-height: 24px;
+ background-position: left top;
+}
+
+.sexybutton span span span {
+ padding-left: 21px;
+ background-image: none;
+ background-repeat: no-repeat;
+ background-position: left center;
+ /* IE6 still requires a PNG transparency fix */
+ /* _background-image: none; Or just hide icons from the undeserving IE6 */
+ /* _padding-left: 0; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton span span span.after {
+ padding-left: 0px;
+ padding-right: 21px;
+ background-position: right center;
+ /* IE6 still requires a PNG transparency fix */
+ /* _padding-right: 0; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton[disabled],
+.sexybutton[disabled]:hover,
+.sexybutton[disabled]:focus,
+.sexybutton[disabled]:active,
+.sexybutton.disabled,
+.sexybutton.disabled:hover,
+.sexybutton.disabled:focus,
+.sexybutton.disabled:active {
+ color: #333 !important;
+ cursor: inherit;
+ text-shadow: none;
+ opacity: 0.33;
+}
+
+.sexybutton:hover span,
+.sexybutton:focus span {
+ background-position: 100% -24px;
+}
+
+.sexybutton:hover span span,
+.sexybutton:focus span span {
+ background-position: 0% -24px;
+}
+
+.sexybutton:active span {
+ background-position: 100% -48px;
+}
+
+.sexybutton:active span span {
+ background-position: 0% -48px;
+}
+
+.sexybutton[disabled] span,
+.sexybutton.disabled span {
+ background-position: 100% -72px;
+}
+
+.sexybutton[disabled] span span,
+.sexybutton.disabled span span {
+ background-position: 0% -72px;
+}
+
+.sexybutton:hover span span span,
+.sexybutton:focus span span span,
+.sexybutton:active span span span,
+.sexybutton[disabled] span span span,
+.sexybutton.disabled span span span {
+ background-position: left center;
+}
+
+.sexybutton:hover span span span.after,
+.sexybutton:focus span span span.after,
+.sexybutton:active span span span.after,
+.sexybutton[disabled] span span span.after,
+.sexybutton.disabled span span span.after {
+ background-position: right center;
+}
+
+.sexybutton img {
+ margin-right: 5px;
+ vertical-align: text-top;
+ /* IE6 Hack */
+ _margin-top: 4px;
+ _vertical-align: text-bottom;
+ /* IE6 still requires a PNG transparency fix */
+ /* _display: none; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton img.after {
+ margin-right: 0;
+ margin-left: 5px;
+ /* IE6 still requires a PNG transparency fix */
+ /* _margin-left: 0; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton.sexysmalls { font-size:.8em !important; }
+.sexybutton.sexymedium { font-size: 15px !important; }
+.sexybutton.sexylarge { font-size: 18px !important; }
+
+
+/*
+ * Button Skins
+ *
+ * .PNG background images with alpha transparency are also supplied if you'd rather use them instead of the
+ * default .GIF images. (Just beware of IE6's lack of support.)
+ *
+ * Additional skins can be added below. The images/skins/ButtonTemplate.psd can be used to create new skins.
+ * Prefix the skin name with "sexy" to avoid any potential conflicts with other class names.
+ */
+
+/*
+ * Simple Skin Buttons
+ */
+
+.sexybutton.sexysimple {
+ position: relative;
+ padding: 5px 10px 5px;
+ font: inherit;
+ font-size: .85em !important;
+ font-style: normal !important;
+ font-weight: bold !important;
+ color: #fff !important;
+ line-height: 1;
+ background-image: url(/snort/images//awesome-overlay-sprite.png);
+ background-repeat: repeat-x;
+ background-position: 0 0;
+
+ /* Special effects */
+ text-shadow: 0 -1px 1px rgba(0,0,0,0.25), -2px 0 1px rgba(0,0,0,0.25);
+ border-radius: 5px;
+ -moz-border-radius: 5px;
+ -webkit-border-radius: 5px;
+ -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
+ -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
+
+ /* IE only stuff */
+ border-bottom: 1px solid transparent\9;
+ _background-image: none;
+
+ /* Cross browser inline block hack - http://blog.mozilla.com/webdev/2009/02/20/cross-browser-inline-block/ */
+ display: -moz-inline-stack;
+ display: inline-block;
+ vertical-align: middle;
+ *display: inline !important;
+ position: relative;
+
+ /* Force hasLayout in IE */
+ zoom: 1;
+
+ /* Disable text selection (Firefox only)*/
+ -moz-user-select: none;
+}
+
+.sexybutton.sexysimple::selection {
+ background: transparent;
+}
+
+.sexybutton.sexysimple:hover,
+.sexybutton.sexysimple:focus {
+ background-position: 0 -50px;
+ color: #fff !important;
+}
+
+.sexybutton.sexysimple:active {
+ background-position: 0 -100px;
+ -moz-box-shadow: inset 0 1px 2px rgba(0,0,0,0.7);
+ /* Unfortunately, Safari doesn't support inset yet */
+ -webkit-box-shadow: none;
+
+ /* IE only stuff */
+ border-bottom: 0\9;
+ border-top: 1px solid #666\9;
+}
+
+.sexybutton.sexysimple[disabled],
+.sexybutton.sexysimple.disabled {
+ background-position: 0 -150px;
+ color: #333 !important;
+ text-shadow: none;
+}
+
+.sexybutton.sexysimple[disabled]:hover,
+.sexybutton.sexysimple[disabled]:focus,
+.sexybutton.sexysimple[disabled]:active,
+.sexybutton.sexysimple.disabled:hover,
+.sexybutton.sexysimple.disabled:focus,
+.sexybutton.sexysimple.disabled:active {
+ -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
+ -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5);
+}
+
+.sexybutton.sexysimple span {
+ height: auto;
+ padding-left: 24px;
+ padding-right: 0;
+ background-position: left center;
+ background-repeat: no-repeat;
+ /* IE6 still requires a PNG transparency fix */
+ /* _padding-left: 0; Or just hide icons from the undeserving IE6 */
+}
+
+.sexybutton.sexysimple span.after {
+ padding-left: 0;
+ padding-right: 24px;
+ background-position: right center;
+ /* IE6 still requires a PNG transparency fix */
+ /* _padding-right: 0; Or just hide icons from the undeserving IE6 */
+}
+
+/* Simple button colors */
+.sexybutton.sexysimple { background-color: #333; } /* Default */
+.sexybutton.sexysimple.sexyblack { background-color: #333; }
+.sexybutton.sexysimple.sexyred { background-color: #a90118; }
+.sexybutton.sexysimple.sexyorange { background-color: #ff8a00; }
+.sexybutton.sexysimple.sexyyellow { background-color: #ffb515; }
+.sexybutton.sexysimple.sexygreen { background-color: #59a901; }
+.sexybutton.sexysimple.sexyblue { background-color: #015ea9; }
+.sexybutton.sexysimple.sexyteal { background-color: #2daebf; }
+.sexybutton.sexysimple.sexymagenta { background-color: #a9014b; }
+.sexybutton.sexysimple.sexypurple { background-color: #9d01a9; }
+
+/* Simple button sizes */
+.sexybutton.sexysimple.sexysmall { padding: 4px 7px 5px; font-size: 10px !important; }
+.sexybutton.sexysimple.sexysmall:active { padding: 5px 7px 4px; }
+.sexybutton.sexysimple { /* default */ }
+.sexybutton.sexysimple:active { padding: 6px 10px 4px; }
+.sexybutton.sexysimple.sexymedium { /* default */ }
+.sexybutton.sexysimple.sexymedium:active { padding: 6px 10px 4px; }
+.sexybutton.sexysimple.sexylarge { padding: 8px 14px 8px; font-size: 14px !important; }
+.sexybutton.sexysimple.sexylarge:active { padding: 9px 14px 7px; }
+.sexybutton.sexysimple.sexyxl { padding: 8px 14px 8px; font-size: 16px !important; }
+.sexybutton.sexysimple.sexyxl:active { padding: 9px 14px 7px; }
+.sexybutton.sexysimple.sexyxxl { padding: 8px 14px 8px; font-size: 20px !important; }
+.sexybutton.sexysimple.sexyxxl:active { padding: 9px 14px 7px; }
+.sexybutton.sexysimple.sexyxxxl { padding: 8px 14px 8px; font-size: 26px !important; }
+.sexybutton.sexysimple.sexyxxxl:active { padding: 9px 14px 7px; }
+
+.sexybutton.sexysimple.sexysmall[disabled]:active,
+.sexybutton.sexysimple.sexysmall.disabled:active { padding: 4px 7px 5px; }
+.sexybutton.sexysimple[disabled]:active,
+.sexybutton.sexysimple.disabled:active { padding: 5px 10px 5px; }
+.sexybutton.sexysimple.sexymedium[disabled]:active,
+.sexybutton.sexysimple.sexymedium.disabled:active { padding: 6px 10px 4px; }
+.sexybutton.sexysimple.sexylarge[disabled]:active,
+.sexybutton.sexysimple.sexylarge.disabled:active { padding: 8px 14px 8px; }
+.sexybutton.sexysimple.sexyxl[disabled]:active,
+.sexybutton.sexysimple.sexyxl.disabled:active { padding: 8px 14px 8px; }
+.sexybutton.sexysimple.sexyxxl[disabled]:active,
+.sexybutton.sexysimple.sexyxxl.disabled:active { padding: 8px 14px 8px; }
+.sexybutton.sexysimple.sexyxxxl[disabled]:active,
+.sexybutton.sexysimple.sexyxxxl.disabled:active { padding: 8px 14px 8px; }
+
+
+/*
+ * Icon Definitions
+ */
+
+/* Silk Icons - http://www.famfamfam.com/lab/icons/silk/ */
+/* (Obviously not all Silk icons are defined here. Feel free to define any other icons that you may need.) */
+
+.sexybutton span.ok { background-image: url(/snort/images//tick.png) !important; }
+.sexybutton span.cancel { background-image: url(/snort/images//cross.png) !important; }
+.sexybutton span.add { background-image: url(/snort/images//add.png) !important; }
+.sexybutton span.delete { background-image: url(/snort/images//delete.png) !important; }
+.sexybutton span.download { background-image: url(/snort/images//arrow_down.png) !important; }
+.sexybutton span.pwhitetxt { background-image: url(/snort/images//page_white_text.png) !important; }
+
diff --git a/config/snort-dev/css/style.css b/config/snort-dev/css/style.css
new file mode 100644
index 00000000..b484966c
--- /dev/null
+++ b/config/snort-dev/css/style.css
@@ -0,0 +1,206 @@
+.alert {
+ position:absolute;
+ top:10px;
+ left:0px;
+ width:94%;
+background:#FCE9C0;
+background-position: 15px;
+border-top:2px solid #DBAC48;
+border-bottom:2px solid #DBAC48;
+padding: 15px 10px 85% 50px;
+}
+
+.formpre {
+font-family:arial;
+font-size: 1.1em;
+}
+
+#download_rules {
+font-family: arial;
+font-size: 13px;
+font-weight: bold;
+text-align: center
+}
+
+#download_rules_td {
+font-family: arial;
+font-size: 13px;
+font-weight: bold;
+text-align: center
+}
+
+/* hack fix the hard coded fbegin link */
+#header-left2 {
+position: absolute;
+background-position: center center;
+height: 67px;
+width: 147px;
+top: -77px;
+left: 8px;
+float: left;
+z-index:999;
+}
+#header-left2 #status-link2 {
+ position: relative;
+ top: 3px;
+ left: 2px;
+}
+/* end of fbegin hack */
+
+.body2 {
+font-family:arial;
+font-size:12px;
+}
+
+
+
+
+/* Start of main css Pfsense */
+/* Start of main css Pfsense */
+
+@charset "utf-8";
+.textstyle {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 12px;
+ font-style: normal;
+ background-color: #666;
+ color: #CCC;
+}
+.textstyle p2 a {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 12px;
+ font-style: normal;
+ color: #CCC;
+}
+
+.textstyle p {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 24px;
+ font-weight: bold;
+ color: #FFF;
+ text-decoration: underline;
+}
+.textstyle p2 {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 12px;
+ color: #CCC;
+}
+
+/* Start of main css for table sort */
+/* Start of main css for table sort */
+
+table {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 9;
+ font-family: Arial, Helvetica, sans-serif;
+ vertical-align: baseline;
+}
+
+/* Tables still need 'cellspacing="0"' in the markup. */
+table { border-collapse: separate; border-spacing: 0; }
+caption, th, td { text-align: left; font-weight:400; }
+
+/* Remove possible quote marks (") from <q>, <blockquote>. */
+blockquote:before, blockquote:after, q:before, q:after { content: ""; }
+blockquote, q { quotes: "" ""; }
+
+#container {
+ width: auto;
+ margin: 0px;
+ padding-top: 10px;
+ padding-bottom: 10px;
+}
+
+
+
+/**************************************************************
+
+ Sortable Table
+ v 1.4
+
+**************************************************************/
+
+
+
+th {
+ background-color: #eee;
+ background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px;
+ padding: 4px 4px 4px 14px;
+}
+
+.allRow {
+ background-color: #eee;
+ padding: 4px;
+}
+
+tr.altRow {
+ background-color: #fff;
+}
+
+.leftAlign {
+ text-align: left;
+}
+
+.centerAlign {
+ text-align: center;
+}
+
+.rightAlign {
+ text-align: right;
+}
+
+.sortedASC {
+ background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee;
+}
+
+.sortedDESC {
+ background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee;
+}
+
+.tableHeaderOver {
+ cursor: pointer;
+ color: #354158;
+}
+
+
+tr.selected {
+ background-color: 9999ff;
+ color: #000000;
+}
+
+tr.over {
+ background-color: #993333;
+ color: #fff;
+ cursor: pointer;
+}
+
+tr.hide {
+ display: none;
+}
+/***************************/
+
+.mainTableFilter {
+ position: absolute;
+ top: 0;
+ left: -10px;
+ width: auto;
+}
+
+.tableFilter {
+ border: 1px solid #ccc;
+ padding: 2px;
+ margin: 5px 0 10px 0;
+}
+
+.tableFilter input {
+ border: 1px solid #ccc;
+}
+
+.tableFilter select {
+ border: 1px solid #ccc;
+}
+
diff --git a/config/snort-dev/help_and_info.php b/config/snort-dev/help_and_info.php
new file mode 100644
index 00000000..af8eb4ae
--- /dev/null
+++ b/config/snort-dev/help_and_info.php
@@ -0,0 +1,247 @@
+<?php
+
+require_once("guiconfig.inc");
+
+echo '
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+<title>The Snort Package Help Page</title>
+<style type="text/css">
+body {
+ background: #f0f0f0;
+ margin: 0;
+ padding: 0;
+ font: 10px normal Verdana, Arial, Helvetica, sans-serif;
+ color: #444;
+}
+h1 {font-size: 3em; margin: 20px 0;}
+.container {width: 800px; margin: 10px auto;}
+ul.tabs {
+ margin: 0;
+ padding: 0;
+ float: left;
+ list-style: none;
+ height: 25px;
+ border-bottom: 1px solid #999;
+ border-left: 1px solid #999;
+ width: 100%;
+}
+ul.tabs li {
+ float: left;
+ margin: 0;
+ padding: 0;
+ height: 24px;
+ line-height: 24px;
+ border: 1px solid #000000;
+ border-left: none;
+ margin-bottom: -1px;
+ background: #ffffff;
+ overflow: hidden;
+ position: relative;
+}
+ul.tabs li a {
+ text-decoration: none;
+ color: #000000;
+ display: block;
+ font-size: 1.2em;
+ padding: 0 20px;
+ border: 1px solid #fff;
+ outline: none;
+}
+ul.tabs li a:hover {
+ background: #eeeeee;
+}
+
+html ul.tabs li.active, html ul.tabs li.active a:hover {
+ background: #fff;
+ border-bottom: 1px solid #fff;
+ color: #000000;
+}
+.tab_container {
+ border: 1px solid #999;
+ border-top: none;
+ clear: both;
+ float: left;
+ width: 100%;
+ background: #fff;
+ -moz-border-radius-bottomright: 5px;
+ -khtml-border-radius-bottomright: 5px;
+ -webkit-border-bottom-right-radius: 5px;
+ -moz-border-radius-bottomleft: 5px;
+ -khtml-border-radius-bottomleft: 5px;
+ -webkit-border-bottom-left-radius: 5px;
+}
+.tab_content {
+ padding: 20px;
+ font-size: 1.2em;
+}
+.tab_content h2 {
+ font-weight: normal;
+ padding-bottom: 10px;
+ border-bottom: 1px dashed #ddd;
+ font-size: 1.8em;
+}
+.tab_content h3 a{
+ color: #254588;
+}
+.tab_content img {
+ float: left;
+ margin: 0 20px 20px 0;
+ border: 1px solid #ddd;
+ padding: 5px;
+}
+</style>
+
+<script type="text/javascript" src="./javascript/jquery-1.4.2.min.js"></script>
+
+<script type="text/javascript">
+
+jQuery(document).ready(function() {
+
+ //Default Action
+ jQuery(".tab_content").hide(); //Hide all content
+ jQuery("ul.tabs li:first").addClass("active").show(); //Activate first tab
+ jQuery(".tab_content:first").show(); //Show first tab content
+
+ //On Click Event
+ jQuery("ul.tabs li").click(function() {
+ jQuery("ul.tabs li").removeClass("active"); //Remove any "active" class
+ jQuery(this).addClass("active"); //Add "active" class to selected tab
+ jQuery(".tab_content").hide(); //Hide all tab content
+ var activeTab = jQuery(this).find("a").attr("href"); //Find the rel attribute value to identify the active tab + content
+ jQuery(activeTab).fadeIn(); //Fade in the active content
+ return false;
+ });
+
+});
+
+</script>
+
+</head>
+
+<body>
+
+<div class="container">
+ <ul class="tabs">
+ <li><a href="#tab1">Home</a></li>
+ <li><a href="#tab2">Change Log</a></li>
+ <li><a href="#tab3">Getting Help</a></li>
+ <li><a href="#tab4">Heros</a></li>
+ </ul>
+ <div class="tab_container">
+ <div id="tab1" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p>
+ <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire\'s Snort ® IDS/IPS software. The Snort Package goal is to be
+ the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for
+ network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create
+ software.
+ </p>
+ <p>
+ <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and
+ can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port
+ scans, CGI attacks, SMB probes, and much more.
+ </p>
+ <p>
+ <font size="5"><strong>Requirements :</strong></font><br>
+ Minimum requirement 256 mb ram, 500 MHz CPU.<br>
+ Recommended 500 mb ram, 1 Ghz CPU.<br>
+ The more rules you run the more memory you need.<br>
+ The more interfaces you select the more memory you need.<br><br>
+ Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM).
+ </p>
+
+ </div>
+
+ <div id="tab2" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p><font size="5"><strong>Change Log</strong></font><p>
+
+ <p>Changes to this package can be viewed by following <a href="https://github.com/bsdperimeter/pfsense-packages" target="_blank"><font size="2" color="#990000"><strong>packages repository</strong></font></a></p>
+ </div>
+
+ <div id="tab3" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p><font size="5"><strong>Getting Help</strong></font></p>
+
+<p>
+<font size="2"><strong>Obtaining Support</strong></font><br>
+
+We provide several means of obtaining support for pfSense.
+</p>
+
+<p>
+<font color="#990000" size="4"><strong>Free Options</strong></font><br>
+Our free options include our <a href="http://forum.pfsense.org/" target="_blank"><font color="#990000"><strong>forum</strong></font></a>, <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71" target="_blank"><font color="#990000"><strong>mailing list</strong></font></a> , and <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=64&Itemid=72" target="_blank"><font color="#990000"><strong>IRC channel</strong></font></a>. Before using any of these resources, please review the Project Rules below.
+</p>
+
+<p>
+<font color="#990000" size="4"><strong>Commercial Support</strong></font><br>
+
+<a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>Commercial support</strong></font></a> is available from the company founded by the founders of the pfSense project, <a href="http://www.bsdperimeter.com/" target="_blank"><font color="#990000"><strong>BSD Perimeter</strong></font></a>. Phone and email support is available for <a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>support subscribers</strong></font></a> only.
+</p>
+
+<p>
+<font color="#990000" size="4"><strong>Project Rules</strong></font><br>
+To keep things orderly, and be fair to everyone, we must enforce these rules.
+</p>
+
+<p>
+Please do not post support questions to the blog comments. The comments are for discussion of the post, and letting people ask questions there would make a mess of the purpose of those comments. Any support questions will not be moderator approved.
+</p>
+
+<p>
+Please do not cross post questions between the forum and mailing list, unless your inquiry has gone unanswered for at least 24 hours. Do not bump your mailing list or forum posts for at least 24 hours. If you have not received a reply after more than 24 hours, you are welcome to bump your thread.
+</p>
+
+<p>
+Please do not email individuals, the coreteam address, or private message people on the forum to ask questions. We provide a wide variety of means for obtaining help in a public forum, where it helps others who have the same questions in the future. We don\'t have enough time to answer all the questions our users post in the public forums, much less via email and private messages. Since we cannot possibly reply to everyone\'s email and private messages, to be fair we will not reply to anyone. Individual attention via phone and email support is available for commercial support customers.
+</p>
+ </div>
+
+ <div id="tab4" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p><font size="5"><strong>Heros</strong></font></p>
+
+ <p>Pfsense Snort Package users who have cared enough to donate to this project. I can\'t thank you enough for all your help. With-out your support I would have stoped long time ago.</p>
+
+ <p>If your not on this list PM me and I will add you. If you would like to be removed pm me and I will remove you.</p>
+
+ <p><font size="5"><strong>Names</strong></font></p>
+
+ <p>sandro tavella</p>
+ <p>João Kemp Filho</p>
+ <p>Julio Fumoso</p>
+ <p>Rolland Hart</p>
+ <p>DiMarco Technology Solutions Inc.</p>
+ <p>Brett Burley</p>
+ <p>Tomasz Iskra</p>
+ <p>Bruno Buchschacher</p>
+ <p>Marco Pannetto</p>
+ <p>Christopher Weakland</p>
+ <p>Antonio Riveros</p>
+ <p>DigitalJer</p>
+ <p>Serialdie</p>
+ <p>Dlawley</p>
+ <p>Onhel</p>
+ <p>Jerrygoldsmith</p>
+
+
+ </div>
+ </div>
+</div>
+
+</body>
+</html>
+
+';
+
+?>
diff --git a/config/snort-dev/images/alert.jpg b/config/snort-dev/images/alert.jpg
new file mode 100644
index 00000000..96c24e35
--- /dev/null
+++ b/config/snort-dev/images/alert.jpg
Binary files differ
diff --git a/config/snort-dev/images/arrow_down.png b/config/snort-dev/images/arrow_down.png
new file mode 100644
index 00000000..2c4e2793
--- /dev/null
+++ b/config/snort-dev/images/arrow_down.png
Binary files differ
diff --git a/config/snort-dev/images/awesome-overlay-sprite.png b/config/snort-dev/images/awesome-overlay-sprite.png
new file mode 100644
index 00000000..c3af7dd9
--- /dev/null
+++ b/config/snort-dev/images/awesome-overlay-sprite.png
Binary files differ
diff --git a/config/snort-dev/images/down.gif b/config/snort-dev/images/down.gif
new file mode 100644
index 00000000..2b3c99fc
--- /dev/null
+++ b/config/snort-dev/images/down.gif
Binary files differ
diff --git a/config/snort-dev/images/down2.gif b/config/snort-dev/images/down2.gif
new file mode 100644
index 00000000..71bf92eb
--- /dev/null
+++ b/config/snort-dev/images/down2.gif
Binary files differ
diff --git a/config/snort-dev/images/footer.jpg b/config/snort-dev/images/footer.jpg
new file mode 100644
index 00000000..4af05707
--- /dev/null
+++ b/config/snort-dev/images/footer.jpg
Binary files differ
diff --git a/config/snort-dev/images/footer2.jpg b/config/snort-dev/images/footer2.jpg
new file mode 100644
index 00000000..3332e085
--- /dev/null
+++ b/config/snort-dev/images/footer2.jpg
Binary files differ
diff --git a/config/snort-dev/images/icon-table-sort-asc.png b/config/snort-dev/images/icon-table-sort-asc.png
new file mode 100644
index 00000000..0c127919
--- /dev/null
+++ b/config/snort-dev/images/icon-table-sort-asc.png
Binary files differ
diff --git a/config/snort-dev/images/icon-table-sort-desc.png b/config/snort-dev/images/icon-table-sort-desc.png
new file mode 100644
index 00000000..5c52f2d0
--- /dev/null
+++ b/config/snort-dev/images/icon-table-sort-desc.png
Binary files differ
diff --git a/config/snort-dev/images/icon-table-sort.png b/config/snort-dev/images/icon-table-sort.png
new file mode 100644
index 00000000..3cae604b
--- /dev/null
+++ b/config/snort-dev/images/icon-table-sort.png
Binary files differ
diff --git a/config/snort-dev/images/icon_excli.png b/config/snort-dev/images/icon_excli.png
new file mode 100644
index 00000000..4b54fa31
--- /dev/null
+++ b/config/snort-dev/images/icon_excli.png
Binary files differ
diff --git a/config/snort-dev/images/logo.jpg b/config/snort-dev/images/logo.jpg
new file mode 100644
index 00000000..fa01d818
--- /dev/null
+++ b/config/snort-dev/images/logo.jpg
Binary files differ
diff --git a/config/snort-dev/images/logo22.png b/config/snort-dev/images/logo22.png
new file mode 100644
index 00000000..64ed9d75
--- /dev/null
+++ b/config/snort-dev/images/logo22.png
Binary files differ
diff --git a/config/snort-dev/images/page_white_text.png b/config/snort-dev/images/page_white_text.png
new file mode 100644
index 00000000..813f712f
--- /dev/null
+++ b/config/snort-dev/images/page_white_text.png
Binary files differ
diff --git a/config/snort-dev/images/up.gif b/config/snort-dev/images/up.gif
new file mode 100644
index 00000000..89596771
--- /dev/null
+++ b/config/snort-dev/images/up.gif
Binary files differ
diff --git a/config/snort-dev/images/up2.gif b/config/snort-dev/images/up2.gif
new file mode 100644
index 00000000..21c5a254
--- /dev/null
+++ b/config/snort-dev/images/up2.gif
Binary files differ
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
new file mode 100644
index 00000000..49439149
--- /dev/null
+++ b/config/snort-dev/snort.inc
@@ -0,0 +1,2510 @@
+<?php
+/*
+ snort.inc
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009-2010 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ part of pfSense
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("pfsense-utils.inc");
+require_once("config.inc");
+require_once("functions.inc");
+
+// Needed on 2.0 because of filter_get_vpns_list()
+require_once("filter.inc");
+
+/* package version */
+$snort_package_version = 'Snort 2.9.2.3 pkg v. 2.2';
+$snort_rules_file = "snortrules-snapshot-2922.tar.gz";
+
+/* Allow additional execution time 0 = no limit. */
+ini_set('max_execution_time', '9999');
+ini_set('max_input_time', '9999');
+
+/* define oinkid */
+if ($config['installedpackages']['snortglobal'])
+ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+else
+ $config['installedpackages']['snortglobal'] = array();
+
+/* find out if were in 1.2.3-RELEASE */
+if (intval($config['version']) > 6)
+ $snort_pfsense_basever = 'no';
+else
+ $snort_pfsense_basever = 'yes';
+
+/* find out what arch where in x86 , x64 */
+global $snort_arch;
+$snort_arch = 'x86';
+$snort_arch_ck = php_uname("m");
+if ($snort_arch_ck == 'i386')
+ $snort_arch = 'x86';
+else if ($snort_arch_ck == "amd64")
+ $snort_arch = 'x64';
+else
+ $snort_arch = "Unknown";
+
+/* tell me my theme */
+$pfsense_theme_is = $config['theme'];
+
+/* func builds custom white lists */
+function find_whitelist_key($find_wlist_number) {
+ global $config, $g;
+
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
+ $config['installedpackages']['snortglobal']['whitelist'] = array();
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ return 0; /* XXX */
+
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $w_key => $value) {
+ if ($value['name'] == $find_wlist_number)
+ return $w_key;
+ }
+}
+
+/* func builds custom suppress lists */
+function find_suppress_key($find_slist_number) {
+ global $config, $g;
+
+ if (!is_array($config['installedpackages']['snortglobal']['suppress']))
+ $config['installedpackages']['snortglobal']['suppress'] = array();
+ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
+ return 0; /* XXX */
+
+ foreach ($config['installedpackages']['snortglobal']['suppress']['item'] as $s_key => $value) {
+ if ($value['name'] == $find_slist_number)
+ return $s_key;
+ }
+}
+
+/* func builds custom whitelests */
+function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) {
+ global $config, $g, $snort_pfsense_basever;
+
+ /* build an interface array list */
+ if (function_exists('get_configured_interface_list'))
+ $int_array = get_configured_interface_list();
+ else {
+ $int_array = array('lan');
+ for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
+ if(isset($config['interfaces']['opt' . $j]['enable']))
+ if(isset($config['interfaces']['opt' . $j]['gateway']))
+ $int_array[] = "opt{$j}";
+ }
+
+ $home_net = "";
+
+ /* iterate through interface list and write out whitelist items
+ * and also compile a home_net list for snort.
+ */
+ foreach ($int_array as $int) {
+ /* calculate interface subnet information */
+ if (function_exists('get_interface_ip')) {
+ $subnet = get_interface_ip($int);
+ if (is_ipaddr($subnet)) {
+ $sn = get_interface_subnet($int);
+ $home_net .= "{$subnet}/{$sn} ";
+ }
+ } else {
+ $ifcfg = $config['interfaces'][$int];
+ switch ($ifcfg['ipaddr']) {
+ case "pppoe":
+ case "pptp":
+ case "l2tp":
+ if (function_exists('get_interface_ip'))
+ $subnet = get_interface_ip($int);
+ else
+ $subnet = find_interface_ip("ng0");
+
+ if (is_ipaddr($subnet))
+ $home_net .= "{$subnet} ";
+ break;
+ case "dhcp":
+ $subnet = find_interface_ip(snort_get_real_interface($int));
+ if (is_ipaddr($subnet))
+ $home_net .= "{$subnet} ";
+ break;
+ default:
+ if (is_ipaddr($ifcfg['ipaddr'])) {
+ $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
+ if ($ifcfg['subnet'])
+ $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
+ }
+ break;
+ }
+ }
+ }
+
+ if ($snort_pfsense_basever == 'yes' && $wanip == 'yes') {
+ /* add all WAN ips to the whitelist */
+ $wan_if = get_real_wan_interface();
+ $ip = find_interface_ip($wan_if);
+ if (is_ipaddr($ip))
+ $home_net .= "{$ip} ";
+ }
+
+ if ($wangw == 'yes') {
+ /* Add Gateway on WAN interface to whitelist (For RRD graphs) */
+ $gw = get_interface_gateway('wan');
+ if($gw)
+ $home_net .= "{$gw} ";
+ }
+
+ if($wandns == 'yes') {
+ /* Add DNS server for WAN interface to whitelist */
+ $dns_servers = get_dns_servers();
+ foreach ($dns_servers as $dns) {
+ if($dns)
+ $home_net .= "{$dns} ";
+ }
+ }
+
+ if($vips == 'yes') {
+ /* iterate all vips and add to whitelist */
+ if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
+ foreach($config['virtualip']['vip'] as $vip)
+ if($vip['subnet'])
+ $home_net .= "{$vip['subnet']} ";
+ }
+ }
+
+ /* Add loopback to whitelist (ftphelper) */
+ $home_net .= "127.0.0.1 ";
+
+ /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
+ if ($vpns == 'yes') {
+ if ($snort_pfsense_basever == 'yes') // chk what pfsense version were on
+ $vpns_list = get_vpns_list();
+ else if ($snort_pfsense_basever == 'no') // chk what pfsense version were on
+ $vpns_list = filter_get_vpns_list();
+
+ if (!empty($vpns_list))
+ $home_net .= "{$vpns_list} ";
+ }
+
+ /* never ever compair numbers to words */
+ if ($userwips > -1) {
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+ $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address'];
+ }
+
+ $home_net = trim($home_net);
+
+ /* this foe whitelistfile, convert spaces to carriage returns */
+ if ($build_netlist == 'whitelist') {
+ $whitelist_home_net = str_replace(" ", "\n", $home_net);
+ $whitelist_home_net = str_replace(" ", "\n", $home_net);
+ return $whitelist_home_net;
+ }
+
+ /* this is for snort.conf */
+ $validator = explode(" ", $home_net);
+ $valresult = array();
+ foreach ($validator as $vald) {
+ if (empty($vald))
+ continue;
+ $valresult[] = $vald;
+ }
+ $home_net = implode(",", $valresult);
+ $home_net = "[{$home_net}]";
+
+ return $home_net;
+}
+
+
+/* checks to see if snort is running yes/no and stop/start */
+function Running_Ck($snort_uuid, $if_real, $id) {
+ global $config;
+
+ $snort_uph = 'no';
+ $snort_up_prell = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
+ if ($snort_up_prell != '')
+ $snort_uph = 'yes';
+
+ return $snort_uph;
+}
+
+/* checks to see if barnyard2 is running yes/no */
+function Running_Ck_b($snort_uuid, $if_real, $id) {
+ global $config;
+
+ $snort_up_b = 'no';
+ $snort_up_pre_b = exec("/bin/ps -ax | /usr/bin/grep barnyard2 | /usr/bin/grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'");
+ if ($snort_up_pre_b != '')
+ $snort_up_b = 'yes';
+
+ return $snort_up_b;
+}
+
+function Running_Stop($snort_uuid, $if_real, $id) {
+ global $config, $g;
+
+ /* if snort.sh crashed this will remove the pid */
+ @unlink("{$g['tmp_path']}/snort.sh.pid");
+
+ $start_up = exec("/bin/ps -ax | /usr/bin/grep \"R {$snort_uuid}\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
+ $start_upb = exec("/bin/ps -ax | /usr/bin/grep \"snort_{$snort_uuid}_{$if_real}.u2\" | /usr/bin/grep -v grep | /usr/bin/awk '{ print \$1; }'");
+
+
+ if ($start_up != '') {
+ exec("/bin/kill {$start_up}");
+ exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
+ exec("/bin/rm /var/log/snort/snort_{$if_real}{$snort_uuid}/snort_{$snort_uuid}_{$if_real}*");
+ @unlink("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert_{$snort_uuid}");
+ }
+
+ if ($start_upb != '') {
+ exec("/bin/kill {$start_upb}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ exec("/bin/rm /var/log/snort/snort_{$if_real}{$snort_uuid}/snort.u2_{$snort_uuid}_{$if_real}*");
+ }
+
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
+ sleep(2); // Give time so GUI displays correctly
+}
+
+function Running_Start($snort_uuid, $if_real, $id) {
+ global $config;
+
+ /* if snort.sh crashed this will remove the pid */
+ @unlink("{$g['tmp_path']}/snort.sh.pid");
+
+ $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
+ if ($snort_info_chk == 'on')
+ exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ else
+ return;
+
+ /* define snortbarnyardlog_chk */
+ /* top will have trouble if the uuid is to far back */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
+ exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$snort_uuid}_{$if_real}/ -D -q");
+ }
+
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'");
+ sleep(2); // Give time so GUI displays correctly
+}
+
+function snort_get_friendly_interface($interface) {
+
+ if (function_exists('convert_friendly_interface_to_friendly_descr'))
+ $iface = convert_friendly_interface_to_friendly_descr($interface);
+ else {
+ if (!$interface || ($interface == "wan"))
+ $iface = "WAN";
+ else if(strtolower($interface) == "lan")
+ $iface = "LAN";
+ else if(strtolower($interface) == "pppoe")
+ $iface = "PPPoE";
+ else if(strtolower($interface) == "pptp")
+ $iface = "PPTP";
+ else
+ $iface = strtoupper($interface);
+ }
+
+ return $iface;
+}
+
+/* get the real iface name of wan */
+function snort_get_real_interface($interface) {
+ global $config;
+
+ $lc_interface = strtolower($interface);
+ if (function_exists('get_real_interface'))
+ return get_real_interface($lc_interface);
+ else {
+ if ($lc_interface == "lan") {
+ if ($config['inerfaces']['lan'])
+ return $config['interfaces']['lan']['if'];
+ return $interface;
+ }
+ if ($lc_interface == "wan")
+ return $config['interfaces']['wan']['if'];
+ $ifdescrs = array();
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+ $ifname = "opt{$j}";
+ if(strtolower($ifname) == $lc_interface)
+ return $config['interfaces'][$ifname]['if'];
+ if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface))
+ return $config['interfaces'][$ifname]['if'];
+ }
+ }
+
+ return $interface;
+}
+
+/*
+ this code block is for deleteing logs while keeping the newest file,
+ snort is linked to these files while running, do not take the easy way out
+ by touch and rm, snort will lose sync and not log.
+
+ this code needs to be watched.
+ */
+
+/* list dir files */
+function snort_file_list($snort_log_dir, $snort_log_file)
+{
+ $dir = opendir ("$snort_log_dir");
+ while (false !== ($file = readdir($dir))) {
+ if (strpos($file, "$snort_log_file",1) )
+ $file_list[] = basename($file);
+ }
+ return $file_list;
+}
+
+/* snort dir files */
+function snort_file_sort($snort_file1, $snort_file2)
+{
+ if ($snort_file1 == $snort_file2)
+ return 0;
+
+ return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array
+}
+
+/* build files newest first array */
+function snort_build_order($snort_list)
+{
+ foreach ($snort_list as $value_list)
+ $list_order[] = $value_list;
+
+ return $list_order;
+}
+
+/* keep the newest remove the rest */
+function snort_remove_files($snort_list_rm, $snort_file_safe)
+{
+ foreach ($snort_list_rm as $value_list) {
+ if ($value_list != $snort_file_safe)
+ @unlink("/var/log/snort/$value_list");
+ else
+ file_put_contents("/var/log/snort/$snort_file_safe", "");
+ }
+}
+
+/*
+ * TODO:
+ * This is called by snort_alerts.php.
+ *
+ * This func needs to be made to only clear one interface rule log
+ * at a time.
+ *
+ */
+function post_delete_logs()
+{
+ global $config, $g;
+
+ /* do not start config build if rules is empty */
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+
+ $snort_log_dir = '/var/log/snort';
+
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ $result_lan = $value['interface'];
+ $if_real = snort_get_real_interface($result_lan);
+ $snort_uuid = $value['uuid'];
+
+ if ($if_real != '' && $snort_uuid != '') {
+ if ($value['snortunifiedlog'] == 'on') {
+ $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2.";
+ $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2);
+ if (is_array($snort_list_u2)) {
+ usort($snort_list_u2, "snort_file_sort");
+ $snort_u2_rm_list = snort_build_order($snort_list_u2);
+ snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]);
+ }
+ } else
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*");
+
+ if ($value['tcpdumplog'] == 'on') {
+ $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump.";
+ $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd);
+ if (is_array($snort_list_tcpd)) {
+ usort($snort_list_tcpd, "snort_file_sort");
+ $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd);
+ snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]);
+ }
+ } else
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*");
+
+ /* create barnyard2 configuration file */
+ //if ($value['barnyard_enable'] == 'on')
+ //create_barnyard2_conf($id, $if_real, $snort_uuid);
+
+ if ($value['perform_stat'] == 'on')
+ @file_put_contents("/var/log/snort/snort_{$snort_uuid}_{$if_real}.stats", "");
+ }
+ }
+}
+
+function snort_postinstall()
+{
+ global $config, $g, $snort_pfsense_basever, $snort_arch;
+
+ /* snort -> advanced features */
+ if (is_array($config['installedpackages']['snortglobal'])) {
+ $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize'];
+ $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize'];
+ $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns'];
+ }
+
+ /* cleanup default files */
+ @rename('/usr/local/etc/snort/snort.conf-sample', '/usr/local/etc/snort/snort.conf');
+ @rename('/usr/local/etc/snort/threshold.conf-sample', '/usr/local/etc/snort/threshold.conf');
+ @rename('/usr/local/etc/snort/sid-msg.map-sample', '/usr/local/etc/snort/sid-msg.map');
+ @rename('/usr/local/etc/snort/unicode.map-sample', '/usr/local/etc/snort/unicode.map');
+ @rename('/usr/local/etc/snort/classification.config-sample', '/usr/local/etc/snort/classification.config');
+ @rename('/usr/local/etc/snort/generators-sample', '/usr/local/etc/snort/generators');
+ @rename('/usr/local/etc/snort/reference.config-sample', '/usr/local/etc/snort/reference.config');
+ @rename('/usr/local/etc/snort/gen-msg.map-sample', '/usr/local/etc/snort/gen-msg.map');
+ @unlink('/usr/local/etc/snort/sid');
+ @unlink('/usr/local/etc/rc.d/snort');
+ @unlink('/usr/local/etc/rc.d/bardyard2');
+
+ /* remove example files */
+ if (file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0'))
+ exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*');
+
+ if (file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so'))
+ exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
+
+ /* create a few directories and ensure the sample files are in place */
+ if (!is_dir('/usr/local/etc/snort'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules');
+ if (!is_dir('/usr/local/etc/snort/whitelist'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
+ /* NOTE: the diff between the if check and the exec() extra run is by design */
+ if (!is_dir('/var/log/snort'))
+ exec('/bin/mkdir -p /var/log/snort/run');
+ else
+ exec('/bin/rm -r /var/log/snort/*; /bin/mkdir -p /var/log/snort/run');
+
+ if (!is_dir('/var/log/snort/barnyard2'))
+ exec('/bin/mkdir -p /var/log/snort/barnyard2');
+ if (!is_dir('/usr/local/lib/snort/dynamicrules/'))
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ if (!file_exists('/var/db/whitelist'))
+ touch('/var/db/whitelist');
+
+ /* XXX: These are needed if you run snort as snort user
+ mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true);
+ mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true);
+ mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true);
+ */
+ /* important */
+ mwexec('/bin/chmod 660 /var/db/whitelist', true);
+ mwexec('/bin/chmod -R 660 /usr/local/etc/snort/*', true);
+ mwexec('/bin/chmod -R 660 /tmp/snort*', true);
+ mwexec('/bin/chmod -R 660 /var/run/snort*', true);
+ mwexec('/bin/chmod -R 660 /var/snort/run/*', true);
+ mwexec('/bin/chmod 770 /usr/local/lib/snort', true);
+ mwexec('/bin/chmod 770 /usr/local/etc/snort', true);
+ mwexec('/bin/chmod 770 /usr/local/etc/whitelist', true);
+ mwexec('/bin/chmod 770 /var/log/snort', true);
+ mwexec('/bin/chmod 770 /var/log/snort/run', true);
+ mwexec('/bin/chmod 770 /var/log/snort/barnyard2', true);
+
+ /* move files around, make it look clean */
+ mwexec('/bin/mkdir -p /usr/local/www/snort/css');
+ mwexec('/bin/mkdir -p /usr/local/www/snort/images');
+
+ chdir ("/usr/local/www/snort/css/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/sexybuttons.css');
+ chdir("/usr/local/www/snort/images/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/alert.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-asc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-desc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon_excli.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/arrow_down.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/awesome-overlay-sprite.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo22.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/page_white_text.png');
+
+ /* remake saved settings */
+ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
+ update_status(gettext("Saved settings detected..."));
+ update_output_window(gettext("Please wait... rebuilding files..."));
+ sync_snort_package_config();
+ update_output_window(gettext("Finnished Rebuilding files..."));
+ }
+}
+
+function snort_Getdirsize($node) {
+ if(!is_readable($node))
+ return false;
+
+ $blah = exec( "/usr/bin/du -kd $node" );
+ return substr( $blah, 0, strpos($blah, 9) );
+}
+
+/* func for log dir size limit cron */
+function snort_snortloglimit_install_cron($should_install) {
+ global $config, $g;
+
+ if (!is_array($config['cron']['item']))
+ $config['cron']['item'] = array();
+
+ $x=0;
+ $is_installed = false;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+
+ $cron_item = array();
+ $cron_item['minute'] = "*/5";
+ $cron_item['hour'] = "*";
+ $cron_item['mday'] = "*";
+ $cron_item['month'] = "*";
+ $cron_item['wday'] = "*";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc";
+ $config['cron']['item'][] = $cron_item;
+ }
+ break;
+ case false:
+ if($is_installed == true)
+ unset($config['cron']['item'][$x]);
+ break;
+ }
+}
+
+/* func for updating cron */
+function snort_rm_blocked_install_cron($should_install) {
+ global $config, $g;
+
+ if (!is_array($config['cron']['item']))
+ $config['cron']['item'] = array();
+
+ $x=0;
+ $is_installed = false;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort2c")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "1h_b") {
+ $snort_rm_blocked_min = "*/5";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "3600";
+ }
+ if ($snort_rm_blocked_info_ck == "3h_b") {
+ $snort_rm_blocked_min = "*/15";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "10800";
+ }
+ if ($snort_rm_blocked_info_ck == "6h_b") {
+ $snort_rm_blocked_min = "*/30";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "21600";
+ }
+ if ($snort_rm_blocked_info_ck == "12h_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/1";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "43200";
+ }
+ if ($snort_rm_blocked_info_ck == "1d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/2";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "86400";
+ }
+ if ($snort_rm_blocked_info_ck == "4d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/8";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "345600";
+ }
+ if ($snort_rm_blocked_info_ck == "7d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/14";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "604800";
+ }
+ if ($snort_rm_blocked_info_ck == "28d_b") {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "0";
+ $snort_rm_blocked_mday = "*/2";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "2419200";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rm_blocked_min";
+ $cron_item['hour'] = "$snort_rm_blocked_hr";
+ $cron_item['mday'] = "$snort_rm_blocked_mday";
+ $cron_item['month'] = "$snort_rm_blocked_month";
+ $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ $config['cron']['item'][] = $cron_item;
+ }
+ break;
+ case false:
+ if ($is_installed == true)
+ unset($config['cron']['item'][$x]);
+ break;
+ }
+}
+
+/* func to install snort update */
+function snort_rules_up_install_cron($should_install) {
+ global $config, $g;
+
+ if(!$config['cron']['item'])
+ $config['cron']['item'] = array();
+
+ $x=0;
+ $is_installed = false;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "6h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/6";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "12h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/12";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "1d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/1";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "4d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/4";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "7d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/7";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "28d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/28";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rules_up_min";
+ $cron_item['hour'] = "$snort_rules_up_hr";
+ $cron_item['mday'] = "$snort_rules_up_mday";
+ $cron_item['month'] = "$snort_rules_up_month";
+ $cron_item['wday'] = "$snort_rules_up_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
+ $config['cron']['item'][] = $cron_item;
+ }
+ break;
+ case false:
+ if($is_installed == true)
+ unset($config['cron']['item'][$x]);
+ break;
+ }
+}
+
+/* Only run when all ifaces needed to sync. Expects filesystem rw */
+function sync_snort_package_config()
+{
+ global $config, $g;
+
+ /* RedDevil suggested code */
+ /* TODO: more testing needs to be done */
+ /* may cause voip to fail */
+ //exec("/sbin/sysctl net.bpf.bufsize=8388608");
+ //exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
+ //exec("/sbin/sysctl net.bpf.maxinsns=512");
+ //exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
+
+ conf_mount_rw();
+
+ /* do not start config build if rules is empty */
+ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
+ conf_mount_ro();
+ return;
+ }
+
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
+ $if_real = snort_get_real_interface($value['interface']);
+ $snort_uuid = $value['uuid'];
+
+ if ($if_real != '' && $snort_uuid != '') {
+
+ /* only build whitelist when needed */
+ if ($value['blockoffenders7'] == 'on')
+ create_snort_whitelist($id, $if_real);
+
+ /* only build threshold when needed */
+ if ($value['suppresslistname'] != 'default')
+ create_snort_suppress($id, $if_real);
+
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
+
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
+
+ /* create barnyard2 configuration file */
+ if ($value['barnyard_enable'] == 'on')
+ create_barnyard2_conf($id, $if_real, $snort_uuid);
+ }
+ }
+
+ /* create snort bootup file snort.sh only create once */
+ create_snort_sh();
+
+ /* all new files are for the user snort nologin */
+ if (!is_dir("/var/log/snort/snort_{$if_real}{$snort_uuid}"))
+ exec("/bin/mkdir -p /var/log/snort/snort_{$if_real}{$snort_uuid}");
+
+ if (!is_dir('/var/log/snort/run'))
+ exec('/bin/mkdir -p /var/log/snort/run');
+
+ if (!is_dir("/var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}"))
+ exec("/bin/mkdir -p /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}");
+
+ /* XXX: These are needed if snort is run as snort user
+ mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true);
+ mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true);
+ mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true);
+ mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true);
+ */
+
+ /* important */
+ mwexec('/bin/chmod 770 /var/db/whitelist', true);
+ mwexec('/bin/chmod 770 /var/run/snort*', true);
+ mwexec('/bin/chmod 770 /tmp/snort*', true);
+ mwexec('/bin/chmod -R 770 /var/log/snort', true);
+ mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true);
+ mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true);
+
+ conf_mount_ro();
+}
+
+/* Start of main config files */
+
+/* create threshold file */
+function create_snort_suppress($id, $if_real) {
+ global $config, $g;
+
+ /* make sure dir is there */
+ if (!is_dir('/usr/local/etc/snort/suppress'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/suppress');
+
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') {
+ $whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']);
+
+ /* file name */
+ $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
+
+ /* Message */
+ $s_data = '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n";
+
+ /* user added arguments */
+ $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru']));
+
+ /* open snort's whitelist for writing */
+ @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data);
+ }
+}
+
+function create_snort_whitelist($id, $if_real) {
+ global $config, $g;
+
+ /* make sure dir is there */
+ if (!is_dir('/usr/local/etc/snort/whitelist'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/whitelist');
+
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') {
+
+ $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
+
+ /* open snort's whitelist for writing */
+ @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data);
+
+ } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) {
+ $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']);
+
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ return;
+
+ $whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w];
+ $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'],
+ $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w);
+
+ /* open snort's whitelist for writing */
+ @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data);
+ }
+}
+
+function create_snort_homenet($id, $if_real) {
+ global $config, $g;
+
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '')
+ return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
+ else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'])) {
+ $whitelist_key_h = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['homelistname']);
+
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ return;
+
+ $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype'];
+ $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips'];
+ $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips'];
+ $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips'];
+ $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips'];
+ $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips'];
+
+ return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h);
+ }
+}
+
+function create_snort_externalnet($id, $if_real) {
+ global $config, $g;
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'])) {
+ $whitelist_key_ex = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['externallistname']);
+
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ return;
+
+ $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype'];
+ $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips'];
+ $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips'];
+ $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips'];
+ $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips'];
+ $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips'];
+
+ return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex);
+ }
+}
+
+/* open snort.sh for writing" */
+function create_snort_sh()
+{
+ global $config, $g;
+
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+
+ $snortconf =& $config['installedpackages']['snortglobal']['rule'];
+
+ $snort_sh_text3 = array();
+ $snort_sh_text4 = array();
+
+ /* do not start config build if rules is empty */
+ if (!empty($snortconf)) {
+ foreach ($snortconf as $value) {
+ $snort_uuid = $value['uuid'];
+ $result_lan = $value['interface'];
+ $if_real = snort_get_real_interface($result_lan);
+
+ /* define snortbarnyardlog_chk */
+ $snortbarnyardlog_info_chk = $value['barnyard_enable'];
+ $snortbarnyardlog_mysql_info_chk = $value['barnyard_mysql'];
+
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '')
+ $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q";
+
+ $snort_sh_text3[] = <<<EOE
+
+###### For Each Iface
+
+#### Fake start only used on bootup and Pfsense IP changes
+#### Only try to restart if snort is running on Iface
+if [ "`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`" != "" ]; then
+ snort_pid=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print $1;}'`
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart"
+
+ #### Restart Iface
+ /bin/kill -HUP \${snort_pid}
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
+else
+ # Start snort and barnyard2
+ /bin/echo "snort.sh run" > /tmp/snort.sh.pid
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
+
+ /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ $start_barnyard2
+
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD START For {$snort_uuid}_{$if_real}..."
+fi
+
+EOE;
+
+ $snort_sh_text4[] = <<<EOF
+
+pid_s=`/bin/ps -ax | /usr/bin/grep "R {$snort_uuid}" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'`
+sleep 3
+pid_b=`/bin/ps -ax | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/grep -v grep | /usr/bin/awk '{print \$1;}'`
+if [ \${pid_s} ] ; then
+
+ /bin/echo "snort.sh run" > /tmp/snort.sh.pid
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
+
+ /bin/kill \${pid_s}
+ sleep 3
+ /bin/kill \${pid_b}
+
+ /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid
+fi
+
+EOF;
+ }
+ }
+
+
+ $start_snort_iface_start = implode("\n\n", $snort_sh_text3);
+ $start_snort_iface_stop = implode("\n\n", $snort_sh_text4);
+
+ $snort_sh_text = <<<EOD
+#!/bin/sh
+########
+# This file was automatically generated
+# by the pfSense service handler.
+# Code added to protect from double starts on pfSense bootup
+######## Begining of Main snort.sh
+
+rc_start() {
+
+ /bin/echo "snort.sh run" > /tmp/snort.sh.pid
+ $start_snort_iface_start
+ /bin/rm /tmp/snort.sh.pid
+}
+
+rc_stop() {
+
+ $start_snort_iface_stop
+ /bin/rm /tmp/snort.sh.pid
+ /bin/rm /var/run/snort*
+
+}
+
+case $1 in
+ start)
+ rc_start
+ ;;
+ stop)
+ rc_stop
+ ;;
+ restart)
+ rc_start
+ ;;
+esac
+
+EOD;
+
+ /* write out snort.sh */
+ $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w");
+ if(!$bconf) {
+ log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
+ return;
+ }
+ fwrite($bconf, $snort_sh_text);
+ fclose($bconf);
+ @chmod("/usr/local/etc/rc.d/snort.sh", 0755);
+}
+
+/* if rules exist copy to new interfaces */
+function create_rules_iface($id, $if_real, $snort_uuid)
+{
+ global $config, $g;
+
+ $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}";
+ $folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full';
+
+ if ($folder_chk == "empty") {
+ if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"))
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
+ exec("/bin/cp /usr/local/etc/snort/rules/* {$if_rule_dir}/rules");
+ if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
+ exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules");
+ }
+}
+
+/* open barnyard2.conf for writing */
+function create_barnyard2_conf($id, $if_real, $snort_uuid) {
+ global $config, $g;
+
+ if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
+ exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+
+ if (!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
+ mwexec("/usr/bin/touch /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}/{$snort_uuid}_{$if_real}.waldo", true);
+ /* XXX: This is needed if snort is run as snort user */
+ //mwexec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
+ mwexec("/bin/chmod 770 /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}/{$snort_uuid}_{$if_real}.waldo", true);
+ }
+
+ $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
+
+ /* write out barnyard2_conf */
+ $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w");
+ if(!$bconf) {
+ log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing.");
+ return;
+ }
+ fwrite($bconf, $barnyard2_conf_text);
+ fclose($bconf);
+}
+
+/* open barnyard2.conf for writing" */
+function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
+ global $config, $g;
+
+ /* define snortbarnyardlog */
+ /* TODO: add support for the other 5 output plugins */
+
+ $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
+ $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname");
+ /* user add arguments */
+ $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru']));
+
+ $barnyard2_conf_text = <<<EOD
+
+# barnyard2.conf
+# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
+#
+# set the appropriate paths to the file(s) your Snort process is using
+
+config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
+config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
+config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map
+config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map
+
+config hostname: $snortbarnyardlog_hostname_info_chk
+config interface: {$snort_uuid}_{$if_real}
+config decode_data_link
+config waldo_file: /var/log/snort/barnyard2/snort_{$if_real}{$snort_uuid}/{$snort_uuid}_{$if_real}.waldo
+
+## START user pass through ##
+
+ {$snortbarnyardlog_config_pass_thru}
+
+## END user pass through ##
+
+# Step 2: setup the input plugins
+input unified2
+
+config logdir: /var/log/snort/snort_{$if_real}{$snort_uuid}
+
+# database: log to a variety of databases
+# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
+
+ $snortbarnyardlog_database_info_chk
+
+EOD;
+
+ return $barnyard2_conf_text;
+}
+
+function create_snort_conf($id, $if_real, $snort_uuid)
+{
+ global $config, $g;
+
+ if (!empty($if_real)&& !empty($snort_uuid)) {
+ if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) {
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
+ }
+
+ $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid);
+ if (empty($snort_conf_text))
+ return;
+
+ /* write out snort.conf */
+ $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
+ if(!$conf) {
+ log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
+ return -1;
+ }
+ fwrite($conf, $snort_conf_text);
+ fclose($conf);
+ }
+}
+
+function snort_deinstall() {
+ global $config, $g;
+
+ /* remove custom sysctl */
+ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
+
+ /* decrease bpf buffers back to 4096, from 20480 */
+ exec('/sbin/sysctl net.bpf.bufsize=4096');
+ mwexec('/usr/bin/killall snort', true);
+ sleep(2);
+ mwexec('/usr/bin/killall -9 snort', true);
+ sleep(2);
+ mwexec('/usr/bin/killall barnyard2', true);
+ sleep(2);
+ mwexec('/usr/bin/killall -9 barnyard2', true);
+ sleep(2);
+ mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true);
+ mwexec('/bin/rm -rf /usr/local/etc/snort*; /bin/rm -rf /usr/local/pkg/snort*', true);
+ mwexec('/bin/rm -r /usr/local/bin/barnyard2', true);
+ mwexec('/bin/rm -rf /usr/local/www/snort; /bin/rm -rf /var/log/snort; /bin/rm -rf /usr/local/lib/snort', true);
+
+ /* Remove snort cron entries Ugly code needs smoothness*/
+ if (!function_exists('snort_deinstall_cron')) {
+ function snort_deinstall_cron($crontask) {
+ global $config, $g;
+
+ if(!is_array($config['cron']['item']))
+ return;
+
+ $x=0;
+ $is_installed = false;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], $crontask)) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ if ($is_installed == true)
+ unset($config['cron']['item'][$x]);
+ }
+ }
+
+ snort_deinstall_cron("snort2c");
+ snort_deinstall_cron("snort_check_for_rule_updates.php");
+ snort_deinstall_cron("/usr/local/pkg/snort/snort_check_cron_misc.inc");
+ configure_cron();
+
+ /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
+ /* Keep this as a last step */
+ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on')
+ unset($config['installedpackages']['snortglobal']);
+}
+
+function generate_snort_conf($id, $if_real, $snort_uuid)
+{
+ global $config, $g, $snort_pfsense_basever;
+
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
+
+ $snortcfg =& $config['installedpackages']['snortglobal']['rule'][$id];
+
+ /* custom home nets */
+ $home_net = create_snort_homenet($id, $if_real);
+
+ if ($snortcfg['externallistname'] == 'default')
+ $external_net = '!$HOME_NET';
+ else
+ $external_net = create_snort_externalnet($id, $if_real);
+
+ /* obtain external interface */
+ /* XXX: make multi wan friendly */
+ $snort_ext_int = $snortcfg['interface'];
+
+ /* user added arguments */
+ $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru']));
+
+ /* create basic files */
+ if (!is_dir("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+
+ exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
+ exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
+ exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
+ exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
+ exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+
+ if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"))
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
+
+ /* define basic log filename */
+ $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128";
+
+ /* define snortalertlogtype */
+ if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast")
+ $snortalertlogtype_type = "output alert_fast: alert_{$snort_uuid}";
+ else
+ $snortalertlogtype_type = "output alert_full: alert_{$snort_uuid}";
+
+ /* define alertsystemlog */
+ $alertsystemlog_type = "";
+ if ($snortcfg['alertsystemlog'] == "on")
+ $alertsystemlog_type = "output alert_syslog: log_alert";
+
+ /* define tcpdumplog */
+ $tcpdumplog_type = "";
+ if ($snortcfg['tcpdumplog'] == "on")
+ $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump";
+
+ /* define snortunifiedlog */
+ $snortunifiedlog_type = "";
+ if ($snortcfg['snortunifiedlog'] == "on")
+ $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
+
+ /* define spoink */
+ $spoink_type = "";
+ if ($snortcfg['blockoffenders7'] == "on") {
+ if ($snortcfg['whitelistname'] == "default")
+ $spoink_whitelist_name = 'defaultwlist';
+ else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}"))
+ $spoink_whitelist_name = $snortcfg['whitelistname'];
+
+ $pfkill = "";
+ if ($snortcfg['blockoffenderskill'] == "on")
+ $pfkill = "kill";
+
+ $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}";
+ }
+
+ /* define threshold file */
+ $threshold_file_name = "";
+ if ($snortcfg['suppresslistname'] != 'default') {
+ if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}"))
+ $threshold_file_name = "include /usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}";
+ }
+
+ /* define servers and ports snortdefservers */
+ /* def DNS_SERVSERS */
+ $def_dns_servers_info_chk = $snortcfg['def_dns_servers'];
+ if ($def_dns_servers_info_chk == "")
+ $def_dns_servers_type = "\$HOME_NET";
+ else
+ $def_dns_servers_type = "$def_dns_servers_info_chk";
+
+ /* def DNS_PORTS */
+ $def_dns_ports_info_chk = $snortcfg['def_dns_ports'];
+ if ($def_dns_ports_info_chk == "")
+ $def_dns_ports_type = "53";
+ else
+ $def_dns_ports_type = "$def_dns_ports_info_chk";
+
+ /* def SMTP_SERVSERS */
+ $def_smtp_servers_info_chk = $snortcfg['def_smtp_servers'];
+ if ($def_smtp_servers_info_chk == "")
+ $def_smtp_servers_type = "\$HOME_NET";
+ else
+ $def_smtp_servers_type = "$def_smtp_servers_info_chk";
+
+ /* def SMTP_PORTS */
+ $def_smtp_ports_info_chk = $snortcfg['def_smtp_ports'];
+ if ($def_smtp_ports_info_chk == "")
+ $def_smtp_ports_type = "25";
+ else
+ $def_smtp_ports_type = "$def_smtp_ports_info_chk";
+
+ /* def MAIL_PORTS */
+ $def_mail_ports_info_chk = $snortcfg['def_mail_ports'];
+ if ($def_mail_ports_info_chk == "")
+ $def_mail_ports_type = "25,143,465,691";
+ else
+ $def_mail_ports_type = "$def_mail_ports_info_chk";
+
+ /* def HTTP_SERVSERS */
+ $def_http_servers_info_chk = $snortcfg['def_http_servers'];
+ if ($def_http_servers_info_chk == "")
+ $def_http_servers_type = "\$HOME_NET";
+ else
+ $def_http_servers_type = "$def_http_servers_info_chk";
+
+ /* def WWW_SERVSERS */
+ $def_www_servers_info_chk = $snortcfg['def_www_servers'];
+ if ($def_www_servers_info_chk == "")
+ $def_www_servers_type = "\$HOME_NET";
+ else
+ $def_www_servers_type = "$def_www_servers_info_chk";
+
+ /* def HTTP_PORTS */
+ $def_http_ports_info_chk = $snortcfg['def_http_ports'];
+ if ($def_http_ports_info_chk == "")
+ $def_http_ports_type = "80";
+ else
+ $def_http_ports_type = "$def_http_ports_info_chk";
+
+ /* def SQL_SERVSERS */
+ $def_sql_servers_info_chk = $snortcfg['def_sql_servers'];
+ if ($def_sql_servers_info_chk == "")
+ $def_sql_servers_type = "\$HOME_NET";
+ else
+ $def_sql_servers_type = "$def_sql_servers_info_chk";
+
+ /* def ORACLE_PORTS */
+ $def_oracle_ports_info_chk = $snortcfg['def_oracle_ports'];
+ if ($def_oracle_ports_info_chk == "")
+ $def_oracle_ports_type = "1521";
+ else
+ $def_oracle_ports_type = "$def_oracle_ports_info_chk";
+
+ /* def MSSQL_PORTS */
+ $def_mssql_ports_info_chk = $snortcfg['def_mssql_ports'];
+ if ($def_mssql_ports_info_chk == "")
+ $def_mssql_ports_type = "1433";
+ else
+ $def_mssql_ports_type = "$def_mssql_ports_info_chk";
+
+ /* def TELNET_SERVSERS */
+ $def_telnet_servers_info_chk = $snortcfg['def_telnet_servers'];
+ if ($def_telnet_servers_info_chk == "")
+ $def_telnet_servers_type = "\$HOME_NET";
+ else
+ $def_telnet_servers_type = "$def_telnet_servers_info_chk";
+
+ /* def TELNET_PORTS */
+ $def_telnet_ports_info_chk = $snortcfg['def_telnet_ports'];
+ if ($def_telnet_ports_info_chk == "")
+ $def_telnet_ports_type = "23";
+ else
+ $def_telnet_ports_type = "$def_telnet_ports_info_chk";
+
+ /* def SNMP_SERVSERS */
+ $def_snmp_servers_info_chk = $snortcfg['def_snmp_servers'];
+ if ($def_snmp_servers_info_chk == "")
+ $def_snmp_servers_type = "\$HOME_NET";
+ else
+ $def_snmp_servers_type = "$def_snmp_servers_info_chk";
+
+ /* def SNMP_PORTS */
+ $def_snmp_ports_info_chk = $snortcfg['def_snmp_ports'];
+ if ($def_snmp_ports_info_chk == "")
+ $def_snmp_ports_type = "161";
+ else
+ $def_snmp_ports_type = "$def_snmp_ports_info_chk";
+
+ /* def FTP_SERVSERS */
+ $def_ftp_servers_info_chk = $snortcfg['def_ftp_servers'];
+ if ($def_ftp_servers_info_chk == "")
+ $def_ftp_servers_type = "\$HOME_NET";
+ else
+ $def_ftp_servers_type = "$def_ftp_servers_info_chk";
+
+ /* def FTP_PORTS */
+ $def_ftp_ports_info_chk = $snortcfg['def_ftp_ports'];
+ if ($def_ftp_ports_info_chk == "")
+ $def_ftp_ports_type = "21";
+ else
+ $def_ftp_ports_type = "$def_ftp_ports_info_chk";
+
+ /* def SSH_SERVSERS */
+ $def_ssh_servers_info_chk = $snortcfg['def_ssh_servers'];
+ if ($def_ssh_servers_info_chk == "")
+ $def_ssh_servers_type = "\$HOME_NET";
+ else
+ $def_ssh_servers_type = "$def_ssh_servers_info_chk";
+
+ /* if user has defined a custom ssh port, use it */
+ if(isset($config['system']['ssh']['port']))
+ $ssh_port = $config['system']['ssh']['port'];
+ else
+ $ssh_port = "22";
+
+ /* def SSH_PORTS */
+ $def_ssh_ports_info_chk = $snortcfg['def_ssh_ports'];
+ if ($def_ssh_ports_info_chk == "")
+ $def_ssh_ports_type = "{$ssh_port}";
+ else
+ $def_ssh_ports_type = "$def_ssh_ports_info_chk";
+
+ /* def POP_SERVSERS */
+ $def_pop_servers_info_chk = $snortcfg['def_pop_servers'];
+ if ($def_pop_servers_info_chk == "")
+ $def_pop_servers_type = "\$HOME_NET";
+ else
+ $def_pop_servers_type = "$def_pop_servers_info_chk";
+
+ /* def POP2_PORTS */
+ $def_pop2_ports_info_chk = $snortcfg['def_pop2_ports'];
+ if ($def_pop2_ports_info_chk == "")
+ $def_pop2_ports_type = "109";
+ else
+ $def_pop2_ports_type = "$def_pop2_ports_info_chk";
+
+ /* def POP3_PORTS */
+ $def_pop3_ports_info_chk = $snortcfg['def_pop3_ports'];
+ if ($def_pop3_ports_info_chk == "")
+ $def_pop3_ports_type = "110";
+ else
+ $def_pop3_ports_type = "$def_pop3_ports_info_chk";
+
+ /* def IMAP_SERVSERS */
+ $def_imap_servers_info_chk = $snortcfg['def_imap_servers'];
+ if ($def_imap_servers_info_chk == "")
+ $def_imap_servers_type = "\$HOME_NET";
+ else
+ $def_imap_servers_type = "$def_imap_servers_info_chk";
+
+ /* def IMAP_PORTS */
+ $def_imap_ports_info_chk = $snortcfg['def_imap_ports'];
+ if ($def_imap_ports_info_chk == "")
+ $def_imap_ports_type = "143";
+ else
+ $def_imap_ports_type = "$def_imap_ports_info_chk";
+
+ /* def SIP_PROXY_IP */
+ $def_sip_proxy_ip_info_chk = $snortcfg['def_sip_proxy_ip'];
+ if ($def_sip_proxy_ip_info_chk == "")
+ $def_sip_proxy_ip_type = "\$HOME_NET";
+ else
+ $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
+
+ /* def SIP_PROXY_PORTS */
+ $def_sip_proxy_ports_info_chk = $snortcfg['def_sip_proxy_ports'];
+ if ($def_sip_proxy_ports_info_chk == "")
+ $def_sip_proxy_ports_type = "5060:5090,16384:32768";
+ else
+ $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
+
+ /* def SIP_SERVERS */
+ $def_sip_servers_info_chk = $snortcfg['def_sip_servers'];
+ if ($def_sip_servers_info_chk == "")
+ $def_sip_servers_type = "\$HOME_NET";
+ else
+ $def_sip_servers_type = "$def_sip_servers_info_chk";
+
+ /* def SIP_PORTS */
+ $def_sip_ports_info_chk = $snortcfg['def_sip_ports'];
+ if ($def_sip_ports_info_chk == "")
+ $def_sip_ports_type = "5060:5090,16384:32768";
+ else
+ $def_sip_ports_type = "$def_sip_ports_info_chk";
+
+ /* def AUTH_PORTS */
+ $def_auth_ports_info_chk = $snortcfg['def_auth_ports'];
+ if ($def_auth_ports_info_chk == "")
+ $def_auth_ports_type = "113";
+ else
+ $def_auth_ports_type = "$def_auth_ports_info_chk";
+
+ /* def FINGER_PORTS */
+ $def_finger_ports_info_chk = $snortcfg['def_finger_ports'];
+ if ($def_finger_ports_info_chk == "")
+ $def_finger_ports_type = "79";
+ else
+ $def_finger_ports_type = "$def_finger_ports_info_chk";
+
+ /* def IRC_PORTS */
+ $def_irc_ports_info_chk = $snortcfg['def_irc_ports'];
+ if ($def_irc_ports_info_chk == "")
+ $def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
+ else
+ $def_irc_ports_type = "$def_irc_ports_info_chk";
+
+ /* def NNTP_PORTS */
+ $def_nntp_ports_info_chk = $snortcfg['def_nntp_ports'];
+ if ($def_nntp_ports_info_chk == "")
+ $def_nntp_ports_type = "119";
+ else
+ $def_nntp_ports_type = "$def_nntp_ports_info_chk";
+
+ /* def RLOGIN_PORTS */
+ $def_rlogin_ports_info_chk = $snortcfg['def_rlogin_ports'];
+ if ($def_rlogin_ports_info_chk == "")
+ $def_rlogin_ports_type = "513";
+ else
+ $def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
+
+ /* def RSH_PORTS */
+ $def_rsh_ports_info_chk = $snortcfg['def_rsh_ports'];
+ if ($def_rsh_ports_info_chk == "")
+ $def_rsh_ports_type = "514";
+ else
+ $def_rsh_ports_type = "$def_rsh_ports_info_chk";
+
+ /* def SSL_PORTS */
+ $def_ssl_ports_info_chk = $snortcfg['def_ssl_ports'];
+ if ($def_ssl_ports_info_chk == "")
+ $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995";
+ else
+ $def_ssl_ports_type = "$def_ssl_ports_info_chk";
+
+ /* if user is on pppoe, we really want to use ng0 interface */
+ if ($snort_pfsense_basever == 'yes' && $snort_ext_int == "wan")
+ $snort_ext_int = get_real_wan_interface();
+
+ /* set the snort performance model */
+ if($snortcfg['performance'])
+ $snort_performance = $snortcfg['performance'];
+ else
+ $snort_performance = "ac-bnfa";
+
+
+ /* generate rule sections to load */
+ $enabled_rulesets = $snortcfg['rulesets'];
+ $selected_rules_sections = "";
+ if (!empty($enabled_rulesets)) {
+ $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+ foreach($enabled_rulesets_array as $enabled_item)
+ $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
+ }
+
+ /////////////////////////////
+
+ /* preprocessor code */
+
+ /* def perform_stat */
+ $snort_perform_stat = <<<EOD
+
+##########################
+ #
+# NEW #
+# Performance Statistics #
+ #
+##########################
+
+preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$if_real}{$snort_uuid}/snort_{$snort_uuid}_{$if_real}.stats pktcnt 10000
+
+EOD;
+
+ $def_perform_stat_info_chk = $snortcfg['perform_stat'];
+ if ($def_perform_stat_info_chk == "on")
+ $def_perform_stat_type = "$snort_perform_stat";
+ else
+ $def_perform_stat_type = "";
+
+ $def_flow_depth_info_chk = $snortcfg['flow_depth'];
+ if (empty($def_flow_depth_info_chk))
+ $def_flow_depth_type = '0';
+ else
+ $def_flow_depth_type = $snortcfg['flow_depth'];
+
+ /* def http_inspect */
+ $snort_http_inspect = <<<EOD
+
+#################
+ #
+# HTTP Inspect #
+ #
+#################
+
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
+
+# TODO: pfsense GUI needed for ports
+preprocessor http_inspect_server: server default \
+ http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \
+ ports { 80 8080 } \
+ non_strict \
+ non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
+ flow_depth {$def_flow_depth_type} \
+ apache_whitespace no \
+ directory no \
+ iis_backslash no \
+ u_encode yes \
+ extended_response_inspection \
+ inspect_gzip \
+ normalize_utf \
+ unlimited_decompress \
+ ascii no \
+ chunk_length 500000 \
+ bare_byte yes \
+ double_decode yes \
+ iis_unicode no \
+ iis_delimiter no \
+ multi_slash no \
+ server_flow_depth 0 \
+ client_flow_depth 0 \
+ post_depth 65495 \
+ oversize_dir_length 500 \
+ max_header_length 750 \
+ max_headers 100 \
+ max_spaces 0 \
+ small_chunk_length { 10 5 } \
+ enable_cookie \
+ normalize_javascript \
+ utf_8 no \
+ webroot no
+
+EOD;
+
+ $def_http_inspect_info_chk = $snortcfg['http_inspect'];
+ if ($def_http_inspect_info_chk == "on")
+ $def_http_inspect_type = "$snort_http_inspect";
+ else
+ $def_http_inspect_type = "";
+
+ /* def other_preprocs */
+ $snort_other_preprocs = <<<EOD
+
+##################
+ #
+# Other preprocs #
+ #
+##################
+
+preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
+preprocessor bo
+
+EOD;
+
+ $def_other_preprocs_info_chk = $snortcfg['other_preprocs'];
+ if ($def_other_preprocs_info_chk == "on")
+ $def_other_preprocs_type = "$snort_other_preprocs";
+ else
+ $def_other_preprocs_type = "";
+
+ /* def ftp_preprocessor */
+ $snort_ftp_preprocessor = <<<EOD
+
+#####################
+ #
+# ftp preprocessor #
+ #
+#####################
+
+preprocessor ftp_telnet: global \
+ inspection_type stateful \
+ encrypted_traffic no
+
+preprocessor ftp_telnet_protocol: telnet \
+ normalize \
+ ayt_attack_thresh 200 \
+ detect_anomalies
+
+preprocessor ftp_telnet_protocol: \
+ ftp server default \
+ def_max_param_len 100 \
+ # TODO add pfsense GUI
+ ports { 21 } \
+ telnet_cmds yes \
+ ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
+ ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
+ ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
+ ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \
+ ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
+ ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
+ ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
+ ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
+ ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
+ ftp_cmds { XSEN XSHA1 XSHA256 } \
+ alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
+ alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
+ alt_max_param_len 256 { CWD RNTO } \
+ alt_max_param_len 400 { PORT } \
+ alt_max_param_len 512 { SIZE } \
+ chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
+ chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
+ chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
+ chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
+ chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
+ chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
+ chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \
+ chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
+ cmd_validity MACB < string > \
+ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity PORT < host_port > \
+ cmd_validity PROT < char CSEP > \
+ cmd_validity STRU < char FRPO [ string ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
+
+preprocessor ftp_telnet_protocol: ftp client default \
+ max_resp_len 256 \
+ bounce yes \
+ telnet_cmds yes
+
+EOD;
+
+ $def_ftp_preprocessor_info_chk = $snortcfg['ftp_preprocessor'];
+ if ($def_ftp_preprocessor_info_chk == "on")
+ $def_ftp_preprocessor_type = "$snort_ftp_preprocessor";
+ else
+ $def_ftp_preprocessor_type = "";
+
+ /* def smtp_preprocessor */
+ $snort_smtp_preprocessor = <<<EOD
+
+#####################
+ #
+# SMTP preprocessor #
+ #
+#####################
+
+# TODO add pfsense GUI
+preprocessor SMTP: ports { 25 465 691 } \
+ inspection_type stateful \
+ b64_decode_depth 0 \
+ qp_decode_depth 0 \
+ bitenc_decode_depth 0 \
+ uu_decode_depth 0 \
+ log_mailfrom \
+ log_rcptto \
+ log_filename \
+ log_email_hdrs \
+ normalize cmds \
+ normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \
+ normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
+ normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
+ normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
+ max_command_line_len 512 \
+ max_header_line_len 1000 \
+ max_response_line_len 512 \
+ alt_max_command_line_len 260 { MAIL } \
+ alt_max_command_line_len 300 { RCPT } \
+ alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
+ alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
+ alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
+ valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \
+ valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
+ valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
+ valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
+ xlink2state { enabled }
+
+EOD;
+
+ $def_smtp_preprocessor_info_chk = $snortcfg['smtp_preprocessor'];
+ if ($def_smtp_preprocessor_info_chk == "on")
+ $def_smtp_preprocessor_type = "$snort_smtp_preprocessor";
+ else
+ $def_smtp_preprocessor_type = "";
+
+ /* def sf_portscan */
+ $snort_sf_portscan = <<<EOD
+
+################
+ #
+# sf Portscan #
+ #
+################
+
+preprocessor sfportscan: scan_type { all } \
+ proto { all } \
+ memcap { 10000000 } \
+ sense_level { medium } \
+ ignore_scanners { \$HOME_NET }
+
+EOD;
+
+ $def_sf_portscan_info_chk = $snortcfg['sf_portscan'];
+ if ($def_sf_portscan_info_chk == "on")
+ $def_sf_portscan_type = "$snort_sf_portscan";
+ else
+ $def_sf_portscan_type = "";
+
+ /* def dce_rpc_2 */
+ $snort_dce_rpc_2 = <<<EOD
+
+###############
+ #
+# NEW #
+# DCE/RPC 2 #
+ #
+###############
+
+preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
+preprocessor dcerpc2_server: default, policy WinXP, \
+ detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
+ autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
+ smb_max_chain 3, \
+ smb_invalid_shares ["C$", "D$", "ADMIN$"]
+
+EOD;
+
+ $def_dce_rpc_2_info_chk = $snortcfg['dce_rpc_2'];
+ if ($def_dce_rpc_2_info_chk == "on")
+ $def_dce_rpc_2_type = "$snort_dce_rpc_2";
+ else
+ $def_dce_rpc_2_type = "";
+
+ /* def dns_preprocessor */
+ $snort_dns_preprocessor = <<<EOD
+
+####################
+ #
+# DNS preprocessor #
+ #
+####################
+
+# TODO add pfsense GUI
+preprocessor dns: \
+ ports { 53 } \
+ enable_rdata_overflow
+
+EOD;
+
+ $def_dns_preprocessor_info_chk = $snortcfg['dns_preprocessor'];
+ if ($def_dns_preprocessor_info_chk == "on")
+ $def_dns_preprocessor_type = "$snort_dns_preprocessor";
+ else
+ $def_dns_preprocessor_type = "";
+
+ /* def SSL_PORTS IGNORE */
+ $def_ssl_ports_ignore_info_chk = $snortcfg['def_ssl_ports_ignore'];
+ if ($def_ssl_ports_ignore_info_chk == "")
+ $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995";
+ else
+ $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk";
+
+ /* stream5 queued settings */
+
+
+ $def_max_queued_bytes_info_chk = $snortcfg['max_queued_bytes'];
+ if ($def_max_queued_bytes_info_chk == '')
+ $def_max_queued_bytes_type = '';
+ else
+ $def_max_queued_bytes_type = ' max_queued_bytes ' . $snortcfg['max_queued_bytes'] . ',';
+
+ $def_max_queued_segs_info_chk = $snortcfg['max_queued_segs'];
+ if ($def_max_queued_segs_info_chk == '')
+ $def_max_queued_segs_type = '';
+ else
+ $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ',';
+
+ $snort_preprocessor_decoder_rules = "";
+ if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules"))
+ $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
+ if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules"))
+ $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
+
+ /* build snort configuration file */
+ $snort_conf_text = <<<EOD
+
+##############################################################################
+# #
+# snort configuration file generated by the pfSense package manager system #
+# see /usr/local/pkg/snort.inc # #
+# for snort ver. 2.9.2.3 #
+# more information Snort can be found at http://www.snort.org/ #
+# #
+##############################################################################
+
+#########################
+ #
+# Define Local Network #
+ #
+#########################
+
+# TODO: bug, auto gen is adding extra 127.0.0.1
+ipvar HOME_NET {$home_net}
+ipvar EXTERNAL_NET {$external_net}
+
+###################
+ #
+# Define Servers #
+ #
+###################
+
+ipvar DNS_SERVERS [{$def_dns_servers_type}]
+ipvar SMTP_SERVERS [{$def_smtp_servers_type}]
+ipvar HTTP_SERVERS [{$def_http_servers_type}]
+ipvar SQL_SERVERS [{$def_sql_servers_type}]
+ipvar TELNET_SERVERS [{$def_telnet_servers_type}]
+ipvar FTP_SERVERS [{$def_ftp_servers_type}]
+ipvar SSH_SERVERS [{$def_ssh_servers_type}]
+ipvar SIP_PROXY_IP [{$def_sip_proxy_ip_type}]
+ipvar SIP_SERVERS [{$def_sip_servers_type}]
+ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
+# def below may have been removed
+ipvar POP_SERVERS [{$def_pop_servers_type}]
+ipvar IMAP_SERVERS [{$def_imap_servers_type}]
+ipvar RPC_SERVERS [\$HOME_NET]
+ipvar WWW_SERVERS [{$def_www_servers_type}]
+ipvar SNMP_SERVERS [{$def_snmp_servers_type}]
+
+
+########################
+ #
+# Define Server Ports #
+ #
+########################
+
+portvar HTTP_PORTS [{$def_http_ports_type}]
+portvar SHELLCODE_PORTS !80
+portvar ORACLE_PORTS [{$def_oracle_ports_type}]
+portvar FTP_PORTS [{$def_ftp_ports_type}]
+portvar SSH_PORTS [{$def_ssh_ports_type}]
+portvar SIP_PORTS [{$def_sip_ports_type}]
+### Below ports need new gui ###
+portvar FILE_DATA_PORTS [\$HTTP_PORTS,110,143]
+portvar GTP_PORTS [2123,2152,3386]
+portvar MODBUS_PORTS [502]
+portvar DNP3_PORTS [20000]
+# These ports may have been removed left here so no custom rules break
+portvar AUTH_PORTS [{$def_auth_ports_type}]
+portvar DNS_PORTS [{$def_dns_ports_type}]
+portvar FINGER_PORTS [{$def_finger_ports_type}]
+portvar IMAP_PORTS [{$def_imap_ports_type}]
+portvar IRC_PORTS [{$def_irc_ports_type}]
+portvar MSSQL_PORTS [{$def_mssql_ports_type}]
+portvar NNTP_PORTS [{$def_nntp_ports_type}]
+portvar POP2_PORTS [{$def_pop2_ports_type}]
+portvar POP3_PORTS [{$def_pop3_ports_type}]
+portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779]
+portvar RLOGIN_PORTS [{$def_rlogin_ports_type}]
+portvar RSH_PORTS [{$def_rsh_ports_type}]
+portvar SMB_PORTS [139,445]
+portvar SMTP_PORTS [{$def_smtp_ports_type}]
+portvar SNMP_PORTS [{$def_snmp_ports_type}]
+portvar TELNET_PORTS [{$def_telnet_ports_type}]
+portvar MAIL_PORTS [{$def_mail_ports_type}]
+portvar SSL_PORTS [{$def_sip_proxy_ports_type}]
+portvar SIP_PROXY_PORTS [{$def_sip_ports_type}]
+
+# These ports may have been removed left here so no custom rules break
+# DCERPC NCACN-IP-TCP
+portvar DCERPC_NCACN_IP_TCP [139,445]
+portvar DCERPC_NCADG_IP_UDP [138,1024:]
+portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:]
+portvar DCERPC_NCACN_UDP_LONG [135,1024:]
+portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:]
+portvar DCERPC_NCACN_TCP [2103,2105,2107]
+portvar DCERPC_BRIGHTSTORE [6503,6504]
+
+
+#####################
+ #
+# Define Rule Paths #
+ #
+#####################
+
+var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules
+var PREPROC_RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/preproc_rules
+var SO_RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/so_rules
+
+#############################################################
+# #
+# reputation preprocessor, ALWAYS USE FULL PATHS, BUG 89986 #
+# #
+#############################################################
+
+#var WHITE_LIST_PATH ../rules
+#var BLACK_LIST_PATH ../rules
+
+################################
+ #
+# Configure the snort decoder #
+ #
+################################
+
+config checksum_mode: all
+config disable_decode_alerts
+config disable_tcpopt_experimental_alerts
+config disable_tcpopt_obsolete_alerts
+config disable_ttcp_alerts
+config disable_tcpopt_alerts
+config disable_tcpopt_ttcp_alerts
+config disable_ipopt_alerts
+config disable_decode_drops
+
+################ The following is for inline mode tunning ################
+
+# config enable_decode_oversized_alerts
+# config enable_decode_oversized_drops
+# config flowbits_size: 64
+
+#### make sure I enable gui for this ##########
+# config ignore_ports: tcp 21 6667:6671 1356 #
+# config ignore_ports: udp 1:17 53 #
+###############################################
+
+# Configure active response for non inline
+# config response: eth0 attempts 2
+
+# Configure DAQ related options for inline mode
+#
+# config daq: <type>
+# config daq_dir: <dir>
+# config daq_mode: <mode>
+# config daq_var: <var>
+#
+# <type> ::= pcap | afpacket | dump | nfq | ipq | ipfw
+# <mode> ::= read-file | passive | inline
+# <var> ::= arbitrary <name>=<value passed to DAQ
+# <dir> ::= path as to where to look for DAQ module so's
+
+## gui needed for pfsense ##
+# config daq: afpacket
+
+#############################################################
+
+########################################
+# Configure specific UID and GID
+# to run snort as after dropping privs
+#
+# config set_gid:
+# config set_uid:
+########################################
+
+########################################
+#
+# Configure default snaplen. Snort
+# defaults to MTU of in use interface
+#
+# config snaplen:
+#
+# TODO: gui needed for pfsense
+#
+########################################
+
+################################################################
+#
+# Configure default bpf_file to use for filtering what traffic
+# reaches snort. options (-F)
+#
+# config bpf_file:
+#
+# TODO: gui needed for pfsense
+#
+###############################################################
+
+#####################################################################
+#
+# Configure default log directory for snort to log to. options (-l)
+#
+# config logdir:
+#
+#####################################################################
+
+###################################
+ #
+# Configure the detection engine #
+# Use lower memory models #
+ #
+###################################
+
+# TODO: gui needed for pfsense
+# Configure PCRE match limitations
+config pcre_match_limit: 3500
+config pcre_match_limit_recursion: 1500
+
+#############################################################################
+# #
+# Configure the detection engine #
+# Use lower memory models for pfsense #
+# #
+# #
+# Notes #
+# #
+# ac, ac-q, ac-bnfa, ac-bnfa-q, lowmem, lowmem-q #
+# ac-split shorthand for search-method ac, split-any-any, intel-cpm,ac-nq, #
+# ac-bnfa-nq This is the default search method if none is specified. #
+# lowmem-nq, ac-std, acs, ac-banded, ac-sparsebands #
+# #
+#############################################################################
+
+config detection: search-method {$snort_performance} search-optimize max-pattern-len 20
+config event_queue: max_queue 8 log 3 order_events content_length
+
+###################################################
+# Configure GTP if it is to be used
+####################################################
+
+# TODO: gui needed for pfsense
+# config enable_gtp
+
+###################################################
+# Per packet and rule latency enforcement, README.ppm
+###################################################
+
+# Per Packet latency configuration
+#config ppm: max-pkt-time 250, \
+# fastpath-expensive-packets, \
+# pkt-log
+
+# Per Rule latency configuration
+#config ppm: max-rule-time 200, \
+# threshold 3, \
+# suspend-expensive-rules, \
+# suspend-timeout 20, \
+# rule-log alert
+
+###################################################
+# Configure Perf Profiling for debugging, README.PerfProfiling
+###################################################
+
+#config profile_rules: print all, sort avg_ticks
+#config profile_preprocs: print all, sort avg_ticks
+
+###################################################
+# Configure protocol aware flushing. README.stream5
+###################################################
+config paf_max: 16000
+
+##################################################
+# Configure dynamic loaded libraries
+##################################################
+
+dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor
+dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
+dynamicdetection directory /usr/local/lib/snort/dynamicrules
+
+###################
+ #
+# Flow and stream #
+ #
+###################
+
+# TODO: gui needed for pfsense
+# GTP Control Channle Preprocessor, README.GTP
+preprocessor gtp: ports { 2123 3386 2152 }
+
+####################################################
+# Inline packet normalization, README.normalize
+# Does nothing in IDS mode
+#
+# preprocessor normalize_ip4
+# preprocessor normalize_tcp: ips ecn stream
+# preprocessor normalize_icmp4
+# preprocessor normalize_ip6
+# preprocessor normalize_icmp6
+####################################################
+
+# this tuning ,may need testing
+preprocessor frag3_global: max_frags 65536
+preprocessor frag3_engine: policy bsd detect_anomalies
+
+preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp yes, max_tcp 262144, max_udp 131072, max_active_responses 2, min_response_seconds 5
+
+preprocessor stream5_tcp: policy BSD, ports both all, timeout 180, {$def_max_queued_bytes_type}{$def_max_queued_segs_type}
+preprocessor stream5_udp: timeout 180
+preprocessor stream5_icmp:
+
+ {$def_perform_stat_type}
+
+ {$def_http_inspect_type}
+
+ {$def_other_preprocs_type}
+
+ {$def_ftp_preprocessor_type}
+
+ {$def_smtp_preprocessor_type}
+
+ {$def_sf_portscan_type}
+
+########################
+ #
+# ARP spoof detection. #
+ #
+########################
+
+# preprocessor arpspoof
+# preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
+
+##########################
+ #
+# SSH anomaly detection #
+ #
+##########################
+
+preprocessor ssh: server_ports { 22 } \
+ autodetect \
+ max_client_bytes 19600 \
+ max_encrypted_packets 20 \
+ max_server_version_len 100 \
+ enable_respoverflow enable_ssh1crc32 \
+ enable_srvoverflow enable_protomismatch
+
+
+ {$def_dce_rpc_2_type}
+
+ {$def_dns_preprocessor_type}
+
+##############################
+ #
+# NEW #
+# Ignore SSL and Encryption #
+ #
+##############################
+
+preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted
+
+
+###########################################################
+ #
+# SDF sensitive data preprocessor, README.sensitive_data #
+ #
+###########################################################
+
+# TODO: add pfsense GUI
+preprocessor sensitive_data: alert_threshold 20
+
+#############################################################
+ #
+# SIP Session Initiation Protocol preprocessor, README.sip #
+ #
+#############################################################
+
+# TODO: add pfsense GUI
+preprocessor sip: max_sessions 40000, \
+ ports { 5060 5061 5600 }, \
+ methods { invite \
+ cancel \
+ ack \
+ bye \
+ register \
+ options \
+ refer \
+ subscribe \
+ update \
+ join \
+ info \
+ message \
+ notify \
+ benotify \
+ do \
+ qauth \
+ sprack \
+ publish \
+ service \
+ unsubscribe \
+ prack }, \
+ max_uri_len 512, \
+ max_call_id_len 80, \
+ max_requestName_len 20, \
+ max_from_len 256, \
+ max_to_len 256, \
+ max_via_len 1024, \
+ max_contact_len 512, \
+ max_content_len 2048
+
+##################################
+ #
+# IMAP preprocessor, README.imap #
+ #
+##################################
+
+# TODO: add pfsense GUI
+preprocessor imap: \
+ ports { 143 } \
+ b64_decode_depth 0 \
+ qp_decode_depth 0 \
+ bitenc_decode_depth 0 \
+ uu_decode_depth 0
+
+##################################
+ #
+# POP preprocessor, README.pop #
+ #
+##################################
+
+# TODO: add pfsense GUI
+preprocessor pop: \
+ ports { 110 } \
+ b64_decode_depth 0 \
+ qp_decode_depth 0 \
+ bitenc_decode_depth 0 \
+ uu_decode_depth 0
+
+#######################################
+ #
+# Modbus preprocessor, README.modbus #
+# Used for SCADA #
+ #
+#######################################
+
+# TODO: add pfsense GUI
+preprocessor modbus: ports { 502 }
+
+
+###############################################
+ #
+# DNP3 preprocessor, EADME.dnp3 #
+ #
+###############################################
+
+# TODO: add pfsense GUI
+preprocessor dnp3: ports { 20000 } \
+ memcap 262144 \
+ check_crc
+
+###############################################
+ #
+# Reputation preprocessor, README.reputation #
+ #
+###############################################
+
+#preprocessor reputation: \
+# memcap 500, \
+# priority whitelist, \
+# nested_ip inner, \
+# whitelist $WHITE_LIST_PATH/white_list.rules, \
+# blacklist $BLACK_LIST_PATH/black_list.rules
+
+
+#####################
+ #
+# Snort Output Logs #
+ #
+#####################
+
+$snortunifiedlogbasic_type
+$snortalertlogtype_type
+$alertsystemlog_type
+$tcpdumplog_type
+$snortmysqllog_info_chk
+$snortunifiedlog_type
+$spoink_type
+
+#################
+ #
+# Misc Includes #
+ #
+#################
+
+include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
+include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
+{$snort_preprocessor_decoder_rules}
+
+$threshold_file_name
+
+# Snort user pass through configuration
+{$snort_config_pass_thru}
+
+###################
+ #
+# Rules Selection #
+ #
+###################
+
+ {$selected_rules_sections}
+
+EOD;
+
+ return $snort_conf_text;
+}
+
+/* hide progress bar */
+function hide_progress_bar_status() {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+
+ ob_flush();
+ if(!$console_mode)
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
+}
+
+/* unhide progress bar */
+function unhide_progress_bar_status() {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+
+ ob_flush();
+ if(!$console_mode)
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
+}
+
+/* update both top and bottom text box during an operation */
+function update_all_status($status) {
+ global $snort_filename, $snort_filename_md5, $console_mode;
+
+ ob_flush();
+ if(!$console_mode) {
+ update_status($status);
+ update_output_window($status);
+ }
+}
+
+######## new
+
+// returns array that matches pattern, option to replace objects in matches
+function snortScanDirFilter($arrayList, $pattmatch, $pattreplace, $pattreplacewith)
+{
+ foreach ( $arrayList as $val )
+ {
+ if (preg_match($pattmatch, $val, $matches)) {
+ if ($pattreplace != '') {
+ $matches2 = preg_replace($pattreplace, $pattreplacewith, $matches[0]);
+ $filterDirList[] = $matches2;
+ }else{
+ $filterDirList[] = $matches[0];
+ }
+ }
+ }
+ return $filterDirList;
+}
+
+?>
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
new file mode 100644
index 00000000..2365bbea
--- /dev/null
+++ b/config/snort-dev/snort.xml
@@ -0,0 +1,205 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfsense.com)
+ Copyright (C) 2007 to whom it may belong
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>Snort</name>
+ <version>2.9.0.5</version>
+ <title>Services:2.9.0.5 pkg v. 2.0</title>
+ <include_file>/usr/local/pkg/snort/snort.inc</include_file>
+ <menu>
+ <name>Snort</name>
+ <tooltiptext>Setup snort specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/snort/snort_interfaces.php</url>
+ </menu>
+ <service>
+ <name>snort</name>
+ <rcfile>snort.sh</rcfile>
+ <executable>snort</executable>
+ <description>Snort is the most widely deployed IDS/IPS technology
+ worldwide.</description>
+ </service>
+ <tabs>
+ </tabs>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_gui.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_barnyard.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_download_updates.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/help_and_info.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_global.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_preprocessors.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress_edit.php</item>
+ </additional_files_needed>
+ <fields>
+ </fields>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_resync_config_command>
+ sync_snort_package_config();
+ </custom_php_resync_config_command>
+ <custom_php_install_command>
+ snort_postinstall();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ snort_deinstall();
+ </custom_php_deinstall_command>
+</packagegui>
diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php
new file mode 100644
index 00000000..3094d1a7
--- /dev/null
+++ b/config/snort-dev/snort_alerts.php
@@ -0,0 +1,582 @@
+<?php
+/* $Id$ */
+/*
+ snort_alerts.php
+ part of pfSense
+
+ Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2006 Scott Ullrich
+ All rights reserved.
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009 Robert Zelaya Sr. Developer
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+/* load only javascript that is needed */
+$snort_load_sortabletable = 'yes';
+$snort_load_mootools = 'yes';
+
+$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_instance = &$config['installedpackages']['snortglobal']['rule'];
+$snort_uuid = $a_instance[0]['uuid'];
+if ($_POST['instance'])
+ $snort_uuid = $a_instance[$_POST['instance']]['uuid'];
+
+if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
+ $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
+ $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
+ $anentries = $pconfig['alertnumber'];
+} else {
+ $anentries = '250';
+ $pconfig['alertnumber'] = '250';
+ $pconfig['arefresh'] = 'off';
+}
+
+if ($_POST['save'])
+{
+ //unset($input_errors);
+ //$pconfig = $_POST;
+
+ /* input validation */
+ if ($_POST['save'])
+ {
+
+ // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
+ // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
+ // }
+
+ }
+
+ /* no errors */
+ if (!$input_errors) {
+ if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
+ $config['installedpackages']['snortglobal']['alertsblocks'] = array();
+ $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
+
+ write_config();
+
+ header("Location: /snort/snort_alerts.php");
+ exit;
+ }
+
+}
+
+if ($_GET['action'] == "clear" || $_POST['clear'])
+{
+ if (file_exists("/var/log/snort/alert_{$snort_uuid}"))
+ {
+ conf_mount_rw();
+ @file_put_contents("/var/log/snort/alert_{$snort_uuid}", "");
+ post_delete_logs();
+ /* XXX: This is needed is snort is run as snort user */
+ //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
+ mwexec('/bin/chmod 660 /var/log/snort/*', true);
+ mwexec('/usr/bin/killall -HUP snort', true);
+ conf_mount_ro();
+ }
+ header("Location: /snort/snort_alerts.php");
+ exit;
+}
+
+if ($_POST['download'])
+{
+
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "snort_logs_{$save_date}.tar.gz";
+ exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort");
+
+ if (file_exists("/tmp/{$file_name}")) {
+ $file = "/tmp/snort_logs_{$save_date}.tar.gz";
+ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
+ header("Pragma: private"); // needed for IE
+ header("Cache-Control: private, must-revalidate"); // needed for IE
+ header('Content-type: application/force-download');
+ header('Content-Transfer-Encoding: Binary');
+ header("Content-length: ".filesize($file));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ readfile("$file");
+ exec("/bin/rm /tmp/{$file_name}");
+ }
+
+ header("Location: /snort/snort_alerts.php");
+ exit;
+}
+
+
+/* WARNING: took me forever to figure reg expression, dont lose */
+// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50';
+function get_snort_alert_date($fileline)
+{
+ /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
+ if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))
+ $alert_date = "$matches1[0]";
+
+ return $alert_date;
+}
+
+function get_snort_alert_disc($fileline)
+{
+ /* disc */
+ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
+ $alert_disc = "$matches[2]";
+
+ return $alert_disc;
+}
+
+function get_snort_alert_class($fileline)
+{
+ /* class */
+ if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2))
+ $alert_class = "$matches2[0]";
+
+ return $alert_class;
+}
+
+function get_snort_alert_priority($fileline)
+{
+ /* Priority */
+ if (preg_match('/Priority:\s\d/', $fileline, $matches3))
+ $alert_priority = "$matches3[0]";
+
+ return $alert_priority;
+}
+
+function get_snort_alert_proto($fileline)
+{
+ /* Priority */
+ if (preg_match('/\{.+\}/', $fileline, $matches3))
+ $alert_proto = "$matches3[0]";
+
+ return $alert_proto;
+}
+
+function get_snort_alert_proto_full($fileline)
+{
+ /* Protocal full */
+ if (preg_match('/.+\sTTL/', $fileline, $matches2))
+ $alert_proto_full = "$matches2[0]";
+
+ return $alert_proto_full;
+}
+
+function get_snort_alert_ip_src($fileline)
+{
+ /* SRC IP */
+ $re1='.*?'; # Non-greedy match on filler
+ $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+
+ if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
+ $alert_ip_src = $matches4[1][0];
+
+ return $alert_ip_src;
+}
+
+function get_snort_alert_src_p($fileline)
+{
+ /* source port */
+ if (preg_match('/:\d+\s-/', $fileline, $matches5))
+ $alert_src_p = "$matches5[0]";
+
+ return $alert_src_p;
+}
+
+function get_snort_alert_flow($fileline)
+{
+ /* source port */
+ if (preg_match('/(->|<-)/', $fileline, $matches5))
+ $alert_flow = "$matches5[0]";
+
+ return $alert_flow;
+}
+
+function get_snort_alert_ip_dst($fileline)
+{
+ /* DST IP */
+ $re1dp='.*?'; # Non-greedy match on filler
+ $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress
+ $re3dp='.*?'; # Non-greedy match on filler
+ $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+
+ if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6))
+ $alert_ip_dst = $matches6[1][0];
+
+ return $alert_ip_dst;
+}
+
+function get_snort_alert_dst_p($fileline)
+{
+ /* dst port */
+ if (preg_match('/:\d+$/', $fileline, $matches7))
+ $alert_dst_p = "$matches7[0]";
+
+ return $alert_dst_p;
+}
+
+function get_snort_alert_dst_p_full($fileline)
+{
+ /* dst port full */
+ if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7))
+ $alert_dst_p = "$matches7[0]";
+
+ return $alert_dst_p;
+}
+
+function get_snort_alert_sid($fileline)
+{
+ /* SID */
+ if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8))
+ $alert_sid = "$matches8[0]";
+
+ return $alert_sid;
+}
+
+$pgtitle = "Services: Snort: Snort Alerts";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+
+include_once("fbegin.inc");
+echo $snort_general_css;
+
+/* refresh every 60 secs */
+if ($pconfig['arefresh'] == 'on')
+ echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n";
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea2">
+ <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0">
+ <form action="/snort/snort_alerts.php" method="post" id="formalert">
+ <tr>
+ <td width="22%" colspan="0" class="listtopic">Last <?=$anentries;?> Alert Entries.</td>
+ <td width="78%" class="listtopic">Latest Alert Entries Are Listed First.</td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Instance to inspect</td>
+ <td width="78%" class="vtable">
+ <br/> <select name="instance" id="instance" class="formfld unkown" onChange="document.getElementById('formalert').submit()">
+ <?php
+ foreach ($a_instance as $id => $instance) {
+ echo "<option value='{$id}'> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ }
+ ?>
+ </select><br/> Choose which instance alerts you want to inspect.
+ </td>
+ <tr>
+ <td width="22%" class="vncell">Save or Remove Logs</td>
+ <td width="78%" class="vtable">
+ <input name="download" type="submit" class="formbtn" value="Download"> All
+ log files will be saved. <a href="/snort/snort_alerts.php?action=clear">
+ <input name="delete" type="button" class="formbtn" value="Clear"
+ onclick="return confirm('Do you really want to remove all instance logs?')"></a>
+ <span class="red"><strong>Warning:</strong></span> all log files will be deleted.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Auto Refresh and Log View</td>
+ <td width="78%" class="vtable">
+ <input name="save" type="submit" class="formbtn" value="Save">
+ Refresh <input name="arefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
+ <strong>Default</strong> is <strong>ON</strong>.
+ <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
+ Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>.
+ </td>
+ </tr>
+ </form>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <td width="100%"><br>
+ <div class="tableFilter">
+ <form id="tableFilter"
+ onsubmit="myTable.filter(this.id); return false;">Filter: <select
+ id="column">
+ <option value="1">PRIORITY</option>
+ <option value="2">PROTO</option>
+ <option value="3">DESCRIPTION</option>
+ <option value="4">CLASS</option>
+ <option value="5">SRC</option>
+ <option value="6">SRC PORT</option>
+ <option value="7">FLOW</option>
+ <option value="8">DST</option>
+ <option value="9">DST PORT</option>
+ <option value="10">SID</option>
+ <option value="11">Date</option>
+ </select> <input type="text" id="keyword" /> <input type="submit"
+ value="Submit" /> <input type="reset" value="Clear" /></form>
+ </div>
+ <table class="allRow" id="myTable" width="100%" border="2"
+ cellpadding="1" cellspacing="1">
+ <thead>
+ <th axis="number">#</th>
+ <th axis="string">PRI</th>
+ <th axis="string">PROTO</th>
+ <th axis="string">DESCRIPTION</th>
+ <th axis="string">CLASS</th>
+ <th axis="string">SRC</th>
+ <th axis="string">SPORT</th>
+ <th axis="string">FLOW</th>
+ <th axis="string">DST</th>
+ <th axis="string">DPORT</th>
+ <th axis="string">SID</th>
+ <th axis="date">Date</th>
+ </thead>
+ <tbody>
+ <?php
+
+ /* make sure alert file exists */
+ if (!file_exists("/var/log/snort/alert_{$snort_uuid}"))
+ exec("/usr/bin/touch /var/log/snort/alert_{$snort_uuid}");
+
+ $logent = $anentries;
+
+ /* detect the alert file type */
+ if ($snortalertlogt == 'full')
+ $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+ else
+ $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+
+
+
+ if (is_array($alerts_array)) {
+
+ $counter = 0;
+ foreach($alerts_array as $fileline)
+ {
+
+ if($logent <= $counter)
+ continue;
+
+ $counter++;
+
+ /* Date */
+ $alert_date_str = get_snort_alert_date($fileline);
+
+ if($alert_date_str != '')
+ {
+ $alert_date = $alert_date_str;
+ }else{
+ $alert_date = 'empty';
+ }
+
+ /* Discription */
+ $alert_disc_str = get_snort_alert_disc($fileline);
+
+ if($alert_disc_str != '')
+ {
+ $alert_disc = $alert_disc_str;
+ }else{
+ $alert_disc = 'empty';
+ }
+
+ /* Classification */
+ $alert_class_str = get_snort_alert_class($fileline);
+
+ if($alert_class_str != '')
+ {
+
+ $alert_class_match = array('[Classification:',']');
+ $alert_class = str_replace($alert_class_match, '', "$alert_class_str");
+ }else{
+ $alert_class = 'Prep';
+ }
+
+ /* Priority */
+ $alert_priority_str = get_snort_alert_priority($fileline);
+
+ if($alert_priority_str != '')
+ {
+ $alert_priority_match = array('Priority: ',']');
+ $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str");
+ }else{
+ $alert_priority = 'empty';
+ }
+
+ /* Protocol */
+ /* Detect alert file type */
+ if ($snortalertlogt == 'full')
+ {
+ $alert_proto_str = get_snort_alert_proto_full($fileline);
+ }else{
+ $alert_proto_str = get_snort_alert_proto($fileline);
+ }
+
+ if($alert_proto_str != '')
+ {
+ $alert_proto_match = array(" TTL",'{','}');
+ $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str");
+ }else{
+ $alert_proto = 'empty';
+ }
+
+ /* IP SRC */
+ $alert_ip_src_str = get_snort_alert_ip_src($fileline);
+
+ if($alert_ip_src_str != '')
+ {
+ $alert_ip_src = $alert_ip_src_str;
+ }else{
+ $alert_ip_src = 'empty';
+ }
+
+ /* IP SRC Port */
+ $alert_src_p_str = get_snort_alert_src_p($fileline);
+
+ if($alert_src_p_str != '')
+ {
+ $alert_src_p_match = array(' -',':');
+ $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str");
+ }else{
+ $alert_src_p = 'empty';
+ }
+
+ /* Flow */
+ $alert_flow_str = get_snort_alert_flow($fileline);
+
+ if($alert_flow_str != '')
+ {
+ $alert_flow = $alert_flow_str;
+ }else{
+ $alert_flow = 'empty';
+ }
+
+ /* IP Destination */
+ $alert_ip_dst_str = get_snort_alert_ip_dst($fileline);
+
+ if($alert_ip_dst_str != '')
+ {
+ $alert_ip_dst = $alert_ip_dst_str;
+ }else{
+ $alert_ip_dst = 'empty';
+ }
+
+ /* IP DST Port */
+ if ($snortalertlogt == 'full')
+ {
+ $alert_dst_p_str = get_snort_alert_dst_p_full($fileline);
+ }else{
+ $alert_dst_p_str = get_snort_alert_dst_p($fileline);
+ }
+
+ if($alert_dst_p_str != '')
+ {
+ $alert_dst_p_match = array(':',"\n"," TTL");
+ $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str");
+ $alert_dst_p_match2 = array('/[A-Z]/');
+ $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2");
+ }else{
+ $alert_dst_p = 'empty';
+ }
+
+ /* SID */
+ $alert_sid_str = get_snort_alert_sid($fileline);
+
+ if($alert_sid_str != '')
+ {
+ $alert_sid_match = array('[',']');
+ $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str");
+ }else{
+ $alert_sid_str = 'empty';
+ }
+
+ /* NOTE: using one echo improves performance by 2x */
+ if ($alert_disc != 'empty')
+ {
+ echo "<tr id=\"{$counter}\">
+ <td class=\"centerAlign\">{$counter}</td>
+ <td class=\"centerAlign\">{$alert_priority}</td>
+ <td class=\"centerAlign\">{$alert_proto}</td>
+ <td>{$alert_disc}</td>
+ <td class=\"centerAlign\">{$alert_class}</td>
+ <td>{$alert_ip_src}</td>
+ <td class=\"centerAlign\">{$alert_src_p}</td>
+ <td class=\"centerAlign\">{$alert_flow}</td>
+ <td>{$alert_ip_dst}</td>
+ <td class=\"centerAlign\">{$alert_dst_p}</td>
+ <td class=\"centerAlign\">{$alert_sid}</td>
+ <td>{$alert_date}</td>
+ </tr>\n";
+ }
+
+ // <script type="text/javascript">
+ // var myTable = {};
+ // window.addEvent('domready', function(){
+ // myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}});
+ // });
+ // </script>
+
+ }
+ }
+
+ ?>
+ </tbody>
+ </table>
+ </td>
+</table>
+
+</div>
+
+<?php
+include("fend.inc");
+
+echo $snort_custom_rnd_box;
+
+?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php
new file mode 100644
index 00000000..b647c007
--- /dev/null
+++ b/config/snort-dev/snort_barnyard.php
@@ -0,0 +1,269 @@
+<?php
+/* $Id$ */
+/*
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+
+TODO: Nov 12 09
+Clean this code up its ugly
+Important add error checking
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+if (isset($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
+}
+
+$pconfig = array();
+if (isset($id) && $a_nat[$id]) {
+ /* old options */
+ $pconfig = $a_nat[$id];
+ $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
+ $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
+ $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
+}
+
+if (isset($_GET['dup']))
+ unset($id);
+
+$if_real = snort_get_real_interface($pconfig['interface']);
+$snort_uuid = $pconfig['uuid'];
+
+/* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
+if ($_POST) {
+
+ /* XXX: Mising error reporting?!
+ * check for overlaps
+ foreach ($a_nat as $natent) {
+ if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
+ continue;
+ if ($natent['interface'] != $_POST['interface'])
+ continue;
+ }
+ */
+
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ $natent = array();
+ /* repost the options already in conf */
+ $natent = $pconfig;
+
+ $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off';
+ $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql'];
+ $natent['barnconfigpassthru'] = $_POST['barnconfigpassthru'] ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru'];
+ if ($_POST['barnyard_enable'] == "on")
+ $natent['snortunifiedlog'] = 'on';
+ else
+ $natent['snortunifiedlog'] = 'off';
+
+ if (isset($id) && $a_nat[$id])
+ $a_nat[$id] = $natent;
+ else {
+ if (is_numeric($after))
+ array_splice($a_nat, $after+1, 0, array($natent));
+ else
+ $a_nat[] = $natent;
+ }
+
+ write_config();
+ sync_snort_package_config();
+
+ /* after click go to this page */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: snort_barnyard.php?id=$id");
+ exit;
+ }
+}
+
+$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit";
+include_once("head.inc");
+
+?>
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php
+echo "{$snort_general_css}\n";
+?>
+
+<div class="body2">
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<script language="JavaScript">
+<!--
+
+function enable_change(enable_change) {
+ endis = !(document.iform.barnyard_enable.checked || enable_change);
+ // make shure a default answer is called if this is envoked.
+ endis2 = (document.iform.barnyard_enable);
+
+ document.iform.barnyard_mysql.disabled = endis;
+ document.iform.barnconfigpassthru.disabled = endis;
+}
+//-->
+</script>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<form action="snort_barnyard.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
+
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Barnyard2
+ Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Enable</td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)">
+ <strong>Enable Barnyard2 </strong><br>
+ This will enable barnyard2 for this interface. You will also have to set the database credentials.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Mysql Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td>
+ <td width="78%" class="vtable"><input name="barnyard_mysql"
+ type="text" class="formfld" id="barnyard_mysql" size="100"
+ value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br>
+ <span class="vexpl">Example: output database: alert, mysql,
+ dbname=snort user=snort host=localhost password=xyz<br>
+ Example: output database: log, mysql, dbname=snort user=snort
+ host=localhost password=xyz</span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Advanced Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Advanced configuration
+ pass through</td>
+ <td width="78%" class="vtable"><textarea name="barnconfigpassthru"
+ cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
+ <br>
+ Arguments here will be automatically inserted into the running
+ barnyard2 configuration.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="id" type="hidden" value="<?=$id;?>"> </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings befor you click start. </td>
+ </tr>
+ </table>
+
+</table>
+</form>
+
+</div>
+
+<script language="JavaScript">
+<!--
+enable_change(false);
+//-->
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php
new file mode 100644
index 00000000..932e0983
--- /dev/null
+++ b/config/snort-dev/snort_blocked.php
@@ -0,0 +1,426 @@
+<?php
+/* $Id$ */
+/*
+ snort_blocked.php
+ Copyright (C) 2006 Scott Ullrich
+ All rights reserved.
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009 Robert Zelaya Sr. Developer
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
+ $config['installedpackages']['snortglobal']['alertsblocks'] = array();
+
+$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'];
+$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'];
+
+if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0')
+{
+ $bnentries = '500';
+}else{
+ $bnentries = $pconfig['blertnumber'];
+}
+
+if($_POST['todelete'] or $_GET['todelete']) {
+ if($_POST['todelete'])
+ $ip = $_POST['todelete'];
+ if($_GET['todelete'])
+ $ip = $_GET['todelete'];
+ exec("/sbin/pfctl -t snort2c -T delete {$ip}");
+}
+
+if ($_POST['remove']) {
+ exec("/sbin/pfctl -t snort2c -T flush");
+ sleep(1);
+ header("Location: /snort/snort_blocked.php");
+ exit;
+
+}
+
+/* TODO: build a file with block ip and disc */
+if ($_POST['download'])
+{
+
+ ob_start(); //important or other posts will fail
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "snort_blocked_{$save_date}.tar.gz";
+ exec('/bin/mkdir /tmp/snort_blocked');
+ exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf');
+
+ $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf'))));
+
+ if ($blocked_ips_array_save[0] != '') {
+ /* build the list */
+ file_put_contents("/tmp/snort_blocked/snort_block.pf", "");
+ foreach($blocked_ips_array_save as $counter => $fileline3)
+ file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline3}\n", FILE_APPEND);
+ }
+
+ exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked");
+
+ if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) {
+ $file = "/tmp/snort_blocked_{$save_date}.tar.gz";
+ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
+ header("Pragma: private"); // needed for IE
+ header("Cache-Control: private, must-revalidate"); // needed for IE
+ header('Content-type: application/force-download');
+ header('Content-Transfer-Encoding: Binary');
+ header("Content-length: ".filesize($file));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ readfile("$file");
+ exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz");
+ exec("/bin/rm /tmp/snort_block.pf");
+ exec("/bin/rm /tmp/snort_blocked/snort_block.pf");
+ od_end_clean(); //importanr or other post will fail
+ } else
+ echo 'Error no saved file.';
+
+}
+
+if ($_POST['save'])
+{
+
+ /* input validation */
+ if ($_POST['save'])
+ {
+
+
+ }
+
+ /* no errors */
+ if (!$input_errors)
+ {
+ $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
+
+ write_config();
+
+ header("Location: /snort/snort_blocked.php");
+
+ }
+
+}
+
+/* build filter funcs */
+function get_snort_alert_ip_src($fileline)
+{
+ /* SRC IP */
+ $re1='.*?'; # Non-greedy match on filler
+ $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+
+ if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
+ $alert_ip_src = $matches4[1][0];
+
+ return $alert_ip_src;
+}
+
+function get_snort_alert_disc($fileline)
+{
+ /* disc */
+ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
+ $alert_disc = "$matches[2]";
+
+ return $alert_disc;
+}
+
+/* build sec filters */
+function get_snort_block_ip($fileline)
+{
+ /* ip */
+ if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches))
+ $alert_block_ip = "$matches[0]";
+
+ return $alert_block_ip;
+}
+
+function get_snort_block_disc($fileline)
+{
+ /* disc */
+ if (preg_match("/\]\s\[.+\]$/", $fileline, $matches))
+ $alert_block_disc = "$matches[0]";
+
+ return $alert_block_disc;
+}
+
+/* tell the user what settings they have */
+$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked'];
+if ($blockedtab_msg_chk == "1h_b") {
+ $blocked_msg = "hour";
+}
+if ($blockedtab_msg_chk == "3h_b") {
+ $blocked_msg = "3 hours";
+}
+if ($blockedtab_msg_chk == "6h_b") {
+ $blocked_msg = "6 hours";
+}
+if ($blockedtab_msg_chk == "12h_b") {
+ $blocked_msg = "12 hours";
+}
+if ($blockedtab_msg_chk == "1d_b") {
+ $blocked_msg = "day";
+}
+if ($blockedtab_msg_chk == "4d_b") {
+ $blocked_msg = "4 days";
+}
+if ($blockedtab_msg_chk == "7d_b") {
+ $blocked_msg = "7 days";
+}
+if ($blockedtab_msg_chk == "28d_b") {
+ $blocked_msg = "28 days";
+}
+
+if ($blockedtab_msg_chk != "never_b")
+{
+ $blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>.";
+}else{
+ $blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts.";
+}
+
+$pgtitle = "Services: Snort Blocked Hosts";
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+
+include_once("fbegin.inc");
+echo $snort_general_css;
+
+/* refresh every 60 secs */
+if ($pconfig['brefresh'] == 'on')
+ echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td>
+ <div id="mainarea2">
+
+ <table id="maintable" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="22%" colspan="0" class="listtopic">Last <?=$bnentries;?>
+ Blocked.</td>
+ <td width="78%" class="listtopic">This page lists hosts that have
+ been blocked by Snort.&nbsp;&nbsp;<?=$blocked_msg_txt;?></td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Save or Remove Hosts</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_blocked.php" method="post"><input
+ name="download" type="submit" class="formbtn" value="Download"> All
+ blocked hosts will be saved. <input name="remove" type="submit"
+ class="formbtn" value="Clear"> <span class="red"><strong>Warning:</strong></span>
+ all hosts will be removed.</form>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Auto Refresh and Log View</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_blocked.php" method="post"><input
+ name="save" type="submit" class="formbtn" value="Save"> Refresh <input
+ name="brefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
+ <strong>Default</strong> is <strong>ON</strong>. <input
+ name="blertnumber" type="text" class="formfld" id="blertnumber"
+ size="5" value="<?=htmlspecialchars($bnentries);?>"> Enter the
+ number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>.
+ </form>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <br>
+ </td>
+ </tr>
+
+ <table class="tabcont" width="100%" border="0" cellspacing="0"
+ cellpadding="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Remove</td>
+ <td class="listhdrr">#</td>
+ <td class="listhdrr">IP</td>
+ <td class="listhdrr">Alert Description</td>
+ </tr>
+ <?php
+
+ /* set the arrays */
+ exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache');
+ $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache'))));
+ foreach (glob("/var/log/snort/alert_*") as $alert) {
+ $alerts_array = array_reverse(explode("\n\n", file_get_contents("{$alert}")));
+
+ $logent = $bnentries;
+
+ if ($blocked_ips_array[0] != '' && $alerts_array[0] != '')
+ {
+
+ /* build the list and compare blocks to alerts */
+ $counter = 0;
+ foreach($alerts_array as $fileline)
+ {
+
+ $counter++;
+
+ $alert_ip_src = get_snort_alert_ip_src($fileline);
+ $alert_ip_disc = get_snort_alert_disc($fileline);
+ $alert_ip_src_array[] = get_snort_alert_ip_src($fileline);
+
+ if (in_array("$alert_ip_src", $blocked_ips_array))
+ $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
+ }
+
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+
+ if (!in_array($alert_block_ip, $alert_ip_src_array))
+ {
+ $input[] = "[$alert_block_ip] " . "[N\A]\n";
+ }
+ }
+
+ /* reduce double occurrences */
+ $result = array_unique($input);
+
+ /* buil final list, preg_match, buld html */
+ $counter2 = 0;
+
+ foreach($result as $fileline2)
+ {
+ if($logent <= $counter2)
+ continue;
+
+ $counter2++;
+
+ $alert_block_ip_str = get_snort_block_ip($fileline2);
+
+ if($alert_block_ip_str != '')
+ {
+ $alert_block_ip_match = array('[',']');
+ $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str");
+ }else{
+ $alert_block_ip = 'empty';
+ }
+
+ $alert_block_disc_str = get_snort_block_disc($fileline2);
+
+ if($alert_block_disc_str != '')
+ {
+ $alert_block_disc_match = array('] [',']');
+ $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str");
+ }else{
+ $alert_block_disc = 'empty';
+ }
+
+ /* use one echo to do the magic*/
+ echo "<tr>
+ <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
+ <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td>&nbsp;{$counter2}</td>
+ <td>&nbsp;{$alert_block_ip}</td>
+ <td>&nbsp;{$alert_block_disc}</td>
+ </tr>\n";
+
+ }
+
+ }else{
+
+ /* if alerts file is empty and blocked table is not empty */
+ $counter2 = 0;
+
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+ if($logent <= $counter2)
+ continue;
+
+ $counter2++;
+
+ $alert_block_disc = 'N/A';
+
+ /* use one echo to do the magic*/
+ echo "<tr>
+ <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
+ <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td>&nbsp;{$counter2}</td>
+ <td>&nbsp;{$alert_block_ip}</td>
+ <td>&nbsp;{$alert_block_disc}</td>
+ </tr>\n";
+ }
+ }
+ }
+
+ echo '</table>' . "\n";
+
+ if (empty($blocked_ips_array[0]))
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
+ else
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>";
+
+ ?>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <?php
+
+ include("fend.inc");
+
+echo $snort_custom_rnd_box;
+
+?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_check_cron_misc.inc b/config/snort-dev/snort_check_cron_misc.inc
new file mode 100644
index 00000000..28d454b0
--- /dev/null
+++ b/config/snort-dev/snort_check_cron_misc.inc
@@ -0,0 +1,76 @@
+<?php
+/* $Id$ */
+/*
+ snort_chk_log_dir_size.php
+ part of pfSense
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009-2010 Robert Zelaya Developer
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("/usr/local/pkg/snort/snort.inc");
+
+// 'B' => 1,
+// 'KB' => 1024,
+// 'MB' => 1024 * 1024,
+// 'GB' => 1024 * 1024 * 1024,
+// 'TB' => 1024 * 1024 * 1024 * 1024,
+// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024,
+
+
+/* chk if snort log dir is full if so clear it */
+$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
+$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
+
+if ($g['booting']==true)
+ return;
+
+if ($snortloglimit == 'off')
+ return;
+
+$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\'');
+
+$snortlogAlertsizeKB = snort_Getdirsize('/var/log/snort/alert');
+$snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70);
+$snortloglimitsizeKB = round($snortloglimitsize * 1024);
+
+/* do I need HUP kill ? */
+if (snort_Getdirsize('/var/log/snort/') >= $snortloglimitsizeKB ) {
+
+ conf_mount_rw();
+ if(file_exists('/var/log/snort/alert')) {
+ if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) {
+ exec('/bin/echo "" > /var/log/snort/alert');
+ }
+ post_delete_logs();
+ /* XXX: This is needed if snort is run as snort user */
+ //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
+ mwexec('/bin/chmod 660 /var/log/snort/*', true);
+ }
+ conf_mount_ro();
+
+}
+
+?>
diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php
new file mode 100644
index 00000000..41995e9d
--- /dev/null
+++ b/config/snort-dev/snort_check_for_rule_updates.php
@@ -0,0 +1,690 @@
+<?php
+/*
+ snort_check_for_rule_updates.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Setup enviroment */
+
+/* TODO: review if include files are needed */
+require_once("functions.inc");
+require_once("service-utils.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+$pkg_interface = "console";
+
+$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
+$snortdir = "/usr/local/etc/snort";
+$snortdir_wan = "/usr/local/etc/snort";
+$snort_filename_md5 = "{$snort_rules_file}.md5";
+$snort_filename = "{$snort_rules_file}";
+$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
+$emergingthreats_filename = "emerging.rules.tar.gz";
+$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
+$pfsense_rules_filename = "pfsense_rules.tar.gz";
+
+/* Time stamps define */
+$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
+$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
+
+$up_date_time = date('l jS \of F Y h:i:s A');
+echo "\n";
+echo "#########################\n";
+echo "$up_date_time\n";
+echo "#########################\n";
+echo "\n\n";
+
+/* define checks */
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snortdownload == 'off' && $emergingthreats != 'on')
+ $snort_emrging_info = 'stop';
+
+if ($oinkid == "" && $snortdownload != 'off')
+ $snort_oinkid_info = 'stop';
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+if (file_exists('/var/run/snort.conf.dirty'))
+ $snort_dirty_d = 'stop';
+
+/* Start of code */
+conf_mount_rw();
+
+if (!is_dir('/usr/local/etc/snort/tmp'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
+
+$snort_md5_check_ok = 'off';
+$emerg_md5_check_ok = 'off';
+$pfsense_md5_check_ok = 'off';
+
+/* Set user agent to Mozilla */
+ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ini_set("memory_limit","150M");
+
+/* mark the time update started */
+$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
+
+/* send current buffer */
+ob_flush();
+
+/* send current buffer */
+ob_flush();
+
+/* remove old $tmpfname files */
+if (is_dir("{$tmpfname}")) {
+ update_status(gettext("Removing old tmp files..."));
+ exec("/bin/rm -r {$tmpfname}");
+ apc_clear_cache();
+}
+
+/* Make shure snortdir exits */
+exec("/bin/mkdir -p {$snortdir}");
+exec("/bin/mkdir -p {$snortdir}/rules");
+exec("/bin/mkdir -p {$snortdir}/signatures");
+exec("/bin/mkdir -p {$tmpfname}");
+exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
+
+/* send current buffer */
+ob_flush();
+
+$pfsensedownload = 'on';
+
+/* download md5 sig from snort.org */
+if ($snortdownload == 'on')
+{
+ if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
+ filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+ update_status(gettext("snort.org md5 temp file exists..."));
+ } else {
+ update_status(gettext("Downloading snort.org md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+
+ //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+ $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+ @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
+ update_status(gettext("Done downloading snort.org md5"));
+ }
+}
+
+/* download md5 sig from emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+ update_status(gettext("Downloading emergingthreats md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
+ $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');
+ @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
+ update_status(gettext("Done downloading emergingthreats md5"));
+}
+
+/* download md5 sig from pfsense.org */
+if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
+ update_status(gettext("pfsense md5 temp file exists..."));
+} else {
+ update_status(gettext("Downloading pfsense md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
+ $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
+ @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);
+ update_status(gettext("Done downloading pfsense md5."));
+}
+
+/* If md5 file is empty wait 15min exit */
+if ($snortdownload == 'on')
+{
+ if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))
+ {
+ update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
+ $snortdownload = 'off';
+ }
+}
+
+/* If pfsense md5 file is empty wait 15min exit */
+if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
+ update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released to support Pfsense packages."));
+ $pfsensedownload = 'off';
+}
+
+/* Check if were up to date snort.org */
+if ($snortdownload == 'on')
+{
+ if (file_exists("{$snortdir}/{$snort_filename_md5}"))
+ {
+ $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+ $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($md5_check_new == $md5_check_old)
+ {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now, check update."));
+ $snort_md5_check_ok = 'on';
+ } else {
+ update_status(gettext("Your rules are not up to date..."));
+ $snort_md5_check_ok = 'off';
+ }
+ }
+}
+
+/* Check if were up to date emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+ if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))
+ {
+ $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
+ $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
+ $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($emerg_md5_check_new == $emerg_md5_check_old)
+ {
+ $emerg_md5_check_ok = 'on';
+ } else
+ $emerg_md5_check_ok = 'off';
+ }
+}
+
+/* Check if were up to date pfsense.org */
+if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+{
+ $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($pfsense_md5_check_new == $pfsense_md5_check_old)
+ {
+ $pfsense_md5_check_ok = 'on';
+ } else
+ $pfsense_md5_check_ok = 'off';
+}
+
+if ($snortdownload == 'on') {
+ if ($snort_md5_check_ok == 'on')
+ {
+ update_status(gettext("Your snort.org rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ $snortdownload = 'off';
+ }
+}
+if ($emergingthreats == 'on') {
+ if ($emerg_md5_check_ok == 'on')
+ {
+ update_status(gettext("Your Emergingthreats rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ $emergingthreats = 'off';
+ }
+}
+
+/* download snortrules file */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ if (300000 > filesize("{$tmpfname}/$snort_filename")){
+ update_status(gettext("Error with the snort rules download..."));
+ update_output_window(gettext("Snort rules file downloaded failed..."));
+ $snortdownload = 'off';
+ }
+ }
+ }
+}
+
+/* download emergingthreats rules file */
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext('Emergingthreats tar file exists...'));
+ }else{
+ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
+ update_status(gettext('Done downloading Emergingthreats rules file.'));
+ }
+ }
+}
+
+/* download pfsense rules file */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ }
+}
+
+/* Compair md5 sig to file sig */
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk == on) {
+//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md5 == $file_md5_ondisk) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// return;
+// }
+//}
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk != on) {
+//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
+//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md55 == $file_md5_ondisk2) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// return;
+// }
+//}
+
+/* Untar snort rules file individually to help people with low system specs */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+
+ if ($pfsense_stable == 'yes')
+ $freebsd_version_so = 'FreeBSD-7-2';
+ else
+ $freebsd_version_so = 'FreeBSD-8-1';
+
+ update_status(gettext("Extracting Snort.org rules..."));
+ update_output_window(gettext("May take a while..."));
+ /* extract snort.org rules and add prefix to all snort.org files*/
+ exec("/bin/rm -r {$snortdir}/rules");
+ sleep(2);
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ chdir ("/usr/local/etc/snort/rules");
+ sleep(2);
+ exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
+
+ /* extract so rules */
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ if($snort_arch == 'x86'){
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+ } else if ($snort_arch == 'x64') {
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+ }
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+ " so_rules/chat.rules/" .
+ " so_rules/dos.rules/" .
+ " so_rules/exploit.rules/" .
+ " so_rules/icmp.rules/" .
+ " so_rules/imap.rules/" .
+ " so_rules/misc.rules/" .
+ " so_rules/multimedia.rules/" .
+ " so_rules/netbios.rules/" .
+ " so_rules/nntp.rules/" .
+ " so_rules/p2p.rules/" .
+ " so_rules/smtp.rules/" .
+ " so_rules/sql.rules/" .
+ " so_rules/web-activex.rules/" .
+ " so_rules/web-client.rules/" .
+ " so_rules/web-iis.rules/" .
+ " so_rules/web-misc.rules/");
+
+ exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+ }
+
+ /* extract base etc files */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ update_status(gettext("Done extracting Snort.org Rules."));
+ }else{
+ update_status(gettext("Error extracting Snort.org Rules..."));
+ update_output_window(gettext("Error Line 755"));
+ $snortdownload = 'off';
+ }
+}
+
+/* Untar emergingthreats rules to tmp */
+if ($emergingthreats == 'on')
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
+ }
+ }
+}
+
+/* Untar Pfsense rules to tmp */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Extracting Pfsense rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
+ }
+}
+
+/* Untar snort signatures */
+if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == 'on') {
+ update_status(gettext("Extracting Signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
+ update_status(gettext("Done extracting Signatures."));
+ }
+ }
+}
+
+/* Copy md5 sig to snort dir */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }else{
+ update_status(gettext("The md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $snortdownload = 'off';
+ }
+ }
+}
+
+/* Copy emergingthreats md5 sig to snort dir */
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
+ {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+ }else{
+ update_status(gettext("The emergingthreats md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $emergingthreats = 'off';
+ }
+ }
+}
+
+/* Copy Pfsense md5 sig to snort dir */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
+ update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
+ } else {
+ update_status(gettext("The Pfsense md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $pfsensedownload = 'off';
+ }
+}
+
+/* Copy signatures dir to snort dir */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on')
+ {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == 'on')
+ {
+ if (file_exists("{$snortdir}/doc/signatures")) {
+ update_status(gettext("Copying signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
+ update_status(gettext("Done copying signatures."));
+ }else{
+ update_status(gettext("Directory signatures exist..."));
+ update_output_window(gettext("Error copying signature..."));
+ $snortdownload = 'off';
+ }
+ }
+ }
+}
+
+/* double make shure cleanup emerg rules that dont belong */
+if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
+ apc_clear_cache();
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
+}
+
+if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+}
+
+/* make shure default rules are in the right format */
+exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+
+/* create a msg-map for snort */
+update_status(gettext("Updating Alert Messages..."));
+update_output_window(gettext("Please Wait..."));
+exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
+
+
+//////////////////
+/* open oinkmaster_conf for writing" function */
+function oinkmaster_conf($id, $if_real, $iface_uuid)
+{
+ global $config, $g, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
+
+ /* enable disable setting will carry over with updates */
+ /* TODO carry signature changes with the updates */
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+
+ $selected_sid_on_section = "";
+ $selected_sid_off_sections = "";
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+ $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
+ $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+ foreach($enabled_sid_on_array as $enabled_item_on)
+ $selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
+ $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+ foreach($enabled_sid_off_array as $enabled_item_off)
+ $selected_sid_off_sections .= "$enabled_item_off\n";
+ }
+
+ if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) {
+ $snort_sid_text = <<<EOD
+
+###########################################
+# #
+# this is auto generated on snort updates #
+# #
+###########################################
+
+path = /bin:/usr/bin:/usr/local/bin
+
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+url = dir:///usr/local/etc/snort/rules
+
+$selected_sid_on_sections
+
+$selected_sid_off_sections
+
+EOD;
+
+ /* open snort's oinkmaster.conf for writing */
+ @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
+ }
+ }
+}
+
+/* Run oinkmaster to snort_wan and cp configs */
+/* If oinkmaster is not needed cp rules normally */
+/* TODO add per interface settings here */
+function oinkmaster_run($id, $if_real, $iface_uuid)
+{
+ global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+ if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ update_status(gettext("Your first set of rules are being copied..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ } else {
+ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+
+ }
+ }
+}
+
+/* Start the proccess for every interface rule */
+/* TODO: try to make the code smother */
+if (is_array($config['installedpackages']['snortglobal']['rule']))
+{
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
+ $result_lan = $value['interface'];
+ $if_real = snort_get_real_interface($result_lan);
+ $iface_uuid = $value['uuid'];
+
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf($id, $if_real, $iface_uuid);
+
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run($id, $if_real, $iface_uuid);
+ }
+}
+
+//////////////
+
+/* mark the time update finnished */
+$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
+
+/* remove old $tmpfname files */
+if (is_dir('/usr/local/etc/snort/tmp')) {
+ update_status(gettext("Cleaning up..."));
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
+ sleep(2);
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
+}
+
+/* XXX: These are needed if snort is run as snort user
+mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);
+*/
+/* make all dirs snorts */
+mwexec("/bin/chmod -R 755 /var/log/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
+
+if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
+ update_output_window(gettext("Finished..."));
+else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')
+ update_output_window(gettext("Finished..."));
+else {
+ /* You are Not Up to date, always stop snort when updating rules for low end machines */;
+ update_status(gettext("You are NOT up to date..."));
+ exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
+ update_status(gettext("The Rules update finished..."));
+ update_output_window(gettext("Snort has restarted with your new set of rules..."));
+ exec("/bin/rm /tmp/snort_download_halt.pid");
+}
+
+update_status(gettext("The Rules update finished..."));
+conf_mount_ro();
+
+?>
diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php
new file mode 100644
index 00000000..497f0a79
--- /dev/null
+++ b/config/snort-dev/snort_define_servers.php
@@ -0,0 +1,541 @@
+<?php
+/* $Id$ */
+/*
+ snort_define_servers.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+
+TODO: Nov 12 09
+Clean this code up its ugly
+Important add error checking
+
+*/
+
+//require_once("globals.inc");
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$pconfig = array();
+if (isset($id) && $a_nat[$id]) {
+ $pconfig = $a_nat[$id];
+
+ /* old options */
+ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
+ $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
+ $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
+ $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
+ $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
+ $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
+ $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
+ $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
+ $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
+ $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
+ $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
+ $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
+ $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
+ $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
+ $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
+ $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
+ $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
+ $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
+ $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
+ $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
+ $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
+ $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
+ $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers'];
+ $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
+ $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
+ $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
+ $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
+ $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
+ $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
+ $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
+ $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
+ $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
+}
+
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+/* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
+if ($_POST) {
+
+ $natent = array();
+ $natent = $pconfig;
+
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ /* post new options */
+ if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; }
+ if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; }
+ if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; }
+ if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; }
+ if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; }
+ if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; }
+ if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; }
+ if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; }
+ if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; }
+ if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; }
+ if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; }
+ if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; }
+ if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; }
+ if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; }
+ if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; }
+ if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; }
+ if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; }
+ if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; }
+ if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; }
+ if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; }
+ if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; }
+ if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; }
+ if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; }
+ if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; }
+ if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; }
+ if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; }
+ if ($_POST['def_sip_servers'] != "") { $natent['def_sip_servers'] = $_POST['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; }
+ if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
+ if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; }
+ if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; }
+ if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; }
+ if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; }
+ if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; }
+ if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; }
+ if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; }
+
+
+ if (isset($id) && $a_nat[$id])
+ $a_nat[$id] = $natent;
+ else {
+ if (is_numeric($after))
+ array_splice($a_nat, $after+1, 0, array($natent));
+ else
+ $a_nat[] = $natent;
+ }
+
+ write_config();
+
+ sync_snort_package_config();
+
+ /* after click go to this page */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: snort_define_servers.php?id=$id");
+ exit;
+ }
+}
+
+$pgtitle = "Snort: Interface $id$if_real Define Servers";
+include_once("head.inc");
+
+?>
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include("fbegin.inc");
+if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+
+echo "{$snort_general_css}\n";
+?>
+
+<form action="snort_define_servers.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
+
+ /* Display Alert message */
+
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), true, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br>
+ Please save your settings before you click start.<br>
+ Please make sure there are <strong>no spaces</strong> in your
+ definitions. </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Define Servers</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_dns_servers"
+ type="text" class="formfld" id="def_dns_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_dns_ports"
+ type="text" class="formfld" id="def_dns_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 53.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_smtp_servers"
+ type="text" class="formfld" id="def_smtp_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_smtp_ports"
+ type="text" class="formfld" id="def_smtp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 25.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td>
+ <td width="78%" class="vtable"><input name="def_mail_ports"
+ type="text" class="formfld" id="def_mail_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 25,143,465,691.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_http_servers"
+ type="text" class="formfld" id="def_http_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_www_servers"
+ type="text" class="formfld" id="def_www_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_http_ports"
+ type="text" class="formfld" id="def_http_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 80.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_sql_servers"
+ type="text" class="formfld" id="def_sql_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_oracle_ports"
+ type="text" class="formfld" id="def_oracle_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 1521.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_mssql_ports"
+ type="text" class="formfld" id="def_mssql_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 1433.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_telnet_servers"
+ type="text" class="formfld" id="def_telnet_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_telnet_ports"
+ type="text" class="formfld" id="def_telnet_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 23.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_snmp_servers"
+ type="text" class="formfld" id="def_snmp_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_snmp_ports"
+ type="text" class="formfld" id="def_snmp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 161.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_ftp_servers"
+ type="text" class="formfld" id="def_ftp_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_ftp_ports"
+ type="text" class="formfld" id="def_ftp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 21.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_ssh_servers"
+ type="text" class="formfld" id="def_ssh_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_ssh_ports"
+ type="text" class="formfld" id="def_ssh_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is the firewall's SSH port.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_pop_servers"
+ type="text" class="formfld" id="def_pop_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_pop2_ports"
+ type="text" class="formfld" id="def_pop2_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 109.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_pop3_ports"
+ type="text" class="formfld" id="def_pop3_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 110.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_imap_servers"
+ type="text" class="formfld" id="def_imap_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_imap_ports"
+ type="text" class="formfld" id="def_imap_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 143.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td>
+ <td width="78%" class="vtable"><input name="def_sip_proxy_ip"
+ type="text" class="formfld" id="def_sip_proxy_ip" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_sip_proxy_ports"
+ type="text" class="formfld" id="def_sip_proxy_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_sip_servers"
+ type="text" class="formfld" id="def_sip_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_sip_ports"
+ type="text" class="formfld" id="def_sip_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_auth_ports"
+ type="text" class="formfld" id="def_auth_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 113.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_finger_ports"
+ type="text" class="formfld" id="def_finger_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 79.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_irc_ports"
+ type="text" class="formfld" id="def_irc_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_nntp_ports"
+ type="text" class="formfld" id="def_nntp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 119.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_rlogin_ports"
+ type="text" class="formfld" id="def_rlogin_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 513.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_rsh_ports"
+ type="text" class="formfld" id="def_rsh_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 514.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_ssl_ports"
+ type="text" class="formfld" id="def_ssl_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="id" type="hidden" value="<?=$id;?>">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click start. </td>
+ </tr>
+ </table>
+
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php
new file mode 100644
index 00000000..7c6ff65c
--- /dev/null
+++ b/config/snort-dev/snort_download_rules.php
@@ -0,0 +1,776 @@
+<?php
+/*
+ snort_download_rules.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Setup enviroment */
+require_once("guiconfig.inc");
+require_once("functions.inc");
+require_once("service-utils.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if ($_GET['return']) {
+ header("Location: /snort/snort_download_updates.php");
+ exit;
+}
+
+$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
+$snortdir = "/usr/local/etc/snort";
+$snortdir_wan = "/usr/local/etc/snort";
+$snort_filename_md5 = "{$snort_rules_file}.md5";
+$snort_filename = "{$snort_rules_file}";
+$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
+$emergingthreats_filename = "emerging.rules.tar.gz";
+$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
+$pfsense_rules_filename = "pfsense_rules.tar.gz";
+
+/* Time stamps define */
+$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
+$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
+
+/* define checks */
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snortdownload == 'off' && $emergingthreats != 'on')
+ $snort_emrging_info = 'stop';
+
+if ($oinkid == "" && $snortdownload != 'off')
+ $snort_oinkid_info = 'stop';
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+if (file_exists('/var/run/snort.conf.dirty'))
+ $snort_dirty_d = 'stop';
+
+$pgtitle = "Services: Snort: Update Rules";
+
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<form action="/snort/snort_download_updates.php" method="GET">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td ><!-- progress bar -->
+ <table id="progholder" width='320'
+ style='border-collapse: collapse; border: 1px solid #000000;'
+ cellpadding='2' cellspacing='2'>
+ <tr>
+ <td><img border='0'
+ src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif'
+ width='280' height='23' name='progressbar' id='progressbar'
+ alt='' />
+ </td>
+ </tr>
+ </table>
+ <br />
+ <!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
+ <?=gettext("Initializing...");?>
+ </textarea>
+ <!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
+ </textarea>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+</tr>
+<tr><td><input type="submit" Value="Return"></td></tr>
+</table>
+</form>
+<?php include("fend.inc");?>
+</body>
+</html>
+
+<?php
+/* Start of code */
+conf_mount_rw();
+
+if (!is_dir('/usr/local/etc/snort/tmp'))
+ exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
+
+$snort_md5_check_ok = 'off';
+$emerg_md5_check_ok = 'off';
+$pfsense_md5_check_ok = 'off';
+
+/* Set user agent to Mozilla */
+ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ini_set("memory_limit","150M");
+
+/* mark the time update started */
+$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
+
+/* send current buffer */
+ob_flush();
+
+/* hide progress bar */
+hide_progress_bar_status();
+
+/* send current buffer */
+ob_flush();
+
+/* remove old $tmpfname files */
+if (is_dir("{$tmpfname}")) {
+ update_status(gettext("Removing old tmp files..."));
+ exec("/bin/rm -r {$tmpfname}");
+ apc_clear_cache();
+}
+
+/* Make shure snortdir exits */
+exec("/bin/mkdir -p {$snortdir}");
+exec("/bin/mkdir -p {$snortdir}/rules");
+exec("/bin/mkdir -p {$snortdir}/signatures");
+exec("/bin/mkdir -p {$tmpfname}");
+exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
+
+/* send current buffer */
+ob_flush();
+
+/* unhide progress bar and lets end this party */
+unhide_progress_bar_status();
+
+$pfsensedownload = 'on';
+
+/* download md5 sig from snort.org */
+if ($snortdownload == 'on')
+{
+ if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
+ filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+ update_status(gettext("snort.org md5 temp file exists..."));
+ } else {
+ update_status(gettext("Downloading snort.org md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+
+ //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+ $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+ @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
+ update_status(gettext("Done downloading snort.org md5"));
+ }
+}
+
+/* download md5 sig from emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+ update_status(gettext("Downloading emergingthreats md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
+ $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');
+ @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
+ update_status(gettext("Done downloading emergingthreats md5"));
+}
+
+/* download md5 sig from pfsense.org */
+if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
+ update_status(gettext("pfsense md5 temp file exists..."));
+} else {
+ update_status(gettext("Downloading pfsense md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
+ $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
+ @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);
+ update_status(gettext("Done downloading pfsense md5."));
+}
+
+/* If md5 file is empty wait 15min exit */
+if ($snortdownload == 'on')
+{
+ if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))
+ {
+ update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
+ hide_progress_bar_status();
+ $snortdownload = 'off';
+ }
+}
+
+/* If pfsense md5 file is empty wait 15min exit */
+if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
+ update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released to support Pfsense packages."));
+ hide_progress_bar_status();
+ $pfsensedownload = 'off';
+}
+
+/* Check if were up to date snort.org */
+if ($snortdownload == 'on')
+{
+ if (file_exists("{$snortdir}/{$snort_filename_md5}"))
+ {
+ $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+ $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($md5_check_new == $md5_check_old)
+ {
+ update_status(gettext("Your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now, check update."));
+ hide_progress_bar_status();
+ $snort_md5_check_ok = 'on';
+ } else {
+ update_status(gettext("Your rules are not up to date..."));
+ $snort_md5_check_ok = 'off';
+ }
+ }
+}
+
+/* Check if were up to date emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+ if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))
+ {
+ $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
+ $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
+ $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($emerg_md5_check_new == $emerg_md5_check_old)
+ {
+ hide_progress_bar_status();
+ $emerg_md5_check_ok = 'on';
+ } else
+ $emerg_md5_check_ok = 'off';
+ }
+}
+
+/* Check if were up to date pfsense.org */
+if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+{
+ $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ if ($pfsense_md5_check_new == $pfsense_md5_check_old)
+ {
+ hide_progress_bar_status();
+ $pfsense_md5_check_ok = 'on';
+ } else
+ $pfsense_md5_check_ok = 'off';
+}
+
+if ($snortdownload == 'on') {
+ if ($snort_md5_check_ok == 'on')
+ {
+ update_status(gettext("Your snort.org rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ $snortdownload = 'off';
+ }
+}
+if ($emergingthreats == 'on') {
+ if ($emerg_md5_check_ok == 'on')
+ {
+ update_status(gettext("Your Emergingthreats rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ $emergingthreats = 'off';
+ }
+}
+
+/* download snortrules file */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ unhide_progress_bar_status();
+ update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ if (150000 > filesize("{$tmpfname}/$snort_filename")){
+ update_status(gettext("Error with the snort rules download..."));
+
+ update_output_window(gettext("Snort rules file downloaded failed..."));
+ $snortdownload = 'off';
+ }
+ }
+ }
+}
+
+/* download emergingthreats rules file */
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext('Emergingthreats tar file exists...'));
+ }else{
+ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
+ update_status(gettext('Done downloading Emergingthreats rules file.'));
+ }
+ }
+}
+
+/* download pfsense rules file */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ unhide_progress_bar_status();
+ update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ }
+}
+
+/* Compair md5 sig to file sig */
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk == on) {
+//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md5 == $file_md5_ondisk) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// return;
+// }
+//}
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk != on) {
+//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
+//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md55 == $file_md5_ondisk2) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// return;
+// }
+//}
+
+/* Untar snort rules file individually to help people with low system specs */
+if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+
+ // find out if were in 1.2.3-RELEASE
+ $pfsense_ver_chk = exec('/bin/cat /etc/version');
+ if ($pfsense_ver_chk === '1.2.3-RELEASE') {
+ $pfsense_stable = 'yes';
+ }else{
+ $pfsense_stable = 'no';
+ }
+
+ // get the system arch
+ $snort_arch_ck = exec('/usr/bin/uname -m');
+ if ($snort_arch_ck === 'i386') {
+ $snort_arch = 'i386';
+ }else{
+ $snort_arch = 'x86-64'; // amd64
+ }
+
+ if ($pfsense_stable === 'yes') {
+ $freebsd_version_so = 'FreeBSD-7-3';
+ }else{
+ $freebsd_version_so = 'FreeBSD-8-1';
+ }
+
+ update_status(gettext("Extracting Snort.org rules..."));
+ update_output_window(gettext("May take a while..."));
+ /* extract snort.org rules and add prefix to all snort.org files*/
+ exec("/bin/rm -r {$snortdir}/rules");
+ sleep(2);
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ chdir ("/usr/local/etc/snort/rules");
+ sleep(2);
+
+ $snort_dirList = scandir("{$snortdir}/rules"); // Waning: only in php 5
+ $snortrules_filterList = snortscandirfilter($snort_dirList, '/.*\.rules/', '/\.rules/', '');
+
+ if (!empty($snortrules_filterList)) {
+ foreach ($snortrules_filterList as $snort_rule_move)
+ {
+ exec("/bin/mv -f {$snortdir}/rules/{$snort_rule_move}.rules {$snortdir}/rules/snort_{$snort_rule_move}.rules");
+ }
+ }
+
+ /* extract so_rules */
+
+ // list so_rules and exclude dir
+ exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list);
+
+ $so_rulesPattr = array('/\//', '/\.rules/');
+ $so_rulesPattw = array('', '');
+
+ // build list of so_rules
+ $so_rules_filterList = snortscandirfilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
+
+ if (!empty($so_rules_filterList)) {
+ // cp rule to so tmp dir
+ foreach ($so_rules_filterList as $so_rule)
+ {
+
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/{$so_rule}.rules");
+
+ }
+ // mv and rename so rules
+ foreach ($so_rules_filterList as $so_rule_move)
+ {
+ exec("/bin/mv -f {$snortdir}/so_rules/{$so_rule_move}.rules {$snortdir}/rules/snort_{$so_rule_move}.so.rules");
+ }
+ }
+
+ /* extract preproc_rules */
+
+ // list so_rules and exclude dir
+ exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} preproc_rules", $preproc_rules_list);
+
+ $preproc_rules_filterList = snortscandirfilter($preproc_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
+
+ if (!empty($preproc_rules_filterList)) {
+ // cp rule to so tmp dir
+ foreach ($preproc_rules_filterList as $preproc_rule)
+ {
+
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} preproc_rules/{$preproc_rule}.rules");
+
+ }
+ // mv and rename preproc_rules
+ foreach ($preproc_rules_filterList as $preproc_rule_move)
+ {
+ exec("/bin/mv -f {$snortdir}/preproc_rules/{$preproc_rule_move}.rules {$snortdir}/rules/snort_{$preproc_rule_move}.preproc.rules");
+ }
+ }
+
+ /* extract base etc files */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ update_status(gettext("Done extracting Snort.org Rules."));
+ }else{
+ update_status(gettext("Error extracting Snort.org Rules..."));
+ update_output_window(gettext("Error Line 755"));
+ $snortdownload = 'off';
+ }
+}
+
+/* Untar emergingthreats rules to tmp */
+if ($emergingthreats == 'on')
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext("Extracting rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
+ }
+ }
+}
+
+/* Untar Pfsense rules to tmp */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Extracting Pfsense rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
+ }
+}
+
+/* Untar snort signatures */
+if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == 'on') {
+ update_status(gettext("Extracting Signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
+ update_status(gettext("Done extracting Signatures."));
+ }
+ }
+}
+
+/* Copy md5 sig to snort dir */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }else{
+ update_status(gettext("The md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $snortdownload = 'off';
+ }
+ }
+}
+
+/* Copy emergingthreats md5 sig to snort dir */
+if ($emergingthreats == "on")
+{
+ if ($emerg_md5_check_ok != 'on')
+ {
+ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
+ {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+ }else{
+ update_status(gettext("The emergingthreats md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $emergingthreats = 'off';
+ }
+ }
+}
+
+/* Copy Pfsense md5 sig to snort dir */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
+ update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
+ } else {
+ update_status(gettext("The Pfsense md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ $pfsensedownload = 'off';
+ }
+}
+
+/* Copy signatures dir to snort dir */
+if ($snortdownload == 'on')
+{
+ if ($snort_md5_check_ok != 'on')
+ {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == 'on')
+ {
+ if (file_exists("{$snortdir}/doc/signatures")) {
+ update_status(gettext("Copying signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
+ update_status(gettext("Done copying signatures."));
+ }else{
+ update_status(gettext("Directory signatures exist..."));
+ update_output_window(gettext("Error copying signature..."));
+ $snortdownload = 'off';
+ }
+ }
+ }
+}
+
+/* double make shure cleanup emerg rules that dont belong */
+if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
+ apc_clear_cache();
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
+}
+
+if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+}
+
+/* make shure default rules are in the right format */
+exec("/usr/bin/sed -i '' 's/^[ \t]*//' /usr/local/etc/snort/rules/*.rules"); // remove white spaces from begining of line
+exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
+
+/* create a msg-map for snort */
+update_status(gettext("Updating Alert Messages..."));
+update_output_window(gettext("Please Wait..."));
+exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
+
+
+//////////////////
+
+/* open oinkmaster_conf for writing" function */
+function oinkmaster_conf($id, $if_real, $iface_uuid)
+{
+ global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
+
+ /* enable disable setting will carry over with updates */
+ /* TODO carry signature changes with the updates */
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+
+ $selected_sid_on_sections = "";
+ $selected_sid_off_sections = "";
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+ $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
+ $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+ foreach($enabled_sid_on_array as $enabled_item_on)
+ $selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
+ $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+ foreach($enabled_sid_off_array as $enabled_item_off)
+ $selected_sid_off_sections .= "$enabled_item_off\n";
+ }
+
+ if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) {
+ $snort_sid_text = <<<EOD
+
+###########################################
+# #
+# this is auto generated on snort updates #
+# #
+###########################################
+
+path = /bin:/usr/bin:/usr/local/bin
+
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+url = dir:///usr/local/etc/snort/rules
+
+$selected_sid_on_sections
+
+$selected_sid_off_sections
+
+EOD;
+
+ /* open snort's oinkmaster.conf for writing */
+ @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
+ }
+ }
+}
+
+/* Run oinkmaster to snort_wan and cp configs */
+/* If oinkmaster is not needed cp rules normally */
+/* TODO add per interface settings here */
+function oinkmaster_run($id, $if_real, $iface_uuid)
+{
+ global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+ if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+ if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ update_status(gettext("Your first set of rules are being copied..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ } else {
+ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+ }
+ }
+}
+
+/* Start the proccess for every interface rule */
+/* TODO: try to make the code smother */
+if (is_array($config['installedpackages']['snortglobal']['rule']))
+{
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
+ $result_lan = $value['interface'];
+ $if_real = snort_get_real_interface($result_lan);
+ $iface_uuid = $value['uuid'];
+
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf($id, $if_real, $iface_uuid);
+
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run($id, $if_real, $iface_uuid);
+ }
+}
+
+//////////////
+
+/* mark the time update finnished */
+$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
+
+/* remove old $tmpfname files */
+if (is_dir('/usr/local/etc/snort/tmp')) {
+ update_status(gettext("Cleaning up..."));
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
+ sleep(2);
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
+}
+
+/* XXX: These are needed if snort is run as snort user
+mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);
+*/
+/* make all dirs snorts */
+mwexec("/bin/chmod -R 755 /var/log/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true);
+mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true);
+
+/* hide progress bar and lets end this party */
+hide_progress_bar_status();
+
+if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
+ update_output_window(gettext("Finished..."));
+else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')
+ update_output_window(gettext("Finished..."));
+else {
+ /* You are Not Up to date, always stop snort when updating rules for low end machines */;
+ update_status(gettext("You are NOT up to date..."));
+ exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
+ update_status(gettext("The Rules update finished..."));
+ update_output_window(gettext("Snort has restarted with your new set of rules..."));
+ exec("/bin/rm /tmp/snort_download_halt.pid");
+}
+
+update_status(gettext("The Rules update finished..."));
+conf_mount_ro();
+
+?>
diff --git a/config/snort-dev/snort_download_updates.php b/config/snort-dev/snort_download_updates.php
new file mode 100644
index 00000000..e902cd64
--- /dev/null
+++ b/config/snort-dev/snort_download_updates.php
@@ -0,0 +1,322 @@
+<?php
+/*
+ snort_download_updates.php
+ part of pfSense
+ Copyright (C) 2004 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ part of m0n0wall as reboot.php (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+/* load only javascript that is needed */
+$snort_load_jquery = 'yes';
+$snort_load_jquery_colorbox = 'yes';
+
+
+/* quick md5s chk */
+$snort_org_sig_chk_local = 'N/A';
+if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5"))
+ $snort_org_sig_chk_local = exec("/bin/cat /usr/local/etc/snort/{$snort_rules_file}.md5");
+
+$emergingt_net_sig_chk_local = 'N/A';
+if(file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5'))
+ $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/emerging.rules.tar.gz.md5');
+
+$pfsense_org_sig_chk_local = 'N/A';
+if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5'))
+ $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5');
+
+/* define checks */
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snortdownload != 'on' && $emergingthreats != 'on')
+ $snort_emrging_info = 'stop';
+
+if ($oinkid == '' && $snortdownload != 'off')
+ $snort_oinkid_info = 'stop';
+
+if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop')
+ $error_stop = 'true';
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+/* check for logfile */
+$update_logfile_chk = 'no';
+if (file_exists('/usr/local/etc/snort/snort_update.log'))
+ $update_logfile_chk = 'yes';
+
+header("snort_help_info.php");
+header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );
+header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" );
+header( "Cache-Control: no-cache, must-revalidate" );
+header( "Pragma: no-cache" );
+
+
+$pgtitle = "Services: Snort: Updates";
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+echo "{$snort_general_css}\n";
+echo "$snort_interfaces_css\n";
+?>
+
+<?php include("fbegin.inc"); ?>
+
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea3">
+ <table id="maintable4" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td><!-- grey line -->
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #dddddd'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style="background-color: #eeeeee">
+ <div height="32" width="725px" style="background-color: #eeeeee">
+
+ <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br>
+ <br>
+ <p style="text-align: left; margin-left: 225px;"><font
+ color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font
+ size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br>
+ <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font
+ size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br>
+ <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font
+ size="1px" color="#000000">&nbsp;&nbsp;<? echo $pfsense_org_sig_chk_local; ?></font><br>
+ </p>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <!-- grey line -->
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br>
+ <br>
+
+ <?php
+
+ if ($error_stop == 'true') {
+ echo '
+
+ <button class="sexybutton disabled" disabled="disabled"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button><br/>
+ <p style="text-align:left; margin-left:150px;">
+ <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;No rule types have been selected for download. "Global Settings Tab"</font><br>';
+
+ if ($mfolder_chk == 'empty') {
+
+ echo '
+ <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;The main rules directory is empty. /usr/local/etc/snort/rules</font>' ."\n";
+ }
+
+ echo '</p>' . "\n";
+
+ }else{
+
+ echo '
+
+ <a href="/snort/snort_download_rules.php"><button class="sexybutton disabled"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button></a><br/>' . "\n";
+
+ if ($mfolder_chk == 'empty') {
+
+ echo '
+ <p style="text-align:left; margin-left:150px;">
+ <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;The main rules directory is empty. /usr/local/etc/snort/rules</font>
+ </p>';
+ }
+
+ }
+
+ ?> <br>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br>
+ <br>
+
+ <?php
+
+ if ($update_logfile_chk == 'yes') {
+ echo '
+ <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>' . "\n";
+ }else{
+ echo '
+ <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>' . "\n";
+ }
+
+ ?> <br>
+ <br>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <img style='vertical-align: middle'
+ src="/snort/images/icon_excli.png" width="40" height="32"> <font
+ color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px'
+ color='#000000'>&nbsp;&nbsp;Snort.org and Emergingthreats.net
+ will go down from time to time. Please be patient.</font></div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ </td>
+ </tr>
+ </table>
+ </div>
+
+
+
+
+
+ <br>
+ </td>
+ </tr>
+</table>
+<!-- end of final table --></div>
+
+<?php include("fend.inc"); ?>
+
+<?php echo "$snort_custom_rnd_box\n"; ?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_gui.inc b/config/snort-dev/snort_gui.inc
new file mode 100644
index 00000000..d2fd4e30
--- /dev/null
+++ b/config/snort-dev/snort_gui.inc
@@ -0,0 +1,203 @@
+<?php
+/* $Id$ */
+/*
+ snort.inc
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2006 Robert Zelaya
+ part of pfSense
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+include_once("/usr/local/pkg/snort/snort.inc");
+
+function print_info_box_np2($msg) {
+ global $config, $g;
+
+ echo "<table height=\"32\" width=\"100%\">\n";
+ echo " <tr>\n";
+ echo " <td>\n";
+ echo " <div style='background-color:#990000' id='redbox'>\n";
+ echo " <table width='100%'><tr><td width='8%'>\n";
+ echo " &nbsp;&nbsp;&nbsp;<img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n";
+ echo " </td>\n";
+ echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n";
+ echo " </td>";
+ if(stristr($msg, "apply") == true) {
+ echo " <td>";
+ echo " <input name=\"apply\" type=\"submit\" class=\"formbtn\" id=\"apply\" value=\"Apply changes\">\n";
+ echo " </td>";
+ }
+ echo " </tr></table>\n";
+ echo " </div>\n";
+ echo " </td>\n";
+ echo "</table>\n";
+ echo "<script type=\"text/javascript\">\n";
+ echo "NiftyCheck();\n";
+ echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\");\n";
+ echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n";
+ echo "</script>\n";
+ echo "\n<br>\n";
+
+
+}
+
+
+/* makes boxes round */
+/* load at bottom */
+
+$snort_custom_rnd_box = '
+<script type="text/javascript">
+<!--
+
+ NiftyCheck();
+ Rounded("div#mainarea2","bl br tr","#FFF","#dddddd","smooth");
+ Rounded("div#mainarea3","bl br tr","#FFF","#dddddd","smooth");
+ Rounded("div#mainarea4","all","#FFF","#dddddd","smooth");
+ Rounded("div#mainarea5","all","#eeeeee","#dddddd","smooth");
+
+//-->
+</script>' . "\n";
+
+/* general css code */
+$snort_general_css = '
+
+<style type="text/css">
+
+.alert {
+ position:absolute;
+ top:10px;
+ left:0px;
+ width:94%;
+ height:90%;
+
+background:#FCE9C0;
+background-position: 15px;
+border-top:2px solid #DBAC48;
+border-bottom:2px solid #DBAC48;
+padding: 15px 10px 85% 50px;
+}
+
+.formpre {
+font-family:arial;
+font-size: 1.1em;
+}
+
+#download_rules {
+font-family: arial;
+font-size: 13px;
+font-weight: bold;
+text-align: center
+}
+
+#download_rules_td {
+font-family: arial;
+font-size: 13px;
+font-weight: bold;
+text-align: center
+}
+
+body2 {
+font-family:arial;
+font-size:12px;
+}
+
+.tabcont {
+background-color: #dddddd;
+padding-right: 12px;
+padding-left: 12px;
+padding-top: 12px;
+padding-bottom: 12px;
+}
+
+.tabcont2 {
+background-color: #eeeeee;
+padding-right: 12px;
+padding-left: 12px;
+padding-top: 12px;
+padding-bottom: 12px;
+}
+
+.vncell2 {
+ background-color: #eeeeee;
+ padding-right: 20px;
+ padding-left: 8px;
+ border-bottom: 1px solid #999999;
+}
+
+/* global tab, white lil box */
+.vncell3 {
+ width: 50px;
+ background-color: #eeeeee;
+ padding-right: 2px;
+ padding-left: 2px;
+ border-bottom-width: 1px;
+ border-bottom-style: solid;
+ border-bottom-color: #999999;
+}
+
+.vncellreq2 {
+background-color: #eeeeee;
+padding-right: 20px;
+padding-left: 8px;
+font-weight: bold;
+border-bottom-width: 1px;
+border-bottom-style: solid;
+border-bottom-color: #999999;
+}
+
+</style> ' . "\n";
+
+
+/* general css code for snort_interface.php */
+$snort_interfaces_css = '
+
+<style type="text/css">
+
+.listbg2 {
+ border-right: 1px solid #999999;
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+ background-color: #090;
+ color: #000;
+ padding-right: 16px;
+ padding-left: 6px;
+ padding-top: 4px;
+ padding-bottom: 4px;
+}
+
+.listbg3 {
+ border-right: 1px solid #999999;
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+ background-color: #777777;
+ color: #000;
+ padding-right: 16px;
+ padding-left: 6px;
+ padding-top: 4px;
+ padding-bottom: 4px;
+}
+
+</style>' . "\n";
+
+?>
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
new file mode 100644
index 00000000..86a9aff6
--- /dev/null
+++ b/config/snort-dev/snort_interfaces.php
@@ -0,0 +1,437 @@
+<?php
+/* $Id$ */
+/*
+
+originally part of m0n0wall (http://m0n0.ch/wall)
+Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+Copyright (C) 2008-2009 Robert Zelaya.
+Copyright (C) 2011 Ermal Luci
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$nocsrf = true;
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+$id_gen = count($config['installedpackages']['snortglobal']['rule']);
+
+if (isset($_POST['del_x'])) {
+ /* delete selected rules */
+ if (is_array($_POST['rule'])) {
+ conf_mount_rw();
+ foreach ($_POST['rule'] as $rulei) {
+
+ /* convert fake interfaces to real */
+ $if_real = snort_get_real_interface($a_nat[$rulei]['interface']);
+ $snort_uuid = $a_nat[$rulei]['uuid'];
+
+ Running_Stop($snort_uuid,$if_real, $rulei);
+
+ unset($a_nat[$rulei]);
+ }
+ conf_mount_ro();
+
+ write_config();
+ sleep(2);
+
+ /* if there are no ifaces do not create snort.sh */
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
+ create_snort_sh();
+ else {
+ conf_mount_rw();
+ exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
+ conf_mount_ro();
+ }
+
+ sync_snort_package_config();
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+ }
+
+}
+
+
+/* start/stop snort */
+if ($_GET['act'] == 'toggle' && is_numeric($id)) {
+
+ $if_real = snort_get_real_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'");
+
+ sync_snort_package_config();
+
+ $tester2 = Running_Ck($snort_uuid, $if_real, $id);
+
+ if ($tester2 == 'yes') {
+ Running_Stop($snort_uuid, $if_real, $id);
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+
+ } else {
+ Running_Start($snort_uuid, $if_real, $id);
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ }
+ sleep(4); // So the GUI reports correctly
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+
+$pgtitle = "Services: $snort_package_version";
+include_once("head.inc");
+
+?>
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+echo "{$snort_general_css}\n";
+echo "$snort_interfaces_css\n";
+
+include_once("fbegin.inc");
+if ($pfsense_stable == 'yes')
+ echo '<p class="pgtitle">' . $pgtitle . '</p>';
+?>
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<?php
+ /* Display Alert message */
+ if ($input_errors)
+ print_input_errors($input_errors); // TODO: add checks
+
+ if ($savemsg)
+ print_info_box2($savemsg);
+
+ //if (file_exists($d_snortconfdirty_path)) {
+ if ($d_snortconfdirty_path_ls != '') {
+ echo '<p>';
+
+ if($savemsg)
+ print_info_box_np2("{$savemsg}");
+ else {
+ print_info_box_np2('
+ The Snort configuration has changed for one or more interfaces.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea2">
+ <table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="list">&nbsp;</td>
+ <td width="1%" class="list">&nbsp;</td>
+ <td width="10%" class="listhdrr">If</td>
+ <td width="10%" class="listhdrr">Snort</td>
+ <td width="10%" class="listhdrr">Performance</td>
+ <td width="10%" class="listhdrr">Block</td>
+ <td width="10%" class="listhdrr">Barnyard2</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="3%" class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
+ <tr valign="top" id="fr<?=$nnats;?>">
+ <?php
+
+ /* convert fake interfaces to real and check if iface is up */
+ /* There has to be a smarter way to do this */
+ $if_real = snort_get_real_interface($natent['interface']);
+ $snort_uuid = $natent['uuid'];
+
+ $tester2 = Running_Ck($snort_uuid, $if_real, $id);
+
+ if ($tester2 == 'no') {
+ $iconfn = 'pass';
+ $class_color_up = 'listbg';
+ }else{
+ $class_color_up = 'listbg2';
+ $iconfn = 'block';
+ }
+
+ ?>
+ <td class="listt">
+ <a href="?act=toggle&id=<?=$i;?>">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif"
+ width="13" height="13" border="0"
+ title="click to toggle start/stop snort"></a>
+ <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
+ <td class="listt" align="center"></td>
+ <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ echo snort_get_friendly_interface($natent['interface']);
+ ?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
+ if ($check_snort_info == "on")
+ {
+ $check_snort = enabled;
+ } else {
+ $check_snort = disabled;
+ }
+ ?> <?=strtoupper($check_snort);?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance'];
+ if ($check_performance_info != "") {
+ $check_performance = $check_performance_info;
+ }else{
+ $check_performance = "lowmem";
+ }
+ ?> <?=strtoupper($check_performance);?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
+ if ($check_blockoffenders_info == "on")
+ {
+ $check_blockoffenders = enabled;
+ } else {
+ $check_blockoffenders = disabled;
+ }
+ ?> <?=strtoupper($check_blockoffenders);?></td>
+ <?php
+
+ $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id);
+
+ if ($color2_upb == 'yes') {
+ $class_color_upb = 'listbg2';
+ }else{
+ $class_color_upb = 'listbg';
+ }
+
+ ?>
+ <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
+ if ($check_snortbarnyardlog_info == "on")
+ {
+ $check_snortbarnyardlog = strtoupper(enabled);
+ }else{
+ $check_snortbarnyardlog = strtoupper(disabled);
+ }
+ ?> <?php echo "$check_snortbarnyardlog";?></td>
+ <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" class="list" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit rule"></a></td>
+ </tr>
+ </table>
+
+ </tr>
+ <?php $i++; $nnats++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="8"></td>
+ <td class="list" valign="middle" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><?php if ($nnats == 0): ?><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
+ width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input
+ name="del" type="image"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" title="delete selected mappings"
+ onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+<br>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <div id="mainarea4">
+ <table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <tr id="frheader">
+ <td width="100%"><span class="red"><strong>Note:</strong></span> <br>
+ This is the <strong>Snort Menu</strong> where you can see an over
+ view of all your interface settings. <br>
+ Please edit the <strong>Global Settings</strong> tab before adding
+ an interface. <br>
+ <br>
+ <span class="red"><strong>Warning:</strong></span> <br>
+ <strong>New settings will not take effect until interface restart.</strong>
+ <br>
+ <br>
+ <strong>Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="Add Icon"> icon to add a
+ interface.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong>
+ on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif"
+ width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong>
+ snort and barnyard2. <br>
+ <strong>Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="Edit Icon"> icon to edit a
+ interface and settings.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong>
+ on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
+ width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong>
+ snort and barnyard2. <br>
+ <strong> Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="Delete Icon"> icon to
+ delete a interface and settings.</td>
+ </tr>
+ </table>
+ </div>
+
+ </tr>
+ </td>
+</table>
+
+ <?php
+ if ($pkg['tabs'] <> "") {
+ echo "</td></tr></table>";
+ }
+ ?></form>
+</div>
+
+<br>
+<br>
+<br>
+
+<style type="text/css">
+#footer2 {
+ position: relative;
+ background-color: transparent;
+ background-image: url("./images/logo22.png");
+ background-repeat: no-repeat;
+ background-attachment: scroll;
+ background-position: 0% 0%;
+ top: 10px;
+ left: 0px;
+ width: 770px;
+ height: 60px;
+ color: #000000;
+ text-align: center;
+ font-size: 0.8em;
+ padding-top: 40px;
+ margin-bottom: -35px;
+ clear: both;
+}
+</style>
+
+<div id="footer2">SNORT registered � by Sourcefire, Inc, Barnyard2
+registered � by securixlive.com, Orion registered � by Robert Zelaya,
+Emergingthreats registered � by emergingthreats.net, Mysql registered �
+by Mysql.com</div>
+<!-- Footer DIV -->
+
+ <?php
+
+ include("fend.inc");
+
+ echo $snort_custom_rnd_box;
+
+ ?>
+
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
new file mode 100644
index 00000000..f3d96848
--- /dev/null
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -0,0 +1,733 @@
+<?php
+/*
+ snort_interfaces_edit.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (isset($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
+}
+
+
+/* always have a limit of (65535) numbers only or snort will not start do to id limits */
+/* TODO: When inline gets added make the uuid the port number lisstening */
+$pconfig = array();
+
+/* gen uuid for each iface !inportant */
+if (empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+ $snort_uuid = 0;
+ while ($snort_uuid > 65535 || $snort_uuid == 0) {
+ $snort_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $snort_uuid;
+ }
+} else {
+ $snort_uuid = $a_nat[$id]['uuid'];
+ $pconfig['uuid'] = $snort_uuid;
+}
+
+if (isset($id) && $a_nat[$id]) {
+
+ /* old options */
+ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
+ $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
+ $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
+ $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
+ $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
+ $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
+ $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
+ $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
+ $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
+ $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
+ $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
+ $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
+ $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
+ $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
+ $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
+ $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
+ $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
+ $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
+ $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
+ $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
+ $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
+ $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
+ $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
+ $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers'];
+ $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
+ $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
+ $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
+ $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
+ $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
+ $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
+ $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
+ $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
+ $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
+ $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
+ $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['descr'] = $a_nat[$id]['descr'];
+ $pconfig['performance'] = $a_nat[$id]['performance'];
+ $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
+ $pconfig['blockoffenderskill'] = $a_nat[$id]['blockoffenderskill'];
+ $pconfig['blockoffendersip'] = $a_nat[$id]['blockoffendersip'];
+ $pconfig['whitelistname'] = $a_nat[$id]['whitelistname'];
+ $pconfig['homelistname'] = $a_nat[$id]['homelistname'];
+ $pconfig['externallistname'] = $a_nat[$id]['externallistname'];
+ $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname'];
+ $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype'];
+ $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
+ $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
+ $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+ $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']);
+ $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+ $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
+ $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
+
+
+ if (!$pconfig['interface'])
+ $pconfig['interface'] = "wan";
+ } else
+ $pconfig['interface'] = "wan";
+
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+
+if (isset($_GET['dup']))
+ unset($id);
+
+ /* alert file */
+ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
+ if ($_POST["Submit"]) {
+
+ if ($_POST['descr'] == '' && $pconfig['descr'] == '') {
+ $input_errors[] = "Please enter a description for your reference.";
+ }
+
+ if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+
+ $result_lan = $value['interface'];
+ $if_real = snort_get_real_interface($result_lan);
+
+ if ($_POST['interface'] == $result_lan)
+ $input_errors[] = "Interface $result_lan is in use. Please select another interface.";
+ }
+ }
+
+ /* XXX: Void code
+ * check for overlaps
+ foreach ($a_nat as $natent) {
+ if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
+ continue;
+ if ($natent['interface'] != $_POST['interface'])
+ continue;
+ }
+ */
+
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ $natent = array();
+
+ /* write to conf for 1st time or rewrite the answer */
+ if ($_POST['interface'])
+ $natent['interface'] = $_POST['interface'];
+
+ /* if post write to conf or rewite the answer */
+ $natent['enable'] = $_POST['enable'] ? 'on' : 'off';
+ $natent['uuid'] = $pconfig['uuid'];
+ $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr'];
+ $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance'];
+ /* if post = on use on off or rewrite the conf */
+ if ($_POST['blockoffenders7'] == "on")
+ $natent['blockoffenders7'] = 'on';
+ else
+ $natent['blockoffenders7'] = 'off';
+ if ($_POST['blockoffenderskill'] == "on")
+ $natent['blockoffenderskill'] = 'on';
+ if ($_POST['blockoffendersip'])
+ $natent['blockoffendersip'] = $_POST['blockoffendersip'];
+
+ $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname'];
+ $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname'];
+ $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname'];
+ $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname'];
+ $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype'];
+ if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
+ if ($_POST['enable']) { $natent['enable'] = 'on'; } else unset($natent['enable']);
+ if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; }
+ if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; }
+ $natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru'];
+ /* if optiion = 0 then the old descr way will not work */
+
+ /* rewrite the options that are not in post */
+ /* make shure values are set befor repost or conf.xml will be broken */
+ if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
+ if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
+ if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
+ if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
+ if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
+ if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
+ if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
+ if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
+ if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
+ if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
+ if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
+ if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['def_sip_servers'] != "") { $natent['def_sip_servers'] = $pconfig['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; }
+ if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
+ if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
+
+
+ $if_real = snort_get_real_interface($natent['interface']);
+
+ if (isset($id) && $a_nat[$id]) {
+ if ($natent['interface'] != $a_nat[$id]['interface'])
+ Running_Stop($snort_uuid, $if_real, $id);
+ $a_nat[$id] = $natent;
+ } else {
+ if (is_numeric($after))
+ array_splice($a_nat, $after+1, 0, array($natent));
+ else
+ $a_nat[] = $natent;
+ }
+
+ write_config();
+
+ sync_snort_package_config();
+ sleep(1);
+
+ /* if snort.sh crashed this will remove the pid */
+ exec('/bin/rm /tmp/snort.sh.pid');
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces.php");
+
+ exit;
+ }
+ }
+
+ if ($_POST["Submit2"]) {
+
+ sync_snort_package_config();
+ sleep(1);
+
+ Running_Start($snort_uuid, $if_real, $id);
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces_edit.php?id=$id");
+ exit;
+ }
+
+$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php
+ include("fbegin.inc");
+ echo "{$snort_general_css}\n";
+?>
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content</strong></div>
+</noscript>
+<script language="JavaScript">
+<!--
+
+function enable_blockoffenders() {
+ var endis = !(document.iform.blockoffenders7.checked);
+ document.iform.blockoffenderskill.disabled=endis;
+ document.iform.blockoffendersip.disabled=endis;
+}
+
+function enable_change(enable_change) {
+ endis = !(document.iform.enable.checked || enable_change);
+ // make shure a default answer is called if this is envoked.
+ endis2 = (document.iform.enable);
+ document.iform.performance.disabled = endis;
+ document.iform.blockoffenders7.disabled = endis;
+ document.iform.alertsystemlog.disabled = endis;
+ document.iform.externallistname.disabled = endis;
+ document.iform.homelistname.disabled = endis;
+ document.iform.suppresslistname.disabled = endis;
+ document.iform.tcpdumplog.disabled = endis;
+ document.iform.snortunifiedlog.disabled = endis;
+ document.iform.configpassthru.disabled = endis;
+}
+//-->
+</script>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<?php
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ //if (file_exists($d_snortconfdirty_path)) {
+ if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
+ echo '<p>';
+
+ if($savemsg)
+ print_info_box_np2("{$savemsg}");
+ else {
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td class="tabnavtbl">
+ <?php
+ if ($a_nat[$id]['interface'] != '') {
+ /* get the interface name */
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_array = split(',', $if_list);
+ if($if_array) {
+ foreach($if_array as $iface2) {
+ /* build a list of user specified interfaces -gtm */
+ $if2 = snort_get_real_interface($iface2);
+ if ($if2)
+ array_push($snortInterfaces, $if2);
+ }
+
+ if (count($snortInterfaces) < 1)
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ }
+
+ }
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Enable</td>
+ <td width="22%" valign="top" class="vtable">&nbsp; <?php
+ // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
+ // care with spaces
+ if ($pconfig['enable'] == "on")
+ $checked = checked;
+
+ $onclick_enable = "onClick=\"enable_change(false)\">";
+
+ echo "
+ <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable
+ &nbsp;&nbsp;Enable or Disable</td>\n\n";
+ ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formfld">
+ <?php
+ if (function_exists('get_configured_interface_with_descr'))
+ $interfaces = get_configured_interface_with_descr();
+ else {
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>"
+ <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Description</td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ class="formfld" id="descr" size="40"
+ value="<?=htmlspecialchars($pconfig['descr']);?>"> <br>
+ <span class="vexpl">You may enter a description here for your
+ reference (not parsed).</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Memory Performance</td>
+ <td width="78%" class="vtable"><select name="performance"
+ class="formfld" id="performance">
+ <?php
+ $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS');
+ foreach ($interfaces2 as $iface2 => $ifacename2): ?>
+ <option value="<?=$iface2;?>"
+ <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename2);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Lowmem and ac-bnfa are recommended for low end
+ systems, Ac: high memory, best performance, ac-std: moderate
+ memory,high performance, acs: small memory, moderateperformance,
+ ac-banded: small memory,moderate performance, ac-sparsebands: small
+ memory, high performance.<br>
+ </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Choose the networks
+ snort should inspect and whitelist.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Home net</td>
+ <td width="78%" class="vtable"><select name="homelistname"
+ class="formfld" id="homelistname">
+ <?php
+ echo "<option value='default' >default</option>";
+ /* find whitelist names and filter by type */
+ if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+ if ($value['snortlisttype'] == 'netlist') {
+ $ilistname = $value['name'];
+ if ($ilistname == $pconfig['homelistname'])
+ echo "<option value='$ilistname' selected>";
+ else
+ echo "<option value='$ilistname'>";
+ echo htmlspecialchars($ilistname) . '</option>';
+ }
+ }
+ }
+ ?>
+ </select><br>
+ <span class="vexpl">Choose the home net you will like this rule to
+ use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default home
+ net adds only local networks.<br>
+ <span class="red">Hint:</span>&nbsp;Most users add a list of
+ friendly ips that the firewall cant see.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">External net</td>
+ <td width="78%" class="vtable"><select name="externallistname"
+ class="formfld" id="externallistname">
+ <?php
+ echo "<option value='default' >default</option>";
+ /* find whitelist names and filter by type */
+ if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+ if ($value['snortlisttype'] == 'netlist') {
+ $ilistname = $value['name'];
+ if ($ilistname == $pconfig['externallistname'])
+ echo "<option value='$ilistname' selected>";
+ else
+ echo "<option value='$ilistname'>";
+ echo htmlspecialchars($ilistname) . '</option>';
+ }
+ }
+ }
+ ?>
+ </select><br/>
+ <span class="vexpl">Choose the external net you will like this rule
+ to use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default
+ external net, networks that are not home net.<br>
+ <span class="red">Hint:</span>&nbsp;Most users should leave this
+ setting at default.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Block offenders</td>
+ <td width="78%" class="vtable">
+ <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on"
+ <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?>
+ onClick="enable_blockoffenders()"><br>
+ Checking this option will automatically block hosts that generate a
+ Snort alert.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Kill states</td>
+ <td width="78%" class="vtable">
+ <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>>
+ <br/>Should firewall states be killed for the blocked ip
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Which ip to block</td>
+ <td width="78%" class="vtable">
+ <select name="blockoffendersip" class="formfld" id="blockoffendersip">
+ <?php
+ foreach (array("src", "dst", "both") as $btype) {
+ if ($btype == $pconfig['blockoffendersip'])
+ echo "<option value='{$btype}' selected>";
+ else
+ echo "<option value='{$btype}'>";
+ echo htmlspecialchars($btype) . '</option>';
+ }
+ ?>
+ </select>
+ <br/> Which ip extracted from the packet you want to block
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Whitelist</td>
+ <td width="78%" class="vtable">
+ <select name="whitelistname" class="formfld" id="whitelistname">
+ <?php
+ /* find whitelist names and filter by type, make sure to track by uuid */
+ echo "<option value='default' >default</option>\n";
+ if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) {
+ if ($value['snortlisttype'] == 'whitelist') {
+ if ($value['name'] == $pconfig['whitelistname'])
+ echo "<option value='{$value['name']}' selected>";
+ else
+ echo "<option value='{$value['name']}'>";
+ echo htmlspecialchars($value['name']) . '</option>';
+ }
+ }
+ }
+ ?>
+ </select><br>
+ <span class="vexpl">Choose the whitelist you will like this rule to
+ use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default
+ whitelist adds only local networks.<br/>
+ <span class="red">Note:</span>&nbsp;This option will only be used when block offenders is on.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Suppression and
+ filtering</td>
+ <td width="78%" class="vtable">
+ <select name="suppresslistname" class="formfld" id="suppresslistname">
+ <?php
+ echo "<option value='default' >default</option>\n";
+ if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
+ $slist_select = $config['installedpackages']['snortglobal']['suppress']['item'];
+ foreach ($slist_select as $value) {
+ $ilistname = $value['name'];
+ if ($ilistname == $pconfig['suppresslistname'])
+ echo "<option value='$ilistname' selected>";
+ else
+ echo "<option value='$ilistname'>";
+ echo htmlspecialchars($ilistname) . '</option>';
+ }
+ }
+ ?>
+ </select><br>
+ <span class="vexpl">Choose the suppression or filtering file you
+ will like this rule to use. </span>&nbsp;<br/><span class="red">Note:</span>&nbsp;Default
+ option disables suppression and filtering.</td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Choose the types of
+ logs snort should create.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Send alerts to main
+ System logs</td>
+ <td width="78%" class="vtable"><input name="alertsystemlog"
+ type="checkbox" value="on"
+ <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Snort will send Alerts to the firewall's system logs.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td>
+ <td width="78%" class="vtable"><input name="tcpdumplog"
+ type="checkbox" value="on"
+ <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Snort will log packets to a tcpdump-formatted file. The file then
+ can be analyzed by an application such as Wireshark which
+ understands pcap file formats. <span class="red"><strong>WARNING:</strong></span>
+ File may become large.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log Alerts to a snort
+ unified2 file</td>
+ <td width="78%" class="vtable"><input name="snortunifiedlog"
+ type="checkbox" value="on"
+ <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Snort will log Alerts to a file in the UNIFIED2 format. This is a
+ requirement for barnyard2.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Arguments here will
+ be automatically inserted into the snort configuration.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Advanced configuration
+ pass through</td>
+ <td width="78%" class="vtable"><textarea wrap="off"
+ name="configpassthru" cols="75" rows="12" id="configpassthru"
+ class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"></td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click start. </td>
+ </tr>
+ </table>
+
+</table>
+</form>
+
+<script language="JavaScript">
+<!--
+enable_change(false);
+enable_blockoffenders();
+//-->
+</script>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php
new file mode 100644
index 00000000..a267f561
--- /dev/null
+++ b/config/snort-dev/snort_interfaces_global.php
@@ -0,0 +1,437 @@
+<?php
+/*
+ snort_interfaces_global.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Copyright (C) 2008-2009 Robert Zelaya
+ Modified for the Pfsense snort package.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+$d_snort_global_dirty_path = '/var/run/snort_global.dirty';
+
+/* make things short */
+$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
+$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
+$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
+$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit'];
+$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize'];
+$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype'];
+$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
+
+/* if no errors move foward */
+if (!$input_errors) {
+
+ if ($_POST["Submit"]) {
+
+ $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'];
+ $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];
+ $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked'];
+ if ($_POST['snortloglimitsize']) {
+ $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit'];
+ $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize'];
+ } else {
+ $config['installedpackages']['snortglobal']['snortloglimit'] = 'on';
+
+ /* code will set limit to 21% of slice that is unused */
+ $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024);
+ $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize;
+ }
+ $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7'];
+ $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype'];
+ $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
+
+ $retval = 0;
+
+ $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
+ snort_snortloglimit_install_cron($snort_snortloglimit_info_ck == 'ok' ? true : false);
+
+ /* set the snort block hosts time IMPORTANT */
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "never_b")
+ $snort_rm_blocked_false = false;
+ else
+ $snort_rm_blocked_false = true;
+
+ snort_rm_blocked_install_cron($snort_rm_blocked_false);
+
+ /* set the snort rules update time */
+ $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "never_up")
+ $snort_rules_up_false = false;
+ else
+ $snort_rules_up_false = true;
+
+ snort_rules_up_install_cron($snort_rules_up_false);
+
+ configure_cron();
+ write_config();
+
+ /* create whitelist and homenet file then sync files */
+ sync_snort_package_config();
+
+ /* forces page to reload new settings */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces_global.php");
+ exit;
+ }
+}
+
+
+if ($_POST["Reset"]) {
+
+ function snort_deinstall_settings() {
+ global $config, $g, $id, $if_real;
+
+ exec("/usr/usr/bin/killall snort");
+ sleep(2);
+ exec("/usr/usr/bin/killall -9 snort");
+ sleep(2);
+ exec("/usr/usr/bin/killall barnyard2");
+ sleep(2);
+ exec("/usr/usr/bin/killall -9 barnyard2");
+ sleep(2);
+
+ /* Remove snort cron entries Ugly code needs smoothness*/
+ if (!function_exists('snort_deinstall_cron')) {
+ function snort_deinstall_cron($cronmatch) {
+ global $config, $g;
+
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ $is_installed = false;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], $cronmatch)) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ if($is_installed == true)
+ unset($config['cron']['item'][$x]);
+
+ configure_cron();
+ }
+ }
+
+ snort_deinstall_cron("snort2c");
+ snort_deinstall_cron("snort_check_for_rule_updates.php");
+
+
+ /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
+ /* Keep this as a last step */
+ unset($config['installedpackages']['snortglobal']);
+
+ /* remove all snort iface dir */
+ exec('rm -r /usr/local/etc/snort/snort_*');
+ exec('rm /var/log/snort/*');
+ }
+
+ snort_deinstall_settings();
+ write_config(); /* XXX */
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_interfaces_global.php");
+ exit;
+}
+
+$pgtitle = 'Services: Snort: Global Settings';
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+echo "{$snort_general_css}\n";
+echo "$snort_interfaces_css\n";
+
+include_once("fbegin.inc");
+
+if($pfsense_stable == 'yes')
+ echo '<p class="pgtitle">' . $pgtitle . '</p>';
+?>
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<?php
+ /* Display Alert message, under form tag or no refresh */
+ if ($input_errors)
+ print_input_errors($input_errors); // TODO: add checks
+
+ if (!$input_errors) {
+ if (file_exists($d_snort_global_dirty_path)) {
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), true, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td class="tabcont">
+ <table id="maintable2" width="100%" border="0" cellpadding="6"
+ cellspacing="0">
+ <tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Please Choose The
+ Type Of Rules You Wish To Download</td>
+ </tr>
+ <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2"><input name="snortdownload" type="radio"
+ id="snortdownload" value="off" onClick="enable_change(false)"
+ <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>>
+ Do <strong>NOT</strong> Install</td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="snortdownload" type="radio"
+ id="snortdownload" value="on" onClick="enable_change(false)"
+ <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install
+ Basic Rules or Premium rules <br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a
+ href="https://www.snort.org/signup" target="_blank">Sign Up for a
+ Basic Rule Account</a><br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a
+ href="http://www.snort.org/vrt/buy-a-subscription"
+ target="_blank">Sign Up for Sourcefire VRT Certified Premium
+ Rules. This Is Highly Recommended</a></td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td>
+ </tr>
+ <tr>
+ <td class="vncell2" valign="top">Code</td>
+ <td class="vtable"><input name="oinkmastercode" type="text"
+ class="formfld" id="oinkmastercode" size="52"
+ value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br>
+ Obtain a snort.org Oinkmaster code and paste here.</td>
+
+ </table>
+
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong>
+ rules</td>
+ <td width="78%" class="vtable"><input name="emergingthreats"
+ type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Emerging Threats is an open source community that produces fastest
+ moving and diverse Snort Rules.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Update rules
+ automatically</td>
+ <td width="78%" class="vtable"><select name="autorulesupdate7"
+ class="formfld" id="autorulesupdate7">
+ <?php
+ $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS');
+ foreach ($interfaces3 as $iface3 => $ifacename3): ?>
+ <option value="<?=$iface3;?>"
+ <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please select the update times for rules.<br>
+ Hint: in most cases, every 12 hours is a good choice.</span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Settings</td>
+ </tr>
+
+ <tr>
+ <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
+ <td width="22%" valign="top" class="vncell2">Log Directory Size
+ Limit<br>
+ <br>
+ <br>
+ <br>
+ <br>
+ <br>
+ <span class="red"><strong>Note</span>:</strong><br>
+ Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2"><input name="snortloglimit" type="radio"
+ id="snortloglimit" value="on" onClick="enable_change(false)"
+ <?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>>
+ <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="snortloglimit" type="radio"
+ id="snortloglimit" value="off" onClick="enable_change(false)"
+ <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong>
+ directory size limit<br>
+ <br>
+ <span class="red"><strong>Warning</span>:</strong> Nanobsd
+ should use no more than 10MB of space.</td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="vncell3">Size in <strong>MB</strong></td>
+ <td class="vtable"><input name="snortloglimitsize" type="text"
+ class="formfld" id="snortloglimitsize" size="7"
+ value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>">
+ Default is <strong>20%</strong> of available space.</td>
+
+ </table>
+
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Remove blocked hosts
+ every</td>
+ <td width="78%" class="vtable"><select name="rm_blocked"
+ class="formfld" id="rm_blocked">
+ <?php
+ $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS');
+ foreach ($interfaces3 as $iface3 => $ifacename3): ?>
+ <option value="<?=$iface3;?>"
+ <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please select the amount of time you would like
+ hosts to be blocked for.<br>
+ Hint: in most cases, 1 hour is a good choice.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Alerts file description
+ type</td>
+ <td width="78%" class="vtable"><select name="snortalertlogtype"
+ class="formfld" id="snortalertlogtype">
+ <?php
+ $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT');
+ foreach ($interfaces4 as $iface4 => $ifacename4): ?>
+ <option value="<?=$iface4;?>"
+ <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename4);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please choose the type of Alert logging you will
+ like see in your alert file.<br>
+ Hint: Best pratice is to chose full logging.</span>&nbsp;<span
+ class="red"><strong>WARNING:</strong></span>&nbsp;<strong>On
+ change, alert file will be cleared.</strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Keep snort settings
+ after deinstall</td>
+ <td width="78%" class="vtable"><input name="forcekeepsettings"
+ id="forcekeepsettings" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Settings will not be removed during deinstall.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"><input name="Reset" type="submit"
+ class="formbtn" value="Reset"
+ onclick="return confirm('Do you really want to delete all global and interface settings?')"><span
+ class="red"><strong>&nbsp;WARNING:</strong><br>
+ This will reset all global and interface settings.</span></td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn"
+ value="Save" onClick="enable_change(true)">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span> Changing any settings on this page will affect all
+ interfaces. Please, double check if your oink code is correct and
+ the type of snort.org account you hold.</span></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</form>
+
+</div>
+
+ <?php include("fend.inc"); ?>
+
+ <?php echo "$snort_custom_rnd_box\n"; ?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_suppress.php b/config/snort-dev/snort_interfaces_suppress.php
new file mode 100644
index 00000000..4eeed42d
--- /dev/null
+++ b/config/snort-dev/snort_interfaces_suppress.php
@@ -0,0 +1,171 @@
+<?php
+/* $Id$ */
+/*
+ Copyright (C) 2004 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+
+if (!is_array($config['installedpackages']['snortglobal']['suppress']))
+ $config['installedpackages']['snortglobal']['suppress'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
+ $config['installedpackages']['snortglobal']['suppress']['item'] = array();
+$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
+$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
+
+$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty';
+
+if ($_GET['act'] == "del") {
+ if ($a_suppress[$_GET['id']]) {
+ /* make sure rule is not being referenced by any nat or filter rules */
+
+ unset($a_suppress[$_GET['id']]);
+ write_config();
+ filter_configure();
+ header("Location: /snort/snort_interfaces_suppress.php");
+ exit;
+ }
+}
+
+$pgtitle = "Services: Snort: Suppression";
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+echo $snort_general_css;
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_suppresslistdirty_path)): ?>
+<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <tr>
+ <td width="30%" class="listhdrr">File Name</td>
+ <td width="70%" class="listhdr">Description</td>
+
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_suppress as $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listbg"
+ ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
+ </td>
+
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a
+ href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit whitelist"></a></td>
+ <td><a
+ href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>"
+ onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="delete whitelist"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="2"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a
+ href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+<br>
+<table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">Here you can create event filtering and
+ suppression for your snort package rules.<br>
+ Please note that you must restart a running rule so that changes can
+ take effect.</span></p></td>
+</table>
+
+</form>
+
+</div>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_suppress_edit.php b/config/snort-dev/snort_interfaces_suppress_edit.php
new file mode 100644
index 00000000..7303349f
--- /dev/null
+++ b/config/snort-dev/snort_interfaces_suppress_edit.php
@@ -0,0 +1,295 @@
+<?php
+/* $Id$ */
+/*
+ firewall_aliases_edit.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['suppress']))
+ $config['installedpackages']['snortglobal']['suppress'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
+ $config['installedpackages']['snortglobal']['suppress']['item'] = array();
+$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (!is_numeric($id))
+ $id = 0; // XXX: safety belt
+
+
+/* gen uuid for each iface */
+if (is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) {
+ if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+ $suppress_uuid = 0;
+ while ($suppress_uuid > 65535 || $suppress_uuid == 0) {
+ $suppress_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $suppress_uuid;
+ }
+ } else if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') {
+ $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'];
+ }
+}
+
+$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty';
+
+/* returns true if $name is a valid name for a whitelist file name or ip */
+function is_validwhitelistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+if (isset($id) && $a_suppress[$id]) {
+
+ /* old settings */
+ $pconfig['name'] = $a_suppress[$id]['name'];
+ $pconfig['uuid'] = $a_suppress[$id]['uuid'];
+ $pconfig['descr'] = $a_suppress[$id]['descr'];
+ $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
+}
+
+if ($_POST['submit']) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultwhitelist")
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+
+ $x = is_validwhitelistname($_POST['name']);
+ if (!isset($x)) {
+ $input_errors[] = "Reserved word used for whitelist file name.";
+ } else {
+ if (is_validwhitelistname($_POST['name']) == false)
+ $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
+ }
+
+
+ /* check for name conflicts */
+ foreach ($a_suppress as $s_list) {
+ if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list))
+ continue;
+
+ if ($s_list['name'] == $_POST['name']) {
+ $input_errors[] = "A whitelist file name with this name already exists.";
+ break;
+ }
+ }
+
+
+ if (!$input_errors) {
+ $s_list = array();
+ $s_list['name'] = $_POST['name'];
+ $s_list['uuid'] = $suppress_uuid;
+ $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
+
+ if (isset($id) && $a_suppress[$id])
+ $a_suppress[$id] = $s_list;
+ else
+ $a_suppress[] = $s_list;
+
+ write_config();
+
+ sync_snort_package_config();
+
+ header("Location: /snort/snort_interfaces_suppress.php");
+ exit;
+ }
+
+}
+
+$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include("fbegin.inc");
+echo $snort_general_css;
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<div id="inputerrors"></div>
+
+<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>"
+ method="post" name="iform" id="iform"><?php
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ //if (file_exists($d_snortconfdirty_path)) {
+ if (file_exists($d_snort_suppress_dirty_path)) {
+ echo '<p>';
+
+ if($savemsg) {
+ print_info_box_np2("{$savemsg}");
+ }else{
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+ }
+ ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li class="newtabmenu_active"><a
+ href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and
+ description of the file.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq2">Name</td>
+ <td class="vtable"><input name="name" type="text" id="name"
+ size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
+ <span class="vexpl"> The list name may only consist of the
+ characters a-z, A-Z and 0-9. <span class="red">Note: </span> No
+ Spaces. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Description</td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
+ <span class="vexpl"> You may enter a description here for your
+ reference (not parsed). </span></td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table height="32" width="100%">
+ <tr>
+ <td>
+ <div style='background-color: #E0E0E0' id='redbox'>
+ <table width='100%'>
+ <tr>
+ <td width='8%'>&nbsp;&nbsp;&nbsp;<img
+ style='vertical-align: middle'
+ src="/snort/images/icon_excli.png" width="40" height="32"></td>
+ <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font>
+ <font size="2" color='#000000'>&nbsp;&nbsp;The threshold keyword
+ is deprecated as of version 2.8.5. Use the event_filter keyword
+ instead.</font></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+ <script type="text/javascript">
+ NiftyCheck();
+ Rounded("div#redbox","all","#FFF","#E0E0E0","smooth");
+ Rounded("td#blackbox","all","#FFF","#000000","smooth");
+ </script>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Apply suppression or
+ filters to rules. Valid keywords are 'suppress', 'event_filter' and
+ 'rate_filter'.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vncell"><b>Example 1;</b>
+ suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br>
+ <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit,
+ track by_src, count 1, seconds 60<br>
+ <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src,
+ count 100, seconds 1, new_action log, timeout 10</td>
+ </tr>
+ <tr>
+ <td width="100%" class="vtable"><textarea wrap="off"
+ name="suppresspassthru" cols="142" rows="28" id="suppresspassthru"
+ class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="78%"><input id="submit" name="submit" type="submit"
+ class="formbtn" value="Save" /> <input id="cancelbutton"
+ name="cancelbutton" type="button" class="formbtn" value="Cancel"
+ onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+ </table>
+ </td>
+ </tr>
+</table>
+</form>
+
+</div>
+
+ <?php include("fend.inc"); ?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_whitelist.php b/config/snort-dev/snort_interfaces_whitelist.php
new file mode 100644
index 00000000..2dc2d491
--- /dev/null
+++ b/config/snort-dev/snort_interfaces_whitelist.php
@@ -0,0 +1,189 @@
+<?php
+/* $Id$ */
+/*
+ firewall_aliases.php
+ Copyright (C) 2004 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+$config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+//aliases_sort(); << what ?
+$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+ $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
+}else{
+ $id_gen = '0';
+}
+
+$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty';
+
+if ($_GET['act'] == "del") {
+ if ($a_whitelist[$_GET['id']]) {
+ /* make sure rule is not being referenced by any nat or filter rules */
+
+ unset($a_whitelist[$_GET['id']]);
+ write_config();
+ filter_configure();
+ header("Location: /snort/snort_interfaces_whitelist.php");
+ exit;
+ }
+}
+
+$pgtitle = "Services: Snort: Whitelist";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include_once("fbegin.inc");
+echo $snort_general_css;
+?>
+
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_whitelistdirty_path)): ?>
+<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <tr>
+ <td width="20%" class="listhdrr">File Name</td>
+ <td width="40%" class="listhdrr">Values</td>
+ <td width="40%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_whitelist as $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listr"
+ ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?php
+ $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
+ echo $addresses;
+ if(count($addresses) < 10) {
+ echo " ";
+ } else {
+ echo "...";
+ }
+ ?></td>
+ <td class="listbg"
+ ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a
+ href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit whitelist"></a></td>
+ <td><a
+ href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>"
+ onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="delete whitelist"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a
+ href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+<br>
+<table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">Here you can create whitelist files for your
+ snort package rules.<br>
+ Please add all the ips or networks you want to protect against snort
+ block decisions.<br>
+ Remember that the default whitelist only includes local networks.<br>
+ Be careful, it is very easy to get locked out of you system.</span></p></td>
+</table>
+
+</form>
+
+</div>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php
new file mode 100644
index 00000000..fe3c54a5
--- /dev/null
+++ b/config/snort-dev/snort_interfaces_whitelist_edit.php
@@ -0,0 +1,414 @@
+<?php
+/* $Id$ */
+/*
+ firewall_aliases_edit.php
+ Copyright (C) 2004 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces_whitelist.php");
+ exit;
+}
+
+/* gen uuid for each iface !inportant */
+if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') {
+ $whitelist_uuid = 0;
+ while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
+ $whitelist_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $whitelist_uuid;
+ }
+} else if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') {
+ $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'];
+}
+
+$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty';
+
+/* returns true if $name is a valid name for a whitelist file name or ip */
+function is_validwhitelistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+
+if (isset($id) && $a_whitelist[$id]) {
+
+ /* old settings */
+ $pconfig = array();
+ $pconfig['name'] = $a_whitelist[$id]['name'];
+ $pconfig['uuid'] = $a_whitelist[$id]['uuid'];
+ $pconfig['detail'] = $a_whitelist[$id]['detail'];
+ $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype'];
+ $pconfig['address'] = $a_whitelist[$id]['address'];
+ $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
+ $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_whitelist[$id]['vips'];
+ $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
+ $addresses = explode(' ', $pconfig['address']);
+ $address = explode(" ", $addresses[0]);
+}
+
+if ($_POST['submit']) {
+
+ conf_mount_rw();
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "name");
+ $reqdfieldsn = explode(",", "Name");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultwhitelist")
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+
+ $x = is_validwhitelistname($_POST['name']);
+ if (!isset($x)) {
+ $input_errors[] = "Reserved word used for whitelist file name.";
+ } else {
+ if (is_validwhitelistname($_POST['name']) == false)
+ $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
+ }
+
+ /* check for name conflicts */
+ foreach ($a_whitelist as $w_list) {
+ if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
+ continue;
+
+ if ($w_list['name'] == $_POST['name']) {
+ $input_errors[] = "A whitelist file name with this name already exists.";
+ break;
+ }
+ }
+
+ $isfirst = 0;
+ $address = "";
+ $final_address_details .= "";
+ /* add another entry code */
+ for($x=0; $x<499; $x++) {
+ if (!empty($_POST["address{$x}"])) {
+ if ($is_first > 0)
+ $address .= " ";
+ $address .= $_POST["address{$x}"];
+ if ($_POST["address_subnet{$x}"] <> "")
+ $address .= "" . $_POST["address_subnet{$x}"];
+
+ /* Compress in details to a single key, data separated by pipes.
+ Pulling details here lets us only pull in details for valid
+ address entries, saving us from having to track which ones to
+ process later. */
+ $final_address_detail = mb_convert_encoding($_POST["detail{$x}"],'HTML-ENTITIES','auto');
+ if ($final_address_detail <> "")
+ $final_address_details .= $final_address_detail;
+ else {
+ $final_address_details .= "Entry added" . " ";
+ $final_address_details .= date('r');
+ }
+ $final_address_details .= "||";
+ $is_first++;
+ }
+ }
+
+ if (!$input_errors) {
+ $w_list = array();
+ /* post user input */
+ $w_list['name'] = $_POST['name'];
+ $w_list['uuid'] = $whitelist_uuid;
+ $w_list['snortlisttype'] = $_POST['snortlisttype'];
+ $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
+ $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
+ $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
+ $w_list['vips'] = $_POST['vips']? 'yes' : 'no';
+ $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
+
+ $w_list['address'] = $address;
+ $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $w_list['detail'] = $final_address_details;
+
+ if (isset($id) && $a_whitelist[$id])
+ $a_whitelist[$id] = $w_list;
+ else
+ $a_whitelist[] = $w_list;
+
+ write_config();
+
+ /* create whitelist and homenet file then sync files */
+ sync_snort_package_config();
+
+ header("Location: /snort/snort_interfaces_whitelist.php");
+ exit;
+ } else {
+ $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $pconfig['address'] = $address;
+ $pconfig['detail'] = $final_address_details;
+ }
+
+}
+
+$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
+
+<?php
+include("fbegin.inc");
+echo $snort_general_css;
+?>
+<script type="text/javascript" src="/javascript/row_helper.js"></script>
+ <input type='hidden' name='address_type' value='textbox' />
+ <script type="text/javascript">
+
+ rowname[0] = "address";
+ rowtype[0] = "textbox";
+ rowsize[0] = "20";
+
+ rowname[1] = "detail";
+ rowtype[1] = "textbox";
+ rowsize[1] = "30";
+</script>
+
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<div id="inputerrors"></div>
+
+<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform">
+<?php
+ /* Display Alert message */
+ if ($input_errors)
+ print_input_errors($input_errors); // TODO: add checks
+
+ if ($savemsg)
+ print_info_box2($savemsg);
+
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont">
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and
+ description of the file.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq2">Name</td>
+ <td class="vtable"><input name="name" type="text" id="name"
+ size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
+ <span class="vexpl"> The list name may only consist of the
+ characters a-z, A-Z and 0-9. <span class="red">Note: </span> No
+ Spaces. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Description</td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
+ <span class="vexpl"> You may enter a description here for your
+ reference (not parsed). </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">List Type</td>
+ <td width="78%" class="vtable">
+
+ <div
+ style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"
+ id="itemhelp"><strong>WHITELIST:</strong>&nbsp;&nbsp;&nbsp;This
+ list specifies addresses that Snort Package should not block.<br>
+ <br>
+ <strong>NETLIST:</strong>&nbsp;&nbsp;&nbsp;This list is for defining
+ addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div>
+
+ <select name="snortlisttype" class="formfld" id="snortlisttype">
+ <?php
+ $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST');
+ foreach ($interfaces4 as $iface4 => $ifacename4): ?>
+ <option value="<?=$iface4;?>"
+ <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename4);?></option>
+ <?php endforeach; ?>
+ </select> <span class="vexpl"> &nbsp;&nbsp;&nbsp;Choose the type of
+ list you will like see in your <span class="red">Interface Edit Tab</span>.
+ </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add auto generated
+ ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">WAN IPs</td>
+ <td width="78%" class="vtable"><input name="wanips" type="checkbox"
+ id="wanips" size="40" value="yes"
+ <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add WAN IPs to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Wan Gateways</td>
+ <td width="78%" class="vtable"><input name="wangateips"
+ type="checkbox" id="wangateips" size="40" value="yes"
+ <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add WAN Gateways to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Wan DNS servers</td>
+ <td width="78%" class="vtable"><input name="wandnsips"
+ type="checkbox" id="wandnsips" size="40" value="yes"
+ <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add WAN DNS servers to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td>
+ <td width="78%" class="vtable"><input name="vips" type="checkbox"
+ id="vips" size="40" value="yes"
+ <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">VPNs</td>
+ <td width="78%" class="vtable"><input name="vpnips" type="checkbox"
+ id="vpnips" size="40" value="yes"
+ <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add VPN Addresses to the list. </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add your own custom
+ ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">
+ <div id="addressnetworkport">IP or CIDR items</div>
+ </td>
+ <td width="78%" class="vtable">
+ <table id="maintable">
+ <tbody>
+ <tr>
+ <td colspan="4">
+ <div
+ style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"
+ id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY
+ IPs not CIDRs</strong>. Example: 192.168.4.1<br>
+ <br>
+ For <strong>NETLIST's</strong> you may enter <strong>IPs and
+ CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="onecolumn">IP or CIDR</div>
+ </td>
+ <td>
+ <div id="threecolumn">Add a Description or leave blank and a date
+ will be added.</div>
+ </td>
+ </tr>
+
+ <?php
+ /* cleanup code */
+ $counter = 0;
+ $address = $pconfig['address'];
+ if ($address <> ""):
+ $item = explode(" ", $address);
+ $item3 = explode("||", $pconfig['detail']);
+ foreach($item as $ww):
+ $address = $item[$counter];
+ $item4 = $item3[$counter];
+ ?>
+ <tr>
+ <td><input name="address<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" /></td>
+ <td><input name="detail<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="50" value="<?=$item4;?>" /></td>
+ <td>
+ <?php echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; ?>
+ </td>
+ </tr>
+ <?php
+ $counter++;
+
+ endforeach; endif;
+ ?>
+ </tbody>
+ </table>
+ <a onclick="javascript:addRowTo('maintable'); return false;"
+ href="#"><img border="0"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt=""
+ title="add another entry" /> </a></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
+ <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
+ <input name="id" type="hidden" value="<?=$id;?>" />
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</form>
+
+<script type="text/javascript">
+ /* row and col adjust when you add extra entries */
+
+ field_counter_js = 3;
+ rows = 1;
+ totalrows = <?php echo $counter; ?>;
+ loaded = <?php echo $counter; ?>;
+
+</script>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php
new file mode 100644
index 00000000..7f89d433
--- /dev/null
+++ b/config/snort-dev/snort_preprocessors.php
@@ -0,0 +1,391 @@
+<?php
+/* $Id$ */
+/*
+ snort_preprocessors.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+$pconfig = array();
+if (isset($id) && $a_nat[$id]) {
+ $pconfig = $a_nat[$id];
+
+ /* new options */
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
+ $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+}
+
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+$snort_uuid = $pconfig['uuid'];
+
+/* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
+if ($_POST) {
+
+ $natent = array();
+ $natent = $pconfig;
+
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ /* post new options */
+ $natent['perform_stat'] = $_POST['perform_stat'];
+ if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; }
+ if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; }
+ if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; }
+ if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; }
+
+ $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off';
+ $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off';
+ $natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off';
+ $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off';
+ $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off';
+ $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off';
+ $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
+ $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
+
+ if (isset($id) && $a_nat[$id])
+ $a_nat[$id] = $natent;
+ else {
+ if (is_numeric($after))
+ array_splice($a_nat, $after+1, 0, array($natent));
+ else
+ $a_nat[] = $natent;
+ }
+
+ write_config();
+
+ $if_real = snort_get_real_interface($pconfig['interface']);
+ sync_snort_package_config();
+
+ /* after click go to this page */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: snort_preprocessors.php?id=$id");
+ exit;
+ }
+}
+
+$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow";
+include_once("head.inc");
+
+?>
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php
+echo "{$snort_general_css}\n";
+?>
+
+<div class="body2">
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+
+<form action="snort_preprocessors.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
+
+ /* Display Alert message */
+
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box2($savemsg);
+ }
+
+ ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <?php
+ /* display error code if there is no id */
+ if($id == "")
+ {
+ echo "
+ <style type=\"text/css\">
+ .noid {
+ position:absolute;
+ top:10px;
+ left:0px;
+ width:94%;
+ background:#FCE9C0;
+ background-position: 15px;
+ border-top:2px solid #DBAC48;
+ border-bottom:2px solid #DBAC48;
+ padding: 15px 10px 85% 50px;
+ }
+ </style>
+ <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/{$g['theme']}/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n";
+
+ }
+ ?>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:
+ </strong></span><br>
+ Rules may be dependent on preprocessors!<br>
+ Defaults will be used when there is no user input.<br></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Performance
+ Statistics</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable"><input name="perform_stat"
+ type="checkbox" value="on"
+ <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"> Performance Statistics for this
+ interface.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable"><input name="http_inspect"
+ type="checkbox" value="on"
+ <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"> Use HTTP Inspect to
+ Normalize/Decode and detect HTTP traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">HTTP server flow depth</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="flow_depth" type="text" class="formfld"
+ id="flow_depth" size="5"
+ value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong>
+ to <strong>1460</strong> (<strong>-1</strong> disables HTTP
+ inspect, <strong>0</strong> enables all HTTP inspect)</td>
+ </tr>
+ </table>
+ Amount of HTTP server response payload to inspect. Snort's
+ performance may increase by adjusting this value.<br>
+ Setting this value too low may cause false negatives. Values above 0
+ are specified in bytes. Default value is <strong>0</strong><br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">Max Queued Bytes</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="max_queued_bytes" type="text" class="formfld"
+ id="max_queued_bytes" size="5"
+ value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>">
+ Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong>
+ ( default value is <strong>1048576</strong>, <strong>0</strong>
+ means Maximum )</td>
+ </tr>
+ </table>
+ The number of bytes to be queued for reassembly for TCP sessions in
+ memory. Default value is <strong>1048576</strong><br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">Max Queued Segs</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="max_queued_segs" type="text" class="formfld"
+ id="max_queued_segs" size="5"
+ value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>">
+ Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong>
+ ( default value is <strong>2621</strong>, <strong>0</strong> means
+ Maximum )</td>
+ </tr>
+ </table>
+ The number of segments to be queued for reassembly for TCP sessions
+ in memory. Default value is <strong>2621</strong><br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Preprocessor
+ Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ RPC Decode and Back Orifice detector</td>
+ <td width="78%" class="vtable"><input name="other_preprocs"
+ type="checkbox" value="on"
+ <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode RPC traffic and detects Back Orifice traffic on the
+ network.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ FTP and Telnet Normalizer</td>
+ <td width="78%" class="vtable"><input name="ftp_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ SMTP Normalizer</td>
+ <td width="78%" class="vtable"><input name="smtp_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ Portscan Detection</td>
+ <td width="78%" class="vtable"><input name="sf_portscan"
+ type="checkbox" value="on"
+ <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Detects various types of portscans and portsweeps.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ DCE/RPC2 Detection</td>
+ <td width="78%" class="vtable"><input name="dce_rpc_2"
+ type="checkbox" value="on"
+ <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC
+ traffic.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ DNS Detection</td>
+ <td width="78%" class="vtable"><input name="dns_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ The DNS preprocessor decodes DNS Response traffic and detects some
+ vulnerabilities.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td>
+ <td width="78%" class="vtable"><input name="def_ssl_ports_ignore"
+ type="text" class="formfld" id="def_ssl_ports_ignore" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br>
+ <span class="vexpl"> Encrypted traffic should be ignored by Snort
+ for both performance reasons and to reduce false positives.<br>
+ Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please
+ use spaces and not commas.</strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="id" type="hidden" value="<?=$id;?>"></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click Start. </td>
+ </tr>
+ </table>
+
+</table>
+</form>
+
+</div>
+
+ <?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php
new file mode 100644
index 00000000..871eb39e
--- /dev/null
+++ b/config/snort-dev/snort_rules.php
@@ -0,0 +1,458 @@
+<?php
+/*
+ snort_rules.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ Copyright (C) 2008, 2009 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (isset($id) && $a_nat[$id]) {
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+}
+
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+$iface_uuid = $a_nat[$id]['uuid'];
+
+/* Check if the rules dir is empy if so warn the user */
+/* TODO give the user the option to delete the installed rules rules */
+if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"))
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules");
+
+$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
+if ($isrulesfolderempty == "") {
+ $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules");
+ if ($isrulesfolderempty == "") {
+ include_once("head.inc");
+ include_once("fbegin.inc");
+
+ echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+
+ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+
+ echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n";
+
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+ echo "</td>\n
+ </tr>\n
+ <tr>\n
+ <td>\n
+ <div id=\"mainarea\">\n
+ <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n
+ # The rules directory is empty.\n
+ </td>\n
+ </tr>\n
+ </table>\n
+ </div>\n
+ </td>\n
+ </tr>\n
+ </table>\n
+ \n
+ </form>\n
+ \n
+ <p>\n\n";
+
+ echo "Please click on the Update Rules tab to install your selected rule sets.";
+ include("fend.inc");
+
+ echo "</body>";
+ echo "</html>";
+
+ exit(0);
+ } else {
+ /* Make sure that we have the rules */
+ mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true);
+ }
+}
+
+function get_middle($source, $beginning, $ending, $init_pos) {
+ $beginning_pos = strpos($source, $beginning, $init_pos);
+ $middle_pos = $beginning_pos + strlen($beginning);
+ $ending_pos = strpos($source, $ending, $beginning_pos);
+ $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+ return $middle;
+}
+
+function write_rule_file($content_changed, $received_file)
+{
+ @file_put_contents($received_file, implode("\n", $content_changed));
+}
+
+function load_rule_file($incoming_file)
+{
+ //read file into string, and get filesize
+ $contents = @file_get_contents($incoming_file);
+
+ //split the contents of the string file into an array using the delimiter
+ return explode("\n", $contents);
+}
+
+$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
+//$ruledir = "/usr/local/etc/snort/rules/";
+$dh = opendir($ruledir);
+while (false !== ($filename = readdir($dh)))
+{
+ //only populate this array if its a rule file
+ $isrulefile = strstr($filename, ".rules");
+ if ($isrulefile !== false)
+ $files[] = basename($filename);
+}
+sort($files);
+
+if ($_GET['openruleset'])
+ $rulefile = $_GET['openruleset'];
+else
+ $rulefile = $ruledir.$files[0];
+
+//Load the rule file
+$splitcontents = load_rule_file($rulefile);
+
+if ($_GET['act'] == "toggle" && $_GET['ids']) {
+
+ $lineid= $_GET['ids'];
+
+ //copy rule contents from array into string
+ $tempstring = $splitcontents[$lineid];
+
+ //explode rule contents into an array, (delimiter is space)
+ $rule_content = explode(' ', $tempstring);
+
+ $findme = "# alert"; //find string for disabled alerts
+ $disabled = strstr($tempstring, $findme);
+
+ //if find alert is false, then rule is disabled
+ if ($disabled !== false) {
+ //rule has been enabled
+ $tempstring = substr($tempstring, 2);
+ } else
+ $tempstring = "# ". $tempstring;
+
+ //copy string into array for writing
+ $splitcontents[$lineid] = $tempstring;
+
+ //write the new .rules file
+ write_rule_file($splitcontents, $rulefile);
+
+ //write disable/enable sid to config.xml
+ $sid = get_middle($tempstring, 'sid:', ';', 0);
+ if (is_numeric($sid)) {
+ // rule_sid_on registers
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']);
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']);
+ if ($disabled === false)
+ $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
+ else
+ $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
+ }
+
+ write_config();
+
+ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}");
+ exit;
+}
+
+$currentruleset = basename($rulefile);
+
+$ifname = strtoupper($pconfig['interface']);
+
+require_once("guiconfig.inc");
+include_once("head.inc");
+
+$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset";
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php
+include("fbegin.inc");
+if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+
+echo "{$snort_general_css}\n";
+?>
+<form action="snort_rules.php" method="post" name="iform" id="iform">
+
+<script language="javascript" type="text/javascript">
+function go()
+{
+ var box = document.iform.selectbox;
+ destination = box.options[box.selectedIndex].value;
+ if (destination)
+ location.href = destination;
+}
+function popup(url)
+{
+ params = 'width='+screen.width;
+ params += ', height='+screen.height;
+ params += ', top=0, left=0'
+ params += ', fullscreen=yes';
+
+ newwin=window.open(url,'windowname4', params);
+ if (window.focus) {newwin.focus()}
+ return false;
+}
+</script>
+
+<table style="table-layout:fixed;" width="99%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea2">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listt" colspan="8">
+ <br>Category:
+ <select id="selectbox" name="selectbox" class="formfld" onChange="go()">
+ <?php
+ foreach ($files as $value) {
+ echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' ";
+ if ($value === $currentruleset)
+ echo "selected";
+ echo ">{$value}</option>\n";
+ }
+ ?>
+ </select>
+ </td>
+ </tr>
+ <tr id="frheader">
+ <td width="3%" class="list">&nbsp;</td>
+ <td width="5%" class="listhdr">SID</td>
+ <td width="6%" class="listhdrr">Proto</td>
+ <td width="15%" class="listhdrr">Source</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="15%" class="listhdrr">Destination</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="32%" class="listhdrr">Message</td>
+ </tr>
+ <?php
+ foreach ( $splitcontents as $counter => $value )
+ {
+ $disabled = "False";
+ $comments = "False";
+ $findme = "# alert"; //find string for disabled alerts
+ $disabled_pos = strstr($value, $findme);
+
+ $counter2 = 1;
+ $sid = get_middle($value, 'sid:', ';', 0);
+ //check to see if the sid is numberical
+ if (!is_numeric($sid))
+ continue;
+
+ //if find alert is false, then rule is disabled
+ if ($disabled_pos !== false){
+ $counter2 = $counter2+1;
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $iconb = "icon_block_d.gif";
+
+ $ischecked = "";
+ } else {
+ $textss = $textse = "";
+ $iconb = "icon_block.gif";
+
+ $ischecked = "checked";
+ }
+
+ $rule_content = explode(' ', $value);
+
+ $protocol = $rule_content[$counter2];//protocol location
+ $counter2++;
+ $source = substr($rule_content[$counter2], 0, 20) . "...";//source location
+ $counter2++;
+ $source_port = $rule_content[$counter2];//source port location
+ $counter2 = $counter2+2;
+ $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location
+ $counter2++;
+ $destination_port = $rule_content[$counter2];//destination port location
+
+ if (strstr($value, 'msg: "'))
+ $message = get_middle($value, 'msg: "', '";', 0);
+ else if (strstr($value, 'msg:"'))
+ $message = get_middle($value, 'msg:"', '";', 0);
+
+ echo "<tr><td class=\"listt\"> $textss\n";
+ ?>
+ <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>"
+ width="10" height="10" border="0"
+ title="click to toggle enabled/disabled status"></a>
+ <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> -->
+ <!-- TODO: add checkbox and save so that that disabling is nicer -->
+ <?php
+ echo "$textse
+ </td>
+ <td width='5%' class=\"listlr\">
+ $textss
+ $sid
+ $textse
+ </td>
+ <td width='6%' class=\"listlr\">
+ $textss
+ $protocol";
+ echo "$textse
+ </td>
+ <td width='20%' class=\"listlr\">
+ $textss
+ $source
+ $textse
+ </td>
+ <td width='5%' class=\"listlr\">
+ $textss
+ $source_port
+ $textse
+ </td>
+ <td width='20%' class=\"listlr\">
+ $textss
+ $destination
+ $textse
+ </td>
+ <td width='5%' class=\"listlr\">
+ $textss
+ $destination_port
+ $textse
+ </td>
+ <td width='30%' class=\"listbg\"><font color=\"white\">
+ $textss
+ $message
+ $textse
+ </td>";
+ ?>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="javascript: void(0)"
+ onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ title="edit rule" width="17" height="17" border="0"></a></td>
+ <!-- Codes by Quackit.com -->
+ </tr>
+ </table>
+ </td>
+ <?php
+ }
+ ?>
+
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td class="listlr">
+ <?php echo " <strong><span class='red'>There are {$counter} rules in this category. <br/><br/></span></strong>"; ?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td width="16"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
+ width="11" height="11"></td>
+ <td>Rule Enabled</td>
+ </tr>
+ <tr>
+ <td><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif"
+ width="11" height="11"></td>
+ <td nowrap>Rule Disabled</td>
+ </tr>
+ <tr>
+ <!-- TODO: add save and cancel for checkbox options -->
+ <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
+ </tr>
+ <tr>
+ <td colspan="10">
+ <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>-->
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_rules_edit.php b/config/snort-dev/snort_rules_edit.php
new file mode 100644
index 00000000..330630f4
--- /dev/null
+++ b/config/snort-dev/snort_rules_edit.php
@@ -0,0 +1,188 @@
+<?php
+/*
+ snort_rules_edit.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
+ Copyright (C) 2006-2009 Volker Theile
+
+ Adapted for Pfsense Snort package by Robert Zelaya
+ Copyright (C) 2008-2009 Robert Zelaya
+
+ Using dp.SyntaxHighlighter for syntax highlighting
+ http://www.dreamprojections.com/SyntaxHighlighter
+ Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+$ids = $_GET['ids'];
+if (isset($_POST['ids']))
+ $ids = $_POST['ids'];
+
+if (isset($id) && $a_nat[$id]) {
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+}
+
+//get rule id
+$lineid = $_GET['ids'];
+if (isset($_POST['ids']))
+ $lineid = $_POST['ids'];
+
+$file = $_GET['openruleset'];
+if (isset($_POST['openruleset']))
+ $file = $_POST['openruleset'];
+
+//read file into string, and get filesize also chk for empty files
+$contents = '';
+if (filesize($file) > 0 )
+ $contents = file_get_contents($file);
+
+//delimiter for each new rule is a new line
+$delimiter = "\n";
+
+//split the contents of the string file into an array using the delimiter
+$splitcontents = explode($delimiter, $contents);
+$findme = "# alert"; //find string for disabled alerts
+$highlight = "yes";
+if (strstr($splitcontents[$lineid], $findme))
+ $highlight = "no";
+if ($highlight == "no")
+ $splitcontents[$lineid] = substr($splitcontents[$lineid], 2);
+
+if (!function_exists('get_middle')) {
+ function get_middle($source, $beginning, $ending, $init_pos) {
+ $beginning_pos = strpos($source, $beginning, $init_pos);
+ $middle_pos = $beginning_pos + strlen($beginning);
+ $ending_pos = strpos($source, $ending, $beginning_pos);
+ $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+ return $middle;
+ }
+}
+
+if ($_POST) {
+ if ($_POST['save']) {
+
+ //copy string into file array for writing
+ if ($_POST['highlight'] == "yes")
+ $splitcontents[$lineid] = $_POST['code'];
+ else
+ $splitcontents[$lineid] = "# " . $_POST['code'];
+
+ //write disable/enable sid to config.xml
+ $sid = get_middle($splitcontents[$lineid], 'sid:', ';', 0);
+ if (is_numeric($sid)) {
+ // rule_sid_on registers
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']);
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']);
+ if ($_POST['highlight'] == "yes")
+ $a_nat[$id]['rule_sid_on'] = "||enablesid $sid" . $a_nat[$id]['rule_sid_on'];
+ else
+ $a_nat[$id]['rule_sid_off'] = "||disablesid $sid" . $a_nat[$id]['rule_sid_off'];
+ }
+
+ //write the new .rules file
+ @file_put_contents($file, implode($delimiter, $splitcontents));
+
+ write_config();
+
+ echo "<script> opener.window.location.reload(); window.close(); </script>";
+ exit;
+ }
+}
+
+$pgtitle = array(gettext("Advanced"), gettext("File Editor"));
+
+?>
+
+<?php include("head.inc");?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+<form action="snort_rules_edit.php" method="post">
+ <?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+ <td class="tabcont">
+
+
+ <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
+ <tr>
+ <td>
+ <input name="save" type="submit" class="formbtn" id="save" value="save" />
+ <input type='hidden' name='id' value='<?=$id;?>' />
+ <input type='hidden' name='ids' value='<?=$ids;?>' />
+ <input type='hidden' name='openruleset' value='<?=$file;?>' />
+ <input type="button" class="formbtn" value="Cancel" onclick="window.close()">
+ <hr noshade="noshade" />
+ Disable original rule :<br/>
+
+ <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> />
+ <label for="highlighting_enabled"><?=gettext("Enabled");?> </label>
+ <input id="highlighting_disabled" name="highlight2" type="radio" value="no" <?php if($highlight == "no") echo " checked=\"checked\""; ?> />
+ <label for="highlighting_disabled"> <?=gettext("Disabled");?></label>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="label">
+ <textarea wrap="off" style="width: 98%; margin: 7px;"
+ class="<?php echo $language; ?>:showcolumns" rows="3"
+ cols="66" name="code"><?=$splitcontents[$lineid];?></textarea>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="label">
+ <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea disabled
+ wrap="off" style="width: 98%; margin: 7px;"
+ class="<?php echo $language; ?>:showcolumns" rows="33"
+ cols="66" name="code2"><?=$contents;?></textarea>
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</form>
+<?php include("fend.inc");?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php
new file mode 100644
index 00000000..313daea2
--- /dev/null
+++ b/config/snort-dev/snort_rulesets.php
@@ -0,0 +1,313 @@
+<?php
+/* $Id$ */
+/*
+ snort_rulesets.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g;
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (isset($id) && $a_nat[$id]) {
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+
+ /* convert fake interfaces to real */
+ $if_real = snort_get_real_interface($pconfig['interface']);
+
+ $iface_uuid = $a_nat[$id]['uuid'];
+}
+
+$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories";
+
+
+/* Check if the rules dir is empy if so warn the user */
+/* TODO give the user the option to delete the installed rules rules */
+$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
+if ($isrulesfolderempty == "") {
+ $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules");
+ if ($isrulesfolderempty == "") {
+ include_once("head.inc");
+ include("fbegin.inc");
+
+ echo "<p class=\"pgtitle\">";
+ if($pfsense_stable == 'yes'){echo $pgtitle;}
+ echo "</p>\n";
+
+ echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+
+ echo "
+ <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr><td>\n";
+
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+ echo "
+ </td></tr>
+ <tr>\n
+ <td>\n
+ <div id=\"mainarea\">\n
+ <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n
+ # The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n
+ </td>\n
+ </tr>\n
+ </table>\n
+ </div>\n
+ </td>\n
+ </tr>\n
+ </table>\n
+ \n
+ </form>\n
+ \n
+ <p>\n\n";
+
+ echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty";
+ include("fend.inc");
+
+ echo "</body>";
+ echo "</html>";
+
+ exit(0);
+ } else {
+ /* Make sure that we have the rules */
+ mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true);
+ }
+}
+
+/* alert file */
+$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty";
+if ($_POST["Submit"]) {
+ $enabled_items = "";
+ $isfirst = true;
+ if (is_array($_POST['toenable']))
+ $enabled_items = implode("||", $_POST['toenable']);
+ else
+ $enabled_items = $_POST['toenable'];
+ $a_nat[$id]['rulesets'] = $enabled_items;
+
+ write_config();
+ sync_snort_package_config();
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /snort/snort_rulesets.php?id=$id");
+ exit;
+}
+
+$enabled_rulesets = $a_nat[$id]['rulesets'];
+if($enabled_rulesets)
+ $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<?php
+echo "{$snort_general_css}\n";
+?>
+
+<div class="body2">
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
+
+<?php
+
+echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
+
+?> <?php
+
+/* Display message */
+
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+
+if ($savemsg) {
+ print_info_box2($savemsg);
+}
+
+if (file_exists($d_snortconfdirty_path)) {
+ echo '<p>';
+
+ if($savemsg) {
+ print_info_box_np2("{$savemsg}");
+ }else{
+ print_info_box_np2('
+ The Snort configuration has changed and snort needs to be restarted on this interface.<br>
+ You must apply the changes in order for them to take effect.<br>
+ ');
+ }
+}
+
+?>
+
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td>
+ <div id="mainarea2">
+ <table id="maintable" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Enabled</td>
+ <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on 64 bit architectures.';}?></td>
+ <!-- <td class="listhdrr">Description</td> -->
+ </tr>
+ <?php
+ $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
+ $dh = opendir($dir);
+ while (false !== ($filename = readdir($dh))) {
+ $files[] = basename($filename);
+ }
+ sort($files);
+ foreach($files as $file) {
+ if(!stristr($file, ".rules"))
+ continue;
+ echo "<tr>\n";
+ echo "<td align=\"center\" valign=\"top\">";
+ if(is_array($enabled_rulesets_array))
+ if(in_array($file, $enabled_rulesets_array)) {
+ $CHECKED = " checked=\"checked\"";
+ } else {
+ $CHECKED = "";
+ }
+ else
+ $CHECKED = "";
+ echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n";
+ echo "</td>\n";
+ echo "<td>\n";
+ echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
+ echo "</td>\n</tr>\n\n";
+ //echo "<td>";
+ //echo "description";
+ //echo "</td>";
+ }
+
+ ?>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ <tr>
+ <td>Check the rulesets that you would like Snort to load at startup.</td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ <tr>
+ <td><input value="Save" type="submit" name="Submit" id="Submit" /></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+</form>
+
+<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.</p>
+
+</div>
+
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/css/new_tab_menu.css b/config/snort-dev/snortsam-package-code/css/new_tab_menu.css
new file mode 100644
index 00000000..1592be9f
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/css/new_tab_menu.css
@@ -0,0 +1,110 @@
+/*
+ new_tab_menu.css
+ part of pfSense
+ Copyright (C) 2010-2011 Robert Zelaya
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+
+ Replace your old tab menu with the following code. To add a second tab menu line just cut and paste again.
+ The following code is dependent on new_tab_menu.css and images/new_tab_menu.png.
+
+ <tr>
+ <td>
+ <?php
+ $tab_array_indent = 0; // move to the line in px
+ $tab_array_space = 1; // space betwen lines in px
+ $tab_array_char_limit = 82; // number or chr before the drop down box
+ $tab_array = array();
+ $tab_array[] = array(gettext("Admin Access"), true, "system_advanced_admin.php");
+ $tab_array[] = array(gettext("Firewall / NAT"), false, "system_advanced_firewall.php");
+ $tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
+ $tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
+ $tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
+ $tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
+ display_top_tabs($tab_array);
+ ?>
+ </td>
+ </tr>
+
+*/
+
+
+.spannewtab {
+ font-size: 0.9em;
+}
+
+.newtabmenu ul, li{
+ border:0;
+ margin:0; padding:0;
+ list-style:none;
+}
+
+.newtabmenu li{float:left; margin-right:2px; text-align: center;}
+.newtabmenu a:link, .newtabmenu a:visited{
+ background:url(/snort/images/new_tab_menu.png) right 45px;
+ color:#ffffff; /* noactive font */
+ display:block;
+ /* fix for IE6 */
+ display: inline-block;
+ /* END */
+ font-weight:bold;
+ font-size:.9em;
+ height:20px;
+ line-height:20px;
+ text-decoration:none;
+}
+.newtabmenu a span{
+ background:url(/snort/images/new_tab_menu.png) left 45px;
+ display:block;
+ /* fix for IE6 */
+ display: inline-block;
+ /* END */
+ height:20px;
+ margin-right:7px;
+ padding-left:7px;
+}
+.newtabmenu a:hover{
+ background:url(/snort/images/new_tab_menu.png) right 23px;
+ display:block;
+ /* fix for IE6 */
+ display: inline-block;
+ /* END */
+ color:#ffffff; /* hover over font */
+}
+.newtabmenu a:hover span{
+ background:url(/snort/images/new_tab_menu.png) left 23px;
+ display:block;
+ /* fix for IE6 */
+ display: inline-block;
+ /* END */
+}
+
+/* -------------------------------- */
+/* ACTIVE ELEMENTS */
+.newtabmenu_active a:link, .newtabmenu_active a:visited, .newtabmenu_active a:visited, .newtabmenu_active a:hover{
+ color:#000000; /* active font */
+ background:url(/snort/images/new_tab_menu.png) right 0 no-repeat;
+}
+.newtabmenu_active a span, .newtabmenu_active a:hover span{
+ background:url(/snort/images/new_tab_menu.png) left 0 no-repeat;
+}
diff --git a/config/snort-dev/snortsam-package-code/css/style_snort2.css b/config/snort-dev/snortsam-package-code/css/style_snort2.css
new file mode 100644
index 00000000..16b2e327
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/css/style_snort2.css
@@ -0,0 +1,571 @@
+@charset "utf-8";
+
+
+/* ips tab css */
+
+#infotext_ips {
+
+ vertical-align: middle;
+
+}
+
+.nextClickList {
+ margin-bottom: 5px;
+}
+
+.nextClickListColorEven {
+ padding-top: 2px;
+ padding-bottom: 2px;
+ padding-left: 10px;
+ padding-right: 10px;
+ background-color: #ffffff;
+ font-size: 11px;
+ border-bottom-color: #999999;
+ border-bottom-width: 1px;
+ border-bottom-style: solid;
+ border-right-color: #999999;
+ border-right-width: 1px;
+ border-right-style: solid;
+}
+
+.nextClickListColorOdd {
+ padding-top: 2px;
+ padding-bottom: 2px;
+ padding-left: 10px;
+ padding-right: 10px;
+ background-color: #eeeeee;
+ font-size: 11px;
+ border-bottom-color: #999999;
+ border-bottom-width: 1px;
+ border-bottom-style: solid;
+ border-right-color: #999999;
+ border-right-width: 1px;
+ border-right-style: solid;
+}
+
+
+#right {
+
+ position: relative;
+ top: -10px;
+ left: 0px;
+ width: 800px;
+ margin-top: 0px;
+ margin-left: 0px;
+ margin-right: 5px;
+ padding-top: 20px;
+ padding-left: 0px;
+ padding-right: 0px;
+ padding-bottom: 90px;
+ min-height: 400px;
+
+}
+
+.odd_ruleset2 {
+ text-align: center;
+ background-color: #ffffff;
+ border-left: 1px solid #999999;
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+ padding-right: 2px;
+ padding-left: 2px;
+ padding-top: 4px;
+ padding-bottom: 4px;
+}
+
+.even_ruleset2 {
+ text-align: center;
+ background-color: #eeeeee;
+ border-left: 1px solid #999999;
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+ padding-right: 2px;
+ padding-left: 2px;
+ padding-top: 4px;
+ padding-bottom: 4px;
+}
+
+.odd_ruleset {
+
+ background-color: #ffffff;
+ border-left: 1px solid #999999;
+ border-bottom: 1px solid #999999;
+ font-size: 14px;
+ padding-right: 2px;
+ padding-left: 20px;
+ padding-top: 2px;
+ padding-bottom: 2px;
+
+}
+
+.even_ruleset {
+
+ background-color: #eeeeee;
+ border-left: 1px solid #999999;
+ border-bottom: 1px solid #999999;
+ font-size: 14px;
+ padding-right: 2px;
+ padding-left: 20px;
+ padding-top: 2px;
+ padding-bottom: 2px;
+
+}
+
+.rulesetbkg {
+ background-color: #eeeeee;
+ padding-right: 0px;
+ padding-left: 0px;
+ border-bottom: 1px solid #999999;
+ font-size: 15px;
+}
+
+
+.hiddendownloadlink {
+ visibility:hidden;
+}
+
+#loadingWaiting, #loadingRuleEditGUI, #loadingRuleUpadteGUI{
+ display:none;
+ position:fixed;
+ left:0;
+ top:0;
+ width:100%;
+ height:100%;
+ background-image:url("/snort/images/transparentbg.png");
+ z-index: 9998;
+ color: #ffffff;
+}
+
+.loadingWaitingMessage{
+
+ text-align: center;
+ margin-top:40px;
+
+}
+
+.snortModal {
+ width:500px;
+ height:300px;
+ position:absolute;
+ z-index:999;
+ background-color:#000;
+}
+
+.snortModalTop {
+ width:500px;
+ height:25px;
+ background-image:url( '/snort/images/top_modal_bar_lil.jpg' );
+ background-repeat:repeat-x;
+ margin-bottom:1px;
+}
+
+.snortModalTitle {
+ text-align: center;
+}
+
+.snortModalTopClose {
+ width:9px;
+ height:9px;
+ float:right;
+ margin-right:10px;
+ margin-top:8px;
+}
+
+.snortModalUpdate {
+ width: 700px;
+ height: 200px;
+ z-index:999;
+ background-color:#000000;
+}
+
+.snortModalTopUpdate {
+ width: 700px;
+ height: 25px;
+ background-image:url( '/snort/images/top_modal_bar_lil.jpg' );
+ background-repeat:repeat-x;
+ margin-bottom:1px;
+}
+
+.snortModalTitleUpdate {
+ position:absolute;
+ left: 50px;
+ width: 600px;
+ margin-top: 0px;
+ margin-bottom: 0px;
+}
+
+.snortModalTitleUpdateMsg1 {
+ top: 50px;
+ font-weight: bold;
+ font-size: 24px;
+}
+
+.snortModalTitleUpdateBar {
+ top: 90px;
+}
+
+.snortModalTitleUpdateMsg2 {
+ top: 145px;
+}
+
+.listhdrr2 {
+ background-color: #BBBBBB;
+ padding-right: 1px;
+ padding-left: 1px;
+ font-weight: bold;
+ border-right: 1px solid #999999;
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+ padding-top: 5px;
+ padding-bottom: 5px;
+}
+
+.listtopic2 {
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+ background-color: #eeeeee;
+ padding-right: 16px;
+ padding-left: 6px;
+ color: #000000;
+ font-weight: bold;
+ padding-top: 5px;
+ padding-bottom: 5px;
+}
+
+.listtopic3 {
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+ background-color: #eeeeee;
+ padding-right: 6px;
+ padding-left: 16px;
+ color: #000000;
+ font-weight: bold;
+}
+
+#footer2 {
+ background-color: transparent;
+ background-image: url("/snort/images/logo22.png");
+ width: 720px;
+ height: 60px;
+ text-align: center;
+ font-size: 0.8em;
+}
+
+.alert {
+ position:absolute;
+ top:10px;
+ left:-25px;
+ width:100%;
+ height:90%;
+ z-index:999;
+ background:#FCE9C0;
+ background-position: 15px;
+ border-top:2px solid #DBAC48;
+ border-bottom:2px solid #DBAC48;
+ padding: 15px 10px 85% 50px;
+}
+
+.formpre {
+ font-family:arial;
+ font-size: 1.1em;
+}
+
+#download_rules {
+ font-family: arial;
+ font-size: 13px;
+ font-weight: bold;
+ text-align: center;
+}
+
+#download_rules_td {
+ font-family: arial;
+ font-size: 13px;
+ font-weight: bold;
+ text-align: center;
+}
+
+/* hack fix the hard coded fbegin link */
+#header-left2 {
+ position: absolute;
+ background-position: center center;
+ height: 67px;
+ width: 147px;
+ top: -77px;
+ left: 8px;
+ float: left;
+ z-index:999;
+}
+#header-left2 #status-link2 {
+ position: relative;
+ top: 3px;
+ left: 2px;
+}
+/* end of fbegin hack */
+
+.body2 {
+ font-family:arial;
+ font-size:12px;
+}
+
+.tabcont {
+ background-color: #dddddd;
+ padding-right: 12px;
+ padding-left: 12px;
+ padding-top: 12px;
+ padding-bottom: 12px;
+}
+
+.tabcont2 {
+ background-color: #eeeeee;
+ padding-right: 12px;
+ padding-left: 12px;
+ padding-top: 12px;
+ padding-bottom: 12px;
+}
+
+.vncell2 {
+ background-color: #eeeeee;
+ padding-right: 5px;
+ padding-left: 5px;
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+}
+
+.vncelltextbox {
+ background-color: #eeeeee;
+ padding-top: 8px;
+ padding-bottom: 8px;
+ padding-right: 8px;
+ padding-left: 8px;
+ border-bottom-width: 1px;
+ border-bottom-style: solid;
+ border-bottom-color: #999999;
+ font-size: 11px;
+}
+
+/* global tab, white lil box */
+.vncell3 {
+ width: 50px;
+ background-color: #eeeeee;
+ padding-right: 2px;
+ padding-left: 2px;
+ border-bottom-width: 1px;
+ border-bottom-style: solid;
+ border-bottom-color: #999999;
+ font-size: 11px;
+}
+
+.vncellreq2 {
+background-color: #eeeeee;
+padding-right: 20px;
+padding-left: 8px;
+font-weight: bold;
+border-bottom-width: 1px;
+border-bottom-style: solid;
+border-bottom-color: #999999;
+font-size: 11px;
+}
+
+/* Start of main css Pfsense */
+/* Start of main css Pfsense */
+
+.textstyle {
+ font-family: "Arial", "Helvetica", "sans-serif";
+ font-size: 12px;
+ font-style: normal;
+ background-color: #666;
+ color: #CCC;
+}
+.textstyle p2 a {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 12px;
+ font-style: normal;
+ color: #CCC;
+}
+
+.textstyle p {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 24px;
+ font-weight: bold;
+ color: #FFF;
+ text-decoration: underline;
+}
+.textstyle p2 {
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 12px;
+ color: #CCC;
+}
+
+/* Start of main css for table sort */
+/* Start of main css for table sort */
+
+table {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-family: Arial, Helvetica, sans-serif;
+ vertical-align: baseline;
+}
+
+/* Tables still need 'cellspacing="0"' in the markup. */
+table { border-collapse: separate; border-spacing: 0; }
+caption, th, td { text-align: left; font-weight:400; }
+
+/* Remove possible quote marks (") from <q>, <blockquote>. */
+blockquote:before, blockquote:after, q:before, q:after { content: ""; }
+blockquote, q { quotes: "" ""; }
+
+#container {
+ width: auto;
+ margin: 0px;
+ padding-top: 10px;
+ padding-bottom: 10px;
+}
+
+
+
+/**************************************************************
+
+ Sortable Table
+ v 1.4
+
+**************************************************************/
+
+
+
+th {
+ background-color: #eee;
+ background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px;
+ padding: 4px 4px 4px 14px;
+}
+
+.allRow {
+ background-color: #eee;
+ padding: 4px;
+}
+
+tr.altRow {
+ background-color: #fff;
+}
+
+.leftAlign {
+ text-align: left;
+}
+
+.centerAlign {
+ text-align: center;
+}
+
+.rightAlign {
+ text-align: right;
+}
+
+.sortedASC {
+ background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee;
+}
+
+.sortedDESC {
+ background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee;
+}
+
+.tableHeaderOver {
+ cursor: pointer;
+ color: #354158;
+}
+
+
+tr.selected {
+ background-color: #9999ff;
+ color: #000000;
+}
+
+tr.over {
+ background-color: #993333;
+ color: #fff;
+ cursor: pointer;
+}
+
+tr.hide {
+ display: none;
+}
+/***************************/
+
+.mainTableFilter {
+ position: absolute;
+ top: 0;
+ left: -10px;
+ width: auto;
+}
+
+.tableFilter {
+ border: 1px solid #ccc;
+ padding: 2px;
+ margin: 5px 0 10px 0;
+}
+
+.tableFilter input {
+ border: 1px solid #ccc;
+}
+
+.tableFilter select {
+ border: 1px solid #ccc;
+}
+
+.listbg2 {
+ border-right: 1px solid #999999;
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+ background-color: #090;
+ color: #000;
+ padding-right: 16px;
+ padding-left: 6px;
+ padding-top: 4px;
+ padding-bottom: 4px;
+}
+
+.listbg3 {
+ border-right: 1px solid #999999;
+ border-bottom: 1px solid #999999;
+ font-size: 11px;
+ background-color: #777777;
+ color: #000;
+ padding-right: 16px;
+ padding-left: 6px;
+ padding-top: 4px;
+ padding-bottom: 4px;
+}
+
+#tdbggrey {
+
+background-color: #ddd;
+
+}
+
+.formfld2
+{
+padding-left: 8px;
+font-size: small;
+}
+
+/*********Input Highlight*****************/
+
+.formfld2 {
+ outline:none;
+ transition: all 0.25s ease-in-out;
+ -webkit-transition: all 0.25s ease-in-out;
+ -moz-transition: all 0.25s ease-in-out;
+ border-radius:1px;
+ -webkit-border-radius:1px;
+ -moz-border-radius:1px;
+ border:1px solid rgba(0,0,0, 0.2);
+}
+
+.formfld2:focus {
+ box-shadow: 0 0 2px rgba(156, 156, 156, 1);
+ -webkit-box-shadow: 0 0 2px rgba(156, 156, 156, 1);
+ -moz-box-shadow: 0 0 2px rgba(156, 156, 156, 1);
+ border:1px solid rgba(156,156,156, 0.8);
+}
+
diff --git a/config/snort-dev/snortsam-package-code/images/alert.jpg b/config/snort-dev/snortsam-package-code/images/alert.jpg
new file mode 100644
index 00000000..96c24e35
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/alert.jpg
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/arrow_down.png b/config/snort-dev/snortsam-package-code/images/arrow_down.png
new file mode 100644
index 00000000..2c4e2793
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/arrow_down.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/awesome-overlay-sprite.png b/config/snort-dev/snortsam-package-code/images/awesome-overlay-sprite.png
new file mode 100644
index 00000000..c3af7dd9
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/awesome-overlay-sprite.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/close_9x9.gif b/config/snort-dev/snortsam-package-code/images/close_9x9.gif
new file mode 100644
index 00000000..326f5fa5
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/close_9x9.gif
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/controls.png b/config/snort-dev/snortsam-package-code/images/controls.png
new file mode 100644
index 00000000..e1e97982
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/controls.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/down.gif b/config/snort-dev/snortsam-package-code/images/down.gif
new file mode 100644
index 00000000..2b3c99fc
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/down.gif
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/down2.gif b/config/snort-dev/snortsam-package-code/images/down2.gif
new file mode 100644
index 00000000..71bf92eb
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/down2.gif
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/footer.jpg b/config/snort-dev/snortsam-package-code/images/footer.jpg
new file mode 100644
index 00000000..4af05707
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/footer.jpg
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/footer2.jpg b/config/snort-dev/snortsam-package-code/images/footer2.jpg
new file mode 100644
index 00000000..3332e085
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/footer2.jpg
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/icon-table-sort-asc.png b/config/snort-dev/snortsam-package-code/images/icon-table-sort-asc.png
new file mode 100644
index 00000000..0c127919
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/icon-table-sort-asc.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/icon-table-sort-desc.png b/config/snort-dev/snortsam-package-code/images/icon-table-sort-desc.png
new file mode 100644
index 00000000..5c52f2d0
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/icon-table-sort-desc.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/icon-table-sort.png b/config/snort-dev/snortsam-package-code/images/icon-table-sort.png
new file mode 100644
index 00000000..3cae604b
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/icon-table-sort.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/icon_excli.png b/config/snort-dev/snortsam-package-code/images/icon_excli.png
new file mode 100644
index 00000000..4b54fa31
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/icon_excli.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/loading.gif b/config/snort-dev/snortsam-package-code/images/loading.gif
new file mode 100644
index 00000000..cbc00f09
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/loading.gif
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/logo.jpg b/config/snort-dev/snortsam-package-code/images/logo.jpg
new file mode 100644
index 00000000..fa01d818
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/logo.jpg
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/logo22.png b/config/snort-dev/snortsam-package-code/images/logo22.png
new file mode 100644
index 00000000..64ed9d75
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/logo22.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/new_tab_menu.png b/config/snort-dev/snortsam-package-code/images/new_tab_menu.png
new file mode 100644
index 00000000..f0e4cbeb
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/new_tab_menu.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/page_white_text.png b/config/snort-dev/snortsam-package-code/images/page_white_text.png
new file mode 100644
index 00000000..813f712f
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/page_white_text.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/progress_bar2.gif b/config/snort-dev/snortsam-package-code/images/progress_bar2.gif
new file mode 100644
index 00000000..81766a93
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/progress_bar2.gif
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/progressbar.gif b/config/snort-dev/snortsam-package-code/images/progressbar.gif
new file mode 100644
index 00000000..6d167f5b
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/progressbar.gif
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/top_modal_bar_lil.jpg b/config/snort-dev/snortsam-package-code/images/top_modal_bar_lil.jpg
new file mode 100644
index 00000000..f0049de8
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/top_modal_bar_lil.jpg
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/transparent.gif b/config/snort-dev/snortsam-package-code/images/transparent.gif
new file mode 100644
index 00000000..e7ccd741
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/transparent.gif
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/transparentbg.png b/config/snort-dev/snortsam-package-code/images/transparentbg.png
new file mode 100644
index 00000000..86918930
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/transparentbg.png
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/up.gif b/config/snort-dev/snortsam-package-code/images/up.gif
new file mode 100644
index 00000000..89596771
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/up.gif
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/images/up2.gif b/config/snort-dev/snortsam-package-code/images/up2.gif
new file mode 100644
index 00000000..21c5a254
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/images/up2.gif
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/javascript/jquery-1.6.2.min.js b/config/snort-dev/snortsam-package-code/javascript/jquery-1.6.2.min.js
new file mode 100644
index 00000000..48590ecb
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/javascript/jquery-1.6.2.min.js
@@ -0,0 +1,18 @@
+/*!
+ * jQuery JavaScript Library v1.6.2
+ * http://jquery.com/
+ *
+ * Copyright 2011, John Resig
+ * Dual licensed under the MIT or GPL Version 2 licenses.
+ * http://jquery.org/license
+ *
+ * Includes Sizzle.js
+ * http://sizzlejs.com/
+ * Copyright 2011, The Dojo Foundation
+ * Released under the MIT, BSD, and GPL Licenses.
+ *
+ * Date: Thu Jun 30 14:16:56 2011 -0400
+ */
+(function(a,b){function cv(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cs(a){if(!cg[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cr(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cq(){cn=b}function cp(){setTimeout(cq,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g++){if(g===1)for(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l+" "+k,n=e[m]||e["* "+k];if(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1]+" "+k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from "+m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}return c}function bZ(a,c,d){var e=a.contents,f=a.dataTypes,g=a.responseFields,h,i,j,k;for(i in g)i in d&&(c[g[i]]=d[i]);while(f[0]==="*")f.shift(),h===b&&(h=a.mimeType||c.getResponseHeader("content-type"));if(h)for(i in e)if(e[i]&&e[i].test(h)){f.unshift(i);break}if(f[0]in d)j=f[0];else{for(i in d){if(!f[0]||a.converters[i+" "+f[0]]){j=i;break}k||(k=i)}j=j||k}if(j){j!==f[0]&&f.unshift(j);return d[j]}}function bY(a,b,c,d){if(f.isArray(b))f.each(b,function(b,e){c||bC.test(a)?d(a,e):bY(a+"["+(typeof e=="object"||f.isArray(e)?b:"")+"]",e,c,d)});else if(!c&&b!=null&&typeof b=="object")for(var e in b)bY(a+"["+e+"]",b[e],c,d);else d(a,b)}function bX(a,c,d,e,f,g){f=f||c.dataTypes[0],g=g||{},g[f]=!0;var h=a[f],i=0,j=h?h.length:0,k=a===bR,l;for(;i<j&&(k||!l);i++)l=h[i](c,d,e),typeof l=="string"&&(!k||g[l]?l=b:(c.dataTypes.unshift(l),l=bX(a,c,d,e,l,g)));(k||!l)&&!g["*"]&&(l=bX(a,c,d,e,"*",g));return l}function bW(a){return function(b,c){typeof b!="string"&&(c=b,b="*");if(f.isFunction(c)){var d=b.toLowerCase().split(bN),e=0,g=d.length,h,i,j;for(;e<g;e++)h=d[e],j=/^\+/.test(h),j&&(h=h.substr(1)||"*"),i=a[h]=a[h]||[],i[j?"unshift":"push"](c)}}}function bA(a,b,c){var d=b==="width"?a.offsetWidth:a.offsetHeight,e=b==="width"?bv:bw;if(d>0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bx(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bm(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(be,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bl(a){f.nodeName(a,"input")?bk(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bk)}function bk(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bj(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bi(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bh(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i<j;i++)f.event.add(b,h+(g[h][i].namespace?".":"")+g[h][i].namespace,g[h][i],g[h][i].data)}}}}function bg(a,b){return f.nodeName(a,"table")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function W(a,b,c){b=b||0;if(f.isFunction(b))return f.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return f.grep(a,function(a,d){return a===b===c});if(typeof b=="string"){var d=f.grep(a,function(a){return a.nodeType===1});if(R.test(b))return f.filter(b,d,!c);b=f.filter(b,d)}return f.grep(a,function(a,d){return f.inArray(a,b)>=0===c})}function V(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function N(a,b){return(a&&a!=="*"?a+".":"")+b.replace(z,"`").replace(A,"&")}function M(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;i<s.length;i++)g=s[i],g.origType.replace(x,"")===a.type?q.push(g.selector):s.splice(i--,1);e=f(a.target).closest(q,a.currentTarget);for(j=0,k=e.length;j<k;j++){m=e[j];for(i=0;i<s.length;i++){g=s[i];if(m.selector===g.selector&&(!n||n.test(g.namespace))&&!m.elem.disabled){h=m.elem,d=null;if(g.preType==="mouseenter"||g.preType==="mouseleave")a.type=g.preType,d=f(a.relatedTarget).closest(g.selector)[0],d&&f.contains(h,d)&&(d=h);(!d||d!==h)&&p.push({elem:h,handleObj:g,level:m.level})}}}for(j=0,k=p.length;j<k;j++){e=p[j];if(c&&e.level>c)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function K(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function E(){return!0}function D(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"$1-$2").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function J(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(J,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z])/ig,x=function(a,b){return b.toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.2",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j<k;j++)if((a=arguments[j])!=null)for(c in a){d=i[c],f=a[c];if(i===f)continue;l&&f&&(e.isPlainObject(f)||(g=e.isArray(f)))?(g?(g=!1,h=d&&e.isArray(d)?d:[]):h=d&&e.isPlainObject(d)?d:{},i[c]=e.extend(l,h,f)):f!==b&&(i[c]=f)}return i},e.extend({noConflict:function(b){a.$===e&&(a.$=g),b&&a.jQuery===e&&(a.jQuery=f);return e},isReady:!1,readyWait:1,holdReady:function(a){a?e.readyWait++:e.ready(!0)},ready:function(a){if(a===!0&&!--e.readyWait||a!==!0&&!e.isReady){if(!c.body)return setTimeout(e.ready,1);e.isReady=!0;if(a!==!0&&--e.readyWait>0)return;A.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!A){A=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1;var c;for(c in a);return c===b||D.call(a,c)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(b,c,d){a.DOMParser?(d=new DOMParser,c=d.parseFromString(b,"text/xml")):(c=new ActiveXObject("Microsoft.XMLDOM"),c.async="false",c.loadXML(b)),d=c.documentElement,(!d||!d.nodeName||d.nodeName==="parsererror")&&e.error("Invalid XML: "+b);return c},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g<h;)if(c.apply(a[g++],d)===!1)break}else if(i){for(f in a)if(c.call(a[f],f,a[f])===!1)break}else for(;g<h;)if(c.call(a[g],g,a[g++])===!1)break;return a},trim:G?function(a){return a==null?"":G.call(a)}:function(a){return a==null?"":(a+"").replace(k,"").replace(l,"")},makeArray:function(a,b){var c=b||[];if(a!=null){var d=e.type(a);a.length==null||d==="string"||d==="function"||d==="regexp"||e.isWindow(a)?E.call(c,a):e.merge(c,a)}return c},inArray:function(a,b){if(H)return H.call(b,a);for(var c=0,d=b.length;c<d;c++)if(b[c]===a)return c;return-1},merge:function(a,c){var d=a.length,e=0;if(typeof c.length=="number")for(var f=c.length;e<f;e++)a[d++]=c[e];else while(c[e]!==b)a[d++]=c[e++];a.length=d;return a},grep:function(a,b,c){var d=[],e;c=!!c;for(var f=0,g=a.length;f<g;f++)e=!!b(a[f],f),c!==e&&d.push(a[f]);return d},map:function(a,c,d){var f,g,h=[],i=0,j=a.length,k=a instanceof e||j!==b&&typeof j=="number"&&(j>0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i<j;i++)f=c(a[i],i,d),f!=null&&(h[h.length]=f);else for(g in a)f=c(a[g],g,d),f!=null&&(h[h.length]=f);return h.concat.apply([],h)},guid:1,proxy:function(a,c){if(typeof c=="string"){var d=a[c];c=a,a=d}if(!e.isFunction(a))return b;var f=F.call(arguments,2),g=function(){return a.apply(c,f.concat(F.call(arguments)))};g.guid=a.guid=a.guid||g.guid||e.guid++;return g},access:function(a,c,d,f,g,h){var i=a.length;if(typeof c=="object"){for(var j in c)e.access(a,j,c[j],f,g,d);return a}if(d!==b){f=!h&&f&&e.isFunction(d);for(var k=0;k<i;k++)g(a[k],c,f?d.call(a[k],k,g(a[k],c)):d,h);return a}return i?g(a[0],c):b},now:function(){return(new Date).getTime()},uaMatch:function(a){a=a.toLowerCase();var b=s.exec(a)||t.exec(a)||u.exec(a)||a.indexOf("compatible")<0&&v.exec(a)||[];return{browser:b[1]||"",version:b[2]||"0"}},sub:function(){function a(b,c){return new a.fn.init(b,c)}e.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.constructor=a,a.sub=this.sub,a.fn.init=function(d,f){f&&f instanceof e&&!(f instanceof a)&&(f=a(f));return e.fn.init.call(this,d,f,b)},a.fn.init.prototype=a.fn;var b=a(c);return a},browser:{}}),e.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(a,b){I["[object "+b+"]"]=b.toLowerCase()}),z=e.uaMatch(y),z.browser&&(e.browser[z.browser]=!0,e.browser.version=z.version),e.browser.webkit&&(e.browser.safari=!0),j.test(" ")&&(k=/^[\s\xA0]+/,l=/[\s\xA0]+$/),h=e(c),c.addEventListener?B=function(){c.removeEventListener("DOMContentLoaded",B,!1),e.ready()}:c.attachEvent&&(B=function(){c.readyState==="complete"&&(c.detachEvent("onreadystatechange",B),e.ready())});return e}(),g="done fail isResolved isRejected promise then always pipe".split(" "),h=[].slice;f.extend({_Deferred:function(){var a=[],b,c,d,e={done:function(){if(!d){var c=arguments,g,h,i,j,k;b&&(k=b,b=0);for(g=0,h=c.length;g<h;g++)i=c[g],j=f.type(i),j==="array"?e.done.apply(e,i):j==="function"&&a.push(i);k&&e.resolveWith(k[0],k[1])}return this},resolveWith:function(e,f){if(!d&&!b&&!c){f=f||[],c=1;try{while(a[0])a.shift().apply(e,f)}finally{b=[e,f],c=0}}return this},resolve:function(){e.resolveWith(this,arguments);return this},isResolved:function(){return!!c||!!b},cancel:function(){d=1,a=[];return this}};return e},Deferred:function(a){var b=f._Deferred(),c=f._Deferred(),d;f.extend(b,{then:function(a,c){b.done(a).fail(c);return this},always:function(){return b.done.apply(b,arguments).fail.apply(this,arguments)},fail:c.done,rejectWith:c.resolveWith,reject:c.resolve,isRejected:c.isResolved,pipe:function(a,c){return f.Deferred(function(d){f.each({done:[a,"resolve"],fail:[c,"reject"]},function(a,c){var e=c[0],g=c[1],h;f.isFunction(e)?b[a](function(){h=e.apply(this,arguments),h&&f.isFunction(h.promise)?h.promise().then(d.resolve,d.reject):d[g](h)}):b[a](d[g])})}).promise()},promise:function(a){if(a==null){if(d)return d;d=a={}}var c=g.length;while(c--)a[g[c]]=b[g[c]];return a}}),b.done(c.cancel).fail(b.cancel),delete b.cancel,a&&a.call(b,b);return b},when:function(a){function i(a){return function(c){b[a]=arguments.length>1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c<d;c++)b[c]&&f.isFunction(b[c].promise)?b[c].promise().then(i(c),g.reject):--e;e||g.resolveWith(g,b)}else g!==a&&g.resolveWith(g,d?[a]:[]);return g.promise()}}),f.support=function(){var a=c.createElement("div"),b=c.documentElement,d,e,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u;a.setAttribute("className","t"),a.innerHTML=" <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0},m&&f.extend(p,{position:"absolute",left:-1e3,top:-1e3});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="<div style='width:4px;'></div>",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="<table><tr><td style='padding:0;border:0;display:none'></td><td>t</td></tr></table>",q=a.getElementsByTagName("td"),u=q[0].offsetHeight===0,q[0].style.display="",q[1].style.display="none",k.reliableHiddenOffsets=u&&q[0].offsetHeight===0,a.innerHTML="",c.defaultView&&c.defaultView.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",a.appendChild(j),k.reliableMarginRight=(parseInt((c.defaultView.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0),o.innerHTML="",n.removeChild(o);if(a.attachEvent)for(t in{submit:1,change:1,focusin:1})s="on"+t,u=s in a,u||(a.setAttribute(s,"return;"),u=typeof a[s]=="function"),k[t+"Bubbles"]=u;o=l=g=h=m=j=a=i=null;return k}(),f.boxModel=f.support.boxModel;var i=/^(?:\{.*\}|\[.*\])$/,j=/([a-z])([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!l(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g=f.expando,h=typeof c=="string",i,j=a.nodeType,k=j?f.cache:a,l=j?a[f.expando]:a[f.expando]&&f.expando;if((!l||e&&l&&!k[l][g])&&h&&d===b)return;l||(j?a[f.expando]=l=++f.uuid:l=f.expando),k[l]||(k[l]={},j||(k[l].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?k[l][g]=f.extend(k[l][g],c):k[l]=f.extend(k[l],c);i=k[l],e&&(i[g]||(i[g]={}),i=i[g]),d!==b&&(i[f.camelCase(c)]=d);if(c==="events"&&!i[c])return i[g]&&i[g].events;return h?i[f.camelCase(c)]||i[c]:i}},removeData:function(b,c,d){if(!!f.acceptData(b)){var e=f.expando,g=b.nodeType,h=g?f.cache:b,i=g?b[f.expando]:f.expando;if(!h[i])return;if(c){var j=d?h[i][e]:h[i];if(j){delete j[c];if(!l(j))return}}if(d){delete h[i][e];if(!l(h[i]))return}var k=h[i][e];f.support.deleteExpando||h!=a?delete h[i]:h[i]=null,k?(h[i]={},g||(h[i].toJSON=f.noop),h[i][e]=k):g&&(f.support.deleteExpando?delete b[f.expando]:b.removeAttribute?b.removeAttribute(f.expando):b[f.expando]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute("classid")===b}return!0}}),f.fn.extend({data:function(a,c){var d=null;if(typeof a=="undefined"){if(this.length){d=f.data(this[0]);if(this[0].nodeType===1){var e=this[0].attributes,g;for(var h=0,i=e.length;h<i;h++)g=e[h].name,g.indexOf("data-")===0&&(g=f.camelCase(g.substring(5)),k(this[0],g,d[g]))}}return d}if(typeof a=="object")return this.each(function(){f.data(this,a)});var j=a.split(".");j[1]=j[1]?"."+j[1]:"";if(c===b){d=this.triggerHandler("getData"+j[1]+"!",[j[0]]),d===b&&this.length&&(d=f.data(this[0],a),d=k(this[0],a,d));return d===b&&j[1]?this.data(j[0]):d}return this.each(function(){var b=f(this),d=[j[0],c];b.triggerHandler("setData"+j[1]+"!",d),f.data(this,a,c),b.triggerHandler("changeData"+j[1]+"!",d)})},removeData:function(a){return this.each(function(){f.removeData(this,a)})}}),f.extend({_mark:function(a,c){a&&(c=(c||"fx")+"mark",f.data(a,c,(f.data(a,c,b,!0)||0)+1,!0))},_unmark:function(a,c,d){a!==!0&&(d=c,c=a,a=!1);if(c){d=d||"fx";var e=d+"mark",g=a?0:(f.data(c,e,b,!0)||1)-1;g?f.data(c,e,g,!0):(f.removeData(c,e,!0),m(c,d,"mark"))}},queue:function(a,c,d){if(a){c=(c||"fx")+"queue";var e=f.data(a,c,b,!0);d&&(!e||f.isArray(d)?e=f.data(a,c,f.makeArray(d),!0):e.push(d));return e||[]}},dequeue:function(a,b){b=b||"fx";var c=f.queue(a,b),d=c.shift(),e;d==="inprogress"&&(d=c.shift()),d&&(b==="fx"&&c.unshift("inprogress"),d.call(a,function(){f.dequeue(a,b)})),c.length||(f.removeData(a,b+"queue",!0),m(a,b,"queue"))}}),f.fn.extend({queue:function(a,c){typeof a!="string"&&(c=a,a="fx");if(c===b)return f.queue(this[0],a);return this.each(function(){var b=f.queue(this,a,c);a==="fx"&&b[0]!=="inprogress"&&f.dequeue(this,a)})},dequeue:function(a){return this.each(function(){f.dequeue(this,a)})},delay:function(a,b){a=f.fx?f.fx.speeds[a]||a:a,b=b||"fx";return this.queue(b,function(){var c=this;setTimeout(function(){f.dequeue(c,b)},a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,c){function m(){--h||d.resolveWith(e,[e])}typeof a!="string"&&(c=a,a=b),a=a||"fx";var d=f.Deferred(),e=this,g=e.length,h=1,i=a+"defer",j=a+"queue",k=a+"mark",l;while(g--)if(l=f.data(e[g],i,b,!0)||(f.data(e[g],j,b,!0)||f.data(e[g],k,b,!0))&&f.data(e[g],i,f._Deferred(),!0))h++,l.done(m);m();return d.promise()}});var n=/[\n\t\r]/g,o=/\s+/,p=/\r/g,q=/^(?:button|input)$/i,r=/^(?:button|input|object|select|textarea)$/i,s=/^a(?:rea)?$/i,t=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,u=/\:|^on/,v,w;f.fn.extend({attr:function(a,b){return f.access(this,a,b,!0,f.attr)},removeAttr:function(a){return this.each(function(){f.removeAttr(this,a)})},prop:function(a,b){return f.access(this,a,b,!0,f.prop)},removeProp:function(a){a=f.propFix[a]||a;return this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,g,h,i;if(f.isFunction(a))return this.each(function(b){f(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(o);for(c=0,d=this.length;c<d;c++){e=this[c];if(e.nodeType===1)if(!e.className&&b.length===1)e.className=a;else{g=" "+e.className+" ";for(h=0,i=b.length;h<i;h++)~g.indexOf(" "+b[h]+" ")||(g+=b[h]+" ");e.className=f.trim(g)}}}return this},removeClass:function(a){var c,d,e,g,h,i,j;if(f.isFunction(a))return this.each(function(b){f(this).removeClass(a.call(this,b,this.className))});if(a&&typeof a=="string"||a===b){c=(a||"").split(o);for(d=0,e=this.length;d<e;d++){g=this[d];if(g.nodeType===1&&g.className)if(a){h=(" "+g.className+" ").replace(n," ");for(i=0,j=c.length;i<j;i++)h=h.replace(" "+c[i]+" "," ");g.className=f.trim(h)}else g.className=""}}return this},toggleClass:function(a,b){var c=typeof a,d=typeof b=="boolean";if(f.isFunction(a))return this.each(function(c){f(this).toggleClass(a.call(this,c,this.className,b),b)});return this.each(function(){if(c==="string"){var e,g=0,h=f(this),i=b,j=a.split(o);while(e=j[g++])i=d?i:!h.hasClass(e),h[i?"addClass":"removeClass"](e)}else if(c==="undefined"||c==="boolean")this.className&&f._data(this,"__className__",this.className),this.className=this.className||a===!1?"":f._data(this,"__className__")||""})},hasClass:function(a){var b=" "+a+" ";for(var c=0,d=this.length;c<d;c++)if((" "+this[c].className+" ").replace(n," ").indexOf(b)>-1)return!0;return!1},val:function(a){var c,d,e=this[0];if(!arguments.length){if(e){c=f.valHooks[e.nodeName.toLowerCase()]||f.valHooks[e.type];if(c&&"get"in c&&(d=c.get(e,"value"))!==b)return d;d=e.value;return typeof d=="string"?d.replace(p,""):d==null?"":d}return b}var g=f.isFunction(a);return this.each(function(d){var e=f(this),h;if(this.nodeType===1){g?h=a.call(this,d,e.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c=a.selectedIndex,d=[],e=a.options,g=a.type==="select-one";if(c<0)return null;for(var h=g?c:0,i=g?c+1:e.length;h<i;h++){var j=e[h];if(j.selected&&(f.support.optDisabled?!j.disabled:j.getAttribute("disabled")===null)&&(!j.parentNode.disabled||!f.nodeName(j.parentNode,"optgroup"))){b=f(j).val();if(g)return b;d.push(b)}}if(g&&!d.length&&e.length)return f(e[c]).val();return d},set:function(a,b){var c=f.makeArray(b);f(a).find("option").each(function(){this.selected=f.inArray(f(this).val(),c)>=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attrFix:{tabindex:"tabIndex"},attr:function(a,c,d,e){var g=a.nodeType;if(!a||g===3||g===8||g===2)return b;if(e&&c in f.attrFn)return f(a)[c](d);if(!("getAttribute"in a))return f.prop(a,c,d);var h,i,j=g!==1||!f.isXMLDoc(a);j&&(c=f.attrFix[c]||c,i=f.attrHooks[c],i||(t.test(c)?i=w:v&&c!=="className"&&(f.nodeName(a,"form")||u.test(c))&&(i=v)));if(d!==b){if(d===null){f.removeAttr(a,c);return b}if(i&&"set"in i&&j&&(h=i.set(a,d,c))!==b)return h;a.setAttribute(c,""+d);return d}if(i&&"get"in i&&j&&(h=i.get(a,c))!==null)return h;h=a.getAttribute(c);return h===null?b:h},removeAttr:function(a,b){var c;a.nodeType===1&&(b=f.attrFix[b]||b,f.support.getSetAttribute?a.removeAttribute(b):(f.attr(a,b,""),a.removeAttributeNode(a.getAttributeNode(b))),t.test(b)&&(c=f.propFix[b]||b)in a&&(a[c]=!1))},attrHooks:{type:{set:function(a,b){if(q.test(a.nodeName)&&a.parentNode)f.error("type property can't be changed");else if(!f.support.radioValue&&b==="radio"&&f.nodeName(a,"input")){var c=a.value;a.setAttribute("type",b),c&&(a.value=c);return b}}},tabIndex:{get:function(a){var c=a.getAttributeNode("tabIndex");return c&&c.specified?parseInt(c.value,10):r.test(a.nodeName)||s.test(a.nodeName)&&a.href?0:b}},value:{get:function(a,b){if(v&&f.nodeName(a,"button"))return v.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(v&&f.nodeName(a,"button"))return v.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e=a.nodeType;if(!a||e===3||e===8||e===2)return b;var g,h,i=e!==1||!f.isXMLDoc(a);i&&(c=f.propFix[c]||c,h=f.propHooks[c]);return d!==b?h&&"set"in h&&(g=h.set(a,d,c))!==b?g:a[c]=d:h&&"get"in h&&(g=h.get(a,c))!==b?g:a[c]},propHooks:{}}),w={get:function(a,c){return f.prop(a,c)?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},f.support.getSetAttribute||(f.attrFix=f.propFix,v=f.attrHooks.name=f.attrHooks.title=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&d.nodeValue!==""?d.nodeValue:b},set:function(a,b,c){var d=a.getAttributeNode(c);if(d){d.nodeValue=b;return b}}},f.each(["width","height"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===""){a.setAttribute(b,"auto");return c}}})})),f.support.hrefNormalized||f.each(["href","src","width","height"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}})),f.support.checkOn||f.each(["radio","checkbox"],function(){f.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),f.each(["radio","checkbox"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var x=/\.(.*)$/,y=/^(?:textarea|input|select)$/i,z=/\./g,A=/ /g,B=/[^\w\s.|`]/g,C=function(a){return a.replace(B,"\\$&")};f.event={add:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){if(d===!1)d=D;else if(!d)return;var g,h;d.handler&&(g=d,d=g.handler),d.guid||(d.guid=f.guid++);var i=f._data(a);if(!i)return;var j=i.events,k=i.handle;j||(i.events=j={}),k||(i.handle=k=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.handle.apply(k.elem,arguments):b}),k.elem=a,c=c.split(" ");var l,m=0,n;while(l=c[m++]){h=g?f.extend({},g):{handler:d,data:e},l.indexOf(".")>-1?(n=l.split("."),l=n.shift(),h.namespace=n.slice(0).sort().join(".")):(n=[],h.namespace=""),h.type=l,h.guid||(h.guid=d.guid);var o=j[l],p=f.event.special[l]||{};if(!o){o=j[l]=[];if(!p.setup||p.setup.call(a,e,n,k)===!1)a.addEventListener?a.addEventListener(l,k,!1):a.attachEvent&&a.attachEvent("on"+l,k)}p.add&&(p.add.call(a,h),h.handler.guid||(h.handler.guid=d.guid)),o.push(h),f.event.global[l]=!0}a=null}},global:{},remove:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){d===!1&&(d=D);var g,h,i,j,k=0,l,m,n,o,p,q,r,s=f.hasData(a)&&f._data(a),t=s&&s.events;if(!s||!t)return;c&&c.type&&(d=c.handler,c=c.type);if(!c||typeof c=="string"&&c.charAt(0)==="."){c=c||"";for(h in t)f.event.remove(a,h+c);return}c=c.split(" ");while(h=c[k++]){r=h,q=null,l=h.indexOf(".")<0,m=[],l||(m=h.split("."),h=m.shift(),n=new RegExp("(^|\\.)"+f.map(m.slice(0).sort(),C).join("\\.(?:.*\\.)?")+"(\\.|$)")),p=t[h];if(!p)continue;if(!d){for(j=0;j<p.length;j++){q=p[j];if(l||n.test(q.namespace))f.event.remove(a,r,q.handler,j),p.splice(j--,1)}continue}o=f.event.special[h]||{};for(j=e||0;j<p.length;j++){q=p[j];if(d.guid===q.guid){if(l||n.test(q.namespace))e==null&&p.splice(j--,1),o.remove&&o.remove.call(a,q);if(e!=null)break}}if(p.length===0||e!=null&&p.length===1)(!o.teardown||o.teardown.call(a,m)===!1)&&f.removeEvent(a,h,s.handle),g=null,delete t[h]}if(f.isEmptyObject(t)){var u=s.handle;u&&(u.elem=null),delete s.events,delete s.handle,f.isEmptyObject(s)&&f.removeData(a,b,!0)}}},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,e,g){var h=c.type||c,i=[],j;h.indexOf("!")>=0&&(h=h.slice(0,-1),j=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.
+shift(),i.sort());if(!!e&&!f.event.customEvent[h]||!!f.event.global[h]){c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.exclusive=j,c.namespace=i.join("."),c.namespace_re=new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)");if(g||!e)c.preventDefault(),c.stopPropagation();if(!e){f.each(f.cache,function(){var a=f.expando,b=this[a];b&&b.events&&b.events[h]&&f.event.trigger(c,d,b.handle.elem)});return}if(e.nodeType===3||e.nodeType===8)return;c.result=b,c.target=e,d=d!=null?f.makeArray(d):[],d.unshift(c);var k=e,l=h.indexOf(":")<0?"on"+h:"";do{var m=f._data(k,"handle");c.currentTarget=k,m&&m.apply(k,d),l&&f.acceptData(k)&&k[l]&&k[l].apply(k,d)===!1&&(c.result=!1,c.preventDefault()),k=k.parentNode||k.ownerDocument||k===c.target.ownerDocument&&a}while(k&&!c.isPropagationStopped());if(!c.isDefaultPrevented()){var n,o=f.event.special[h]||{};if((!o._default||o._default.call(e.ownerDocument,c)===!1)&&(h!=="click"||!f.nodeName(e,"a"))&&f.acceptData(e)){try{l&&e[h]&&(n=e[l],n&&(e[l]=null),f.event.triggered=h,e[h]())}catch(p){}n&&(e[l]=n),f.event.triggered=b}}return c.result}},handle:function(c){c=f.event.fix(c||a.event);var d=((f._data(this,"events")||{})[c.type]||[]).slice(0),e=!c.exclusive&&!c.namespace,g=Array.prototype.slice.call(arguments,0);g[0]=c,c.currentTarget=this;for(var h=0,i=d.length;h<i;h++){var j=d[h];if(e||c.namespace_re.test(j.namespace)){c.handler=j.handler,c.data=j.data,c.handleObj=j;var k=j.handler.apply(this,g);k!==b&&(c.result=k,k===!1&&(c.preventDefault(),c.stopPropagation()));if(c.isImmediatePropagationStopped())break}}return c.result},props:"altKey attrChange attrName bubbles button cancelable charCode clientX clientY ctrlKey currentTarget data detail eventPhase fromElement handler keyCode layerX layerY metaKey newValue offsetX offsetY pageX pageY prevValue relatedNode relatedTarget screenX screenY shiftKey srcElement target toElement view wheelDelta which".split(" "),fix:function(a){if(a[f.expando])return a;var d=a;a=f.Event(d);for(var e=this.props.length,g;e;)g=this.props[--e],a[g]=d[g];a.target||(a.target=a.srcElement||c),a.target.nodeType===3&&(a.target=a.target.parentNode),!a.relatedTarget&&a.fromElement&&(a.relatedTarget=a.fromElement===a.target?a.toElement:a.fromElement);if(a.pageX==null&&a.clientX!=null){var h=a.target.ownerDocument||c,i=h.documentElement,j=h.body;a.pageX=a.clientX+(i&&i.scrollLeft||j&&j.scrollLeft||0)-(i&&i.clientLeft||j&&j.clientLeft||0),a.pageY=a.clientY+(i&&i.scrollTop||j&&j.scrollTop||0)-(i&&i.clientTop||j&&j.clientTop||0)}a.which==null&&(a.charCode!=null||a.keyCode!=null)&&(a.which=a.charCode!=null?a.charCode:a.keyCode),!a.metaKey&&a.ctrlKey&&(a.metaKey=a.ctrlKey),!a.which&&a.button!==b&&(a.which=a.button&1?1:a.button&2?3:a.button&4?2:0);return a},guid:1e8,proxy:f.proxy,special:{ready:{setup:f.bindReady,teardown:f.noop},live:{add:function(a){f.event.add(this,N(a.origType,a.selector),f.extend({},a,{handler:M,guid:a.handler.guid}))},remove:function(a){f.event.remove(this,N(a.origType,a.selector),a)}},beforeunload:{setup:function(a,b,c){f.isWindow(this)&&(this.onbeforeunload=c)},teardown:function(a,b){this.onbeforeunload===b&&(this.onbeforeunload=null)}}}},f.removeEvent=c.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c,!1)}:function(a,b,c){a.detachEvent&&a.detachEvent("on"+b,c)},f.Event=function(a,b){if(!this.preventDefault)return new f.Event(a,b);a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||a.returnValue===!1||a.getPreventDefault&&a.getPreventDefault()?E:D):this.type=a,b&&f.extend(this,b),this.timeStamp=f.now(),this[f.expando]=!0},f.Event.prototype={preventDefault:function(){this.isDefaultPrevented=E;var a=this.originalEvent;!a||(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){this.isPropagationStopped=E;var a=this.originalEvent;!a||(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=E,this.stopPropagation()},isDefaultPrevented:D,isPropagationStopped:D,isImmediatePropagationStopped:D};var F=function(a){var b=a.relatedTarget,c=!1,d=a.type;a.type=a.data,b!==this&&(b&&(c=f.contains(this,b)),c||(f.event.handle.apply(this,arguments),a.type=d))},G=function(a){a.type=a.data,f.event.handle.apply(this,arguments)};f.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(a,b){f.event.special[a]={setup:function(c){f.event.add(this,b,c&&c.selector?G:F,a)},teardown:function(a){f.event.remove(this,b,a&&a.selector?G:F)}}}),f.support.submitBubbles||(f.event.special.submit={setup:function(a,b){if(!f.nodeName(this,"form"))f.event.add(this,"click.specialSubmit",function(a){var b=a.target,c=b.type;(c==="submit"||c==="image")&&f(b).closest("form").length&&K("submit",this,arguments)}),f.event.add(this,"keypress.specialSubmit",function(a){var b=a.target,c=b.type;(c==="text"||c==="password")&&f(b).closest("form").length&&a.keyCode===13&&K("submit",this,arguments)});else return!1},teardown:function(a){f.event.remove(this,".specialSubmit")}});if(!f.support.changeBubbles){var H,I=function(a){var b=a.type,c=a.value;b==="radio"||b==="checkbox"?c=a.checked:b==="select-multiple"?c=a.selectedIndex>-1?f.map(a.options,function(a){return a.selected}).join("-"):"":f.nodeName(a,"select")&&(c=a.selectedIndex);return c},J=function(c){var d=c.target,e,g;if(!!y.test(d.nodeName)&&!d.readOnly){e=f._data(d,"_change_data"),g=I(d),(c.type!=="focusout"||d.type!=="radio")&&f._data(d,"_change_data",g);if(e===b||g===e)return;if(e!=null||g)c.type="change",c.liveFired=b,f.event.trigger(c,arguments[1],d)}};f.event.special.change={filters:{focusout:J,beforedeactivate:J,click:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(c==="radio"||c==="checkbox"||f.nodeName(b,"select"))&&J.call(this,a)},keydown:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(a.keyCode===13&&!f.nodeName(b,"textarea")||a.keyCode===32&&(c==="checkbox"||c==="radio")||c==="select-multiple")&&J.call(this,a)},beforeactivate:function(a){var b=a.target;f._data(b,"_change_data",I(b))}},setup:function(a,b){if(this.type==="file")return!1;for(var c in H)f.event.add(this,c+".specialChange",H[c]);return y.test(this.nodeName)},teardown:function(a){f.event.remove(this,".specialChange");return y.test(this.nodeName)}},H=f.event.special.change.filters,H.focus=H.beforeactivate}f.support.focusinBubbles||f.each({focus:"focusin",blur:"focusout"},function(a,b){function e(a){var c=f.event.fix(a);c.type=b,c.originalEvent={},f.event.trigger(c,null,c.target),c.isDefaultPrevented()&&a.preventDefault()}var d=0;f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.each(["bind","one"],function(a,c){f.fn[c]=function(a,d,e){var g;if(typeof a=="object"){for(var h in a)this[c](h,d,a[h],e);return this}if(arguments.length===2||d===!1)e=d,d=b;c==="one"?(g=function(a){f(this).unbind(a,g);return e.apply(this,arguments)},g.guid=e.guid||f.guid++):g=e;if(a==="unload"&&c!=="one")this.one(a,d,e);else for(var i=0,j=this.length;i<j;i++)f.event.add(this[i],a,g,d);return this}}),f.fn.extend({unbind:function(a,b){if(typeof a=="object"&&!a.preventDefault)for(var c in a)this.unbind(c,a[c]);else for(var d=0,e=this.length;d<e;d++)f.event.remove(this[d],a,b);return this},delegate:function(a,b,c,d){return this.live(b,c,d,a)},undelegate:function(a,b,c){return arguments.length===0?this.unbind("live"):this.die(b,null,c,a)},trigger:function(a,b){return this.each(function(){f.event.trigger(a,b,this)})},triggerHandler:function(a,b){if(this[0])return f.event.trigger(a,b,this[0],!0)},toggle:function(a){var b=arguments,c=a.guid||f.guid++,d=0,e=function(c){var e=(f.data(this,"lastToggle"+a.guid)||0)%d;f.data(this,"lastToggle"+a.guid,e+1),c.preventDefault();return b[e].apply(this,arguments)||!1};e.guid=c;while(d<b.length)b[d++].guid=c;return this.click(e)},hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}});var L={focus:"focusin",blur:"focusout",mouseenter:"mouseover",mouseleave:"mouseout"};f.each(["live","die"],function(a,c){f.fn[c]=function(a,d,e,g){var h,i=0,j,k,l,m=g||this.selector,n=g?this:f(this.context);if(typeof a=="object"&&!a.preventDefault){for(var o in a)n[c](o,d,a[o],m);return this}if(c==="die"&&!a&&g&&g.charAt(0)==="."){n.unbind(g);return this}if(d===!1||f.isFunction(d))e=d||D,d=b;a=(a||"").split(" ");while((h=a[i++])!=null){j=x.exec(h),k="",j&&(k=j[0],h=h.replace(x,""));if(h==="hover"){a.push("mouseenter"+k,"mouseleave"+k);continue}l=h,L[h]?(a.push(L[h]+k),h=h+k):h=(L[h]||h)+k;if(c==="live")for(var p=0,q=n.length;p<q;p++)f.event.add(n[p],"live."+N(h,m),{data:d,selector:m,handler:e,origType:h,origHandler:e,preType:l});else n.unbind("live."+N(h,m),e)}return this}}),f.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error".split(" "),function(a,b){f.fn[b]=function(a,c){c==null&&(c=a,a=null);return arguments.length>0?this.bind(b,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0)}),function(){function u(a,b,c,d,e,f){for(var g=0,h=d.length;g<h;g++){var i=d[g];if(i){var j=!1;i=i[a];while(i){if(i.sizcache===c){j=d[i.sizset];break}if(i.nodeType===1){f||(i.sizcache=c,i.sizset=g);if(typeof b!="string"){if(i===b){j=!0;break}}else if(k.filter(b,[i]).length>0){j=i;break}}i=i[a]}d[g]=j}}}function t(a,b,c,d,e,f){for(var g=0,h=d.length;g<h;g++){var i=d[g];if(i){var j=!1;i=i[a];while(i){if(i.sizcache===c){j=d[i.sizset];break}i.nodeType===1&&!f&&(i.sizcache=c,i.sizset=g);if(i.nodeName.toLowerCase()===b){j=i;break}i=i[a]}d[g]=j}}}var a=/((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d=0,e=Object.prototype.toString,g=!1,h=!0,i=/\\/g,j=/\W/;[0,0].sort(function(){h=!1;return 0});var k=function(b,d,f,g){f=f||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return f;var i,j,n,o,q,r,s,t,u=!0,w=k.isXML(d),x=[],y=b;do{a.exec(""),i=a.exec(y);if(i){y=i[3],x.push(i[1]);if(i[2]){o=i[3];break}}}while(i);if(x.length>1&&m.exec(b))if(x.length===2&&l.relative[x[0]])j=v(x[0]+x[1],d);else{j=l.relative[x[0]]?[d]:k(x.shift(),d);while(x.length)b=x.shift(),l.relative[b]&&(b+=x.shift()),j=v(b,j)}else{!g&&x.length>1&&d.nodeType===9&&!w&&l.match.ID.test(x[0])&&!l.match.ID.test(x[x.length-1])&&(q=k.find(x.shift(),d,w),d=q.expr?k.filter(q.expr,q.set)[0]:q.set[0]);if(d){q=g?{expr:x.pop(),set:p(g)}:k.find(x.pop(),x.length===1&&(x[0]==="~"||x[0]==="+")&&d.parentNode?d.parentNode:d,w),j=q.expr?k.filter(q.expr,q.set):q.set,x.length>0?n=p(j):u=!1;while(x.length)r=x.pop(),s=r,l.relative[r]?s=x.pop():r="",s==null&&(s=d),l.relative[r](n,s,w)}else n=x=[]}n||(n=j),n||k.error(r||b);if(e.call(n)==="[object Array]")if(!u)f.push.apply(f,n);else if(d&&d.nodeType===1)for(t=0;n[t]!=null;t++)n[t]&&(n[t]===!0||n[t].nodeType===1&&k.contains(d,n[t]))&&f.push(j[t]);else for(t=0;n[t]!=null;t++)n[t]&&n[t].nodeType===1&&f.push(j[t]);else p(n,f);o&&(k(o,h,f,g),k.uniqueSort(f));return f};k.uniqueSort=function(a){if(r){g=h,a.sort(r);if(g)for(var b=1;b<a.length;b++)a[b]===a[b-1]&&a.splice(b--,1)}return a},k.matches=function(a,b){return k(a,null,null,b)},k.matchesSelector=function(a,b){return k(b,null,null,[a]).length>0},k.find=function(a,b,c){var d;if(!a)return[];for(var e=0,f=l.order.length;e<f;e++){var g,h=l.order[e];if(g=l.leftMatch[h].exec(a)){var j=g[1];g.splice(1,1);if(j.substr(j.length-1)!=="\\"){g[1]=(g[1]||"").replace(i,""),d=l.find[h](g,b,c);if(d!=null){a=a.replace(l.match[h],"");break}}}}d||(d=typeof b.getElementsByTagName!="undefined"?b.getElementsByTagName("*"):[]);return{set:d,expr:a}},k.filter=function(a,c,d,e){var f,g,h=a,i=[],j=c,m=c&&c[0]&&k.isXML(c[0]);while(a&&c.length){for(var n in l.filter)if((f=l.leftMatch[n].exec(a))!=null&&f[2]){var o,p,q=l.filter[n],r=f[1];g=!1,f.splice(1,1);if(r.substr(r.length-1)==="\\")continue;j===i&&(i=[]);if(l.preFilter[n]){f=l.preFilter[n](f,j,d,i,e,m);if(!f)g=o=!0;else if(f===!0)continue}if(f)for(var s=0;(p=j[s])!=null;s++)if(p){o=q(p,f,s,j);var t=e^!!o;d&&o!=null?t?g=!0:j[s]=!1:t&&(i.push(p),g=!0)}if(o!==b){d||(j=i),a=a.replace(l.match[n],"");if(!g)return[];break}}if(a===h)if(g==null)k.error(a);else break;h=a}return j},k.error=function(a){throw"Syntax error, unrecognized expression: "+a};var l=k.selectors={order:["ID","NAME","TAG"],match:{ID:/#((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,CLASS:/\.((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,NAME:/\[name=['"]*((?:[\w\u00c0-\uFFFF\-]|\\.)+)['"]*\]/,ATTR:/\[\s*((?:[\w\u00c0-\uFFFF\-]|\\.)+)\s*(?:(\S?=)\s*(?:(['"])(.*?)\3|(#?(?:[\w\u00c0-\uFFFF\-]|\\.)*)|)|)\s*\]/,TAG:/^((?:[\w\u00c0-\uFFFF\*\-]|\\.)+)/,CHILD:/:(only|nth|last|first)-child(?:\(\s*(even|odd|(?:[+\-]?\d+|(?:[+\-]?\d*)?n\s*(?:[+\-]\s*\d+)?))\s*\))?/,POS:/:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^\-]|$)/,PSEUDO:/:((?:[\w\u00c0-\uFFFF\-]|\\.)+)(?:\((['"]?)((?:\([^\)]+\)|[^\(\)]*)+)\2\))?/},leftMatch:{},attrMap:{"class":"className","for":"htmlFor"},attrHandle:{href:function(a){return a.getAttribute("href")},type:function(a){return a.getAttribute("type")}},relative:{"+":function(a,b){var c=typeof b=="string",d=c&&!j.test(b),e=c&&!d;d&&(b=b.toLowerCase());for(var f=0,g=a.length,h;f<g;f++)if(h=a[f]){while((h=h.previousSibling)&&h.nodeType!==1);a[f]=e||h&&h.nodeName.toLowerCase()===b?h||!1:h===b}e&&k.filter(b,a,!0)},">":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!j.test(b)){b=b.toLowerCase();for(;e<f;e++){c=a[e];if(c){var g=c.parentNode;a[e]=g.nodeName.toLowerCase()===b?g:!1}}}else{for(;e<f;e++)c=a[e],c&&(a[e]=d?c.parentNode:c.parentNode===b);d&&k.filter(b,a,!0)}},"":function(a,b,c){var e,f=d++,g=u;typeof b=="string"&&!j.test(b)&&(b=b.toLowerCase(),e=b,g=t),g("parentNode",b,f,a,e,c)},"~":function(a,b,c){var e,f=d++,g=u;typeof b=="string"&&!j.test(b)&&(b=b.toLowerCase(),e=b,g=t),g("previousSibling",b,f,a,e,c)}},find:{ID:function(a,b,c){if(typeof b.getElementById!="undefined"&&!c){var d=b.getElementById(a[1]);return d&&d.parentNode?[d]:[]}},NAME:function(a,b){if(typeof b.getElementsByName!="undefined"){var c=[],d=b.getElementsByName(a[1]);for(var e=0,f=d.length;e<f;e++)d[e].getAttribute("name")===a[1]&&c.push(d[e]);return c.length===0?null:c}},TAG:function(a,b){if(typeof b.getElementsByTagName!="undefined")return b.getElementsByTagName(a[1])}},preFilter:{CLASS:function(a,b,c,d,e,f){a=" "+a[1].replace(i,"")+" ";if(f)return a;for(var g=0,h;(h=b[g])!=null;g++)h&&(e^(h.className&&(" "+h.className+" ").replace(/[\t\n\r]/g," ").indexOf(a)>=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(i,"")},TAG:function(a,b){return a[1].replace(i,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||k.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&k.error(a[0]);a[0]=d++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(i,"");!f&&l.attrMap[g]&&(a[1]=l.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(i,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=k(b[3],null,null,c);else{var g=k.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(l.match.POS.test(b[0])||l.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!k(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return b<c[3]-0},gt:function(a,b,c){return b>c[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=l.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||k.getText([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h<i;h++)if(g[h]===a)return!1;return!0}k.error(e)},CHILD:function(a,b){var c=b[1],d=a;switch(c){case"only":case"first":while(d=d.previousSibling)if(d.nodeType===1)return!1;if(c==="first")return!0;d=a;case"last":while(d=d.nextSibling)if(d.nodeType===1)return!1;return!0;case"nth":var e=b[2],f=b[3];if(e===1&&f===0)return!0;var g=b[0],h=a.parentNode;if(h&&(h.sizcache!==g||!a.nodeIndex)){var i=0;for(d=h.firstChild;d;d=d.nextSibling)d.nodeType===1&&(d.nodeIndex=++i);h.sizcache=g}var j=a.nodeIndex-f;return e===0?j===0:j%e===0&&j/e>=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=l.attrHandle[c]?l.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=l.setFilters[e];if(f)return f(a,c,b,d)}}},m=l.match.POS,n=function(a,b){return"\\"+(b-0+1)};for(var o in l.match)l.match[o]=new RegExp(l.match[o].source+/(?![^\[]*\])(?![^\(]*\))/.source),l.leftMatch[o]=new RegExp(/(^(?:.|\r|\n)*?)/.source+l.match[o].source.replace(/\\(\d+)/g,n));var p=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(q){p=function(a,b){var c=0,d=b||[];if(e.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var f=a.length;c<f;c++)d.push(a[c]);else for(;a[c];c++)d.push(a[c]);return d}}var r,s;c.documentElement.compareDocumentPosition?r=function(a,b){if(a===b){g=!0;return 0}if(!a.compareDocumentPosition||!b.compareDocumentPosition)return a.compareDocumentPosition?-1:1;return a.compareDocumentPosition(b)&4?-1:1}:(r=function(a,b){if(a===b){g=!0;return 0}if(a.sourceIndex&&b.sourceIndex)return a.sourceIndex-b.sourceIndex;var c,d,e=[],f=[],h=a.parentNode,i=b.parentNode,j=h;if(h===i)return s(a,b);if(!h)return-1;if(!i)return 1;while(j)e.unshift(j),j=j.parentNode;j=i;while(j)f.unshift(j),j=j.parentNode;c=e.length,d=f.length;for(var k=0;k<c&&k<d;k++)if(e[k]!==f[k])return s(e[k],f[k]);return k===c?s(a,f[k],-1):s(e[k],b,1)},s=function(a,b,c){if(a===b)return c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}),k.getText=function(a){var b="",c;for(var d=0;a[d];d++)c=a[d],c.nodeType===3||c.nodeType===4?b+=c.nodeValue:c.nodeType!==8&&(b+=k.getText(c.childNodes));return b},function(){var a=c.createElement("div"),d="script"+(new Date).getTime(),e=c.documentElement;a.innerHTML="<a name='"+d+"'/>",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(l.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},l.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(l.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="<a href='#'></a>",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(l.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=k,b=c.createElement("div"),d="__sizzle__";b.innerHTML="<p class='TEST'></p>";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){k=function(b,e,f,g){e=e||c;if(!g&&!k.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return p(e.getElementsByTagName(b),f);if(h[2]&&l.find.CLASS&&e.getElementsByClassName)return p(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return p([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return p([],f);if(i.id===h[3])return p([i],f)}try{return p(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var m=e,n=e.getAttribute("id"),o=n||d,q=e.parentNode,r=/^\s*[+~]/.test(b);n?o=o.replace(/'/g,"\\$&"):e.setAttribute("id",o),r&&q&&(e=e.parentNode);try{if(!r||q)return p(e.querySelectorAll("[id='"+o+"'] "+b),f)}catch(s){}finally{n||m.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)k[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}k.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!k.isXML(a))try{if(e||!l.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return k(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="<div class='test e'></div><div class='test'></div>";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;l.order.splice(1,0,"CLASS"),l.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?k.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?k.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:k.contains=function(){return!1},k.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var v=function(a,b){var c,d=[],e="",f=b.nodeType?[b]:b;while(c=l.match.PSEUDO.exec(a))e+=c[0],a=a.replace(l.match.PSEUDO,"");a=l.relative[a]?a+"*":a;for(var g=0,h=f.length;g<h;g++)k(a,f[g],d);return k.filter(e,d)};f.find=k,f.expr=k.selectors,f.expr[":"]=f.expr.filters,f.unique=k.uniqueSort,f.text=k.getText,f.isXMLDoc=k.isXML,f.contains=k.contains}();var O=/Until$/,P=/^(?:parents|prevUntil|prevAll)/,Q=/,/,R=/^.[^:#\[\.,]*$/,S=Array.prototype.slice,T=f.expr.match.POS,U={children:!0,contents:!0,next:!0,prev:!0};f.fn.extend({find:function(a){var b=this,c,d;if(typeof a!="string")return f(a).filter(function(){for(c=0,d=b.length;c<d;c++)if(f.contains(b[c],this))return!0});var e=this.pushStack("","find",a),g,h,i;for(c=0,d=this.length;c<d;c++){g=e.length,f.find(a,this[c],e);if(c>0)for(h=g;h<e.length;h++)for(i=0;i<g;i++)if(e[i]===e[h]){e.splice(h--,1);break}}return e},has:function(a){var b=f(a);return this.filter(function(){for(var a=0,c=b.length;a<c;a++)if(f.contains(this,b[a]))return!0})},not:function(a){return this.pushStack(W(this,a,!1),"not",a)},filter:function(a){return this.pushStack(W(this,a,!0),"filter",a)},is:function(a){return!!a&&(typeof a=="string"?f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h,i,j={},k=1;if(g&&a.length){for(d=0,e=a.length;d<e;d++)i=a[d],j[i]||(j[i]=T.test(i)?f(i,b||this.context):i);while(g&&g.ownerDocument&&g!==b){for(i in j)h=j[i],(h.jquery?h.index(g)>-1:f(g).is(h))&&c.push({selector:i,elem:g,level:k});g=g.parentNode,k++}}return c}var l=T.test(a)||typeof a!="string"?f(a,b||this.context):0;for(d=0,e=this.length;d<e;d++){g=this[d];while(g){if(l?l.index(g)>-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a||typeof a=="string")return f.inArray(this[0],a?f(a):this.parent().children());return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(V(c[0])||V(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c),g=S.call(arguments);O.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!U[a]?f.unique(e):e,(this.length>1||Q.test(d))&&P.test(a)&&(e=e.reverse());return this.pushStack(e,a,g.join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var X=/ jQuery\d+="(?:\d+|null)"/g,Y=/^\s+/,Z=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,$=/<([\w:]+)/,_=/<tbody/i,ba=/<|&#?\w+;/,bb=/<(?:script|object|embed|option|style)/i,bc=/checked\s*(?:[^=]|=\s*.checked.)/i,bd=/\/(java|ecma)script/i,be=/^\s*<!(?:\[CDATA\[|\-\-)/,bf={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]};bf.optgroup=bf.option,bf.tbody=bf.tfoot=bf.colgroup=bf.caption=bf.thead,bf.th=bf.td,f.support.htmlSerialize||(bf._default=[1,"div<div>","</div>"]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){return this.each(function(){f(this).wrapAll(a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f(arguments[0]);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f(arguments[0]).toArray());return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(X,""):null;if(typeof a=="string"&&!bb.test(a)&&(f.support.leadingWhitespace||!Y.test(a))&&!bf[($.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Z,"<$1></$2>");try{for(var c=0,d=this.length;c<d;c++)this[c].nodeType===1&&(f.cleanData(this[c].getElementsByTagName("*")),this[c].innerHTML=a)}catch(e){this.empty().append(a)}}else f.isFunction(a)?this.each(function(b){var c=f(this);c.html(a.call(this,b,c.html()))}):this.empty().append(a);return this},replaceWith:function(a){if(this[0]&&this[0].parentNode){if(f.isFunction(a))return this.each(function(b){var c=f(this),d=c.html();c.replaceWith(a.call(this,b,d))});typeof a!="string"&&(a=f(a).detach());return this.each(function(){var b=this.nextSibling,c=this.parentNode;f(this).remove(),b?f(b).before(a):f(c).append(a)})}return this.length?this.pushStack(f(f.isFunction(a)?a():a),"replaceWith",a):this},detach:function(a){return this.remove(a,!0)},domManip:function(a,c,d){var e,g,h,i,j=a[0],k=[];if(!f.support.checkClone&&arguments.length===3&&typeof j=="string"&&bc.test(j))return this.each(function(){f(this).domManip(a,c,d,!0)});if(f.isFunction(j))return this.each(function(e){var g=f(this);a[0]=j.call(this,e,c?g.html():b),g.domManip(a,c,d)});if(this[0]){i=j&&j.parentNode,f.support.parentNode&&i&&i.nodeType===11&&i.childNodes.length===this.length?e={fragment:i}:e=f.buildFragment(a,this,k),h=e.fragment,h.childNodes.length===1?g=h=h.firstChild:g=h.firstChild;if(g){c=c&&f.nodeName(g,"tr");for(var l=0,m=this.length,n=m-1;l<m;l++)d.call(c?bg(this[l],g):this[l],e.cacheable||m>1&&l<n?f.clone(h,!0,!0):h)}k.length&&f.each(k,bm)}return this}}),f.buildFragment=function(a,b,d){var e,g,h,i;b&&b[0]&&(i=b[0].ownerDocument||b[0]),i.createDocumentFragment||(i=c),a.length===1&&typeof a[0]=="string"&&a[0].length<512&&i===c&&a[0].charAt(0)==="<"&&!bb.test(a[0])&&(f.support.checkClone||!bc.test(a[0]))&&(g=!0,h=f.fragments[a[0]],h&&h!==1&&(e=h)),e||(e=i.createDocumentFragment(),f.clean(a,i,e,d)),g&&(f.fragments[a[0]]=h?e:1);return{fragment:e,cacheable:g}},f.fragments={},f.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){f.fn[a]=function(c){var d=[],e=f(c),g=this.length===1&&this[0].parentNode;if(g&&g.nodeType===11&&g.childNodes.length===1&&e.length===1){e[b](this[0]);return this}for(var h=0,i=e.length;h<i;h++){var j=(h>0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j
+)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d=a.cloneNode(!0),e,g,h;if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bi(a,d),e=bj(a),g=bj(d);for(h=0;e[h];++h)bi(e[h],g[h])}if(b){bh(a,d);if(c){e=bj(a),g=bj(d);for(h=0;e[h];++h)bh(e[h],g[h])}}e=g=null;return d},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!ba.test(k))k=b.createTextNode(k);else{k=k.replace(Z,"<$1></$2>");var l=($.exec(k)||["",""])[1].toLowerCase(),m=bf[l]||bf._default,n=m[0],o=b.createElement("div");o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=_.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]==="<table>"&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&Y.test(k)&&o.insertBefore(b.createTextNode(Y.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i<r;i++)bl(k[i]);else bl(k);k.nodeType?h.push(k):h=f.merge(h,k)}if(d){g=function(a){return!a.type||bd.test(a.type)};for(j=0;h[j];j++)if(e&&f.nodeName(h[j],"script")&&(!h[j].type||h[j].type.toLowerCase()==="text/javascript"))e.push(h[j].parentNode?h[j].parentNode.removeChild(h[j]):h[j]);else{if(h[j].nodeType===1){var s=f.grep(h[j].getElementsByTagName("script"),g);h.splice.apply(h,[j+1,0].concat(s))}d.appendChild(h[j])}}return h},cleanData:function(a){var b,c,d=f.cache,e=f.expando,g=f.event.special,h=f.support.deleteExpando;for(var i=0,j;(j=a[i])!=null;i++){if(j.nodeName&&f.noData[j.nodeName.toLowerCase()])continue;c=j[f.expando];if(c){b=d[c]&&d[c][e];if(b&&b.events){for(var k in b.events)g[k]?f.event.remove(j,k):f.removeEvent(j,k,b.handle);b.handle&&(b.handle.elem=null)}h?delete j[f.expando]:j.removeAttribute&&j.removeAttribute(f.expando),delete d[c]}}}});var bn=/alpha\([^)]*\)/i,bo=/opacity=([^)]*)/,bp=/([A-Z]|^ms)/g,bq=/^-?\d+(?:px)?$/i,br=/^-?\d/,bs=/^[+\-]=/,bt=/[^+\-\.\de]+/g,bu={position:"absolute",visibility:"hidden",display:"block"},bv=["Left","Right"],bw=["Top","Bottom"],bx,by,bz;f.fn.css=function(a,c){if(arguments.length===2&&c===b)return this;return f.access(this,a,c,!0,function(a,c,d){return d!==b?f.style(a,c,d):f.css(a,c)})},f.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=bx(a,"opacity","opacity");return c===""?"1":c}return a.style.opacity}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":f.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!!a&&a.nodeType!==3&&a.nodeType!==8&&!!a.style){var g,h,i=f.camelCase(c),j=a.style,k=f.cssHooks[i];c=f.cssProps[i]||i;if(d===b){if(k&&"get"in k&&(g=k.get(a,!1,e))!==b)return g;return j[c]}h=typeof d;if(h==="number"&&isNaN(d)||d==null)return;h==="string"&&bs.test(d)&&(d=+d.replace(bt,"")+parseFloat(f.css(a,c)),h="number"),h==="number"&&!f.cssNumber[i]&&(d+="px");if(!k||!("set"in k)||(d=k.set(a,d))!==b)try{j[c]=d}catch(l){}}},css:function(a,c,d){var e,g;c=f.camelCase(c),g=f.cssHooks[c],c=f.cssProps[c]||c,c==="cssFloat"&&(c="float");if(g&&"get"in g&&(e=g.get(a,!0,d))!==b)return e;if(bx)return bx(a,c)},swap:function(a,b,c){var d={};for(var e in b)d[e]=a.style[e],a.style[e]=b[e];c.call(a);for(e in b)a.style[e]=d[e]}}),f.curCSS=f.css,f.each(["height","width"],function(a,b){f.cssHooks[b]={get:function(a,c,d){var e;if(c){if(a.offsetWidth!==0)return bA(a,b,d);f.swap(a,bu,function(){e=bA(a,b,d)});return e}},set:function(a,b){if(!bq.test(b))return b;b=parseFloat(b);if(b>=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bo.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle;c.zoom=1;var e=f.isNaN(b)?"":"alpha(opacity="+b*100+")",g=d&&d.filter||c.filter||"";c.filter=bn.test(g)?g.replace(bn,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bx(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(by=function(a,c){var d,e,g;c=c.replace(bp,"-$1").toLowerCase();if(!(e=a.ownerDocument.defaultView))return b;if(g=e.getComputedStyle(a,null))d=g.getPropertyValue(c),d===""&&!f.contains(a.ownerDocument.documentElement,a)&&(d=f.style(a,c));return d}),c.documentElement.currentStyle&&(bz=function(a,b){var c,d=a.currentStyle&&a.currentStyle[b],e=a.runtimeStyle&&a.runtimeStyle[b],f=a.style;!bq.test(d)&&br.test(d)&&(c=f.left,e&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":d||0,d=f.pixelLeft+"px",f.left=c,e&&(a.runtimeStyle.left=e));return d===""?"auto":d}),bx=by||bz,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bB=/%20/g,bC=/\[\]$/,bD=/\r?\n/g,bE=/#.*$/,bF=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bG=/^(?:color|date|datetime|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bH=/^(?:about|app|app\-storage|.+\-extension|file|widget):$/,bI=/^(?:GET|HEAD)$/,bJ=/^\/\//,bK=/\?/,bL=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,bM=/^(?:select|textarea)/i,bN=/\s+/,bO=/([?&])_=[^&]*/,bP=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bQ=f.fn.load,bR={},bS={},bT,bU;try{bT=e.href}catch(bV){bT=c.createElement("a"),bT.href="",bT=bT.href}bU=bP.exec(bT.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bQ)return bQ.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("<div>").append(c.replace(bL,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bM.test(this.nodeName)||bG.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bD,"\r\n")}}):{name:b.name,value:c.replace(bD,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.bind(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?f.extend(!0,a,f.ajaxSettings,b):(b=a,a=f.extend(!0,f.ajaxSettings,b));for(var c in{context:1,url:1})c in b?a[c]=b[c]:c in f.ajaxSettings&&(a[c]=f.ajaxSettings[c]);return a},ajaxSettings:{url:bT,isLocal:bH.test(bU[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":"*/*"},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML}},ajaxPrefilter:bW(bR),ajaxTransport:bW(bS),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a?4:0;var o,r,u,w=l?bZ(d,v,l):b,x,y;if(a>=200&&a<300||a===304){if(d.ifModified){if(x=v.getResponseHeader("Last-Modified"))f.lastModified[k]=x;if(y=v.getResponseHeader("Etag"))f.etag[k]=y}if(a===304)c="notmodified",o=!0;else try{r=b$(d,w),c="success",o=!0}catch(z){c="parsererror",u=z}}else{u=c;if(!c||a)c="error",a<0&&(a=0)}v.status=a,v.statusText=c,o?h.resolveWith(e,[r,c,v]):h.rejectWith(e,[v,c,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.resolveWith(e,[v,c]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f._Deferred(),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bF.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.done,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bE,"").replace(bJ,bU[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bN),d.crossDomain==null&&(r=bP.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bU[1]&&r[2]==bU[2]&&(r[3]||(r[1]==="http:"?80:443))==(bU[3]||(bU[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bX(bR,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bI.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bK.test(d.url)?"&":"?")+d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bO,"$1_="+x);d.url=y+(y===d.url?(bK.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", */*; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bX(bS,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){status<2?w(-1,z):f.error(z)}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)bY(g,a[g],c,e);return d.join("&").replace(bB,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var b_=f.now(),ca=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+b_++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ca.test(b.url)||e&&ca.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ca,l),b.url===j&&(e&&(k=k.replace(ca,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cb=a.ActiveXObject?function(){for(var a in cd)cd[a](0,1)}:!1,cc=0,cd;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ce()||cf()}:ce,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cb&&delete cd[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cc,cb&&(cd||(cd={},f(a).unload(cb)),cd[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cg={},ch,ci,cj=/^(?:toggle|show|hide)$/,ck=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cl,cm=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cn,co=a.webkitRequestAnimationFrame||a.mozRequestAnimationFrame||a.oRequestAnimationFrame;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cr("show",3),a,b,c);for(var g=0,h=this.length;g<h;g++)d=this[g],d.style&&(e=d.style.display,!f._data(d,"olddisplay")&&e==="none"&&(e=d.style.display=""),e===""&&f.css(d,"display")==="none"&&f._data(d,"olddisplay",cs(d.nodeName)));for(g=0;g<h;g++){d=this[g];if(d.style){e=d.style.display;if(e===""||e==="none")d.style.display=f._data(d,"olddisplay")||""}}return this},hide:function(a,b,c){if(a||a===0)return this.animate(cr("hide",3),a,b,c);for(var d=0,e=this.length;d<e;d++)if(this[d].style){var g=f.css(this[d],"display");g!=="none"&&!f._data(this[d],"olddisplay")&&f._data(this[d],"olddisplay",g)}for(d=0;d<e;d++)this[d].style&&(this[d].style.display="none");return this},_toggle:f.fn.toggle,toggle:function(a,b,c){var d=typeof a=="boolean";f.isFunction(a)&&f.isFunction(b)?this._toggle.apply(this,arguments):a==null||d?this.each(function(){var b=d?a:f(this).is(":hidden");f(this)[b?"show":"hide"]()}):this.animate(cr("toggle",3),a,b,c);return this},fadeTo:function(a,b,c,d){return this.filter(":hidden").css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=f.speed(b,c,d);if(f.isEmptyObject(a))return this.each(e.complete,[!1]);a=f.extend({},a);return this[e.queue===!1?"each":"queue"](function(){e.queue===!1&&f._mark(this);var b=f.extend({},e),c=this.nodeType===1,d=c&&f(this).is(":hidden"),g,h,i,j,k,l,m,n,o;b.animatedProperties={};for(i in a){g=f.camelCase(i),i!==g&&(a[g]=a[i],delete a[i]),h=a[g],f.isArray(h)?(b.animatedProperties[g]=h[1],h=a[g]=h[0]):b.animatedProperties[g]=b.specialEasing&&b.specialEasing[g]||b.easing||"swing";if(h==="hide"&&d||h==="show"&&!d)return b.complete.call(this);c&&(g==="height"||g==="width")&&(b.overflow=[this.style.overflow,this.style.overflowX,this.style.overflowY],f.css(this,"display")==="inline"&&f.css(this,"float")==="none"&&(f.support.inlineBlockNeedsLayout?(j=cs(this.nodeName),j==="inline"?this.style.display="inline-block":(this.style.display="inline",this.style.zoom=1)):this.style.display="inline-block"))}b.overflow!=null&&(this.style.overflow="hidden");for(i in a)k=new f.fx(this,b,i),h=a[i],cj.test(h)?k[h==="toggle"?d?"show":"hide":h]():(l=ck.exec(h),m=k.cur(),l?(n=parseFloat(l[2]),o=l[3]||(f.cssNumber[i]?"":"px"),o!=="px"&&(f.style(this,i,(n||1)+o),m=(n||1)/k.cur()*m,f.style(this,i,m+o)),l[1]&&(n=(l[1]==="-="?-1:1)*n+m),k.custom(m,n,o)):k.custom(m,h,""));return!0})},stop:function(a,b){a&&this.queue([]),this.each(function(){var a=f.timers,c=a.length;b||f._unmark(!0,this);while(c--)a[c].elem===this&&(b&&a[c](!0),a.splice(c,1))}),b||this.dequeue();return this}}),f.each({slideDown:cr("show",1),slideUp:cr("hide",1),slideToggle:cr("toggle",1),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){f.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),f.extend({speed:function(a,b,c){var d=a&&typeof a=="object"?f.extend({},a):{complete:c||!c&&b||f.isFunction(a)&&a,duration:a,easing:c&&b||b&&!f.isFunction(b)&&b};d.duration=f.fx.off?0:typeof d.duration=="number"?d.duration:d.duration in f.fx.speeds?f.fx.speeds[d.duration]:f.fx.speeds._default,d.old=d.complete,d.complete=function(a){f.isFunction(d.old)&&d.old.call(this),d.queue!==!1?f.dequeue(this):a!==!1&&f._unmark(this)};return d},easing:{linear:function(a,b,c,d){return c+d*a},swing:function(a,b,c,d){return(-Math.cos(a*Math.PI)/2+.5)*d+c}},timers:[],fx:function(a,b,c){this.options=b,this.elem=a,this.prop=c,b.orig=b.orig||{}}}),f.fx.prototype={update:function(){this.options.step&&this.options.step.call(this.elem,this.now,this),(f.fx.step[this.prop]||f.fx.step._default)(this)},cur:function(){if(this.elem[this.prop]!=null&&(!this.elem.style||this.elem.style[this.prop]==null))return this.elem[this.prop];var a,b=f.css(this.elem,this.prop);return isNaN(a=parseFloat(b))?!b||b==="auto"?0:b:a},custom:function(a,b,c){function h(a){return d.step(a)}var d=this,e=f.fx,g;this.startTime=cn||cp(),this.start=a,this.end=b,this.unit=c||this.unit||(f.cssNumber[this.prop]?"":"px"),this.now=this.start,this.pos=this.state=0,h.elem=this.elem,h()&&f.timers.push(h)&&!cl&&(co?(cl=!0,g=function(){cl&&(co(g),e.tick())},co(g)):cl=setInterval(e.tick,e.interval))},show:function(){this.options.orig[this.prop]=f.style(this.elem,this.prop),this.options.show=!0,this.custom(this.prop==="width"||this.prop==="height"?1:0,this.cur()),f(this.elem).show()},hide:function(){this.options.orig[this.prop]=f.style(this.elem,this.prop),this.options.hide=!0,this.custom(this.cur(),0)},step:function(a){var b=cn||cp(),c=!0,d=this.elem,e=this.options,g,h;if(a||b>=e.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),e.animatedProperties[this.prop]=!0;for(g in e.animatedProperties)e.animatedProperties[g]!==!0&&(c=!1);if(c){e.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){d.style["overflow"+b]=e.overflow[a]}),e.hide&&f(d).hide();if(e.hide||e.show)for(var i in e.animatedProperties)f.style(d,i,e.orig[i]);e.complete.call(d)}return!1}e.duration==Infinity?this.now=b:(h=b-this.startTime,this.state=h/e.duration,this.pos=f.easing[e.animatedProperties[this.prop]](this.state,h,0,1,e.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){for(var a=f.timers,b=0;b<a.length;++b)a[b]()||a.splice(b--,1);a.length||f.fx.stop()},interval:13,stop:function(){clearInterval(cl),cl=null},speeds:{slow:600,fast:200,_default:400},step:{opacity:function(a){f.style(a.elem,"opacity",a.now)},_default:function(a){a.elem.style&&a.elem.style[a.prop]!=null?a.elem.style[a.prop]=(a.prop==="width"||a.prop==="height"?Math.max(0,a.now):a.now)+a.unit:a.elem[a.prop]=a.now}}}),f.expr&&f.expr.filters&&(f.expr.filters.animated=function(a){return f.grep(f.timers,function(b){return a===b.elem}).length});var ct=/^t(?:able|d|h)$/i,cu=/^(?:body|html)$/i;"getBoundingClientRect"in c.documentElement?f.fn.offset=function(a){var b=this[0],c;if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);try{c=b.getBoundingClientRect()}catch(d){}var e=b.ownerDocument,g=e.documentElement;if(!c||!f.contains(g,b))return c?{top:c.top,left:c.left}:{top:0,left:0};var h=e.body,i=cv(e),j=g.clientTop||h.clientTop||0,k=g.clientLeft||h.clientLeft||0,l=i.pageYOffset||f.support.boxModel&&g.scrollTop||h.scrollTop,m=i.pageXOffset||f.support.boxModel&&g.scrollLeft||h.scrollLeft,n=c.top+l-j,o=c.left+m-k;return{top:n,left:o}}:f.fn.offset=function(a){var b=this[0];if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);f.offset.initialize();var c,d=b.offsetParent,e=b,g=b.ownerDocument,h=g.documentElement,i=g.body,j=g.defaultView,k=j?j.getComputedStyle(b,null):b.currentStyle,l=b.offsetTop,m=b.offsetLeft;while((b=b.parentNode)&&b!==i&&b!==h){if(f.offset.supportsFixedPosition&&k.position==="fixed")break;c=j?j.getComputedStyle(b,null):b.currentStyle,l-=b.scrollTop,m-=b.scrollLeft,b===d&&(l+=b.offsetTop,m+=b.offsetLeft,f.offset.doesNotAddBorder&&(!f.offset.doesAddBorderForTableAndCells||!ct.test(b.nodeName))&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),e=d,d=b.offsetParent),f.offset.subtractsBorderForOverflowNotVisible&&c.overflow!=="visible"&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),k=c}if(k.position==="relative"||k.position==="static")l+=i.offsetTop,m+=i.offsetLeft;f.offset.supportsFixedPosition&&k.position==="fixed"&&(l+=Math.max(h.scrollTop,i.scrollTop),m+=Math.max(h.scrollLeft,i.scrollLeft));return{top:l,left:m}},f.offset={initialize:function(){var a=c.body,b=c.createElement("div"),d,e,g,h,i=parseFloat(f.css(a,"marginTop"))||0,j="<div style='position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;'><div></div></div><table style='position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;' cellpadding='0' cellspacing='0'><tr><td></td></tr></table>";f.extend(b.style,{position:"absolute",top:0,left:0,margin:0,border:0,width:"1px",height:"1px",visibility:"hidden"}),b.innerHTML=j,a.insertBefore(b,a.firstChild),d=b.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,this.doesNotAddBorder=e.offsetTop!==5,this.doesAddBorderForTableAndCells=h.offsetTop===5,e.style.position="fixed",e.style.top="20px",this.supportsFixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",this.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,this.doesNotIncludeMarginInBodyOffset=a.offsetTop!==i,a.removeChild(b),f.offset.initialize=f.noop},bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.offset.initialize(),f.offset.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,"marginTop"))||0,c+=parseFloat(f.css(a,"marginLeft"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,"position");d==="static"&&(a.style.position="relative");var e=f(a),g=e.offset(),h=f.css(a,"top"),i=f.css(a,"left"),j=(d==="absolute"||d==="fixed")&&f.inArray("auto",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cu.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cu.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cv(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cv(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a&&a.style?parseFloat(f.css(a,d,"padding")):null},f.fn["outer"+c]=function(a){var b=this[0];return b&&b.style?parseFloat(f.css(b,d,a?"margin":"border")):null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c];return e.document.compatMode==="CSS1Compat"&&g||e.document.body["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var h=f.css(e,d),i=parseFloat(h);return f.isNaN(i)?h:i}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f})(window); \ No newline at end of file
diff --git a/config/snort-dev/snortsam-package-code/javascript/jquery.form.js b/config/snort-dev/snortsam-package-code/javascript/jquery.form.js
new file mode 100644
index 00000000..2b853df4
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/javascript/jquery.form.js
@@ -0,0 +1,785 @@
+/*!
+ * jQuery Form Plugin
+ * version: 2.49 (18-OCT-2010)
+ * @requires jQuery v1.3.2 or later
+ *
+ * Examples and documentation at: http://malsup.com/jquery/form/
+ * Dual licensed under the MIT and GPL licenses:
+ * http://www.opensource.org/licenses/mit-license.php
+ * http://www.gnu.org/licenses/gpl.html
+ */
+;(function($) {
+
+/*
+ Usage Note:
+ -----------
+ Do not use both ajaxSubmit and ajaxForm on the same form. These
+ functions are intended to be exclusive. Use ajaxSubmit if you want
+ to bind your own submit handler to the form. For example,
+
+ $(document).ready(function() {
+ $('#myForm').bind('submit', function(e) {
+ e.preventDefault(); // <-- important
+ $(this).ajaxSubmit({
+ target: '#output'
+ });
+ });
+ });
+
+ Use ajaxForm when you want the plugin to manage all the event binding
+ for you. For example,
+
+ $(document).ready(function() {
+ $('#myForm').ajaxForm({
+ target: '#output'
+ });
+ });
+
+ When using ajaxForm, the ajaxSubmit function will be invoked for you
+ at the appropriate time.
+*/
+
+/**
+ * ajaxSubmit() provides a mechanism for immediately submitting
+ * an HTML form using AJAX.
+ */
+$.fn.ajaxSubmit = function(options) {
+ // fast fail if nothing selected (http://dev.jquery.com/ticket/2752)
+ if (!this.length) {
+ log('ajaxSubmit: skipping submit process - no element selected');
+ return this;
+ }
+
+ if (typeof options == 'function') {
+ options = { success: options };
+ }
+
+ var url = $.trim(this.attr('action'));
+ if (url) {
+ // clean url (don't include hash vaue)
+ url = (url.match(/^([^#]+)/)||[])[1];
+ }
+ url = url || window.location.href || '';
+
+ options = $.extend(true, {
+ url: url,
+ type: this.attr('method') || 'GET',
+ iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank'
+ }, options);
+
+ // hook for manipulating the form data before it is extracted;
+ // convenient for use with rich editors like tinyMCE or FCKEditor
+ var veto = {};
+ this.trigger('form-pre-serialize', [this, options, veto]);
+ if (veto.veto) {
+ log('ajaxSubmit: submit vetoed via form-pre-serialize trigger');
+ return this;
+ }
+
+ // provide opportunity to alter form data before it is serialized
+ if (options.beforeSerialize && options.beforeSerialize(this, options) === false) {
+ log('ajaxSubmit: submit aborted via beforeSerialize callback');
+ return this;
+ }
+
+ var n,v,a = this.formToArray(options.semantic);
+ if (options.data) {
+ options.extraData = options.data;
+ for (n in options.data) {
+ if(options.data[n] instanceof Array) {
+ for (var k in options.data[n]) {
+ a.push( { name: n, value: options.data[n][k] } );
+ }
+ }
+ else {
+ v = options.data[n];
+ v = $.isFunction(v) ? v() : v; // if value is fn, invoke it
+ a.push( { name: n, value: v } );
+ }
+ }
+ }
+
+ // give pre-submit callback an opportunity to abort the submit
+ if (options.beforeSubmit && options.beforeSubmit(a, this, options) === false) {
+ log('ajaxSubmit: submit aborted via beforeSubmit callback');
+ return this;
+ }
+
+ // fire vetoable 'validate' event
+ this.trigger('form-submit-validate', [a, this, options, veto]);
+ if (veto.veto) {
+ log('ajaxSubmit: submit vetoed via form-submit-validate trigger');
+ return this;
+ }
+
+ var q = $.param(a);
+
+ if (options.type.toUpperCase() == 'GET') {
+ options.url += (options.url.indexOf('?') >= 0 ? '&' : '?') + q;
+ options.data = null; // data is null for 'get'
+ }
+ else {
+ options.data = q; // data is the query string for 'post'
+ }
+
+ var $form = this, callbacks = [];
+ if (options.resetForm) {
+ callbacks.push(function() { $form.resetForm(); });
+ }
+ if (options.clearForm) {
+ callbacks.push(function() { $form.clearForm(); });
+ }
+
+ // perform a load on the target only if dataType is not provided
+ if (!options.dataType && options.target) {
+ var oldSuccess = options.success || function(){};
+ callbacks.push(function(data) {
+ var fn = options.replaceTarget ? 'replaceWith' : 'html';
+ $(options.target)[fn](data).each(oldSuccess, arguments);
+ });
+ }
+ else if (options.success) {
+ callbacks.push(options.success);
+ }
+
+ options.success = function(data, status, xhr) { // jQuery 1.4+ passes xhr as 3rd arg
+ var context = options.context || options; // jQuery 1.4+ supports scope context
+ for (var i=0, max=callbacks.length; i < max; i++) {
+ callbacks[i].apply(context, [data, status, xhr || $form, $form]);
+ }
+ };
+
+ // are there files to upload?
+ var fileInputs = $('input:file', this).length > 0;
+ var mp = 'multipart/form-data';
+ var multipart = ($form.attr('enctype') == mp || $form.attr('encoding') == mp);
+
+ // options.iframe allows user to force iframe mode
+ // 06-NOV-09: now defaulting to iframe mode if file input is detected
+ if (options.iframe !== false && (fileInputs || options.iframe || multipart)) {
+ // hack to fix Safari hang (thanks to Tim Molendijk for this)
+ // see: http://groups.google.com/group/jquery-dev/browse_thread/thread/36395b7ab510dd5d
+ if (options.closeKeepAlive) {
+ $.get(options.closeKeepAlive, fileUpload);
+ }
+ else {
+ fileUpload();
+ }
+ }
+ else {
+ $.ajax(options);
+ }
+
+ // fire 'notify' event
+ this.trigger('form-submit-notify', [this, options]);
+ return this;
+
+
+ // private function for handling file uploads (hat tip to YAHOO!)
+ function fileUpload() {
+ var form = $form[0];
+
+ if ($(':input[name=submit],:input[id=submit]', form).length) {
+ // if there is an input with a name or id of 'submit' then we won't be
+ // able to invoke the submit fn on the form (at least not x-browser)
+ alert('Error: Form elements must not have name or id of "submit".');
+ return;
+ }
+
+ var s = $.extend(true, {}, $.ajaxSettings, options);
+ s.context = s.context || s;
+ var id = 'jqFormIO' + (new Date().getTime()), fn = '_'+id;
+ window[fn] = function() {
+ var f = $io.data('form-plugin-onload');
+ if (f) {
+ f();
+ window[fn] = undefined;
+ try { delete window[fn]; } catch(e){}
+ }
+ }
+ var $io = $('<iframe id="' + id + '" name="' + id + '" src="'+ s.iframeSrc +'" onload="window[\'_\'+this.id]()" />');
+ var io = $io[0];
+
+ $io.css({ position: 'absolute', top: '-1000px', left: '-1000px' });
+
+ var xhr = { // mock object
+ aborted: 0,
+ responseText: null,
+ responseXML: null,
+ status: 0,
+ statusText: 'n/a',
+ getAllResponseHeaders: function() {},
+ getResponseHeader: function() {},
+ setRequestHeader: function() {},
+ abort: function() {
+ this.aborted = 1;
+ $io.attr('src', s.iframeSrc); // abort op in progress
+ }
+ };
+
+ var g = s.global;
+ // trigger ajax global events so that activity/block indicators work like normal
+ if (g && ! $.active++) {
+ $.event.trigger("ajaxStart");
+ }
+ if (g) {
+ $.event.trigger("ajaxSend", [xhr, s]);
+ }
+
+ if (s.beforeSend && s.beforeSend.call(s.context, xhr, s) === false) {
+ if (s.global) {
+ $.active--;
+ }
+ return;
+ }
+ if (xhr.aborted) {
+ return;
+ }
+
+ var cbInvoked = false;
+ var timedOut = 0;
+
+ // add submitting element to data if we know it
+ var sub = form.clk;
+ if (sub) {
+ var n = sub.name;
+ if (n && !sub.disabled) {
+ s.extraData = s.extraData || {};
+ s.extraData[n] = sub.value;
+ if (sub.type == "image") {
+ s.extraData[n+'.x'] = form.clk_x;
+ s.extraData[n+'.y'] = form.clk_y;
+ }
+ }
+ }
+
+ // take a breath so that pending repaints get some cpu time before the upload starts
+ function doSubmit() {
+ // make sure form attrs are set
+ var t = $form.attr('target'), a = $form.attr('action');
+
+ // update form attrs in IE friendly way
+ form.setAttribute('target',id);
+ if (form.getAttribute('method') != 'POST') {
+ form.setAttribute('method', 'POST');
+ }
+ if (form.getAttribute('action') != s.url) {
+ form.setAttribute('action', s.url);
+ }
+
+ // ie borks in some cases when setting encoding
+ if (! s.skipEncodingOverride) {
+ $form.attr({
+ encoding: 'multipart/form-data',
+ enctype: 'multipart/form-data'
+ });
+ }
+
+ // support timout
+ if (s.timeout) {
+ setTimeout(function() { timedOut = true; cb(); }, s.timeout);
+ }
+
+ // add "extra" data to form if provided in options
+ var extraInputs = [];
+ try {
+ if (s.extraData) {
+ for (var n in s.extraData) {
+ extraInputs.push(
+ $('<input type="hidden" name="'+n+'" value="'+s.extraData[n]+'" />')
+ .appendTo(form)[0]);
+ }
+ }
+
+ // add iframe to doc and submit the form
+ $io.appendTo('body');
+ $io.data('form-plugin-onload', cb);
+ form.submit();
+ }
+ finally {
+ // reset attrs and remove "extra" input elements
+ form.setAttribute('action',a);
+ if(t) {
+ form.setAttribute('target', t);
+ } else {
+ $form.removeAttr('target');
+ }
+ $(extraInputs).remove();
+ }
+ }
+
+ if (s.forceSync) {
+ doSubmit();
+ }
+ else {
+ setTimeout(doSubmit, 10); // this lets dom updates render
+ }
+
+ var data, doc, domCheckCount = 50;
+
+ function cb() {
+ if (cbInvoked) {
+ return;
+ }
+
+ $io.removeData('form-plugin-onload');
+
+ var ok = true;
+ try {
+ if (timedOut) {
+ throw 'timeout';
+ }
+ // extract the server response from the iframe
+ doc = io.contentWindow ? io.contentWindow.document : io.contentDocument ? io.contentDocument : io.document;
+
+ var isXml = s.dataType == 'xml' || doc.XMLDocument || $.isXMLDoc(doc);
+ log('isXml='+isXml);
+ if (!isXml && window.opera && (doc.body == null || doc.body.innerHTML == '')) {
+ if (--domCheckCount) {
+ // in some browsers (Opera) the iframe DOM is not always traversable when
+ // the onload callback fires, so we loop a bit to accommodate
+ log('requeing onLoad callback, DOM not available');
+ setTimeout(cb, 250);
+ return;
+ }
+ // let this fall through because server response could be an empty document
+ //log('Could not access iframe DOM after mutiple tries.');
+ //throw 'DOMException: not available';
+ }
+
+ //log('response detected');
+ cbInvoked = true;
+ xhr.responseText = doc.documentElement ? doc.documentElement.innerHTML : null;
+ xhr.responseXML = doc.XMLDocument ? doc.XMLDocument : doc;
+ xhr.getResponseHeader = function(header){
+ var headers = {'content-type': s.dataType};
+ return headers[header];
+ };
+
+ var scr = /(json|script)/.test(s.dataType);
+ if (scr || s.textarea) {
+ // see if user embedded response in textarea
+ var ta = doc.getElementsByTagName('textarea')[0];
+ if (ta) {
+ xhr.responseText = ta.value;
+ }
+ else if (scr) {
+ // account for browsers injecting pre around json response
+ var pre = doc.getElementsByTagName('pre')[0];
+ var b = doc.getElementsByTagName('body')[0];
+ if (pre) {
+ xhr.responseText = pre.innerHTML;
+ }
+ else if (b) {
+ xhr.responseText = b.innerHTML;
+ }
+ }
+ }
+ else if (s.dataType == 'xml' && !xhr.responseXML && xhr.responseText != null) {
+ xhr.responseXML = toXml(xhr.responseText);
+ }
+ data = $.httpData(xhr, s.dataType);
+ }
+ catch(e){
+ log('error caught:',e);
+ ok = false;
+ xhr.error = e;
+ $.handleError(s, xhr, 'error', e);
+ }
+
+ // ordering of these callbacks/triggers is odd, but that's how $.ajax does it
+ if (ok) {
+ s.success.call(s.context, data, 'success', xhr);
+ if (g) {
+ $.event.trigger("ajaxSuccess", [xhr, s]);
+ }
+ }
+ if (g) {
+ $.event.trigger("ajaxComplete", [xhr, s]);
+ }
+ if (g && ! --$.active) {
+ $.event.trigger("ajaxStop");
+ }
+ if (s.complete) {
+ s.complete.call(s.context, xhr, ok ? 'success' : 'error');
+ }
+
+ // clean up
+ setTimeout(function() {
+ $io.removeData('form-plugin-onload');
+ $io.remove();
+ xhr.responseXML = null;
+ }, 100);
+ }
+
+ function toXml(s, doc) {
+ if (window.ActiveXObject) {
+ doc = new ActiveXObject('Microsoft.XMLDOM');
+ doc.async = 'false';
+ doc.loadXML(s);
+ }
+ else {
+ doc = (new DOMParser()).parseFromString(s, 'text/xml');
+ }
+ return (doc && doc.documentElement && doc.documentElement.tagName != 'parsererror') ? doc : null;
+ }
+ }
+};
+
+/**
+ * ajaxForm() provides a mechanism for fully automating form submission.
+ *
+ * The advantages of using this method instead of ajaxSubmit() are:
+ *
+ * 1: This method will include coordinates for <input type="image" /> elements (if the element
+ * is used to submit the form).
+ * 2. This method will include the submit element's name/value data (for the element that was
+ * used to submit the form).
+ * 3. This method binds the submit() method to the form for you.
+ *
+ * The options argument for ajaxForm works exactly as it does for ajaxSubmit. ajaxForm merely
+ * passes the options argument along after properly binding events for submit elements and
+ * the form itself.
+ */
+$.fn.ajaxForm = function(options) {
+ // in jQuery 1.3+ we can fix mistakes with the ready state
+ if (this.length === 0) {
+ var o = { s: this.selector, c: this.context };
+ if (!$.isReady && o.s) {
+ log('DOM not ready, queuing ajaxForm');
+ $(function() {
+ $(o.s,o.c).ajaxForm(options);
+ });
+ return this;
+ }
+ // is your DOM ready? http://docs.jquery.com/Tutorials:Introducing_$(document).ready()
+ log('terminating; zero elements found by selector' + ($.isReady ? '' : ' (DOM not ready)'));
+ return this;
+ }
+
+ return this.ajaxFormUnbind().bind('submit.form-plugin', function(e) {
+ if (!e.isDefaultPrevented()) { // if event has been canceled, don't proceed
+ e.preventDefault();
+ $(this).ajaxSubmit(options);
+ }
+ }).bind('click.form-plugin', function(e) {
+ var target = e.target;
+ var $el = $(target);
+ if (!($el.is(":submit,input:image"))) {
+ // is this a child element of the submit el? (ex: a span within a button)
+ var t = $el.closest(':submit');
+ if (t.length == 0) {
+ return;
+ }
+ target = t[0];
+ }
+ var form = this;
+ form.clk = target;
+ if (target.type == 'image') {
+ if (e.offsetX != undefined) {
+ form.clk_x = e.offsetX;
+ form.clk_y = e.offsetY;
+ } else if (typeof $.fn.offset == 'function') { // try to use dimensions plugin
+ var offset = $el.offset();
+ form.clk_x = e.pageX - offset.left;
+ form.clk_y = e.pageY - offset.top;
+ } else {
+ form.clk_x = e.pageX - target.offsetLeft;
+ form.clk_y = e.pageY - target.offsetTop;
+ }
+ }
+ // clear form vars
+ setTimeout(function() { form.clk = form.clk_x = form.clk_y = null; }, 100);
+ });
+};
+
+// ajaxFormUnbind unbinds the event handlers that were bound by ajaxForm
+$.fn.ajaxFormUnbind = function() {
+ return this.unbind('submit.form-plugin click.form-plugin');
+};
+
+/**
+ * formToArray() gathers form element data into an array of objects that can
+ * be passed to any of the following ajax functions: $.get, $.post, or load.
+ * Each object in the array has both a 'name' and 'value' property. An example of
+ * an array for a simple login form might be:
+ *
+ * [ { name: 'username', value: 'jresig' }, { name: 'password', value: 'secret' } ]
+ *
+ * It is this array that is passed to pre-submit callback functions provided to the
+ * ajaxSubmit() and ajaxForm() methods.
+ */
+$.fn.formToArray = function(semantic) {
+ var a = [];
+ if (this.length === 0) {
+ return a;
+ }
+
+ var form = this[0];
+ var els = semantic ? form.getElementsByTagName('*') : form.elements;
+ if (!els) {
+ return a;
+ }
+
+ var i,j,n,v,el,max,jmax;
+ for(i=0, max=els.length; i < max; i++) {
+ el = els[i];
+ n = el.name;
+ if (!n) {
+ continue;
+ }
+
+ if (semantic && form.clk && el.type == "image") {
+ // handle image inputs on the fly when semantic == true
+ if(!el.disabled && form.clk == el) {
+ a.push({name: n, value: $(el).val()});
+ a.push({name: n+'.x', value: form.clk_x}, {name: n+'.y', value: form.clk_y});
+ }
+ continue;
+ }
+
+ v = $.fieldValue(el, true);
+ if (v && v.constructor == Array) {
+ for(j=0, jmax=v.length; j < jmax; j++) {
+ a.push({name: n, value: v[j]});
+ }
+ }
+ else if (v !== null && typeof v != 'undefined') {
+ a.push({name: n, value: v});
+ }
+ }
+
+ if (!semantic && form.clk) {
+ // input type=='image' are not found in elements array! handle it here
+ var $input = $(form.clk), input = $input[0];
+ n = input.name;
+ if (n && !input.disabled && input.type == 'image') {
+ a.push({name: n, value: $input.val()});
+ a.push({name: n+'.x', value: form.clk_x}, {name: n+'.y', value: form.clk_y});
+ }
+ }
+ return a;
+};
+
+/**
+ * Serializes form data into a 'submittable' string. This method will return a string
+ * in the format: name1=value1&amp;name2=value2
+ */
+$.fn.formSerialize = function(semantic) {
+ //hand off to jQuery.param for proper encoding
+ return $.param(this.formToArray(semantic));
+};
+
+/**
+ * Serializes all field elements in the jQuery object into a query string.
+ * This method will return a string in the format: name1=value1&amp;name2=value2
+ */
+$.fn.fieldSerialize = function(successful) {
+ var a = [];
+ this.each(function() {
+ var n = this.name;
+ if (!n) {
+ return;
+ }
+ var v = $.fieldValue(this, successful);
+ if (v && v.constructor == Array) {
+ for (var i=0,max=v.length; i < max; i++) {
+ a.push({name: n, value: v[i]});
+ }
+ }
+ else if (v !== null && typeof v != 'undefined') {
+ a.push({name: this.name, value: v});
+ }
+ });
+ //hand off to jQuery.param for proper encoding
+ return $.param(a);
+};
+
+/**
+ * Returns the value(s) of the element in the matched set. For example, consider the following form:
+ *
+ * <form><fieldset>
+ * <input name="A" type="text" />
+ * <input name="A" type="text" />
+ * <input name="B" type="checkbox" value="B1" />
+ * <input name="B" type="checkbox" value="B2"/>
+ * <input name="C" type="radio" value="C1" />
+ * <input name="C" type="radio" value="C2" />
+ * </fieldset></form>
+ *
+ * var v = $(':text').fieldValue();
+ * // if no values are entered into the text inputs
+ * v == ['','']
+ * // if values entered into the text inputs are 'foo' and 'bar'
+ * v == ['foo','bar']
+ *
+ * var v = $(':checkbox').fieldValue();
+ * // if neither checkbox is checked
+ * v === undefined
+ * // if both checkboxes are checked
+ * v == ['B1', 'B2']
+ *
+ * var v = $(':radio').fieldValue();
+ * // if neither radio is checked
+ * v === undefined
+ * // if first radio is checked
+ * v == ['C1']
+ *
+ * The successful argument controls whether or not the field element must be 'successful'
+ * (per http://www.w3.org/TR/html4/interact/forms.html#successful-controls).
+ * The default value of the successful argument is true. If this value is false the value(s)
+ * for each element is returned.
+ *
+ * Note: This method *always* returns an array. If no valid value can be determined the
+ * array will be empty, otherwise it will contain one or more values.
+ */
+$.fn.fieldValue = function(successful) {
+ for (var val=[], i=0, max=this.length; i < max; i++) {
+ var el = this[i];
+ var v = $.fieldValue(el, successful);
+ if (v === null || typeof v == 'undefined' || (v.constructor == Array && !v.length)) {
+ continue;
+ }
+ v.constructor == Array ? $.merge(val, v) : val.push(v);
+ }
+ return val;
+};
+
+/**
+ * Returns the value of the field element.
+ */
+$.fieldValue = function(el, successful) {
+ var n = el.name, t = el.type, tag = el.tagName.toLowerCase();
+ if (successful === undefined) {
+ successful = true;
+ }
+
+ if (successful && (!n || el.disabled || t == 'reset' || t == 'button' ||
+ (t == 'checkbox' || t == 'radio') && !el.checked ||
+ (t == 'submit' || t == 'image') && el.form && el.form.clk != el ||
+ tag == 'select' && el.selectedIndex == -1)) {
+ return null;
+ }
+
+ if (tag == 'select') {
+ var index = el.selectedIndex;
+ if (index < 0) {
+ return null;
+ }
+ var a = [], ops = el.options;
+ var one = (t == 'select-one');
+ var max = (one ? index+1 : ops.length);
+ for(var i=(one ? index : 0); i < max; i++) {
+ var op = ops[i];
+ if (op.selected) {
+ var v = op.value;
+ if (!v) { // extra pain for IE...
+ v = (op.attributes && op.attributes['value'] && !(op.attributes['value'].specified)) ? op.text : op.value;
+ }
+ if (one) {
+ return v;
+ }
+ a.push(v);
+ }
+ }
+ return a;
+ }
+ return $(el).val();
+};
+
+/**
+ * Clears the form data. Takes the following actions on the form's input fields:
+ * - input text fields will have their 'value' property set to the empty string
+ * - select elements will have their 'selectedIndex' property set to -1
+ * - checkbox and radio inputs will have their 'checked' property set to false
+ * - inputs of type submit, button, reset, and hidden will *not* be effected
+ * - button elements will *not* be effected
+ */
+$.fn.clearForm = function() {
+ return this.each(function() {
+ $('input,select,textarea', this).clearFields();
+ });
+};
+
+/**
+ * Clears the selected form elements.
+ */
+$.fn.clearFields = $.fn.clearInputs = function() {
+ return this.each(function() {
+ var t = this.type, tag = this.tagName.toLowerCase();
+ if (t == 'text' || t == 'password' || tag == 'textarea') {
+ this.value = '';
+ }
+ else if (t == 'checkbox' || t == 'radio') {
+ this.checked = false;
+ }
+ else if (tag == 'select') {
+ this.selectedIndex = -1;
+ }
+ });
+};
+
+/**
+ * Resets the form data. Causes all form elements to be reset to their original value.
+ */
+$.fn.resetForm = function() {
+ return this.each(function() {
+ // guard against an input with the name of 'reset'
+ // note that IE reports the reset function as an 'object'
+ if (typeof this.reset == 'function' || (typeof this.reset == 'object' && !this.reset.nodeType)) {
+ this.reset();
+ }
+ });
+};
+
+/**
+ * Enables or disables any matching elements.
+ */
+$.fn.enable = function(b) {
+ if (b === undefined) {
+ b = true;
+ }
+ return this.each(function() {
+ this.disabled = !b;
+ });
+};
+
+/**
+ * Checks/unchecks any matching checkboxes or radio buttons and
+ * selects/deselects and matching option elements.
+ */
+$.fn.selected = function(select) {
+ if (select === undefined) {
+ select = true;
+ }
+ return this.each(function() {
+ var t = this.type;
+ if (t == 'checkbox' || t == 'radio') {
+ this.checked = select;
+ }
+ else if (this.tagName.toLowerCase() == 'option') {
+ var $sel = $(this).parent('select');
+ if (select && $sel[0] && $sel[0].type == 'select-one') {
+ // deselect all other options
+ $sel.find('option').selected(false);
+ }
+ this.selected = select;
+ }
+ });
+};
+
+// helper fn for console logging
+// set $.fn.ajaxSubmit.debug to true to enable debug logging
+function log() {
+ if ($.fn.ajaxSubmit.debug) {
+ var msg = '[jquery.form] ' + Array.prototype.join.call(arguments,'');
+ if (window.console && window.console.log) {
+ window.console.log(msg);
+ }
+ else if (window.opera && window.opera.postError) {
+ window.opera.postError(msg);
+ }
+ }
+};
+
+})(jQuery);
diff --git a/config/snort-dev/snortsam-package-code/javascript/jquery.progressbar.min.js b/config/snort-dev/snortsam-package-code/javascript/jquery.progressbar.min.js
new file mode 100644
index 00000000..e85e1120
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/javascript/jquery.progressbar.min.js
@@ -0,0 +1,20 @@
+
+(function($){$.extend({progressBar:new function(){this.defaults={steps:20,stepDuration:20,max:100,showText:true,textFormat:'percentage',width:120,height:12,callback:null,boxImage:'/snort/images/progressbar.gif',barImage:{0:'images/progressbg_red.gif',30:'images/progressbg_orange.gif',70:'images/progressbg_green.gif'},running_value:0,value:0,image:null};this.construct=function(arg1,arg2){var argvalue=null;var argconfig=null;if(arg1!=null){if(!isNaN(arg1)){argvalue=arg1;if(arg2!=null){argconfig=arg2;}}else{argconfig=arg1;}}
+return this.each(function(child){var pb=this;var config=this.config;if(argvalue!=null&&this.bar!=null&&this.config!=null){this.config.value=parseInt(argvalue)
+if(argconfig!=null)
+pb.config=$.extend(this.config,argconfig);config=pb.config;}else{var $this=$(this);var config=$.extend({},$.progressBar.defaults,argconfig);config.id=$this.attr('id')?$this.attr('id'):Math.ceil(Math.random()*100000);if(argvalue==null)
+argvalue=$this.html().replace("%","")
+config.value=parseInt(argvalue);config.running_value=0;config.image=getBarImage(config);var numeric=['steps','stepDuration','max','width','height','running_value','value'];for(var i=0;i<numeric.length;i++)
+config[numeric[i]]=parseInt(config[numeric[i]]);$this.html("");var bar=document.createElement('img');var text=document.createElement('span');var $bar=$(bar);var $text=$(text);pb.bar=$bar;$bar.attr('id',config.id+"_pbImage");$text.attr('id',config.id+"_pbText");$text.html(getText(config));$bar.attr('title',getText(config));$bar.attr('alt',getText(config));$bar.attr('src',config.boxImage);$bar.attr('width',config.width);$bar.css("width",config.width+"px");$bar.css("height",config.height+"px");$bar.css("background-image","url("+config.image+")");$bar.css("background-position",((config.width*-1))+'px 50%');$bar.css("padding","0");$bar.css("margin","0");$this.append($bar);$this.append($text);}
+function getPercentage(config){return config.running_value*100/config.max;}
+function getBarImage(config){var image=config.barImage;if(typeof(config.barImage)=='object'){for(var i in config.barImage){if(config.running_value>=parseInt(i)){image=config.barImage[i];}else{break;}}}
+return image;}
+function getText(config){if(config.showText){if(config.textFormat=='percentage'){return" "+Math.round(config.running_value)+"%";}else if(config.textFormat=='fraction'){return" "+config.running_value+'/'+config.max;}}}
+config.increment=Math.round((config.value-config.running_value)/config.steps);if(config.increment<0)
+config.increment*=-1;if(config.increment<1)
+config.increment=1;var t=setInterval(function(){var pixels=config.width/100;if(config.running_value>config.value){if(config.running_value-config.increment<config.value){config.running_value=config.value;}else{config.running_value-=config.increment;}}
+else if(config.running_value<config.value){if(config.running_value+config.increment>config.value){config.running_value=config.value;}else{config.running_value+=config.increment;}}
+if(config.running_value==config.value)
+clearInterval(t);var $bar=$("#"+config.id+"_pbImage");var $text=$("#"+config.id+"_pbText");var image=getBarImage(config);if(image!=config.image){$bar.css("background-image","url("+image+")");config.image=image;}
+$bar.css("background-position",(((config.width*-1))+(getPercentage(config)*pixels))+'px 50%');$bar.attr('title',getText(config));$text.html(getText(config));if(config.callback!=null&&typeof(config.callback)=='function')
+config.callback(config);pb.config=config;},config.stepDuration);});};}});$.fn.extend({progressBar:$.progressBar.construct});})(jQuery); \ No newline at end of file
diff --git a/config/snort-dev/snortsam-package-code/javascript/snort_globalsend.js b/config/snort-dev/snortsam-package-code/javascript/snort_globalsend.js
new file mode 100644
index 00000000..dc92efba
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/javascript/snort_globalsend.js
@@ -0,0 +1,442 @@
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+jQuery.noConflict();
+
+//prepare the form when the DOM is ready
+jQuery(document).ready(function() {
+
+ jQuery(".icon_click").live('mouseover', function() {
+ jQuery(this).css('cursor', 'pointer');
+ });
+
+ //-------------------START Misc-------------------------------------------
+
+
+ /*! Needs to be watched not my code <- IMPORTANT
+ * JavaScript UUID Generator, v0.0.1
+ *
+ * Copyright (c) 2009 Massimo Lombardo.
+ * Dual licensed under the MIT and the GNU GPL licenses.
+ */
+
+ function genUUID() {
+ var uuid = (function () {
+ var i,
+ c = "89ab",
+ u = [];
+ for (i = 0; i < 36; i += 1) {
+ u[i] = (Math.random() * 16 | 0).toString(16);
+ }
+ u[8] = u[13] = u[18] = u[23] = "";
+ u[14] = "4";
+ u[19] = c.charAt(Math.random() * 4 | 0);
+ return u.join("");
+ })();
+ return {
+ toString: function () {
+ return uuid;
+ },
+ valueOf: function () {
+ return uuid;
+ }
+ };
+ }
+
+ //-------------------START Misc GLOBAL WINDOW-------------------------------------------
+ // NOTE: try not to add to manny of thses
+
+ /*
+ * Gives you even true or false on even numbers
+ */
+ window.isEven = function(someNumber) {
+
+ return (someNumber%2 == 0) ? true : false;
+
+ };
+
+ /*
+ * Loop through object with timeout.
+ * NOTE: IE9 still has issues. Example : deleted rules (6000+ sigs).
+ * Break up heavy javascript intensive processing into smaller parts. Used to stop "browser Stop responding" warnings.
+ */
+
+ /*
+ function processLoop( actionFunc, numTimes, numWait, doneFunc ) {
+ var i = 0;
+ var f = function () {
+ if (i < numTimes) {
+ actionFunc( i++ ); // closure on i
+ setTimeout( f, numWait );
+ }
+ else if (doneFunc) {
+ doneFunc();
+ }
+ };
+ f();
+ }
+ */
+
+ window.incrementallyProcess = function(workerCallback, data, chunkSize, timeout, completionCallback) {
+ var i = 0;
+ (function() {
+ var remainingDataLength = (data.length - i);
+ var currentChunkSize = (remainingDataLength >= chunkSize) ? chunkSize : remainingDataLength;
+ if(i < data.length) {
+ while(currentChunkSize--) {
+ workerCallback(i++);
+ }
+ setTimeout(arguments.callee, timeout);
+ } else if(completionCallback) {
+ completionCallback();
+ }
+ })();
+ };
+
+ // Please wait code
+ window.hideLoading = function(thisLocation){
+ jQuery(thisLocation).hide();
+ };
+
+ // Please wait code
+ window.showLoading = function(thisLocation){
+ jQuery(thisLocation).show();
+ };
+
+ // this was cp from stackoverflow dot com help question
+ // used to center snort modals
+ jQuery.fn.centerModal = function () {
+ this.css("position","absolute");
+ this.css("top", 70 + "px");
+ this.css("left", ((jQuery(window).width() - this.outerWidth()) / 2) + jQuery(window).scrollLeft() + "px");
+ return this;
+ };
+
+
+
+ //--------------------------- START select all code ---------------------------
+
+ jQuery('#select_all').live('click', function(){
+ checkAll(jQuery('.domecheck'));
+ });
+
+ jQuery('#deselect_all').live('click', function(){
+ uncheckAll(jQuery('.domecheck'));
+ });
+
+ function checkAll(field){
+ for (i = 0; i < field.length; i++){
+ field[i].checked = true;
+ }
+ }
+
+ function uncheckAll(field){
+ for (i = 0; i < field.length; i++){
+ field[i].checked = false;
+ }
+ }
+
+
+ // -------------------------- START cancel form code -------------------------------------------
+ //jQuery('#cancel').click(function() {
+ jQuery('#cancel').live('click', function(){
+
+ location.reload();
+
+ });
+
+
+// ------------------------------- START add row element ------------------------------------------
+
+ jQuery(".icon_plus").live('click', function() {
+
+ var NewRow_UUID = genUUID();
+ var rowNumCount = jQuery("#address").length;
+
+ if (rowNumCount > 0){
+ // stop empty
+ var prevAddressAll_ck = jQuery('tr[id^=maintable_]');
+ var prevAddress_ck = prevAddressAll_ck[prevAddressAll_ck.length-1].id;
+ var prevAddressEmpty_ck = jQuery.trim(jQuery('#' + prevAddress_ck + ' #address').val());
+
+ if (prevAddressEmpty_ck === ''){
+ return false;
+ }
+ }
+ jQuery('#listloopblock').append(
+ "\n" + '<tr id="maintable_' + NewRow_UUID + '" ' + 'data-options=\'{"pagetable":"SnortWhitelist", "pagedb":"snortDB", "DoPOST":"false"}\' >' +
+ '<td>' +
+ '<input class="formfld2" name="list[' + NewRow_UUID + '][ip]" type="text" id="address" size="30" value="" />' +
+ '</td>' +
+ '<td>' +
+ '<input class="formfld2" name="list[' + NewRow_UUID + '][description]" type="text" id="detail" size="50" value="" />' +
+ '</td>' +
+ '<td>' +
+ '<img id="icon_x_' + NewRow_UUID + '" class="icon_click icon_x" src="/themes/nervecenter/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" >' +
+ '</td>' +
+ '<input name="list[' + NewRow_UUID + '][uuid]" value="EmptyUUID" type="hidden">' +
+ '</tr>' + "\n"
+ );
+
+ });
+
+
+// ------------------------------- START remove row element ---------------------------------------
+
+
+ // removes row and deletes db entries
+ function removeRow(){
+ jQuery("#maintable_" + window.RemoveRow_UUID).remove();
+ }
+
+ jQuery(".icon_x").live('click', function(){
+
+ var elem = getBaseElement(this.id); // this.id gets id of .icon_x
+
+ // window.RemoveRow_UUID = jQuery("#rowlist_" + elem.index).data("options").rowuuid;
+ window.RemoveRow_UUID = elem.index;
+ window.RemoveRow_Table = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagetable;
+ window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb;
+ window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST;
+
+ // snort_interfaces_whitelist
+ if (window.RemoveRow_POST === 'true'){
+ if(confirm('Do you really want to delete this list? (e.g. snort rules will fall back to the default list)!')) {
+
+ jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast");
+
+ setTimeout(removeRow, 600);
+ jQuery(this).ajaxSubmit(optionsRMlist); // call POST
+ return false;
+ }
+ }
+
+ // remove element NO post
+ if (window.RemoveRow_POST === 'false'){
+
+ jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast");
+
+ setTimeout(removeRow, 600);
+
+ return false;
+
+ }
+
+ });
+
+ // resets db entries
+ function removeRow(){
+ jQuery("#maintable_" + window.RemoveRow_UUID).remove();
+ }
+
+ jQuery(".icon_r").live('click', function(){
+
+ var elem = getBaseElement(this.id); // this.id gets id of .icon_x
+
+ // window.RemoveRow_UUID = jQuery("#rowlist_" + elem.index).data("options").rowuuid;
+ window.RemoveRow_UUID = elem.index;
+ window.RemoveRow_Table = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagetable;
+ window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb;
+ window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST;
+
+ // snort_interfaces_whitelist
+ if (window.RemoveRow_POST === 'true'){
+ if(confirm('Do you really want to reset this list ? (e.g. DB will reset, all saved settings will be lost!)')) {
+
+ jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast");
+ jQuery("#maintable_" + window.RemoveRow_UUID).fadeIn("fast");
+
+ jQuery(this).ajaxSubmit(optionsRSTlist); // call POST
+ return false;
+ }
+ }
+
+ });
+
+
+ function RMlistDBDelCall(){
+ return RemoveRow_DB;
+ }
+
+ function RMlistTableDelCall(){
+ return RemoveRow_Table;
+ }
+
+ function RMlistUuidDelCall(){
+ return RemoveRow_UUID;
+ }
+
+ // pre-submit callback
+ function showRequestRMlist(formData, jqForm, optionsWhitelist) {
+
+ var queryString = jQuery.param(formData);
+
+ // call false to prevent form reload
+ return true;
+ }
+
+ // post-submit callback if snort_json_post.php returns true or false
+ function showResponseRMlist(data){
+
+ }
+
+ function getBaseElement(elem){
+ elem = elem + "";
+ var len = elem.length;
+ var lPos = elem.lastIndexOf("_") * 1;
+ var baseElem = elem.substr(0, lPos);
+ var index = elem.substr(lPos+1, len);
+
+ return {"base": baseElem, "index": index};
+
+ }
+
+
+ // declare variable for whitelist delete
+ var optionsRMlist = {
+ beforeSubmit: showRequestRMlist,
+ dataType: 'json',
+ success: showResponseRMlist,
+ type: 'POST',
+ data: { RMlistDelRow: '1', RMlistDB: RMlistDBDelCall, RMlistTable: RMlistTableDelCall, RMlistUuid: RMlistUuidDelCall },
+ url: './snort_json_post.php'
+ };
+
+ // declare variable for DB reset
+ var optionsRSTlist = {
+ beforeSubmit: showRequestRMlist,
+ dataType: 'json',
+ success: showResponseRMlist,
+ type: 'POST',
+ data: { RSTlistRow: '1', RSTlistDB: RMlistDBDelCall, RSTlistTable: RMlistTableDelCall, RSTlistUuid: RMlistUuidDelCall },
+ url: './snort_json_post.php'
+ };
+
+
+ // STOP remove row element
+
+// ------------------- START iform Submit/RETURN code ---------------------------------------------
+
+ /* general form */
+ //jQuery('#iform').submit(function() {
+ jQuery('#iform, #iform2, #iform3').live('submit', function(){
+
+ jQuery(this).ajaxSubmit(options);
+
+ return false;
+ });
+
+ // pre-submit callback
+ function showRequest(formData, jqForm, options) {
+
+ var queryString = jQuery.param(formData);
+
+ // call to please wait
+ showLoading('#loadingWaiting');
+ jQuery('.snortModal').centerModal();
+
+ //alert('About to submit: \n\n' + queryString);
+
+ // call false to prevent the form
+ return true;
+ }
+
+
+
+ function downloadsnortlogs(data){
+ jQuery('.hiddendownloadlink').append('<iframe width="1" height="1" frameborder="0" src="/snort/snort_json_get.php?snortlogdownload=1&snortlogfilename=' + data.downloadfilename + '" ></iframe>');
+
+ var appendElem = jQuery('<br> <span>success...<span>');
+ appendElem.appendTo('.loadingWaitingMessage');
+ setTimeout(hideLoading('#loadingWaiting'), 3000);
+ }
+
+ // After Save Calls display
+ var appendElem = jQuery('<br> <span>success...<span>');
+ function finnish(){
+ // hold msg for a min
+ setTimeout(function(){
+ hideLoading('#loadingWaiting');
+ appendElem.remove();
+ updatestarted = 1;
+ }, 1200 );
+ }
+
+ function showResponse(data, responseText, statusText, xhr, $form){
+
+ // START of fill call to user
+ if (responseText === 'success') {
+
+ // snort logs download success
+ if (data.downloadfilename !== '' && data.snortdownload === 'success'){
+ downloadsnortlogs(data);
+ }
+
+ // succsess display
+ if (data.snortgeneralsettings === 'success' || data.snortdelete === 'success' || data.snortreset === 'success'){
+ // sucsses msg
+ appendElem.appendTo('.loadingWaitingMessage');
+
+ // Clean up Waiting code
+ finnish();
+
+ if (data.snortMiscTabCall === 'true'){
+ jQuery.fn.miscTabCall(); // call tab misc functions
+ }
+
+ if (data.snortreset) {location.reload();} // hard refresh
+
+ }
+
+ // END of fill call to user
+ }else{
+ // On FAIL get some info back
+ //alert('responseText: \n' + data.responseText + 'FAIL');
+ }
+ }
+ // END iform code
+
+ // declare variable for iform
+ var options = {
+ beforeSubmit: showRequest,
+ dataType: 'json',
+ success: showResponse,
+ type: 'POST',
+ url: './snort_json_post.php'
+ };
+
+}); // end of document ready
+
diff --git a/config/snort-dev/snortsam-package-code/patches/SnortSam/TODAO.txt b/config/snort-dev/snortsam-package-code/patches/SnortSam/TODAO.txt
new file mode 100644
index 00000000..3abf0303
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/patches/SnortSam/TODAO.txt
@@ -0,0 +1 @@
+Patch current snort 2.9 \ No newline at end of file
diff --git a/config/snort-dev/snortsam-package-code/patches/SnortSam/snortsam-2.8.6.1.diff b/config/snort-dev/snortsam-package-code/patches/SnortSam/snortsam-2.8.6.1.diff
new file mode 100644
index 00000000..983165e1
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/patches/SnortSam/snortsam-2.8.6.1.diff
@@ -0,0 +1,3021 @@
+Index: snort-2.8.6.1/src/twofish.c
+===================================================================
+--- snort-2.8.6.1/src/twofish.c (Revision 0)
++++ snort-2.8.6.1/src/twofish.c (Revision 3)
+@@ -0,0 +1,971 @@
++/* $Id: twofish.c,v 2.1 2008/12/15 20:36:05 fknobbe Exp $
++ *
++ *
++ * Copyright (C) 1997-2000 The Cryptix Foundation Limited.
++ * Copyright (C) 2000 Farm9.
++ * Copyright (C) 2001 Frank Knobbe.
++ * All rights reserved.
++ *
++ * For Cryptix code:
++ * Use, modification, copying and distribution of this software is subject
++ * the terms and conditions of the Cryptix General Licence. You should have
++ * received a copy of the Cryptix General Licence along with this library;
++ * if not, you can download a copy from http://www.cryptix.org/ .
++ *
++ * For Farm9:
++ * --- jojo@farm9.com, August 2000, converted from Java to C++, added CBC mode and
++ * ciphertext stealing technique, added AsciiTwofish class for easy encryption
++ * decryption of text strings
++ *
++ * Frank Knobbe <frank@knobbe.us>:
++ * --- April 2001, converted from C++ to C, prefixed global variables
++ * with TwoFish, substituted some defines, changed functions to make use of
++ * variables supplied in a struct, modified and added routines for modular calls.
++ * Cleaned up the code so that defines are used instead of fixed 16's and 32's.
++ * Created two general purpose crypt routines for one block and multiple block
++ * encryption using Joh's CBC code.
++ * Added crypt routines that use a header (with a magic and data length).
++ * (Basically a major rewrite).
++ *
++ * Note: Routines labeled _TwoFish are private and should not be used
++ * (or with extreme caution).
++ *
++ */
++
++#ifndef __TWOFISH_LIBRARY_SOURCE__
++#define __TWOFISH_LIBRARY_SOURCE__
++
++#include <string.h>
++#include <stdlib.h>
++#include <time.h>
++#include <ctype.h>
++#include <sys/types.h>
++
++#ifdef WIN32
++
++#ifndef u_long
++typedef unsigned long u_long;
++#endif
++#ifndef u_int32_t
++typedef unsigned long u_int32_t;
++#endif
++#ifndef u_word
++typedef unsigned short u_word;
++#endif
++#ifndef u_int16_t
++typedef unsigned short u_int16_t;
++#endif
++#ifndef u_char
++typedef unsigned char u_char;
++#endif
++#ifndef u_int8_t
++typedef unsigned char u_int8_t;
++#endif
++
++#endif /* WIN32 */
++
++#include "twofish.h"
++
++
++bool TwoFish_srand=TRUE; /* if TRUE, first call of TwoFishInit will seed rand(); */
++ /* of TwoFishInit */
++
++/* Fixed 8x8 permutation S-boxes */
++static const u_int8_t TwoFish_P[2][256] =
++{
++ { /* p0 */
++ 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,
++ 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
++ 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,
++ 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
++ 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,
++ 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
++ 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,
++ 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
++ 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,
++ 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
++ 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,
++ 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
++ 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,
++ 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
++ 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,
++ 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
++ 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,
++ 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
++ 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,
++ 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
++ 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,
++ 0x4A, 0x5E, 0xC1, 0xE0
++ },
++ { /* p1 */
++ 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,
++ 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
++ 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,
++ 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
++ 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,
++ 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
++ 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,
++ 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
++ 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,
++ 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
++ 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,
++ 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
++ 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,
++ 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
++ 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,
++ 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
++ 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,
++ 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
++ 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,
++ 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
++ 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,
++ 0x55, 0x09, 0xBE, 0x91
++ }
++};
++
++static bool TwoFish_MDSready=FALSE;
++static u_int32_t TwoFish_MDS[4][256]; /* TwoFish_MDS matrix */
++
++
++#define TwoFish_LFSR1(x) (((x)>>1)^(((x)&0x01)?TwoFish_MDS_GF_FDBK/2:0))
++#define TwoFish_LFSR2(x) (((x)>>2)^(((x)&0x02)?TwoFish_MDS_GF_FDBK/2:0)^(((x)&0x01)?TwoFish_MDS_GF_FDBK/4:0))
++
++#define TwoFish_Mx_1(x) ((u_int32_t)(x)) /* force result to dword so << will work */
++#define TwoFish_Mx_X(x) ((u_int32_t)((x)^TwoFish_LFSR2(x))) /* 5B */
++#define TwoFish_Mx_Y(x) ((u_int32_t)((x)^TwoFish_LFSR1(x)^TwoFish_LFSR2(x))) /* EF */
++#define TwoFish_RS_rem(x) { u_int8_t b=(u_int8_t)(x>>24); u_int32_t g2=((b<<1)^((b&0x80)?TwoFish_RS_GF_FDBK:0))&0xFF; u_int32_t g3=((b>>1)&0x7F)^((b&1)?TwoFish_RS_GF_FDBK>>1:0)^g2; x=(x<<8)^(g3<<24)^(g2<<16)^(g3<<8)^b; }
++
++/*#define TwoFish__b(x,N) (((u_int8_t *)&x)[((N)&3)^TwoFish_ADDR_XOR])*/ /* pick bytes out of a dword */
++
++#define TwoFish_b0(x) TwoFish__b(x,0) /* extract LSB of u_int32_t */
++#define TwoFish_b1(x) TwoFish__b(x,1)
++#define TwoFish_b2(x) TwoFish__b(x,2)
++#define TwoFish_b3(x) TwoFish__b(x,3) /* extract MSB of u_int32_t */
++
++u_int8_t TwoFish__b(u_int32_t x,int n)
++{ n&=3;
++ while(n-->0)
++ x>>=8;
++ return (u_int8_t)x;
++}
++
++
++/* TwoFish Initialization
++ *
++ * This routine generates a global data structure for use with TwoFish,
++ * initializes important values (such as subkeys, sBoxes), generates subkeys
++ * and precomputes the MDS matrix if not already done.
++ *
++ * Input: User supplied password (will be appended by default password of 'SnortHas2FishEncryptionRoutines!')
++ *
++ * Output: Pointer to TWOFISH structure. This data structure contains key dependent data.
++ * This pointer is used with all other crypt functions.
++ */
++
++TWOFISH *TwoFishInit(char *userkey)
++{ TWOFISH *tfdata;
++ int i,x,m;
++ char tkey[TwoFish_KEY_LENGTH+40];
++
++ tfdata=malloc(sizeof(TWOFISH)); /* allocate the TwoFish structure */
++ if(tfdata!=NULL)
++ { if(*userkey)
++ { strncpy(tkey,userkey,TwoFish_KEY_LENGTH); /* use first 32 chars of user supplied password */
++ tkey[TwoFish_KEY_LENGTH]=0; /* make sure it wasn't more */
++ }
++ else
++ strcpy(tkey,TwoFish_DEFAULT_PW); /* if no key defined, use default password */
++ for(i=0,x=0,m=strlen(tkey);i<TwoFish_KEY_LENGTH;i++) /* copy into data structure */
++ { tfdata->key[i]=tkey[x++]; /* fill the whole keyspace with repeating key. */
++ if(x==m)
++ x=0;
++ }
++
++ if(!TwoFish_MDSready)
++ _TwoFish_PrecomputeMDSmatrix(); /* "Wake Up, Neo" */
++ _TwoFish_MakeSubKeys(tfdata); /* generate subkeys */
++ _TwoFish_ResetCBC(tfdata); /* reset the CBC */
++ tfdata->output=NULL; /* nothing to output yet */
++ tfdata->dontflush=FALSE; /* reset decrypt skip block flag */
++ if(TwoFish_srand)
++ { TwoFish_srand=FALSE;
++ srand(time(NULL));
++ }
++ }
++ return tfdata; /* return the data pointer */
++}
++
++
++void TwoFishDestroy(TWOFISH *tfdata)
++{ if(tfdata!=NULL)
++ free(tfdata);
++}
++
++
++/* en/decryption with CBC mode */
++unsigned long _TwoFish_CryptRawCBC(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata)
++{ unsigned long rl;
++
++ rl=len; /* remember how much data to crypt. */
++ while(len>TwoFish_BLOCK_SIZE) /* and now we process block by block. */
++ { _TwoFish_BlockCrypt(in,out,TwoFish_BLOCK_SIZE,decrypt,tfdata); /* de/encrypt it. */
++ in+=TwoFish_BLOCK_SIZE; /* adjust pointers. */
++ out+=TwoFish_BLOCK_SIZE;
++ len-=TwoFish_BLOCK_SIZE;
++ }
++ if(len>0) /* if we have less than a block left... */
++ _TwoFish_BlockCrypt(in,out,len,decrypt,tfdata); /* ...then we de/encrypt that too. */
++ if(tfdata->qBlockDefined && !tfdata->dontflush) /* in case len was exactly one block... */
++ _TwoFish_FlushOutput(tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE,tfdata); /* ...we need to write the... */
++ /* ...remaining bytes of the buffer */
++ return rl;
++}
++
++/* en/decryption on one block only */
++unsigned long _TwoFish_CryptRaw16(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata)
++{ /* qBlockPlain already zero'ed through ResetCBC */
++ memcpy(tfdata->qBlockPlain,in,len); /* toss the data into it. */
++ _TwoFish_BlockCrypt16(tfdata->qBlockPlain,tfdata->qBlockCrypt,decrypt,tfdata); /* encrypt just that block without CBC. */
++ memcpy(out,tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE); /* and return what we got */
++ return TwoFish_BLOCK_SIZE;
++}
++
++/* en/decryption without reset of CBC and output assignment */
++unsigned long _TwoFish_CryptRaw(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata)
++{
++ if(in!=NULL && out!=NULL && len>0 && tfdata!=NULL) /* if we have valid data, then... */
++ { if(len>TwoFish_BLOCK_SIZE) /* ...check if we have more than one block. */
++ return _TwoFish_CryptRawCBC(in,out,len,decrypt,tfdata); /* if so, use the CBC routines... */
++ else
++ return _TwoFish_CryptRaw16(in,out,len,decrypt,tfdata); /* ...otherwise just do one block. */
++ }
++ return 0;
++}
++
++
++/* TwoFish Raw Encryption
++ *
++ * Does not use header, but does use CBC (if more than one block has to be encrypted).
++ *
++ * Input: Pointer to the buffer of the plaintext to be encrypted.
++ * Pointer to the buffer receiving the ciphertext.
++ * The length of the plaintext buffer.
++ * The TwoFish structure.
++ *
++ * Output: The amount of bytes encrypted if successful, otherwise 0.
++ */
++
++unsigned long TwoFishEncryptRaw(char *in,
++ char *out,
++ unsigned long len,
++ TWOFISH *tfdata)
++{ _TwoFish_ResetCBC(tfdata); /* reset CBC flag. */
++ tfdata->output=out; /* output straight into output buffer. */
++ return _TwoFish_CryptRaw(in,out,len,FALSE,tfdata); /* and go for it. */
++}
++
++/* TwoFish Raw Decryption
++ *
++ * Does not use header, but does use CBC (if more than one block has to be decrypted).
++ *
++ * Input: Pointer to the buffer of the ciphertext to be decrypted.
++ * Pointer to the buffer receiving the plaintext.
++ * The length of the ciphertext buffer (at least one cipher block).
++ * The TwoFish structure.
++ *
++ * Output: The amount of bytes decrypted if successful, otherwise 0.
++ */
++
++unsigned long TwoFishDecryptRaw(char *in,
++ char *out,
++ unsigned long len,
++ TWOFISH *tfdata)
++{ _TwoFish_ResetCBC(tfdata); /* reset CBC flag. */
++ tfdata->output=out; /* output straight into output buffer. */
++ return _TwoFish_CryptRaw(in,out,len,TRUE,tfdata); /* and go for it. */
++}
++
++/* TwoFish Free
++ *
++ * Free's the allocated buffer.
++ *
++ * Input: Pointer to the TwoFish structure
++ *
++ * Output: (none)
++ */
++
++void TwoFishFree(TWOFISH *tfdata)
++{ if(tfdata->output!=NULL) /* if a valid buffer is present... */
++ { free(tfdata->output); /* ...then we free it for you... */
++ tfdata->output=NULL; /* ...and mark as such. */
++ }
++}
++
++/* TwoFish Set Output
++ *
++ * If you want to allocate the output buffer yourself,
++ * then you can set it with this function.
++ *
++ * Input: Pointer to your output buffer
++ * Pointer to the TwoFish structure
++ *
++ * Output: (none)
++ */
++
++void TwoFishSetOutput(char *outp,TWOFISH *tfdata)
++{ tfdata->output=outp; /* (do we really need a function for this?) */
++}
++
++/* TwoFish Alloc
++ *
++ * Allocates enough memory for the output buffer that would be required
++ *
++ * Input: Length of the plaintext.
++ * Boolean flag for BinHex Output.
++ * Pointer to the TwoFish structure.
++ *
++ * Output: Returns a pointer to the memory allocated.
++ */
++
++void *TwoFishAlloc(unsigned long len,bool binhex,bool decrypt,TWOFISH *tfdata)
++{
++/* TwoFishFree(tfdata); */ /* (don't for now) discard whatever was allocated earlier. */
++ if(decrypt) /* if decrypting... */
++ { if(binhex) /* ...and input is binhex encoded... */
++ len/=2; /* ...use half as much for output. */
++ len-=TwoFish_BLOCK_SIZE; /* Also, subtract the size of the header. */
++ }
++ else
++ { len+=TwoFish_BLOCK_SIZE; /* the size is just increased by the header... */
++ if(binhex)
++ len*=2; /* ...and doubled if output is to be binhexed. */
++ }
++ tfdata->output=malloc(len+TwoFish_BLOCK_SIZE);/* grab some memory...plus some extra (it's running over somewhere, crashes without extra padding) */
++
++ return tfdata->output; /* ...and return to caller. */
++}
++
++/* bin2hex and hex2bin conversion */
++void _TwoFish_BinHex(u_int8_t *buf,unsigned long len,bool bintohex)
++{ u_int8_t *pi,*po,c;
++
++ if(bintohex)
++ { for(pi=buf+len-1,po=buf+(2*len)-1;len>0;pi--,po--,len--) /* let's start from the end of the bin block. */
++ { c=*pi; /* grab value. */
++ c&=15; /* use lower 4 bits. */
++ if(c>9) /* convert to ascii. */
++ c+=('a'-10);
++ else
++ c+='0';
++ *po--=c; /* set the lower nibble. */
++ c=*pi; /* grab value again. */
++ c>>=4; /* right shift 4 bits. */
++ c&=15; /* make sure we only have 4 bits. */
++ if(c>9) /* convert to ascii. */
++ c+=('a'-10);
++ else
++ c+='0';
++ *po=c; /* set the higher nibble. */
++ } /* and keep going. */
++ }
++ else
++ { for(pi=buf,po=buf;len>0;pi++,po++,len-=2) /* let's start from the beginning of the hex block. */
++ { c=tolower(*pi++)-'0'; /* grab higher nibble. */
++ if(c>9) /* convert to value. */
++ c-=('0'-9);
++ *po=c<<4; /* left shit 4 bits. */
++ c=tolower(*pi)-'0'; /* grab lower nibble. */
++ if(c>9) /* convert to value. */
++ c-=('0'-9);
++ *po|=c; /* and add to value. */
++ }
++ }
++}
++
++
++/* TwoFish Encryption
++ *
++ * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc,
++ * this routine will alloc the memory. In addition, it will include a small 'header'
++ * containing the magic and some salt. That way the decrypt routine can check if the
++ * packet got decrypted successfully, and return 0 instead of garbage.
++ *
++ * Input: Pointer to the buffer of the plaintext to be encrypted.
++ * Pointer to the pointer to the buffer receiving the ciphertext.
++ * The pointer either points to user allocated output buffer space, or to NULL, in which case
++ * this routine will set the pointer to the buffer allocated through the struct.
++ * The length of the plaintext buffer.
++ * Can be -1 if the input is a null terminated string, in which case we'll count for you.
++ * Boolean flag for BinHex Output (if used, output will be twice as large as input).
++ * Note: BinHex conversion overwrites (converts) input buffer!
++ * The TwoFish structure.
++ *
++ * Output: The amount of bytes encrypted if successful, otherwise 0.
++ */
++
++unsigned long TwoFishEncrypt(char *in,
++ char **out,
++ signed long len,
++ bool binhex,
++ TWOFISH *tfdata)
++{ unsigned long ilen,olen;
++
++
++ if(len== -1) /* if we got -1 for len, we'll assume IN is a... */
++ ilen=strlen(in); /* ...\0 terminated string and figure len out ourselves... */
++ else
++ ilen=len; /* ...otherwise we trust you supply a correct length. */
++
++ if(in!=NULL && out!=NULL && ilen>0 && tfdata!=NULL) /* if we got usable stuff, we'll do it. */
++ { if(*out==NULL) /* if OUT points to a NULL pointer... */
++ *out=TwoFishAlloc(ilen,binhex,FALSE,tfdata); /* ...we'll (re-)allocate buffer space. */
++ if(*out!=NULL)
++ { tfdata->output=*out; /* set output buffer. */
++ tfdata->header.salt=rand()*65536+rand(); /* toss in some salt. */
++ tfdata->header.length[0]= (u_int8_t)(ilen);
++ tfdata->header.length[1]= (u_int8_t)(ilen>>8);
++ tfdata->header.length[2]= (u_int8_t)(ilen>>16);
++ tfdata->header.length[3]= (u_int8_t)(ilen>>24);
++ memcpy(tfdata->header.magic,TwoFish_MAGIC,TwoFish_MAGIC_LEN); /* set the magic. */
++ olen=TwoFish_BLOCK_SIZE; /* set output counter. */
++ _TwoFish_ResetCBC(tfdata); /* reset the CBC flag */
++ _TwoFish_BlockCrypt((u_int8_t *)&(tfdata->header),*out,olen,FALSE,tfdata); /* encrypt first block (without flush on 16 byte boundary). */
++ olen+=_TwoFish_CryptRawCBC(in,*out+TwoFish_BLOCK_SIZE,ilen,FALSE,tfdata); /* and encrypt the rest (we do not reset the CBC flag). */
++ if(binhex) /* if binhex... */
++ { _TwoFish_BinHex(*out,olen,TRUE); /* ...convert output to binhex... */
++ olen*=2; /* ...and size twice as large. */
++ }
++ tfdata->output=*out;
++ return olen;
++ }
++ }
++ return 0;
++}
++
++/* TwoFish Decryption
++ *
++ * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc,
++ * this routine will alloc the memory. In addition, it will check the small 'header'
++ * containing the magic. If magic does not match we return 0. Otherwise we return the
++ * amount of bytes decrypted (should be the same as the length in the header).
++ *
++ * Input: Pointer to the buffer of the ciphertext to be decrypted.
++ * Pointer to the pointer to the buffer receiving the plaintext.
++ * The pointer either points to user allocated output buffer space, or to NULL, in which case
++ * this routine will set the pointer to the buffer allocated through the struct.
++ * The length of the ciphertext buffer.
++ * Can be -1 if the input is a null terminated binhex string, in which case we'll count for you.
++ * Boolean flag for BinHex Input (if used, plaintext will be half as large as input).
++ * Note: BinHex conversion overwrites (converts) input buffer!
++ * The TwoFish structure.
++ *
++ * Output: The amount of bytes decrypted if successful, otherwise 0.
++ */
++
++unsigned long TwoFishDecrypt(char *in,
++ char **out,
++ signed long len,
++ bool binhex,
++ TWOFISH *tfdata)
++{ unsigned long ilen,elen,olen;
++ const u_int8_t cmagic[TwoFish_MAGIC_LEN]=TwoFish_MAGIC;
++ u_int8_t *tbuf;
++
++
++
++ if(len== -1) /* if we got -1 for len, we'll assume IN is... */
++ ilen=strlen(in); /* ...\0 terminated binhex and figure len out ourselves... */
++ else
++ ilen=len; /* ...otherwise we trust you supply a correct length. */
++
++ if(in!=NULL && out!=NULL && ilen>0 && tfdata!=NULL) /* if we got usable stuff, we'll do it. */
++ { if(*out==NULL) /* if OUT points to a NULL pointer... */
++ *out=TwoFishAlloc(ilen,binhex,TRUE,tfdata); /* ...we'll (re-)allocate buffer space. */
++ if(*out!=NULL)
++ { if(binhex) /* if binhex... */
++ { _TwoFish_BinHex(in,ilen,FALSE); /* ...convert input to values... */
++ ilen/=2; /* ...and size half as much. */
++ }
++ _TwoFish_ResetCBC(tfdata); /* reset the CBC flag. */
++
++ tbuf=(u_int8_t *)malloc(ilen+TwoFish_BLOCK_SIZE); /* get memory for data and header. */
++ if(tbuf==NULL)
++ return 0;
++ tfdata->output=tbuf; /* set output to temp buffer. */
++
++ olen=_TwoFish_CryptRawCBC(in,tbuf,ilen,TRUE,tfdata)-TwoFish_BLOCK_SIZE; /* decrypt the whole thing. */
++ memcpy(&(tfdata->header),tbuf,TwoFish_BLOCK_SIZE); /* copy first block into header. */
++ tfdata->output=*out;
++ for(elen=0;elen<TwoFish_MAGIC_LEN;elen++) /* compare magic. */
++ if(tfdata->header.magic[elen]!=cmagic[elen])
++ break;
++ if(elen==TwoFish_MAGIC_LEN) /* if magic matches then... */
++ { elen=(tfdata->header.length[0]) |
++ (tfdata->header.length[1])<<8 |
++ (tfdata->header.length[2])<<16 |
++ (tfdata->header.length[3])<<24; /* .. we know how much to expect. */
++ if(elen>olen) /* adjust if necessary. */
++ elen=olen;
++ memcpy(*out,tbuf+TwoFish_BLOCK_SIZE,elen); /* copy data into intended output. */
++ free(tbuf);
++ return elen;
++ }
++ free(tbuf);
++ }
++ }
++ return 0;
++}
++
++void _TwoFish_PrecomputeMDSmatrix(void) /* precompute the TwoFish_MDS matrix */
++{ u_int32_t m1[2];
++ u_int32_t mX[2];
++ u_int32_t mY[2];
++ u_int32_t i, j;
++
++ for (i = 0; i < 256; i++)
++ { j = TwoFish_P[0][i] & 0xFF; /* compute all the matrix elements */
++ m1[0] = j;
++ mX[0] = TwoFish_Mx_X( j ) & 0xFF;
++ mY[0] = TwoFish_Mx_Y( j ) & 0xFF;
++
++ j = TwoFish_P[1][i] & 0xFF;
++ m1[1] = j;
++ mX[1] = TwoFish_Mx_X( j ) & 0xFF;
++ mY[1] = TwoFish_Mx_Y( j ) & 0xFF;
++
++ TwoFish_MDS[0][i] = m1[TwoFish_P_00] | /* fill matrix w/ above elements */
++ mX[TwoFish_P_00] << 8 |
++ mY[TwoFish_P_00] << 16 |
++ mY[TwoFish_P_00] << 24;
++ TwoFish_MDS[1][i] = mY[TwoFish_P_10] |
++ mY[TwoFish_P_10] << 8 |
++ mX[TwoFish_P_10] << 16 |
++ m1[TwoFish_P_10] << 24;
++ TwoFish_MDS[2][i] = mX[TwoFish_P_20] |
++ mY[TwoFish_P_20] << 8 |
++ m1[TwoFish_P_20] << 16 |
++ mY[TwoFish_P_20] << 24;
++ TwoFish_MDS[3][i] = mX[TwoFish_P_30] |
++ m1[TwoFish_P_30] << 8 |
++ mY[TwoFish_P_30] << 16 |
++ mX[TwoFish_P_30] << 24;
++ }
++ TwoFish_MDSready=TRUE;
++}
++
++
++void _TwoFish_MakeSubKeys(TWOFISH *tfdata) /* Expand a user-supplied key material into a session key. */
++{ u_int32_t k64Cnt = TwoFish_KEY_LENGTH / 8;
++ u_int32_t k32e[4]; /* even 32-bit entities */
++ u_int32_t k32o[4]; /* odd 32-bit entities */
++ u_int32_t sBoxKey[4];
++ u_int32_t offset,i,j;
++ u_int32_t A, B, q=0;
++ u_int32_t k0,k1,k2,k3;
++ u_int32_t b0,b1,b2,b3;
++
++ /* split user key material into even and odd 32-bit entities and */
++ /* compute S-box keys using (12, 8) Reed-Solomon code over GF(256) */
++
++
++ for (offset=0,i=0,j=k64Cnt-1;i<4 && offset<TwoFish_KEY_LENGTH;i++,j--)
++ { k32e[i] = tfdata->key[offset++];
++ k32e[i]|= tfdata->key[offset++]<<8;
++ k32e[i]|= tfdata->key[offset++]<<16;
++ k32e[i]|= tfdata->key[offset++]<<24;
++ k32o[i] = tfdata->key[offset++];
++ k32o[i]|= tfdata->key[offset++]<<8;
++ k32o[i]|= tfdata->key[offset++]<<16;
++ k32o[i]|= tfdata->key[offset++]<<24;
++ sBoxKey[j] = _TwoFish_RS_MDS_Encode( k32e[i], k32o[i] ); /* reverse order */
++ }
++
++ /* compute the round decryption subkeys for PHT. these same subkeys */
++ /* will be used in encryption but will be applied in reverse order. */
++ i=0;
++ while(i < TwoFish_TOTAL_SUBKEYS)
++ { A = _TwoFish_F32( k64Cnt, q, k32e ); /* A uses even key entities */
++ q += TwoFish_SK_BUMP;
++
++ B = _TwoFish_F32( k64Cnt, q, k32o ); /* B uses odd key entities */
++ q += TwoFish_SK_BUMP;
++
++ B = B << 8 | B >> 24;
++
++ A += B;
++ tfdata->subKeys[i++] = A; /* combine with a PHT */
++
++ A += B;
++ tfdata->subKeys[i++] = A << TwoFish_SK_ROTL | A >> (32-TwoFish_SK_ROTL);
++ }
++
++ /* fully expand the table for speed */
++ k0 = sBoxKey[0];
++ k1 = sBoxKey[1];
++ k2 = sBoxKey[2];
++ k3 = sBoxKey[3];
++
++ for (i = 0; i < 256; i++)
++ { b0 = b1 = b2 = b3 = i;
++ switch (k64Cnt & 3)
++ { case 1: /* 64-bit keys */
++ tfdata->sBox[ 2*i ] = TwoFish_MDS[0][(TwoFish_P[TwoFish_P_01][b0]) ^ TwoFish_b0(k0)];
++ tfdata->sBox[ 2*i+1] = TwoFish_MDS[1][(TwoFish_P[TwoFish_P_11][b1]) ^ TwoFish_b1(k0)];
++ tfdata->sBox[0x200+2*i ] = TwoFish_MDS[2][(TwoFish_P[TwoFish_P_21][b2]) ^ TwoFish_b2(k0)];
++ tfdata->sBox[0x200+2*i+1] = TwoFish_MDS[3][(TwoFish_P[TwoFish_P_31][b3]) ^ TwoFish_b3(k0)];
++ break;
++ case 0: /* 256-bit keys (same as 4) */
++ b0 = (TwoFish_P[TwoFish_P_04][b0]) ^ TwoFish_b0(k3);
++ b1 = (TwoFish_P[TwoFish_P_14][b1]) ^ TwoFish_b1(k3);
++ b2 = (TwoFish_P[TwoFish_P_24][b2]) ^ TwoFish_b2(k3);
++ b3 = (TwoFish_P[TwoFish_P_34][b3]) ^ TwoFish_b3(k3);
++ case 3: /* 192-bit keys */
++ b0 = (TwoFish_P[TwoFish_P_03][b0]) ^ TwoFish_b0(k2);
++ b1 = (TwoFish_P[TwoFish_P_13][b1]) ^ TwoFish_b1(k2);
++ b2 = (TwoFish_P[TwoFish_P_23][b2]) ^ TwoFish_b2(k2);
++ b3 = (TwoFish_P[TwoFish_P_33][b3]) ^ TwoFish_b3(k2);
++ case 2: /* 128-bit keys */
++ tfdata->sBox[ 2*i ]=
++ TwoFish_MDS[0][(TwoFish_P[TwoFish_P_01][(TwoFish_P[TwoFish_P_02][b0]) ^
++ TwoFish_b0(k1)]) ^ TwoFish_b0(k0)];
++
++ tfdata->sBox[ 2*i+1]=
++ TwoFish_MDS[1][(TwoFish_P[TwoFish_P_11][(TwoFish_P[TwoFish_P_12][b1]) ^
++ TwoFish_b1(k1)]) ^ TwoFish_b1(k0)];
++
++ tfdata->sBox[0x200+2*i ]=
++ TwoFish_MDS[2][(TwoFish_P[TwoFish_P_21][(TwoFish_P[TwoFish_P_22][b2]) ^
++ TwoFish_b2(k1)]) ^ TwoFish_b2(k0)];
++
++ tfdata->sBox[0x200+2*i+1]=
++ TwoFish_MDS[3][(TwoFish_P[TwoFish_P_31][(TwoFish_P[TwoFish_P_32][b3]) ^
++ TwoFish_b3(k1)]) ^ TwoFish_b3(k0)];
++ }
++ }
++}
++
++
++/**
++ * Encrypt or decrypt exactly one block of plaintext in CBC mode.
++ * Use "ciphertext stealing" technique described on pg. 196
++ * of "Applied Cryptography" to encrypt the final partial
++ * (i.e. <16 byte) block if necessary.
++ *
++ * jojo: the "ciphertext stealing" requires we read ahead and have
++ * special handling for the last two blocks. Because of this, the
++ * output from the TwoFish algorithm is handled internally here.
++ * It would be better to have a higher level handle this as well as
++ * CBC mode. Unfortunately, I've mixed the two together, which is
++ * pretty crappy... The Java version separates these out correctly.
++ *
++ * fknobbe: I have reduced the CBC mode to work on memory buffer only.
++ * Higher routines should use an intermediate buffer and handle
++ * their output seperately (mainly so the data can be flushed
++ * in one chunk, not seperate 16 byte blocks...)
++ *
++ * @param in The plaintext.
++ * @param out The ciphertext
++ * @param size how much to encrypt
++ * @param tfdata: Pointer to the global data structure containing session keys.
++ * @return none
++ */
++void _TwoFish_BlockCrypt(u_int8_t *in,u_int8_t *out,unsigned long size,int decrypt,TWOFISH *tfdata)
++{ u_int8_t PnMinusOne[TwoFish_BLOCK_SIZE];
++ u_int8_t CnMinusOne[TwoFish_BLOCK_SIZE];
++ u_int8_t CBCplusCprime[TwoFish_BLOCK_SIZE];
++ u_int8_t Pn[TwoFish_BLOCK_SIZE];
++ u_int8_t *p,*pout;
++ unsigned long i;
++
++ /* here is where we implement CBC mode and cipher block stealing */
++ if(size==TwoFish_BLOCK_SIZE)
++ { /* if we are encrypting, CBC means we XOR the plain text block with the */
++ /* previous cipher text block before encrypting */
++ if(!decrypt && tfdata->qBlockDefined)
++ { for(p=in,i=0;i<TwoFish_BLOCK_SIZE;i++,p++)
++ Pn[i]=*p ^ tfdata->qBlockCrypt[i]; /* FK: I'm copying the xor'ed input into Pn... */
++ }
++ else
++ memcpy(Pn,in,TwoFish_BLOCK_SIZE); /* FK: same here. we work of Pn all the time. */
++
++ /* TwoFish block level encryption or decryption */
++ _TwoFish_BlockCrypt16(Pn,out,decrypt,tfdata);
++
++ /* if we are decrypting, CBC means we XOR the result of the decryption */
++ /* with the previous cipher text block to get the resulting plain text */
++ if(decrypt && tfdata->qBlockDefined)
++ { for (p=out,i=0;i<TwoFish_BLOCK_SIZE;i++,p++)
++ *p^=tfdata->qBlockPlain[i];
++ }
++
++ /* save the input and output blocks, since CBC needs these for XOR */
++ /* operations */
++ _TwoFish_qBlockPush(Pn,out,tfdata);
++ }
++ else
++ { /* cipher block stealing, we are at Pn, */
++ /* but since Cn-1 must now be replaced with CnC' */
++ /* we pop it off, and recalculate Cn-1 */
++
++ if(decrypt)
++ { /* We are on an odd block, and had to do cipher block stealing, */
++ /* so the PnMinusOne has to be derived differently. */
++
++ /* First we decrypt it into CBC and C' */
++ _TwoFish_qBlockPop(CnMinusOne,PnMinusOne,tfdata);
++ _TwoFish_BlockCrypt16(CnMinusOne,CBCplusCprime,decrypt,tfdata);
++
++ /* we then xor the first few bytes with the "in" bytes (Cn) */
++ /* to recover Pn, which we put in out */
++ for(p=in,pout=out,i=0;i<size;i++,p++,pout++)
++ *pout=*p ^ CBCplusCprime[i];
++
++ /* We now recover the original CnMinusOne, which consists of */
++ /* the first "size" bytes of "in" data, followed by the */
++ /* "Cprime" portion of CBCplusCprime */
++ for(p=in,i=0;i<size;i++,p++)
++ CnMinusOne[i]=*p;
++ for(;i<TwoFish_BLOCK_SIZE;i++)
++ CnMinusOne[i]=CBCplusCprime[i];
++
++ /* we now decrypt CnMinusOne to get PnMinusOne xored with Cn-2 */
++ _TwoFish_BlockCrypt16(CnMinusOne,PnMinusOne,decrypt,tfdata);
++
++ for(i=0;i<TwoFish_BLOCK_SIZE;i++)
++ PnMinusOne[i]=PnMinusOne[i] ^ tfdata->prevCipher[i];
++
++ /* So at this point, out has PnMinusOne */
++ _TwoFish_qBlockPush(CnMinusOne,PnMinusOne,tfdata);
++ _TwoFish_FlushOutput(tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE,tfdata);
++ _TwoFish_FlushOutput(out,size,tfdata);
++ }
++ else
++ { _TwoFish_qBlockPop(PnMinusOne,CnMinusOne,tfdata);
++ memset(Pn,0,TwoFish_BLOCK_SIZE);
++ memcpy(Pn,in,size);
++ for(i=0;i<TwoFish_BLOCK_SIZE;i++)
++ Pn[i]^=CnMinusOne[i];
++ _TwoFish_BlockCrypt16(Pn,out,decrypt,tfdata);
++ _TwoFish_qBlockPush(Pn,out,tfdata); /* now we officially have Cn-1 */
++ _TwoFish_FlushOutput(tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE,tfdata);
++ _TwoFish_FlushOutput(CnMinusOne,size,tfdata); /* old Cn-1 becomes new partial Cn */
++ }
++ tfdata->qBlockDefined=FALSE;
++ }
++}
++
++void _TwoFish_qBlockPush(u_int8_t *p,u_int8_t *c,TWOFISH *tfdata)
++{ if(tfdata->qBlockDefined)
++ _TwoFish_FlushOutput(tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE,tfdata);
++ memcpy(tfdata->prevCipher,tfdata->qBlockPlain,TwoFish_BLOCK_SIZE);
++ memcpy(tfdata->qBlockPlain,p,TwoFish_BLOCK_SIZE);
++ memcpy(tfdata->qBlockCrypt,c,TwoFish_BLOCK_SIZE);
++ tfdata->qBlockDefined=TRUE;
++}
++
++void _TwoFish_qBlockPop(u_int8_t *p,u_int8_t *c,TWOFISH *tfdata)
++{ memcpy(p,tfdata->qBlockPlain,TwoFish_BLOCK_SIZE );
++ memcpy(c,tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE );
++ tfdata->qBlockDefined=FALSE;
++}
++
++/* Reset's the CBC flag and zero's PrevCipher (through qBlockPlain) (important) */
++void _TwoFish_ResetCBC(TWOFISH *tfdata)
++{ tfdata->qBlockDefined=FALSE;
++ memset(tfdata->qBlockPlain,0,TwoFish_BLOCK_SIZE);
++}
++
++void _TwoFish_FlushOutput(u_int8_t *b,unsigned long len,TWOFISH *tfdata)
++{ unsigned long i;
++
++ for(i=0;i<len && !tfdata->dontflush;i++)
++ *tfdata->output++ = *b++;
++ tfdata->dontflush=FALSE;
++}
++
++void _TwoFish_BlockCrypt16(u_int8_t *in,u_int8_t *out,bool decrypt,TWOFISH *tfdata)
++{ u_int32_t x0,x1,x2,x3;
++ u_int32_t k,t0,t1,R;
++
++
++ x0=*in++;
++ x0|=(*in++ << 8 );
++ x0|=(*in++ << 16);
++ x0|=(*in++ << 24);
++ x1=*in++;
++ x1|=(*in++ << 8 );
++ x1|=(*in++ << 16);
++ x1|=(*in++ << 24);
++ x2=*in++;
++ x2|=(*in++ << 8 );
++ x2|=(*in++ << 16);
++ x2|=(*in++ << 24);
++ x3=*in++;
++ x3|=(*in++ << 8 );
++ x3|=(*in++ << 16);
++ x3|=(*in++ << 24);
++
++ if(decrypt)
++ { x0 ^= tfdata->subKeys[4]; /* swap input and output whitening keys when decrypting */
++ x1 ^= tfdata->subKeys[5];
++ x2 ^= tfdata->subKeys[6];
++ x3 ^= tfdata->subKeys[7];
++
++ k = 7+(TwoFish_ROUNDS*2);
++ for (R = 0; R < TwoFish_ROUNDS; R += 2)
++ { t0 = _TwoFish_Fe320( tfdata->sBox, x0);
++ t1 = _TwoFish_Fe323( tfdata->sBox, x1);
++ x3 ^= t0 + (t1<<1) + tfdata->subKeys[k--];
++ x3 = x3 >> 1 | x3 << 31;
++ x2 = x2 << 1 | x2 >> 31;
++ x2 ^= t0 + t1 + tfdata->subKeys[k--];
++
++ t0 = _TwoFish_Fe320( tfdata->sBox, x2);
++ t1 = _TwoFish_Fe323( tfdata->sBox, x3);
++ x1 ^= t0 + (t1<<1) + tfdata->subKeys[k--];
++ x1 = x1 >> 1 | x1 << 31;
++ x0 = x0 << 1 | x0 >> 31;
++ x0 ^= t0 + t1 + tfdata->subKeys[k--];
++ }
++
++ x2 ^= tfdata->subKeys[0];
++ x3 ^= tfdata->subKeys[1];
++ x0 ^= tfdata->subKeys[2];
++ x1 ^= tfdata->subKeys[3];
++ }
++ else
++ { x0 ^= tfdata->subKeys[0];
++ x1 ^= tfdata->subKeys[1];
++ x2 ^= tfdata->subKeys[2];
++ x3 ^= tfdata->subKeys[3];
++
++ k = 8;
++ for (R = 0; R < TwoFish_ROUNDS; R += 2)
++ { t0 = _TwoFish_Fe320( tfdata->sBox, x0);
++ t1 = _TwoFish_Fe323( tfdata->sBox, x1);
++ x2 ^= t0 + t1 + tfdata->subKeys[k++];
++ x2 = x2 >> 1 | x2 << 31;
++ x3 = x3 << 1 | x3 >> 31;
++ x3 ^= t0 + (t1<<1) + tfdata->subKeys[k++];
++
++ t0 = _TwoFish_Fe320( tfdata->sBox, x2);
++ t1 = _TwoFish_Fe323( tfdata->sBox, x3);
++ x0 ^= t0 + t1 + tfdata->subKeys[k++];
++ x0 = x0 >> 1 | x0 << 31;
++ x1 = x1 << 1 | x1 >> 31;
++ x1 ^= t0 + (t1<<1) + tfdata->subKeys[k++];
++ }
++
++ x2 ^= tfdata->subKeys[4];
++ x3 ^= tfdata->subKeys[5];
++ x0 ^= tfdata->subKeys[6];
++ x1 ^= tfdata->subKeys[7];
++ }
++
++ *out++ = (u_int8_t)(x2 );
++ *out++ = (u_int8_t)(x2 >> 8);
++ *out++ = (u_int8_t)(x2 >> 16);
++ *out++ = (u_int8_t)(x2 >> 24);
++
++ *out++ = (u_int8_t)(x3 );
++ *out++ = (u_int8_t)(x3 >> 8);
++ *out++ = (u_int8_t)(x3 >> 16);
++ *out++ = (u_int8_t)(x3 >> 24);
++
++ *out++ = (u_int8_t)(x0 );
++ *out++ = (u_int8_t)(x0 >> 8);
++ *out++ = (u_int8_t)(x0 >> 16);
++ *out++ = (u_int8_t)(x0 >> 24);
++
++ *out++ = (u_int8_t)(x1 );
++ *out++ = (u_int8_t)(x1 >> 8);
++ *out++ = (u_int8_t)(x1 >> 16);
++ *out++ = (u_int8_t)(x1 >> 24);
++}
++
++/**
++ * Use (12, 8) Reed-Solomon code over GF(256) to produce a key S-box
++ * 32-bit entity from two key material 32-bit entities.
++ *
++ * @param k0 1st 32-bit entity.
++ * @param k1 2nd 32-bit entity.
++ * @return Remainder polynomial generated using RS code
++ */
++u_int32_t _TwoFish_RS_MDS_Encode(u_int32_t k0,u_int32_t k1)
++{ u_int32_t i,r;
++
++ for(r=k1,i=0;i<4;i++) /* shift 1 byte at a time */
++ TwoFish_RS_rem(r);
++ r ^= k0;
++ for(i=0;i<4;i++)
++ TwoFish_RS_rem(r);
++
++ return r;
++}
++
++u_int32_t _TwoFish_F32(u_int32_t k64Cnt,u_int32_t x,u_int32_t *k32)
++{ u_int8_t b0,b1,b2,b3;
++ u_int32_t k0,k1,k2,k3,result = 0;
++
++ b0=TwoFish_b0(x);
++ b1=TwoFish_b1(x);
++ b2=TwoFish_b2(x);
++ b3=TwoFish_b3(x);
++ k0=k32[0];
++ k1=k32[1];
++ k2=k32[2];
++ k3=k32[3];
++
++ switch (k64Cnt & 3)
++ { case 1: /* 64-bit keys */
++ result =
++ TwoFish_MDS[0][(TwoFish_P[TwoFish_P_01][b0] & 0xFF) ^ TwoFish_b0(k0)] ^
++ TwoFish_MDS[1][(TwoFish_P[TwoFish_P_11][b1] & 0xFF) ^ TwoFish_b1(k0)] ^
++ TwoFish_MDS[2][(TwoFish_P[TwoFish_P_21][b2] & 0xFF) ^ TwoFish_b2(k0)] ^
++ TwoFish_MDS[3][(TwoFish_P[TwoFish_P_31][b3] & 0xFF) ^ TwoFish_b3(k0)];
++ break;
++ case 0: /* 256-bit keys (same as 4) */
++ b0 = (TwoFish_P[TwoFish_P_04][b0] & 0xFF) ^ TwoFish_b0(k3);
++ b1 = (TwoFish_P[TwoFish_P_14][b1] & 0xFF) ^ TwoFish_b1(k3);
++ b2 = (TwoFish_P[TwoFish_P_24][b2] & 0xFF) ^ TwoFish_b2(k3);
++ b3 = (TwoFish_P[TwoFish_P_34][b3] & 0xFF) ^ TwoFish_b3(k3);
++
++ case 3: /* 192-bit keys */
++ b0 = (TwoFish_P[TwoFish_P_03][b0] & 0xFF) ^ TwoFish_b0(k2);
++ b1 = (TwoFish_P[TwoFish_P_13][b1] & 0xFF) ^ TwoFish_b1(k2);
++ b2 = (TwoFish_P[TwoFish_P_23][b2] & 0xFF) ^ TwoFish_b2(k2);
++ b3 = (TwoFish_P[TwoFish_P_33][b3] & 0xFF) ^ TwoFish_b3(k2);
++ case 2: /* 128-bit keys (optimize for this case) */
++ result =
++ TwoFish_MDS[0][(TwoFish_P[TwoFish_P_01][(TwoFish_P[TwoFish_P_02][b0] & 0xFF) ^ TwoFish_b0(k1)] & 0xFF) ^ TwoFish_b0(k0)] ^
++ TwoFish_MDS[1][(TwoFish_P[TwoFish_P_11][(TwoFish_P[TwoFish_P_12][b1] & 0xFF) ^ TwoFish_b1(k1)] & 0xFF) ^ TwoFish_b1(k0)] ^
++ TwoFish_MDS[2][(TwoFish_P[TwoFish_P_21][(TwoFish_P[TwoFish_P_22][b2] & 0xFF) ^ TwoFish_b2(k1)] & 0xFF) ^ TwoFish_b2(k0)] ^
++ TwoFish_MDS[3][(TwoFish_P[TwoFish_P_31][(TwoFish_P[TwoFish_P_32][b3] & 0xFF) ^ TwoFish_b3(k1)] & 0xFF) ^ TwoFish_b3(k0)];
++ break;
++ }
++ return result;
++}
++
++u_int32_t _TwoFish_Fe320(u_int32_t *lsBox,u_int32_t x)
++{ return lsBox[ TwoFish_b0(x)<<1 ]^
++ lsBox[ ((TwoFish_b1(x)<<1)|1)]^
++ lsBox[0x200+ (TwoFish_b2(x)<<1) ]^
++ lsBox[0x200+((TwoFish_b3(x)<<1)|1)];
++}
++
++u_int32_t _TwoFish_Fe323(u_int32_t *lsBox,u_int32_t x)
++{ return lsBox[ (TwoFish_b3(x)<<1) ]^
++ lsBox[ ((TwoFish_b0(x)<<1)|1)]^
++ lsBox[0x200+ (TwoFish_b1(x)<<1) ]^
++ lsBox[0x200+((TwoFish_b2(x)<<1)|1)];
++}
++
++u_int32_t _TwoFish_Fe32(u_int32_t *lsBox,u_int32_t x,u_int32_t R)
++{ return lsBox[ 2*TwoFish__b(x,R ) ]^
++ lsBox[ 2*TwoFish__b(x,R+1)+1]^
++ lsBox[0x200+2*TwoFish__b(x,R+2) ]^
++ lsBox[0x200+2*TwoFish__b(x,R+3)+1];
++}
++
++
++#endif
+
+Index: snort-2.8.6.1/src/twofish.h
+===================================================================
+--- snort-2.8.6.1/src/twofish.h (Revision 0)
++++ snort-2.8.6.1/src/twofish.h (Revision 3)
+@@ -0,0 +1,276 @@
++/* $Id: twofish.h,v 2.1 2008/12/15 20:36:05 fknobbe Exp $
++ *
++ *
++ * Copyright (C) 1997-2000 The Cryptix Foundation Limited.
++ * Copyright (C) 2000 Farm9.
++ * Copyright (C) 2001 Frank Knobbe.
++ * All rights reserved.
++ *
++ * For Cryptix code:
++ * Use, modification, copying and distribution of this software is subject
++ * the terms and conditions of the Cryptix General Licence. You should have
++ * received a copy of the Cryptix General Licence along with this library;
++ * if not, you can download a copy from http://www.cryptix.org/ .
++ *
++ * For Farm9:
++ * --- jojo@farm9.com, August 2000, converted from Java to C++, added CBC mode and
++ * ciphertext stealing technique, added AsciiTwofish class for easy encryption
++ * decryption of text strings
++ *
++ * Frank Knobbe <frank@knobbe.us>:
++ * --- April 2001, converted from C++ to C, prefixed global variables
++ * with TwoFish, substituted some defines, changed functions to make use of
++ * variables supplied in a struct, modified and added routines for modular calls.
++ * Cleaned up the code so that defines are used instead of fixed 16's and 32's.
++ * Created two general purpose crypt routines for one block and multiple block
++ * encryption using Joh's CBC code.
++ * Added crypt routines that use a header (with a magic and data length).
++ * (Basically a major rewrite).
++ *
++ * Note: Routines labeled _TwoFish are private and should not be used
++ * (or with extreme caution).
++ *
++ */
++
++#ifndef __TWOFISH_LIBRARY_HEADER__
++#define __TWOFISH_LIBRARY_HEADER__
++
++#ifndef FALSE
++#define FALSE 0
++#endif
++#ifndef TRUE
++#define TRUE !FALSE
++#endif
++#ifndef bool
++#define bool int
++#endif
++
++
++/* Constants */
++
++#define TwoFish_DEFAULT_PW "SnortHas2FishEncryptionRoutines!" /* default password (not more than 32 chars) */
++#define TwoFish_MAGIC "TwoFish" /* to indentify a successful decryption */
++
++enum
++{ TwoFish_KEY_SIZE = 256, /* Valid values: 64, 128, 192, 256 */
++ /* User 256, other key sizes have not been tested. */
++ /* (But should work. I substituted as much as */
++ /* I could with this define.) */
++ TwoFish_ROUNDS = 16,
++ TwoFish_BLOCK_SIZE = 16, /* bytes in a data-block */
++ TwoFish_KEY_LENGTH = TwoFish_KEY_SIZE/8, /* 32= 256-bit key */
++ TwoFish_TOTAL_SUBKEYS = 4+4+2*TwoFish_ROUNDS,
++ TwoFish_MAGIC_LEN = TwoFish_BLOCK_SIZE-8,
++ TwoFish_SK_BUMP = 0x01010101,
++ TwoFish_SK_ROTL = 9,
++ TwoFish_P_00 = 1,
++ TwoFish_P_01 = 0,
++ TwoFish_P_02 = 0,
++ TwoFish_P_03 = TwoFish_P_01 ^ 1,
++ TwoFish_P_04 = 1,
++ TwoFish_P_10 = 0,
++ TwoFish_P_11 = 0,
++ TwoFish_P_12 = 1,
++ TwoFish_P_13 = TwoFish_P_11 ^ 1,
++ TwoFish_P_14 = 0,
++ TwoFish_P_20 = 1,
++ TwoFish_P_21 = 1,
++ TwoFish_P_22 = 0,
++ TwoFish_P_23 = TwoFish_P_21 ^ 1,
++ TwoFish_P_24 = 0,
++ TwoFish_P_30 = 0,
++ TwoFish_P_31 = 1,
++ TwoFish_P_32 = 1,
++ TwoFish_P_33 = TwoFish_P_31 ^ 1,
++ TwoFish_P_34 = 1,
++ TwoFish_GF256_FDBK = 0x169,
++ TwoFish_GF256_FDBK_2 = 0x169 / 2,
++ TwoFish_GF256_FDBK_4 = 0x169 / 4,
++ TwoFish_RS_GF_FDBK = 0x14D, /* field generator */
++ TwoFish_MDS_GF_FDBK = 0x169 /* primitive polynomial for GF(256) */
++};
++
++
++/* Global data structure for callers */
++
++typedef struct
++{ u_int32_t sBox[4 * 256]; /* Key dependent S-box */
++ u_int32_t subKeys[TwoFish_TOTAL_SUBKEYS]; /* Subkeys */
++ u_int8_t key[TwoFish_KEY_LENGTH]; /* Encryption Key */
++ u_int8_t *output; /* Pointer to output buffer */
++ u_int8_t qBlockPlain[TwoFish_BLOCK_SIZE]; /* Used by CBC */
++ u_int8_t qBlockCrypt[TwoFish_BLOCK_SIZE];
++ u_int8_t prevCipher[TwoFish_BLOCK_SIZE];
++ struct /* Header for crypt functions. Has to be at least one block long. */
++ { u_int32_t salt; /* Random salt in first block (will salt the rest through CBC) */
++ u_int8_t length[4]; /* The amount of data following the header */
++ u_int8_t magic[TwoFish_MAGIC_LEN]; /* Magic to identify successful decryption */
++ } header;
++ bool qBlockDefined;
++ bool dontflush;
++} TWOFISH;
++
++#ifndef __TWOFISH_LIBRARY_SOURCE__
++
++extern bool TwoFish_srand; /* if set to TRUE (default), first call of TwoFishInit will seed rand(); */
++ /* call of TwoFishInit */
++#endif
++
++
++/**** Public Functions ****/
++
++/* TwoFish Initialization
++ *
++ * This routine generates a global data structure for use with TwoFish,
++ * initializes important values (such as subkeys, sBoxes), generates subkeys
++ * and precomputes the MDS matrix if not already done.
++ *
++ * Input: User supplied password (will be appended by default password of 'SnortHas2FishEncryptionRoutines!')
++ *
++ * Output: Pointer to TWOFISH structure. This data structure contains key dependent data.
++ * This pointer is used with all other crypt functions.
++ */
++TWOFISH *TwoFishInit(char *userkey);
++
++
++/* TwoFish Destroy
++ *
++ * Nothing else but a free...
++ *
++ * Input: Pointer to the TwoFish structure.
++ *
++ */
++void TwoFishDestroy(TWOFISH *tfdata);
++
++
++/* TwoFish Alloc
++ *
++ * Allocates enough memory for the output buffer as required.
++ *
++ * Input: Length of the plaintext.
++ * Boolean flag for BinHex Output.
++ * Pointer to the TwoFish structure.
++ *
++ * Output: Returns a pointer to the memory allocated.
++ */
++void *TwoFishAlloc(unsigned long len,bool binhex,bool decrypt,TWOFISH *tfdata);
++
++
++/* TwoFish Free
++ *
++ * Free's the allocated buffer.
++ *
++ * Input: Pointer to the TwoFish structure
++ *
++ * Output: (none)
++ */
++void TwoFishFree(TWOFISH *tfdata);
++
++
++/* TwoFish Set Output
++ *
++ * If you want to allocate the output buffer yourself,
++ * then you can set it with this function.
++ *
++ * Input: Pointer to your output buffer
++ * Pointer to the TwoFish structure
++ *
++ * Output: (none)
++ */
++void TwoFishSetOutput(char *outp,TWOFISH *tfdata);
++
++
++/* TwoFish Raw Encryption
++ *
++ * Does not use header, but does use CBC (if more than one block has to be encrypted).
++ *
++ * Input: Pointer to the buffer of the plaintext to be encrypted.
++ * Pointer to the buffer receiving the ciphertext.
++ * The length of the plaintext buffer.
++ * The TwoFish structure.
++ *
++ * Output: The amount of bytes encrypted if successful, otherwise 0.
++ */
++unsigned long TwoFishEncryptRaw(char *in,char *out,unsigned long len,TWOFISH *tfdata);
++
++/* TwoFish Raw Decryption
++ *
++ * Does not use header, but does use CBC (if more than one block has to be decrypted).
++ *
++ * Input: Pointer to the buffer of the ciphertext to be decrypted.
++ * Pointer to the buffer receiving the plaintext.
++ * The length of the ciphertext buffer (at least one cipher block).
++ * The TwoFish structure.
++ *
++ * Output: The amount of bytes decrypted if successful, otherwise 0.
++ */
++unsigned long TwoFishDecryptRaw(char *in,char *out,unsigned long len,TWOFISH *tfdata);
++
++
++/* TwoFish Encryption
++ *
++ * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc,
++ * this routine will alloc the memory. In addition, it will include a small 'header'
++ * containing the magic and some salt. That way the decrypt routine can check if the
++ * packet got decrypted successfully, and return 0 instead of garbage.
++ *
++ * Input: Pointer to the buffer of the plaintext to be encrypted.
++ * Pointer to the pointer to the buffer receiving the ciphertext.
++ * The pointer either points to user allocated output buffer space, or to NULL, in which case
++ * this routine will set the pointer to the buffer allocated through the struct.
++ * The length of the plaintext buffer.
++ * Can be -1 if the input is a null terminated string, in which case we'll count for you.
++ * Boolean flag for BinHex Output (if used, output will be twice as large as input).
++ * Note: BinHex conversion overwrites (converts) input buffer!
++ * The TwoFish structure.
++ *
++ * Output: The amount of bytes encrypted if successful, otherwise 0.
++ */
++unsigned long TwoFishEncrypt(char *in,char **out,signed long len,bool binhex,TWOFISH *tfdata);
++
++
++/* TwoFish Decryption
++ *
++ * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc,
++ * this routine will alloc the memory. In addition, it will check the small 'header'
++ * containing the magic. If magic does not match we return 0. Otherwise we return the
++ * amount of bytes decrypted (should be the same as the length in the header).
++ *
++ * Input: Pointer to the buffer of the ciphertext to be decrypted.
++ * Pointer to the pointer to the buffer receiving the plaintext.
++ * The pointer either points to user allocated output buffer space, or to NULL, in which case
++ * this routine will set the pointer to the buffer allocated through the struct.
++ * The length of the ciphertext buffer.
++ * Can be -1 if the input is a null terminated binhex string, in which case we'll count for you.
++ * Boolean flag for BinHex Input (if used, plaintext will be half as large as input).
++ * Note: BinHex conversion overwrites (converts) input buffer!
++ * The TwoFish structure.
++ *
++ * Output: The amount of bytes decrypted if successful, otherwise 0.
++ */
++unsigned long TwoFishDecrypt(char *in,char **out,signed long len,bool binhex,TWOFISH *tfdata);
++
++
++/**** Private Functions ****/
++
++u_int8_t TwoFish__b(u_int32_t x,int n);
++void _TwoFish_BinHex(u_int8_t *buf,unsigned long len,bool bintohex);
++unsigned long _TwoFish_CryptRawCBC(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata);
++unsigned long _TwoFish_CryptRaw16(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata);
++unsigned long _TwoFish_CryptRaw(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata);
++void _TwoFish_PrecomputeMDSmatrix(void);
++void _TwoFish_MakeSubKeys(TWOFISH *tfdata);
++void _TwoFish_qBlockPush(u_int8_t *p,u_int8_t *c,TWOFISH *tfdata);
++void _TwoFish_qBlockPop(u_int8_t *p,u_int8_t *c,TWOFISH *tfdata);
++void _TwoFish_ResetCBC(TWOFISH *tfdata);
++void _TwoFish_FlushOutput(u_int8_t *b,unsigned long len,TWOFISH *tfdata);
++void _TwoFish_BlockCrypt(u_int8_t *in,u_int8_t *out,unsigned long size,int decrypt,TWOFISH *tfdata);
++void _TwoFish_BlockCrypt16(u_int8_t *in,u_int8_t *out,bool decrypt,TWOFISH *tfdata);
++u_int32_t _TwoFish_RS_MDS_Encode(u_int32_t k0,u_int32_t k1);
++u_int32_t _TwoFish_F32(u_int32_t k64Cnt,u_int32_t x,u_int32_t *k32);
++u_int32_t _TwoFish_Fe320(u_int32_t *lsBox,u_int32_t x);
++u_int32_t _TwoFish_Fe323(u_int32_t *lsBox,u_int32_t x);
++u_int32_t _TwoFish_Fe32(u_int32_t *lsBox,u_int32_t x,u_int32_t R);
++
++
++#endif
+
+Index: snort-2.8.6.1/src/plugin_enum.h
+===================================================================
+--- snort-2.8.6.1/src/plugin_enum.h (Revision 1)
++++ snort-2.8.6.1/src/plugin_enum.h (Revision 3)
+@@ -60,6 +60,7 @@
+ PLUGIN_URILEN_CHECK,
+ PLUGIN_DYNAMIC,
+ PLUGIN_FLOWBIT,
++ PLUGIN_FWSAM,
+ PLUGIN_MAX /* sentinel value */
+ };
+
+Index: snort-2.8.6.1/src/fatal.h
+===================================================================
+--- snort-2.8.6.1/src/fatal.h (Revision 0)
++++ snort-2.8.6.1/src/fatal.h (Revision 3)
+@@ -0,0 +1,40 @@
++/* $Id$ */
++/*
++** Copyright (C) 2002-2008 Sourcefire, Inc.
++** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
++**
++** This program is free software; you can redistribute it and/or modify
++** it under the terms of the GNU General Public License Version 2 as
++** published by the Free Software Foundation. You may not use, modify or
++** distribute this program under any other version of the GNU General
++** Public License.
++**
++** This program is distributed in the hope that it will be useful,
++** but WITHOUT ANY WARRANTY; without even the implied warranty of
++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++** GNU General Public License for more details.
++**
++** You should have received a copy of the GNU General Public License
++** along with this program; if not, write to the Free Software
++** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++*/
++
++#ifndef __FATAL_H__
++#define __FATAL_H__
++
++
++/*
++ * in debugging mode print out the filename and the line number where the
++ * failure have occured
++ */
++
++
++#ifdef DEBUG
++ #define FATAL(msg) { printf("%s:%d: ", __FILE__, __LINE__); FatalError( (char *) msg); }
++#else
++ #define FATAL(msg) FatalError( (char *) msg)
++#endif
++
++
++
++#endif /* __FATAL_H__ */
+
+Index: snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.c
+===================================================================
+--- snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.c (Revision 0)
++++ snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.c (Revision 3)
+@@ -0,0 +1,1380 @@
++/* $id: snortpatchb,v 1.2 2002/10/26 03:32:35 fknobbe Exp $
++**
++** spo_alert_fwsam.c
++**
++** Copyright (c) 2001-2004 Frank Knobbe <frank@knobbe.us>
++**
++** This program is free software; you can redistribute it and/or modify
++** it under the terms of the GNU General Public License as published by
++** the Free Software Foundation; either version 2 of the License, or
++** (at your option) any later version.
++**
++** This program is distributed in the hope that it will be useful,
++** but WITHOUT ANY WARRANTY; without even the implied warranty of
++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++** GNU General Public License for more details.
++**
++** You should have received a copy of the GNU General Public License
++** along with this program; if not, write to the Free Software
++** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++*/
++
++/*
++ * Purpose:
++ *
++ * This module sends alerts to a remote service on a host running SnortSam
++ * (the agent) which will block the intruding IP address on a variety of
++ * host and network firewalls.
++ *
++ * SnortSam also performs checks against a white-list of never-to-be-blocked IP addresses,
++ * can override block durations (for example for known proxies), and can detect attack conditions
++ * where too many blocks are received within a defined interval. If an attack is detected
++ * it will unblock the last x blocks and wait for the attack to end.
++ *
++ * See the SnortSam documentation for more information.
++ *
++ *
++ * Output Plugin Parameters:
++ ***************************
++ *
++ * output alert_fwsam: <SnortSam Station>:<port>/<key>
++ *
++ * <FW Mgmt Station>: The IP address or host name of the host running SnortSam.
++ * <port>: The port the remote SnortSam service listens on (default 898).
++ * <key>: The key used for authentication (encryption really)
++ * of the communication to the remote service.
++ *
++ * Examples:
++ *
++ * output alert_fwsam: snortsambox/idspassword
++ * output alert_fwsam: fw1.domain.tld:898/mykey
++ * output alert_fwsam: 192.168.0.1/borderfw 192.168.1.254/wanfw
++ *
++ *
++ * Rule Options:
++ ***************
++ *
++ * fwsam: who[how],time;
++ *
++ * who: src, source, dst, dest, destination
++ * IP address to be blocked according to snort rule (some rules
++ * are reversed, i.e. homenet -> any [and you want to block any]).
++ * src denotes IP to the left of -> and dst denotes IP to the right
++ *
++ * how: Optional. In, out, src, dest, either, both, this, conn, connection
++ * Tells FW-1 to block packets INcoming from host, OUTgoing to host,
++ * EITHERway, or only THIS connection (IP/Service pair).
++ * See 'fw sam' for more information. May be ignored by other plugins.
++ *
++ * time: Duration of block in seconds. (Accepts 'days', 'months', 'weeks',
++ * 'years', 'minutes', 'seconds', 'hours'. Alternatively, a value of
++ * 0, or the keyword PERManent, INFinite, or ALWAYS, will block the
++ * host permanently. Be careful with this!
++ * Tells FW-1 (and others) how long to inhibit packets from the host.
++ *
++ * Examples:
++ *
++ * fwsam: src[either],15min;
++ * or dst[in], 2 days 4 hours
++ * or src, 1 hour
++ *
++ * (default: src[either],5min)
++ *
++ *
++ * Effect:
++ *
++ * Alerts are sent to the remote SnortSam services on Firewall-1 Management Stations
++ * or other hosts running SnortSam (as required for Cisco Routers and PIX).
++ * The remote services will invoke the SAM configuration via the fw sam
++ * command line, or by sending a packet to the SAM port 18183, or by using the official
++ * OPSEC API calls, or by telnetting into Cisco routers or PIX firewalls.
++ * The communication over the network is encrypted using two-fish.
++ * (Implementation ripped from CryptCat by Farm9 with permission.)
++ *
++ * Future Plans:
++ *
++ * - Custom alert trigger per rule (x alerts in y secs) --> Seems to exist in Snort 1.9 now.
++ * - Enable/Allow tagged fwsam: arguments to provide different values to
++ * different stations. --> Seems to be accomplished with custom rule-types
++ *
++ *
++ * Comments:
++ *
++ * It seem that above wishes can be implemented with todays setup. Feedback concerning
++ * these is greatly appreciated.
++ *
++*/
++
++
++#include "spo_alert_fwsam.h"
++#include "twofish.h"
++/* external globals from rules.c */
++extern char *file_name;
++extern int file_line;
++extern OptTreeNode *otn_tmp;
++extern char *snort_conf_dir; /* extern PV pv; */
++
++
++/* my globals */
++
++FWsamList *FWsamStationList=NULL; /* Global (for all alert-types) list of snortsam stations */
++FWsamOptions *FWsamOptionField=NULL;
++unsigned long FWsamMaxOptions=0;
++
++
++/*
++ * Function: AlertFWsamSetup()
++ *
++ * Purpose: Registers the output plugin keyword and initialization
++ * function into the output plugin list. This is the function that
++ * gets called from InitOutputPlugins() in plugbase.c.
++ * It also registers itself as a plugin in order to parse every rule
++ * and to set the appropiate flags from fwsam: option.
++ *
++ * Arguments: None.
++ *
++ * Returns: void function
++ *
++*/
++void AlertFWsamSetup(void)
++{
++ /* link the preprocessor keyword to the init function in
++ the preproc list */
++ RegisterOutputPlugin("alert_fwsam", OUTPUT_TYPE_FLAG__ALERT, AlertFWsamInit);
++ RegisterRuleOption("fwsam", AlertFWsamOptionInit, NULL, OPT_TYPE_ACTION, NULL);
++
++#ifdef FWSAMDEBUG /* This allows debugging of fwsam only */
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamSetup) Output plugin is plugged in...\n");
++#endif
++}
++
++
++/* This function checks if a given snortsam station is already in
++ * a given list.
++*/
++int FWsamStationExists(FWsamStation *who,FWsamList *list)
++{
++ while(list)
++ {
++ if(list->station) {
++// if( who->stationip.s_addr==list->station->stationip.s_addr &&
++ if(IP_EQUALITY(&who->stationip, &list->station->stationip) &&
++ who->stationport==list->station->stationport)
++ return TRUE;
++ }
++ list=list->next;
++ }
++ return FALSE;
++}
++
++/*
++ * Function: AlertFWsamInit(char *args)
++ *
++ * Purpose: Calls the argument parsing function, performs final setup on data
++ * structs, links the preproc function into the function list.
++ *
++ * Arguments: args => ptr to argument string
++ *
++ * Returns: void function
++ *
++*/
++void AlertFWsamInit(char *args)
++{ char *ap;
++ unsigned long statip,cnt,again,i;
++ char *stathost,*statport,*statpass;
++ FWsamStation *station;
++ FWsamList *fwsamlist=NULL; /* alert-type dependent list of snortsam stations */
++ FWsamList *listp,*newlistp;
++ struct hostent *hoste;
++ char buf[1024]="";
++ FILE *fp;
++ FWsamOptions tempopt;
++
++#ifdef FWSAMDEBUG
++ unsigned long hostcnt=0;
++
++
++
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) Output plugin initializing...\n");
++#endif
++
++ /* pv.alert_plugin_active = 1; */
++
++ /* parse the argument list from the rules file */
++
++ if(args == NULL)
++ FatalError("ERROR %s (%d) => [Alert_FWsam](AlertFWsamInit) No arguments to alert_fwsam preprocessor!\n", file_name, file_line);
++
++ if(!FWsamOptionField && !FWsamMaxOptions)
++ { strncpy(buf,snort_conf_dir,sizeof(buf)-1);
++ strncpy(buf+strlen(buf),SID_MAPFILE,sizeof(buf)-strlen(buf)-1);
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamSetup) Using file: %s\n",buf);
++#endif
++ fp=fopen(buf,"rt");
++ if(!fp)
++ { strncpy(buf,snort_conf_dir,sizeof(buf)-1);
++ strncpy(buf+strlen(buf),SID_ALT_MAPFILE,sizeof(buf)-strlen(buf)-1);
++ fp=fopen(buf,"rt");
++ }
++ if(fp) /* Check for presence of map file and read those in, sorted. */
++ { LogMessage("INFO => [Alert_FWsam](AlertFWsamSetup) Using sid-map file: %s\n",buf);
++
++ while(FWsamReadLine(buf,sizeof(buf),fp))
++ if(*buf)
++ FWsamMaxOptions++;
++ if(FWsamMaxOptions)
++ { if((FWsamOptionField=(FWsamOptions *)malloc(sizeof(FWsamOptions)*FWsamMaxOptions))==NULL)
++ FatalError("ERROR => [Alert_FWsam](AlertFWsamSetup) malloc failed for OptionField!\n");
++ fseek(fp,0,SEEK_SET);
++ for(cnt=0;cnt<FWsamMaxOptions;)
++ { FWsamReadLine(buf,sizeof(buf),fp);
++ if(*buf)
++ FWsamParseLine(&(FWsamOptionField[cnt++]),buf);
++ }
++ if(FWsamMaxOptions>1)
++ { for(again=TRUE,cnt=FWsamMaxOptions-1;cnt>=1 && again;cnt--)
++ { for(again=FALSE,i=0;i<cnt;i++)
++ { if(FWsamOptionField[i].sid>FWsamOptionField[i+1].sid)
++ { memcpy(&tempopt,&(FWsamOptionField[i]),sizeof(FWsamOptions));
++ memcpy(&(FWsamOptionField[i]),&(FWsamOptionField[i+1]),sizeof(FWsamOptions));
++ memcpy(&(FWsamOptionField[i+1]),&tempopt,sizeof(FWsamOptions));
++ again=TRUE;
++ }
++ }
++ }
++ }
++ }
++ else
++ FWsamMaxOptions=1;
++ fclose(fp);
++ }
++ else
++ FWsamMaxOptions=1;
++ }
++
++
++ ap=args; /* start at the beginning of the argument */
++ while(*ap && isspace(*ap)) ap++;
++ while(*ap)
++ { stathost=ap; /* first argument should be host */
++ statport=NULL;
++ statpass=NULL;
++ while(*ap && *ap!=':' && *ap!='/' && !isspace(*ap)) ap++; /* find token */
++ switch(*ap)
++ { case ':': *ap++=0; /* grab the port */
++ statport=ap;
++ while(*ap && *ap!='/' && !isspace(*ap)) ap++;
++ if(*ap!='/')
++ break;
++ case '/': *ap++=0; /* grab the key */
++ statpass=ap;
++ while(*ap && !isspace(*ap)) ap++;
++ default: break;
++ }
++ if(*ap)
++ { *ap++=0;
++ while(isspace(*ap)) ap++;
++ }
++ /* now we have the first host with port and password (key) */
++ /* next we check for valid/blank password/port */
++ if(statpass!=NULL)
++ if(!*statpass)
++ statpass=NULL;
++ if(statport!=NULL)
++ if(!*statport)
++ statport=NULL;
++ statip=0;
++ /* now we check if a valid host was specified */
++ if(inet_addr(stathost)==INADDR_NONE)
++ { hoste=gethostbyname(stathost);
++ if (!hoste)
++ LogMessage("WARNING %s (%d) => [Alert_FWsam](AlertFWsamInit) Unable to resolve host '%s'!\n",file_name,file_line,stathost);
++ else
++ statip=*(unsigned long *)hoste->h_addr;
++ }
++ else
++ { statip=inet_addr(stathost);
++ if(!statip)
++ LogMessage("WARNING %s (%d) => [Alert_FWsam](AlertFWsamInit) Invalid host address '%s'!\n",file_name,file_line,stathost);
++ }
++ if(statip)
++ { /* groovie, a valid host. Let's alloc and assemble the structure for it. */
++ if((station=(FWsamStation *)malloc(sizeof(FWsamStation)))==NULL)
++ FatalError("ERROR => [Alert_FWsam](AlertFWsamInit) malloc failed for station!\n");
++
++// station->stationip.s_addr=statip; /* the IP address */
++ station->stationip.ip32[0] = statip; /* the IP address */
++ if(statport!=NULL && atoi(statport)>0) /* if the user specified one */
++ station->stationport=atoi(statport); /* use users setting */
++ else
++ station->stationport=FWSAM_DEFAULTPORT; /* set the default port */
++
++ if(statpass!=NULL) /* if specified by user */
++ strncpy(station->stationkey,statpass,TwoFish_KEY_LENGTH); /* use defined key */
++ else
++ station->stationkey[0]=0;
++ station->stationkey[TwoFish_KEY_LENGTH]=0; /* make sure it's terminated. (damn strncpy...) */
++
++ strcpy(station->initialkey,station->stationkey);
++ station->stationfish=TwoFishInit(station->stationkey);
++
++ station->localsocketaddr.sin_port=htons(0); /* let's use dynamic ports for now */
++ station->localsocketaddr.sin_addr.s_addr=0;
++ station->localsocketaddr.sin_family=AF_INET;
++ station->stationsocketaddr.sin_port=htons(station->stationport);
++ //station->stationsocketaddr.sin_addr=station->stationip;
++ station->stationsocketaddr.sin_addr.s_addr=station->stationip.ip32[0];
++ station->stationsocketaddr.sin_family=AF_INET; /* load all socket crap and keep for later */
++
++ do
++ station->myseqno=rand(); /* the seqno this host will use */
++ while(station->myseqno<20 || station->myseqno>65500);
++ station->mykeymod[0]=rand();
++ station->mykeymod[1]=rand();
++ station->mykeymod[2]=rand();
++ station->mykeymod[3]=rand();
++ station->stationseqno=0; /* peer hasn't answered yet. */
++
++
++ if(!FWsamStationExists(station,FWsamStationList)) /* If we don't have the station already in global list....*/
++ { if(FWsamCheckIn(station)) /* ...and we can talk to the agent... */
++ { if((newlistp=(FWsamList *)malloc(sizeof(FWsamList)))==NULL)
++ FatalError("ERROR => [Alert_FWsam](AlertFWsamInit) malloc failed for global newlistp!\n");
++ newlistp->station=station;
++ newlistp->next=NULL;
++
++ if(!FWsamStationList) /* ... add it to the global list/ */
++ FWsamStationList=newlistp;
++ else
++ { listp=FWsamStationList;
++ while(listp->next)
++ listp=listp->next;
++ listp->next=newlistp;
++ }
++ }
++ else
++ { TwoFishDestroy(station->stationfish); /* if not, we trash it. */
++ free(station);
++ station=NULL;
++ }
++ }
++#ifdef FWSAMDEBUG
++ else
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) Host %s:%i already in global list, skipping CheckIn.\n", sfip_ntoa(&station->stationip),station->stationport);
++#endif
++
++ if(station)
++ { if(!FWsamStationExists(station,fwsamlist)) /* If we don't have the station already in local list....*/
++ { if((newlistp=(FWsamList *)malloc(sizeof(FWsamList)))==NULL)
++ FatalError("ERROR => [Alert_FWsam](AlertFWsamInit) malloc failed for local newlistp!\n");
++ newlistp->station=station;
++ newlistp->next=NULL;
++
++ if(!fwsamlist) /* ... add it to the local list/ */
++ fwsamlist=newlistp;
++ else
++ { listp=fwsamlist;
++ while(listp->next)
++ listp=listp->next;
++ listp->next=newlistp;
++ }
++ }
++
++#ifdef FWSAMDEBUG
++ else
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) Host %s:%i already in local list, skipping.\n",sfip_ntoa(&station->stationip),station->stationport);
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) #%i: Host %s [%s] port %i password %s\n",++hostcnt,stathost,sfip_ntoa(&station->stationip),station->stationport,station->stationkey);
++#endif
++ }
++
++ }
++ } /* next one */
++
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) Linking fwsam alert function to call list...\n");
++#endif
++
++ /* Set the preprocessor function into the function list */
++ AddFuncToOutputList(AlertFWsam, OUTPUT_TYPE_FLAG__ALERT, fwsamlist);
++ AddFuncToCleanExitList(AlertFWsamCleanExitFunc, fwsamlist);
++ AddFuncToRestartList(AlertFWsamRestartFunc, fwsamlist);
++}
++
++
++/* This routine reads in a str from a file, snips white-spaces
++ * off the front and back, removes comments, and pretties the
++ * string. Returns true or false if a line was read or not.
++*/
++int FWsamReadLine(char *buf,unsigned long bufsize,FILE *fp)
++{ char *p;
++
++ if(fgets(buf,bufsize-1,fp))
++ { buf[bufsize-1]=0;
++
++#ifdef FWSAMDEBUG_off
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamReadLine) Line: %s\n",buf);
++#endif
++
++ p=buf;
++ while(isspace(*p))
++ p++;
++ if(p>buf);
++ strcpy(buf,p);
++ if(*buf)
++ { p=buf+strlen(buf)-1; /* remove leading and trailing spaces */
++ while(isspace(*p))
++ *p-- =0;
++ }
++ p=buf;
++ if(*p=='#' || *p==';')
++ *p=0;
++ else
++ p++;
++ while(*p) /* remove inline comments (except escaped #'s and ;'s) */
++ { if(*p=='#' || *p==';')
++ { if(*(p-1)=='\\')
++ strcpy(p-1,p);
++ else
++ *p=0;
++ }
++ else
++ p++;
++ }
++ return TRUE;
++ }
++ return FALSE;
++}
++
++
++/* Parses the duration of the argument, recognizing minutes, hours, etc..
++*/
++unsigned long FWsamParseDuration(char *p)
++{ unsigned long dur=0,tdu;
++ char *tok,c1,c2;
++
++ while(*p)
++ { tok=p;
++ while(*p && isdigit(*p))
++ p++;
++ if(*p)
++ { c1=tolower(*p);
++ *p=0;
++ p++;
++ if(*p && !isdigit(*p))
++ { c2=tolower(*p++);
++ while(*p && !isdigit(*p))
++ p++;
++ }
++ else
++ c2=0;
++ tdu=atol(tok);
++ switch(c1)
++ { case 'm': if(c2=='o') /* month */
++ tdu*=(60*60*24*30); /* use 30 days */
++ else
++ tdu*=60; /* minutes */
++ case 's': break; /* seconds */
++ case 'h': tdu*=(60*60); /* hours */
++ break;
++ case 'd': tdu*=(60*60*24); /* days */
++ break;
++ case 'w': tdu*=(60*60*24*7); /* week */
++ break;
++ case 'y': tdu*=(60*60*24*365); /* year */
++ break;
++ }
++ dur+=tdu;
++ }
++ else
++ dur+=atol(tok);
++ }
++
++ return dur;
++}
++
++
++/* This routine parses an option line. It is called by FWsamParseLine,
++ * which parses the sid-block.map file, and also by AlertFWsamOptionInit,
++ * which is called by Snort when processing fwsam: options in rules.
++ * It returns TRUE it there is a possible option problem, otherwise FALSE.
++*/
++int FWsamParseOption(FWsamOptions *optp,char *ap)
++{ int possprob=FALSE;
++
++ /* set defaults */
++
++ optp->duration=300; /* default of 5 minute block */
++ optp->how=FWSAM_HOW_INOUT; /* inbound and outbound block */
++ optp->who=FWSAM_WHO_SRC; /* the source */
++ optp->loglevel=FWSAM_LOG_LONGALERT; /* the log level default */
++ /* parse the fwsam keywords */
++
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWamOptionInit) Parse Options Args: %s\n",ap);
++#endif
++
++ if(*ap) /* should be dst/src (the WHO) or duration */
++ { if(isdigit(*ap))
++ optp->duration=FWsamParseDuration(ap);
++ else
++ { switch(*ap) /* yeah, we're lazy and check only the first character */
++ { case 'p': ; /* permanent, perm */
++ case 'f': ; /* forever */
++ case 'i': optp->duration=0; /* infinite, inf */
++ break;
++ case 'd': optp->who=FWSAM_WHO_DST; /* destination, dest, dst */
++ break;
++ case 's': optp->who=FWSAM_WHO_SRC; /* source, src */
++ break;
++ default: possprob=TRUE;
++ }
++ while(*ap && *ap!=',' && *ap!='[')
++ ap++;
++ if(*ap=='[')
++ { ap++; /* now we have the HOW */
++ switch(*ap)
++ { case 'i': ; /* in */
++ case 's': optp->how=FWSAM_HOW_IN; /* source, src */
++ break;
++ case 'o': ; /* out */
++ case 'd': optp->how=FWSAM_HOW_OUT; /* destination, dest, dst */
++ break;
++ case 'b': ; /* both */
++ case 'e': optp->how=FWSAM_HOW_INOUT; /* either */
++ break;
++ case 't': ; /* this */
++ case 'c': optp->how=FWSAM_HOW_THIS; /* connection, conn */
++ break;
++ default: possprob=TRUE;
++ }
++ while(*ap && *ap!=',')
++ ap++;
++ }
++ if(*ap==',')
++ { ap++;
++ if(isdigit(*ap)) /* and figure out how long to block */
++ optp->duration=FWsamParseDuration(ap);
++ else if(*ap=='p' || *ap=='f' || *ap=='i')
++ optp->duration=0;
++ else
++ possprob=TRUE;
++ }
++ else if(!*ap)
++ possprob=TRUE;
++ }
++ }
++ else
++ possprob=TRUE;
++
++ return possprob;
++}
++
++
++/* This goes through the lines of sid-block.map and sets the
++ * options for fwsam if the file is being used.
++*/
++void FWsamParseLine(FWsamOptions *optp,char *buf)
++{ char *ap;
++
++ ap=buf; /* start at the beginning of the argument */
++
++ while(*ap)
++ { if(isspace(*ap)) /* normalize spaces (tabs into space, etc) */
++ *ap=' ';
++ if(isupper(*ap)) /* and set to lower case */
++ *ap=tolower(*ap);
++ ap++;
++ }
++ while((ap=strrchr(buf,' '))!=NULL) /* remove spaces */
++ strcpy(ap,ap+1);
++
++ ap=buf;
++ if(*ap)
++ { while(*ap && *ap!=':' && *ap!='|')
++ ap++;
++ *ap++ =0;
++ while(*ap && (*ap==':' || *ap=='|'))
++ ap++;
++
++ optp->sid=(unsigned long)atol(buf);
++
++ if(FWsamParseOption(optp,ap))
++ LogMessage("WARNING %s (%d) => [Alert_FWsam](AlertFWamOptionInit) Possible option problem. Using %s[%s],%lu.\n",file_name,file_line,(optp->who==FWSAM_WHO_SRC)?"src":"dst",(optp->how==FWSAM_HOW_IN)?"in":((optp->how==FWSAM_HOW_OUT)?"out":"either"),optp->duration);
++ }
++ else
++ optp->sid=0;
++}
++
++
++
++/*
++ * Function: AlertFWsamOptionInit(char *data, OptTreeNode *otn, int protocol)
++ *
++ * Purpose: Parses each rule and sets the option flags in the tree.
++ *
++ * Arguments: args => ptr to argument string
++ *
++ * Returns: void function
++ *
++*/
++void AlertFWsamOptionInit(char *args,OptTreeNode *otn,int protocol)
++{
++ FWsamOptions *optp;
++ char *ap;
++
++
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWamOptionInit) FWsamOptionInit is parsing...\n");
++#endif
++
++ if((optp=(FWsamOptions *)malloc(sizeof(FWsamOptions)))==NULL)
++ FatalError("ERROR => [Alert_FWsam](AlertFWamOptionInit) malloc failed for opt!\n");
++
++
++ ap=args; /* start at the beginning of the argument */
++
++ while(*ap)
++ { if(isspace(*ap)) /* normalize spaces (tabs into space, etc) */
++ *ap=' ';
++ if(isupper(*ap)) /* and set to lower case */
++ *ap=tolower(*ap);
++ ap++;
++ }
++ while((ap=strrchr(args,' '))!=NULL) /* remove spaces */
++ strcpy(ap,ap+1);
++
++
++ if(FWsamParseOption(optp,args))
++ LogMessage("WARNING %s (%d) => [Alert_FWsam](AlertFWamOptionInit) Possible option problem. Using %s[%s],%lu.\n",file_name,file_line,(optp->who==FWSAM_WHO_SRC)?"src":"dst",(optp->how==FWSAM_HOW_IN)?"in":((optp->how==FWSAM_HOW_OUT)?"out":"either"),optp->duration);
++
++ otn->ds_list[PLUGIN_FWSAM]=(FWsamOptions *)optp;
++}
++
++
++/* Generates a new encryption key for TwoFish based on seq numbers and a random that
++ * the SnortSam agents send on checkin (in protocol)
++*/
++void FWsamNewStationKey(FWsamStation *station,FWsamPacket *packet)
++{
++ //unsigned char newkey[TwoFish_KEY_LENGTH+2];
++ char newkey[TwoFish_KEY_LENGTH+2];
++ int i;
++
++ newkey[0]=packet->snortseqno[0]; /* current snort seq # (which both know) */
++ newkey[1]=packet->snortseqno[1];
++ newkey[2]=packet->fwseqno[0]; /* current SnortSam seq # (which both know) */
++ newkey[3]=packet->fwseqno[1];
++ newkey[4]=packet->protocol[0]; /* the random SnortSam chose */
++ newkey[5]=packet->protocol[1];
++
++ strncpy(newkey+6,station->stationkey,TwoFish_KEY_LENGTH-6); /* append old key */
++ newkey[TwoFish_KEY_LENGTH]=0;
++
++ newkey[0]^=station->mykeymod[0]; /* modify key with key modifiers which were */
++ newkey[1]^=station->mykeymod[1]; /* exchanged during the check-in handshake. */
++ newkey[2]^=station->mykeymod[2];
++ newkey[3]^=station->mykeymod[3];
++ newkey[4]^=station->fwkeymod[0];
++ newkey[5]^=station->fwkeymod[1];
++ newkey[6]^=station->fwkeymod[2];
++ newkey[7]^=station->fwkeymod[3];
++
++ for(i=0;i<=7;i++)
++ if(newkey[i]==0)
++ newkey[i]++;
++
++ strcpy(station->stationkey,newkey);
++ TwoFishDestroy(station->stationfish);
++ station->stationfish=TwoFishInit(newkey);
++}
++
++
++/* This routine will search the option list as defined
++ * by the sid-block.map file and return a pointer
++ * to the matching record.
++*/
++FWsamOptions *FWsamGetOption(unsigned long sid)
++{ signed long i,step,diff,o,o2;
++
++#ifdef FWSAM_FANCYFETCH /* Fancy-fetch jumps in decreasing n/2 steps and takes much less lookups */
++ o=o2= -1;
++ i=step=FWsamMaxOptions>>1;
++ while(i>=0 && i<FWsamMaxOptions && i!=o2)
++ { diff=sid-FWsamOptionField[i].sid;
++ if(!diff)
++ return &(FWsamOptionField[i]);
++ if(step>1)
++ step=step>>1;
++ o2=o;
++ o=i;
++ if(diff>0)
++ i+=step;
++ else
++ i-=step;
++ }
++#else /* This is just a sequential list lookup */
++ for(i=0;i<FWsamMaxOptions;i++)
++ if(FWsamOptionField[i].sid==sid)
++ return &(FWsamOptionField[i]);
++#endif
++ return NULL;
++}
++
++
++/****************************************************************************
++ *
++ * Function: AlertFWsam(Packet *, char *)
++ *
++ * Purpose: Send the current alert to a remote module on a FW-1 mgmt station
++ *
++ * Arguments: p => pointer to the packet data struct
++ * msg => the message to print in the alert
++ *
++ * Returns: void function
++ *
++ ***************************************************************************/
++void AlertFWsam(Packet *p, char *msg, void *arg, Event *event)
++{ FWsamOptions *optp;
++ FWsamPacket sampacket;
++ FWsamStation *station=NULL;
++ FWsamList *fwsamlist;
++ SOCKET stationsocket;
++ int i,len,deletestation,stationtry=0;
++ //unsigned char *encbuf,*decbuf;
++ char *encbuf,*decbuf;
++ static unsigned long lastbsip[FWSAM_REPET_BLOCKS],lastbdip[FWSAM_REPET_BLOCKS],
++ lastbduration[FWSAM_REPET_BLOCKS],lastbtime[FWSAM_REPET_BLOCKS];
++ static unsigned short lastbsp[FWSAM_REPET_BLOCKS],lastbdp[FWSAM_REPET_BLOCKS],
++ lastbproto[FWSAM_REPET_BLOCKS],lastbpointer;
++ static unsigned char lastbmode[FWSAM_REPET_BLOCKS];
++ static unsigned long btime=0;
++
++
++ if(otn_tmp==NULL)
++ {
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] NULL otn_tmp!\n");
++#endif
++ return;
++ }
++ if(p == NULL)
++ {
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] NULL packet!\n");
++#endif
++ return;
++ }
++ if(arg == NULL)
++ {
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] NULL arg!\n");
++#endif
++ return;
++ }
++
++ /* SnortSam does no IPv6 */
++ if (!IS_IP4(p)) {
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] not acting on non-IP4 packet!\n");
++#endif
++ return;
++ }
++
++ optp=NULL;
++
++ if(FWsamOptionField) /* If using the file (field present), let's use that */
++ optp=FWsamGetOption(event->sig_id);
++
++ if(!optp) /* If file not present, check if an fwsam option was defined on the triggering rule */
++ optp=otn_tmp->ds_list[PLUGIN_FWSAM];
++
++ if(optp) /* if options specified for this rule */
++ { if(!btime) /* if this is the first time this function is */
++ { for(i=0;i<FWSAM_REPET_BLOCKS;i++) /* called, reset the time and protocol to 0. */
++ { lastbproto[i]=0;
++ lastbtime[i]=0;
++ }
++ }
++
++ fwsamlist=(FWsamList *)arg;
++
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] Alert -> Msg=\"%s\"\n",msg);
++
++ LogMessage("DEBUG => [Alert_FWsam] Alert -> Option: %s[%s],%lu.\n",(optp->who==FWSAM_WHO_SRC)?"src":"dst",(optp->how==FWSAM_HOW_IN)?"in":((optp->how==FWSAM_HOW_OUT)?"out":"either"),optp->duration);
++#endif
++
++ len=TRUE;
++ btime=(unsigned long)time(NULL); /* get current time */
++ /* This is a cheap check to see if the blocking request matches any of the previous requests. */
++ for(i=0;i<FWSAM_REPET_BLOCKS && len;i++)
++ { if( ((optp->how==FWSAM_HOW_THIS)? /* if blocking mode SERVICE, check for src and dst */
++ ( lastbsip[i]==p->iph->ip_src.s_addr && lastbdip[i]==p->iph->ip_dst.s_addr &&lastbproto[i]==p->iph->ip_proto &&
++ ((p->iph->ip_proto==IPPROTO_TCP || p->iph->ip_proto==IPPROTO_UDP)? /* check port only of TCP or UDP */
++/* ((optp->who==FWSAM_WHO_SRC)?(lastbsp[i]==p->sp):(lastbdp[i]==p->dp)):TRUE) ): */
++ lastbdp[i]==p->dp:TRUE) ):
++ ((optp->who==FWSAM_WHO_SRC)?(lastbsip[i]==p->iph->ip_src.s_addr):(lastbdip[i]==p->iph->ip_dst.s_addr))) && /* otherwise if we block source, only compare source. Same for dest. */
++ lastbduration[i]==optp->duration &&
++ (lastbmode[i]&(FWSAM_HOW|FWSAM_WHO))==(optp->how|optp->who) &&
++ (btime-lastbtime[i]<((optp->duration>FWSAM_REPET_TIME)?FWSAM_REPET_TIME:optp->duration)))
++ { len=FALSE; /* If so, we don't need to block again. */
++ }
++ }
++ if(len)
++ { if(++lastbpointer>=FWSAM_REPET_BLOCKS) /* increase repetitive check pointer */
++ lastbpointer=0;
++ lastbsip[lastbpointer]=p->iph->ip_src.s_addr; /* and note packet details */
++ lastbdip[lastbpointer]=p->iph->ip_dst.s_addr;
++ lastbduration[lastbpointer]=optp->duration;
++ lastbmode[lastbpointer]=optp->how|optp->who|optp->loglevel;
++ lastbproto[lastbpointer]=p->iph->ip_proto;
++ if(p->iph->ip_proto==IPPROTO_TCP || p->iph->ip_proto==IPPROTO_UDP)
++ { lastbsp[lastbpointer]=p->sp; /* set ports if TCP or UDP */
++ lastbdp[lastbpointer]=p->dp;
++ }
++ lastbtime[lastbpointer]=btime;
++
++
++ while(fwsamlist!=NULL)
++ { station=fwsamlist->station;
++ //if(station->stationip.s_addr)
++ if(station->stationip.ip32[0])
++ { deletestation=FALSE;
++ stationtry++; /* first try */
++ /* create a socket for the station */
++ stationsocket=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
++ if(stationsocket==INVALID_SOCKET)
++ FatalError("ERROR => [Alert_FWsam] Funky socket error (socket)!\n");
++ if(bind(stationsocket,(struct sockaddr *)&(station->localsocketaddr),sizeof(struct sockaddr)))
++ FatalError("ERROR => [Alert_FWsam] Could not bind socket!\n");
++
++ /* let's connect to the agent */
++ if(connect(stationsocket,(struct sockaddr *)&station->stationsocketaddr,sizeof(struct sockaddr)))
++ {
++ LogMessage("WARNING => [Alert_FWsam] Could not send block to host %s. Will try later.\n",sfip_ntoa(&station->stationip));
++#ifdef WIN32
++ closesocket(stationsocket);
++#else
++ close(stationsocket);
++#endif
++ stationtry=0;
++ }
++ else
++ {
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] Connected to host %s.\n",sfip_ntoa(&station->stationip));
++#endif
++ /* now build the packet */
++ station->myseqno+=station->stationseqno; /* increase my seqno by adding agent seq no */
++ sampacket.endiancheck=1; /* This is an endian indicator for Snortsam */
++ sampacket.snortseqno[0]=(char)station->myseqno;
++ sampacket.snortseqno[1]=(char)(station->myseqno>>8);
++ sampacket.fwseqno[0]=(char)station->stationseqno;/* fill station seqno */
++ sampacket.fwseqno[1]=(char)(station->stationseqno>>8);
++ sampacket.status=FWSAM_STATUS_BLOCK; /* set block mode */
++ sampacket.version=FWSAM_PACKETVERSION; /* set packet version */
++ sampacket.duration[0]=(char)optp->duration; /* set duration */
++ sampacket.duration[1]=(char)(optp->duration>>8);
++ sampacket.duration[2]=(char)(optp->duration>>16);
++ sampacket.duration[3]=(char)(optp->duration>>24);
++ sampacket.fwmode=optp->how|optp->who|optp->loglevel; /* set the mode */
++ sampacket.dstip[0]=(char)p->iph->ip_dst.s_addr; /* destination IP */
++ sampacket.dstip[1]=(char)(p->iph->ip_dst.s_addr>>8);
++ sampacket.dstip[2]=(char)(p->iph->ip_dst.s_addr>>16);
++ sampacket.dstip[3]=(char)(p->iph->ip_dst.s_addr>>24);
++ sampacket.srcip[0]=(char)p->iph->ip_src.s_addr; /* source IP */
++ sampacket.srcip[1]=(char)(p->iph->ip_src.s_addr>>8);
++ sampacket.srcip[2]=(char)(p->iph->ip_src.s_addr>>16);
++ sampacket.srcip[3]=(char)(p->iph->ip_src.s_addr>>24);
++ sampacket.protocol[0]=(char)p->iph->ip_proto; /* protocol */
++ sampacket.protocol[1]=(char)(p->iph->ip_proto>>8);/* protocol */
++
++ if(p->iph->ip_proto==IPPROTO_TCP || p->iph->ip_proto==IPPROTO_UDP)
++ { sampacket.srcport[0]=(char)p->sp; /* set ports */
++ sampacket.srcport[1]=(char)(p->sp>>8);
++ sampacket.dstport[0]=(char)p->dp;
++ sampacket.dstport[1]=(char)(p->dp>>8);
++ }
++ else
++ sampacket.srcport[0]=sampacket.srcport[1]=sampacket.dstport[0]=sampacket.dstport[1]=0;
++
++ sampacket.sig_id[0]=(char)event->sig_id; /* set signature ID */
++ sampacket.sig_id[1]=(char)(event->sig_id>>8);
++ sampacket.sig_id[2]=(char)(event->sig_id>>16);
++ sampacket.sig_id[3]=(char)(event->sig_id>>24);
++
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] Sending BLOCK\n");
++ LogMessage("DEBUG => [Alert_FWsam] Snort SeqNo: %x\n",station->myseqno);
++ LogMessage("DEBUG => [Alert_FWsam] Mgmt SeqNo : %x\n",station->stationseqno);
++ LogMessage("DEBUG => [Alert_FWsam] Status : %i\n",FWSAM_STATUS_BLOCK);
++ LogMessage("DEBUG => [Alert_FWsam] Mode : %i\n",optp->how|optp->who|optp->loglevel);
++ LogMessage("DEBUG => [Alert_FWsam] Duration : %li\n",optp->duration);
++ LogMessage("DEBUG => [Alert_FWsam] Protocol : %i\n",GET_IPH_PROTO(p));
++#ifdef SUP_IP6
++ LogMessage("DEBUG => [Alert_FWsam] Src IP : %s\n",sfip_ntoa(GET_SRC_IP(p)));
++ LogMessage("DEBUG => [Alert_FWsam] Dest IP : %s\n",sfip_ntoa(GET_DST_IP(p)));
++#else
++ LogMessage("DEBUG => [Alert_FWsam] Src IP : %s\n",inet_ntoa(p->iph->ip_src));
++ LogMessage("DEBUG => [Alert_FWsam] Dest IP : %s\n",inet_ntoa(p->iph->ip_dst));
++#endif
++ LogMessage("DEBUG => [Alert_FWsam] Src Port : %i\n",p->sp);
++ LogMessage("DEBUG => [Alert_FWsam] Dest Port : %i\n",p->dp);
++ LogMessage("DEBUG => [Alert_FWsam] Sig_ID : %lu\n",event->sig_id);
++
++#endif
++
++ encbuf=TwoFishAlloc(sizeof(FWsamPacket),FALSE,FALSE,station->stationfish); /* get the encryption buffer */
++ len=TwoFishEncrypt((char *)&sampacket,&encbuf,sizeof(FWsamPacket),FALSE,station->stationfish); /* encrypt the packet with current key */
++
++ if(send(stationsocket,encbuf,len,0)!=len) /* weird...could not send */
++ { LogMessage("WARNING => [Alert_FWsam] Could not send to host %s. Will try again later.\n",sfip_ntoa(&station->stationip));
++#ifdef WIN32
++ closesocket(stationsocket);
++#else
++ close(stationsocket);
++#endif
++ stationtry=0;
++ }
++ else
++ { i=FWSAM_NETWAIT;
++#ifdef WIN32
++ ioctlsocket(stationsocket,FIONBIO,&i); /* set non blocking and wait for */
++#else
++ ioctl(stationsocket,FIONBIO,&i); /* set non blocking and wait for */
++#endif
++ while(i-- >1) /* the response packet */
++ { waitms(10); /* wait for response (default maximum 3 secs */
++ if(recv(stationsocket,encbuf,len,0)==len)
++ i=0; /* if we received packet we set the counter to 0. */
++ /* by the time we check with if, it's already dec'ed to -1 */
++ }
++ if(!i) /* id we timed out (i was one, then dec'ed)... */
++ { LogMessage("WARNING => [Alert_FWsam] Did not receive response from host %s. Will try again later.\n",sfip_ntoa(&station->stationip));
++#ifdef WIN32
++ closesocket(stationsocket);
++#else
++ close(stationsocket);
++#endif
++ stationtry=0;
++ }
++ else /* got a packet */
++ { decbuf=(char *)&sampacket; /* get the pointer to the packet struct */
++ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try to decrypt the packet with current key */
++
++ if(len!=sizeof(FWsamPacket)) /* invalid decryption */
++ { strcpy(station->stationkey,station->initialkey); /* try the intial key */
++ TwoFishDestroy(station->stationfish);
++ station->stationfish=TwoFishInit(station->stationkey); /* re-initialize the TwoFish with the intial key */
++ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try again to decrypt */
++ LogMessage("INFO => [Alert_FWsam] Had to use initial key!\n");
++ }
++ if(len==sizeof(FWsamPacket)) /* valid decryption */
++ { if(sampacket.version==FWSAM_PACKETVERSION)/* master speaks my language */
++ { if(sampacket.status==FWSAM_STATUS_OK || sampacket.status==FWSAM_STATUS_NEWKEY
++ || sampacket.status==FWSAM_STATUS_RESYNC || sampacket.status==FWSAM_STATUS_HOLD)
++ { station->stationseqno=sampacket.fwseqno[0] | (sampacket.fwseqno[1]<<8); /* get stations seqno */
++ station->lastcontact=(unsigned long)time(NULL); /* set the last contact time (not used yet) */
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] Received %s\n",sampacket.status==FWSAM_STATUS_OK?"OK":
++ sampacket.status==FWSAM_STATUS_NEWKEY?"NEWKEY":
++ sampacket.status==FWSAM_STATUS_RESYNC?"RESYNC":
++ sampacket.status==FWSAM_STATUS_HOLD?"HOLD":"ERROR");
++ LogMessage("DEBUG => [Alert_FWsam] Snort SeqNo: %x\n",sampacket.snortseqno[0]|(sampacket.snortseqno[1]<<8));
++ LogMessage("DEBUG => [Alert_FWsam] Mgmt SeqNo : %x\n",station->stationseqno);
++ LogMessage("DEBUG => [Alert_FWsam] Status : %i\n",sampacket.status);
++ LogMessage("DEBUG => [Alert_FWsam] Version : %i\n",sampacket.version);
++#endif
++ if(sampacket.status==FWSAM_STATUS_HOLD)
++ { i=FWSAM_NETHOLD; /* Stay on hold for a maximum of 60 secs (default) */
++ while(i-- >1) /* the response packet */
++ { waitms(10); /* wait for response */
++ if(recv(stationsocket,encbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,0)==sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE)
++ i=0; /* if we received packet we set the counter to 0. */
++ }
++ if(!i) /* id we timed out (i was one, then dec'ed)... */
++ { LogMessage("WARNING => [Alert_FWsam] Did not receive response from host %s. Will try again later.\n",sfip_ntoa(&station->stationip));
++ stationtry=0;
++ sampacket.status=FWSAM_STATUS_ERROR;
++ }
++ else /* got a packet */
++ { decbuf=(char *)&sampacket; /* get the pointer to the packet struct */
++ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try to decrypt the packet with current key */
++
++ if(len!=sizeof(FWsamPacket)) /* invalid decryption */
++ { strcpy(station->stationkey,station->initialkey); /* try the intial key */
++ TwoFishDestroy(station->stationfish);
++ station->stationfish=TwoFishInit(station->stationkey); /* re-initialize the TwoFish with the intial key */
++ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try again to decrypt */
++ LogMessage("INFO => [Alert_FWsam] Had to use initial key again!\n");
++ }
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] Received %s\n",sampacket.status==FWSAM_STATUS_OK?"OK":
++ sampacket.status==FWSAM_STATUS_NEWKEY?"NEWKEY":
++ sampacket.status==FWSAM_STATUS_RESYNC?"RESYNC":
++ sampacket.status==FWSAM_STATUS_HOLD?"HOLD":"ERROR");
++ LogMessage("DEBUG => [Alert_FWsam] Snort SeqNo: %x\n",sampacket.snortseqno[0]|(sampacket.snortseqno[1]<<8));
++ LogMessage("DEBUG => [Alert_FWsam] Mgmt SeqNo : %x\n",station->stationseqno);
++ LogMessage("DEBUG => [Alert_FWsam] Status : %i\n",sampacket.status);
++ LogMessage("DEBUG => [Alert_FWsam] Version : %i\n",sampacket.version);
++#endif
++ if(len!=sizeof(FWsamPacket)) /* invalid decryption */
++ { ErrorMessage("ERROR => [Alert_FWsam] Password mismatch! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++ deletestation=TRUE;
++ sampacket.status=FWSAM_STATUS_ERROR;
++ }
++ else if(sampacket.version!=FWSAM_PACKETVERSION) /* invalid protocol version */
++ { ErrorMessage("ERROR => [Alert_FWsam] Protocol version error! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++ deletestation=TRUE;
++ sampacket.status=FWSAM_STATUS_ERROR;
++ }
++ else if(sampacket.status!=FWSAM_STATUS_OK && sampacket.status!=FWSAM_STATUS_NEWKEY && sampacket.status!=FWSAM_STATUS_RESYNC)
++ { ErrorMessage("ERROR => [Alert_FWsam] Funky handshake error! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++ deletestation=TRUE;
++ sampacket.status=FWSAM_STATUS_ERROR;
++ }
++ }
++ }
++ if(sampacket.status==FWSAM_STATUS_RESYNC) /* if station want's to resync... */
++ { strcpy(station->stationkey,station->initialkey); /* ...we use the intial key... */
++ memcpy(station->fwkeymod,sampacket.duration,4); /* and note the random key modifier */
++ }
++ if(sampacket.status==FWSAM_STATUS_NEWKEY || sampacket.status==FWSAM_STATUS_RESYNC)
++ {
++ FWsamNewStationKey(station,&sampacket); /* generate new TwoFish keys */
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] Generated new encryption key...\n");
++#endif
++ }
++#ifdef WIN32
++ closesocket(stationsocket);
++#else
++ close(stationsocket);
++#endif
++ stationtry=0;
++ }
++ else if(sampacket.status==FWSAM_STATUS_ERROR) /* if SnortSam reports an error on second try, */
++ {
++#ifdef WIN32
++ closesocket(stationsocket); /* something is messed up and ... */
++#else
++ close(stationsocket);
++#endif
++ if(stationtry>1) /* we ignore that station. */
++ { deletestation=TRUE; /* flag for deletion */
++ ErrorMessage("ERROR => [Alert_FWsam] Could not renegotiate key! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++ }
++ else /* if we get an error on the first try, */
++ { if(!FWsamCheckIn(station)) /* we first try to check in again. */
++ { deletestation=TRUE;
++ ErrorMessage("ERROR => [Alert_FWsam] Password mismatch! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++ }
++ }
++ }
++ else /* an unknown status means trouble... */
++ { ErrorMessage("ERROR => [Alert_FWsam] Funky handshake error! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++#ifdef WIN32
++ closesocket(stationsocket);
++#else
++ close(stationsocket);
++#endif
++ deletestation=TRUE;
++ }
++ }
++ else /* if the SnortSam agent uses a different packet version, we have no choice but to ignore it. */
++ { ErrorMessage("ERROR => [Alert_FWsam] Protocol version error! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++#ifdef WIN32
++ closesocket(stationsocket);
++#else
++ close(stationsocket);
++#endif
++ deletestation=TRUE;
++ }
++ }
++ else /* if the intial key failed to decrypt as well, the keys are not configured the same, and we ignore that SnortSam station. */
++ { ErrorMessage("ERROR => [Alert_FWsam] Password mismatch! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++#ifdef WIN32
++ closesocket(stationsocket);
++#else
++ close(stationsocket);
++#endif
++ deletestation=TRUE;
++ }
++ }
++ }
++ free(encbuf); /* release of the TwoFishAlloc'ed encryption buffer */
++ }
++ if(stationtry==0 || deletestation) /* if everything went real well, or real bad... */
++ { if(deletestation){ /* If it went bad, we remove the station from the list by marking the IP */
++// station->stationip.s_addr=0;
++ station->stationip.ip32[0]=0;
++ }
++ fwsamlist=fwsamlist->next;
++ }
++ }
++ else
++ fwsamlist=fwsamlist->next;
++ }
++ }
++ else
++ {
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam] Skipping repetitive block.\n");
++#endif
++ }
++ }
++}
++
++/* FWsamCheckOut will be called when Snort exists. It de-registeres this snort sensor
++ * from the list of sensor that the SnortSam agent keeps.
++ */
++void FWsamCheckOut(FWsamStation *station)
++{ FWsamPacket sampacket;
++ SOCKET stationsocket;
++ int i,len;
++ char *encbuf,*decbuf;
++ //unsigned char *encbuf,*decbuf;
++
++
++ stationsocket=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
++ if(stationsocket==INVALID_SOCKET)
++ FatalError("ERROR => [Alert_FWsam](FWsamCheckOut) Funky socket error (socket)!\n");
++ if(bind(stationsocket,(struct sockaddr *)&(station->localsocketaddr),sizeof(struct sockaddr)))
++ FatalError("ERROR => [Alert_FWsam](FWsamCheckOut) Could not bind socket!\n");
++
++ /* let's connect to the agent */
++ if(!connect(stationsocket,(struct sockaddr *)&station->stationsocketaddr,sizeof(struct sockaddr)))
++ { LogMessage("INFO => [Alert_FWsam](FWsamCheckOut) Disconnecting from host %s.\n",sfip_ntoa(&station->stationip));
++ /* now build the packet */
++ station->myseqno+=station->stationseqno; /* increase my seqno */
++ sampacket.endiancheck=1;
++ sampacket.snortseqno[0]=(char)station->myseqno;
++ sampacket.snortseqno[1]=(char)(station->myseqno>>8);
++ sampacket.fwseqno[0]=(char)station->stationseqno; /* fill station seqno */
++ sampacket.fwseqno[1]=(char)(station->stationseqno>>8);
++ sampacket.status=FWSAM_STATUS_CHECKOUT; /* checking out... */
++ sampacket.version=FWSAM_PACKETVERSION;
++
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckOut) Sending CHECKOUT\n");
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckOut) Snort SeqNo: %x\n",station->myseqno);
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckOut) Mgmt SeqNo : %x\n",station->stationseqno);
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckOut) Status : %i\n",sampacket.status);
++
++#endif
++
++ encbuf=TwoFishAlloc(sizeof(FWsamPacket),FALSE,FALSE,station->stationfish); /* get encryption buffer */
++ len=TwoFishEncrypt((char *)&sampacket,&encbuf,sizeof(FWsamPacket),FALSE,station->stationfish); /* encrypt packet with current key */
++
++ if(send(stationsocket,encbuf,len,0)==len)
++ { i=FWSAM_NETWAIT;
++#ifdef WIN32
++ ioctlsocket(stationsocket,FIONBIO,&i); /* set non blocking and wait for */
++#else
++ ioctl(stationsocket,FIONBIO,&i); /* set non blocking and wait for */
++#endif
++ while(i-- >1)
++ { waitms(10); /* ...wait a maximum of 3 secs for response... */
++ if(recv(stationsocket,encbuf,len,0)==len) /* ... for the status packet */
++ i=0;
++ }
++ if(i) /* if we got the packet */
++ { decbuf=(char *)&sampacket;
++ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish);
++
++ if(len!=sizeof(FWsamPacket)) /* invalid decryption */
++ { strcpy(station->stationkey,station->initialkey); /* try initial key */
++ TwoFishDestroy(station->stationfish); /* toss this fish */
++ station->stationfish=TwoFishInit(station->stationkey); /* re-initialze TwoFish with initial key */
++ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* and try to decrypt again */
++ LogMessage("INFO => [Alert_FWsam](FWsamCheckOut) Had to use initial key!\n");
++ }
++ if(len==sizeof(FWsamPacket)) /* valid decryption */
++ { if(sampacket.version!=FWSAM_PACKETVERSION) /* but don't really care since we are on the way out */
++ ErrorMessage("WARNING => [Alert_FWsam](FWsamCheckOut) Protocol version error! What the hell, we're quitting anyway! :)\n");
++ }
++ else
++ ErrorMessage("WARNING => [Alert_FWsam](FWsamCheckOut) Password mismatch! What the hell, we're quitting anyway! :)\n");
++ }
++ }
++ free(encbuf); /* release TwoFishAlloc'ed buffer */
++ }
++ else
++ LogMessage("WARNING => [Alert_FWsam] Could not connect to host %s for CheckOut. What the hell, we're quitting anyway! :)\n",sfip_ntoa(&station->stationip));
++#ifdef WIN32
++ closesocket(stationsocket);
++#else
++ close(stationsocket);
++#endif
++}
++
++
++/* FWSamFree: Disconnects all FW-1 management stations,
++ * closes sockets, and frees the structures.
++ */
++void FWsamFree(FWsamList *list)
++{
++ FWsamList *next;
++
++ while(list) /* Free pointer list for rule type */
++ {
++ next=list->next;
++ free(list);
++ list=next;
++ }
++ list=FWsamStationList;
++
++ while(list) /* Free global pointer list and stations */
++ {
++ next=list->next;
++ if (list->station)
++ {
++ if(list->station->stationip.ip32[0])
++ //if(list->station->stationip.s_addr)
++ FWsamCheckOut(list->station); /* Send a Check-Out to SnortSam, */
++
++ TwoFishDestroy(list->station->stationfish); /* toss the fish, */
++ free(list->station); /* free station, */
++ }
++ free(list); /* free pointer, */
++ list=next; /* and move to next. */
++ }
++ FWsamStationList=NULL;
++ if(FWsamOptionField)
++ free(FWsamOptionField);
++}
++
++void AlertFWsamCleanExitFunc(int signal, void *arg)
++{ FWsamList *fwsamlist;
++
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamCleanExitFunc) Exiting...\n");
++#endif
++
++ fwsamlist=(FWsamList *)arg;
++ FWsamFree(fwsamlist); /* Free all elements */
++}
++
++void AlertFWsamRestartFunc(int signal, void *arg)
++{ FWsamList *fwsamlist;
++
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamRestartFunc) Restarting...\n");
++#endif
++
++ fwsamlist=(FWsamList *)arg;
++ FWsamFree(fwsamlist); /* Free all elements */
++}
++
++/* This routine registers this Snort sensor with SnortSam.
++ * It will also change the encryption key based on some variables.
++ */
++int FWsamCheckIn(FWsamStation *station)
++{ int i,len,stationok=TRUE;
++ FWsamPacket sampacket;
++ char *encbuf,*decbuf;
++ //unsigned char *encbuf,*decbuf;
++ SOCKET stationsocket;
++
++
++ /* create a socket for the station */
++ stationsocket=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
++ if(stationsocket==INVALID_SOCKET)
++ FatalError("ERROR => [Alert_FWsam](FWsamCheckIn) Funky socket error (socket)!\n");
++ if(bind(stationsocket,(struct sockaddr *)&(station->localsocketaddr),sizeof(struct sockaddr)))
++ FatalError("ERROR => [Alert_FWsam](FWsamCheckIn) Could not bind socket!\n");
++
++ i=TRUE;
++ /* let's connect to the agent */
++ if(connect(stationsocket,(struct sockaddr *)&station->stationsocketaddr,sizeof(struct sockaddr)))
++ LogMessage("WARNING => [Alert_FWsam](FWsamCheckIn) Could not connect to host %s. Will try later.\n",sfip_ntoa(&station->stationip));
++ else
++ { LogMessage("INFO => [Alert_FWsam](FWsamCheckIn) Connected to host %s.\n",sfip_ntoa(&station->stationip));
++ /* now build the packet */
++ sampacket.endiancheck=1;
++ sampacket.snortseqno[0]=(char)station->myseqno; /* fill my sequence number number */
++ sampacket.snortseqno[1]=(char)(station->myseqno>>8); /* fill my sequence number number */
++ sampacket.status=FWSAM_STATUS_CHECKIN; /* let's check in */
++ sampacket.version=FWSAM_PACKETVERSION; /* set the packet version */
++ memcpy(sampacket.duration,station->mykeymod,4); /* we'll send SnortSam our key modifier in the duration slot */
++ /* (the checkin packet is just the plain initial key) */
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Sending CheckIn\n");
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Snort SeqNo: %x\n",station->myseqno);
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Mode : %i\n",sampacket.status);
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Version : %i\n",sampacket.version);
++#endif
++ encbuf=TwoFishAlloc(sizeof(FWsamPacket),FALSE,FALSE,station->stationfish); /* get buffer for encryption */
++ len=TwoFishEncrypt((char *)&sampacket,&encbuf,sizeof(FWsamPacket),FALSE,station->stationfish); /* encrypt with initial key */
++ if(send(stationsocket,encbuf,len,0)!=len) /* weird...could not send */
++ LogMessage("WARNING => [Alert_FWsam](FWsamCheckIn) Could not send to host %s. Will try again later.\n",sfip_ntoa(&station->stationip));
++ else
++ { i=FWSAM_NETWAIT;
++#ifdef WIN32
++ ioctlsocket(stationsocket,FIONBIO,&i); /* set non blocking and wait for */
++#else
++ ioctl(stationsocket,FIONBIO,&i); /* set non blocking and wait for */
++#endif
++ while(i-- >1)
++ { waitms(10); /* wait a maximum of 3 secs for response */
++ if(recv(stationsocket,encbuf,len,0)==len)
++ i=0;
++ }
++ if(!i) /* time up? */
++ LogMessage("WARNING => [Alert_FWsam](FWsamCheckIn) Did not receive response from host %s. Will try again later.\n",sfip_ntoa(&station->stationip));
++ else
++ { decbuf=(char *)&sampacket; /* got status packet */
++ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try to decrypt with initial key */
++ if(len==sizeof(FWsamPacket)) /* valid decryption */
++ {
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Received %s\n",sampacket.status==FWSAM_STATUS_OK?"OK":
++ sampacket.status==FWSAM_STATUS_NEWKEY?"NEWKEY":
++ sampacket.status==FWSAM_STATUS_RESYNC?"RESYNC":
++ sampacket.status==FWSAM_STATUS_HOLD?"HOLD":"ERROR");
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Snort SeqNo: %x\n",sampacket.snortseqno[0]|(sampacket.snortseqno[1]<<8));
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Mgmt SeqNo : %x\n",sampacket.fwseqno[0]|(sampacket.fwseqno[1]<<8));
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Status : %i\n",sampacket.status);
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Version : %i\n",sampacket.version);
++#endif
++ if(sampacket.version==FWSAM_PACKETVERSION) /* master speaks my language */
++ { if(sampacket.status==FWSAM_STATUS_OK || sampacket.status==FWSAM_STATUS_NEWKEY || sampacket.status==FWSAM_STATUS_RESYNC)
++ { station->stationseqno=sampacket.fwseqno[0]|(sampacket.fwseqno[1]<<8); /* get stations seqno */
++ station->lastcontact=(unsigned long)time(NULL);
++
++ if(sampacket.status==FWSAM_STATUS_NEWKEY || sampacket.status==FWSAM_STATUS_RESYNC) /* generate new keys */
++ { memcpy(station->fwkeymod,sampacket.duration,4); /* note the key modifier */
++ FWsamNewStationKey(station,&sampacket); /* and generate new TwoFish keys (with key modifiers) */
++#ifdef FWSAMDEBUG
++ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Generated new encryption key...\n");
++#endif
++ }
++ }
++ else /* weird, got a strange status back */
++ { ErrorMessage("ERROR => [Alert_FWsam](FWsamCheckIn) Funky handshake error! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++ stationok=FALSE;
++ }
++ }
++ else /* packet version does not match */
++ { ErrorMessage("ERROR =>[Alert_FWsam](FWsamCheckIn) Protocol version error! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++ stationok=FALSE;
++ }
++ }
++ else /* key does not match */
++ { ErrorMessage("ERROR => [Alert_FWsam](FWsamCheckIn) Password mismatch! Ignoring host %s.\n",sfip_ntoa(&station->stationip));
++ stationok=FALSE;
++ }
++ }
++ }
++ free(encbuf); /* release TwoFishAlloc'ed buffer */
++ }
++#ifdef WIN32
++ closesocket(stationsocket);
++#else
++ close(stationsocket);
++#endif
++ return stationok;
++}
++#undef FWSAMDEBUG
++
+
+Index: snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.h
+===================================================================
+--- snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.h (Revision 0)
++++ snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.h (Revision 3)
+@@ -0,0 +1,216 @@
++/* $Id: snortpatchb,v 1.5 2005/10/06 08:50:39 fknobbe Exp $
++**
++** spo_alert_fwsam.h
++**
++** Copyright (c) 2001-2004 Frank Knobbe <frank@knobbe.us>
++**
++** This program is free software; you can redistribute it and/or modify
++** it under the terms of the GNU General Public License as published by
++** the Free Software Foundation; either version 2 of the License, or
++** (at your option) any later version.
++**
++** This program is distributed in the hope that it will be useful,
++** but WITHOUT ANY WARRANTY; without even the implied warranty of
++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++** GNU General Public License for more details.
++**
++** You should have received a copy of the GNU General Public License
++** along with this program; if not, write to the Free Software
++** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++*/
++
++/* This file gets included in plugbase.c when it is integrated into the rest
++ * of the program.
++ *
++ * For more info, see the beginning of spo_alert_fwsam.c
++ *
++ */
++
++#ifndef __SPO_FWSAM_H__
++#define __SPO_FWSAM_H__
++
++#include "snort.h"
++#include "rules.h"
++#include "plugbase.h"
++#include "plugin_enum.h"
++#include "fatal.h"
++#include "util.h"
++#include "twofish.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++#include <time.h>
++#include <string.h>
++#include <ctype.h>
++#include <unistd.h>
++
++
++/* just some compatibility stuff */
++#ifdef WIN32
++#if !defined(_WINSOCKAPI_) && !defined(_WINSOCK2API_)
++#include <winsock.h>
++#endif
++#define waitms(x) Sleep(x)
++
++#else
++
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++#include <sys/ioctl.h>
++#include <netdb.h>
++
++#ifdef SOLARIS
++#include <sys/filio.h>
++#endif
++
++typedef int SOCKET;
++
++#ifndef INVALID_SOCKET
++#define INVALID_SOCKET -1
++#endif
++
++#define waitms(x) usleep((x)*1000)
++
++#endif
++
++#ifndef FALSE
++#define FALSE 0
++#endif
++#ifndef TRUE
++#define TRUE !FALSE
++#endif
++#ifndef bool
++#define bool int
++#endif
++
++
++#if defined(_DEBUG) || defined(DEBUG)
++#ifndef FWSAMDEBUG
++#define FWSAMDEBUG
++#endif
++#else
++#endif
++
++
++/* Official Snort PlugIn Number has been moved into plugin_enum.h */
++
++
++/* fixed defines */
++
++#define FWSAM_DEFAULTPORT 898 /* Default port if user does not specify one in snort.conf */
++ /* (Was unused last time I checked...) */
++#define FWSAM_PACKETVERSION 14 /* version of the packet. Will increase with enhancements. */
++
++#define FWSAM_STATUS_CHECKIN 1 /* snort to fw */
++#define FWSAM_STATUS_CHECKOUT 2
++#define FWSAM_STATUS_BLOCK 3
++#define FWSAM_STATUS_UNBLOCK 9
++
++#define FWSAM_STATUS_OK 4 /* fw to snort */
++#define FWSAM_STATUS_ERROR 5
++#define FWSAM_STATUS_NEWKEY 6
++#define FWSAM_STATUS_RESYNC 7
++#define FWSAM_STATUS_HOLD 8
++
++#define FWSAM_LOG_NONE 0
++#define FWSAM_LOG_SHORTLOG 1
++#define FWSAM_LOG_SHORTALERT 2
++#define FWSAM_LOG_LONGLOG 3
++#define FWSAM_LOG_LONGALERT 4
++#define FWSAM_LOG (FWSAM_LOG_SHORTLOG|FWSAM_LOG_SHORTALERT|FWSAM_LOG_LONGLOG|FWSAM_LOG_LONGALERT)
++#define FWSAM_WHO_DST 8
++#define FWSAM_WHO_SRC 16
++#define FWSAM_WHO (FWSAM_WHO_DST|FWSAM_WHO_SRC)
++#define FWSAM_HOW_IN 32
++#define FWSAM_HOW_OUT 64
++#define FWSAM_HOW_INOUT (FWSAM_HOW_IN|FWSAM_HOW_OUT)
++#define FWSAM_HOW_THIS 128
++#define FWSAM_HOW (FWSAM_HOW_IN|FWSAM_HOW_OUT|FWSAM_HOW_THIS)
++
++
++/* user adjustable defines */
++
++#define FWSAM_REPET_BLOCKS 10 /* Snort remembers this amount of last blocks and... */
++#define FWSAM_REPET_TIME 20 /* ...checks if they fall within this time. If so,... */
++ /* ...the blocking request is not send. */
++
++#define FWSAM_NETWAIT 300 /* 100th of a second. 3 sec timeout for network connections */
++#define FWSAM_NETHOLD 6000 /* 100th of a second. 60 sec timeout for holding */
++
++#define SID_MAPFILE "sid-block.map"
++#define SID_ALT_MAPFILE "sid-fwsam.map"
++
++#define FWSAM_FANCYFETCH /* This will invoke a fast sid lookup routine */
++
++
++/* vars */
++
++typedef struct _FWsamstation /* structure of a mgmt station */
++{ unsigned short myseqno;
++ unsigned short stationseqno;
++ unsigned char mykeymod[4];
++ unsigned char fwkeymod[4];
++ unsigned short stationport;
++ //struct in_addr stationip;
++ sfip_t stationip;
++ struct sockaddr_in localsocketaddr;
++ struct sockaddr_in stationsocketaddr;
++ TWOFISH *stationfish;
++ char initialkey[TwoFish_KEY_LENGTH+2];
++ char stationkey[TwoFish_KEY_LENGTH+2];
++ time_t lastcontact;
++/* time_t sleepstart; */
++} FWsamStation;
++
++typedef struct _FWsampacket /* 2 blocks (3rd block is header from TwoFish) */
++{ unsigned short endiancheck; /* 0 */
++ unsigned char srcip[4]; /* 2 */
++ unsigned char dstip[4]; /* 6 */
++ unsigned char duration[4]; /* 10 */
++ unsigned char snortseqno[2]; /* 14 */
++ unsigned char fwseqno[2]; /* 16 */
++ unsigned char srcport[2]; /* 18 */
++ unsigned char dstport[2]; /* 20 */
++ unsigned char protocol[2]; /* 22 */
++ unsigned char fwmode; /* 24 */
++ unsigned char version; /* 25 */
++ unsigned char status; /* 26 */
++ unsigned char sig_id[4]; /* 27 */
++ unsigned char fluff; /* 31 */
++} FWsamPacket; /* 32 bytes in size */
++
++typedef struct _FWsamoptions /* snort rule options */
++{ unsigned long sid;
++ unsigned long duration;
++ unsigned char who;
++ unsigned char how;
++ unsigned char loglevel;
++} FWsamOptions;
++
++typedef struct _FWsamlistpointer
++{ FWsamStation *station;
++ struct _FWsamlistpointer *next;
++} FWsamList;
++
++
++/* functions */
++void AlertFWsamSetup(void);
++void AlertFWsamInit(char *args);
++void AlertFWsamOptionInit(char *args,OptTreeNode *otn,int protocol);
++void AlertFWsamCleanExitFunc(int signal, void *arg);
++void AlertFWsamRestartFunc(int signal, void *arg);
++void AlertFWsam(Packet *p, char *msg, void *arg, Event *event);
++int FWsamCheckIn(FWsamStation *station);
++void FWsamCheckOut(FWsamStation *station);
++void FWsamNewStationKey(FWsamStation *station,FWsamPacket *packet);
++void FWsamFixPacketEndian(FWsamPacket *p);
++unsigned long FWsamParseDuration(char *p);
++void FWsamFree(FWsamList *fwsamlist);
++int FWsamStationExists(FWsamStation *who,FWsamList *list);
++int FWsamReadLine(char *,unsigned long,FILE *);
++void FWsamParseLine(FWsamOptions *,char *);
++FWsamOptions *FWsamGetOption(unsigned long);
++int FWsamParseOption(FWsamOptions *,char *);
++
++#endif /* __SPO_FWSAM_H__ */
+
+Index: snort-2.8.6.1/src/output-plugins/Makefile.am
+===================================================================
+--- snort-2.8.6.1/src/output-plugins/Makefile.am (Revision 1)
++++ snort-2.8.6.1/src/output-plugins/Makefile.am (Revision 3)
+@@ -11,6 +11,7 @@
+ spo_log_tcpdump.h spo_unified.c spo_unified2.c spo_unified.h spo_unified2.h \
+ spo_log_ascii.c spo_log_ascii.h spo_alert_sf_socket.h spo_alert_sf_socket.c \
+ spo_alert_prelude.c spo_alert_prelude.h spo_alert_arubaaction.c spo_alert_arubaaction.h \
++spo_alert_fwsam.c spo_alert_fwsam.h \
+ spo_alert_test.c spo_alert_test.h
+
+ INCLUDES = @INCLUDES@
+Index: snort-2.8.6.1/src/plugbase.c
+===================================================================
+--- snort-2.8.6.1/src/plugbase.c (Revision 1)
++++ snort-2.8.6.1/src/plugbase.c (Revision 3)
+@@ -125,6 +125,7 @@
+ #endif
+
+ #include "output-plugins/spo_alert_test.h"
++#include "output-plugins/spo_alert_fwsam.h"
+
+ extern ListHead *head_tmp;
+ extern PreprocConfigFuncNode *preproc_config_funcs;
+@@ -1240,6 +1241,7 @@
+ #endif
+
+ AlertTestSetup();
++ AlertFWsamSetup();
+ }
+
+ /****************************************************************************
+Index: snort-2.8.6.1/src/Makefile.am
+===================================================================
+--- snort-2.8.6.1/src/Makefile.am (Revision 1)
++++ snort-2.8.6.1/src/Makefile.am (Revision 3)
+@@ -52,7 +52,8 @@
+ detection_filter.c detection_filter.h \
+ rate_filter.c rate_filter.h \
+ obfuscation.c obfuscation.h \
+-rule_option_types.h
++rule_option_types.h \
++twofish.c twofish.h
+
+ snort_LDADD = output-plugins/libspo.a \
+ detection-plugins/libspd.a \
+Index: snort-2.8.6.1/autojunk.sh
+===================================================================
+--- snort-2.8.6.1/autojunk.sh (Revision 0)
++++ snort-2.8.6.1/autojunk.sh (Revision 3)
+@@ -0,0 +1,7 @@
++#!/bin/sh
++# the list of commands that need to run before we do a compile
++libtoolize --automake --copy
++aclocal -I m4
++autoheader
++automake --add-missing --copy
++autoconf
+
+Index: snort-2.8.6.1/etc/snort.conf
+===================================================================
+--- snort-2.8.6.1/etc/snort.conf (Revision 1)
++++ snort-2.8.6.1/etc/snort.conf (Revision 3)
+@@ -277,6 +277,32 @@
+ # prelude
+ # output alert_prelude
+
++# snortsam
++# In order to cause Snort to send a blocking request to the SnortSam agent,
++# that agent has to be listed, including the port it listens on,
++# and the encryption key it is using. The statement for that is:
++#
++# output alert_fwsam: {SnortSam Station}:{port}/{password}
++#
++# {SnortSam Station}: IP address or host name of the host where SnortSam is running.
++# {port}: The port the remote SnortSam agent listens on.
++# {password}: The password, or key, used for encryption of the
++# communication to the remote agent.
++#
++# At the very least, the IP address or host name of the host running SnortSam
++# needs to be specified. If the port is omitted, it defaults to TCP port 898.
++# If the password is omitted, it defaults to a preset password.
++# (In which case it needs to be omitted on the SnortSam agent as well)
++#
++# More than one host can be specified, but has to be done on the same line.
++# Just separate them with one or more spaces.
++#
++# Examples:
++#
++# output alert_fwsam: firewall/idspassword
++# output alert_fwsam: fw1.domain.tld:898/mykey
++# output alert_fwsam: 192.168.0.1/borderfw 192.168.1.254/wanfw
++
+ # metadata reference data. do not modify these lines
+ include classification.config
+ include reference.config
diff --git a/config/snort-dev/snortsam-package-code/patches/inlinemode_options_flags.txt b/config/snort-dev/snortsam-package-code/patches/inlinemode_options_flags.txt
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/patches/inlinemode_options_flags.txt
diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.am b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.am
new file mode 100644
index 00000000..0879c6e3
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.am
@@ -0,0 +1,17 @@
+## $Id
+AUTOMAKE_OPTIONS=foreign no-dependencies
+
+noinst_LIBRARIES = libspo.a
+
+libspo_a_SOURCES = spo_alert_fast.c spo_alert_fast.h \
+spo_alert_full.c spo_alert_full.h \
+spo_alert_syslog.c spo_alert_syslog.h spo_alert_unixsock.c \
+spo_alert_unixsock.h spo_csv.c spo_csv.h spo_database.c spo_database.h \
+spo_log_null.c spo_log_null.h spo_log_tcpdump.c \
+spo_log_tcpdump.h spo_unified.c spo_unified2.c spo_unified.h spo_unified2.h \
+spo_log_ascii.c spo_log_ascii.h spo_alert_sf_socket.h spo_alert_sf_socket.c \
+spo_alert_prelude.c spo_alert_prelude.h spo_alert_arubaaction.c spo_alert_arubaaction.h \
+spo_alert_test.c spo_alert_test.h \
+spo_pf.h spo_pf.c
+
+INCLUDES = @INCLUDES@
diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.in b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.in
new file mode 100644
index 00000000..3f06cc31
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.in
@@ -0,0 +1,445 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ../..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/output-plugins
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+libspo_a_AR = $(AR) $(ARFLAGS)
+libspo_a_LIBADD =
+am_libspo_a_OBJECTS = spo_alert_fast.$(OBJEXT) \
+ spo_alert_full.$(OBJEXT) spo_alert_syslog.$(OBJEXT) \
+ spo_alert_unixsock.$(OBJEXT) spo_csv.$(OBJEXT) \
+ spo_database.$(OBJEXT) spo_log_null.$(OBJEXT) \
+ spo_log_tcpdump.$(OBJEXT) spo_unified.$(OBJEXT) \
+ spo_unified2.$(OBJEXT) spo_log_ascii.$(OBJEXT) \
+ spo_alert_sf_socket.$(OBJEXT) spo_alert_prelude.$(OBJEXT) \
+ spo_alert_arubaaction.$(OBJEXT) spo_alert_test.$(OBJEXT) \
+ spo_pf.$(OBJEXT)
+libspo_a_OBJECTS = $(am_libspo_a_OBJECTS)
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(libspo_a_SOURCES)
+DIST_SOURCES = $(libspo_a_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BUILD_DYNAMIC_EXAMPLES_FALSE = @BUILD_DYNAMIC_EXAMPLES_FALSE@
+BUILD_DYNAMIC_EXAMPLES_TRUE = @BUILD_DYNAMIC_EXAMPLES_TRUE@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+HAVE_DYNAMIC_PLUGINS_FALSE = @HAVE_DYNAMIC_PLUGINS_FALSE@
+HAVE_DYNAMIC_PLUGINS_TRUE = @HAVE_DYNAMIC_PLUGINS_TRUE@
+HAVE_SUP_IP6_FALSE = @HAVE_SUP_IP6_FALSE@
+HAVE_SUP_IP6_TRUE = @HAVE_SUP_IP6_TRUE@
+HAVE_TARGET_BASED_FALSE = @HAVE_TARGET_BASED_FALSE@
+HAVE_TARGET_BASED_TRUE = @HAVE_TARGET_BASED_TRUE@
+HAVE_ZLIB_FALSE = @HAVE_ZLIB_FALSE@
+HAVE_ZLIB_TRUE = @HAVE_ZLIB_TRUE@
+INCLUDES = @INCLUDES@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+extra_incl = @extra_incl@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+AUTOMAKE_OPTIONS = foreign no-dependencies
+noinst_LIBRARIES = libspo.a
+libspo_a_SOURCES = spo_alert_fast.c spo_alert_fast.h \
+spo_alert_full.c spo_alert_full.h \
+spo_alert_syslog.c spo_alert_syslog.h spo_alert_unixsock.c \
+spo_alert_unixsock.h spo_csv.c spo_csv.h spo_database.c spo_database.h \
+spo_log_null.c spo_log_null.h spo_log_tcpdump.c \
+spo_log_tcpdump.h spo_unified.c spo_unified2.c spo_unified.h spo_unified2.h \
+spo_log_ascii.c spo_log_ascii.h spo_alert_sf_socket.h spo_alert_sf_socket.c \
+spo_alert_prelude.c spo_alert_prelude.h spo_alert_arubaaction.c spo_alert_arubaaction.h \
+spo_alert_test.c spo_alert_test.h \
+spo_pf.h spo_pf.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/output-plugins/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign src/output-plugins/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+libspo.a: $(libspo_a_OBJECTS) $(libspo_a_DEPENDENCIES)
+ -rm -f libspo.a
+ $(libspo_a_AR) libspo.a $(libspo_a_OBJECTS) $(libspo_a_LIBADD)
+ $(RANLIB) libspo.a
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LIBRARIES)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-exec \
+ install-exec-am install-info install-info-am install-man \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/plugbase.c b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/plugbase.c
new file mode 100644
index 00000000..31f381a8
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/plugbase.c
@@ -0,0 +1,1544 @@
+/* $Id$ */
+/*
+** Copyright (C) 2002-2010 Sourcefire, Inc.
+** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License Version 2 as
+** published by the Free Software Foundation. You may not use, modify or
+** distribute this program under any other version of the GNU General
+** Public License.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software
+** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#ifndef WIN32
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#endif /* !WIN32 */
+#include <time.h>
+#include <errno.h>
+
+#include "sf_types.h"
+#include "plugbase.h"
+#include "spo_plugbase.h"
+#include "snort.h"
+#include "debug.h"
+#include "util.h"
+#include "log.h"
+#include "detect.h"
+
+/* built-in preprocessors */
+#include "preprocessors/spp_rpc_decode.h"
+#include "preprocessors/spp_bo.h"
+#include "preprocessors/spp_stream5.h"
+#include "preprocessors/spp_arpspoof.h"
+#include "preprocessors/spp_perfmonitor.h"
+#include "preprocessors/spp_httpinspect.h"
+#include "preprocessors/spp_sfportscan.h"
+#include "preprocessors/spp_frag3.h"
+
+/* built-in detection plugins */
+#include "detection-plugins/sp_pattern_match.h"
+#include "detection-plugins/sp_tcp_flag_check.h"
+#include "detection-plugins/sp_icmp_type_check.h"
+#include "detection-plugins/sp_icmp_code_check.h"
+#include "detection-plugins/sp_ttl_check.h"
+#include "detection-plugins/sp_ip_id_check.h"
+#include "detection-plugins/sp_tcp_ack_check.h"
+#include "detection-plugins/sp_tcp_seq_check.h"
+#include "detection-plugins/sp_dsize_check.h"
+#include "detection-plugins/sp_ipoption_check.h"
+#include "detection-plugins/sp_rpc_check.h"
+#include "detection-plugins/sp_icmp_id_check.h"
+#include "detection-plugins/sp_icmp_seq_check.h"
+#include "detection-plugins/sp_session.h"
+#include "detection-plugins/sp_ip_tos_check.h"
+#include "detection-plugins/sp_ip_fragbits.h"
+#include "detection-plugins/sp_tcp_win_check.h"
+#include "detection-plugins/sp_ip_same_check.h"
+#include "detection-plugins/sp_ip_proto.h"
+#include "detection-plugins/sp_ip_same_check.h"
+#include "detection-plugins/sp_clientserver.h"
+#include "detection-plugins/sp_byte_check.h"
+#include "detection-plugins/sp_byte_jump.h"
+#include "detection-plugins/sp_isdataat.h"
+#include "detection-plugins/sp_pcre.h"
+#include "detection-plugins/sp_flowbits.h"
+#include "detection-plugins/sp_file_data.h"
+#include "detection-plugins/sp_asn1.h"
+#ifdef ENABLE_REACT
+#include "detection-plugins/sp_react.h"
+#endif
+#ifdef ENABLE_RESPOND
+#include "detection-plugins/sp_respond.h"
+#endif
+#include "detection-plugins/sp_ftpbounce.h"
+#include "detection-plugins/sp_urilen_check.h"
+#include "detection-plugins/sp_cvs.h"
+
+/* built-in output plugins */
+#include "output-plugins/spo_alert_syslog.h"
+#include "output-plugins/spo_log_tcpdump.h"
+#include "output-plugins/spo_database.h"
+#include "output-plugins/spo_alert_fast.h"
+#include "output-plugins/spo_alert_full.h"
+#include "output-plugins/spo_alert_unixsock.h"
+#include "output-plugins/spo_csv.h"
+#include "output-plugins/spo_unified.h"
+#include "output-plugins/spo_log_null.h"
+#include "output-plugins/spo_log_ascii.h"
+#include "output-plugins/spo_unified2.h"
+#include "output-plugins/spo_pf.h"
+
+#ifdef ARUBA
+#include "output-plugins/spo_alert_arubaaction.h"
+#endif
+
+#ifdef HAVE_LIBPRELUDE
+#include "output-plugins/spo_alert_prelude.h"
+#endif
+
+#ifdef LINUX
+#include "output-plugins/spo_alert_sf_socket.h"
+#endif
+
+#include "output-plugins/spo_alert_test.h"
+
+extern ListHead *head_tmp;
+extern PreprocConfigFuncNode *preproc_config_funcs;
+extern OutputConfigFuncNode *output_config_funcs;
+extern RuleOptConfigFuncNode *rule_opt_config_funcs;
+extern RuleOptOverrideInitFuncNode *rule_opt_override_init_funcs;
+extern RuleOptParseCleanupNode *rule_opt_parse_cleanup_list;
+extern PreprocSignalFuncNode *preproc_restart_funcs;
+extern PreprocSignalFuncNode *preproc_clean_exit_funcs;
+extern PreprocSignalFuncNode *preproc_shutdown_funcs;
+extern PreprocSignalFuncNode *preproc_reset_funcs;
+extern PreprocSignalFuncNode *preproc_reset_stats_funcs;
+extern PreprocStatsFuncNode *preproc_stats_funcs;
+extern PluginSignalFuncNode *plugin_shutdown_funcs;
+extern PluginSignalFuncNode *plugin_clean_exit_funcs;
+extern PluginSignalFuncNode *plugin_restart_funcs;
+extern OutputFuncNode *AlertList;
+extern OutputFuncNode *LogList;
+
+
+/**************************** Detection Plugin API ****************************/
+/* For translation from enum to char* */
+#ifdef DEBUG
+static const char *optTypeMap[OPT_TYPE_MAX] =
+{
+ "action",
+ "logging",
+ "detection"
+};
+
+#define ENUM2STR(num, map) \
+ ((num < sizeof(map)/sizeof(map[0])) ? map[num] : "undefined")
+#endif
+
+
+void RegisterRuleOptions(void)
+{
+ LogMessage("Initializing Plug-ins!\n");
+
+ SetupPatternMatch();
+ SetupTCPFlagCheck();
+ SetupIcmpTypeCheck();
+ SetupIcmpCodeCheck();
+ SetupTtlCheck();
+ SetupIpIdCheck();
+ SetupTcpAckCheck();
+ SetupTcpSeqCheck();
+ SetupDsizeCheck();
+ SetupIpOptionCheck();
+ SetupRpcCheck();
+ SetupIcmpIdCheck();
+ SetupIcmpSeqCheck();
+ SetupSession();
+ SetupIpTosCheck();
+ SetupFragBits();
+ SetupFragOffset();
+ SetupTcpWinCheck();
+ SetupIpProto();
+ SetupIpSameCheck();
+ SetupClientServer();
+ SetupByteTest();
+ SetupByteJump();
+ SetupIsDataAt();
+ SetupFileData();
+ SetupPcre();
+ SetupFlowBits();
+ SetupAsn1();
+#ifdef ENABLE_REACT
+ SetupReact();
+#endif
+#ifdef ENABLE_RESPOND
+ SetupRespond();
+#endif
+ SetupFTPBounce();
+ SetupUriLenCheck();
+ SetupCvs();
+}
+
+/****************************************************************************
+ *
+ * Function: RegisterRuleOption(char *, void (*func)(), enum OptionType)
+ *
+ * Purpose: Associates a rule option keyword with an option setup/linking
+ * function.
+ *
+ * Arguments: keyword => The option keyword to associate with the option
+ * handler
+ * *func => function pointer to the handler
+ * type => used to determine where keyword is allowed
+ *
+ * Returns: void function
+ *
+ ***************************************************************************/
+void RegisterRuleOption(char *opt_name, RuleOptConfigFunc config_func,
+ RuleOptOverrideInitFunc override_init_func,
+ RuleOptType opt_type,
+ RuleOptOtnHandler otn_handler)
+{
+ RuleOptConfigFuncNode *node;
+
+ DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN, "Registering keyword:func => %s/%s:%p\n",
+ ENUM2STR(opt_type, optTypeMap), opt_name, config_func););
+
+ node = (RuleOptConfigFuncNode *)SnortAlloc(sizeof(RuleOptConfigFuncNode));
+
+ if (rule_opt_config_funcs == NULL)
+ {
+ rule_opt_config_funcs = node;
+ }
+ else
+ {
+ RuleOptConfigFuncNode *tmp = rule_opt_config_funcs;
+ RuleOptConfigFuncNode *last;
+
+ do
+ {
+ if (strcasecmp(tmp->keyword, opt_name) == 0)
+ {
+ free(node);
+ FatalError("Duplicate detection plugin keyword: %s.\n",
+ file_line, opt_name);
+ }
+
+ last = tmp;
+ tmp = tmp->next;
+
+ } while (tmp != NULL);
+
+ last->next = node;
+ }
+
+ node->keyword = SnortStrdup(opt_name);
+ node->type = opt_type;
+ node->func = config_func;
+ node->otn_handler = otn_handler;
+
+ if (override_init_func != NULL)
+ {
+ RuleOptOverrideInitFuncNode *node_override =
+ (RuleOptOverrideInitFuncNode *)SnortAlloc(sizeof(RuleOptOverrideInitFuncNode));
+
+ if (rule_opt_override_init_funcs == NULL)
+ {
+ rule_opt_override_init_funcs = node_override;
+ }
+ else
+ {
+ RuleOptOverrideInitFuncNode *tmp = rule_opt_override_init_funcs;
+ RuleOptOverrideInitFuncNode *last;
+
+ do
+ {
+ if (strcasecmp(tmp->keyword, opt_name) == 0)
+ {
+ free(node_override);
+ FatalError("RegisterRuleOption: Duplicate detection plugin keyword:"
+ " (%s) (%s)!\n", tmp->keyword, opt_name);
+ }
+
+ last = tmp;
+ tmp = tmp->next;
+
+ } while (tmp != NULL);
+
+ last->next = node_override;
+ }
+
+ node_override->keyword = SnortStrdup(opt_name);
+ node_override->type = opt_type;
+ node_override->func = override_init_func;
+ node_override->otn_handler = otn_handler;
+ }
+}
+
+void RegisterOverrideKeyword(char *keyword, char *option, RuleOptOverrideFunc func)
+{
+ RuleOptOverrideInitFuncNode *node = rule_opt_override_init_funcs;
+
+ while (node != NULL)
+ {
+ if (strcasecmp(node->keyword, keyword) == 0)
+ {
+ node->func(keyword, option, func);
+ break;
+ }
+
+ node = node->next;
+ }
+}
+
+/****************************************************************************
+ *
+ * Function: DumpPlugIns()
+ *
+ * Purpose: Prints the keyword->function list
+ *
+ * Arguments: None.
+ *
+ * Returns: void function
+ *
+ ***************************************************************************/
+void DumpRuleOptions(void)
+{
+ RuleOptConfigFuncNode *node;
+
+ node = rule_opt_config_funcs;
+
+ LogMessage("-------------------------------------------------\n");
+ LogMessage(" Keyword | Plugin Registered @\n");
+ LogMessage("-------------------------------------------------\n");
+
+ while (node != NULL)
+ {
+ LogMessage("%-13s: %p\n", node->keyword, node->func);
+ node = node->next;
+ }
+
+ LogMessage("-------------------------------------------------\n");
+ LogMessage("\n");
+}
+
+
+/****************************************************************************
+ *
+ * Function: AddOptFuncToList(int (*func)(), OptTreeNode *)
+ *
+ * Purpose: Links the option detection module to the OTN
+ *
+ * Arguments: (*func)() => function pointer to the detection module
+ * otn => pointer to the current OptTreeNode
+ *
+ * Returns: void function
+ *
+ ***************************************************************************/
+OptFpList * AddOptFuncToList(RuleOptEvalFunc func, OptTreeNode *otn)
+{
+ OptFpList *ofp = (OptFpList *)SnortAlloc(sizeof(OptFpList));
+
+ DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Adding new rule to list\n"););
+
+ /* if there are no nodes on the function list... */
+ if (otn->opt_func == NULL)
+ {
+ otn->opt_func = ofp;
+ }
+ else
+ {
+ OptFpList *tmp = otn->opt_func;
+
+ /* walk to the end of the list */
+ while (tmp->next != NULL)
+ tmp = tmp->next;
+
+ tmp->next = ofp;
+ }
+
+ DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Set OptTestFunc to %p\n", func););
+
+ ofp->OptTestFunc = func;
+
+ return ofp;
+}
+
+/****************************************************************************
+ *
+ * Function: AddRspFuncToList(int (*func)(), OptTreeNode *)
+ *
+ * Purpose: Adds Response function to OTN
+ *
+ * Arguments: (*func)() => function pointer to the response module
+ * otn => pointer to the current OptTreeNode
+ *
+ * Returns: void function
+ *
+ ***************************************************************************/
+void AddRspFuncToList(ResponseFunc func, OptTreeNode *otn, void *params)
+{
+ RspFpList *rsp = (RspFpList *)SnortAlloc(sizeof(RspFpList));
+
+ DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Adding response to list\n"););
+
+ /* if there are no nodes on the function list... */
+ if (otn->rsp_func == NULL)
+ {
+ otn->rsp_func = rsp;
+ }
+ else
+ {
+ RspFpList *tmp = otn->rsp_func;
+
+ /* walk to the end of the list */
+ while (tmp->next != NULL)
+ tmp = tmp->next;
+
+ tmp->next = rsp;
+ }
+
+ DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Set ResponseFunc to %p\n", func););
+
+ rsp->func = func;
+ rsp->params = params;
+}
+
+void PostConfigInitPlugins(PluginSignalFuncNode *post_config_funcs)
+{
+ while (post_config_funcs != NULL)
+ {
+ post_config_funcs->func(0, post_config_funcs->arg);
+ post_config_funcs = post_config_funcs->next;
+ }
+}
+
+void FreeRuleOptConfigFuncs(RuleOptConfigFuncNode *head)
+{
+
+ while (head != NULL)
+ {
+ RuleOptConfigFuncNode *tmp = head;
+
+ head = head->next;
+
+ if (tmp->keyword != NULL)
+ free(tmp->keyword);
+
+ free(tmp);
+ }
+}
+
+void FreeRuleOptOverrideInitFuncs(RuleOptOverrideInitFuncNode *head)
+{
+
+ while (head != NULL)
+ {
+ RuleOptOverrideInitFuncNode *tmp = head;
+
+ head = head->next;
+
+ if (tmp->keyword != NULL)
+ free(tmp->keyword);
+
+ free(tmp);
+ }
+}
+
+void FreePluginSigFuncs(PluginSignalFuncNode *head)
+{
+ while (head != NULL)
+ {
+ PluginSignalFuncNode *tmp = head;
+
+ head = head->next;
+
+ /* don't free sig->arg, that's free'd by the CleanExit/Restart func */
+ free(tmp);
+ }
+}
+
+
+/************************** Preprocessor Plugin API ***************************/
+static void AddFuncToPreprocSignalList(PreprocSignalFunc, void *,
+ PreprocSignalFuncNode **, uint16_t, uint32_t);
+
+
+void RegisterPreprocessors(void)
+{
+ LogMessage("Initializing Preprocessors!\n");
+
+ SetupARPspoof();
+ SetupFrag3();
+ SetupStream5();
+ SetupRpcDecode();
+ SetupBo();
+ SetupHttpInspect();
+ SetupPerfMonitor();
+ SetupSfPortscan();
+}
+
+/****************************************************************************
+ *
+ * Function: RegisterPreprocessor(char *, void (*)(char *))
+ *
+ * Purpose: Associates a preprocessor statement with its function.
+ *
+ * Arguments: keyword => The option keyword to associate with the
+ * preprocessor
+ * *func => function pointer to the handler
+ *
+ * Returns: void function
+ *
+ ***************************************************************************/
+#ifndef SNORT_RELOAD
+void RegisterPreprocessor(char *keyword, PreprocConfigFunc func)
+#else
+void RegisterPreprocessor(char *keyword, PreprocConfigFunc func,
+ PreprocReloadFunc rfunc, PreprocReloadSwapFunc sfunc,
+ PreprocReloadSwapFreeFunc ffunc)
+#endif
+{
+ PreprocConfigFuncNode *node =
+ (PreprocConfigFuncNode *)SnortAlloc(sizeof(PreprocConfigFuncNode));
+
+ DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Registering keyword:preproc => %s:%p\n", keyword, func););
+
+ if (preproc_config_funcs == NULL)
+ {
+ preproc_config_funcs = node;
+ }
+ else
+ {
+ PreprocConfigFuncNode *tmp = preproc_config_funcs;
+ PreprocConfigFuncNode *last;
+
+ do
+ {
+ if (strcasecmp(tmp->keyword, keyword) == 0)
+ {
+ free(node);
+ FatalError("Duplicate preprocessor keyword: %s.\n", keyword);
+ }
+
+ last = tmp;
+ tmp = tmp->next;
+
+ } while (tmp != NULL);
+
+ last->next = node;
+ }
+
+ node->keyword = SnortStrdup(keyword);
+ node->config_func = func;
+
+#ifdef SNORT_RELOAD
+ node->reload_func = rfunc;
+ node->reload_swap_func = sfunc;
+ node->reload_swap_free_func = ffunc;
+#endif
+}
+
+PreprocConfigFuncNode * GetPreprocConfig(char *keyword)
+{
+ PreprocConfigFuncNode *head = preproc_config_funcs;
+
+ if (keyword == NULL)
+ return NULL;
+
+ while (head != NULL)
+ {
+ if (strcasecmp(head->keyword, keyword) == 0)
+ return head;
+
+ head = head->next;
+ }
+
+ return NULL;
+}
+
+PreprocConfigFunc GetPreprocConfigFunc(char *keyword)
+{
+ PreprocConfigFuncNode *head = preproc_config_funcs;
+
+ if (keyword == NULL)
+ return NULL;
+
+ while (head != NULL)
+ {
+ if (strcasecmp(head->keyword, keyword) == 0)
+ return head->config_func;
+
+ head = head->next;
+ }
+
+ return NULL;
+}
+
+/****************************************************************************
+ *
+ * Function: RegisterPreprocStats(char *keyword, void (*func)(int))
+ *
+ * Purpose: Registers a function for printing preprocessor final stats
+ * (or other if it has a use for printing final stats)
+ *
+ * Arguments: keyword => keyword (preprocessor) whose stats will print
+ * func => function pointer to the handler
+ *
+ * Returns: void function
+ *
+ ***************************************************************************/
+void RegisterPreprocStats(char *keyword, PreprocStatsFunc func)
+{
+ PreprocStatsFuncNode *node;
+
+ DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Registering final stats function: "
+ "preproc => %s:%p\n", keyword, func););
+
+ node = (PreprocStatsFuncNode *)SnortAlloc(sizeof(PreprocStatsFuncNode));
+
+ if (preproc_stats_funcs == NULL)
+ {
+ preproc_stats_funcs = node;
+ }
+ else
+ {
+ PreprocStatsFuncNode *tmp = preproc_stats_funcs;
+ PreprocStatsFuncNode *last;
+
+ do
+ {
+ if (strcasecmp(tmp->keyword, keyword) == 0)
+ {
+ free(node);
+ FatalError("Duplicate preprocessor keyword: %s.\n", keyword);
+ }
+
+ last = tmp;
+ tmp = tmp->next;
+
+ } while (tmp != NULL);
+
+ last->next = node;
+ }
+
+ node->keyword = SnortStrdup(keyword);
+ node->func = func;
+}
+
+/****************************************************************************
+ *
+ * Function: DumpPreprocessors()
+ *
+ * Purpose: Prints the keyword->preprocess list
+ *
+ * Arguments: None.
+ *
+ * Returns: void function
+ *
+ ***************************************************************************/
+void DumpPreprocessors(void)
+{
+ PreprocConfigFuncNode *node = preproc_config_funcs;
+
+ LogMessage("-------------------------------------------------\n");
+ LogMessage(" Keyword | Preprocessor @ \n");
+ LogMessage("-------------------------------------------------\n");
+
+ while (node != NULL)
+ {
+ LogMessage("%-13s: %p\n", node->keyword, node->config_func);
+ node = node->next;
+ }
+
+ LogMessage("-------------------------------------------------\n\n");
+}
+
+int IsPreprocEnabled(uint32_t preproc_id)
+{
+ PreprocEvalFuncNode *node;
+ SnortConfig *sc = snort_conf_for_parsing;
+ tSfPolicyId policy_id = getParserPolicy();
+ SnortPolicy *p;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config for parsing is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ p = sc->targeted_policies[policy_id];
+ if (p == NULL)
+ return 0;
+
+ for (node = p->preproc_eval_funcs; node != NULL; node = node->next)
+ {
+ if (node->preproc_id == preproc_id)
+ return 1;
+ }
+
+ return 0;
+}
+
+PreprocEvalFuncNode * AddFuncToPreprocList(PreprocEvalFunc func, uint16_t priority,
+ uint32_t preproc_id, uint32_t proto_mask)
+{
+ PreprocEvalFuncNode *node;
+ SnortConfig *sc = snort_conf_for_parsing;
+ tSfPolicyId policy_id = getParserPolicy();
+ SnortPolicy *p;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config for parsing is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ p = sc->targeted_policies[policy_id];
+ if (p == NULL)
+ return NULL;
+
+ DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,
+ "Adding preprocessor function ID %d/bit %d/pri %d to list\n",
+ preproc_id, p->num_preprocs, priority););
+
+ node = (PreprocEvalFuncNode *)SnortAlloc(sizeof(PreprocEvalFuncNode));
+
+ if (p->preproc_eval_funcs == NULL)
+ {
+ p->preproc_eval_funcs = node;
+ }
+ else
+ {
+ PreprocEvalFuncNode *tmp = p->preproc_eval_funcs;
+ PreprocEvalFuncNode *last = NULL;
+
+ do
+ {
+ if (tmp->preproc_id == preproc_id)
+ {
+ free(node);
+ FatalError("Preprocessor already registered with ID %d\n",
+ preproc_id);
+ }
+
+ /* Insert higher priority preprocessors first. Lower priority
+ * number means higher priority */
+ if (priority < tmp->priority)
+ break;
+
+ last = tmp;
+ tmp = tmp->next;
+
+ } while (tmp != NULL);
+
+ /* Priority higher than first item in list */
+ if (last == NULL)
+ {
+ node->next = tmp;
+ p->preproc_eval_funcs = node;
+ }
+ else
+ {
+ node->next = tmp;
+ last->next = node;
+ }
+ }
+
+ node->func = func;
+ node->priority = priority;
+ node->preproc_id = preproc_id;
+ node->preproc_bit = (1 << preproc_id);
+ node->proto_mask = proto_mask;
+
+ p->num_preprocs++;
+ p->preproc_proto_mask |= proto_mask;
+ p->preproc_bit_mask |= node->preproc_bit;
+
+ return node;
+}
+
+void AddFuncToPreprocPostConfigList(PreprocPostConfigFunc func, void *data)
+{
+ PreprocPostConfigFuncNode *node;
+ SnortConfig *sc = snort_conf_for_parsing;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config for parsing is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ node = (PreprocPostConfigFuncNode *)SnortAlloc(sizeof(PreprocPostConfigFuncNode));
+
+ if (sc->preproc_post_config_funcs == NULL)
+ {
+ sc->preproc_post_config_funcs = node;
+ }
+ else
+ {
+ PreprocPostConfigFuncNode *tmp = sc->preproc_post_config_funcs;
+
+ while (tmp->next != NULL)
+ tmp = tmp->next;
+
+ tmp->next = node;
+ }
+
+ node->data = data;
+ node->func = func;
+}
+
+void PostConfigPreprocessors(SnortConfig *sc)
+{
+ PreprocPostConfigFuncNode *list;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ snort_conf_for_parsing = sc;
+
+ list = sc->preproc_post_config_funcs;
+
+ for (; list != NULL; list = list->next)
+ {
+ if (list->func != NULL)
+ list->func(list->data);
+ }
+
+ snort_conf_for_parsing = NULL;
+}
+
+#ifdef SNORT_RELOAD
+void SwapPreprocConfigurations(void)
+{
+ PreprocConfigFuncNode *node = preproc_config_funcs;
+
+ for (; node != NULL; node = node->next)
+ {
+ if (node->reload_swap_func != NULL)
+ node->swap_free_data = node->reload_swap_func();
+ }
+}
+
+void FreeSwappedPreprocConfigurations(void)
+{
+ PreprocConfigFuncNode *node = preproc_config_funcs;
+
+ for (; node != NULL; node = node->next)
+ {
+ if ((node->reload_swap_free_func != NULL) &&
+ (node->swap_free_data != NULL))
+ {
+ node->reload_swap_free_func(node->swap_free_data);
+ node->swap_free_data = NULL;
+ }
+ }
+}
+
+void AddFuncToPreprocReloadVerifyList(PreprocReloadVerifyFunc func)
+{
+ PreprocReloadVerifyFuncNode *node;
+ SnortConfig *sc = snort_conf_for_parsing;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config for parsing is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ node = (PreprocReloadVerifyFuncNode *)SnortAlloc(sizeof(PreprocReloadVerifyFuncNode));
+
+ if (sc->preproc_reload_verify_funcs == NULL)
+ {
+ sc->preproc_reload_verify_funcs = node;
+ }
+ else
+ {
+ PreprocReloadVerifyFuncNode *tmp = sc->preproc_reload_verify_funcs;
+
+ while (tmp->next != NULL)
+ tmp = tmp->next;
+
+ tmp->next = node;
+ }
+
+ node->func = func;
+}
+
+void FreePreprocReloadVerifyFuncList(PreprocReloadVerifyFuncNode *head)
+{
+ while (head != NULL)
+ {
+ PreprocReloadVerifyFuncNode *tmp = head;
+
+ head = head->next;
+ free(tmp);
+ }
+}
+#endif
+
+void AddFuncToConfigCheckList(PreprocCheckConfigFunc func)
+{
+ PreprocCheckConfigFuncNode *node;
+ SnortConfig *sc = snort_conf_for_parsing;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config for parsing is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ node = (PreprocCheckConfigFuncNode *)SnortAlloc(sizeof(PreprocCheckConfigFuncNode));
+
+ if (sc->preproc_config_check_funcs == NULL)
+ {
+ sc->preproc_config_check_funcs = node;
+ }
+ else
+ {
+ PreprocCheckConfigFuncNode *tmp = sc->preproc_config_check_funcs;
+
+ while (tmp->next != NULL)
+ tmp = tmp->next;
+
+ tmp->next = node;
+ }
+
+ node->func = func;
+}
+
+/* functions to aid in cleaning up after plugins */
+void AddFuncToPreprocRestartList(PreprocSignalFunc func, void *arg,
+ uint16_t priority, uint32_t preproc_id)
+{
+ AddFuncToPreprocSignalList(func, arg, &preproc_restart_funcs, priority, preproc_id);
+}
+
+void AddFuncToPreprocCleanExitList(PreprocSignalFunc func, void *arg,
+ uint16_t priority, uint32_t preproc_id)
+{
+ AddFuncToPreprocSignalList(func, arg, &preproc_clean_exit_funcs, priority, preproc_id);
+}
+
+void AddFuncToPreprocShutdownList(PreprocSignalFunc func, void *arg,
+ uint16_t priority, uint32_t preproc_id)
+{
+ AddFuncToPreprocSignalList(func, arg, &preproc_shutdown_funcs, priority, preproc_id);
+}
+
+void AddFuncToPreprocResetList(PreprocSignalFunc func, void *arg,
+ uint16_t priority, uint32_t preproc_id)
+{
+ AddFuncToPreprocSignalList(func, arg, &preproc_reset_funcs, priority, preproc_id);
+}
+
+void AddFuncToPreprocResetStatsList(PreprocSignalFunc func, void *arg,
+ uint16_t priority, uint32_t preproc_id)
+{
+ AddFuncToPreprocSignalList(func, arg, &preproc_reset_stats_funcs, priority, preproc_id);
+}
+
+static void AddFuncToPreprocSignalList(PreprocSignalFunc func, void *arg,
+ PreprocSignalFuncNode **list,
+ uint16_t priority, uint32_t preproc_id)
+{
+ PreprocSignalFuncNode *node;
+
+ if (list == NULL)
+ return;
+
+ node = (PreprocSignalFuncNode *)SnortAlloc(sizeof(PreprocSignalFuncNode));
+
+ if (*list == NULL)
+ {
+ *list = node;
+ }
+ else
+ {
+ PreprocSignalFuncNode *tmp = *list;
+ PreprocSignalFuncNode *last = NULL;
+
+ do
+ {
+ /* Insert higher priority stuff first. Lower priority
+ * number means higher priority */
+ if (priority < tmp->priority)
+ break;
+
+ last = tmp;
+ tmp = tmp->next;
+
+ } while (tmp != NULL);
+
+ /* Priority higher than first item in list */
+ if (last == NULL)
+ {
+ node->next = tmp;
+ *list = node;
+ }
+ else
+ {
+ node->next = tmp;
+ last->next = node;
+ }
+ }
+
+ node->func = func;
+ node->arg = arg;
+ node->preproc_id = preproc_id;
+ node->priority = priority;
+}
+
+void AddFuncToPreprocReassemblyPktList(PreprocReassemblyPktFunc func, uint32_t preproc_id)
+{
+ PreprocReassemblyPktFuncNode *node;
+ SnortConfig *sc = snort_conf_for_parsing;
+ tSfPolicyId policy_id = getParserPolicy();
+ SnortPolicy *p;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config for parsing is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ p = sc->targeted_policies[policy_id];
+ if (p == NULL)
+ return;
+
+ node = (PreprocReassemblyPktFuncNode *)SnortAlloc(sizeof(PreprocReassemblyPktFuncNode));
+
+ if (p->preproc_reassembly_pkt_funcs == NULL)
+ {
+ p->preproc_reassembly_pkt_funcs = node;
+ }
+ else
+ {
+ PreprocReassemblyPktFuncNode *tmp = p->preproc_reassembly_pkt_funcs;
+
+ /* just insert at front of list */
+ p->preproc_reassembly_pkt_funcs = node;
+ node->next = tmp;
+ }
+
+ node->func = func;
+ node->preproc_id = preproc_id;
+}
+
+void FreePreprocConfigFuncs(void)
+{
+ PreprocConfigFuncNode *head = preproc_config_funcs;
+ PreprocConfigFuncNode *tmp;
+
+ while (head != NULL)
+ {
+ tmp = head->next;
+ if (head->keyword != NULL)
+ free(head->keyword);
+ free(head);
+ head = tmp;
+ }
+}
+
+void FreePreprocCheckConfigFuncs(PreprocCheckConfigFuncNode *head)
+{
+ PreprocCheckConfigFuncNode *tmp;
+
+ while (head != NULL)
+ {
+ tmp = head->next;
+ free(head);
+ head = tmp;
+ }
+}
+
+void FreePreprocPostConfigFuncs(PreprocPostConfigFuncNode *head)
+{
+ PreprocPostConfigFuncNode *tmp;
+
+ while (head != NULL)
+ {
+ tmp = head->next;
+ free(head);
+ head = tmp;
+ }
+}
+
+void FreePreprocStatsFuncs(PreprocStatsFuncNode *head)
+{
+ PreprocStatsFuncNode *tmp;
+
+ while (head != NULL)
+ {
+ tmp = head->next;
+ if (head->keyword != NULL)
+ free(head->keyword);
+ free(head);
+ head = tmp;
+ }
+}
+
+void FreePreprocEvalFuncs(PreprocEvalFuncNode *head)
+{
+ PreprocEvalFuncNode *tmp;
+
+ while (head != NULL)
+ {
+ tmp = head->next;
+ //if (head->context)
+ // free(head->context);
+ free(head);
+ head = tmp;
+ }
+}
+
+void FreePreprocReassemblyPktFuncs(PreprocReassemblyPktFuncNode *head)
+{
+ PreprocReassemblyPktFuncNode *tmp;
+
+ while (head != NULL)
+ {
+ tmp = head->next;
+ free(head);
+ head = tmp;
+ }
+}
+
+void FreePreprocSigFuncs(PreprocSignalFuncNode *head)
+{
+ PreprocSignalFuncNode *tmp;
+
+ while (head != NULL)
+ {
+ tmp = head->next;
+ /* don't free sig->arg, that's free'd by the CleanExit/Restart func */
+ free(head);
+ head = tmp;
+ }
+}
+
+void CheckPreprocessorsConfig(SnortConfig *sc)
+{
+ PreprocCheckConfigFuncNode *idx;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ snort_conf_for_parsing = sc;
+
+ idx = sc->preproc_config_check_funcs;
+
+ LogMessage("Verifying Preprocessor Configurations!\n");
+
+ while(idx != NULL)
+ {
+ idx->func();
+ idx = idx->next;
+ }
+
+ snort_conf_for_parsing = NULL;
+}
+
+#ifdef SNORT_RELOAD
+int VerifyReloadedPreprocessors(SnortConfig *sc)
+{
+ PreprocReloadVerifyFuncNode *node;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ snort_conf_for_parsing = sc;
+
+ node = sc->preproc_reload_verify_funcs;
+ while (node != NULL)
+ {
+ if (node->func != NULL)
+ {
+ if (node->func() == -1)
+ return -1;
+ }
+
+ node = node->next;
+ }
+
+ snort_conf_for_parsing = NULL;
+
+ return 0;
+}
+#endif
+
+
+/***************************** Output Plugin API *****************************/
+extern OutputConfigFuncNode *output_config_funcs;
+
+static void AppendOutputFuncList(OutputFunc, void *, OutputFuncNode **);
+
+void RegisterOutputPlugins(void)
+{
+ LogMessage("Initializing Output Plugins!\n");
+
+ AlertSyslogSetup();
+ LogTcpdumpSetup();
+ DatabaseSetup();
+ AlertFastSetup();
+ AlertFullSetup();
+ AlertPfSetup();
+#ifndef WIN32
+ /* Win32 doesn't support AF_UNIX sockets */
+ AlertUnixSockSetup();
+#endif /* !WIN32 */
+ AlertCSVSetup();
+ LogNullSetup();
+ UnifiedSetup();
+ Unified2Setup();
+ LogAsciiSetup();
+
+#ifdef ARUBA
+ AlertArubaActionSetup();
+#endif
+
+#ifdef LINUX
+ /* This uses linux only capabilities */
+ AlertSFSocket_Setup();
+#endif
+
+#ifdef HAVE_LIBPRELUDE
+ AlertPreludeSetup();
+#endif
+
+ AlertTestSetup();
+}
+
+/****************************************************************************
+ *
+ * Function: RegisterOutputPlugin(char *, void (*func)(Packet *, u_char *))
+ *
+ * Purpose: Associates an output statement with its function.
+ *
+ * Arguments: keyword => The output keyword to associate with the
+ * output processor
+ * type => alert or log types
+ * *func => function pointer to the handler
+ *
+ * Returns: void function
+ *
+ ***************************************************************************/
+void RegisterOutputPlugin(char *keyword, int type_flags, OutputConfigFunc func)
+{
+ OutputConfigFuncNode *node = (OutputConfigFuncNode *)SnortAlloc(sizeof(OutputConfigFuncNode));
+
+ DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Registering keyword:output => %s:%p\n",
+ keyword, func););
+
+ if (output_config_funcs == NULL)
+ {
+ output_config_funcs = node;
+ }
+ else
+ {
+ OutputConfigFuncNode *tmp = output_config_funcs;
+ OutputConfigFuncNode *last;
+
+ do
+ {
+ if (strcasecmp(tmp->keyword, keyword) == 0)
+ {
+ free(node);
+ FatalError("Duplicate output keyword: %s\n", keyword);
+ }
+
+ last = tmp;
+ tmp = tmp->next;
+
+ } while (tmp != NULL);
+
+ last->next = node;
+ }
+
+ node->keyword = SnortStrdup(keyword);
+ node->func = func;
+ node->output_type_flags = type_flags;
+}
+
+OutputConfigFunc GetOutputConfigFunc(char *keyword)
+{
+ OutputConfigFuncNode *head = output_config_funcs;
+
+ if (keyword == NULL)
+ return NULL;
+
+ while (head != NULL)
+ {
+ if (strcasecmp(head->keyword, keyword) == 0)
+ return head->func;
+
+ head = head->next;
+ }
+
+ return NULL;
+}
+
+int GetOutputTypeFlags(char *keyword)
+{
+ OutputConfigFuncNode *head = output_config_funcs;
+
+ if (keyword == NULL)
+ return 0;
+
+ while (head != NULL)
+ {
+ if (strcasecmp(head->keyword, keyword) == 0)
+ return head->output_type_flags;
+
+ head = head->next;
+ }
+
+ return 0;
+}
+
+void FreeOutputConfigFuncs(void)
+{
+ OutputConfigFuncNode *head = output_config_funcs;
+ OutputConfigFuncNode *tmp;
+
+ while (head != NULL)
+ {
+ tmp = head->next;
+ if (head->keyword != NULL)
+ free(head->keyword);
+ free(head);
+ head = tmp;
+ }
+}
+
+void FreeOutputList(OutputFuncNode *list)
+{
+ while (list != NULL)
+ {
+ OutputFuncNode *tmp = list;
+
+ list = list->next;
+ free(tmp);
+ }
+}
+
+/****************************************************************************
+ *
+ * Function: DumpOutputPlugins()
+ *
+ * Purpose: Prints the keyword->preprocess list
+ *
+ * Arguments: None.
+ *
+ * Returns: void function
+ *
+ ***************************************************************************/
+void DumpOutputPlugins(void)
+{
+ OutputConfigFuncNode *idx = output_config_funcs;
+
+ LogMessage("-------------------------------------------------\n");
+ LogMessage(" Keyword | Output @ \n");
+ LogMessage("-------------------------------------------------\n");
+ while(idx != NULL)
+ {
+ LogMessage("%-13s: %p\n", idx->keyword, idx->func);
+ idx = idx->next;
+ }
+ LogMessage("-------------------------------------------------\n\n");
+}
+
+void AddFuncToOutputList(OutputFunc func, OutputType type, void *arg)
+{
+ switch (type)
+ {
+ case OUTPUT_TYPE__ALERT:
+ if (head_tmp != NULL)
+ AppendOutputFuncList(func, arg, &head_tmp->AlertList);
+ else
+ AppendOutputFuncList(func, arg, &AlertList);
+
+ break;
+
+ case OUTPUT_TYPE__LOG:
+ if (head_tmp != NULL)
+ AppendOutputFuncList(func, arg, &head_tmp->LogList);
+ else
+ AppendOutputFuncList(func, arg, &LogList);
+
+ break;
+
+ default:
+ /* just to be error-prone */
+ FatalError("Unknown output type: %i. Possible bug, please "
+ "report.\n", type);
+ }
+}
+
+void AppendOutputFuncList(OutputFunc func, void *arg, OutputFuncNode **list)
+{
+ OutputFuncNode *node;
+
+ if (list == NULL)
+ return;
+
+ node = (OutputFuncNode *)SnortAlloc(sizeof(OutputFuncNode));
+
+ if (*list == NULL)
+ {
+ *list = node;
+ }
+ else
+ {
+ OutputFuncNode *tmp = *list;
+
+ while (tmp->next != NULL)
+ tmp = tmp->next;
+
+ tmp->next = node;
+ }
+
+ node->func = func;
+ node->arg = arg;
+}
+
+
+/************************** Miscellaneous Functions **************************/
+
+/* functions to aid in cleaning up after plugins
+ * Used for both rule options and output. Preprocessors have their own */
+void AddFuncToRestartList(PluginSignalFunc func, void *arg)
+{
+ AddFuncToSignalList(func, arg, &plugin_restart_funcs);
+}
+
+void AddFuncToCleanExitList(PluginSignalFunc func, void *arg)
+{
+ AddFuncToSignalList(func, arg, &plugin_clean_exit_funcs);
+}
+
+void AddFuncToShutdownList(PluginSignalFunc func, void *arg)
+{
+ AddFuncToSignalList(func, arg, &plugin_shutdown_funcs);
+}
+
+void AddFuncToPostConfigList(PluginSignalFunc func, void *arg)
+{
+ SnortConfig *sc = snort_conf_for_parsing;
+
+ if (sc == NULL)
+ {
+ FatalError("%s(%d) Snort config for parsing is NULL.\n",
+ __FILE__, __LINE__);
+ }
+
+ AddFuncToSignalList(func, arg, &sc->plugin_post_config_funcs);
+}
+
+void AddFuncToSignalList(PluginSignalFunc func, void *arg, PluginSignalFuncNode **list)
+{
+ PluginSignalFuncNode *node;
+
+ if (list == NULL)
+ return;
+
+ node = (PluginSignalFuncNode *)SnortAlloc(sizeof(PluginSignalFuncNode));
+
+ if (*list == NULL)
+ {
+ *list = node;
+ }
+ else
+ {
+ PluginSignalFuncNode *tmp = *list;
+
+ while (tmp->next != NULL)
+ tmp = tmp->next;
+
+ tmp->next = node;
+ }
+
+ node->func = func;
+ node->arg = arg;
+}
+
+void AddFuncToRuleOptParseCleanupList(RuleOptParseCleanupFunc func)
+{
+ RuleOptParseCleanupNode *node =
+ (RuleOptParseCleanupNode *)SnortAlloc(sizeof(RuleOptParseCleanupNode));
+
+ if (rule_opt_parse_cleanup_list == NULL)
+ {
+ rule_opt_parse_cleanup_list = node;
+ }
+ else
+ {
+ RuleOptParseCleanupNode *tmp = rule_opt_parse_cleanup_list;
+
+ while (tmp->next != NULL)
+ tmp = tmp->next;
+
+ tmp->next = node;
+ }
+
+ node->func = func;
+}
+
+void RuleOptParseCleanup(void)
+{
+ RuleOptParseCleanupNode *list = rule_opt_parse_cleanup_list;
+
+ for (; list != NULL; list = list->next)
+ {
+ if (list->func != NULL)
+ list->func();
+ }
+}
+
+void FreeRuleOptParseCleanupList(RuleOptParseCleanupNode *head)
+{
+ while (head != NULL)
+ {
+ RuleOptParseCleanupNode *tmp = head;
+
+ head = head->next;
+ free(tmp);
+ }
+}
+
+
diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/util.c b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/util.c
new file mode 100644
index 00000000..b2d3b38b
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/util.c
@@ -0,0 +1,3233 @@
+/* $Id$ */
+/*
+** Copyright (C) 2002-2010 Sourcefire, Inc.
+** Copyright (C) 2002 Martin Roesch <roesch@sourcefire.com>
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License Version 2 as
+** published by the Free Software Foundation. You may not use, modify or
+** distribute this program under any other version of the GNU General
+** Public License.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software
+** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+*/
+
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <sys/types.h>
+
+#ifndef WIN32
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/wait.h>
+#include <dirent.h>
+#include <fnmatch.h>
+#endif /* !WIN32 */
+
+#include <stdarg.h>
+#include <syslog.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <time.h>
+#include <signal.h>
+#include <unistd.h>
+
+#ifndef WIN32
+#include <grp.h>
+#include <pwd.h>
+#include <netdb.h>
+#include <limits.h>
+#endif /* !WIN32 */
+
+#include <fcntl.h>
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#ifdef ZLIB
+#include <zlib.h>
+#endif
+
+#include "snort.h"
+#include "mstring.h"
+#include "debug.h"
+#include "util.h"
+#include "parser.h"
+#include "inline.h"
+#include "build.h"
+#include "plugbase.h"
+#include "sf_types.h"
+#include "sflsq.h"
+#include "ipv6_port.h"
+
+#include "pcre.h"
+
+#include "mpse.h"
+
+#include "ppm.h"
+
+#ifdef TARGET_BASED
+#include "sftarget_reader.h"
+#endif
+
+#ifdef WIN32
+#include "win32/WIN32-Code/name.h"
+#endif
+
+#include "stream5_common.h"
+
+#ifdef PATH_MAX
+#define PATH_MAX_UTIL PATH_MAX
+#else
+#define PATH_MAX_UTIL 1024
+#endif /* PATH_MAX */
+
+extern Stream5Stats s5stats;
+extern int datalink;
+extern pcap_t *pcap_handle;
+extern PreprocStatsFuncNode *preproc_stats_funcs;
+
+static PcapPktStats pkt_stats;
+
+/*
+ * you may need to adjust this on the systems which don't have standard
+ * paths defined
+ */
+#ifndef _PATH_VARRUN
+static char _PATH_VARRUN[STD_BUF];
+#endif
+
+
+#ifdef NAME_MAX
+#define NAME_MAX_UTIL NAME_MAX
+#else
+#define NAME_MAX_UTIL 256
+#endif /* NAME_MAX */
+
+#define FILE_MAX_UTIL (PATH_MAX_UTIL + NAME_MAX_UTIL)
+
+/****************************************************************************
+ *
+ * Function: CalcPct(uint64_t, uint64_t)
+ *
+ * Purpose: Calculate the percentage of a value compared to a total
+ *
+ * Arguments: cnt => the numerator in the equation
+ * total => the denominator in the calculation
+ *
+ * Returns: pct -> the percentage of cnt to value
+ *
+ ****************************************************************************/
+double CalcPct(uint64_t cnt, uint64_t total)
+{
+ double pct = 0.0;
+
+ if (total == 0.0)
+ {
+ pct = (double)cnt;
+ }
+ else
+ {
+ pct = (double)cnt / (double)total;
+ }
+
+ pct *= 100.0;
+
+ return pct;
+}
+
+
+/****************************************************************************
+ *
+ * Function: DisplayBanner()
+ *
+ * Purpose: Show valuable proggie info
+ *
+ * Arguments: None.
+ *
+ * Returns: 0 all the time
+ *
+ ****************************************************************************/
+int DisplayBanner(void)
+{
+ const char * info;
+ const char * pcre_ver;
+#ifdef ZLIB
+ const char * zlib_ver;
+#endif
+
+ info = getenv("HOSTTYPE");
+ if( !info )
+ {
+ info="";
+ }
+
+ pcre_ver = pcre_version();
+#ifdef ZLIB
+ zlib_ver = zlib_version;
+#endif
+
+ LogMessage("\n");
+ LogMessage(" ,,_ -*> Snort! <*-\n");
+ LogMessage(" o\" )~ Version %s%s%s (Build %s) %s %s\n",
+ VERSION,
+#ifdef SUP_IP6
+ " IPv6",
+#else
+ "",
+#endif
+#ifdef GRE
+ " GRE",
+#else
+ "",
+#endif
+ BUILD,
+#ifdef GIDS
+ "inline",
+#else
+ "",
+#endif
+ info);
+ LogMessage(" '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team\n");
+ LogMessage(" Copyright (C) 1998-2010 Sourcefire, Inc., et al.\n");
+ LogMessage(" Using PCRE version: %s\n", pcre_ver);
+#ifdef ZLIB
+ LogMessage(" Using ZLIB version: %s\n", zlib_ver);
+#endif
+ LogMessage("\n");
+ LogMessage(" ___ Built Date for Snort on Pfsense 2.0 is May 25 2010.\n");
+ LogMessage(" ___/ f \\ Orion IPS Output Code Copyright (C) 2009-2010 Robert Zelaya.\n");
+ LogMessage("/ p \\___/Sense\n");
+ LogMessage("\\___/ \\\n");
+ LogMessage(" \\___/ Using Snort.org dynamic plugins and Orion IPS source.\n");
+ LogMessage("\n");
+
+ return 0;
+}
+
+
+
+/****************************************************************************
+ *
+ * Function: ts_print(register const struct, char *)
+ *
+ * Purpose: Generate a time stamp and stuff it in a buffer. This one has
+ * millisecond precision. Oh yeah, I ripped this code off from
+ * TCPdump, props to those guys.
+ *
+ * Arguments: timeval => clock struct coming out of libpcap
+ * timebuf => buffer to stuff timestamp into
+ *
+ * Returns: void function
+ *
+ ****************************************************************************/
+void ts_print(register const struct timeval *tvp, char *timebuf)
+{
+ register int s;
+ int localzone;
+ time_t Time;
+ struct timeval tv;
+ struct timezone tz;
+ struct tm *lt; /* place to stick the adjusted clock data */
+
+ /* if null was passed, we use current time */
+ if(!tvp)
+ {
+ /* manual page (for linux) says tz is never used, so.. */
+ bzero((char *) &tz, sizeof(tz));
+ gettimeofday(&tv, &tz);
+ tvp = &tv;
+ }
+
+ localzone = snort_conf->thiszone;
+
+ /*
+ ** If we're doing UTC, then make sure that the timezone is correct.
+ */
+ if (ScOutputUseUtc())
+ localzone = 0;
+
+ s = (tvp->tv_sec + localzone) % 86400;
+ Time = (tvp->tv_sec + localzone) - s;
+
+ lt = gmtime(&Time);
+
+ if (ScOutputIncludeYear())
+ {
+ (void) SnortSnprintf(timebuf, TIMEBUF_SIZE,
+ "%02d/%02d/%02d-%02d:%02d:%02d.%06u ",
+ lt->tm_mon + 1, lt->tm_mday, lt->tm_year - 100,
+ s / 3600, (s % 3600) / 60, s % 60,
+ (u_int) tvp->tv_usec);
+ }
+ else
+ {
+ (void) SnortSnprintf(timebuf, TIMEBUF_SIZE,
+ "%02d/%02d-%02d:%02d:%02d.%06u ", lt->tm_mon + 1,
+ lt->tm_mday, s / 3600, (s % 3600) / 60, s % 60,
+ (u_int) tvp->tv_usec);
+ }
+}
+
+
+
+/****************************************************************************
+ *
+ * Function: gmt2local(time_t)
+ *
+ * Purpose: Figures out how to adjust the current clock reading based on the
+ * timezone you're in. Ripped off from TCPdump.
+ *
+ * Arguments: time_t => offset from GMT
+ *
+ * Returns: offset seconds from GMT
+ *
+ ****************************************************************************/
+int gmt2local(time_t t)
+{
+ register int dt, dir;
+ register struct tm *gmt, *loc;
+ struct tm sgmt;
+
+ if(t == 0)
+ t = time(NULL);
+
+ gmt = &sgmt;
+ *gmt = *gmtime(&t);
+ loc = localtime(&t);
+
+ dt = (loc->tm_hour - gmt->tm_hour) * 60 * 60 +
+ (loc->tm_min - gmt->tm_min) * 60;
+
+ dir = loc->tm_year - gmt->tm_year;
+
+ if(dir == 0)
+ dir = loc->tm_yday - gmt->tm_yday;
+
+ dt += dir * 24 * 60 * 60;
+
+ return(dt);
+}
+
+
+
+
+/****************************************************************************
+ *
+ * Function: copy_argv(u_char **)
+ *
+ * Purpose: Copies a 2D array (like argv) into a flat string. Stolen from
+ * TCPDump.
+ *
+ * Arguments: argv => 2D array to flatten
+ *
+ * Returns: Pointer to the flat string
+ *
+ ****************************************************************************/
+char *copy_argv(char **argv)
+{
+ char **p;
+ u_int len = 0;
+ char *buf;
+ char *src, *dst;
+ //void ftlerr(char *,...);
+
+ p = argv;
+ if(*p == 0)
+ return 0;
+
+ while(*p)
+ len += strlen(*p++) + 1;
+
+ buf = (char *) calloc(1,len);
+
+ if(buf == NULL)
+ {
+ FatalError("calloc() failed: %s\n", strerror(errno));
+ }
+ p = argv;
+ dst = buf;
+
+ while((src = *p++) != NULL)
+ {
+ while((*dst++ = *src++) != '\0');
+ dst[-1] = ' ';
+ }
+
+ dst[-1] = '\0';
+
+ /* Check for an empty string */
+ dst = buf;
+ while (isspace((int)*dst))
+ dst++;
+
+ if (strlen(dst) == 0)
+ {
+ free(buf);
+ buf = NULL;
+ }
+
+ return buf;
+}
+
+
+/****************************************************************************
+ *
+ * Function: strip(char *)
+ *
+ * Purpose: Strips a data buffer of CR/LF/TABs. Replaces CR/LF's with
+ * NULL and TABs with spaces.
+ *
+ * Arguments: data => ptr to the data buf to be stripped
+ *
+ * Returns: void
+ *
+ * 3/7/07 - changed to return void - use strlen to get size of string
+ *
+ * Note that this function will turn all '\n' and '\r' into null chars
+ * so, e.g. 'Hello\nWorld\n' => 'Hello\x00World\x00'
+ * note that the string is now just 'Hello' and the length is shortened
+ * by more than just an ending '\n' or '\r'
+ ****************************************************************************/
+void strip(char *data)
+{
+ int size;
+ char *end;
+ char *idx;
+
+ idx = data;
+ end = data + strlen(data);
+ size = end - idx;
+
+ while(idx != end)
+ {
+ if((*idx == '\n') ||
+ (*idx == '\r'))
+ {
+ *idx = 0;
+ size--;
+ }
+ if(*idx == '\t')
+ {
+ *idx = ' ';
+ }
+ idx++;
+ }
+}
+
+/*
+ * Function: ErrorMessage(const char *, ...)
+ *
+ * Purpose: Print a message to stderr.
+ *
+ * Arguments: format => the formatted error string to print out
+ * ... => format commands/fillers
+ *
+ * Returns: void function
+ */
+void ErrorMessage(const char *format,...)
+{
+ char buf[STD_BUF+1];
+ va_list ap;
+
+ if (snort_conf == NULL)
+ return;
+
+ va_start(ap, format);
+
+ if (ScDaemonMode() || ScLogSyslog())
+ {
+ vsnprintf(buf, STD_BUF, format, ap);
+ buf[STD_BUF] = '\0';
+ syslog(LOG_CONS | LOG_DAEMON | LOG_ERR, "%s", buf);
+ }
+ else
+ {
+ vfprintf(stderr, format, ap);
+ }
+ va_end(ap);
+}
+
+/*
+ * Function: LogMessage(const char *, ...)
+ *
+ * Purpose: Print a message to stderr or with logfacility.
+ *
+ * Arguments: format => the formatted error string to print out
+ * ... => format commands/fillers
+ *
+ * Returns: void function
+ */
+void LogMessage(const char *format,...)
+{
+ char buf[STD_BUF+1];
+ va_list ap;
+
+ if (snort_conf == NULL)
+ return;
+
+ if (ScLogQuiet() && !ScDaemonMode() && !ScLogSyslog())
+ return;
+
+ va_start(ap, format);
+
+ if (ScDaemonMode() || ScLogSyslog())
+ {
+ vsnprintf(buf, STD_BUF, format, ap);
+ buf[STD_BUF] = '\0';
+ syslog(LOG_DAEMON | LOG_NOTICE, "%s", buf);
+ }
+ else
+ {
+ vfprintf(stderr, format, ap);
+ }
+
+ va_end(ap);
+}
+
+/*
+ * Function: CreateApplicationEventLogEntry(const char *)
+ *
+ * Purpose: Add an entry to the Win32 "Application" EventLog
+ *
+ * Arguments: szMessage => the formatted error string to print out
+ *
+ * Returns: void function
+ */
+#if defined(WIN32) && defined(ENABLE_WIN32_SERVICE)
+void CreateApplicationEventLogEntry(const char *msg)
+{
+ HANDLE hEventLog;
+ char* pEventSourceName = "SnortService";
+
+ /* prepare to write to Application log on local host
+ * with Event Source of SnortService
+ */
+ AddEventSource(pEventSourceName);
+ hEventLog = RegisterEventSource(NULL, pEventSourceName);
+ if (hEventLog == NULL)
+ {
+ /* Could not register the event source. */
+ return;
+ }
+
+ if (!ReportEvent(hEventLog, /* event log handle */
+ EVENTLOG_ERROR_TYPE, /* event type */
+ 0, /* category zero */
+ EVMSG_SIMPLE, /* event identifier */
+ NULL, /* no user security identifier */
+ 1, /* one substitution string */
+ 0, /* no data */
+ &msg, /* pointer to array of strings */
+ NULL)) /* pointer to data */
+ {
+ /* Could not report the event. */
+ }
+
+ DeregisterEventSource(hEventLog);
+}
+#endif /* WIN32 && ENABLE_WIN32_SERVICE */
+
+
+/*
+ * Function: FatalError(const char *, ...)
+ *
+ * Purpose: When a fatal error occurs, this function prints the error message
+ * and cleanly shuts down the program
+ *
+ * Arguments: format => the formatted error string to print out
+ * ... => format commands/fillers
+ *
+ * Returns: void function
+ */
+NORETURN void FatalError(const char *format,...)
+{
+ char buf[STD_BUF+1];
+ va_list ap;
+
+ va_start(ap, format);
+ vsnprintf(buf, STD_BUF, format, ap);
+ va_end(ap);
+
+ buf[STD_BUF] = '\0';
+
+ if ((snort_conf != NULL) && (ScDaemonMode() || ScLogSyslog()))
+ {
+ syslog(LOG_CONS | LOG_DAEMON | LOG_ERR, "FATAL ERROR: %s", buf);
+ }
+ else
+ {
+ fprintf(stderr, "ERROR: %s", buf);
+ fprintf(stderr,"Fatal Error, Quitting..\n");
+#if defined(WIN32) && defined(ENABLE_WIN32_SERVICE)
+ CreateApplicationEventLogEntry(buf);
+#endif
+ }
+
+ exit(1);
+}
+
+
+/****************************************************************************
+ *
+ * Function: CreatePidFile(char *)
+ *
+ * Purpose: Creates a PID file
+ *
+ * Arguments: Interface opened.
+ *
+ * Returns: void function
+ *
+ ****************************************************************************/
+static FILE *pid_lockfile = NULL;
+static FILE *pid_file = NULL;
+void CreatePidFile(char *intf)
+{
+ struct stat pt;
+ int pid = (int) getpid();
+#ifdef WIN32
+ char dir[STD_BUF + 1];
+#endif
+
+ if (!ScReadMode())
+ {
+ LogMessage("Checking PID path...\n");
+
+ if (strlen(snort_conf->pid_path) != 0)
+ {
+ if((stat(snort_conf->pid_path, &pt) == -1) ||
+ !S_ISDIR(pt.st_mode) || access(snort_conf->pid_path, W_OK) == -1)
+ {
+#ifndef WIN32
+ /* Save this just in case it's reset with LogMessage call */
+ int err = errno;
+
+ LogMessage("WARNING: %s is invalid, trying "
+ "/var/run...\n", snort_conf->pid_path);
+ if (err)
+ {
+ LogMessage("Previous Error, errno=%d, (%s)\n",
+ err, strerror(err) == NULL ? "Unknown error" : strerror(err));
+ }
+#endif
+ memset(snort_conf->pid_path, 0, sizeof(snort_conf->pid_path));
+ }
+ else
+ {
+ LogMessage("PID path stat checked out ok, "
+ "PID path set to %s\n", snort_conf->pid_path);
+ }
+ }
+
+ if (strlen(snort_conf->pid_path) == 0)
+ {
+#ifndef _PATH_VARRUN
+# ifndef WIN32
+ SnortStrncpy(_PATH_VARRUN, "/var/run/", sizeof(_PATH_VARRUN));
+# else
+ if (GetCurrentDirectory(sizeof(dir) - 1, dir))
+ SnortStrncpy(_PATH_VARRUN, dir, sizeof(_PATH_VARRUN));
+# endif /* WIN32 */
+#else
+ LogMessage("PATH_VARRUN is set to %s on this operating "
+ "system\n", _PATH_VARRUN);
+#endif /* _PATH_VARRUN */
+
+ stat(_PATH_VARRUN, &pt);
+
+ if(!S_ISDIR(pt.st_mode) || access(_PATH_VARRUN, W_OK) == -1)
+ {
+ LogMessage("WARNING: _PATH_VARRUN is invalid, trying "
+ "/var/log...\n");
+ SnortStrncpy(snort_conf->pid_path, "/var/log/", sizeof(snort_conf->pid_path));
+ stat(snort_conf->pid_path, &pt);
+
+ if(!S_ISDIR(pt.st_mode) || access(snort_conf->pid_path, W_OK) == -1)
+ {
+ LogMessage("WARNING: %s is invalid, logging Snort "
+ "PID path to log directory (%s)\n", snort_conf->pid_path,
+ snort_conf->log_dir);
+ CheckLogDir();
+ SnortSnprintf(snort_conf->pid_path, sizeof(snort_conf->pid_path),
+ "%s/", snort_conf->log_dir);
+ }
+ }
+ else
+ {
+ LogMessage("PID path stat checked out ok, "
+ "PID path set to %s\n", _PATH_VARRUN);
+ SnortStrncpy(snort_conf->pid_path, _PATH_VARRUN, sizeof(snort_conf->pid_path));
+ }
+ }
+ }
+
+ if(intf == NULL || strlen(snort_conf->pid_path) == 0)
+ {
+ /* snort_conf->pid_path should have some value by now
+ * so let us just be sane. */
+ FatalError("CreatePidFile() failed to lookup interface or pid_path is unknown!\n");
+ }
+
+ SnortSnprintf(snort_conf->pid_filename, sizeof(snort_conf->pid_filename),
+ "%s/snort_%s%s.pid", snort_conf->pid_path, intf, snort_conf->pidfile_suffix);
+
+#ifndef WIN32
+ if (!ScNoLockPidFile())
+ {
+ char pid_lockfilename[STD_BUF+1];
+ int lock_fd;
+
+ /* First, lock the PID file */
+ SnortSnprintf(pid_lockfilename, STD_BUF, "%s.lck", snort_conf->pid_filename);
+ pid_lockfile = fopen(pid_lockfilename, "w");
+
+ if (pid_lockfile)
+ {
+ struct flock lock;
+ lock_fd = fileno(pid_lockfile);
+
+ lock.l_type = F_WRLCK;
+ lock.l_whence = SEEK_SET;
+ lock.l_start = 0;
+ lock.l_len = 0;
+
+ if (fcntl(lock_fd, F_SETLK, &lock) == -1)
+ {
+ ClosePidFile();
+ FatalError("Failed to Lock PID File \"%s\" for PID \"%d\"\n", snort_conf->pid_filename, pid);
+ }
+ }
+ }
+#endif
+
+ /* Okay, were able to lock PID file, now open and write PID */
+ pid_file = fopen(snort_conf->pid_filename, "w");
+ if(pid_file)
+ {
+ LogMessage("Writing PID \"%d\" to file \"%s\"\n", pid, snort_conf->pid_filename);
+ fprintf(pid_file, "%d\n", pid);
+ fflush(pid_file);
+ }
+ else
+ {
+ ErrorMessage("Failed to create pid file %s", snort_conf->pid_filename);
+ snort_conf->pid_filename[0] = 0;
+ }
+}
+
+/****************************************************************************
+ *
+ * Function: ClosePidFile(char *)
+ *
+ * Purpose: Releases lock on a PID file
+ *
+ * Arguments: None
+ *
+ * Returns: void function
+ *
+ ****************************************************************************/
+void ClosePidFile(void)
+{
+ if (pid_file)
+ {
+ fclose(pid_file);
+ pid_file = NULL;
+ }
+ if (pid_lockfile)
+ {
+ fclose(pid_lockfile);
+ pid_lockfile = NULL;
+ }
+}
+
+/****************************************************************************
+ *
+ * Function: SetUidGid()
+ *
+ * Purpose: Sets safe UserID and GroupID if needed
+ *
+ * Arguments: none
+ *
+ * Returns: void function
+ *
+ ****************************************************************************/
+void SetUidGid(int user_id, int group_id)
+{
+#ifndef WIN32
+
+ if ((group_id != -1) && (getgid() != (gid_t)group_id))
+ {
+ if (!InlineModeSetPrivsAllowed())
+ {
+ ErrorMessage("Cannot set uid and gid when running Snort in "
+ "inline mode.\n");
+ return;
+ }
+
+ if (setgid(group_id) < 0)
+ FatalError("Cannot set gid: %d\n", group_id);
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Set gid to %d\n", group_id););
+ }
+
+ if ((user_id != -1) && (getuid() != (uid_t)user_id))
+ {
+ struct passwd *pw = getpwuid(user_id);
+
+ if (!InlineModeSetPrivsAllowed())
+ {
+ ErrorMessage("Cannot set uid and gid when running Snort in "
+ "inline mode.\n");
+ return;
+ }
+
+ if (pw != NULL)
+ {
+ /* getpwuid and initgroups may use the same static buffers */
+ char *username = SnortStrdup(pw->pw_name);
+
+ if ((getuid() == 0) && (initgroups(username, group_id) < 0))
+ {
+ free(username);
+ FatalError("Can not initgroups(%s,%d)",
+ username, group_id);
+ }
+
+ free(username);
+ }
+
+ /** just to be on a safe side... **/
+ endgrent();
+ endpwent();
+
+ if (setuid(user_id) < 0)
+ FatalError("Can not set uid: %d\n", user_id);
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Set uid to %d\n", user_id););
+ }
+#endif /* WIN32 */
+}
+
+#ifdef TIMESTATS
+
+static IntervalStats istats = {0};
+time_t start_time;
+
+void InitTimeStats(void)
+{
+ start_time = time(NULL);
+}
+
+void ResetTimeStats(void)
+{
+ memset(&istats, 0, sizeof(istats));
+}
+
+/* This function prints out stats based on a configurable time
+ * interval. It is an indication on how well snort is */
+/* processing packets, including types, drops, etc */
+void DropStatsPerTimeInterval(void)
+{
+ double per_sec, per_minute, per_hour;
+ uint64_t recv, drop;
+ uint64_t total = 0;
+ uint32_t timestats_interval = ScTimestatsInterval();
+
+#ifdef PCAP_CLOSE
+ if (UpdatePcapPktStats(0) != -1)
+#else
+ if (UpdatePcapPktStats() != -1)
+#endif
+ {
+ recv = GetPcapPktStatsRecv();
+ drop = GetPcapPktStatsDrop();
+
+ istats.recv = recv - istats.recv_total;
+ istats.recv_total = recv;
+
+ istats.drop = drop - istats.drop_total;
+ istats.drop_total = drop;
+
+ /* calculate received packets by type */
+ istats.tcp = pc.tcp - istats.tcp_total;
+ istats.tcp_total = pc.tcp;
+
+ istats.udp = pc.udp - istats.udp_total;
+ istats.udp_total = pc.udp;
+
+ istats.icmp = pc.icmp - istats.icmp_total;
+ istats.icmp_total = pc.icmp;
+
+ istats.arp = pc.arp - istats.arp_total;
+ istats.arp_total = pc.arp;
+
+#ifdef GRE
+ istats.ip4ip4 = pc.ip4ip4 - istats.ip4ip4_total;
+ istats.ip4ip4_total = pc.ip4ip4;
+
+ istats.ip4ip6 = pc.ip4ip6 - istats.ip4ip6_total;
+ istats.ip4ip6_total = pc.ip4ip6;
+
+ istats.ip6ip4 = pc.ip6ip4 - istats.ip6ip4_total;
+ istats.ip6ip4_total = pc.ip6ip4;
+
+ istats.ip6ip6 = pc.ip6ip6 - istats.ip6ip6_total;
+ istats.ip6ip6_total = pc.ip6ip6;
+
+ istats.gre = pc.gre - istats.gre_total;
+ istats.gre_total = pc.gre;
+
+ istats.gre_ip = pc.gre_ip - istats.gre_ip_total;
+ istats.gre_ip_total = pc.gre_ip;
+
+ istats.gre_eth = pc.gre_eth - istats.gre_eth_total;
+ istats.gre_eth_total = pc.gre_eth;
+
+ istats.gre_arp = pc.gre_arp - istats.gre_arp_total;
+ istats.gre_arp_total = pc.gre_arp;
+
+ istats.gre_ipv6 = pc.gre_ipv6 - istats.gre_ipv6_total;
+ istats.gre_ipv6_total = pc.gre_ipv6;
+
+ istats.gre_ipx = pc.gre_ipx - istats.gre_ipx_total;
+ istats.gre_ipx_total = pc.gre_ipx;
+
+ istats.gre_loopback = pc.gre_loopback - istats.gre_loopback_total;
+ istats.gre_loopback_total = pc.gre_loopback;
+
+ istats.gre_vlan = pc.gre_vlan - istats.gre_vlan_total;
+ istats.gre_vlan_total = pc.gre_vlan;
+
+ istats.gre_ppp = pc.gre_ppp - istats.gre_ppp_total;
+ istats.gre_ppp_total = pc.gre_ppp;
+#endif
+
+#ifdef DLT_IEEE802_11 /* if we are tracking wireless, add this to output */
+ istats.wifi_mgmt = pc.wifi_mgmt - istats.wifi_mgmt_total;
+ istats.wifi_mgmt_total = pc.wifi_mgmt;
+
+ istats.wifi_control = pc.wifi_control - istats.wifi_control_total;
+ istats.wifi_control_total = pc.wifi_control;
+
+ istats.wifi_data = pc.wifi_data - istats.wifi_data_total;
+ istats.wifi_data_total = pc.wifi_data;
+#endif
+
+ istats.ipx = pc.ipx - istats.ipx_total;
+ istats.ipx_total = pc.ipx;
+
+ istats.eapol = pc.eapol - istats.eapol_total;
+ istats.eapol_total = pc.eapol;
+
+ istats.ipv6 = pc.ipv6 - istats.ipv6_total;
+ istats.ipv6_total = pc.ipv6;
+
+ istats.ethloopback = pc.ethloopback - istats.ethloopback_total;
+ istats.ethloopback_total = pc.ethloopback;
+
+ istats.other = pc.other - istats.other_total;
+ istats.other_total = pc.other;
+
+ istats.discards = pc.discards - istats.discards_total;
+ istats.discards_total = pc.discards;
+
+ if (pc.frags > 0) /* do we have any fragmented packets being seen? */
+ {
+ istats.frags = pc.frags - istats.frags_total;
+ istats.frags_total = pc.frags;
+
+ istats.frag_trackers = pc.frag_trackers - istats.frag_trackers_total;
+ istats.frag_trackers_total = pc.frag_trackers;
+
+ istats.frag_rebuilt = pc.rebuilt_frags - istats.frag_rebuilt_total;
+ istats.frag_rebuilt_total = pc.rebuilt_frags;
+
+ istats.frag_element = pc.rebuild_element - istats.frag_element_total;
+ istats.frag_element_total = pc.rebuild_element;
+
+ istats.frag_incomp = pc.frag_incomp - istats.frag_incomp_total;
+ istats.frag_incomp_total = pc.frag_incomp;
+
+ istats.frag_timeout = pc.frag_timeout - istats.frag_timeout_total;
+ istats.frag_timeout_total = pc.frag_timeout;
+
+ istats.frag_mem_faults = pc.frag_mem_faults - istats.frag_mem_faults_total;
+ istats.frag_mem_faults_total = pc.frag_mem_faults;
+ }
+
+ if (pc.tcp_stream_pkts > 0) /* do we have TCP stream re-assembly going on? */
+ {
+ istats.tcp_str_packets = pc.tcp_stream_pkts - istats.tcp_str_packets_total;
+ istats.tcp_str_packets_total = pc.tcp_stream_pkts;
+
+ istats.tcp_str_trackers = pc.tcp_streams - istats.tcp_str_trackers_total;
+ istats.tcp_str_trackers_total = pc.tcp_streams;
+
+ istats.tcp_str_flushes = pc.rebuilt_tcp - istats.tcp_str_flushes_total;
+ istats.tcp_str_flushes_total = pc.rebuilt_tcp;
+
+ istats.tcp_str_segs_used = pc.rebuilt_segs - istats.tcp_str_segs_used_total;
+ istats.tcp_str_segs_used_total = pc.rebuilt_segs;
+
+ istats.tcp_str_segs_queued = pc.queued_segs - istats.tcp_str_segs_queued_total;
+ istats.tcp_str_segs_queued_total = pc.queued_segs;
+
+ istats.tcp_str_mem_faults = pc.str_mem_faults - istats.tcp_str_mem_faults_total;
+ istats.tcp_str_mem_faults_total = pc.str_mem_faults;
+ }
+
+ istats.processed = pc.total_processed - istats.processed_total;
+ istats.processed_total = pc.total_processed;
+ total = istats.processed;
+
+ /* prepare packet type per time interval routine */
+ LogMessage("================================================"
+ "===============================\n");
+
+ LogMessage("\n");
+ LogMessage("Statistics Report (last %d seconds)\n", timestats_interval);
+ LogMessage("\n");
+
+ per_sec = (double)istats.recv / (double)timestats_interval;
+
+ LogMessage("Packet Wire Totals:\n");
+ LogMessage("Packets received: " FMTu64("13") "\n", istats.recv);
+
+ if (timestats_interval >= SECONDS_PER_HOUR)
+ {
+ per_hour = (double)(istats.recv * SECONDS_PER_HOUR) / (double)timestats_interval;
+ LogMessage(" per hour: %13.2f\n", per_hour);
+ }
+ if (timestats_interval >= SECONDS_PER_MIN)
+ {
+ per_minute = (double)(istats.recv * SECONDS_PER_MIN) / (double)timestats_interval;
+ LogMessage(" per minute: %13.2f\n", per_minute);
+ }
+ LogMessage(" per second: %13.2f\n", per_sec);
+ LogMessage(" Packets dropped: " FMTu64("13") "\n", istats.drop);
+ LogMessage("\n");
+ LogMessage("Packet Breakdown by Protocol (includes rebuilt packets):\n");
+
+ LogMessage(" TCP: " FMTu64("10") " (%.3f%%)\n",
+ istats.tcp, CalcPct(istats.tcp, total));
+ LogMessage(" UDP: " FMTu64("10") " (%.3f%%)\n",
+ istats.udp, CalcPct(istats.udp, total));
+ LogMessage(" ICMP: " FMTu64("10") " (%.3f%%)\n",
+ istats.icmp, CalcPct(istats.icmp, total));
+ LogMessage(" ARP: " FMTu64("10") " (%.3f%%)\n",
+ istats.arp, CalcPct(istats.arp, total));
+#ifndef NO_NON_ETHER_DECODER
+ LogMessage(" EAPOL: " FMTu64("10") " (%.3f%%)\n",
+ istats.eapol, CalcPct(istats.eapol, total));
+#endif
+ LogMessage(" IPv6: " FMTu64("10") " (%.3f%%)\n",
+ istats.ipv6, CalcPct(istats.ipv6, total));
+ LogMessage(" ETHLOOP: " FMTu64("10") " (%.3f%%)\n",
+ istats.ethloopback, CalcPct(istats.ethloopback, total));
+ LogMessage(" IPX: " FMTu64("10") " (%.3f%%)\n",
+ istats.ipx, CalcPct(istats.ipx, total));
+
+#ifdef GRE
+ LogMessage(" IP4/IP4: " FMTu64("-10") " (%.3f%%)\n",
+ istats.ip4ip4, CalcPct(istats.ip4ip4, total));
+ LogMessage(" IP4/IP6: " FMTu64("-10") " (%.3f%%)\n",
+ istats.ip4ip6, CalcPct(istats.ip4ip6, total));
+ LogMessage(" IP6/IP4: " FMTu64("-10") " (%.3f%%)\n",
+ istats.ip6ip4, CalcPct(istats.ip6ip4, total));
+ LogMessage(" IP6/IP6: " FMTu64("-10") " (%.3f%%)\n",
+ istats.ip6ip6, CalcPct(istats.ip6ip6, total));
+ LogMessage(" GRE: " FMTu64("10") " (%.3f%%)\n",
+ istats.gre, CalcPct(istats.gre, total));
+ LogMessage(" GRE ETH: " FMTu64("-10") " (%.3f%%)\n",
+ istats.gre_eth, CalcPct(istats.gre_eth, total));
+ LogMessage("GRE VLAN: " FMTu64("-10") " (%.3f%%)\n",
+ istats.gre_vlan, CalcPct(istats.gre_vlan, total));
+ LogMessage(" GRE IP: " FMTu64("-10") " (%.3f%%)\n",
+ istats.gre_ip, CalcPct(istats.gre_ip, total));
+ LogMessage("GRE IPv6: " FMTu64("-10") " (%.3f%%)\n",
+ istats.gre_ipv6, CalcPct(istats.gre_ipv6, total));
+ LogMessage("GRE PPTP: " FMTu64("-10") " (%.3f%%)\n",
+ istats.gre_ppp, CalcPct(istats.gre_ppp, total));
+ LogMessage(" GRE ARP: " FMTu64("-10") " (%.3f%%)\n",
+ istats.gre_arp, CalcPct(istats.gre_arp, total));
+ LogMessage(" GRE IPX: " FMTu64("-10") " (%.3f%%)\n",
+ istats.gre_ipx, CalcPct(istats.gre_ipx, total));
+ LogMessage("GRE LOOP: " FMTu64("-10") " (%.3f%%)\n",
+ istats.gre_loopback, CalcPct(istats.gre_loopback, total));
+#endif
+
+ LogMessage(" FRAG: " FMTu64("10") " (%.3f%%)\n",
+ istats.frags, CalcPct(istats.frags, total));
+ LogMessage(" OTHER: " FMTu64("10") " (%.3f%%)\n",
+ istats.other, CalcPct(istats.other, total));
+ LogMessage(" DISCARD: " FMTu64("10") " (%.3f%%)\n",
+ istats.discards, CalcPct(istats.discards, total));
+ LogMessage(" Total: " FMTu64("10") "\n", total);
+
+ LogMessage("\n");
+
+
+ /* handle case where wireless is enabled... */
+
+#ifndef NO_NON_ETHER_DECODER
+#ifdef DLT_IEEE802_11
+ if (datalink == DLT_IEEE802_11)
+ {
+ LogMessage("\n");
+ LogMessage("Wireless Stats:\n\n");
+ LogMessage("Management Packets: " FMTu64("10") " (%.3f%%)\n",
+ istats.wifi_mgmt, CalcPct(istats.wifi_mgmt, total));
+ LogMessage(" Control Packets: " FMTu64("10") " (%.3f%%)\n",
+ istats.wifi_control, CalcPct(istats.wifi_control, total));
+ LogMessage(" Data Packets: " FMTu64("10") " (%.3f%%)\n",
+ istats.wifi_data, CalcPct(istats.wifi_data, total));
+ LogMessage("\n");
+ }
+
+#endif /* if wireless is enabled... */
+#endif // NO_NON_ETHER_DECODER
+
+ /* handle case where we have snort seeing fragmented packets */
+
+ if (pc.frags > 0) /* begin if (pc.frags > 0) */
+ {
+ LogMessage("\n");
+ LogMessage("Fragmentation Stats:\n\n");
+ LogMessage("Fragmented IP Packets: " FMTu64("10") "\n", istats.frags);
+ LogMessage(" Fragment Trackers: " FMTu64("10") "\n", istats.frag_trackers);
+ LogMessage(" Rebuilt IP Packets: " FMTu64("10") "\n", istats.frag_rebuilt);
+ LogMessage(" Frag Elements Used: " FMTu64("10") "\n", istats.frag_element);
+ LogMessage("Discarded(incomplete): " FMTu64("10") "\n", istats.frag_incomp);
+ LogMessage(" Discarded(timeout): " FMTu64("10") "\n", istats.frag_timeout);
+ LogMessage(" Frag2 memory faults: " FMTu64("10") "\n", istats.frag_mem_faults);
+ LogMessage("\n");
+ } /* end if (pc.frags > 0) */
+
+ /* handle TCP stream re-assy stuff here */
+
+ if (pc.tcp_stream_pkts > 0)
+ {
+ LogMessage("\n");
+ LogMessage("TCP Stream Reassembly Stats:\n\n");
+ LogMessage(" TCP Packets Used: " FMTu64("10") "\n", istats.tcp_str_packets);
+ LogMessage(" Stream Trackers: " FMTu64("10") "\n", istats.tcp_str_trackers);
+ LogMessage(" Stream Flushes: " FMTu64("10") "\n", istats.tcp_str_flushes);
+ LogMessage(" Stream Segments Used: " FMTu64("10") "\n", istats.tcp_str_segs_used);
+ LogMessage("Stream Segments Queued: " FMTu64("10") "\n", istats.tcp_str_segs_queued);
+ LogMessage(" Stream4 Memory Faults: " FMTu64("10") "\n", istats.tcp_str_mem_faults);
+ LogMessage("\n");
+ }
+
+ //mpse_print_qinfo();
+
+ } /* end if pcap_stats(ps, &ps) */
+
+ alarm(timestats_interval); /* reset the alarm to go off again */
+}
+
+/* print out stats on how long snort ran */
+void TimeStats(void)
+{
+
+/*
+ * variable definitions for improved statistics handling
+ *
+ * end_time = time which snort finished running (unix epoch)
+ * total_secs = total amount of time snort ran
+ * int_total_secs = used to eliminate casts from this function (temp. var)
+ * days = number of days snort ran
+ * hrs = number of hrs snort ran
+ * mins = number of minutes snort ran
+ * secs = number of seconds snort ran
+ *
+ * ival = temp. variable for integer/modulus math
+ * ppd = packets per day processed
+ * pph = packets per hour processed
+ * ppm = packets per minute processed
+ * pps = packets per second processed
+ *
+ * hflag = used to flag when hrs = zero, but days > 0
+ * mflag = used to flag when min = zero, but hrs > 0
+ *
+ */
+
+ time_t end_time, total_secs;
+ uint32_t days = 0, hrs = 0, mins = 0, secs = 0, tmp = 0;
+ uint64_t pps = 0, ppm = 0, pph = 0, ppd = 0;
+ uint32_t int_total_secs = 0;
+ char hflag = 0, mflag = 0;
+
+
+ end_time = time(NULL); /* grab epoch for end time value (in seconds) */
+ total_secs = end_time - start_time; /* total_secs is how many seconds snort ran for */
+
+ tmp = (uint32_t)total_secs;
+ int_total_secs = tmp; /* used for cast elimination */
+
+ days = tmp / SECONDS_PER_DAY; /* 86400 is number of seconds in a day */
+ tmp = tmp % SECONDS_PER_DAY; /* grab remainder to process hours */
+ hrs = tmp / SECONDS_PER_HOUR; /* 3600 is number of seconds in a(n) hour */
+ tmp = tmp % SECONDS_PER_HOUR; /* grab remainder to process minutes */
+ mins = tmp / SECONDS_PER_MIN; /* 60 is number of seconds in a minute */
+ secs = tmp % SECONDS_PER_MIN; /* grab remainder to process seconds */
+
+ if (total_secs)
+ pps = (pc.total_from_pcap / int_total_secs);
+ else
+ pps = pc.total_from_pcap; /* guard against division by zero */
+
+ /* Use ErrorMessage because this is logged whether
+ * or not logging quietly */
+ ErrorMessage("Snort ran for %u Days %u Hours %u Minutes %u Seconds\n",
+ days, hrs, mins, secs);
+
+ if (days > 0)
+ {
+ ppd = (pc.total_from_pcap / (int_total_secs / SECONDS_PER_DAY));
+ ErrorMessage("Snort Analyzed " STDu64 " Packets Per Day\n", ppd);
+ hflag = 1;
+ }
+
+ if (hrs > 0 || hflag == 1)
+ {
+ pph = (pc.total_from_pcap / (int_total_secs / SECONDS_PER_HOUR));
+ ErrorMessage("Snort Analyzed " STDu64 " Packets Per Hour\n", pph);
+ mflag = 1;
+ }
+
+ if (mins > 0 || mflag == 1)
+ {
+ ppm = (pc.total_from_pcap / (int_total_secs / SECONDS_PER_MIN));
+ ErrorMessage("Snort Analyzed " STDu64 " Packets Per Minute\n", ppm);
+ }
+
+ ErrorMessage("Snort Analyzed " STDu64 " Packets Per Second\n", pps);
+ ErrorMessage("\n");
+}
+#endif /* TIMESTATS */
+
+
+#ifdef PCAP_CLOSE
+int UpdatePcapPktStats(int cacheReturn)
+#else
+int UpdatePcapPktStats(void)
+#endif
+{
+ struct pcap_stat ps;
+ uint32_t recv, drop;
+ static char not_initialized = 1;
+
+#ifdef PCAP_CLOSE
+ static int priorReturn = 0;
+ static int returnWasCached = 0;
+
+ if ( !cacheReturn && returnWasCached )
+ {
+ returnWasCached = 0;
+ return priorReturn;
+ }
+ priorReturn = -1;
+ returnWasCached = cacheReturn;
+#endif
+
+ if (not_initialized)
+ {
+ memset(&pkt_stats, 0, sizeof(PcapPktStats));
+ not_initialized = 0;
+ }
+
+ if ((pcap_handle == NULL) || ScReadMode())
+ return -1;
+
+ if (pcap_stats(pcap_handle, &ps) == -1)
+ {
+ pcap_perror(pcap_handle, "pcap_stats");
+ return -1;
+ }
+
+ recv = (uint32_t)ps.ps_recv;
+ drop = (uint32_t)ps.ps_drop;
+
+#ifdef LINUX_LIBPCAP_DOUBLES_STATS
+ recv /= 2;
+ drop /= 2;
+#endif
+
+#ifdef LIBPCAP_ACCUMULATES
+ /* pcap recv wrapped */
+ if (recv < pkt_stats.wrap_recv)
+ pkt_stats.recv += (uint64_t)UINT32_MAX;
+
+ /* pcap drop wrapped */
+ if (drop < pkt_stats.wrap_drop)
+ pkt_stats.drop += (uint64_t)UINT32_MAX;
+
+ pkt_stats.wrap_recv = recv;
+ pkt_stats.wrap_drop = drop;
+#else
+ pkt_stats.recv += (uint64_t)recv;
+ pkt_stats.drop += (uint64_t)drop;
+#endif /* LIBPCAP_ACCUMULATES */
+
+#ifdef PCAP_CLOSE
+ priorReturn = 0;
+#endif
+ return 0;
+}
+
+uint64_t GetPcapPktStatsRecv(void)
+{
+ return pkt_stats.recv + (uint64_t)pkt_stats.wrap_recv;
+}
+
+uint64_t GetPcapPktStatsDrop(void)
+{
+ return pkt_stats.drop + (uint64_t)pkt_stats.wrap_drop;
+}
+
+
+#ifdef PCAP_CLOSE
+/* exiting should be 0 for if not exiting, 1 if restarting, and 2 if exiting */
+#else
+/* exiting should be 0 for if not exiting and 1 if exiting */
+#endif
+void DropStats(int exiting)
+{
+ PreprocStatsFuncNode *idx;
+ uint64_t total = 0;
+ uint64_t pkts_recv;
+ uint64_t pkts_drop;
+
+ total = pc.total_processed;
+
+#ifdef PPM_MGR
+ PPM_PRINT_SUMMARY(&snort_conf->ppm_cfg);
+#endif
+
+ LogMessage("================================================"
+ "===============================\n");
+
+#ifdef TIMESTATS
+ TimeStats(); /* how long did snort run? */
+#endif
+
+ if (ScReadMode()
+#ifdef GIDS
+ || ScAdapterInlineMode()
+#endif
+ )
+ {
+ LogMessage("Snort processed " STDu64 " packets.\n", total);
+ }
+ else
+ {
+#ifdef PCAP_CLOSE
+ if (exiting < 2 && (pcap_handle == NULL))
+#else
+ if (pcap_handle == NULL)
+#endif
+ {
+ LogMessage("Snort received 0 packets\n");
+ }
+ else
+ {
+#ifdef PCAP_CLOSE
+ if (UpdatePcapPktStats(0) != -1)
+#else
+ if (UpdatePcapPktStats() != -1)
+#endif
+ {
+ pkts_recv = GetPcapPktStatsRecv();
+ pkts_drop = GetPcapPktStatsDrop();
+
+ LogMessage("Packet Wire Totals:\n");
+ LogMessage(" Received: " FMTu64("12") "\n", pkts_recv);
+ LogMessage(" Analyzed: " FMTu64("12") " (%.3f%%)\n", pc.total_from_pcap,
+ CalcPct(pc.total_from_pcap, pkts_recv));
+ LogMessage(" Dropped: " FMTu64("12") " (%.3f%%)\n", pkts_drop,
+ CalcPct(pkts_drop, pkts_recv));
+ LogMessage("Outstanding: " FMTu64("12") " (%.3f%%)\n",
+ pkts_recv - pkts_drop - pc.total_from_pcap,
+ CalcPct((pkts_recv - pkts_drop - pc.total_from_pcap), pkts_recv));
+ }
+ else
+ {
+ LogMessage("Unable to calculate percentages for stats\n");
+ LogMessage("Total number of packets Analyzed: " FMTu64("12") "\n", pc.total_from_pcap);
+ }
+ }
+ }
+
+ LogMessage("================================================"
+ "===============================\n");
+
+ LogMessage("Breakdown by protocol (includes rebuilt packets):\n");
+
+ LogMessage(" ETH: " FMTu64("-10") " (%.3f%%)\n",
+ pc.eth, CalcPct(pc.eth, total));
+ LogMessage(" ETHdisc: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ethdisc, CalcPct(pc.ethdisc, total));
+#ifdef GIDS
+#ifndef IPFW
+ LogMessage(" IPTables: " FMTu64("-10") " (%.3f%%)\n",
+ pc.iptables, CalcPct(pc.iptables, total));
+#else
+ LogMessage(" IPFW: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ipfw, CalcPct(pc.ipfw, total));
+#endif /* IPFW */
+#endif /* GIDS */
+ LogMessage(" VLAN: " FMTu64("-10") " (%.3f%%)\n",
+ pc.vlan, CalcPct(pc.vlan, total));
+
+ if (pc.nested_vlan != 0)
+ LogMessage("Nested VLAN: " FMTu64("-10") " (%.3f%%)\n",
+ pc.nested_vlan, CalcPct(pc.nested_vlan, total));
+
+ LogMessage(" IPV6: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ipv6, CalcPct(pc.ipv6, total));
+ LogMessage(" IP6 EXT: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ip6ext, CalcPct(pc.ip6ext, total));
+ LogMessage(" IP6opts: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ipv6opts, CalcPct(pc.ipv6opts, total));
+ LogMessage(" IP6disc: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ipv6disc, CalcPct(pc.ipv6disc, total));
+
+ LogMessage(" IP4: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ip, CalcPct(pc.ip, total));
+ LogMessage(" IP4disc: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ipdisc, CalcPct(pc.ipdisc, total));
+
+ LogMessage(" TCP 6: " FMTu64("-10") " (%.3f%%)\n",
+ pc.tcp6, CalcPct(pc.tcp6, total));
+ LogMessage(" UDP 6: " FMTu64("-10") " (%.3f%%)\n",
+ pc.udp6, CalcPct(pc.udp6, total));
+ LogMessage(" ICMP6: " FMTu64("-10") " (%.3f%%)\n",
+ pc.icmp6, CalcPct(pc.icmp6, total));
+ LogMessage(" ICMP-IP: " FMTu64("-10") " (%.3f%%)\n",
+ pc.embdip, CalcPct(pc.embdip, total));
+
+ LogMessage(" TCP: " FMTu64("-10") " (%.3f%%)\n",
+ pc.tcp, CalcPct(pc.tcp, total));
+ LogMessage(" UDP: " FMTu64("-10") " (%.3f%%)\n",
+ pc.udp, CalcPct(pc.udp, total));
+ LogMessage(" ICMP: " FMTu64("-10") " (%.3f%%)\n",
+ pc.icmp, CalcPct(pc.icmp, total));
+
+ LogMessage(" TCPdisc: " FMTu64("-10") " (%.3f%%)\n",
+ pc.tdisc, CalcPct(pc.tdisc, total));
+ LogMessage(" UDPdisc: " FMTu64("-10") " (%.3f%%)\n",
+ pc.udisc, CalcPct(pc.udisc, total));
+ LogMessage(" ICMPdis: " FMTu64("-10") " (%.3f%%)\n",
+ pc.icmpdisc, CalcPct(pc.icmpdisc, total));
+
+ LogMessage(" FRAG: " FMTu64("-10") " (%.3f%%)\n",
+ pc.frags, CalcPct(pc.frags, total));
+ LogMessage(" FRAG 6: " FMTu64("-10") " (%.3f%%)\n",
+ pc.frag6, CalcPct(pc.frag6, total));
+
+ LogMessage(" ARP: " FMTu64("-10") " (%.3f%%)\n",
+ pc.arp, CalcPct(pc.arp, total));
+#ifndef NO_NON_ETHER_DECODER
+ LogMessage(" EAPOL: " FMTu64("-10") " (%.3f%%)\n",
+ pc.eapol, CalcPct(pc.eapol, total));
+#endif
+ LogMessage(" ETHLOOP: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ethloopback, CalcPct(pc.ethloopback, total));
+ LogMessage(" IPX: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ipx, CalcPct(pc.ipx, total));
+#ifdef GRE
+ LogMessage("IPv4/IPv4: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ip4ip4, CalcPct(pc.ip4ip4, total));
+ LogMessage("IPv4/IPv6: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ip4ip6, CalcPct(pc.ip4ip6, total));
+ LogMessage("IPv6/IPv4: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ip6ip4, CalcPct(pc.ip6ip4, total));
+ LogMessage("IPv6/IPv6: " FMTu64("-10") " (%.3f%%)\n",
+ pc.ip6ip6, CalcPct(pc.ip6ip6, total));
+ LogMessage(" GRE: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre, CalcPct(pc.gre, total));
+ LogMessage(" GRE ETH: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre_eth, CalcPct(pc.gre_eth, total));
+ LogMessage(" GRE VLAN: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre_vlan, CalcPct(pc.gre_vlan, total));
+ LogMessage(" GRE IPv4: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre_ip, CalcPct(pc.gre_ip, total));
+ LogMessage(" GRE IPv6: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre_ipv6, CalcPct(pc.gre_ipv6, total));
+ LogMessage("GRE IP6 E: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre_ipv6ext, CalcPct(pc.gre_ipv6ext, total));
+ LogMessage(" GRE PPTP: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre_ppp, CalcPct(pc.gre_ppp, total));
+ LogMessage(" GRE ARP: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre_arp, CalcPct(pc.gre_arp, total));
+ LogMessage(" GRE IPX: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre_ipx, CalcPct(pc.gre_ipx, total));
+ LogMessage(" GRE LOOP: " FMTu64("-10") " (%.3f%%)\n",
+ pc.gre_loopback, CalcPct(pc.gre_loopback, total));
+#endif /* GRE */
+#ifdef MPLS
+ LogMessage(" MPLS: " FMTu64("-10") " (%.3f%%)\n",
+ pc.mpls, CalcPct(pc.mpls, total));
+#endif
+ LogMessage(" OTHER: " FMTu64("-10") " (%.3f%%)\n",
+ pc.other, CalcPct(pc.other, total));
+ LogMessage(" DISCARD: " FMTu64("-10") " (%.3f%%)\n",
+ pc.discards, CalcPct(pc.discards, total));
+ LogMessage("InvChkSum: " FMTu64("-10") " (%.3f%%)\n",
+ pc.invalid_checksums, CalcPct(pc.invalid_checksums, total));
+
+ LogMessage(" S5 G 1: " FMTu64("-10") " (%.3f%%)\n",
+ pc.s5tcp1, CalcPct(pc.s5tcp1, total));
+ LogMessage(" S5 G 2: " FMTu64("-10") " (%.3f%%)\n",
+ pc.s5tcp2, CalcPct(pc.s5tcp2, total));
+
+ LogMessage(" Total: " FMTu64("-10") "\n", total);
+
+ LogMessage("================================================"
+ "===============================\n");
+
+ LogMessage("Action Stats:\n");
+ LogMessage("ALERTS: " STDu64 "\n", pc.alert_pkts);
+ LogMessage("LOGGED: " STDu64 "\n", pc.log_pkts);
+ LogMessage("PASSED: " STDu64 "\n", pc.pass_pkts);
+
+#ifdef TARGET_BASED
+ if (ScIdsMode() && IsAdaptiveConfigured(getDefaultPolicy(), 0))
+ {
+ LogMessage("================================================"
+ "===============================\n");
+ LogMessage("Attribute Table Stats:\n");
+ LogMessage(" Number Entries: %u\n", SFAT_NumberOfHosts());
+ LogMessage(" Table Reloaded: " STDu64 "\n", pc.attribute_table_reloads);
+ }
+#endif /* TARGET_BASED */
+
+ //mpse_print_qinfo();
+
+#ifndef NO_NON_ETHER_DECODER
+#ifdef DLT_IEEE802_11
+ if(datalink == DLT_IEEE802_11)
+ {
+ LogMessage("================================================"
+ "===============================\n");
+ LogMessage("Wireless Stats:\n");
+ LogMessage("Breakdown by type:\n");
+ LogMessage(" Management Packets: " FMTu64("-10") " (%.3f%%)\n",
+ pc.wifi_mgmt, CalcPct(pc.wifi_mgmt, total));
+ LogMessage(" Control Packets: " FMTu64("-10") " (%.3f%%)\n",
+ pc.wifi_control, CalcPct(pc.wifi_control, total));
+ LogMessage(" Data Packets: " FMTu64("-10") " (%.3f%%)\n",
+ pc.wifi_data, CalcPct(pc.wifi_data, total));
+ }
+#endif /* DLT_IEEE802_11 */
+#endif // NO_NON_ETHER_DECODER
+
+ for (idx = preproc_stats_funcs; idx != NULL; idx = idx->next)
+ {
+ LogMessage("=============================================="
+ "=================================\n");
+
+#ifdef PCAP_CLOSE
+ idx->func(exiting ? 1 : 0);
+#else
+ idx->func(exiting);
+#endif
+ }
+
+ LogMessage("=============================================="
+ "=================================\n");
+
+ return;
+}
+
+/****************************************************************************
+ *
+ * Function: CleanupProtoNames()
+ *
+ * Purpose: Frees the protocol names
+ *
+ * Arguments: None.
+ *
+ * Returns: void function
+ *
+ ****************************************************************************/
+void CleanupProtoNames(void)
+{
+ int i;
+
+ for(i = 0; i < 256; i++)
+ {
+ if( protocol_names[i] != NULL )
+ {
+ free( protocol_names[i] );
+ protocol_names[i] = NULL;
+ }
+ }
+}
+
+/****************************************************************************
+ *
+ * Function: read_infile(char *)
+ *
+ * Purpose: Reads the BPF filters in from a file. Ripped from tcpdump.
+ *
+ * Arguments: fname => the name of the file containing the BPF filters
+ *
+ * Returns: the processed BPF string
+ *
+ ****************************************************************************/
+char *read_infile(char *fname)
+{
+ register int fd, cc;
+ register char *cp, *cmt;
+ struct stat buf;
+
+ fd = open(fname, O_RDONLY);
+
+ if(fd < 0)
+ FatalError("can't open %s: %s\n", fname, pcap_strerror(errno));
+
+ if(fstat(fd, &buf) < 0)
+ FatalError("can't stat %s: %s\n", fname, pcap_strerror(errno));
+
+ cp = (char *)SnortAlloc(((u_int)buf.st_size + 1) * sizeof(char));
+
+ cc = read(fd, cp, (int) buf.st_size);
+
+ if(cc < 0)
+ FatalError("read %s: %s\n", fname, pcap_strerror(errno));
+
+ if(cc != buf.st_size)
+ FatalError("short read %s (%d != %d)\n", fname, cc, (int) buf.st_size);
+
+ cp[(int) buf.st_size] = '\0';
+
+ close(fd);
+
+ /* Treat everything upto the end of the line as a space
+ * so that we can put comments in our BPF filters
+ */
+
+ while((cmt = strchr(cp, '#')) != NULL)
+ {
+ while (*cmt != '\r' && *cmt != '\n' && *cmt != '\0')
+ {
+ *cmt++ = ' ';
+ }
+ }
+
+ /** LogMessage("BPF filter file: %s\n", fname); **/
+
+ return(cp);
+}
+
+
+ /****************************************************************************
+ *
+ * Function: CheckLogDir()
+ *
+ * Purpose: CyberPsychotic sez: basically we only check if logdir exist and
+ * writable, since it might screw the whole thing in the middle. Any
+ * other checks could be performed here as well.
+ *
+ * Arguments: None.
+ *
+ * Returns: void function
+ *
+ ****************************************************************************/
+void CheckLogDir(void)
+{
+ struct stat st;
+
+ if (snort_conf->log_dir == NULL)
+ return;
+
+ if (stat(snort_conf->log_dir, &st) == -1)
+ FatalError("Stat check on log dir failed: %s.\n", strerror(errno));
+
+ if (!S_ISDIR(st.st_mode) || (access(snort_conf->log_dir, W_OK) == -1))
+ {
+ FatalError("Can not get write access to logging directory \"%s\". "
+ "(directory doesn't exist or permissions are set incorrectly "
+ "or it is not a directory at all)\n",
+ snort_conf->log_dir);
+ }
+}
+
+/* Signal handler for child process signaling the parent
+ * that is is ready */
+static int parent_wait = 1;
+static void SigChildReadyHandler(int signal)
+{
+#ifdef DEBUG
+ LogMessage("Received Signal from Child\n");
+#endif
+ parent_wait = 0;
+}
+
+/****************************************************************************
+ *
+ * Function: GoDaemon()
+ *
+ * Purpose: Puts the program into daemon mode, nice and quiet like....
+ *
+ * Arguments: None.
+ *
+ * Returns: void function
+ *
+ ****************************************************************************/
+void GoDaemon(void)
+{
+#ifndef WIN32
+ int exit_val = 0;
+ pid_t fs;
+
+ LogMessage("Initializing daemon mode\n");
+
+ if (ScDaemonRestart())
+ return;
+
+ /* Don't daemonize if we've already daemonized and
+ * received a SIGHUP. */
+ if(getppid() != 1)
+ {
+ /* Register signal handler that parent can trap signal */
+ signal(SIGNAL_SNORT_CHILD_READY, SigChildReadyHandler);
+ if (errno != 0) errno=0;
+
+ /* now fork the child */
+ fs = fork();
+
+ if(fs > 0)
+ {
+ /* Parent */
+
+ /* Don't exit quite yet. Wait for the child
+ * to signal that is there and created the PID
+ * file.
+ */
+ while (parent_wait)
+ {
+ /* Continue waiting until receiving signal from child */
+ int status;
+ if (waitpid(fs, &status, WNOHANG) == fs)
+ {
+ /* If the child is gone, parent should go away, too */
+ if (WIFEXITED(status))
+ {
+ LogMessage("Child exited unexpectedly\n");
+ exit_val = -1;
+ break;
+ }
+
+ if (WIFSIGNALED(status))
+ {
+ LogMessage("Child terminated unexpectedly\n");
+ exit_val = -2;
+ break;
+ }
+ }
+#ifdef DEBUG
+ LogMessage("Parent waiting for child...\n");
+#endif
+
+ sleep(1);
+ }
+
+ LogMessage("Daemon parent exiting\n");
+
+ exit(exit_val); /* parent */
+ }
+
+ if(fs < 0)
+ {
+ /* Daemonizing failed... */
+ perror("fork");
+ exit(1);
+ }
+
+ /* Child */
+ setsid();
+ }
+
+ close(0);
+ close(1);
+ close(2);
+
+#ifdef DEBUG
+ /* redirect stdin/stdout/stderr to a file */
+ open("/tmp/snort.debug", O_CREAT | O_RDWR); /* stdin, fd 0 */
+
+ /* Change ownership to that which we will drop privileges to */
+ if ((snort_conf->user_id != -1) || (snort_conf->group_id != -1))
+ {
+ uid_t user_id = getuid();
+ gid_t group_id = getgid();
+
+ if (snort_conf->user_id != -1)
+ user_id = snort_conf->user_id;
+ if (snort_conf->group_id != -1)
+ group_id = snort_conf->group_id;
+
+ chown("/tmp/snort.debug", user_id, group_id);
+ }
+#else
+ /* redirect stdin/stdout/stderr to /dev/null */
+ (void)open("/dev/null", O_RDWR); /* stdin, fd 0 */
+#endif
+
+ dup(0); /* stdout, fd 0 => fd 1 */
+ dup(0); /* stderr, fd 0 => fd 2 */
+
+ SignalWaitingParent();
+
+#endif /* ! WIN32 */
+}
+
+/* Signal the parent that child is ready */
+void SignalWaitingParent(void)
+{
+#ifndef WIN32
+ pid_t parentpid = getppid();
+#ifdef DEBUG
+ LogMessage("Signaling parent %d from child %d\n", parentpid, getpid());
+#endif
+
+ if (kill(parentpid, SIGNAL_SNORT_CHILD_READY))
+ {
+ LogMessage("Daemon initialized, failed to signal parent pid: %d, failure: %d, %s\n", parentpid, errno, strerror(errno));
+ }
+ else
+ {
+ LogMessage("Daemon initialized, signaled parent pid: %d\n", parentpid);
+ }
+#endif
+}
+
+/* This function has been moved into mstring.c, since that
+* is where the allocation actually occurs. It has been
+* renamed to mSplitFree().
+*
+void FreeToks(char **toks, int num_toks)
+{
+ if (toks)
+ {
+ if (num_toks > 0)
+ {
+ do
+ {
+ num_toks--;
+ free(toks[num_toks]);
+ } while(num_toks);
+ }
+ free(toks);
+ }
+}
+*/
+
+
+/* Self preserving memory allocator */
+void *SPAlloc(unsigned long size, struct _SPMemControl *spmc)
+{
+ void *tmp;
+
+ spmc->mem_usage += size;
+
+ if(spmc->mem_usage > spmc->memcap)
+ {
+ spmc->sp_func(spmc);
+ }
+
+ tmp = (void *) calloc(size, sizeof(char));
+
+ if(tmp == NULL)
+ {
+ FatalError("Unable to allocate memory! (%lu requested, %lu in use)\n",
+ size, spmc->mem_usage);
+ }
+
+ return tmp;
+}
+
+/* Guaranteed to be '\0' terminated even if truncation occurs.
+ *
+ * returns SNORT_SNPRINTF_SUCCESS if successful
+ * returns SNORT_SNPRINTF_TRUNCATION on truncation
+ * returns SNORT_SNPRINTF_ERROR on error
+ */
+int SnortSnprintf(char *buf, size_t buf_size, const char *format, ...)
+{
+ va_list ap;
+ int ret;
+
+ if (buf == NULL || buf_size <= 0 || format == NULL)
+ return SNORT_SNPRINTF_ERROR;
+
+ /* zero first byte in case an error occurs with
+ * vsnprintf, so buffer is null terminated with
+ * zero length */
+ buf[0] = '\0';
+ buf[buf_size - 1] = '\0';
+
+ va_start(ap, format);
+
+ ret = vsnprintf(buf, buf_size, format, ap);
+
+ va_end(ap);
+
+ if (ret < 0)
+ return SNORT_SNPRINTF_ERROR;
+
+ if (buf[buf_size - 1] != '\0' || (size_t)ret >= buf_size)
+ {
+ /* result was truncated */
+ buf[buf_size - 1] = '\0';
+ return SNORT_SNPRINTF_TRUNCATION;
+ }
+
+ return SNORT_SNPRINTF_SUCCESS;
+}
+
+/* Appends to a given string
+ * Guaranteed to be '\0' terminated even if truncation occurs.
+ *
+ * returns SNORT_SNPRINTF_SUCCESS if successful
+ * returns SNORT_SNPRINTF_TRUNCATION on truncation
+ * returns SNORT_SNPRINTF_ERROR on error
+ */
+int SnortSnprintfAppend(char *buf, size_t buf_size, const char *format, ...)
+{
+ int str_len;
+ int ret;
+ va_list ap;
+
+ if (buf == NULL || buf_size <= 0 || format == NULL)
+ return SNORT_SNPRINTF_ERROR;
+
+ str_len = SnortStrnlen(buf, buf_size);
+
+ /* since we've already checked buf and buf_size an error
+ * indicates no null termination, so just start at
+ * beginning of buffer */
+ if (str_len == SNORT_STRNLEN_ERROR)
+ {
+ buf[0] = '\0';
+ str_len = 0;
+ }
+
+ buf[buf_size - 1] = '\0';
+
+ va_start(ap, format);
+
+ ret = vsnprintf(buf + str_len, buf_size - (size_t)str_len, format, ap);
+
+ va_end(ap);
+
+ if (ret < 0)
+ return SNORT_SNPRINTF_ERROR;
+
+ if (buf[buf_size - 1] != '\0' || (size_t)ret >= buf_size)
+ {
+ /* truncation occured */
+ buf[buf_size - 1] = '\0';
+ return SNORT_SNPRINTF_TRUNCATION;
+ }
+
+ return SNORT_SNPRINTF_SUCCESS;
+}
+
+/* Guaranteed to be '\0' terminated even if truncation occurs.
+ *
+ * Arguments: dst - the string to contain the copy
+ * src - the string to copy from
+ * dst_size - the size of the destination buffer
+ * including the null byte.
+ *
+ * returns SNORT_STRNCPY_SUCCESS if successful
+ * returns SNORT_STRNCPY_TRUNCATION on truncation
+ * returns SNORT_STRNCPY_ERROR on error
+ *
+ * Note: Do not set dst[0] = '\0' on error since it's possible that
+ * dst and src are the same pointer - it will at least be null
+ * terminated in any case
+ */
+int SnortStrncpy(char *dst, const char *src, size_t dst_size)
+{
+ char *ret = NULL;
+
+ if (dst == NULL || src == NULL || dst_size <= 0)
+ return SNORT_STRNCPY_ERROR;
+
+ dst[dst_size - 1] = '\0';
+
+ ret = strncpy(dst, src, dst_size);
+
+ /* Not sure if this ever happens but might as
+ * well be on the safe side */
+ if (ret == NULL)
+ return SNORT_STRNCPY_ERROR;
+
+ if (dst[dst_size - 1] != '\0')
+ {
+ /* result was truncated */
+ dst[dst_size - 1] = '\0';
+ return SNORT_STRNCPY_TRUNCATION;
+ }
+
+ return SNORT_STRNCPY_SUCCESS;
+}
+
+char *SnortStrndup(const char *src, size_t dst_size)
+{
+ char *ret = SnortAlloc(dst_size + 1);
+ int ret_val;
+
+ ret_val = SnortStrncpy(ret, src, dst_size + 1);
+
+ if(ret_val == SNORT_STRNCPY_ERROR)
+ {
+ free(ret);
+ return NULL;
+ }
+
+ return ret;
+}
+
+/* Determines whether a buffer is '\0' terminated and returns the
+ * string length if so
+ *
+ * returns the string length if '\0' terminated
+ * returns SNORT_STRNLEN_ERROR if not '\0' terminated
+ */
+int SnortStrnlen(const char *buf, int buf_size)
+{
+ int i = 0;
+
+ if (buf == NULL || buf_size <= 0)
+ return SNORT_STRNLEN_ERROR;
+
+ for (i = 0; i < buf_size; i++)
+ {
+ if (buf[i] == '\0')
+ break;
+ }
+
+ if (i == buf_size)
+ return SNORT_STRNLEN_ERROR;
+
+ return i;
+}
+
+char * SnortStrdup(const char *str)
+{
+ char *copy = NULL;
+
+ if (!str)
+ {
+ FatalError("Unable to duplicate string: NULL!\n");
+ }
+
+ copy = strdup(str);
+
+ if (copy == NULL)
+ {
+ FatalError("Unable to duplicate string: %s!\n", str);
+ }
+
+ return copy;
+}
+
+/*
+ * Find first occurrence of char of accept in s, limited by slen.
+ * A 'safe' version of strpbrk that won't read past end of buffer s
+ * in cases that s is not NULL terminated.
+ *
+ * This code assumes 'accept' is a static string.
+ */
+const char *SnortStrnPbrk(const char *s, int slen, const char *accept)
+{
+ char ch;
+ const char *s_end;
+ if (!s || !*s || !accept || slen == 0)
+ return NULL;
+
+ s_end = s + slen;
+ while (s < s_end)
+ {
+ ch = *s;
+ if (strchr(accept, ch))
+ return s;
+ s++;
+ }
+ return NULL;
+}
+
+/*
+ * Find first occurrence of searchstr in s, limited by slen.
+ * A 'safe' version of strstr that won't read past end of buffer s
+ * in cases that s is not NULL terminated.
+ */
+const char *SnortStrnStr(const char *s, int slen, const char *searchstr)
+{
+ char ch, nc;
+ int len;
+ if (!s || !*s || !searchstr || slen == 0)
+ return NULL;
+
+ if ((ch = *searchstr++) != 0)
+ {
+ len = strlen(searchstr);
+ do
+ {
+ do
+ {
+ if ((nc = *s++) == 0)
+ {
+ return NULL;
+ }
+ slen--;
+ if (slen == 0)
+ return NULL;
+ } while (nc != ch);
+ if (slen - len < 0)
+ return NULL;
+ } while (memcmp(s, searchstr, len) != 0);
+ s--;
+ slen++;
+ }
+ return s;
+}
+
+/*
+ * Find first occurrence of substring in s, ignore case.
+*/
+const char *SnortStrcasestr(const char *s, const char *substr)
+{
+ char ch, nc;
+ int len;
+
+ if (!s || !*s || !substr)
+ return NULL;
+
+ if ((ch = *substr++) != 0)
+ {
+ ch = tolower((char)ch);
+ len = strlen(substr);
+ do
+ {
+ do
+ {
+ if ((nc = *s++) == 0)
+ {
+ return NULL;
+ }
+ } while ((char)tolower((uint8_t)nc) != ch);
+ } while (strncasecmp(s, substr, len) != 0);
+ s--;
+ }
+ return s;
+}
+
+void *SnortAlloc(unsigned long size)
+{
+ void *tmp;
+
+ tmp = (void *) calloc(size, sizeof(char));
+
+ if(tmp == NULL)
+ {
+ FatalError("Unable to allocate memory! (%lu requested)\n", size);
+ }
+
+ return tmp;
+}
+
+void * SnortAlloc2(size_t size, const char *format, ...)
+{
+ void *tmp;
+
+ tmp = (void *)calloc(size, sizeof(char));
+
+ if(tmp == NULL)
+ {
+ va_list ap;
+ char buf[STD_BUF];
+
+ buf[STD_BUF - 1] = '\0';
+
+ va_start(ap, format);
+
+ vsnprintf(buf, STD_BUF - 1, format, ap);
+
+ va_end(ap);
+
+ FatalError("%s", buf);
+ }
+
+ return tmp;
+}
+
+/**
+ * Chroot and adjust the snort_conf->log_dir reference
+ *
+ * @param directory directory to chroot to
+ * @param logstore ptr to snort_conf->log_dir which must be dynamically allocated
+ */
+void SetChroot(char *directory, char **logstore)
+{
+#ifdef WIN32
+ FatalError("SetChroot() should not be called under Win32!\n");
+#else
+ char *absdir;
+ size_t abslen;
+ char *logdir;
+
+ if(!directory || !logstore)
+ {
+ FatalError("Null parameter passed\n");
+ }
+
+ logdir = *logstore;
+
+ if(logdir == NULL || *logdir == '\0')
+ {
+ FatalError("Null log directory\n");
+ }
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT,"SetChroot: %s\n",
+ CurrentWorkingDir()););
+
+ logdir = GetAbsolutePath(logdir);
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT, "SetChroot: %s\n",
+ CurrentWorkingDir()));
+
+ logdir = SnortStrdup(logdir);
+
+ /* We're going to reset logstore, so free it now */
+ free(*logstore);
+ *logstore = NULL;
+
+ /* change to the directory */
+ if(chdir(directory) != 0)
+ {
+ FatalError("SetChroot: Can not chdir to \"%s\": %s\n", directory,
+ strerror(errno));
+ }
+
+ /* always returns an absolute pathname */
+ absdir = CurrentWorkingDir();
+
+ if(absdir == NULL)
+ {
+ FatalError("NULL Chroot found\n");
+ }
+
+ abslen = strlen(absdir);
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT, "ABS: %s %d\n", absdir, abslen););
+
+ /* make the chroot call */
+ if(chroot(absdir) < 0)
+ {
+ FatalError("Can not chroot to \"%s\": absolute: %s: %s\n",
+ directory, absdir, strerror(errno));
+ }
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT,"chroot success (%s ->", absdir););
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT,"%s)\n ", CurrentWorkingDir()););
+
+ /* change to "/" in the new directory */
+ if(chdir("/") < 0)
+ {
+ FatalError("Can not chdir to \"/\" after chroot: %s\n",
+ strerror(errno));
+ }
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT,"chdir success (%s)\n",
+ CurrentWorkingDir()););
+
+
+ if(strncmp(absdir, logdir, strlen(absdir)))
+ {
+ FatalError("Absdir is not a subset of the logdir");
+ }
+
+ if(abslen >= strlen(logdir))
+ {
+ *logstore = SnortStrdup("/");
+ }
+ else
+ {
+ *logstore = SnortStrdup(logdir + abslen);
+ }
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT,"new logdir from %s to %s\n",
+ logdir, *logstore));
+
+ LogMessage("Chroot directory = %s\n", directory);
+
+#if 0
+ /* XXX XXX */
+ /* install the I can't do this signal handler */
+ signal(SIGHUP, SigCantHupHandler);
+#endif
+#endif /* !WIN32 */
+}
+
+
+/**
+ * Return a ptr to the absolute pathname of snort. This memory must
+ * be copied to another region if you wish to save it for later use.
+ */
+char *CurrentWorkingDir(void)
+{
+ static char buf[PATH_MAX_UTIL + 1];
+
+ if(getcwd((char *) buf, PATH_MAX_UTIL) == NULL)
+ {
+ return NULL;
+ }
+
+ buf[PATH_MAX_UTIL] = '\0';
+
+ return (char *) buf;
+}
+
+/**
+ * Given a directory name, return a ptr to a static
+ */
+char *GetAbsolutePath(char *dir)
+{
+ char *savedir, *dirp;
+ static char buf[PATH_MAX_UTIL + 1];
+
+ if(dir == NULL)
+ {
+ return NULL;
+ }
+
+ savedir = strdup(CurrentWorkingDir());
+
+ if(savedir == NULL)
+ {
+ return NULL;
+ }
+
+ if(chdir(dir) < 0)
+ {
+ LogMessage("Can't change to directory: %s\n", dir);
+ free(savedir);
+ return NULL;
+ }
+
+ dirp = CurrentWorkingDir();
+
+ if(dirp == NULL)
+ {
+ LogMessage("Unable to access current directory\n");
+ free(savedir);
+ return NULL;
+ }
+ else
+ {
+ strncpy(buf, dirp, PATH_MAX_UTIL);
+ buf[PATH_MAX_UTIL] = '\0';
+ }
+
+ if(chdir(savedir) < 0)
+ {
+ LogMessage("Can't change back to directory: %s\n", dir);
+ free(savedir);
+ return NULL;
+ }
+
+ free(savedir);
+ return (char *) buf;
+}
+
+
+#ifndef WIN32
+/* very slow sort - do not use at runtime! */
+SF_LIST * SortDirectory(const char *path)
+{
+ SF_LIST *dir_entries;
+ DIR *dir;
+ struct dirent *direntry;
+ int ret = 0;
+
+ if (path == NULL)
+ return NULL;
+
+ dir_entries = sflist_new();
+ if (dir_entries == NULL)
+ {
+ ErrorMessage("Could not allocate new list for directory entries\n");
+ return NULL;
+ }
+
+ dir = opendir(path);
+ if (dir == NULL)
+ {
+ ErrorMessage("Error opening directory: %s: %s\n",
+ path, strerror(errno));
+ sflist_free_all(dir_entries, free);
+ return NULL;
+ }
+
+ /* Reset errno since we'll be checking it unconditionally */
+ errno = 0;
+
+ while ((direntry = readdir(dir)) != NULL)
+ {
+ char *node_entry_name, *dir_entry_name;
+ SF_LNODE *node;
+
+ dir_entry_name = SnortStrdup(direntry->d_name);
+
+ for (node = sflist_first_node(dir_entries);
+ node != NULL;
+ node = sflist_next_node(dir_entries))
+ {
+ node_entry_name = (char *)node->ndata;
+ if (strcmp(dir_entry_name, node_entry_name) < 0)
+ break;
+ }
+
+ if (node == NULL)
+ ret = sflist_add_tail(dir_entries, (NODE_DATA)dir_entry_name);
+ else
+ ret = sflist_add_before(dir_entries, node, (NODE_DATA)dir_entry_name);
+
+ if (ret == -1)
+ {
+ ErrorMessage("Error adding directory entry to list\n");
+ sflist_free_all(dir_entries, free);
+ closedir(dir);
+ return NULL;
+ }
+ }
+
+ if (errno != 0)
+ {
+ ErrorMessage("Error reading directory: %s: %s\n",
+ path, strerror(errno));
+ errno = 0;
+ sflist_free_all(dir_entries, free);
+ closedir(dir);
+ return NULL;
+ }
+
+ closedir(dir);
+
+ return dir_entries;
+}
+
+int GetFilesUnderDir(const char *path, SF_QUEUE *dir_queue, const char *filter)
+{
+ SF_LIST *dir_entries;
+ char *direntry;
+ int ret = 0;
+ int num_files = 0;
+
+ if ((path == NULL) || (dir_queue == NULL))
+ return -1;
+
+ dir_entries = SortDirectory(path);
+ if (dir_entries == NULL)
+ {
+ ErrorMessage("Error sorting entries in directory: %s\n", path);
+ return -1;
+ }
+
+ for (direntry = (char *)sflist_first(dir_entries);
+ direntry != NULL;
+ direntry = (char *)sflist_next(dir_entries))
+ {
+ char path_buf[PATH_MAX];
+ struct stat file_stat;
+
+ /* Don't look at dot files */
+ if (strncmp(".", direntry, 1) == 0)
+ continue;
+
+ ret = SnortSnprintf(path_buf, PATH_MAX, "%s%s%s",
+ path, path[strlen(path) - 1] == '/' ? "" : "/", direntry);
+ if (ret == SNORT_SNPRINTF_TRUNCATION)
+ {
+ ErrorMessage("Error copying file to buffer: Path too long\n");
+ sflist_free_all(dir_entries, free);
+ return -1;
+ }
+ else if (ret != SNORT_SNPRINTF_SUCCESS)
+ {
+ ErrorMessage("Error copying file to buffer\n");
+ sflist_free_all(dir_entries, free);
+ return -1;
+ }
+
+ ret = stat(path_buf, &file_stat);
+ if (ret == -1)
+ {
+ ErrorMessage("Could not stat file: %s: %s\n",
+ path_buf, strerror(errno));
+ sflist_free_all(dir_entries, free);
+ return -1;
+ }
+
+ if (file_stat.st_mode & S_IFDIR)
+ {
+ ret = GetFilesUnderDir(path_buf, dir_queue, filter);
+ if (ret == -1)
+ {
+ sflist_free_all(dir_entries, free);
+ return -1;
+ }
+
+ num_files += ret;
+ }
+ else if (file_stat.st_mode & S_IFREG)
+ {
+ if ((filter == NULL) || (fnmatch(filter, direntry, 0) == 0))
+ {
+ char *file = SnortStrdup(path_buf);
+
+ ret = sfqueue_add(dir_queue, (NODE_DATA)file);
+ if (ret == -1)
+ {
+ ErrorMessage("Could not append item to list: %s\n", file);
+ free(file);
+ sflist_free_all(dir_entries, free);
+ return -1;
+ }
+
+ num_files++;
+ }
+ }
+ }
+
+ sflist_free_all(dir_entries, free);
+
+ return num_files;
+}
+#endif
+
+/****************************************************************************
+ *
+ * Function: GetUniqueName(char * iface)
+ *
+ * Purpose: To return a string that has a high probability of being unique
+ * for a given sensor.
+ *
+ * Arguments: char * iface - The network interface you are sniffing
+ *
+ * Returns: A char * -- its a static char * so you should not free it
+ *
+ ***************************************************************************/
+char *GetUniqueName(char * iface)
+{
+ char * rptr;
+ static char uniq_name[256];
+
+ if (iface == NULL) LogMessage("Interface is NULL. Name may not be unique for the host\n");
+#ifndef WIN32
+ rptr = GetIP(iface);
+ if(rptr == NULL || !strcmp(rptr, "unknown"))
+#endif
+ {
+ SnortSnprintf(uniq_name, 255, "%s:%s\n",GetHostname(),iface);
+ rptr = uniq_name;
+ }
+ if (ScLogVerbose()) LogMessage("Node unique name is: %s\n", rptr);
+ return rptr;
+}
+
+/****************************************************************************
+ *
+ * Function: GetIP(char * iface)
+ *
+ * Purpose: To return a string representing the IP address for an interface
+ *
+ * Arguments: char * iface - The network interface you want to find an IP
+ * address for.
+ *
+ * Returns: A char * -- make sure you call free on this when you are done
+ * with it.
+ *
+ ***************************************************************************/
+char *GetIP(char * iface)
+{
+ struct ifreq ifr;
+ struct sockaddr_in *addr;
+ int s;
+#ifdef SUP_IP6
+ sfip_t ret;
+#endif
+
+ if(iface)
+ {
+ /* Set up a dummy socket just so we can use ioctl to find the
+ ip address of the interface */
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if(s == -1)
+ {
+ FatalError("Problem establishing socket to find IP address for interface: %s\n", iface);
+ }
+
+ SnortStrncpy(ifr.ifr_name, iface, strlen(iface) + 1);
+
+#ifndef WIN32
+ if(ioctl(s, SIOCGIFADDR, &ifr) < 0) return NULL;
+ else
+#endif
+ {
+ addr = (struct sockaddr_in *) &ifr.ifr_broadaddr;
+ }
+ close(s);
+
+#ifdef SUP_IP6
+// XXX-IPv6 uses ioctl to populate a sockaddr_in structure ... but what if the interface only has an IPv6 address?
+ sfip_set_raw(&ret, addr, AF_INET);
+ return SnortStrdup(sfip_ntoa(&ret));
+#else
+ return SnortStrdup(inet_ntoa(addr->sin_addr));
+#endif
+ }
+ else
+ {
+ return "unknown";
+ }
+}
+
+/****************************************************************************
+ *
+ * Function: GetHostname()
+ *
+ * Purpose: To return a string representing the hostname
+ *
+ * Arguments: None
+ *
+ * Returns: A static char * representing the hostname.
+ *
+ ***************************************************************************/
+char *GetHostname(void)
+{
+#ifdef WIN32
+ DWORD bufflen = 256;
+ static char buff[256];
+ GetComputerName(buff, &bufflen);
+ return buff;
+#else
+ char * error = "unknown";
+ if(getenv("HOSTNAME")) return getenv("HOSTNAME");
+ else if(getenv("HOST")) return getenv("HOST");
+ else return error;
+#endif
+}
+
+/****************************************************************************
+ *
+ * Function: GetTimestamp(register const struct timeval *tvp, int tz)
+ *
+ * Purpose: Get an ISO-8601 formatted timestamp for tvp within the tz
+ * timezone.
+ *
+ * Arguments: tvp is a timeval pointer. tz is a timezone.
+ *
+ * Returns: char * -- You must free this char * when you are done with it.
+ *
+ ***************************************************************************/
+char *GetTimestamp(register const struct timeval *tvp, int tz)
+{
+ struct tm *lt; /* localtime */
+ char * buf;
+ int msec;
+
+ buf = (char *)SnortAlloc(SMALLBUFFER * sizeof(char));
+
+ msec = tvp->tv_usec / 1000;
+
+ if (ScOutputUseUtc())
+ {
+ lt = gmtime((time_t *)&tvp->tv_sec);
+ SnortSnprintf(buf, SMALLBUFFER, "%04i-%02i-%02i %02i:%02i:%02i.%03i",
+ 1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday,
+ lt->tm_hour, lt->tm_min, lt->tm_sec, msec);
+ }
+ else
+ {
+ lt = localtime((time_t *)&tvp->tv_sec);
+ SnortSnprintf(buf, SMALLBUFFER,
+ "%04i-%02i-%02i %02i:%02i:%02i.%03i+%03i",
+ 1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday,
+ lt->tm_hour, lt->tm_min, lt->tm_sec, msec, tz);
+ }
+
+ return buf;
+}
+
+/****************************************************************************
+ *
+ * Function: GetLocalTimezone()
+ *
+ * Purpose: Find the offset from GMT for current host
+ *
+ * Arguments: none
+ *
+ * Returns: int representing the offset from GMT
+ *
+ ***************************************************************************/
+int GetLocalTimezone(void)
+{
+ time_t ut;
+ struct tm * ltm;
+ long seconds_away_from_utc;
+
+ time(&ut);
+ ltm = localtime(&ut);
+
+#if defined(WIN32) || defined(SOLARIS) || defined(AIX) || defined(HPUX)
+ /* localtime() sets the global timezone variable,
+ which is defined in <time.h> */
+ seconds_away_from_utc = timezone;
+#else
+ seconds_away_from_utc = ltm->tm_gmtoff;
+#endif
+
+ return seconds_away_from_utc/3600;
+}
+
+/****************************************************************************
+ *
+ * Function: GetCurrentTimestamp()
+ *
+ * Purpose: Generate an ISO-8601 formatted timestamp for the current time.
+ *
+ * Arguments: none
+ *
+ * Returns: char * -- You must free this char * when you are done with it.
+ *
+ ***************************************************************************/
+char *GetCurrentTimestamp(void)
+{
+ struct tm *lt;
+ struct timezone tz;
+ struct timeval tv;
+ struct timeval *tvp;
+ char * buf;
+ int tzone;
+ int msec;
+
+ buf = (char *)SnortAlloc(SMALLBUFFER * sizeof(char));
+
+ bzero((char *)&tz,sizeof(tz));
+ gettimeofday(&tv,&tz);
+ tvp = &tv;
+
+ msec = tvp->tv_usec/1000;
+
+ if (ScOutputUseUtc())
+ {
+ lt = gmtime((time_t *)&tvp->tv_sec);
+ SnortSnprintf(buf, SMALLBUFFER, "%04i-%02i-%02i %02i:%02i:%02i.%03i",
+ 1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday,
+ lt->tm_hour, lt->tm_min, lt->tm_sec, msec);
+ }
+ else
+ {
+ lt = localtime((time_t *)&tvp->tv_sec);
+
+ tzone = GetLocalTimezone();
+
+ SnortSnprintf(buf, SMALLBUFFER,
+ "%04i-%02i-%02i %02i:%02i:%02i.%03i+%03i",
+ 1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday,
+ lt->tm_hour, lt->tm_min, lt->tm_sec, msec, tzone);
+ }
+
+ return buf;
+}
+
+/****************************************************************************
+ * Function: base64(char * xdata, int length)
+ *
+ * Purpose: Insert data into the database
+ *
+ * Arguments: xdata => pointer to data to base64 encode
+ * length => how much data to encode
+ *
+ * Make sure you allocate memory for the output before you pass
+ * the output pointer into this function. You should allocate
+ * (1.5 * length) bytes to be safe.
+ *
+ * Returns: data base64 encoded as a char *
+ *
+ ***************************************************************************/
+char * base64(const u_char * xdata, int length)
+{
+ int count, cols, bits, c, char_count;
+ unsigned char alpha[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; /* 64 bytes */
+ char * payloadptr;
+ char * output;
+ char_count = 0;
+ bits = 0;
+ cols = 0;
+
+ output = (char *)SnortAlloc( ((unsigned int) (length * 1.5 + 4)) * sizeof(char) );
+
+ payloadptr = output;
+
+ for(count = 0; count < length; count++)
+ {
+ c = xdata[count];
+
+ if(c > 255)
+ {
+ ErrorMessage("plugbase.c->base64(): encountered char > 255 (decimal %d)\n If you see this error message a char is more than one byte on your machine\n This means your base64 results can not be trusted", c);
+ }
+
+ bits += c;
+ char_count++;
+
+ if(char_count == 3)
+ {
+ *output = alpha[bits >> 18]; output++;
+ *output = alpha[(bits >> 12) & 0x3f]; output++;
+ *output = alpha[(bits >> 6) & 0x3f]; output++;
+ *output = alpha[bits & 0x3f]; output++;
+ cols += 4;
+ if(cols == 72)
+ {
+ *output = '\n'; output++;
+ cols = 0;
+ }
+ bits = 0;
+ char_count = 0;
+ }
+ else
+ {
+ bits <<= 8;
+ }
+ }
+
+ if(char_count != 0)
+ {
+ bits <<= 16 - (8 * char_count);
+ *output = alpha[bits >> 18]; output++;
+ *output = alpha[(bits >> 12) & 0x3f]; output++;
+ if(char_count == 1)
+ {
+ *output = '='; output++;
+ *output = '='; output++;
+ }
+ else
+ {
+ *output = alpha[(bits >> 6) & 0x3f];
+ output++; *output = '=';
+ output++;
+ }
+ }
+ *output = '\0';
+ return payloadptr;
+}
+
+/****************************************************************************
+ *
+ * Function: ascii(u_char *xdata, int length)
+ *
+ * Purpose: This function takes takes a buffer "xdata" and its length then
+ * returns a string of only the printable ASCII characters.
+ *
+ * Arguments: xdata is the buffer, length is the length of the buffer in
+ * bytes
+ *
+ * Returns: char * -- You must free this char * when you are done with it.
+ *
+ ***************************************************************************/
+char *ascii(const u_char *xdata, int length)
+{
+ char *d_ptr, *ret_val;
+ int i,count = 0;
+ int size;
+
+ if(xdata == NULL)
+ {
+ return NULL;
+ }
+
+ for(i=0;i<length;i++)
+ {
+ if(xdata[i] == '<')
+ count+=4; /* &lt; */
+ else if(xdata[i] == '&')
+ count+=5; /* &amp; */
+ else if(xdata[i] == '>') /* &gt; */
+ count += 4;
+ }
+
+ size = length + count + 1;
+ ret_val = (char *) calloc(1,size);
+
+ if(ret_val == NULL)
+ {
+ LogMessage("plugbase.c: ascii(): Out of memory, can't log anything!\n");
+ return NULL;
+ }
+
+ d_ptr = ret_val;
+
+ for(i=0;i<length;i++)
+ {
+ if((xdata[i] > 0x1F) && (xdata[i] < 0x7F))
+ {
+ if(xdata[i] == '<')
+ {
+ SnortStrncpy(d_ptr, "&lt;", size - (d_ptr - ret_val));
+ d_ptr+=4;
+ }
+ else if(xdata[i] == '&')
+ {
+ SnortStrncpy(d_ptr, "&amp;", size - (d_ptr - ret_val));
+ d_ptr += 5;
+ }
+ else if(xdata[i] == '>')
+ {
+ SnortStrncpy(d_ptr, "&gt;", size - (d_ptr - ret_val));
+ d_ptr += 4;
+ }
+ else
+ {
+ *d_ptr++ = xdata[i];
+ }
+ }
+ else
+ {
+ *d_ptr++ = '.';
+ }
+ }
+
+ *d_ptr++ = '\0';
+
+ return ret_val;
+}
+
+/****************************************************************************
+ *
+ * Function: hex(u_char *xdata, int length)
+ *
+ * Purpose: This function takes takes a buffer "xdata" and its length then
+ * returns a string of hex with no spaces
+ *
+ * Arguments: xdata is the buffer, length is the length of the buffer in
+ * bytes
+ *
+ * Returns: char * -- You must free this char * when you are done with it.
+ *
+ ***************************************************************************/
+char *hex(const u_char *xdata, int length)
+{
+ int x;
+ char *rval = NULL;
+ char *buf = NULL;
+
+ if (xdata == NULL)
+ return NULL;
+
+ buf = (char *)calloc((length * 2) + 1, sizeof(char));
+
+ if (buf != NULL)
+ {
+ rval = buf;
+
+ for (x = 0; x < length; x++)
+ {
+ SnortSnprintf(buf, 3, "%02X", xdata[x]);
+ buf += 2;
+ }
+
+ rval[length * 2] = '\0';
+ }
+
+ return rval;
+}
+
+
+
+char *fasthex(const u_char *xdata, int length)
+{
+ char conv[] = "0123456789ABCDEF";
+ char *retbuf = NULL;
+ const u_char *index;
+ const u_char *end;
+ char *ridx;
+
+ index = xdata;
+ end = xdata + length;
+ retbuf = (char *)SnortAlloc(((length * 2) + 1) * sizeof(char));
+ ridx = retbuf;
+
+ while(index < end)
+ {
+ *ridx++ = conv[((*index & 0xFF)>>4)];
+ *ridx++ = conv[((*index & 0xFF)&0x0F)];
+ index++;
+ }
+
+ return retbuf;
+}
+
+/*
+ * Fatal Integer Parser
+ * Ascii to Integer conversion with fatal error support
+ */
+long int xatol(const char *s , const char *etext)
+{
+ long int val;
+ char *endptr;
+ char *default_error = "xatol() error\n";
+
+ if (etext == NULL)
+ etext = default_error;
+
+ if (s == NULL)
+ FatalError("%s: String is NULL\n", etext);
+
+ while (isspace((int)*s))
+ s++;
+
+ if (strlen(s) == 0)
+ FatalError("%s: String is empty\n", etext);
+
+
+ /*
+ * strtoul - errors on win32 : ERANGE (VS 6.0)
+ * errors on linux : ERANGE, EINVAL
+ * (for EINVAL, unsupported base which won't happen here)
+ */
+ val = SnortStrtol(s, &endptr, 0);
+
+ if ((errno == ERANGE) || (*endptr != '\0'))
+ FatalError("%s: Invalid integer input: %s\n", etext, s);
+
+ return val;
+}
+
+/*
+ * Fatal Integer Parser
+ * Ascii to Integer conversion with fatal error support
+ */
+unsigned long int xatou(const char *s , const char *etext)
+{
+ unsigned long int val;
+ char *endptr;
+ char *default_error = "xatou() error\n";
+
+ if (etext == NULL)
+ etext = default_error;
+
+ if (s == NULL)
+ FatalError("%s: String is NULL\n", etext);
+
+ while (isspace((int)*s))
+ s++;
+
+ if (strlen(s) == 0)
+ FatalError("%s: String is empty\n", etext);
+
+ if (*s == '-')
+ {
+ FatalError("%s: Invalid unsigned integer - negative sign found, "
+ "input: %s\n", etext, s);
+ }
+
+
+ /*
+ * strtoul - errors on win32 : ERANGE (VS 6.0)
+ * errors on linux : ERANGE, EINVAL
+ */
+ val = SnortStrtoul(s, &endptr, 0);
+
+ if ((errno == ERANGE) || (*endptr != '\0'))
+ FatalError("%s: Invalid integer input: %s\n", etext, s);
+
+ return val;
+}
+
+unsigned long int xatoup(const char *s , const char *etext)
+{
+ unsigned long int val = xatou(s, etext);
+ if ( !val )
+ FatalError("%s: must be > 0\n", etext);
+ return val;
+}
+
+#ifndef SUP_IP6
+char * ObfuscateIpToText(const struct in_addr ip_addr)
+#else
+char * ObfuscateIpToText(sfip_t *ip)
+#endif
+{
+ static char ip_buf1[INET6_ADDRSTRLEN];
+ static char ip_buf2[INET6_ADDRSTRLEN];
+ static int buf_num = 0;
+ int buf_size = INET6_ADDRSTRLEN;
+ char *ip_buf;
+#ifndef SUP_IP6
+ uint32_t ip = ip_addr.s_addr;
+#endif
+
+ if (buf_num)
+ ip_buf = ip_buf2;
+ else
+ ip_buf = ip_buf1;
+
+ buf_num ^= 1;
+ ip_buf[0] = 0;
+
+#ifndef SUP_IP6
+ if (ip == 0)
+ return ip_buf;
+
+ if (snort_conf->obfuscation_net == 0)
+ {
+ /* Fully obfuscate - just use 'x' */
+ SnortSnprintf(ip_buf, buf_size, "xxx.xxx.xxx.xxx");
+ }
+ else
+ {
+ if (snort_conf->homenet != 0)
+ {
+ if ((ip & snort_conf->netmask) == snort_conf->homenet)
+ ip = snort_conf->obfuscation_net | (ip & snort_conf->obfuscation_mask);
+ }
+ else
+ {
+ ip = snort_conf->obfuscation_net | (ip & snort_conf->obfuscation_mask);
+ }
+
+ SnortSnprintf(ip_buf, buf_size, "%s", inet_ntoa(*((struct in_addr *)&ip)));
+ }
+
+#else
+ if (ip == NULL)
+ return ip_buf;
+
+ if (!IS_SET(snort_conf->obfuscation_net))
+ {
+ if (IS_IP6(ip))
+ SnortSnprintf(ip_buf, buf_size, "x:x:x:x::x:x:x:x");
+ else
+ SnortSnprintf(ip_buf, buf_size, "xxx.xxx.xxx.xxx");
+ }
+ else
+ {
+ sfip_t tmp;
+ char *tmp_buf;
+
+ IP_COPY_VALUE(tmp, ip);
+
+ if (IS_SET(snort_conf->homenet))
+ {
+ if (sfip_contains(&snort_conf->homenet, &tmp) == SFIP_CONTAINS)
+ sfip_obfuscate(&snort_conf->obfuscation_net, &tmp);
+ }
+ else
+ {
+ sfip_obfuscate(&snort_conf->obfuscation_net, &tmp);
+ }
+
+ tmp_buf = sfip_to_str(&tmp);
+ SnortSnprintf(ip_buf, buf_size, "%s", tmp_buf);
+ }
+#endif
+
+ return ip_buf;
+}
+
+void PrintPacketData(const uint8_t *data, const uint32_t len)
+{
+ uint32_t i, j;
+ uint32_t total_len = 0;
+ uint8_t hex_buf[16];
+ uint8_t char_buf[16];
+ char *length_chars = " 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15\n"
+ "------------------------------------------------------\n";
+
+ LogMessage("%s", length_chars);
+
+ for (i = 0; i <= len; i++)
+ {
+ if ((i%16 == 0) && (i != 0))
+ {
+ LogMessage("%04x ", total_len);
+ total_len += 16;
+
+ for (j = 0; j < 16; j++)
+ {
+ LogMessage("%02x ", hex_buf[j]);
+ if (j == 7)
+ LogMessage(" ");
+ }
+
+ LogMessage(" ");
+
+ for (j = 0; j < 16; j++)
+ {
+ LogMessage("%c", char_buf[j]);
+ if (j == 7)
+ LogMessage(" ");
+ }
+
+ LogMessage("\n");
+ }
+
+ if (i == len)
+ break;
+
+ hex_buf[i%16] = data[i];
+
+ if (isprint((int)data[i]))
+ char_buf[i%16] = data[i];
+ else
+ char_buf[i%16] = '.';
+ }
+
+ if ((i-total_len) > 0)
+ {
+ LogMessage("%04x ", total_len);
+
+ for (j = 0; j < i-total_len; j++)
+ {
+ LogMessage("%02x ", hex_buf[j]);
+ if (j == 7)
+ LogMessage(" ");
+ }
+
+ if (j < 8)
+ LogMessage(" ");
+ LogMessage("%*s", (16-j)*3, "");
+ LogMessage(" ");
+
+ for (j = 0; j < i-total_len; j++)
+ {
+ LogMessage("%c", char_buf[j]);
+ if (j == 7)
+ LogMessage(" ");
+ }
+ }
+
+ LogMessage("\n");
+}
+
diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.c b/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.c
new file mode 100644
index 00000000..121920fc
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.c
@@ -0,0 +1,462 @@
+/*
+*
+* Copyright (c) 2006 Antonio Benojar <zz.stalker@gmail.com>
+* Copyright (c) 2005 Antonio Benojar <zz.stalker@gmail.com>
+*
+* Copyright (c) 2003, 2004 Armin Wolfermann:
+*
+* s2c_pf_block and s2c_pf_unblock functions are based
+* in Armin's Wolfermann pftabled-1.03 functions.
+*
+* All rights reserved.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+*
+* 1. Redistributions of source code must retain the above copyright
+* notice, this list of conditions and the following disclaimer.
+*
+* 2. Redistributions in binary form must reproduce the above copyright
+* notice, this list of conditions and the following disclaimer in the
+* documentation and/or other materials provided with the distribution.
+*
+* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+/*
+ TODO
+
+ - num. max ips.
+ - ipwhitelisting structure
+ - best ip regex expr
+*/
+
+
+#ifndef LIST_END
+#define LIST_END(head) NULL
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "event.h"
+#include "decode.h"
+#include "plugbase.h"
+#include "spo_plugbase.h"
+#include "debug.h"
+#include "parser.h"
+#include "util.h"
+#include "log.h"
+#include "mstring.h"
+
+#include "snort.h"
+
+#include "spo_pf.h"
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <arpa/inet.h>
+#include <errno.h>
+
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/queue.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <net/if.h>
+#include <net/pfvar.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <err.h>
+#include <unistd.h>
+#include <regex.h>
+
+#define PFDEVICE "/dev/pf"
+
+typedef struct _SpoAlertPfData {
+ FILE *wlfile;
+ char *pftable;
+ int fd;
+ struct wlist_head head;
+} SpoAlertPfData;
+
+void AlertPfInit(u_char *);
+SpoAlertPfData *ParseAlertPfArgs(char *);
+void AlertPf(Packet *, char *, void *, Event *);
+void AlertPfCleanExit(int, void *);
+void AlertPfRestart(int, void *);
+
+int s2c_pf_init(void);
+int s2c_pf_block(int, char *, char *, int);
+int s2c_pf_intbl(int, char *, int);
+
+int s2c_parse_line(char *, FILE*);
+int s2c_parse_load_wl(FILE*, struct wlist_head*, int);
+int s2c_parse_search_wl(char *, struct wlist_head);
+int s2c_parse_free_wl(struct wlist_head*);
+int s2c_parse_ip(char *, char *, int);
+
+
+void AlertPfSetup(void)
+{
+ RegisterOutputPlugin("alert_pf", OUTPUT_TYPE_FLAG__ALERT, AlertPfInit);
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT,"Output plugin: AlertPf is setup...\n"););
+}
+
+void AlertPfInit(u_char *args)
+{
+ SpoAlertPfData *data;
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Output: AlertPf Initialized\n"););
+
+ data = ParseAlertPfArgs(args);
+
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT,"Linking AlertPf functions to call lists...\n"););
+
+ AddFuncToOutputList(AlertPf, OUTPUT_TYPE_FLAG__ALERT, data);
+ AddFuncToCleanExitList(AlertPfCleanExit, data);
+ AddFuncToRestartList(AlertPfRestart, data);
+}
+
+
+void AlertPf(Packet *p, char *msg, void *arg, Event *event)
+{
+ SpoAlertPfData *data = (SpoAlertPfData *)arg;
+ char *ip;
+ int ret;
+
+ DEBUG_WRAP(DebugMessage(DEBUG_LOG, "spoink block'n!!\n"););
+
+ ip = inet_ntoa(p->iph->ip_src);
+
+ if (ip == NULL)
+ FatalError("AlertPf() => inet_ntoa() = NULL\n", strerror(errno));
+
+ ret = s2c_parse_search_wl(ip, data->head);
+
+ if (ret == 0)
+ s2c_pf_block(data->fd, data->pftable, inet_ntoa(p->iph->ip_src), 0);
+
+ return;
+}
+
+SpoAlertPfData *ParseAlertPfArgs(char *args)
+{
+ char **toks;
+ int num_toks;
+ SpoAlertPfData *data;
+
+ int res = 0;
+
+ data = (SpoAlertPfData *)SnortAlloc(sizeof(SpoAlertPfData));
+
+ if(args == NULL)
+ FatalError("Unable to load pf args\n", strerror(errno));
+
+ data->fd = s2c_pf_init();
+
+ if (data->fd == -1)
+ FatalError("s2c_pf_init() => no pf device\n");
+
+ DEBUG_WRAP(DebugMessage(DEBUG_LOG,"ParseAlertPfArgs: %s\n", args););
+
+ toks = mSplit(args, ",", 2, &num_toks, 0);
+
+ if(num_toks <= 1)
+ FatalError("snort.conf => You must supply TWO arguments for the pf plugin...\n", strerror(errno));
+
+ if(strstr(toks[0], "..") != NULL)
+ FatalError("snort.conf => File definition contains \"..\". Do not do that!\n");
+
+ data->wlfile = fopen(toks[0], "r");
+
+ if (data->wlfile == NULL)
+ FatalError("snort.conf => Unable to open whitelist file\n", strerror(errno));
+
+ if (toks[1] == NULL)
+ FatalError("snort.conf => No pf table defined\n", strerror(errno));
+ else
+ data->pftable = toks[1];
+
+ if (s2c_pf_intbl(data->fd, data->pftable, 0) == 0)
+ FatalError("pf.conf => Table %s don't exists in packet filter\n", data->pftable, strerror(errno));
+
+ res = s2c_parse_load_wl(data->wlfile, &data->head, 0);
+ if (res == -1)
+ FatalError("snort.conf => Unable to load whitelist\n", strerror(errno));
+
+ return data;
+}
+
+void AlertPfCleanExit(int signal, void *arg)
+{
+ SpoAlertPfData *data = (SpoAlertPfData *)arg;
+ DEBUG_WRAP(DebugMessage(DEBUG_LOG,"AlertPfCleanExit\n"););
+
+ s2c_parse_free_wl(&data->head);
+ fclose(data->wlfile);
+ close(data->fd);
+
+ free(data);
+}
+
+void AlertPfRestart(int signal, void *arg)
+{
+ SpoAlertPfData *data = (SpoAlertPfData *)arg;
+ DEBUG_WRAP(DebugMessage(DEBUG_LOG,"AlertPfRestart\n"););
+
+ s2c_parse_free_wl(&data->head);
+ fclose(data->wlfile);
+ close(data->fd);
+
+ free(data);
+}
+
+
+int s2c_pf_init(void)
+{
+ return(open(PFDEVICE, O_RDWR));
+}
+
+int s2c_pf_block(int dev, char *tablename, char *ip, int debug)
+{
+
+ struct pfioc_table io;
+ struct pfr_table table;
+ struct pfr_addr addr;
+ struct in_addr *net_addr=NULL;
+
+ memset(&io, 0x00, sizeof(struct pfioc_table));
+ memset(&table, 0x00, sizeof(struct pfr_table));
+ memset(&addr, 0x00, sizeof(struct pfr_addr));
+
+ strlcpy(table.pfrt_name, tablename, PF_TABLE_NAME_SIZE);
+ net_addr=(struct in_addr*)malloc(sizeof(struct in_addr));
+
+ if (net_addr == NULL )
+ FatalError("s2c_pf_block() => malloc()\n", strerror(errno));
+
+ inet_aton(ip, (struct in_addr *)&net_addr);
+ memcpy(&addr.pfra_ip4addr.s_addr, &net_addr, sizeof(struct in_addr));
+
+ addr.pfra_af = AF_INET;
+ addr.pfra_net = 32;
+
+ io.pfrio_table = table;
+ io.pfrio_buffer = &addr;
+ io.pfrio_esize = sizeof(struct pfr_addr);
+ io.pfrio_size = 1;
+
+ if (ioctl(dev, DIOCRADDADDRS, &io))
+ FatalError("s2c_pf_block() => ioctl() DIOCRADDADDRS\n", strerror(errno));
+
+ return(0);
+}
+
+int s2c_pf_intbl(int dev, char * tablename, int debug)
+{
+ int i;
+ struct pfioc_table io;
+ struct pfr_table *table_aux = NULL;
+
+ memset(&io, 0x00, sizeof(struct pfioc_table));
+
+ io.pfrio_buffer = table_aux;
+ io.pfrio_esize = sizeof(struct pfr_table);
+ io.pfrio_size = 0;
+
+ if(ioctl(dev, DIOCRGETTABLES, &io))
+ FatalError("s2c_pf_intbl() => ioctl() DIOCRGETTABLES\n", strerror(errno));
+
+ table_aux = (struct pfr_table*)malloc(sizeof(struct pfr_table)*io.pfrio_size);
+
+ if (table_aux == NULL)
+ FatalError("s2c_pf_intbl() => malloc()\n", strerror(errno));
+
+ io.pfrio_buffer = table_aux;
+ io.pfrio_esize = sizeof(struct pfr_table);
+
+ if(ioctl(dev, DIOCRGETTABLES, &io))
+ FatalError("s2c_pf_intbl() => ioctl() DIOCRGETTABLES\n", strerror(errno));
+
+ for(i=0; i< io.pfrio_size; i++) {
+ if (!strcmp(table_aux[i].pfrt_name, tablename))
+ return 1;
+ }
+
+ return 0;
+
+}
+
+
+int s2c_parse_line(char buf[WLMAX] , FILE* wfile)
+{
+ static char next_ch = ' ';
+ int i = 0;
+
+ if (feof(wfile)) {
+ return (0);
+ }
+ do {
+ next_ch = fgetc(wfile);
+ if (i < WLMAX)
+ buf[i++] = next_ch;
+ } while (!feof(wfile) && !isspace(next_ch));
+ if (i >= WLMAX) {
+ return (-1);
+ }
+
+ buf[i] = '\0';
+ return (1);
+}
+
+
+int s2c_parse_load_wl(FILE *wfile, struct wlist_head *head, int debug)
+{
+
+ char cad[WLMAX];
+ char ret[WLMAX];
+ struct ipwlist *ipw2, *ipw1 = NULL;
+ struct flock lock;
+
+ if (wfile == NULL)
+ FatalError("s2c_parse_load_wl() => Unable to open whitelist file\n", strerror(errno));
+
+ memset(&lock, 0x00, sizeof(struct flock));
+ lock.l_type = F_RDLCK;
+ fcntl(fileno(wfile), F_SETLKW, &lock);
+
+ LIST_INIT(head);
+
+ if (s2c_parse_line(cad, wfile) == 1) {
+ if (s2c_parse_ip(cad, ret, debug) == 1) {
+ ipw1 = (struct ipwlist*)malloc(sizeof(struct ipwlist));
+ if (ipw1 == NULL)
+ FatalError("s2c_parse_load_wl() => malloc()\n", strerror(errno));
+ inet_aton(ret, &ipw1->waddr);
+ LIST_INSERT_HEAD(head, ipw1, elem);
+
+ } else {
+ FatalError("s2c_parse_load_wl() => Invalid data in whitelist file\n", strerror(errno));
+ }
+ }
+
+ while(s2c_parse_line(cad, wfile) == 1) {
+ if (s2c_parse_ip(cad, ret, debug) == 1) {
+ ipw2 = (struct ipwlist*)malloc(sizeof(struct ipwlist));
+ if (ipw2 == NULL)
+ FatalError("s2c_parse_load_wl() => malloc()\n", strerror(errno));
+ inet_aton(ret, &ipw2->waddr);
+ LIST_INSERT_AFTER(ipw1, ipw2, elem);
+ ipw1 = ipw2;
+ } else {
+ break;
+ }
+
+ }
+
+ lock.l_type = F_UNLCK;
+ fcntl(fileno(wfile), F_SETLKW, &lock);
+
+ return (0);
+}
+
+/* XXX: optimize */
+
+int
+s2c_parse_search_wl(char *ip, struct wlist_head wl)
+{
+ struct ipwlist *aux2;
+ char *ip_aux, ip1[IPMAX], ip2[IPMAX];
+ int ret;
+
+ strlcpy(ip1, ip, sizeof(ip1));
+
+ for(aux2=wl.lh_first; aux2 !=NULL; aux2=aux2->elem.le_next) {
+ ip_aux = inet_ntoa(aux2->waddr);
+ strlcpy(ip2, ip_aux, sizeof(ip2));
+ ret = strcmp(ip1, ip2);
+
+ if (ret == 0)
+ return 1;
+ }
+ return (0);
+}
+
+
+int s2c_parse_free_wl(struct wlist_head *wl)
+{
+ struct ipwlist *aux, *aux2;
+ for(aux = LIST_FIRST(wl); aux != LIST_END(wl); aux = aux2) {
+ aux2 = LIST_NEXT(aux, elem);
+ LIST_REMOVE(aux, elem);
+ free(aux);
+ }
+ if (LIST_EMPTY(wl)) {
+ return (1);
+ } else {
+ FatalError("s2c_parse_free_wl() => Unable to free whitelist\n", strerror(errno));
+ return (0);
+ }
+}
+
+/* XXX: too much complex ? */
+
+int s2c_parse_ip(char *cad, char ret[WLMAX], int debug)
+{
+ int len;
+ unsigned int enc=1;
+ regex_t *expr;
+ regmatch_t *resultado;
+ expr = (regex_t*)malloc(sizeof(regex_t));
+
+ bzero(ret, WLMAX);
+
+ if (expr == NULL)
+ FatalError("s2c_parse_ip() => malloc()\n", strerror(errno));
+
+ resultado = (regmatch_t*)malloc(sizeof(regmatch_t));
+
+ if (resultado == NULL)
+ FatalError("s2c_parse_ip() => malloc()\n", strerror(errno));
+
+ if (regcomp(expr, REG_ADDR, REG_EXTENDED) !=0)
+ FatalError("s2c_parse_ip() => regcomp()\n", strerror(errno));
+
+ if (regexec(expr, cad, 1, resultado, 0) !=0)
+ enc=0;
+
+ if (enc !=0) {
+ len = resultado->rm_eo - resultado->rm_so;
+ memcpy(ret, cad + resultado->rm_so, len);
+ ret[len]='\0';
+ }
+
+ free(resultado);
+ regfree(expr);
+
+ if(enc)
+ return (1);
+ else {
+ errno = EINVAL;
+ return (0);
+ }
+}
diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.h b/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.h
new file mode 100644
index 00000000..af07dacd
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.h
@@ -0,0 +1,60 @@
+/*
+*
+* Copyright (c) 2006 Antonio Benojar <zz.stalker@gmail.com>
+* Copyright (c) 2005 Antonio Benojar <zz.stalker@gmail.com>
+*
+* All rights reserved.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+*
+* 1. Redistributions of source code must retain the above copyright
+* notice, this list of conditions and the following disclaimer.
+*
+* 2. Redistributions in binary form must reproduce the above copyright
+* notice, this list of conditions and the following disclaimer in the
+* documentation and/or other materials provided with the distribution.
+*
+* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef __SPO_PF_H__
+#define __SPO_PF_H__
+
+#include <sys/queue.h>
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <fcntl.h>
+#include <net/if.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdio.h>
+
+#define WLMAX 1024
+#define IPMAX 20
+#define REG_ADDR "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}"
+
+
+struct ipwlist {
+ struct in_addr waddr;
+ LIST_ENTRY(ipwlist) elem;
+};
+
+LIST_HEAD(wlist_head, ipwlist);
+
+void AlertPfSetup(void);
+
+#endif
+
+
diff --git a/config/snort-dev/snortsam-package-code/snort.xml b/config/snort-dev/snortsam-package-code/snort.xml
new file mode 100644
index 00000000..207fae8b
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort.xml
@@ -0,0 +1,272 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ part of pfSense (http://www.pfsense.com)
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>Orion</name>
+ <version>2.9.1</version>
+ <title>Services:2.9.1 pkg v. 2.0</title>
+ <include_file>/usr/local/pkg/snort/snort_install.inc</include_file>
+ <menu>
+ <name>Orion</name>
+ <tooltiptext>Setup snort specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/snort/snort_interfaces.php</url>
+ </menu>
+ <service>
+ <name>snort</name>
+ <rcfile>snort.sh</rcfile>
+ <executable>snort</executable>
+ <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description>
+ </service>
+ <tabs>
+ </tabs>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snortDB</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snortDBrules</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snortDBtemp</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_build.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_head.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_headbase.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_install.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_new.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_help_info.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_get.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_post.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules_ips.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets_ips.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/make_snortsam_map.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item>
+ </additional_files_needed>
+ <fields>
+ </fields>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_resync_config_command>
+ sync_snort_package();
+ </custom_php_resync_config_command>
+ <custom_php_install_command>
+ snort_postinstall();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ snort_deinstall();
+ </custom_php_deinstall_command>
+</packagegui>
diff --git a/config/snort-dev/snortsam-package-code/snortDB b/config/snort-dev/snortsam-package-code/snortDB
new file mode 100644
index 00000000..c685a368
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snortDB
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/snortDBrules b/config/snort-dev/snortsam-package-code/snortDBrules
new file mode 100644
index 00000000..829a589b
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snortDBrules
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/snortDBtemp b/config/snort-dev/snortsam-package-code/snortDBtemp
new file mode 100644
index 00000000..56ab2842
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snortDBtemp
Binary files differ
diff --git a/config/snort-dev/snortsam-package-code/snort_alerts.php b/config/snort-dev/snortsam-package-code/snort_alerts.php
new file mode 100644
index 00000000..3cb79c5c
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_alerts.php
@@ -0,0 +1,189 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');
+
+$alertnumber = $generalSettings['alertnumber'];
+
+$arefresh_on = ($generalSettings['arefresh'] == 'on' ? 'checked' : '');
+
+ $pgtitle = "Services: Snort: Alerts";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <tr id="maintable" data-options='{"pagetable":"SnortSettings"}'> <!-- db to lookup -->
+ <td colspan="2" valign="top" class="listtopic" width="21%">Last 255 Alert Entries</td>
+ <td colspan="2" valign="top" class="listtopic">Latest Alert Entries Are Listed First</td>
+ </tr>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="vncell2" valign="center" width="21%"><span class="vexpl">Save or Remove Logs</span></td>
+ <td class="vtable" width="40%">
+ <form id="iform" >
+ <input name="snortlogsdownload" type="submit" class="formbtn" value="Download" >
+ <input type="hidden" name="snortlogsdownload" value="1" />
+ <span class="vexpl">Save All Log Files.</span>
+ </form>
+ </td>
+ <td class="vtable">
+ <form id="iform2" >
+ <input name="snortlogsdelete" type="submit" class="formbtn" value="Clear" onclick="return confirm('Do you really want to remove all your logs ? All Snort Logs will be removed !')" >
+ <input type="hidden" name="snortlogsdelete" value="1" />
+ <span class="vexpl red"><strong>Warning:</strong></span><span class="vexpl"> all logs will be deleted.</span>
+ </form>
+ </td>
+ <div class="hiddendownloadlink"></div>
+ </tr>
+ <tr>
+ <td class="vncell2" valign="center"><span class="vexpl">Auto Refresh and Log View</span></td>
+ <td class="vtable">
+ <form id="iform3" >
+ <input name="save" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ <input name="arefresh" id="arefresh" type="checkbox" value="on" <?=htmlspecialchars($arefresh_on);?> >
+ <span class="vexpl">Auto Refresh</span>
+ <span class="vexpl"><strong>Default ON</strong>.</span>
+ </td>
+ <td class="vtable">
+ <input name="alertnumber" type="text" class="formfld2" id="alertnumber" size="5" value="<?=htmlspecialchars($alertnumber);?>" >
+ <span class="vexpl">Limit entries to view. <strong>Default 250</strong>.</span>
+
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDB" /> <!-- what db -->
+ <input type="hidden" name="dbTable" value="SnortSettings" /> <!-- what db table -->
+ <input type="hidden" name="ifaceTab" value="snort_alerts" /> <!-- what interface tab -->
+
+ </form>
+ </td>
+ </tr>
+ </table>
+
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_barnyard.php b/config/snort-dev/snortsam-package-code/snort_barnyard.php
new file mode 100644
index 00000000..1cd2113b
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_barnyard.php
@@ -0,0 +1,289 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+ echo 'error: no uuid';
+ exit(0);
+}
+
+
+$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+
+ if (!is_array($a_list))
+ {
+ $a_list = array();
+ }
+
+
+
+ $pgtitle = "Snort: Interface: Barnyard2 Edit";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+<!-- START page custom script -->
+<script language="JavaScript">
+
+// start a jQuery sand box
+jQuery(document).ready(function() {
+
+ // START disable option for snort_interfaces_edit.php
+ endis = !(jQuery('input[name=barnyard_enable]:checked').val());
+
+ disableInputs=new Array(
+ "barnyard_mysql",
+ "barnconfigpassthru",
+ "dce_rpc",
+ "dns_preprocessor",
+ "ftp_preprocessor",
+ "http_inspect",
+ "other_preprocs",
+ "perform_stat",
+ "sf_portscan",
+ "smtp_preprocessor"
+ );
+
+
+ jQuery('[name=interface]').attr('disabled', 'true');
+
+
+ if (endis)
+ {
+ for (var i = 0; i < disableInputs.length; i++)
+ {
+ jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true');
+ }
+ }
+
+ jQuery("input[name=barnyard_enable]").live('click', function() {
+
+ endis = !(jQuery('input[name=barnyard_enable]:checked').val());
+
+ if (endis)
+ {
+ for (var i = 0; i < disableInputs.length; i++)
+ {
+ jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true');
+ }
+ }else{
+ for (var i = 0; i < disableInputs.length; i++)
+ {
+ jQuery('[name=' + disableInputs[i] + ']').removeAttr('disabled');
+ }
+ }
+
+
+ });
+ // STOP disable option for snort_interfaces_edit.php
+
+
+}); // end of on ready
+
+</script>
+
+
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_rulesets_ips.php?uuid=<?=$uuid;?>"><span>Ruleset Ips</span></a></li>
+ <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li>
+ <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <form id="iform" >
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDB" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_barnyard" /> <!-- what interface tab -->
+ <input name="uuid" type="hidden" value="<?=$uuid; ?>">
+
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Barnyard2 Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Enable</td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_enable" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['barnyard_enable'] == 'on' || $a_list['barnyard_enable'] == '' ? 'checked' : '';?> >
+ <span class="vexpl"><strong>Enable Barnyard2 on this Interface</strong><br>
+ This will enable barnyard2 for this interface. You will also have to set the database credentials.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formfld" >
+ <option value="wan" selected><?=strtoupper($a_list['interface']); ?></option>
+ </select>
+ <br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Mysql Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="100" value="<?=$a_list['barnyard_mysql']; ?>">
+ <br>
+ <span class="vexpl">Example: output database: alert, mysql, dbname=snort user=snort host=localhost password=xyz<br>
+ Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Advanced Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Advanced configuration pass through</td>
+ <td width="78%" class="vtable">
+ <textarea name="barnconfigpassthru" cols="75" rows="12" id="barnconfigpassthru" class="formpre2"><?=$a_list['barnconfigpassthru']; ?></textarea>
+ <br>
+ <span class="vexpl">Arguments here will be automatically inserted into the running barnyard2 configuration.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input type="button" class="formbtn" value="Cancel" >
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ Please save your settings befor you click start.</span>
+ </td>
+ </tr>
+
+
+ </form>
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_blocked.php b/config/snort-dev/snortsam-package-code/snort_blocked.php
new file mode 100644
index 00000000..fdc12480
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_blocked.php
@@ -0,0 +1,193 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+
+$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');
+
+$blertnumber = $generalSettings['blertnumber'];
+
+$brefresh_on = ($generalSettings['brefresh'] == 'on' ? 'checked' : '');
+
+ $pgtitle = "Services: Snort Blocked Hosts";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <tr id="maintable" data-options='{"pagetable":"SnortSettings"}'> <!-- db to lookup -->
+ <td width="22%" colspan="0" class="listtopic">Last 500 Blocked.</td>
+ <td class="listtopic">This page lists hosts that have been blocked by Snort.&nbsp;&nbsp;Hosts are removed every <strong>hour</strong>.</td>
+ </tr>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="vncell2" valign="center" width="22%"><span class="vexpl">Save or Remove Hosts</span></td>
+ <td width="40%" class="vtable">
+ <form id="iform" >
+ <input name="snortblockedlogsdownload" type="submit" class="formbtn" value="Download" >
+ <input type="hidden" name="snortblockedlogsdownload" value="1" />
+ <span class="vexpl">Save All Blocked Hosts</span>
+ </form>
+ </td>
+ <td class="vtable">
+ <form id="iform2" >
+ <input name="remove" type="submit" class="formbtn" value="Clear" onclick="return confirm('Do you really want to remove all blocked hosts ? All Blocked Hosts will be removed !')" >
+ <input type="hidden" name="snortflushpftable" value="1" />
+ <span class="vexpl red"><strong>Warning:</strong></span><span class="vexpl"> all hosts will be removed.</span>
+ </form>
+ </td>
+
+ <div class="hiddendownloadlink">
+ </div>
+
+ </tr>
+ <tr>
+ <td class="vncell2" valign="center"><span class="vexpl">Auto Refresh and Log View</span></td>
+ <td class="vtable">
+ <form id="iform3" >
+ <input name="save" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ <span class="vexpl">Auto Refresh</span>
+ <input name="brefresh" id="brefresh" type="checkbox" value="on" <?=$brefresh_on; ?> >
+ <span class="vexpl"><strong>Default ON</strong>.</span>
+ </td>
+ <td class="vtable">
+ <input name="blertnumber" type="text" class="formfld2" id="blertnumber" size="5" value="<?=$blertnumber;?>" >
+ <span class="vexpl">Limit entries to view. <strong>Default 500</strong>.</span>
+
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDB" /> <!-- what db -->
+ <input type="hidden" name="dbTable" value="SnortSettings" /> <!-- what db table -->
+ <input type="hidden" name="ifaceTab" value="snort_blocked" /> <!-- what interface tab -->
+
+ </form>
+ </td>
+ </tr>
+ </table>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_build.inc b/config/snort-dev/snortsam-package-code/snort_build.inc
new file mode 100644
index 00000000..2c18d3d3
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_build.inc
@@ -0,0 +1,1288 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+// unset crsf checks
+if(isset($_POST['__csrf_magic'])) {
+ unset($_POST['__csrf_magic']);
+}
+
+
+/*
+ * Builds sid-block.map for snortsam
+ * May have to break this down into smaller funcs so that there is no namespace conflick
+ */
+function buildSnortSamSidBlockMap($rdbuuid)
+{
+
+
+ function buildSidMap($rdbuuid)
+ {
+ // list rules in the default dir
+ $filterDirList = array();
+ $filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules');
+
+ // list rules in db that are on in a array
+ $listOnRules = array();
+ $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSetsIps', 'rdbuuid', $rdbuuid);
+
+ // list rules in db that are on in a array
+ $listGenRules = array();
+ $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid);
+
+ // get sigs in db
+ $listSigRules = array();
+ $listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid);
+
+ // clear tmp db
+ exec('rm /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/*.rules');
+
+ foreach ($listOnRules as $listRule)
+ {
+ if ( $listRule['enable'] === 'on' ) {
+ exec('cp /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules/' . $listRule['rulesetname'] . ' /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/' . $listRule['rulesetname']);
+ }
+ }
+
+ // get list of sids
+ exec('perl /usr/local/bin/make_snortsam_map.pl /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/', $getEnableSidArray);
+
+ // make sidMapFile lines 1023: src, 15 min
+ // remember to chech is Gen enable is on
+ foreach ( getCurrentIpsRuleArray($getEnableSidArray) as $sidLineMap )
+ {
+
+ $snortSigIpsExists = snortSearchArray($listSigRules, 'siguuid', $sidLineMap[0]);
+
+ // if sig is in db use its settings else use default settings
+ if(!empty($snortSigIpsExists['siguuid'])) {
+
+ $getSid = $snortSigIpsExists['siguuid'];
+ $getEnable = $snortSigIpsExists['enable'];
+ $getWho = $snortSigIpsExists['who'];
+ $getTimeamount = $snortSigIpsExists['timeamount'];
+ $getTimetype = $snortSigIpsExists['timetype'];
+
+ }else{
+
+ $getSid = $sidLineMap[0];
+ $getEnable = $listGenRules[0]['enable'];
+ $getWho = $listGenRules[0]['who'];
+ $getTimeamount = $listGenRules[0]['timeamount'];
+ $getTimetype = $listGenRules[0]['timetype'];
+
+ }
+
+
+ if ( $getEnable === 'on' ) {
+ $newMapFileLine[] = $getSid . ': ' . $getWho . ', ' . $getTimeamount . ' ' . $getTimetype . "\n";
+ }
+
+ } // END forech
+
+ return $newMapFileLine;
+ } // END buildSidMap Func
+
+ write_rule_file(buildSidMap($rdbuuid), '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/sid-block.map');
+
+} // END Func buildSnortSidBlockMap
+
+// -------------------------- START snort.conf -------------------------
+
+/* func builds custom whitelests */
+function build_base_whitelist($lanip, $wanip, $wangw, $wandns, $vips, $vpns, $userwhtips, $netlist) {
+
+ // bring in settings from /etc/inc
+ global $config;
+
+ /* build an interface array list */
+ if ($lanip === 'on') {
+ $int_array = array('lan');
+ for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
+ {
+ if(isset($config['interfaces']['opt' . $j]['enable']))
+ if(isset($config['interfaces']['opt' . $j]['gateway']))
+ $int_array[] = "opt{$j}";
+ }
+
+ /* iterate through interface list and write out whitelist items
+ * and also compile a home_net list for snort.
+ */
+ foreach($int_array as $int)
+ {
+ /* calculate interface subnet information */
+ $ifcfg = $config['interfaces'][$int];
+ $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
+ $subnetmask = gen_subnet_mask($ifcfg['subnet']);
+ if($subnet == "pppoe" or $subnet == "dhcp") {
+ $subnet = find_interface_ip("ng0");
+ if($subnet) {
+ $home_net .= "{$subnet} ";
+ }
+ } else {
+ if ($subnet)
+ if($ifcfg['subnet'])
+ $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
+ }
+ }
+ }
+
+ if($wanip === 'on') {
+ // add all WAN ips to the whitelist
+ $wan_if = get_real_wan_interface();
+ $ip = find_interface_ip($wan_if);
+ if($ip) {
+ $home_net .= "{$ip} ";
+ }
+ }
+
+ if($wangw === 'on') {
+ // Add Gateway on WAN interface to whitelist (For RRD graphs)
+ $gw = get_interface_gateway('wan');
+ if($gw) {
+ $home_net .= "{$gw} ";
+ }
+ }
+
+ if($wandns === 'on') {
+ // Add DNS server for WAN interface to whitelist
+ $dns_servers = get_dns_servers();
+ foreach($dns_servers as $dns) {
+ if($dns) {
+ $home_net .= "{$dns} ";
+ }
+ }
+ }
+
+ // TESTING: NEEDED 06202011
+ if($vips === 'on') {
+ // iterate all vips and add to whitelist
+ if($config['virtualip'])
+ foreach($config['virtualip']['vip'] as $vip)
+ if($vip['subnet'])
+ $home_net .= $vip['subnet'] . " ";
+ }
+
+ // TESTING: NEEDED 06202011
+ // grab a list of vpns and whitelist if user desires added by nestorfish 954
+ if($vpns == 'on') {
+ // chk what pfsense version were on
+ if ($pfsense_stable == 'yes') {
+ $vpns_list = get_vpns_list();
+ }
+
+ // chk what pfsense version were on
+ if ($pfsense_stable == 'no') {
+ $vpns_list = filter_get_vpns_list();
+ }
+
+ if (!empty($vpns_list)) {
+ $home_net .= "$vpns_list ";
+ }
+ }
+
+ // Add homenet, NETLIST
+ if($userwhtips == 'on') {
+
+ $whitelistArray = snortSql_fetchAllSettings('snortDB', 'SnortWhitelistips', 'filename', $netlist);
+
+ foreach ($whitelistArray as $whiteListIp)
+ {
+ $home_net .= $whiteListIp['ip'] . ' ';
+ }
+
+ }
+
+ // Add loopback to whitelist (ftphelper)
+ if ($lanip === 'on') {
+ $home_net .= '127.0.0.1';
+ }
+
+ // remove empty spaces
+ $home_net = trim($home_net);
+
+ // this is for snort.conf
+ $home_net = str_replace(' ', ',', $home_net);
+ // by Thrae, helps people with more than one gateway, breaks snort as is
+ $home_net = str_replace(',,', ',', $home_net);
+
+ if ($lanip !== 'on') {
+
+ $snortHomeNetPieces = explode(',', $home_net);
+ $home_net = '';
+
+ $i = 1;
+ $homeNetPieceCount = count($snortHomeNetPieces);
+ foreach ($snortHomeNetPieces as $homeNetPiece)
+ {
+ if (!empty($homeNetPiece) && $homeNetPieceCount !== $i) {
+ $home_net .= $homeNetPiece . ',';
+ }else{
+ $home_net .= $homeNetPiece . '';
+ }
+
+ $i++;
+ }
+
+ }
+
+ return $home_net;
+}
+
+
+
+function create_snort_homenet($snortNet, $getSnortHomeNet) {
+
+ if ($snortNet === 'homenet') {
+
+ $listName = $getSnortHomeNet['homelistname'];
+
+ if ($listName == 'default' || empty($listName)) {
+ return build_base_whitelist('on','on', 'on', 'on', 'on', 'on', 'off', '');
+ }else{
+ $getSnortWhitelist = snortSql_fetchAllSettings('snortDB', 'SnortWhitelist', 'filename', $listName);
+ return build_base_whitelist('on', $getSnortWhitelist[0]['wanips'], $getSnortWhitelist[0]['wangateips'], $getSnortWhitelist[0]['wandnsips'], $getSnortWhitelist[0]['vips'], $getSnortWhitelist[0]['vpnips'], 'on', $listName);
+ }
+ }
+
+ if ($snortNet === 'externalnet') {
+ $listName = $getSnortHomeNet['externallistname'];
+ return build_base_whitelist('off', 'off', 'off', 'off', 'off', 'off', 'on', $listName);
+ }
+
+}
+
+function generate_snort_conf($uuid)
+{
+
+ // Iface main setings
+ $ifaceSettingsArray = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+
+ // custom home nets
+ // might need to make this same ass homenet
+ $home_net = '[' . create_snort_homenet('homenet', $ifaceSettingsArray) . ']';
+
+ if ($ifaceSettingsArray['externallistname'] === 'default'){
+ $external_net = '!$HOME_NET';
+ }else{
+ $external_net = '[' . create_snort_homenet('externalnet', $ifaceSettingsArray) . ']';
+ }
+
+ // obtain external interface
+ // XXX: make multi wan friendly
+ $snort_ext_int = $ifaceSettingsArray['interface'];
+
+ // user added arguments
+ $snort_config_pass_thru = str_replace("\r", '', base64_decode($ifaceSettingsArray['configpassthru']));
+
+ // define basic log filename
+ $snortunifiedlogbasic_type = "output unified: filename snort_{$ifaceSettingsArray['uuid']}.log, limit 128";
+
+ // define snortalertlogtype
+ $snortalertlogtype = $ifaceSettingsArray['snortalertlogtype'];
+
+ if ($snortalertlogtype == 'fast' || $snortalertlogtype == 'full') {
+ $snortalertlogtype_type = "output alert_{$snortalertlogtype}: alert";
+ }else{
+ $snortalertlogtype_type = '';
+ }
+
+ // define alertsystemlog
+ $alertsystemlog_info_chk = $ifaceSettingsArray['alertsystemlog'];
+ if ($alertsystemlog_info_chk == on) {
+ $alertsystemlog_type = "output alert_syslog: log_alert";
+ }
+
+ // define tcpdumplog
+ $tcpdumplog_info_chk = $ifaceSettingsArray['tcpdumplog'];
+ if ($tcpdumplog_info_chk == on) {
+ $tcpdumplog_type = "output log_tcpdump: snort_{$ifaceSettingsArray['uuid']}.tcpdump";
+ }
+
+ // define snortunifiedlog
+ $snortunifiedlog_info_chk = $ifaceSettingsArray['snortunifiedlog'];
+ if ($snortunifiedlog_info_chk == on) {
+ $snortunifiedlog_type = "output unified2: filename snort_{$ifaceSettingsArray['uuid']}.u2, limit 128";
+ }
+
+ // define snortsam
+ $snortsam_info_chk = $ifaceSettingsArray['blockoffenders7'];
+ if ($snortsam_info_chk === 'on') {
+ $snortsam_type = "output alert_fwsam: 127.0.0.1:786/snortsam1234";
+ }else{
+ $snortsam_type = '';
+ }
+
+ /* define threshold file */
+ $threshold_info_chk = $ifaceSettingsArray['suppresslistname'];
+ if ($threshold_info_chk !== 'default') {
+
+ $threshold_info_chk = "include /usr/local/etc/snort/suppress/{$threshold_info_chk}";
+ }
+
+ /* define servers and ports snortdefservers */
+ /* def DNS_SERVSERS */
+ $def_dns_servers_info_chk = $ifaceSettingsArray['def_dns_servers'];
+ if (empty($def_dns_servers_info_chk)) {
+ $def_dns_servers_type = '$HOME_NET';
+ }else{
+ $def_dns_servers_type = "$def_dns_servers_info_chk";
+ }
+
+ /* def DNS_PORTS */
+ $def_dns_ports_info_chk = $ifaceSettingsArray['def_dns_ports'];
+ if (empty($def_dns_ports_info_chk)) {
+ $def_dns_ports_type = '53';
+ }else{
+ $def_dns_ports_type = "$def_dns_ports_info_chk";
+ }
+
+ /* def SMTP_SERVSERS */
+ $def_smtp_servers_info_chk = $ifaceSettingsArray['def_smtp_servers'];
+ if (empty($def_smtp_servers_info_chk)) {
+ $def_smtp_servers_type = '$HOME_NET';
+ }else{
+ $def_smtp_servers_type = $def_smtp_servers_info_chk;
+ }
+
+ /* def SMTP_PORTS */
+ $def_smtp_ports_info_chk = $ifaceSettingsArray['def_smtp_ports'];
+ if (empty($def_smtp_ports_info_chk)) {
+ $def_smtp_ports_type = '25';
+ }else{
+ $def_smtp_ports_type = $def_smtp_ports_info_chk;
+ }
+
+ /* def MAIL_PORTS */
+ $def_mail_ports_info_chk = $ifaceSettingsArray['def_mail_ports'];
+ if (empty($def_mail_ports_info_chk)) {
+ $def_mail_ports_type = '25,143,465,691';
+ }else{
+ $def_mail_ports_type = $def_mail_ports_info_chk;
+ }
+
+ /* def HTTP_SERVSERS */
+ $def_http_servers_info_chk = $ifaceSettingsArray['def_http_servers'];
+ if (empty($def_http_servers_info_chk)) {
+ $def_http_servers_type = '$HOME_NET';
+ }else{
+ $def_http_servers_type = $def_http_servers_info_chk;
+ }
+
+ /* def WWW_SERVSERS */
+ $def_www_servers_info_chk = $ifaceSettingsArray['def_www_servers'];
+ if (empty($def_www_servers_info_chk)) {
+ $def_www_servers_type = '$HOME_NET';
+ }else{
+ $def_www_servers_type = $def_www_servers_info_chk;
+ }
+
+ /* def HTTP_PORTS */
+ $def_http_ports_info_chk = $ifaceSettingsArray['def_http_ports'];
+ if (empty($def_http_ports_info_chk)) {
+ $def_http_ports_type = '80';
+ }else{
+ $def_http_ports_type = $def_http_ports_info_chk;
+ }
+
+ /* def SQL_SERVSERS */
+ $def_sql_servers_info_chk = $ifaceSettingsArray['def_sql_servers'];
+ if (empty($def_sql_servers_info_chk)) {
+ $def_sql_servers_type = '$HOME_NET';
+ }else{
+ $def_sql_servers_type = $def_sql_servers_info_chk;
+ }
+
+ /* def ORACLE_PORTS */
+ $def_oracle_ports_info_chk = $ifaceSettingsArray['def_oracle_ports'];
+ if (empty($def_oracle_ports_info_chk)) {
+ $def_oracle_ports_type = '1521';
+ }else{
+ $def_oracle_ports_type = $def_oracle_ports_info_chk;
+ }
+
+ /* def MSSQL_PORTS */
+ $def_mssql_ports_info_chk = $ifaceSettingsArray['def_mssql_ports'];
+ if (empty($def_mssql_ports_info_chk)) {
+ $def_mssql_ports_type = '1433';
+ }else{
+ $def_mssql_ports_type = $def_mssql_ports_info_chk;
+ }
+
+ /* def TELNET_SERVSERS */
+ $def_telnet_servers_info_chk = $ifaceSettingsArray['def_telnet_servers'];
+ if (empty($def_telnet_servers_info_chk)) {
+ $def_telnet_servers_type = '$HOME_NET';
+ }else{
+ $def_telnet_servers_type = $def_telnet_servers_info_chk;
+ }
+
+ /* def TELNET_PORTS */
+ $def_telnet_ports_info_chk = $ifaceSettingsArray['def_telnet_ports'];
+ if (empty($def_telnet_ports_info_chk)) {
+ $def_telnet_ports_type = '23';
+ }else{
+ $def_telnet_ports_type = $def_telnet_ports_info_chk;
+ }
+
+ /* def SNMP_SERVSERS */
+ $def_snmp_servers_info_chk = $ifaceSettingsArray['def_snmp_servers'];
+ if (empty($def_snmp_servers_info_chk)) {
+ $def_snmp_servers_type = '$HOME_NET';
+ }else{
+ $def_snmp_servers_type = $def_snmp_servers_info_chk;
+ }
+
+ /* def SNMP_PORTS */
+ $def_snmp_ports_info_chk = $ifaceSettingsArray['def_snmp_ports'];
+ if (empty($def_snmp_ports_info_chk)) {
+ $def_snmp_ports_type = '161';
+ }else{
+ $def_snmp_ports_type = $def_snmp_ports_info_chk;
+ }
+
+ /* def FTP_SERVSERS */
+ $def_ftp_servers_info_chk = $ifaceSettingsArray['def_ftp_servers'];
+ if (empty($def_ftp_servers_info_chk)) {
+ $def_ftp_servers_type = '$HOME_NET';
+ }else{
+ $def_ftp_servers_type = $def_ftp_servers_info_chk;
+ }
+
+ /* def FTP_PORTS */
+ $def_ftp_ports_info_chk = $ifaceSettingsArray['def_ftp_ports'];
+ if (empty($def_ftp_ports_info_chk)) {
+ $def_ftp_ports_type = '21';
+ }else{
+ $def_ftp_ports_type = $def_ftp_ports_info_chk;
+ }
+
+ /* def SSH_SERVSERS */
+ $def_ssh_servers_info_chk = $ifaceSettingsArray['def_ssh_servers'];
+ if (empty($def_ssh_servers_info_chk)) {
+ $def_ssh_servers_type = '$HOME_NET';
+ }else{
+ $def_ssh_servers_type = $def_ssh_servers_info_chk;
+ }
+
+ /* if user has defined a custom ssh port, use it */
+ if($config['system']['ssh']['port']) {
+ $ssh_port = $config['system']['ssh']['port'];
+ }else{
+ $ssh_port = '22';
+ }
+
+ /* def SSH_PORTS */
+ $def_ssh_ports_info_chk = $ifaceSettingsArray['def_ssh_ports'];
+ if (empty($def_ssh_ports_info_chk)) {
+ $def_ssh_ports_type = $ssh_port;
+ }else{
+ $def_ssh_ports_type = $def_ssh_ports_info_chk;
+ }
+
+ /* def POP_SERVSERS */
+ $def_pop_servers_info_chk = $ifaceSettingsArray['def_pop_servers'];
+ if (empty($def_pop_servers_info_chk)) {
+ $def_pop_servers_type = '$HOME_NET';
+ }else{
+ $def_pop_servers_type = $def_pop_servers_info_chk;
+ }
+
+ /* def POP2_PORTS */
+ $def_pop2_ports_info_chk = $ifaceSettingsArray['def_pop2_ports'];
+ if (empty($def_pop2_ports_info_chk)) {
+ $def_pop2_ports_type = '109';
+ }else{
+ $def_pop2_ports_type = $def_pop2_ports_info_chk;
+ }
+
+ /* def POP3_PORTS */
+ $def_pop3_ports_info_chk = $ifaceSettingsArray['def_pop3_ports'];
+ if (empty($def_pop3_ports_info_chk)) {
+ $def_pop3_ports_type = '110';
+ }else{
+ $def_pop3_ports_type = $def_pop3_ports_info_chk;
+ }
+
+ /* def IMAP_SERVSERS */
+ $def_imap_servers_info_chk = $ifaceSettingsArray['def_imap_servers'];
+ if (empty($def_imap_servers_info_chk)) {
+ $def_imap_servers_type = '$HOME_NET';
+ }else{
+ $def_imap_servers_type = $def_imap_servers_info_chk;
+ }
+
+ /* def IMAP_PORTS */
+ $def_imap_ports_info_chk = $ifaceSettingsArray['def_imap_ports'];
+ if (empty($def_imap_ports_info_chk)) {
+ $def_imap_ports_type = '143';
+ }else{
+ $def_imap_ports_type = $def_imap_ports_info_chk;
+ }
+ /* def SIP_PROXY_IP */
+ $def_sip_proxy_ip_info_chk = $ifaceSettingsArray['def_sip_proxy_ip'];
+ if (empty($def_sip_proxy_ip_info_chk)) {
+ $def_sip_proxy_ip_type = '$HOME_NET';
+ }else{
+ $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
+ }
+
+ /* def SIP_PROXY_PORTS */
+ $def_sip_proxy_ports_info_chk = $ifaceSettingsArray['def_sip_proxy_ports'];
+ if (empty($def_sip_proxy_ports_info_chk)) {
+ $def_sip_proxy_ports_type = '5060:5090,16384:32768';
+ }else{
+ $def_sip_proxy_ports_type = $def_sip_proxy_ports_info_chk;
+ }
+
+ /* def AUTH_PORTS */
+ $def_auth_ports_info_chk = $ifaceSettingsArray['def_auth_ports'];
+ if (empty($def_auth_ports_info_chk)) {
+ $def_auth_ports_type = '113';
+ }else{
+ $def_auth_ports_type = $def_auth_ports_info_chk;
+ }
+
+ /* def FINGER_PORTS */
+ $def_finger_ports_info_chk = $ifaceSettingsArray['def_finger_ports'];
+ if (empty($def_finger_ports_info_chk)) {
+ $def_finger_ports_type = "79";
+ }else{
+ $def_finger_ports_type = $def_finger_ports_info_chk;
+ }
+
+ /* def IRC_PORTS */
+ $def_irc_ports_info_chk = $ifaceSettingsArray['def_irc_ports'];
+ if (empty($def_irc_ports_info_chk)) {
+ $def_irc_ports_type = '6665,6666,6667,6668,6669,7000';
+ }else{
+ $def_irc_ports_type = $def_irc_ports_info_chk;
+ }
+
+ /* def NNTP_PORTS */
+ $def_nntp_ports_info_chk = $ifaceSettingsArray['def_nntp_ports'];
+ if (empty($def_nntp_ports_info_chk)) {
+ $def_nntp_ports_type = '119';
+ }else{
+ $def_nntp_ports_type = $def_nntp_ports_info_chk;
+ }
+
+ /* def RLOGIN_PORTS */
+ $def_rlogin_ports_info_chk = $ifaceSettingsArray['def_rlogin_ports'];
+ if (empty($def_rlogin_ports_info_chk)) {
+ $def_rlogin_ports_type = '513';
+ }else{
+ $def_rlogin_ports_type = $def_rlogin_ports_info_chk;
+ }
+
+ /* def RSH_PORTS */
+ $def_rsh_ports_info_chk = $ifaceSettingsArray['def_rsh_ports'];
+ if (empty($def_rsh_ports_info_chk)) {
+ $def_rsh_ports_type = '514';
+ }else{
+ $def_rsh_ports_type = $def_rsh_ports_info_chk;
+ }
+
+ /* def SSL_PORTS */
+ $def_ssl_ports_info_chk = $ifaceSettingsArray['def_ssl_ports'];
+ if (empty($def_ssl_ports_info_chk)) {
+ $def_ssl_ports_type = '443,465,563,636,989,990,992,993,994,995';
+ }else{
+ $def_ssl_ports_type = $def_ssl_ports_info_chk;
+ }
+
+ /* should we install a automatic update crontab entry?
+ $automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7'];
+
+ // if user is on pppoe, we really want to use ng0 interface
+ if(isset($config['interfaces'][$snort_ext_int]['ipaddr']) && ($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe"))
+ $snort_ext_int = "ng0";
+
+ // set the snort performance model */
+ if($ifaceSettingsArray['performance']) {
+ $snort_performance = $ifaceSettingsArray['performance'];
+ }else{
+ $snort_performance = "ac-bnfa";
+ }
+
+ // list rules in db that are on in a array
+ $listEnabled_rulesets = array();
+ $listEnabled_rulesets = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'rdbuuid', $ifaceSettingsArray['ruledbname']);
+
+ $listCurntDirRules = array();
+ $listCurntDirRules = snortScanDirFilter("/usr/local/etc/snort/sn_{$uuid}/rules", '\.rules');
+ if(!empty($listEnabled_rulesets)) {
+ foreach($listEnabled_rulesets as $enabled_item)
+ {
+ if ($enabled_item['enable'] !== 'off' && in_array($enabled_item['rulesetname'], $listCurntDirRules)) {
+ $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item['rulesetname']}\n";
+ }
+ }
+ }
+
+
+ /////////////////////////////
+
+ /* preprocessor code */
+
+ /* def perform_stat */
+
+
+ $def_perform_stat_info_chk = $ifaceSettingsArray['perform_stat'];
+ if ($def_perform_stat_info_chk === 'on') {
+ $def_perform_stat_type = "preprocessor perfmonitor: time 300 file /var/log/snort/sn_{$ifaceSettingsArray['uuid']}.stats pktcnt 10000";
+ }else{
+ $def_perform_stat_type = '';
+ }
+
+ $def_flow_depth_info_chk = $ifaceSettingsArray['flow_depth'];
+ if (empty($def_flow_depth_info_chk)) {
+ $def_flow_depth_type = '0';
+ }else{
+ $def_flow_depth_type = $ifaceSettingsArray['flow_depth'];
+ }
+
+ /* def http_inspect */
+ $snort_http_inspect = <<<EOD
+#################
+ #
+# HTTP Inspect #
+ #
+#################
+
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+
+preprocessor http_inspect_server: server default \
+ ports { 80 8080 } \
+ non_strict \
+ non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
+ flow_depth {$def_flow_depth_type} \
+ apache_whitespace no \
+ directory no \
+ iis_backslash no \
+ u_encode yes \
+ ascii no \
+ chunk_length 500000 \
+ bare_byte yes \
+ double_decode yes \
+ iis_unicode no \
+ iis_delimiter no \
+ multi_slash no
+
+EOD;
+
+ $def_http_inspect_info_chk = $ifaceSettingsArray['http_inspect'];
+ if ($def_http_inspect_info_chk === 'on') {
+ $def_http_inspect_type = $snort_http_inspect;
+ }else{
+ $def_http_inspect_type = '';
+ }
+
+
+ /* def other_preprocs */
+ $snort_other_preprocs = <<<EOD
+##################
+ #
+# Other preprocs #
+ #
+##################
+
+preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
+preprocessor bo
+
+EOD;
+
+ $def_other_preprocs_info_chk = $ifaceSettingsArray['other_preprocs'];
+ if ($def_other_preprocs_info_chk === 'on') {
+ $def_other_preprocs_type = $snort_other_preprocs;
+ }else{
+ $def_other_preprocs_type = '';
+ }
+
+ /* def ftp_preprocessor */
+ $snort_ftp_preprocessor = <<<EOD
+#####################
+ #
+# ftp preprocessor #
+ #
+#####################
+
+preprocessor ftp_telnet: global \
+inspection_type stateless
+
+preprocessor ftp_telnet_protocol: telnet \
+ normalize \
+ ayt_attack_thresh 200
+
+preprocessor ftp_telnet_protocol: \
+ ftp server default \
+ def_max_param_len 100 \
+ ports { 21 } \
+ ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
+ ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
+ ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
+ ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
+ ftp_cmds { FEAT CEL CMD MACB } \
+ ftp_cmds { MDTM REST SIZE MLST MLSD } \
+ ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
+ alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
+ alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
+ alt_max_param_len 256 { RNTO CWD } \
+ alt_max_param_len 400 { PORT } \
+ alt_max_param_len 512 { SIZE } \
+ chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
+ chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
+ chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
+ chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
+ chk_str_fmt { FEAT CEL CMD } \
+ chk_str_fmt { MDTM REST SIZE MLST MLSD } \
+ chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity STRU < char FRP > \
+ cmd_validity ALLO < int [ char R int ] > \
+ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
+ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+ cmd_validity PORT < host_port >
+
+preprocessor ftp_telnet_protocol: ftp client default \
+ max_resp_len 256 \
+ bounce yes \
+ telnet_cmds yes
+
+EOD;
+
+ $def_ftp_preprocessor_info_chk = $ifaceSettingsArray['ftp_preprocessor'];
+ if ($def_ftp_preprocessor_info_chk === 'on') {
+ $def_ftp_preprocessor_type = $snort_ftp_preprocessor;
+ }else{
+ $def_ftp_preprocessor_type = "";
+ }
+
+ /* def smtp_preprocessor */
+ $snort_smtp_preprocessor = <<<EOD
+#####################
+ #
+# SMTP preprocessor #
+ #
+#####################
+
+preprocessor SMTP: \
+ ports { 25 465 691 } \
+ inspection_type stateful \
+ normalize cmds \
+ valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \
+CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \
+PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ max_header_line_len 1000 \
+ max_response_line_len 512 \
+ alt_max_command_line_len 260 { MAIL } \
+ alt_max_command_line_len 300 { RCPT } \
+ alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
+ alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
+ alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \
+ alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \
+ alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
+ xlink2state { enable }
+
+EOD;
+
+ $def_smtp_preprocessor_info_chk = $ifaceSettingsArray['smtp_preprocessor'];
+ if ($def_smtp_preprocessor_info_chk === 'on') {
+ $def_smtp_preprocessor_type = $snort_smtp_preprocessor;
+ }else{
+ $def_smtp_preprocessor_type = '';
+ }
+
+ /* def sf_portscan */
+ $snort_sf_portscan = <<<EOD
+################
+ #
+# sf Portscan #
+ #
+################
+
+preprocessor sfportscan: scan_type { all } \
+ proto { all } \
+ memcap { 10000000 } \
+ sense_level { medium } \
+ ignore_scanners { \$HOME_NET }
+
+EOD;
+
+ $def_sf_portscan_info_chk = $ifaceSettingsArray['sf_portscan'];
+ if ($def_sf_portscan_info_chk === 'on') {
+ $def_sf_portscan_type = $snort_sf_portscan;
+ }else{
+ $def_sf_portscan_type = '';
+ }
+
+ /* def dce_rpc_2 */
+ $snort_dce_rpc_2 = <<<EOD
+###############
+ #
+# NEW #
+# DCE/RPC 2 #
+ #
+###############
+
+preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
+preprocessor dcerpc2_server: default, policy WinXP, \
+ detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
+ autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
+ smb_max_chain 3
+
+EOD;
+
+ $def_dce_rpc_2_info_chk = $ifaceSettingsArray['dce_rpc_2'];
+ if ($def_dce_rpc_2_info_chk === 'on') {
+ $def_dce_rpc_2_type = $snort_dce_rpc_2;
+ }else{
+ $def_dce_rpc_2_type = '';
+ }
+
+ /* def dns_preprocessor */
+ $snort_dns_preprocessor = <<<EOD
+####################
+ #
+# DNS preprocessor #
+ #
+####################
+
+preprocessor dns: \
+ ports { 53 } \
+ enable_rdata_overflow
+
+EOD;
+
+ $def_dns_preprocessor_info_chk = $ifaceSettingsArray['dns_preprocessor'];
+ if ($def_dns_preprocessor_info_chk === 'on') {
+ $def_dns_preprocessor_type = $snort_dns_preprocessor;
+ }else{
+ $def_dns_preprocessor_type = '';
+ }
+
+ /* def SSL_PORTS IGNORE */
+ $def_ssl_ports_ignore_info_chk = $ifaceSettingsArray['def_ssl_ports_ignore'];
+ if (empty($def_ssl_ports_ignore_info_chk)) {
+ $def_ssl_ports_ignore_type = 'preprocessor ssl: ports { 443 465 563 636 989 990 992 993 994 995 }, trustservers, noinspect_encrypted';
+ }else{
+ $def_ssl_ports_ignore_type = "preprocessor ssl: ports { {$def_ssl_ports_ignore_info_chk} }, trustservers, noinspect_encrypted";
+ }
+
+ /* stream5 queued settings */
+
+
+ $def_max_queued_bytes_info_chk = $ifaceSettingsArray['max_queued_bytes'];
+ if (empty($def_max_queued_bytes_info_chk)) {
+ $def_max_queued_bytes_type = '';
+ }else{
+ $def_max_queued_bytes_type = ' max_queued_bytes ' . $ifaceSettingsArray['max_queued_bytes'] . ',';
+ }
+
+ $def_max_queued_segs_info_chk = $ifaceSettingsArray['max_queued_segs'];
+ if (empty($def_max_queued_segs_info_chk)) {
+ $def_max_queued_segs_type = '';
+ }else{
+ $def_max_queued_segs_type = ' max_queued_segs ' . $ifaceSettingsArray['max_queued_segs'] . ',';
+ }
+
+
+ /* build snort configuration file */
+ /* TODO; feed back from pfsense users to reduce false positives */
+ $snort_conf_text = <<<EOD
+
+# snort configuration file
+# generated by the pfSense
+# package manager system
+# see /usr/local/pkg/snort.inc
+# for more information
+# snort.conf
+# Snort can be found at http://www.snort.org/
+#
+# Copyright (C) 2009-2010 Robert Zelaya
+# part of pfSense
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+#########################
+ #
+# Define Local Network #
+ #
+#########################
+
+var HOME_NET {$home_net}
+var EXTERNAL_NET {$external_net}
+
+###################
+ #
+# Define Servers #
+ #
+###################
+
+var DNS_SERVERS [{$def_dns_servers_type}]
+var SMTP_SERVERS [{$def_smtp_servers_type}]
+var HTTP_SERVERS [{$def_http_servers_type}]
+var SQL_SERVERS [{$def_sql_servers_type}]
+var TELNET_SERVERS [{$def_telnet_servers_type}]
+var SNMP_SERVERS [{$def_snmp_servers_type}]
+var FTP_SERVERS [{$def_ftp_servers_type}]
+var SSH_SERVERS [{$def_ssh_servers_type}]
+var POP_SERVERS [{$def_pop_servers_type}]
+var IMAP_SERVERS [{$def_imap_servers_type}]
+var RPC_SERVERS \$HOME_NET
+var WWW_SERVERS [{$def_www_servers_type}]
+var SIP_PROXY_IP [{$def_sip_proxy_ip_type}]
+var AIM_SERVERS \
+[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
+
+########################
+ #
+# Define Server Ports #
+ #
+########################
+
+portvar HTTP_PORTS [{$def_http_ports_type}]
+portvar SHELLCODE_PORTS !80
+portvar ORACLE_PORTS [{$def_oracle_ports_type}]
+portvar AUTH_PORTS [{$def_auth_ports_type}]
+portvar DNS_PORTS [{$def_dns_ports_type}]
+portvar FINGER_PORTS [{$def_finger_ports_type}]
+portvar FTP_PORTS [{$def_ftp_ports_type}]
+portvar IMAP_PORTS [{$def_imap_ports_type}]
+portvar IRC_PORTS [{$def_irc_ports_type}]
+portvar MSSQL_PORTS [{$def_mssql_ports_type}]
+portvar NNTP_PORTS [{$def_nntp_ports_type}]
+portvar POP2_PORTS [{$def_pop2_ports_type}]
+portvar POP3_PORTS [{$def_pop3_ports_type}]
+portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779]
+portvar RLOGIN_PORTS [{$def_rlogin_ports_type}]
+portvar RSH_PORTS [{$def_rsh_ports_type}]
+portvar SMB_PORTS [139,445]
+portvar SMTP_PORTS [{$def_smtp_ports_type}]
+portvar SNMP_PORTS [{$def_snmp_ports_type}]
+portvar SSH_PORTS [{$def_ssh_ports_type}]
+portvar TELNET_PORTS [{$def_telnet_ports_type}]
+portvar MAIL_PORTS [{$def_mail_ports_type}]
+portvar SSL_PORTS [{$def_ssl_ports_type}]
+portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}]
+
+# DCERPC NCACN-IP-TCP
+portvar DCERPC_NCACN_IP_TCP [139,445]
+portvar DCERPC_NCADG_IP_UDP [138,1024:]
+portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:]
+portvar DCERPC_NCACN_UDP_LONG [135,1024:]
+portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:]
+portvar DCERPC_NCACN_TCP [2103,2105,2107]
+portvar DCERPC_BRIGHTSTORE [6503,6504]
+
+#####################
+ #
+# Define Rule Paths #
+ #
+#####################
+
+var RULE_PATH /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/rules
+# var PREPROC_RULE_PATH ./preproc_rules
+
+################################
+ #
+# Configure the snort decoder #
+ #
+################################
+
+config checksum_mode: all
+config disable_decode_alerts
+config disable_tcpopt_experimental_alerts
+config disable_tcpopt_obsolete_alerts
+config disable_ttcp_alerts
+config disable_tcpopt_alerts
+config disable_ipopt_alerts
+config disable_decode_drops
+
+###################################
+ #
+# Configure the detection engine #
+# Use lower memory models #
+ #
+###################################
+
+config detection: search-method {$snort_performance} max_queue_events 5
+config event_queue: max_queue 8 log 3 order_events content_length
+
+#Configure dynamic loaded libraries
+dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/
+dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
+dynamicdetection directory /usr/local/lib/snort/dynamicrules/
+
+###################
+ #
+# Flow and stream #
+ #
+###################
+
+preprocessor frag3_global: max_frags 8192
+preprocessor frag3_engine: policy bsd detect_anomalies
+
+preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
+track_udp yes, track_icmp yes
+preprocessor stream5_tcp: policy BSD, ports both all,{$def_max_queued_bytes_type}{$def_max_queued_segs_type} use_static_footprint_sizes
+preprocessor stream5_udp:
+preprocessor stream5_icmp:
+
+##########################
+ #
+# NEW #
+# Performance Statistics #
+ #
+##########################
+
+{$def_perform_stat_type}
+
+{$def_http_inspect_type}
+
+{$def_other_preprocs_type}
+
+{$def_ftp_preprocessor_type}
+
+{$def_smtp_preprocessor_type}
+
+{$def_sf_portscan_type}
+
+############################
+ #
+# OLD #
+# preprocessor dcerpc: \ #
+# autodetect \ #
+# max_frag_size 3000 \ #
+# memcap 100000 #
+ #
+############################
+
+{$def_dce_rpc_2_type}
+
+{$def_dns_preprocessor_type}
+
+##############################
+ #
+# NEW #
+# Ignore SSL and Encryption #
+ #
+##############################
+
+{$def_ssl_ports_ignore_type}
+
+#####################
+ #
+# Snort Output Logs #
+ #
+#####################
+
+$snortunifiedlogbasic_type
+$snortalertlogtype_type
+$alertsystemlog_type
+$tcpdumplog_type
+$snortmysqllog_info_chk
+$snortunifiedlog_type
+$snortsam_type
+
+#################
+ #
+# Misc Includes #
+ #
+#################
+
+include /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/reference.config
+include /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/classification.config
+$threshold_file_name
+
+# Snort user pass through configuration
+{$snort_config_pass_thru}
+
+###################
+ #
+# Rules Selection #
+ #
+###################
+
+{$selected_rules_sections}
+
+EOD;
+
+ return $snort_conf_text;
+}
+
+
+function create_snort_conf($uuid)
+{
+ // write out snort.conf
+
+ if (!file_exists("/usr/local/etc/snort/sn_{$uuid}/snort.conf")) {
+ exec("/usr/bin/touch /usr/local/etc/snort/sn_{$uuid}/snort.conf");
+ }
+
+ $snort_conf_text = generate_snort_conf($uuid);
+
+ conf_mount_rw();
+ $conf = fopen("/usr/local/etc/snort/sn_{$uuid}/snort.conf", "w");
+ if(!$conf) {
+ log_error("Could not open /usr/local/etc/snort/sn_{$uuid}/snort.conf for writing.");
+ exit;
+ }
+
+ fwrite($conf, $snort_conf_text);
+ fclose($conf);
+ conf_mount_ro();
+
+}
+
+// create threshold.conf
+function generate_threshold_conf($uuid) {
+
+ global $config;
+
+ // Iface main setings
+ $ifaceSettingsArray = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+
+ $getSnortSuppresslist = snortSql_fetchAllSettings('snortDB', 'SnortSuppress', 'filename', $ifaceSettingsArray['suppresslistname']);
+
+ if ($ifaceSettingsArray['suppresslistname'] === 'default') {
+ $getSnortSuppressPass = '';
+ }else{
+ $getSnortSuppressPass = base64_decode($getSnortSuppresslist[0]['suppresspassthru']);
+ }
+
+
+ $snort_threshold_text = <<<EOD
+
+# snort threshold file
+# generated by the pfSense
+# package manager system
+# see /usr/local/pkg/snort_build.inc
+# for more information
+# threshold.conf
+# Snort can be found at http://www.snort.org/
+#
+# Copyright (C) 2009-2011 Robert Zelaya
+# part of pfSense
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+
+{$getSnortSuppressPass}
+
+EOD;
+
+return $snort_threshold_text;
+
+}
+
+function create_threshold_conf($uuid)
+{
+ // make sure file is there
+ if (!file_exists("/usr/local/etc/snort/sn_{$uuid}/threshold.conf")) {
+ exec("/usr/bin/touch /usr/local/etc/snort/sn_{$uuid}/threshold.conf");
+ }
+
+ $threshold_conf_text = generate_threshold_conf($uuid);
+
+ $conf = fopen("/usr/local/etc/snort/sn_{$uuid}/threshold.conf", "w");
+ if(!$conf) {
+ log_error("Could not open /usr/local/etc/snort/sn_{$uuid}/threshold.conf for writing.");
+ exit;
+ }
+
+ fwrite($conf, $threshold_conf_text);
+ fclose($conf);
+
+}
+
+function build_snort_settings($uuid) {
+
+ // create snort.conf
+ create_snort_conf($uuid);
+ // create threshold.conf
+ create_threshold_conf($uuid);
+
+}
+
+// -------------------------- END snort.conf -------------------------
+
+?>
diff --git a/config/snort-dev/snortsam-package-code/snort_define_servers.php b/config/snort-dev/snortsam-package-code/snort_define_servers.php
new file mode 100644
index 00000000..05e7709e
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_define_servers.php
@@ -0,0 +1,450 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+ echo 'error: no uuid';
+ exit(0);
+}
+
+
+$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+
+
+ $pgtitle = "Snort: Interface Define Servers:";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_rulesets_ips.php?uuid=<?=$uuid;?>"><span>Ruleset Ips</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li>
+ <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li>
+ <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <form id="iform" >
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDB" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_define_servers" /> <!-- what interface tab -->
+ <input name="uuid" type="hidden" value="<?=$uuid; ?>">
+
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl">
+ <span class="red"><strong>Note:</strong></span><br>
+ Please save your settings before you click start.<br>
+ Please make sure there are <strong>no spaces</strong> in your definitions.
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Define Servers</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_dns_servers" type="text" class="formfld" id="def_dns_servers" size="40" value="<?=$a_list['def_dns_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_dns_ports" type="text" class="formfld" id="def_dns_ports" size="40" value="<?=$a_list['def_dns_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_smtp_servers" type="text" class="formfld" id="def_smtp_servers" size="40" value="<?=$a_list['def_smtp_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_smtp_ports" type="text" class="formfld" id="def_smtp_ports" size="40" value="<?=$a_list['def_smtp_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td>
+ <td width="78%" class="vtable">
+ <input name="def_mail_ports" type="text" class="formfld" id="def_mail_ports" size="40" value="<?=$a_list['def_mail_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_http_servers" type="text" class="formfld" id="def_http_servers" size="40" value="<?=$a_list['def_http_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_www_servers" type="text" class="formfld" id="def_www_servers" size="40" value="<?=$a_list['def_www_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_http_ports" type="text" class="formfld" id="def_http_ports" size="40" value="<?=$a_list['def_http_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_sql_servers" type="text" class="formfld" id="def_sql_servers" size="40" value="<?=$a_list['def_sql_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_oracle_ports" type="text" class="formfld" id="def_oracle_ports" size="40" value="<?=$a_list['def_oracle_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_mssql_ports" type="text" class="formfld" id="def_mssql_ports" size="40" value="<?=$a_list['def_mssql_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_telnet_servers" type="text" class="formfld" id="def_telnet_servers" size="40" value="<?=$a_list['def_telnet_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_telnet_ports" type="text" class="formfld" id="def_telnet_ports" size="40" value="<?=$a_list['def_telnet_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_snmp_servers" type="text" class="formfld" id="def_snmp_servers" size="40" value="<?=$a_list['def_snmp_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_snmp_ports" type="text" class="formfld" id="def_snmp_ports" size="40" value="<?=$a_list['def_snmp_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ftp_servers" type="text" class="formfld" id="def_ftp_servers" size="40" value="<?=$a_list['def_ftp_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ftp_ports" type="text" class="formfld" id="def_ftp_ports" size="40" value="<?=$a_list['def_ftp_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ssh_servers" type="text" class="formfld" id="def_ssh_servers" size="40" value="<?=$a_list['def_ssh_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ssh_ports" type="text" class="formfld" id="def_ssh_ports" size="40" value="<?=$a_list['def_ssh_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_pop_servers" type="text" class="formfld" id="def_pop_servers" size="40" value="<?=$a_list['def_pop_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_pop2_ports" type="text" class="formfld" id="def_pop2_ports" size="40" value="<?=$a_list['def_pop2_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_pop3_ports" type="text" class="formfld" id="def_pop3_ports" size="40" value="<?=$a_list['def_pop3_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_imap_servers" type="text" class="formfld" id="def_imap_servers" size="40" value="<?=$a_list['def_imap_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_imap_ports" type="text" class="formfld" id="def_imap_ports" size="40" value="<?=$a_list['def_imap_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td>
+ <td width="78%" class="vtable">
+ <input name="def_sip_proxy_ip" type="text" class="formfld" id="def_sip_proxy_ip" size="40" value="<?=$a_list['def_sip_proxy_ip']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_sip_proxy_ports" type="text" class="formfld" id="def_sip_proxy_ports" size="40" value="<?=$a_list['def_sip_proxy_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" value="<?=$a_list['def_auth_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_finger_ports" type="text" class="formfld" id="def_finger_ports" size="40" value="<?=$a_list['def_finger_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_irc_ports" type="text" class="formfld" id="def_irc_ports" size="40" value="<?=$a_list['def_irc_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_nntp_ports" type="text" class="formfld" id="def_nntp_ports" size="40" value="<?=$a_list['def_nntp_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_rlogin_ports" type="text" class="formfld" id="def_rlogin_ports" size="40" value="<?=$a_list['def_rlogin_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_rsh_ports" type="text" class="formfld" id="def_rsh_ports" size="40" value="<?=$a_list['def_rsh_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ssl_ports" type="text" class="formfld" id="def_ssl_ports" size="40" value="<?=$a_list['def_ssl_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click start.</span>
+ </td>
+ </tr>
+
+
+
+
+ </form>
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_download_rules.inc b/config/snort-dev/snortsam-package-code/snort_download_rules.inc
new file mode 100644
index 00000000..8953a65c
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_download_rules.inc
@@ -0,0 +1,1036 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+/*
+ * WARNING: THIS FILE SHOULD NEVER BE IN WWWW DIR
+ *
+ */
+
+
+// create and cp to tmp db dir
+if (!file_exists('/var/snort/')) {
+ exec('/bin/mkdir -p /var/snort/');
+}
+
+if (file_exists('/usr/local/pkg/snort/snortDBtemp')) {
+ exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp');
+}
+
+
+// fetch db Settings NONE Json
+function snortSql_fetchAllSettings2($dbname, $table, $type, $id_uuid)
+{
+
+ if ($dbname == '' || $table == '' || $type == '') {
+ return false;
+ }
+
+ if ($dbname === 'snortDB' || $dbname === 'snortDBrules') {
+ $db = sqlite_open("/usr/local/pkg/snort/$dbname");
+ }
+
+ if ($dbname === 'snortDBtemp') {
+ $db = sqlite_open("/var/snort/$dbname");
+ }
+
+ if ($type === 'All') {
+
+ $result = sqlite_query($db,
+ "SELECT * FROM {$table} where id > 0;
+ ");
+
+ }else{
+
+ $result = sqlite_query($db,
+ "SELECT * FROM {$table} where {$type} = '{$id_uuid}';
+ ");
+ }
+
+ if ($type == 'rdbuuid' || $type == 'All') {
+ $chktable = sqlite_fetch_all($result, SQLITE_ASSOC);
+ }else{
+ $chktable = sqlite_fetch_array($result, SQLITE_ASSOC);
+ }
+
+ sqlite_close($db);
+
+ return $chktable;
+
+
+} // end func
+
+function snortSql_updateRuleSetList($type, $value, $file_size, $downloaded, $filename)
+{
+
+ $dbname = 'snortDBtemp';
+ $table = 'SnortDownloads';
+ $addDate = date(U);
+
+ // do let user pick the DB path
+ $db = sqlite_open("/var/snort/{$dbname}");
+
+ if ($type === 'percent2'){
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE {$table} SET date = '{$addDate}', percent = '{$value}', filesize = '{$file_size}', downloaded = '{$downloaded}' where filename = '{$filename}';
+ ");
+ }
+
+
+ if ($type === 'percent'){
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE {$table} SET date = '{$addDate}', percent = '{$value}' where filename = '{$filename}';
+ ");
+ }
+
+ if ($type === 'msg1'){
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '1';
+ ");
+ }
+
+ if ($type === 'msg2'){
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '2';
+ ");
+ }
+
+ /*
+ * INPORTANT:
+ * Register worker to prevent loops and ghost process
+ * Needs to be watched,
+ */
+
+ if ($type === 'working'){
+
+ $getmypid = getmypid();
+ $getmyfilename = $_SERVER['SCRIPT_NAME'];
+
+ $resultChk = sqlite_query($db,
+ "SELECT * FROM RegisterWorker WHERE uuid = 'jdjEf!773&h3bhFd6A';
+ ");
+
+ $resultChkFinal = sqlite_fetch_all($resultChk, SQLITE_ASSOC);
+
+ if (!empty($resultChkFinal)) {
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE RegisterWorker SET date = '{$addDate}', processid = '{$getmypid}', filename = '{$getmyfilename}', working = '{$value}' where uuid = 'jdjEf!773&h3bhFd6A';
+ ");
+ }else{
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "INSERT INTO RegisterWorker (date, processid, filename, working, uuid) VALUES ('{$addDate}', '{$getmypid}', '{$getmyfilename}', '{$value}', 'jdjEf!773&h3bhFd6A');
+ ");
+ }
+ }
+
+
+ if ($type === 'snortWait'){
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE {$table} SET waittime = '{$addDate}' where filename = '{$filename}';
+ ");
+ }
+
+ if (sqlite_changes($db) < 1){
+ sqlite_close($db);
+ return 'Error in query';
+ }
+
+ sqlite_close($db);
+
+
+}
+
+// reapply rule settings
+function reapplyRuleSettings_run($sidRule_array)
+{
+
+ $sid_array = snortSql_fetchAllSettings2('snortDBrules', 'SnortruleSigs', 'rdbuuid', $sidRule_array);
+
+ if (!empty($sid_array)) {
+ foreach ($sid_array as $sid)
+ {
+ if (!empty($sid['enable']) && !empty($sid['signatureid']) && !empty($sid['rdbuuid']) && !empty($sid['signaturefilename'])) {
+ if ($sid['enable'] === 'on') {
+ exec('/usr/bin/sed -i \'\' \'s/^# \(.*sid:' . "{$sid['signatureid']}" . ';.*\)/\1/\' /usr/local/etc/snort/snortDBrules/DB/' . "{$sid['rdbuuid']}" . '/rules/' . "{$sid['signaturefilename']}");
+ }
+
+ if ($sid['enable'] === 'off') {
+ exec('/usr/bin/sed -i \'\' \'s/^\(alert.*sid:' . "{$sid['signatureid']}" . ';.*\)/# \1/\' /usr/local/etc/snort/snortDBrules/DB/' . "{$sid['rdbuuid']}" . '/rules/' . "{$sid['signaturefilename']}");
+ }
+ }
+ }
+ }
+
+ // NOTES: DO NOT REMOVE BELOW COMMENTS
+ // returns file pathe of the sid
+ // $testing = exec("grep -ri 'sid: \?1225; ' /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules | tail -n1 | awk -F: '{print $1}'");
+ // see if sid is enabled
+ // $testing2 = exec("sed -n '/^alert.*sid:1225;.*/p' /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules");
+ // enable a sid
+ // sed -i '' "s/^# \(.*sid:1225;.*\)/\1/" /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules
+ // disable a sid
+ // sed -i '' "s/^\(alert.*sid:1225;.*\)/# \1/" /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules
+ // grep "^alert.*sid:.*;" rules/emerging-worm.rules | grep -oh "\w*sid:[0-9][^*;]\w*" | awk -F: '{print $2}'
+ // sed -n '/^320 || .*/{p;q;}' rules/ ../etc/sid-msg.map | awk -F '|' '{print $3}' | sed -e 's/^[ \t]*//'
+
+
+}
+
+function snortCmpareMD5($type, $path1, $path2, $filename_md5)
+{
+ update_output_window2('ms2', 'Checking ' . $filename_md5 . ' MD5...');
+
+ if (file_exists("{$path1}/{$filename_md5}")){
+
+ if ($type == 'string'){
+ $md5_check_new = @file_get_contents("{$path1}/{$filename_md5}");
+ $md5_check_old = @file_get_contents("{$path2}/{$filename_md5}");
+ if ($md5_check_new !== $md5_check_old){
+ update_output_window2('ms2', "$filename_md5 MD5s do not match...");
+ return false;
+ }
+ }
+
+ if ($type == 'md5'){
+ //md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}'
+ $md5_check_new2 = exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'");
+ $md5_check_old2 = exec("/sbin/md5 {$path2}/{$filename_md5} | /usr/bin/awk '{print $4}'");
+ if ($md5_check_new != $md5_check_old){
+ update_output_window2('ms2', "$filename_md5 MD5s do not match...");
+ return false;
+ }
+ }
+
+ if ($type == 'md5FileChk') {
+ //md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}'
+ $md5_check_new = trim(exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'"));
+
+ $md5_check_old = exec("/bin/cat {$path1}/{$filename_md5}.md5");
+
+ $md5_check_old2 = trim(preg_replace('/"/', '', $md5_check_old));
+
+ if ($md5_check_new != $md5_check_old2){
+ update_output_window2('ms2', "$filename_md5 MD5s do not match...");
+ return false;
+ }
+ }
+
+
+
+ }
+
+ update_output_window2('ms2', "$filename_md5 MD5 File Check Passed...");
+ return true;
+}
+
+
+/*
+ * update_output_window: update bottom textarea dynamically.
+ */
+function update_output_window2($type, $text)
+{
+ if ($type === 'ms1') {
+ $msg = 1;
+ }
+
+ if ($type === 'ms2') {
+ $msg = 2;
+ }
+
+ if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on'){
+ echo
+ '
+<script type="text/javascript">
+jQuery("#msg' . $msg . 'Text").remove();
+jQuery("#UpdateMsg' . $msg . '").append(\'<span id="msg' . $msg . 'Text">' . $text . '</span>\');
+</script>
+ ';
+ ob_flush();
+ apc_clear_cache();
+
+ }else{
+ echo "\n" . $type . ': ' . $text;
+ }
+
+}
+
+// returns array that matches pattern, option to replace objects in matches
+function snortScanDirFilter2($arrayList, $pattmatch, $pattreplace, $pattreplacewith)
+{
+ foreach ( $arrayList as $val )
+ {
+ if (preg_match($pattmatch, $val, $matches)) {
+ if ($pattreplace != '') {
+ $matches2 = preg_replace($pattreplace, $pattreplacewith, $matches[0]);
+ $filterDirList[] = $matches2;
+ }else{
+ $filterDirList[] = $matches[0];
+ }
+ }
+ }
+ return $filterDirList;
+}
+
+// set page vars
+$generalSettings = snortSql_fetchAllSettings2('snortDB', 'SnortSettings', 'id', '1');
+
+// Setup file names and dir
+$tmpfname = '/usr/local/etc/snort/snort_download';
+$snortdir = '/usr/local/etc/snort';
+$snortdir_rules = '/usr/local/etc/snort/snortDBrules/snort_rules';
+$emergingdir_rules = '/usr/local/etc/snort/snortDBrules/emerging_rules';
+$pfsensedir_rules = '/usr/local/etc/snort/snortDBrules/pfsense_rules';
+$customdir_rules = '/usr/local/etc/snort/snortDBrules/custom_rules';
+$snort_filename_md5 = 'snortrules-snapshot-2905.tar.gz.md5';
+$snort_filename = 'snortrules-snapshot-2905.tar.gz';
+$emergingthreats_filename_md5 = 'emerging.rules.tar.gz.md5';
+$emergingthreats_filename = 'emerging.rules.tar.gz';
+$pfsense_rules_filename_md5 = 'pfsense_rules.tar.gz.md5';
+$pfsense_rules_filename = 'pfsense_rules.tar.gz';
+
+// START of MAIN function
+function sendUpdateSnortLogDownload($console)
+{
+
+ if ($console === 'console'){
+ $GLOBALS['tmp']['snort']['downloadupdate']['console'] = 'on';
+ }
+
+ if ($console !== 'console') {
+
+ echo
+ '
+<script type="text/javascript">
+jQuery.fn.centerModal = function () {
+ this.css("position","absolute");
+ this.css("top", 70 + "px");
+ this.css("left", ((jQuery(window).width() - this.outerWidth()) / 2) + jQuery(window).scrollLeft() + "px");
+ return this;
+}
+jQuery("#loadingRuleUpadteGUI").show();
+jQuery(".snortModalUpdate").centerModal();
+jQuery("#pb4").progressBar(0, { showText: true, barImage: "/snort/images/progress_bar2.gif", width: 560, height: 43} );
+</script>
+ ';
+
+ }
+
+
+ //bring in the global vars
+ global $generalSettings, $tmpfname, $snortdir, $snortdir_rules, $emergingdir_rules, $pfsensedir_rules, $customdir_rules, $snort_filename_md5, $snort_filename, $emergingthreats_filename_md5, $emergingthreats_filename, $pfsense_rules_filename_md5, $pfsense_rules_filename;
+
+ /* Make shure snortdir exits */
+ if (!file_exists("{$snortdir}")) {
+ exec("/bin/mkdir -p {$snortdir}");
+ }
+ if (!file_exists("{$tmpfname}")) {
+ exec("/bin/mkdir -p {$tmpfname}");
+ }
+ if (!file_exists("{$snortdir_rules}")) {
+ exec("/bin/mkdir -p {$snortdir_rules}");
+ }
+ if (!file_exists("{$emergingdir_rules}")) {
+ exec("/bin/mkdir -p {$emergingdir_rules}");
+ }
+ if (!file_exists("{$pfsensedir_rules}")) {
+ exec("/bin/mkdir -p {$pfsensedir_rules}");
+ }
+ if (!file_exists("{$customdir_rules}")) {
+ exec("/bin/mkdir -p {$customdir_rules}");
+ }
+ if (!file_exists("{$snortdir}/signatures")) {
+ exec("/bin/mkdir -p {$snortdir}/signatures");
+ }
+ if (!file_exists('/usr/local/lib/snort/dynamicrules/')) {
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ }
+
+
+ /* Set user agent to Mozilla */
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ ini_set("memory_limit","150M");
+
+
+ // Get file that does not use redirects, mostly for none snort.org downloads
+ function snort_file_get_contents($tmpfname, $snort_filename, $snort_UrlGet)
+ {
+ if (!file_exists("{$tmpfname}/{$snort_filename}") || filesize("{$tmpfname}/{$snort_filename}") <= 0){
+ update_output_window2('ms2', 'Downloading ' . $snort_filename. ' MD5...');
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $file = file_get_contents("$snort_UrlGet/{$snort_filename}"); // use a @ infront of file_get_contents when in production
+ $f = fopen("{$tmpfname}/{$snort_filename}", 'w');
+ fwrite($f, $file);
+ fclose($f);
+ update_output_window2('ms2', 'Finnished Downloading ' . $snort_filename. ' MD5...');
+ }
+ }
+
+ function read_header2($ch, $string) {
+ global $file_size, $fout;
+ $length = strlen($string);
+ $regs = "";
+ ereg("(Content-Length:) (.*)", $string, $regs);
+ if($regs[2] <> "") {
+ $file_size = intval($regs[2]);
+ }
+ ob_flush();
+ return $length;
+ }
+
+ function read_body2($ch, $string) {
+ global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen;
+ global $pkg_interface;
+ $length = strlen($string);
+ $downloaded += intval($length);
+ if($file_size > 0) {
+ $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
+ $downloadProgress = 100 - $downloadProgress;
+ } else
+ $downloadProgress = 0;
+ if($lastseen <> $downloadProgress and $downloadProgress < 101) {
+ if($sendto == "status") {
+ if($pkg_interface == "console") {
+ if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) {
+ $tostatus = $static_status . $downloadProgress . "%";
+ update_status($tostatus);
+ }
+ } else {
+ $tostatus = $static_status . $downloadProgress . "%";
+ update_status($tostatus);
+ }
+ } else {
+ if($pkg_interface == "console") {
+ if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) {
+ $tooutput = $static_output . $downloadProgress . "%";
+ update_output_window($tooutput);
+ }
+ } else {
+ $tooutput = $static_output . $downloadProgress . "%";
+ update_output_window($tooutput);
+ }
+ }
+ update_progress_bar($downloadProgress);
+ $lastseen = $downloadProgress;
+ }
+ if($fout)
+ fwrite($fout, $string);
+ ob_flush();
+ return $length;
+ }
+
+ /*
+ * update_progress_bar($percent): updates the javascript driven progress bar.
+ */
+ function update_progress_bar2($percent, $file_size, $downloaded)
+ {
+ if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on') {
+ if (!empty($percent)) {
+ echo
+ '
+<script type="text/javascript">
+jQuery("#pb4").progressBar(' . $percent . ', { showText: true, barImage: "/snort/images/progress_bar2.gif", width: 560, height: 43} );
+</script>
+ ';
+ }
+
+ }else{
+ echo "\n" . 'percent: ' . $percent . ' filesize: ' . $file_size . ' downloaded: ' . $downloaded;
+ }
+ }
+
+
+ function read_body_firmware($ch, $string)
+ {
+ global $fout, $file_size, $downloaded, $counter;
+ $length = strlen($string);
+ $downloaded += intval($length);
+ $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
+ $downloadProgress = 100 - $downloadProgress;
+ $counter++;
+ if($counter > 150) {
+ update_progress_bar2($downloadProgress, $file_size, $downloaded);
+ flush();
+ $counter = 0;
+ }
+ fwrite($fout, $string);
+ return $length;
+ }
+
+ function download_file_with_progress_bar2($url_file, $destination, $workingfile, $readbody = 'read_body2')
+ {
+ global $ch, $fout, $file_size, $downloaded;
+ $file_size = 1;
+ $downloaded = 1;
+ $destination_file = $destination . '/' . $workingfile;
+
+ /* open destination file */
+ $fout = fopen($destination_file, "wb");
+
+ /*
+ * Originally by Author: Keyvan Minoukadeh
+ * Modified by Scott Ullrich to return Content-Length size
+ */
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url_file);
+ curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header2');
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody);
+ curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
+ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5');
+ curl_setopt($ch, CURLOPT_TIMEOUT, 0);
+
+ curl_exec($ch);
+ $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+ if($fout)
+ fclose($fout);
+ curl_close($ch);
+ return ($http_code == 200) ? true : $http_code;
+ }
+
+// ----------------------------------------------------- Begin Code --------------------------------------------
+
+
+ // rm all tmp filea
+ @exec("/bin/rm -r $tmpfname/*");
+
+ // Set all downloads to be false, download by default
+
+ $snort_md5_check_ok = false;
+ $emerg_md5_check_ok = false;
+ $pfsense_md5_check_ok = false;
+
+ // define checks
+ $oinkid = $generalSettings['oinkmastercode'];
+
+ $emergingthreatscode = $generalSettings['emergingthreatscode'];
+
+ // dsable downloads if there settings are off
+ if ($generalSettings['snortdownload'] === 'off') {
+ $snort_md5_check_ok = true;
+ }
+
+ if ($generalSettings['emergingthreatsdownload'] == 'off') {
+ $emerg_md5_check_ok = true;
+ }
+
+ if ($oinkid == '' && $generalSettings['snortdownload'] === 'on') {
+ update_output_window2('ms1', 'Snort Error!');
+ update_output_window2('ms2', 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.');
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'");
+ return false;
+ }
+
+ if ($emergingthreatscode === '' && $generalSettings['snortdownload'] === 'pro') {
+ update_output_window2('ms1', 'Snort Error!');
+ update_output_window2('ms2', 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.');
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.'");
+ return false;
+ }
+
+ if ($generalSettings['snortdownload'] === 'off' && $generalSettings['emergingthreatsdownload'] === 'off') { // note: basic and pro
+ update_output_window2('ms1', 'Snort Error!');
+ update_output_window2('ms2', 'SnortStartup: No rules have been selected to download.');
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'");
+ return false;
+ }
+
+ /*
+ * Check MD5s and MARK
+ *
+ */
+
+ update_output_window2('ms1', 'Starting MD5 checks...');
+
+ // check is we need to wait
+ update_output_window2('ms2', 'Checking Wait Status for Snort.org...');
+ $getSnort_filename_Waittime_chk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', $snort_filename);
+
+ if (date(U) > $getSnort_filename_Waittime_chk['waittime'] + 900) {
+ update_output_window2('ms2', 'Snort.org Wait Time Status: OK...');
+ }else{
+ update_output_window2('ms2', 'Snort.org Wait Time Status: Wait 15 min Please...');
+ $snort_md5_check_ok = true;
+ $snort_wait = true;
+ }
+
+ // check is we need to wait
+ update_output_window2('ms2', 'Checking Wait Status for Emergingthreats.net...');
+ $getEmergingthreats_filename_Waittime_chk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', $emergingthreats_filename);
+
+ if (date(U) > $getEmergingthreats_filename_Waittime_chk['waittime'] + 900) {
+ update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: OK...');
+ }else{
+ update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: Wait 15 min Please...');
+ $emerg_md5_check_ok = true;
+ $emerg_wait = true;
+ }
+
+ // if all rules need wait stop
+ if ($snort_wait === true && $emerg_wait === true) {
+ return false;
+ }
+
+ // download snort.org md5 and compare
+ if ($snort_md5_check_ok === false) {
+
+ snort_file_get_contents($tmpfname, $snort_filename_md5, 'http://www.snort.org/pub-bin/oinkmaster.cgi/' . $oinkid);
+ snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename_md5); // finsh percent
+
+ // if snort.org md5 do not match
+ if(snortCmpareMD5('string', $tmpfname, $snortdir_rules, $snort_filename_md5)) {
+ $snort_md5_check_ok = true;
+ }
+
+ }
+
+ // download emergingthreats.net md5 and compare
+ if ($emerg_md5_check_ok === false) {
+
+ snort_file_get_contents($tmpfname, $emergingthreats_filename_md5, 'http://rules.emergingthreats.net/open/snort-2.9.0');
+ snortSql_updateRuleSetList('percent', '100', '', '', $emergingthreats_filename_md5); // finsh percent
+
+ // if emergingthreats.net md5 do not match
+ if(snortCmpareMD5('string', $tmpfname, $emergingdir_rules, $emergingthreats_filename_md5)) {
+ $emerg_md5_check_ok = true;
+ }
+
+ }
+
+ // download pfsense.org md5 and compare
+ snort_file_get_contents($tmpfname, $pfsense_rules_filename_md5, 'http://www.pfsense.com/packages/config/snort/pfsense_rules');
+ snortSql_updateRuleSetList('percent', '100', '', '', $pfsense_rules_filename_md5); // finsh percent
+
+ // if pfsense.org md5 do not match
+ if(snortCmpareMD5('string', $tmpfname, $pfsensedir_rules, $pfsense_rules_filename_md5)) {
+ $pfsense_md5_check_ok = true;
+ }
+
+ /*
+ * If all rule type is not check clean up.
+ */
+
+ /* Make Clean Snort Directory emergingthreats not checked */
+ if ($snort_md5_check_ok === false && $emergingthreatsdownload === 'off') {
+ update_output_window2('ms1', 'Cleaning the emergingthreats Directory...');
+ exec("/bin/rm {$snortdir}/emerging_rules/*.rules");
+ exec("/bin/rm {$snortdir}/version.txt");
+ update_output_window2('ms2', 'Done cleaning emrg direcory.');
+ }
+
+ /* Make Clean Snort Directory snort.org not checked */
+ if ($emerg_md5_check_ok === false && $snortdownload !== 'on') {
+ update_output_window2('ms1', 'Cleaning the snort Directory...');
+ exec("/bin/rm {$snortdir}/snort_rules/*.rules");
+ exec("/bin/rm {$snortdir}/snortrules-snapshot-2905.tar.gz.md5");
+ update_output_window2('ms2', 'Done cleaning snort direcory.');
+ }
+
+
+ /* Check if were up to date exits */
+ if ($snort_md5_check_ok === true && $emerg_md5_check_ok === true && $pfsense_md5_check_ok === true) {
+ update_output_window2('ms1', 'Your rules are up to date...');
+ return false;
+ }
+
+
+ /* You are Not Up to date, always stop snort when updating rules for low end machines */;
+ update_output_window2('ms1', 'You are NOT up to date...');
+ update_output_window2('ms2', 'Stopping Snort and Barnyard2 service...');
+ $chk_if_snort_up = exec('pgrep -x snort');
+ $chk_if_barnyad_up = exec('pgrep -x barnyad2');
+ if ($chk_if_snort_up != '') {
+ exec('/usr/bin/touch /tmp/snort_download_halt.pid'); // IMPORTANT: incase of script crash or error, Mabe use DB
+ exec('/usr/bin/killall snort');
+ if ($chk_if_barnyad_up != ''){
+ exec('/usr/bin/killall barnyad2');
+ }
+ sleep(2);
+ }
+
+
+ /* download snortrules file */
+ if ($snort_md5_check_ok === false) {
+
+ $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $snort_filename;
+ update_output_window2('ms1', 'Snort.org: Starting Download...');
+ update_output_window2('ms2', 'May take a while...');
+ download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware");
+ //download_file_with_progress_bar2("http://theseusnetworking.com/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware");
+ update_progress_bar2(100, '', ''); // finsh percent
+ snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename); // finsh percent, add date time finnished
+ update_output_window2('ms2', 'Snort.org: Finished Download...');
+
+ // if md5 does not match then the file is bad or snort.org says wait 15 min
+ update_output_window2('ms1', 'Snort.org MD5 File Check ...');
+ if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $snort_filename)) {
+
+ $snort_filename_wait_ck = exec("/usr/bin/egrep '\bYou must wait 15\b' {$tmpfname}/{$snort_filename}");
+ if ($snort_filename_wait_ck != '') {
+ update_output_window2('ms2', 'Snort.org: You must wait 15 min...');
+ }
+
+ // disable snort.org download
+ $snort_md5_check_ok = true;
+ $snort_filename_corrupted = true;
+
+ }
+ }
+
+ /* download emergingthreats file */
+ if ($emerg_md5_check_ok === false) {
+
+ $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $emergingthreats_filename;
+ update_output_window2('ms1', 'Emergingthreats.net: Starting Download...');
+ update_output_window2('ms2', 'May take a while...');
+ download_file_with_progress_bar2("http://rules.emergingthreats.net/open/snort-2.9.0/{$emergingthreats_filename}", $tmpfname, $emergingthreats_filename, "read_body_firmware");
+ update_progress_bar2(100, '', ''); // finsh percent
+ snortSql_updateRuleSetList('percent', '100', '', '', $emergingthreats_filename); // finsh percent
+ update_output_window2('ms2', 'Emergingthreats.net: Finished Download...');
+
+ // if md5 does not match then the file is bad or snort.org says wait 15 min
+ update_output_window2('ms1', 'Emergingthreats MD5 File Check ...');
+ if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $emergingthreats_filename)) {
+
+ // disable snort.org download
+ $emerg_md5_check_ok = true;
+ $emerg_filename_corrupted = true;
+
+ }
+ }
+
+ /* download pfsense rule file */
+ if ($pfsense_md5_check_ok === false) {
+
+ $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $pfsense_rules_filename;
+ update_output_window2('ms1', 'pfSense.org: Starting Download...');
+ update_output_window2('ms2', 'May take a while...');
+ download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/{$pfsense_rules_filename}", $tmpfname, $pfsense_rules_filename, "read_body_firmware");
+ update_progress_bar2(100, '', ''); // finsh percent
+ snortSql_updateRuleSetList('percent', '100', '', '', $pfsense_rules_filename); // finsh percent
+ update_output_window2('ms2', 'pfSense.org: Finished Download...');
+
+ // if md5 does not match then the file is bad or snort.org says wait 15 min
+ update_output_window2('ms1', 'pfSense.org MD5 File Check ...');
+ if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $pfsense_rules_filename)) {
+
+ // disable snort.org download
+ $pfsense_md5_check_ok = true;
+
+ }
+ }
+
+ // if both files are corrupted stop
+ if ($snort_filename_corrupted === true && $emerg_filename_corrupted === true) {
+ update_output_window2('ms1', 'Snort.org and Emergingthreats.net files are corrupted.');
+ update_output_window2('ms2', 'Stoping Script...');
+ return false;
+ }
+
+ /*
+ * START: Untar Files
+ */
+
+ // Untar snort rules file individually to help people with low system specs
+ if ($snort_md5_check_ok === false && file_exists("{$tmpfname}/{$snort_filename}")) {
+
+ update_output_window2('ms1', 'Extracting Snort.org rules...');
+ update_output_window2('ms2', 'May take a while...');
+
+ function build_SnortRuleDir()
+ {
+ global $tmpfname, $snortdir, $snortdir_rules, $snort_filename;
+
+ // find out if were in 1.2.3-RELEASE
+ $pfsense_ver_chk = exec('/bin/cat /etc/version');
+ if ($pfsense_ver_chk === '1.2.3-RELEASE') {
+ $pfsense_stable = 'yes';
+ }else{
+ $pfsense_stable = 'no';
+ }
+
+ // get the system arch
+ $snort_arch_ck = exec('/usr/bin/uname -m');
+ if ($snort_arch_ck === 'i386') {
+ $snort_arch = 'i386';
+ }else{
+ $snort_arch = 'x86-64'; // amd64
+ }
+
+ if ($pfsense_stable === 'yes') {
+ $freebsd_version_so = 'FreeBSD-7-3';
+ }else{
+ $freebsd_version_so = 'FreeBSD-8-1';
+ }
+
+ // extract snort.org rules and add prefix to all snort.org files
+ @exec("/bin/rm -r {$snortdir_rules}/rules");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} rules/");
+
+ $snort_dirList = scandir("{$snortdir_rules}/rules"); // Waning: only in php 5
+ $snortrules_filterList = snortscandirfilter2($snort_dirList, '/.*\.rules/', '/\.rules/', '');
+
+ if (!empty($snortrules_filterList)) {
+ foreach ($snortrules_filterList as $snort_rule_move)
+ {
+ exec("/bin/mv -f {$snortdir_rules}/rules/{$snort_rule_move}.rules {$snortdir_rules}/rules/snort_{$snort_rule_move}.rules");
+ }
+ }
+
+ // extract so rules
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir_rules}/so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+
+ // list so_rules and exclude dir
+ exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list);
+
+ $so_rulesPattr = array('/\//', '/\.rules/');
+ $so_rulesPattw = array('', '');
+
+ // build list of so rules
+ $so_rules_filterList = snortscandirfilter2($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
+
+ if (!empty($so_rules_filterList)) {
+ // cp rule to so tmp dir
+ foreach ($so_rules_filterList as $so_rule)
+ {
+
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/{$so_rule}.rules");
+
+ }
+ // mv and rename so rules
+ foreach ($so_rules_filterList as $so_rule_move)
+ {
+ exec("/bin/mv -f {$snortdir_rules}/so_rules/{$so_rule_move}.rules {$snortdir_rules}/rules/snort_{$so_rule_move}.so.rules");
+ }
+ }
+
+ exec("/bin/rm -r {$snortdir_rules}/so_rules");
+
+ // extract base etc files
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+
+ }
+ build_SnortRuleDir();
+ // cp md5 to main snort dir
+ exec("/bin/cp {$tmpfname}/{$snort_filename_md5} {$snortdir_rules}/{$snort_filename_md5}");
+ update_output_window2('ms2', 'Done extracting Snort.org Rules.');
+ }
+
+ /* Untar emergingthreats rules to tmp */
+ if ($emerg_md5_check_ok === false && file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
+ update_output_window2('ms1', 'Extracting Emergingthreats Rules...');
+ update_output_window2('ms2', 'May take a while...');
+ @exec("/bin/rm -r {$emergingdir_rules}/rules");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$emergingdir_rules} rules/");
+ exec("/bin/cp {$tmpfname}/{$emergingthreats_filename_md5} {$emergingdir_rules}/{$emergingthreats_filename_md5}");
+ update_output_window2('ms2', 'Done extracting Emergingthreats.net Rules.');
+ }
+ }
+
+ /* Untar Pfsense rules to tmp */
+ if ($pfsense_md5_check_ok === false && file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_output_window2('ms1', 'Extracting Pfsense rules...');
+ update_output_window2('ms1', 'May take a while...');
+ @exec("/bin/rm -r {$pfsensedir_rules}/rules");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$pfsensedir_rules} rules/");
+ exec("/bin/cp {$tmpfname}/{$pfsense_rules_filename_md5} {$pfsensedir_rules}/{$pfsense_rules_filename_md5}");
+ update_output_window2('ms2', 'Done extracting pfSense.org Rules.');
+
+ }
+ }
+
+ /* double make shure cleanup emerg rules that dont belong */
+ if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+ exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+ }
+
+ // make sure default rules are in the right format
+ update_output_window2('ms1', 'Reformatting Rules To One Standard...');
+ update_output_window2('ms2', 'Please Wait...');
+ exec("/usr/bin/sed -i '' 's/^[ \t]*//' {$snortdir_rules}/rules/*.rules"); // remove white spaces from begining of line
+ exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' {$snortdir_rules}/rules/*.rules");
+ exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' {$snortdir_rules}/rules/*.rules");
+ exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' {$snortdir_rules}/rules/*.rules");
+
+ exec("/usr/bin/sed -i '' 's/^[ \t]*//' {$emergingdir_rules}/rules/*.rules");
+ exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' {$emergingdir_rules}/rules/*.rules");
+ exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' {$emergingdir_rules}/rules/*.rules");
+ exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' {$emergingdir_rules}/rules/*.rules");
+
+ exec("/usr/bin/sed -i '' 's/^[ \t]*//' {$pfsensedir_rules}/rules/*.rules");
+ exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' {$pfsensedir_rules}/rules/*.rules");
+ exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' {$pfsensedir_rules}/rules/*.rules");
+ exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' {$pfsensedir_rules}/rules/*.rules");
+ update_output_window2('ms2', 'Done...');
+
+ /* create a msg-map for snort */
+ update_output_window2('ms1', 'Updating Alert Sid Messages...');
+ update_output_window2('ms2', 'Please Wait...');
+ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir_rules}/rules > /usr/local/etc/snort/etc/sid-msg.map");
+ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$emergingdir_rules}/rules >> /usr/local/etc/snort/etc/sid-msg.map");
+ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$pfsensedir_rules}/rules >> /usr/local/etc/snort/etc/sid-msg.map");
+ update_output_window2('ms2', 'Done...');
+
+ // create default dir
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/default/rules');
+ }
+
+ // cp new rules to default dir
+ exec('/bin/rm /usr/local/etc/snort/snortDBrules/DB/default/rules/*.rules');
+ exec("/bin/cp {$snortdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/default/rules");
+ exec("/bin/cp {$emergingdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/default/rules");
+ exec("/bin/cp {$pfsensedir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/default/rules");
+
+
+ // reapplay rules from DB cp base rules to dirs
+ $sidOnOff_array = snortSql_fetchAllSettings2('snortDBrules', 'Snortrules', 'All', '');
+
+ if (!empty($sidOnOff_array)) {
+ update_output_window2('ms1', 'Reapplying User Settings...');
+ update_output_window2('ms2', 'Please Wait...');
+ foreach ($sidOnOff_array as $preSid_Array)
+ {
+ if (!file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules")) {
+ exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules");
+ }
+
+ exec("/bin/rm /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules/*.rules");
+ exec("/bin/cp {$snortdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules");
+ exec("/bin/cp {$emergingdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules");
+ exec("/bin/cp {$pfsensedir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules");
+ reapplyRuleSettings_run($preSid_Array['uuid']);
+ update_output_window2('ms2', 'Done...');
+ }
+ }
+
+ // cp snort conf's to Ifaces
+ $ifaceConfMaps_array = snortSql_fetchAllSettings2('snortDB', 'SnortIfaces', 'All', '');
+
+ if (!empty($ifaceConfMaps_array)) {
+ update_output_window2('ms1', 'Reapplying User Settings...');
+ update_output_window2('ms2', 'Please Wait...');
+ foreach ($ifaceConfMaps_array as $preIfaceConfMaps_array)
+ {
+ // create iface dir if missing
+ if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}")) {
+ exec("/bin/mkdir -p /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+ }
+
+ // create rules dir soft link if setting is default
+ if ($preIfaceConfMaps_array['ruledbname'] === 'default' || $preIfaceConfMaps_array['ruledbname'] === '') {
+ if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) {
+ exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/default/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules");
+ }
+ }
+
+ // create rules dir soft link if setting is not default
+ if ($preIfaceConfMaps_array['ruledbname'] !== 'default' || $preIfaceConfMaps_array['ruledbname'] != '') {
+ if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules")) {
+ exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules");
+ }
+ }
+
+ exec("/bin/cp {$snortdir}/etc/*.config /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+ exec("/bin/cp {$snortdir}/etc/*.conf /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+ exec("/bin/cp {$snortdir}/etc/*.map /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+ exec("/bin/cp {$snortdir}/etc/generators /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+ exec("/bin/cp {$snortdir}/etc/sid /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}");
+
+ reapplyRuleSettings_run($preSid_Array['uuid']);
+ update_output_window2('ms2', 'Done...');
+ }
+ }
+
+
+ // remove old $tmpfname files */
+ update_output_window2('ms1', 'Removing old files...');
+ update_output_window2('ms2', 'Working...');
+ if (file_exists('/usr/local/etc/snort/tmp')) {
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
+ exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
+ apc_clear_cache();
+ }
+ update_output_window2('ms2', 'Done...');
+
+ // php code to flush out cache some people are reportting missing files this might help
+ apc_clear_cache();
+ exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
+
+ // make all dirs snorts
+ exec("/usr/sbin/chown -R snort:snort /var/log/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort");
+ exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort");
+ exec("/bin/chmod -R 755 /var/log/snort");
+ exec("/bin/chmod -R 755 /usr/local/etc/snort");
+ exec("/bin/chmod -R 755 /usr/local/lib/snort");
+
+
+ update_output_window2('ms1', 'Finnished Updateing...');
+ update_output_window2('ms2', 'Finnished Updateing...');
+
+
+ // if snort is running hard restart, if snort is not running do nothing
+
+ // TODO: Restart Ifaces
+
+// ----------------------------------------------------- End Code --------------------------------------------
+
+} // -------------------- END Main function ------------
+
+//$argv[1] = 'console';
+
+ //$getWorkerStat = snortSql_fetchAllSettings2('snortDBtemp', 'RegisterWorker', 'uuid', 'jdjEf!773&h3bhFd6A');
+
+ //if ($getWorkerStat['working'] !== 'on') {
+ //snortSql_updateRuleSetList2('working', 'on', '', '', ''); // Register Worker on
+ //sendUpdateSnortLogDownload($argv[1]); // start main function
+ //snortSql_updateRuleSetList2('working', 'off', '', '', ''); // Register Worker off
+ //}
+
+
+
+
+
+?> \ No newline at end of file
diff --git a/config/snort-dev/snortsam-package-code/snort_download_updates.php b/config/snort-dev/snortsam-package-code/snort_download_updates.php
new file mode 100644
index 00000000..445671bd
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_download_updates.php
@@ -0,0 +1,365 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ */
+
+// disable csrf for downloads, progressbar did not work because of this
+$nocsrf = true;
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+require_once("/usr/local/pkg/snort/snort_download_rules.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+if (isset($_GET['updatenow'])) {
+ $updatenow = $_GET['updatenow'];
+}
+
+header("Cache-Control: no-cache, must-revalidate");
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+
+// get dates of md5s
+
+$tmpSettingsSnort = 'N/A';
+$tmpSettingsSnortChk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', 'snortrules-snapshot-2905.tar.gz');
+if (!empty($tmpSettingsSnortChk)) {
+ $tmpSettingsSnort = date('l jS \of F Y h:i:s A', $tmpSettingsSnortChk[date]);
+}
+
+$tmpSettingsEmerging = 'N/A';
+$tmpSettingsEmergingChk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', 'emerging.rules.tar.gz');
+if (!empty($tmpSettingsEmergingChk)) {
+ $tmpSettingsEmerging = date('l jS \of F Y h:i:s A', $tmpSettingsEmergingChk[date]);
+}
+
+$tmpSettingsPfsense = 'N/A';
+$tmpSettingsPfsenseChk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', 'pfsense_rules.tar.gz');
+if (!empty($tmpSettingsPfsenseChk)) {
+ $tmpSettingsPfsense = date('l jS \of F Y h:i:s A', $tmpSettingsPfsenseChk[date]);
+}
+
+// get rule on stats
+$generalSettings = snortSql_fetchAllSettings2('snortDB', 'SnortSettings', 'id', '1');
+
+$snortMd5CurrentChk = @file_get_contents('/usr/local/etc/snort/snortDBrules/snort_rules/snortrules-snapshot-2905.tar.gz.md5');
+
+$snortDownlodChkMark = '';
+if ($generalSettings[snortdownload] === 'on') {
+ $snortDownlodChkMark = 'checked="checked"';
+}
+
+$snortMd5Current = 'N/A';
+if (!empty($snortMd5CurrentChk)) {
+ preg_match('/^\".*\"/', $snortMd5CurrentChk, $snortMd5Current);
+ if (!empty($snortMd5Current[0])) {
+ $snortMd5Current = preg_replace('/\"/', '', $snortMd5Current[0]);
+ }
+}
+
+$emergingMd5CurrentChk = @file_get_contents('/usr/local/etc/snort/snortDBrules/emerging_rules/emerging.rules.tar.gz.md5');
+
+$emerginDownlodChkMark = '';
+if ($generalSettings[emergingthreatsdownload] !== 'off') {
+ $emerginDownlodChkMark = 'checked="checked"';
+}
+
+$emergingMd5Current = 'N/A';
+if (!empty($emergingMd5CurrentChk)) {
+ $emergingMd5Current = $emergingMd5CurrentChk;
+}
+
+$pfsenseMd5CurrentChk = @file_get_contents('/usr/local/etc/snort/snortDBrules/pfsense_rules/pfsense_rules.tar.gz.md5');
+
+$pfsenseMd5Current = 'N/A';
+if (!empty($pfsenseMd5CurrentChk)) {
+ preg_match('/^\".*\"/', $pfsenseMd5CurrentChk, $pfsenseMd5Current);
+ if (!empty($pfsenseMd5Current[0])) {
+ $pfsenseMd5Current = preg_replace('/\"/', '', $pfsenseMd5Current[0]);
+ }
+}
+
+ $pgtitle = 'Services: Snort: Updates';
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading update msg -->
+<div id="loadingRuleUpadteGUI">
+
+ <div class="snortModalUpdate">
+ <div class="snortModalTopUpdate">
+ <div class="snortModalTopClose">
+ <!-- <a href="javascript:hideLoading('#loadingRuleUpadteGUI');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a> -->
+ </div>
+ </div>
+ <p id="UpdateMsg1" class="snortModalTitleUpdate snortModalTitleUpdateMsg1">
+ </p>
+ <div class="snortModalTitleUpdate snortModalTitleUpdateBar">
+ <table width="600px" height="43px" border="0" cellpadding="0" cellspacing="0">
+ <tr><td><span class="progressBar" id="pb4"></span></td></tr>
+ </table>
+ </div>
+ <p id="UpdateMsg2" class="snortModalTitleUpdate snortModalTitleUpdateMsg2">
+ </p>
+ </div>
+
+</div>
+
+
+<?php include("fbegin.inc"); ?>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 790px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li class="newtabmenu_active"><a href="/snort/snort_download_rules.php"><span>Rule Update</span></a></li>
+ <!-- <li><a href="#"><span>Upload Custom Rules</span></a></li> -->
+ <!-- <li><a href="#"><span>Gui Update</span></a></li> -->
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;">
+ <!-- START MAIN AREA -->
+
+
+ <!-- start Interface Satus -->
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="maintable77" >
+ <td colspan="2" valign="top" class="listtopic2">
+ Rule databases that are ready to be updated.
+ </td>
+ <td width="6%" colspan="2" valign="middle" class="listtopic3" >
+ </td>
+ </tr>
+ </table>
+<br>
+
+ <!-- start User Interface -->
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="maintable77" >
+ <td colspan="2" valign="top" class="listtopic">SIGNATURE RULESET DATABASES:</td>
+ </tr>
+ </table>
+
+
+ <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <td class="list" ></td>
+ <td class="list" valign="middle" >
+
+ <tr id="frheader" >
+ <td width="1%" class="listhdrr2">On</td>
+ <td width="25%" class="listhdrr2">Signature DB Name</td>
+ <td width="35%" class="listhdrr2">MD5 Version</td>
+ <td width="38%" class="listhdrr2">Last Rule DB Date</td>
+ <td width="1%" class="listhdrr2">&nbsp;</td>
+ </tr>
+
+ <!-- START javascript sid loop here -->
+ <tbody class="rulesetloopblock">
+
+<tr id="fr0" valign="top">
+<td class="odd_ruleset2">
+<input class="domecheck" name="filenamcheckbox2[]" value="1292" <?=$snortDownlodChkMark;?> type="checkbox" disabled="disabled" >
+</td>
+<td class="odd_ruleset2" id="frd0">SNORT.ORG</td>
+<td class="odd_ruleset2" id="frd0"><?=$snortMd5Current;?></td>
+<td class="listbg" id="frd0"><font color="white"><?=$tmpSettingsSnort;?></font></td>
+<td class="odd_ruleset2">
+<img src="/themes/pfsense_ng/images/icons/icon_alias_url_reload.gif" title="edit rule" width="17" border="0" height="17">
+</td>
+</tr>
+
+<tr id="fr0" valign="top">
+<td class="odd_ruleset2">
+<input class="domecheck" name="filenamcheckbox2[]" value="1292" <?=$emerginDownlodChkMark;?> type="checkbox" disabled="disabled" >
+</td>
+<td class="odd_ruleset2" id="frd0">EMERGINGTHREATS.NET</td>
+<td class="odd_ruleset2" id="frd0"><?=$emergingMd5Current;?></td>
+<td class="listbg" id="frd0"><font color="white"><?=$tmpSettingsEmerging; ?></font></td>
+<td class="odd_ruleset2">
+<img src="/themes/pfsense_ng/images/icons/icon_alias_url_reload.gif" title="edit rule" width="17" border="0" height="17">
+</td>
+</tr>
+
+<tr id="fr0" valign="top">
+<td class="odd_ruleset2">
+<input class="domecheck" name="filenamcheckbox2[]" value="1292" checked="checked" type="checkbox" disabled="disabled" >
+</td>
+<td class="odd_ruleset2" id="frd0">PFSENSE.ORG</td>
+<td class="odd_ruleset2" id="frd0"><?=$pfsenseMd5Current;?></td>
+<td class="listbg" id="frd0"><font color="white"><?=$tmpSettingsPfsense;?></font></td>
+<td class="odd_ruleset2">
+<img src="/themes/pfsense_ng/images/icons/icon_alias_url_reload.gif" title="edit rule" width="17" border="0" height="17">
+</td>
+</tr>
+
+ </tbody>
+ <!-- STOP javascript sid loop here -->
+
+ </td>
+ <td class="list" colspan="8"></td>
+
+ </table>
+ <br>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <input id="openupdatebox" type="submit" class="formbtn" value="Update">
+ </td>
+ </tr>
+ </table>
+ <br>
+
+ <!-- stop snortsam -->
+
+ <!-- STOP MAIN AREA -->
+ </div>
+ </td>
+ </tr>
+</table>
+</div>
+
+<!-- start info box -->
+
+<br>
+
+<div style="width:790px; background-color: #dddddd;" id="mainarea4">
+<div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;">
+<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr >
+ <td width="10%" valign="middle" >
+ <img style="vertical-align: middle;" src="/snort/images/icon_excli.png" width="40" height="32">
+ </td>
+ <td width="90%" valign="middle" >
+ <span class="red"><strong>Note:</strong></span>
+ <strong>&nbsp;&nbsp;Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</strong>
+ </td>
+ </tr>
+</table>
+</div>
+</div>
+
+
+<script type="text/javascript">
+
+
+//prepare the form when the DOM is ready
+jQuery(document).ready(function() {
+
+ jQuery('.closeupdatebox').live('click', function(){
+ var url = '/snort/snort_download_updates.php';
+ window.location = url;
+ });
+
+ jQuery('#openupdatebox').live('click', function(){
+ var url = '/snort/snort_download_updates.php?updatenow=1';
+ window.location = url;
+ });
+
+}); // end of document ready
+
+</script>
+
+<?php
+
+if ($updatenow == 1) {
+ sendUpdateSnortLogDownload(''); // start main function
+ echo '
+ <script type="text/javascript">
+ jQuery(\'.snortModalTopClose\').append(\'<img class="icon_click closeupdatebox" src="/snort/images/close_9x9.gif" border="0" height="9" width="9">\');
+ </script>
+ ';
+}
+
+?>
+
+
+<!-- stop info box -->
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_gui.inc b/config/snort-dev/snortsam-package-code/snort_gui.inc
new file mode 100644
index 00000000..d0a778ae
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_gui.inc
@@ -0,0 +1,83 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+//include_once("/usr/local/pkg/snort/snort.inc");
+
+function print_info_box_np2($msg) {
+ global $config, $g;
+
+ echo "<table height=\"32\" width=\"100%\">\n";
+ echo " <tr>\n";
+ echo " <td>\n";
+ echo " <div style='background-color:#990000' id='redbox'>\n";
+ echo " <table width='100%'><tr><td width='8%'>\n";
+ echo " &nbsp;&nbsp;&nbsp;<img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n";
+ echo " </td>\n";
+ echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n";
+ echo " </td>";
+ if(stristr($msg, "apply") == true) {
+ echo " <td>";
+ echo " <input name=\"apply\" type=\"submit\" class=\"formbtn\" id=\"apply\" value=\"Apply changes\">\n";
+ echo " </td>";
+ }
+ echo " </tr></table>\n";
+ echo " </div>\n";
+ echo " </td>\n";
+ echo "</table>\n";
+ echo "<script type=\"text/javascript\">\n";
+ echo "NiftyCheck();\n";
+ echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\");\n";
+ echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n";
+ echo "</script>\n";
+ echo "\n<br>\n";
+
+
+}
+
+if ($config['version'] >= 6) {
+ $helplink = '<li><a href="/snort/help_and_info.php"><span>Help</span></a>';
+}else{
+ $helplink = ' <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>';
+}
+
+?>
diff --git a/config/snort-dev/snortsam-package-code/snort_head.inc b/config/snort-dev/snortsam-package-code/snort_head.inc
new file mode 100644
index 00000000..2d5aadaa
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_head.inc
@@ -0,0 +1,148 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+/*
+ pfSense_MODULE: header
+*/
+
+/*
+ * if user has selected a custom template, use it.
+ * otherwise default to pfsense tempalte
+ */
+if (($g["disablethemeselection"] === true) && !empty($g["default_theme"]) && (is_dir($g["www_path"].'/themes/'.$g["default_theme"])))
+ $g['theme'] = $g["default_theme"];
+elseif($config['theme'] <> "" && (is_dir($g["www_path"].'/themes/'.$config['theme'])))
+ $g['theme'] = $config['theme'];
+else
+ $g['theme'] = "pfsense";
+
+/*
+ * If this device is an apple ipod/iphone
+ * switch the theme to one that works with it.
+ */
+$lowres_ua = array("iPhone","iPod", "iPad", "Android");
+foreach($lowres_ua as $useragent)
+ if(strstr($_SERVER['HTTP_USER_AGENT'], $useragent))
+ $g['theme'] = empty($g['theme_lowres']) ? "pfsense" : $g['theme_lowres'];
+
+$pagetitle = gentitle( $pgtitle );
+
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+ <title><?php echo($config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pagetitle); ?></title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+ <link rel="apple-touch-icon" href="/themes/<?php echo $g['theme']; ?>/apple-touch-icon.png"/>
+
+ <?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false &&
+ file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?>
+ <?php echo "<style type=\"text/css\" src=\"/themes/{$g['theme']}/wizard.css\"></style>"; ?>
+ <?php else: ?>
+ <link rel="stylesheet" href="/themes/<?php echo $g['theme']; ?>/all.css" media="all" />
+ <?php endif; ?>
+ <link rel="stylesheet" type="text/css" href="/niftycssCode.css">
+ <link rel="stylesheet" type="text/css" href="/niftycssprintCode.css" media="print">
+ <link rel="stylesheet" type="text/css" href="/themes/<?=$g['theme']?>/new_tab_menu.css" media="all">
+ <script type="text/javascript" src="/javascript/niftyjsCode.js"></script>
+ <script type="text/javascript">
+ var theme = "<?php echo $g['theme']; ?>";
+ </script>
+ <?php echo "\t<script type=\"text/javascript\" src=\"/themes/{$g['theme']}/loader.js\"></script>\n"; ?>
+
+<?php
+ //<!-- snort custom javascript and css -->
+ echo "\n";
+ include('/usr/local/pkg/snort/snort_headbase.inc');
+ echo "\n";
+ //<!-- snort custom javascript and css -->
+?>
+
+<?php
+ if($_GET['enablefirebuglite']) {
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/pi.js\"></script>\n";
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/firebug-lite.js\"></script>\n";
+ }
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/prototype.js\"></script>\n";
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/scriptaculous.js\"></script>\n";
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/effects.js\"></script>\n";
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/dragdrop.js\"></script>\n";
+ if(file_exists("{$g['www_path']}/javascript/global.js"))
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/global.js\"></script>\n";
+ /*
+ * Find all javascript files that need to be included
+ * for this page ... from the arrays ... :)
+ * Coded by: Erik Kristensen
+ */
+
+ $dir = trim(basename($_SERVER["SCRIPT_FILENAME"], '.php'));
+ $path = "{$g['www_path']}/javascript/" . $dir . "/";
+ if (is_dir($path)) {
+ if ($dh = opendir($path)) {
+ while (($file = readdir($dh)) !== false) {
+ if (is_dir($file))
+ continue;
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/{$dir}/{$file}\"></script>\n";
+ }
+ closedir($dh);
+ }
+ }
+
+
+if (!isset($closehead))
+ echo "</head>";
+
+/* If this page is being remotely managed then do not allow the loading of the contents. */
+if($config['remote_managed_pages']['item']) {
+ foreach($config['remote_managed_pages']['item'] as $rmp) {
+ if($rmp == $_SERVER['SCRIPT_NAME']) {
+ include("fbegin.inc");
+ print_info_box_np("This page is currently being managed by a remote machine.");
+ include("fend.inc");
+ exit;
+ }
+ }
+}
+
+?>
diff --git a/config/snort-dev/snortsam-package-code/snort_headbase.inc b/config/snort-dev/snortsam-package-code/snort_headbase.inc
new file mode 100644
index 00000000..33bbd0ee
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_headbase.inc
@@ -0,0 +1,73 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+?>
+
+<!-- START of Snort Package css and javascript -->
+
+<link rel="stylesheet" type="text/css" href="./css/style_snort2.css" media="all" />
+
+<script type="text/javascript" src="/snort/javascript/jquery-1.6.2.min.js"></script>
+<script type="text/javascript" src="/snort/javascript/snort_globalsend.js"></script>
+<script type="text/javascript" src="/snort/javascript/jquery.form.js"></script>
+<script type="text/javascript" src="/snort/javascript/jquery.progressbar.min.js"></script>
+
+<!-- STOP of Snort Package css and javascript -->
+
+
+<?php
+// this has to be loaded at the bottom
+$snort_custom_rnd_box = '
+<script type="text/javascript" >
+ /* makes boxes round */
+ /* load at bottom */
+ NiftyCheck();
+ Rounded("div#mainarea2","bl br tr","#FFF","#dddddd","smooth");
+ Rounded("div#mainarea3","bl br tr","#FFF","#dddddd","smooth");
+ Rounded("td#tdbggrey","bl br tr","#FFF","#dddddd","smooth");
+ Rounded("td#tdbggrey2","bl br tr","#FFF","#dddddd","smooth");
+ Rounded("div#mainarea4","all","#FFF","#dddddd","smooth");
+ Rounded("div#mainarea6","all","#FFF","#dddddd","smooth");
+ Rounded("div#mainarea5","all","#eeeeee","#dddddd","smooth");
+</script>
+';
+?> \ No newline at end of file
diff --git a/config/snort-dev/snortsam-package-code/snort_help_info.php b/config/snort-dev/snortsam-package-code/snort_help_info.php
new file mode 100644
index 00000000..616133ae
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_help_info.php
@@ -0,0 +1,353 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+ $pgtitle = 'Snort: Help and Info';
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+<style type="text/css">
+
+h1 {
+font-size: 3em;
+margin: 20px 0;
+}
+
+.container2 {
+width: 765px;
+margin: 0px auto;
+}
+ul.tabs {
+ margin: 0;
+ padding: 0;
+ float: left;
+ list-style: none;
+ height: 25px;
+ border-bottom: 1px solid #999;
+ border-left: 1px solid #999;
+ width: 100%;
+}
+ul.tabs li {
+ float: left;
+ margin: 0;
+ padding: 0;
+ height: 24px;
+ line-height: 24px;
+ border: 1px solid #000000;
+ border-left: none;
+ margin-bottom: -1px;
+ background: #ffffff;
+ overflow: hidden;
+ position: relative;
+}
+ul.tabs li a {
+ text-decoration: none;
+ color: #000000;
+ display: block;
+ font-size: 1.2em;
+ padding: 0 20px;
+ border: 1px solid #fff;
+ outline: none;
+}
+ul.tabs li a:hover {
+ background: #eeeeee;
+}
+
+html ul.tabs li.active, html ul.tabs li.active a:hover {
+ background: #fff;
+ border-bottom: 1px solid #fff;
+ color: #000000;
+}
+.tab_container {
+ border: 1px solid #999;
+ border-top: none;
+ clear: both;
+ float: left;
+ width: 100%;
+ background: #fff;
+ -moz-border-radius-bottomright: 5px;
+ -khtml-border-radius-bottomright: 5px;
+ -webkit-border-bottom-right-radius: 5px;
+ -moz-border-radius-bottomleft: 5px;
+ -khtml-border-radius-bottomleft: 5px;
+ -webkit-border-bottom-left-radius: 5px;
+}
+.tab_content {
+ padding: 0px 20px;
+ font-size: 1.2em;
+}
+.tab_content h2 {
+ font-weight: normal;
+ padding-bottom: 10px;
+ border-bottom: 1px dashed #ddd;
+ font-size: 1.8em;
+}
+.tab_content h3 a{
+ color: #254588;
+}
+.tab_content img {
+ position:relative;
+ left:-19px;
+ margin: 0 0px 0px 0;
+ border: 1px solid #ddd;
+ padding: 5px;
+}
+</style>
+
+<script type="text/javascript">
+
+jQuery(document).ready(function() {
+
+ //Default Action
+ jQuery(".tab_content").hide(); //Hide all content
+ jQuery("ul.tabs li:first").addClass("active").show(); //Activate first tab
+ jQuery(".tab_content:first").show(); //Show first tab content
+
+ //On Click Event
+ jQuery("ul.tabs li").click(function() {
+ jQuery("ul.tabs li").removeClass("active"); //Remove any "active" class
+ jQuery(this).addClass("active"); //Add "active" class to selected tab
+ jQuery(".tab_content").hide(); //Hide all tab content
+ var activeTab = jQuery(this).find("a").attr("href"); //Find the rel attribute value to identify the active tab + content
+ jQuery(activeTab).fadeIn(); //Fade in the active content
+ return false;
+ });
+
+});
+
+</script>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+
+<noscript>
+<div class="alert" ALIGN=CENTER><img src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong> Please enable JavaScript to view this content</strong></div>
+</noscript>
+
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <div class="container2">
+ <ul class="tabs">
+ <li><a href="#tab1">Home</a></li>
+ <li><a href="#tab2">Change Log</a></li>
+ <li><a href="#tab3">Getting Help</a></li>
+ <li><a href="#tab4">Heros</a></li>
+
+ </ul>
+ <div class="tab_container">
+ <div id="tab1" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p>
+ <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire's Snort ® IDS/IPS software. The Snort Package goal is to be
+ the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for
+ network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create
+ software.
+ </p>
+ <p>
+
+ <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and
+ can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port
+ scans, CGI attacks, SMB probes, and much more.
+ </p>
+ <p>
+ <font size="5"><strong>Requirements :</strong></font><br>
+ Minimum requirement 256 mb ram, 500 MHz CPU.<br>
+ Recommended 500 mb ram, 1 Ghz CPU.<br>
+ The more rules you run the more memory you need.<br>
+
+ The more interfaces you select the more memory you need.<br><br>
+ Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM).
+ </p>
+
+ </div>
+
+ <div id="tab2" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p><font size="5"><strong>Change Log</strong></font></p>
+
+ <p>Changes to this package can be viewed by following <a href="https://github.com/bsdperimeter/pfsense-packages/commits/master" target="_blank"><font size="2" color="#990000"><strong>pfSense packages repository</strong></font></a></p>
+
+ </div>
+
+ <div id="tab3" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+ <p><font size="5"><strong>Getting Help</strong></font></p>
+
+<p>
+<font size="2"><strong>Obtaining Support</strong></font><br>
+
+We provide several means of obtaining support for pfSense.
+</p>
+
+<p>
+<font color="#990000" size="4"><strong>Free Options</strong></font><br>
+Our free options include our <a href="http://forum.pfsense.org/" target="_blank"><font color="#990000"><strong>forum</strong></font></a>, <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71" target="_blank"><font color="#990000"><strong>mailing list</strong></font></a> , and <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=64&Itemid=72" target="_blank"><font color="#990000"><strong>IRC channel</strong></font></a>. Before using any of these resources, please review the Project Rules below.
+</p>
+
+<p>
+<font color="#990000" size="4"><strong>Commercial Support</strong></font><br>
+
+<a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>Commercial support</strong></font></a> is available from the company founded by the founders of the pfSense project, <a href="http://www.bsdperimeter.com/" target="_blank"><font color="#990000"><strong>BSD Perimeter</strong></font></a>. Phone and email support is available for <a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>support subscribers</strong></font></a> only.
+</p>
+
+<p>
+<font color="#990000" size="4"><strong>Project Rules</strong></font><br>
+To keep things orderly, and be fair to everyone, we must enforce these rules.
+</p>
+
+<p>
+Please do not post support questions to the blog comments. The comments are for discussion of the post, and letting people ask questions there would make a mess of the purpose of those comments. Any support questions will not be moderator approved.
+</p>
+
+<p>
+Please do not cross post questions between the forum and mailing list, unless your inquiry has gone unanswered for at least 24 hours. Do not bump your mailing list or forum posts for at least 24 hours. If you have not received a reply after more than 24 hours, you are welcome to bump your thread.
+</p>
+
+<p>
+Please do not email individuals, the coreteam address, or private message people on the forum to ask questions. We provide a wide variety of means for obtaining help in a public forum, where it helps others who have the same questions in the future. We don't have enough time to answer all the questions our users post in the public forums, much less via email and private messages. Since we cannot possibly reply to everyone's email and private messages, to be fair we will not reply to anyone. Individual attention via phone and email support is available for commercial support customers.
+</p>
+ </div>
+
+ <div id="tab4" class="tab_content">
+ <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2>
+
+
+ <p><font size="5"><strong>Heros</strong></font></p>
+
+ <p>Pfsense Snort Package users who have cared enough to donate to this project. I can't thank you enough for all your help. With-out your support I would have stoped long time ago.</p>
+
+ <p>If your not on this list PM me and I will add you. If you would like to be removed pm me and I will remove you.</p>
+
+ <p><font size="5"><strong>Names</strong></font></p>
+
+ <p>sandro tavella</p>
+ <p>João Kemp Filho</p>
+
+ <p>Julio Fumoso</p>
+ <p>Rolland Hart</p>
+ <p>DiMarco Technology Solutions Inc.</p>
+ <p>Brett Burley</p>
+ <p>Tomasz Iskra</p>
+ <p>Bruno Buchschacher</p>
+
+ <p>Marco Pannetto</p>
+ <p>Christopher Weakland</p>
+ <p>Antonio Riveros</p>
+ <p>DigitalJer</p>
+ <p>Serialdie</p>
+ <p>Dlawley</p>
+
+ <p>Onhel</p>
+ <p>Jerrygoldsmith</p>
+
+
+ </div>
+ </div>
+</div>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_install.inc b/config/snort-dev/snortsam-package-code/snort_install.inc
new file mode 100644
index 00000000..b227b347
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_install.inc
@@ -0,0 +1,429 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+// unset crsf checks
+if(isset($_POST['__csrf_magic'])) {
+ unset($_POST['__csrf_magic']);
+}
+
+require_once("pfsense-utils.inc");
+require_once("config.inc");
+require_once("functions.inc");
+
+/* Allow additional execution time 0 = no limit. */
+ini_set('max_execution_time', '9999');
+ini_set('max_input_time', '9999');
+
+function snort_postinstall()
+{
+ global $config;
+ conf_mount_rw();
+
+ /* find out if were in 1.2.3-RELEASE */
+ $pfsense_ver_chk = exec('/bin/cat /etc/version');
+ if ($pfsense_ver_chk == '1.2.3-RELEASE') {
+ $pfsense_stable = 'yes';
+ }else{
+ $pfsense_stable = 'no';
+ }
+
+ /* find out what arch where in x86 , x64 */
+ $snort_arch_ck = '';
+ exec('/usr/bin/uname -m', $snort_arch_ck);
+ if($snort_arch_ck[0] == 'i386') {
+ $snort_arch = 'x86';
+ }else{
+ $snort_arch = 'x64';
+ }
+
+ /* snort -> advanced features */
+ //$bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize'];
+ //$bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize'];
+ //$bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns'];
+
+ // create a few directories and ensure the sample files are in place
+ if(!file_exists('/usr/local/etc/snort')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort');
+ }
+
+ if(!file_exists('/usr/local/etc/snort/whitelist')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
+ }
+
+ if(!file_exists('/var/log/snort/run')) {
+ exec('/bin/mkdir -p /var/log/snort/run');
+ }
+
+ if(!file_exists('/var/log/snort/barnyard2')) {
+ exec('/bin/mkdir -p /var/log/snort/barnyard2/');
+ }
+
+ if(!file_exists('/usr/local/lib/snort/dynamicrules/')) {
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ }
+
+ // for snort2c, remove when snortsam is working
+ if(!file_exists('/var/db/whitelist')) {
+ touch('/var/db/whitelist');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/etc')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/etc');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/signatures')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/signatures');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snort_download')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snort_download');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/DB')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/custom_rules/rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules/rules');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/emerging_rules/rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules/rules');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules/rules');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/snort_rules/rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules/rules');
+ }
+
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/default/rules');
+ exec('/usr/bin/touch /usr/local/etc/snort/snortDBrules/DB/default/rules/local.rules');
+ }
+
+ // create and cp to tmp db dir
+ if (!file_exists('/var/snort/')) {
+ exec('/bin/mkdir -p /var/snort/');
+ }
+
+ if (file_exists('/usr/local/pkg/snort/snortDBtemp')) {
+ exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp');
+ }
+
+ // cleanup default files
+ if(file_exists('/usr/local/etc/snort/snort.conf-sample')) {
+ exec('/bin/rm /usr/local/etc/snort/classification.config-sample');
+ exec('/bin/mv /usr/local/etc/snort/classification.config /usr/local/etc/snort/etc/classification.config');
+ exec('/bin/rm /usr/local/etc/snort/gen-msg.map-sample');
+ exec('/bin/mv /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/etc/gen-msg.map');
+ exec('/bin/rm /usr/local/etc/snort/reference.config-sample');
+ exec('/bin/mv /usr/local/etc/snort/reference.config /usr/local/etc/snort/etc/reference.config');
+ exec('/bin/rm /usr/local/etc/snort/sid-msg.map-sample');
+ exec('/bin/mv /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/etc/sid-msg.map');
+ exec('/bin/rm /usr/local/etc/snort/snort.conf-sample');
+ exec('/bin/mv /usr/local/etc/snort/snort.conf /usr/local/etc/snort/etc/snort.conf');
+ exec('/bin/rm /usr/local/etc/snort/threshold.conf-sample');
+ exec('/bin/mv /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/etc/threshold.conf');
+ exec('/bin/rm /usr/local/etc/snort/unicode.map-sample');
+ exec('/bin/mv /usr/local/etc/snort/unicode.map /usr/local/etc/snort/etc/unicode.map');
+ exec('/bin/rm /usr/local/etc/snort/generators-sample');
+ exec('/bin/mv /usr/local/etc/snort/generators /usr/local/etc/snort/etc/generators');
+ exec('/bin/rm /usr/local/etc/snort/sid');
+ exec('/bin/rm /usr/local/etc/rc.d/snort');
+ exec('/bin/rm /usr/local/etc/rc.d/bardyard2');
+ }
+
+ // remove example files
+ if(file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) {
+ exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*');
+ }
+
+ if(file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) {
+ exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
+ }
+
+
+ // add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0
+ exec('/usr/sbin/pw groupadd snort -g 920');
+ exec('/usr/sbin/pw useradd snort -u 920 -c "Snort User" -d /nonexistent -g snort -s /sbin/nologin');
+
+ // if users have old log files delete them */
+ if(!file_exists('/var/log/snort/alert')) {
+ touch('/var/log/snort/alert');
+ }else{
+ exec('/bin/rm -rf /var/log/snort/*');
+ touch('/var/log/snort/alert');
+ }
+
+ // rm barnyard2 important */
+ if(!file_exists('/usr/local/bin/barnyard2')) {
+ exec('/bin/rm /usr/local/bin/barnyard2');
+ }
+
+ /* important */
+ exec('/usr/sbin/chown -R snort:snort /var/log/snort');
+ exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort');
+ exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort');
+ exec('/usr/sbin/chown -R snort:snort /var/snort');
+ exec('/usr/sbin/chown snort:snort /tmp/snort*');
+ exec('/usr/sbin/chown snort:snort /var/db/whitelist');
+ exec('/bin/chmod 660 /var/log/snort/alert');
+ exec('/bin/chmod 660 /var/db/whitelist');
+ exec('/bin/chmod -R 660 /usr/local/etc/snort/*');
+ exec('/bin/chmod -R 660 /tmp/snort*');
+ exec('/bin/chmod -R 660 /var/run/snort*');
+ exec('/bin/chmod -R 660 /var/snort/run/*');
+ exec('/bin/chmod 770 /usr/local/lib/snort');
+ exec('/bin/chmod 770 /usr/local/etc/snort');
+ exec('/bin/chmod 770 /usr/local/etc/whitelist');
+ exec('/bin/chmod 770 /var/log/snort');
+ exec('/bin/chmod 770 /var/log/snort/run');
+ exec('/bin/chmod 770 /var/log/snort/barnyard2');
+
+ /* move files around, make it look clean */
+ exec('/bin/mkdir -p /usr/local/www/snort/css');
+ exec('/bin/mkdir -p /usr/local/www/snort/images');
+ exec('/bin/mkdir -p /usr/local/www/snort/javascript');
+
+ chdir ("/usr/local/www/snort/css/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style_snort2.css');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/new_tab_menu.css');
+ chdir ("/usr/local/www/snort/images/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/arrow_down.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/awesome-overlay-sprite.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/controls.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer2.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-asc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-desc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/loading.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo22.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/page_white_text.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparent.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparentbg.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/close_9x9.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/new_tab_menu.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progress_bar2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progressbar.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/top_modal_bar_lil.jpg');
+ chdir ("/usr/local/www/snort/javascript/");
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.6.2.min.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.form.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/snort_globalsend.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.progressbar.min.js');
+
+ /* back to default */
+ chdir ('/root/');
+
+ // make sure snort-old is deinstalled
+ // remove when snort-old is removed
+ unset($config['installedpackages']['snort']);
+ unset($config['installedpackages']['snortdefservers']);
+ unset($config['installedpackages']['snortwhitelist']);
+ unset($config['installedpackages']['snortthreshold']);
+ unset($config['installedpackages']['snortadvanced']);
+ write_config();
+ conf_mount_rw();
+
+ // remake saved settings
+ // TODO: make sre this works in final release
+ /*
+ if($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
+ update_status(gettext("Saved settings detected..."));
+ update_output_window(gettext("Please wait... rebuilding files..."));
+ sync_snort_package_empty();
+ update_output_window(gettext("Finnished Rebuilding files..."));
+ }
+ */
+
+ conf_mount_ro();
+
+} // END of Post Install
+
+function snort_deinstall()
+{
+
+ global $config, $g;
+ conf_mount_rw();
+
+ // remove custom sysctl //
+ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
+
+ // decrease bpf buffers back to 4096, from 20480
+ exec('/sbin/sysctl net.bpf.bufsize=4096');
+
+ exec('/usr/usr/bin/killall snort');
+ sleep(2);
+ exec('/usr/usr/bin/killall -9 snort');
+ sleep(2);
+ exec('/usr/usr/bin/killall barnyard2');
+ sleep(2);
+ exec('/usr/usr/bin/killall -9 barnyard2');
+ sleep(2);
+
+ exec('/usr/sbin/pw userdel snort');
+ exec('/usr/sbin/pw groupdel snort');
+ exec('rm -rf /usr/local/etc/snort*');
+ exec('rm -rf /usr/local/pkg/snort*');
+ exec('rm -rf /usr/local/pkg/pf/snort*');
+
+ exec("cd /var/db/pkg && pkg_delete `ls | grep snort`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep perl-threaded`");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client-5.1.50_1`");
+ exec('rm -r /usr/local/bin/barnyard2');
+
+ // TODO: figure out how to detect pfsense packages that use the same freebsd pkckages and not deinstall
+ //exec("cd /var/db/pkg && pkg_delete `ls | grep perl`");
+ //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`");
+ //exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); // Never remove pcre or pfsense will break
+
+ // Remove snort cron entries Ugly code needs smoothness
+ // TODO: redo code because its a mess
+ function snort_rm_blocked_deinstall_cron($should_install)
+ {
+ global $config, $g;
+ conf_mount_rw();
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item)
+ {
+ if (strstr($item['command'], "snort2c"))
+ {
+ $is_installed = true;
+ break;
+ }
+
+ $x++;
+
+ }
+ if($is_installed == true)
+ {
+ if($x > 0)
+ {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+
+ configure_cron();
+
+ }
+ conf_mount_ro();
+
+ }
+
+ function snort_rules_up_deinstall_cron($should_install)
+ {
+ global $config, $g;
+ conf_mount_rw();
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ }
+ }
+
+ snort_rm_blocked_deinstall_cron("");
+ snort_rules_up_deinstall_cron("");
+
+
+ /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
+ /* Keep this as a last step */
+ if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') {
+ unset($config['installedpackages']['snortglobal']);
+ }
+ write_config();
+ conf_mount_rw();
+
+ exec('rm -rf /usr/local/www/snort');
+ exec('rm -rf /usr/local/lib/snort/');
+ exec('rm -rf /var/log/snort/');
+ exec('rm -rf /usr/local/pkg/snort');
+ exec('rm -rf /var/snort');
+
+ conf_mount_ro();
+
+}
+
+// make sure this func on writes to files and does not start snort */
+function sync_snort_package()
+{
+ global $config, $g;
+ conf_mount_rw();
+
+
+
+ conf_mount_ro();
+}
+
+?>
diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces.php b/config/snort-dev/snortsam-package-code/snort_interfaces.php
new file mode 100644
index 00000000..beb50f83
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_interfaces.php
@@ -0,0 +1,415 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+$new_ruleUUID = genAlphaNumMixFast(7, 8);
+
+$a_interfaces = snortSql_fetchAllInterfaceRules('SnortIfaces', 'snortDB');
+
+
+ $pgtitle = "Services: Snort 2.9.0.5 pkg v. 2.0";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<form id="iform" >
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <div style="width:750px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;">
+ <!-- START MAIN AREA -->
+
+ <!-- start snortsam -->
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="maintable77" >
+ <td colspan="2" valign="top" class="listtopic">SnortSam Status</td>
+ </tr>
+ </table>
+
+ <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <td class="list" colspan="8"></td>
+ <td class="list" valign="middle" nowrap>
+
+ <tr id="frheader" >
+ <td width="3%" class="list">&nbsp;</td>
+ <td width="10%" class="listhdrr2">SnortSam</td>
+ <td width="10%" class="listhdrr">Role</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="10%" class="listhdrr">Pass</td>
+ <td width="10%" class="listhdrr">Log</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="5%" class="list">&nbsp;</td>
+ <td width="5%" class="list">&nbsp;</td>
+
+
+ <tr valign="top" id="fr0">
+ <td class="listt">
+ <a href="?act=toggle&id=0"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="click to toggle start/stop snortsam"></a>
+ </td>
+ <td class="listbg" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">DISABLED</td>
+ <td class="listr" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">MASTER</td>
+ <td class="listr" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">3526</td>
+ <td class="listr" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">ENABLED</td>
+ <td class="listr" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">DISABLED</td>
+ <td class="listbg3" ondblclick="document.location='snort_interfaces_edit.php?id=0';"><font color="#ffffff">Mster IPs&nbsp;</td>
+ <td></td>
+ <td>
+ <a href="snort_interfaces_edit.php?id=0"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a>
+ </td>
+
+ </tr>
+ </tr>
+ </td>
+ <td class="list" colspan="8"></td>
+ </table>
+ <!-- stop snortsam -->
+<br>
+ <!-- start Interface Satus -->
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="maintable77" >
+ <td colspan="2" valign="top" class="listtopic2">Interface Status</td>
+ <td width="6%" colspan="2" valign="middle" class="listtopic3" >
+ <a href="snort_interfaces_edit.php?uuid=<?=$new_ruleUUID;?>">
+ <img style="padding-left:3px;" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add rule">
+ </a>
+ </td>
+ </tr>
+ </table>
+<br>
+ <!-- start User Interface -->
+ <?php
+ foreach ($a_interfaces as $list)
+ {
+ // make caps
+ $list['interface'] = strtoupper($list['interface']);
+ $list['performance'] = strtoupper($list['performance']);
+
+ // rename for GUI iface
+ $ifaceStat = ($list['enable'] == 'on' ? 'ENABLED' : 'DISABLED');
+ $blockStat = ($list['blockoffenders7'] == 'on' ? 'ENABLED' : 'DISABLED');
+ $logStat = ($list['snortunifiedlog'] == 'on' ? 'ENABLED' : 'DISABLED');
+ $barnyard2Stat = ($list['barnyard_enable'] == 'on' ? 'ENABLED' : 'DISABLED');
+
+
+ echo "
+ <div id=\"maintable_{$list['uuid']}\" data-options='{\"pagetable\":\"SnortIfaces\", \"pagedb\":\"snortDB\", \"DoPOST\":\"true\"}'>
+ ";
+ echo '
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="maintable77" >
+ ';
+ echo "
+ <td width=\"100%\" colspan=\"2\" valign=\"top\" class=\"listtopic\" >{$list['interface']} Interface Status &nbsp; ({$list['uuid']})</td>
+ ";
+ echo '
+ </tr>
+ </table>
+
+ <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <td class="list" colspan="8"></td>
+ <td class="list" valign="middle" nowrap>
+
+ <tr id="frheader" >
+ <td width="3%" class="list">&nbsp;</td>
+ <td width="11%" class="listhdrr2">Snort</td>
+ <td width="10%" class="listhdrr">If</td>
+ <td width="10%" class="listhdrr">Performance</td>
+ <td width="10%" class="listhdrr">Block</td>
+ <td width="10%" class="listhdrr">Log</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="5%" class="list">&nbsp;</td>
+ <td width="5%" class="list">&nbsp;</td>
+
+ <tr valign="top" id="fr0">
+ <td class="listt">
+ ';
+ echo "
+ <a href=\"?act=toggle&id=0\"><img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" width=\"13\" height=\"13\" border=\"0\" title=\"click to toggle start/stop snort\"></a>
+
+ </td>
+ <td class=\"listbg\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$ifaceStat}</td>
+ <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$list['interface']}</td>
+ <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$list['performance']}</td>
+ <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$blockStat}</td>
+ <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$logStat}</td>
+ <td class=\"listbg3\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\"><font color=\"#ffffff\">{$list['descr']}</td>
+ <td></td>
+ <td>
+ <a href=\"snort_interfaces_edit.php?uuid={$list['uuid']}\"><img src=\"/themes/{$g['theme']}/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"edit rule\"></a>
+ ";
+ echo '
+ </td>
+
+ </tr>
+ </tr>
+ </td>
+ <td class="list" colspan="8"></td>
+ </table>
+ <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <td class="list" colspan="8"></td>
+ <td class="list" valign="middle" nowrap>
+
+ <tr id="frheader" >
+ <td width="3%" class="list">&nbsp;</td>
+ <td width="10%" class="listhdrr2">Barnyard2</td>
+ <td width="10%" class="listhdrr">If</td>
+ <td width="10%" class="listhdrr">Sensor</td>
+ <td width="10%" class="listhdrr">Type</td>
+ <td width="10%" class="listhdrr">Log</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="5%" class="list">&nbsp;</td>
+ <td width="5%" class="list">&nbsp;</td>
+
+
+ <tr valign="top" id="fr0">
+ <td class="listt">
+ ';
+ echo "
+ <a href=\"?act=toggle&id=0\"><img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" width=\"13\" height=\"13\" border=\"0\" title=\"click to toggle start/stop barnyard2\"></a>
+ </td>
+ <td class=\"listbg\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">{$barnyard2Stat}</td>
+ <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">{$list['interface']}</td>
+ <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">{$list['uuid']}_{$list['interface']}</td>
+ <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">unified2</td>
+ <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">{$barnyard2Stat}</td>
+ <td class=\"listbg3\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\"><font color=\"#ffffff\">Mster IPs&nbsp;</td>
+ <td></td>
+ <td>
+ <img id=\"icon_x_{$list['uuid']}\" class=\"icon_click icon_x\" src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"delete rule\">
+ ";
+ echo '
+ </td>
+
+ </tr>
+ </tr>
+ </td>
+ <td class="list" colspan="8"></td>
+ </table>
+ <br>
+ </div>';
+ } // end of foreach main
+ ?>
+ <!-- stop User Interface -->
+
+ <!-- stop Interface Sat -->
+
+ <!-- STOP MAIN AREA -->
+ </div>
+ </td>
+ </tr>
+</table>
+</form>
+</div>
+
+<!-- start info box -->
+
+<br>
+
+<div style="background-color: #dddddd;" id="mainarea4">
+<div style="width:750px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;">
+<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>&nbsp;&nbsp;&nbsp;</td>
+ </tr>
+ <tr >
+ <td width="100%">
+ <span class="red"><strong>Note:</strong></span> <br>
+ This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings.
+ Please edit the <strong>Global Settings</strong> tab before adding an interface.
+ <br>
+ <br>
+ <span class="red"><strong>Warning:</strong></span>
+ <br>
+ <strong>New settings will not take effect until interface restart.</strong>
+ <br>
+ <br>
+ <table>
+ <tr>
+ <td>
+ <strong>Click</strong> on the
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon">
+ icon to add a interface.
+ </td>
+ <td>
+ <strong>Click</strong> on the
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon">
+ icon to <strong>start</strong> snort or barnyard2.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <strong>Click</strong> on the
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a
+ interface and settings.
+ </td>
+ <td>
+ <strong>Click</strong> on the
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon">
+ icon to <strong>stop</strong> snort or barnyard2.
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <strong> Click</strong> on the
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon">
+ icon to delete a interface and settings.
+ </td>
+ </tr>
+ <tr>
+ <td>&nbsp;&nbsp;&nbsp;</td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+</div>
+
+<!-- stop info box -->
+
+<!-- start snort footer -->
+
+<br>
+
+<div style="background-color: #dddddd;" id="mainarea6">
+<div style="width:750px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;">
+<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>&nbsp;&nbsp;&nbsp;</td>
+ </tr>
+ <tr >
+ <td width="100%">
+ <div id="footer2">
+ <table>
+ <tr>
+ <td style="padding-top: 40px;">
+ SNORT registered &#174; by Sourcefire, Inc, Barnyard2 registered &#174; by securixlive.com, Orion registered &#174; by Robert Zelaya,
+ Emergingthreats registered &#174; by emergingthreats.net, Mysql registered &#174; by Mysql.com
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td>&nbsp;&nbsp;&nbsp;</td>
+ </tr>
+</table>
+</div>
+</div>
+
+<!-- stop snort footer -->
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_edit.php b/config/snort-dev/snortsam-package-code/snort_interfaces_edit.php
new file mode 100644
index 00000000..ade5ade8
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_interfaces_edit.php
@@ -0,0 +1,536 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+ echo 'error: no uuid';
+ exit(0);
+}
+
+
+
+$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+
+$a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', '');
+
+if (!is_array($a_list)) {
+ $a_list = array();
+}
+
+$a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips');
+
+if (!is_array($a_whitelist)) {
+ $a_whitelist = array();
+}
+
+$a_suppresslist = snortSql_fetchAllWhitelistTypes('SnortSuppress', '');
+
+if (!is_array($a_suppresslist)) {
+ $a_suppresslist = array();
+}
+
+
+ $pgtitle = "Services: Snort: Interface Edit:";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+<!-- START page custom script -->
+<script language="JavaScript">
+
+// start a jQuery sand box
+jQuery(document).ready(function() {
+
+ // misc call after a good save
+ jQuery.fn.miscTabCall = function () {
+ jQuery('.hide_newtabmenu').show();
+ jQuery('#interface').attr("disabled", true);
+ };
+
+ // START disable option for snort_interfaces_edit.php
+ endis = !(jQuery('input[name=enable]:checked').val());
+
+ disableInputs=new Array(
+ "descr",
+ "performance",
+ "blockoffenders7",
+ "alertsystemlog",
+ "externallistname",
+ "homelistname",
+ "suppresslistname",
+ "tcpdumplog",
+ "snortunifiedlog",
+ "configpassthru"
+ );
+ <?php
+
+ if ($a_list['interface'] != '') {
+ echo '
+ jQuery(\'[name=interface]\').attr(\'disabled\', \'true\');
+ ';
+ }
+
+ // disable tabs if nothing in database
+ if ($a_list['uuid'] == '') {
+ echo '
+ jQuery(\'.hide_newtabmenu\').hide();
+ ';
+ }
+
+ ?>
+
+ if (endis) {
+ for (var i = 0; i < disableInputs.length; i++)
+ {
+ jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true');
+ }
+ }
+
+ jQuery("input[name=enable]").live('click', function() {
+
+ endis = !(jQuery('input[name=enable]:checked').val());
+
+ if (endis) {
+ for (var i = 0; i < disableInputs.length; i++)
+ {
+ jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true');
+ }
+ }else{
+ for (var i = 0; i < disableInputs.length; i++)
+ {
+ jQuery('[name=' + disableInputs[i] + ']').removeAttr('disabled');
+ }
+ }
+
+
+ });
+ // STOP disable option for snort_interfaces_edit.php
+
+
+}); // end of on ready
+
+</script>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 790px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_rulesets_ips.php?uuid=<?=$uuid;?>"><span>Ruleset Ips</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <form id="iform" name="iform" >
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDB" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_interfaces_edit" /> <!-- what interface tab -->
+ <input name="uuid" type="hidden" value="<?=$uuid; ?>" >
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Interface</td>
+ <td width="22%" valign="top" class="vtable">
+ &nbsp;
+ <input name="enable" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['enable'] == 'on' || $a_list['enable'] == '' ? 'checked' : '';?> ">
+ &nbsp;&nbsp;<span class="vexpl">Enable or Disable</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Interface</td>
+ <td width="78%" class="vtable">
+ <select id="interface" name="interface" class="formfld">
+
+ <?php
+ /* add group interfaces */
+ /* needs to be watched, dont know if new interfces will work */
+ if (is_array($config['ifgroups']['ifgroupentry']))
+ foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
+ if (have_ruleint_access($ifgen['ifname']))
+ $interfaces[$ifgen['ifname']] = $ifgen['ifname'];
+ $ifdescs = get_configured_interface_with_descr();
+ foreach ($ifdescs as $ifent => $ifdesc)
+ if(have_ruleint_access($ifent))
+ $interfaces[$ifent] = $ifdesc;
+ if ($config['l2tp']['mode'] == "server")
+ if(have_ruleint_access("l2tp"))
+ $interfaces['l2tp'] = "L2TP VPN";
+ if ($config['pptpd']['mode'] == "server")
+ if(have_ruleint_access("pptp"))
+ $interfaces['pptp'] = "PPTP VPN";
+
+ if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
+ $interfaces['pppoe'] = "PPPoE VPN";
+ /* add ipsec interfaces */
+ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
+ if(have_ruleint_access("enc0"))
+ $interfaces["enc0"] = "IPsec";
+ /* add openvpn/tun interfaces */
+ if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"])
+ $interfaces["openvpn"] = "OpenVPN";
+ $selected_interfaces = explode(",", $pconfig['interface']);
+ foreach ($interfaces as $iface => $ifacename)
+ {
+ echo "\n" . "<option value=\"$iface\"";
+ if ($a_list['interface'] == strtolower($ifacename)){echo " selected ";}
+ echo '>' . $ifacename . '</option>' . "\r";
+ }
+ ?>
+ </select>
+ <br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=$a_list['descr']?>">
+ <br>
+ <span class="vexpl">You may enter a description here for your reference (not parsed).</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Memory Performance</td>
+ <td width="78%" class="vtable">
+ <select name="performance" class="formfld" id="performance">
+
+ <?php
+ $memoryPerfList = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'aclowmem-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS');
+ snortDropDownList($memoryPerfList, $a_list['performance']);
+ ?>
+
+ </select>
+ <br>
+ <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate
+ memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.</span>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Choose the rule DB snort should use.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Rule DB</td>
+ <td width="78%" class="vtable">
+ <select name="ruledbname" class="formfld" id="ruledbname">
+
+ <?php
+ // find ruleDB names and value by uuid
+ $selected = '';
+ if ($a_list['ruledbname'] == 'default') {
+ $selected = 'selected';
+ }
+ echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r";
+ foreach ($a_rules as $value)
+ {
+ $selected = '';
+ if ($value['uuid'] == $a_list['ruledbname']) {
+ $selected = 'selected';
+ }
+
+ echo "\n" . '<option value="' . $value['uuid'] . '" ' . $selected . ' >' . strtoupper($value['ruledbname']) . '</option>' . "\r";
+ }
+ ?>
+
+ </select>
+ <br>
+ <span class="vexpl">Choose the rule database to use. &nbsp;<span class="red">Note:</span>&nbsp;Cahnges to this database are global.
+ <br>
+ <span class="red">WARNING:</span>&nbsp;Never change this when snort is running.</span>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Choose the networks snort should inspect and whitelist.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Home net</td>
+ <td width="78%" class="vtable">
+ <select name="homelistname" class="formfld" id="homelistname">
+
+ <?php
+ /* find homelist names and filter by type */
+ $selected = '';
+ if ($a_list['homelistname'] == 'default'){$selected = 'selected';}
+ echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r";
+ foreach ($a_whitelist as $value)
+ {
+ $selected = '';
+ if ($value['filename'] == $a_list['homelistname']){$selected = 'selected';};
+ if ($value['snortlisttype'] == 'netlist') // filter
+ {
+
+ echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r";
+
+ }
+ }
+ ?>
+
+ </select>
+ <br>
+ <span class="vexpl">Choose the home net you will like this rule to use. &nbsp;<span class="red">Note:</span>&nbsp;Default homenet adds only local networks.
+ <br>
+ <span class="red">Hint:</span>&nbsp;Most users add a list offriendly ips that the firewall cant see.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">External net</td>
+ <td width="78%" class="vtable">
+ <select name="externallistname" class="formfld" id="externallistname">
+
+ <?php
+ /* find externallist names and filter by type */
+ $selected = '';
+ if ($a_list['externallistname'] == 'default'){$selected = 'selected';}
+ echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r";
+ foreach ($a_whitelist as $value)
+ {
+ $selected = '';
+ if ($value['filename'] == $a_list['externallistname']){$selected = 'selected';}
+ if ($value['snortlisttype'] == 'netlist') // filter
+ {
+
+ echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r";
+
+ }
+ }
+ ?>
+
+ </select>
+ <br>
+ <span class="vexpl">Choose the external net you will like this rule to use.&nbsp;<span class="red">Note:</span>&nbsp;Default external net, networks that are not home net.
+ <br>
+ <span class="red">Hint:</span>&nbsp;Most users should leave this setting at default.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Block offenders</td>
+ <td width="78%" class="vtable">
+ <input name="blockoffenders7" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['blockoffenders7'] == 'on' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Checking this option will automatically block hosts that generate a Snort alerts with SnortSam.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Suppression and filtering</td>
+ <td width="78%" class="vtable">
+ <select name="suppresslistname" class="formfld" id="suppresslistname">
+
+ <?php
+ /* find suppresslist names and filter by type */
+ $selected = '';
+ if ($a_list['suppresslistname'] == 'default'){$selected = 'selected';}
+
+ echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r";
+
+ foreach ($a_suppresslist as $value)
+ {
+ $selected = '';
+ if ($value['filename'] == $a_list['suppresslistname']){$selected = 'selected';}
+
+ echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r";
+ }
+ ?>
+
+ </select>
+ <br>
+ <span class="vexpl">Choose the suppression or filtering file you will like this rule to use.&nbsp;<span class="red">
+ Note:</span>&nbsp;Default option disables suppression and filtering.</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Choose the types of logs snort should create.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Type of Unified Logging</td>
+ <td width="78%" class="vtable">
+ <select name="snortalertlogtype" class="formfld" id="snortalertlogtype">
+
+ <?php
+ $snortalertlogtypePerfList = array('full' => 'FULL', 'fast' => 'FAST', 'disable' => 'DISABLE');
+ snortDropDownList($snortalertlogtypePerfList, $a_list['snortalertlogtype']);
+ ?>
+
+ </select>
+ <br>
+ <span class="vexpl">Snort will log Alerts to a file in the UNIFIED format. Full is a requirement for the snort wigdet.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Send alerts to mainSystem logs</td>
+ <td width="78%" class="vtable">
+ <input name="alertsystemlog" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['alertsystemlog'] == 'on' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Snort will send Alerts to the Pfsense system logs.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td>
+ <td width="78%" class="vtable">
+ <input name="tcpdumplog" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['tcpdumplog'] == 'on' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which understands pcap file formats.
+ <span class="red"><strong>WARNING:</strong></span> File may become large.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log Alerts to a snort unified2 file</td>
+ <td width="78%" class="vtable">
+ <input name="snortunifiedlog" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['snortunifiedlog'] == 'on' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Arguments here will be automatically inserted into the snort configuration.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Advanced configuration pass through</td>
+ <td width="78%" class="vtable">
+ <textarea wrap="off" name="configpassthru" cols="75" rows="12" id="configpassthru" class="formpre2"><?=base64_decode($a_list['configpassthru']); ?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"></td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="Submit2" type="submit" class="formbtn" value="Start">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ Please save your settings before you click start.</span>
+ </td>
+ </tr>
+ </table>
+ </form>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_global.php b/config/snort-dev/snortsam-package-code/snort_interfaces_global.php
new file mode 100644
index 00000000..fd9d27d4
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_interfaces_global.php
@@ -0,0 +1,367 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+
+$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');
+
+$snortdownload_off = ($generalSettings['snortdownload'] == 'off' ? 'checked' : '');
+$snortdownload_on = ($generalSettings['snortdownload'] == 'on' ? 'checked' : '');
+$oinkmastercode = $generalSettings['oinkmastercode'];
+
+$emergingthreatsdownload_off = ($generalSettings['emergingthreatsdownload'] == 'off' ? 'checked' : '');
+$emergingthreatsdownload_basic = ($generalSettings['emergingthreatsdownload'] == 'basic' ? 'checked' : '');
+$emergingthreatsdownload_pro = ($generalSettings['emergingthreatsdownload'] == 'pro' ? 'checked' : '');
+$emergingthreatscode = $generalSettings['emergingthreatscode'];
+
+$updaterules = $generalSettings['updaterules'];
+
+$rm_blocked = $generalSettings['rm_blocked'];
+
+$snortloglimit_off = ($generalSettings['snortloglimit'] == 'off' ? 'checked' : '');
+$snortloglimit_on = ($generalSettings['snortloglimit'] == 'on' ? 'checked' : '');
+
+$snortloglimitsize = $generalSettings['snortloglimitsize'];
+
+$snortalertlogtype = $generalSettings['snortalertlogtype'];
+
+$forcekeepsettings_on = ($generalSettings['forcekeepsettings'] == 'on' ? 'checked' : '');
+
+$snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024);
+
+
+ $pgtitle = "Services: Snort: Global Settings";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <form id="iform" >
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDB" /> <!-- what db -->
+ <input type="hidden" name="dbTable" value="SnortSettings" /> <!-- what db table -->
+ <input type="hidden" name="ifaceTab" value="snort_interfaces_global" /> <!-- what interface tab -->
+
+ <tr id="maintable" data-options='{"pagetable":"SnortSettings"}'> <!-- db to lookup -->
+ <td colspan="2" valign="top" class="listtopic">Please Choose The Type Of Rules You Wish To Download</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2">
+ <input name="snortdownload" type="radio" id="snortdownloadoff" value="off" <?=$snortdownload_off;?> >
+ <span class="vexpl">Do <strong>NOT</strong> Install</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <input name="snortdownload" type="radio" id="snortdownloadon" value="on" <?=$snortdownload_on;?> >
+ <span class="vexpl">Install Basic Rules or Premium rules</span> <br>
+ </td>
+ </tr>
+ </table>
+ <table STYLE="padding-top: 5px">
+ <tr>
+ <td colspan="2">
+ <a class="vncell2" href="https://www.snort.org/signup" target="_blank" alt="Basic rules are free but 30 days old.">
+ Sign Up for a Basic Rule Account
+ </a><br><br>
+ <a class="vncell2" href="http://www.snort.org/vrt/buy-a-subscription" target="_blank" alt="Premium users receive rules 30 days faster than basic users.">
+ Sign Up for Sourcefire VRT Certified Premium Rules. This Is Highly Recommended
+ </a>
+ </td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top"><span class="vexpl">Oinkmaster code</span></td>
+ </tr>
+ <tr>
+ <td class="vncell2" valign="top"><span class="vexpl">Code</span></td>
+ <td class="vtable">
+ <input name="oinkmastercode" type="text"class="formfld2" id="oinkmastercode" size="52" value="<?=$oinkmastercode;?>" > <br>
+ <span class="vexpl">Obtain a snort.org Oinkmaster code and paste here.</span>
+ </td>
+ </table>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Install Emergingthreats rules</td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2">
+ <input name="emergingthreatsdownload" type="radio" id="emergingthreatsdownloadoff" value="off" <?=$emergingthreatsdownload_off;?> >
+ <span class="vexpl">Do <strong>NOT</strong> Install</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <input name="emergingthreatsdownload" type="radio" id="emergingthreatsdownloadon" value="basic" <?=$emergingthreatsdownload_basic;?> >
+ <span class="vexpl">Install <b>Basic</b> Rules: No need to register</span> <br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <input name="emergingthreatsdownload" type="radio" id="emergingthreatsprodownloadon" value="pro" <?=$emergingthreatsdownload_pro;?> >
+ <span class="vexpl">Install <b>Pro</b> rules: You need to register</span> <br>
+ </td>
+ </tr>
+ </table>
+ <table STYLE="padding-top: 5px">
+ <tr>
+ <td colspan="2">
+ <a class="vncell2" href="http://www.emergingthreatspro.com" target="_blank" alt="Premium users receive rules 30 days faster than basic users.">
+ Sign Up for Emerging Threats Pro Certified Premium Rules. This Is Highly Recommended
+ </a>
+ </td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top"><span class="vexpl">Pro rules code</span></td>
+ </tr>
+ <tr>
+ <td class="vncell2" valign="top"><span class="vexpl">Code</span></td>
+ <td class="vtable">
+ <input name="emergingthreatscode" type="text"class="formfld2" id="emergingthreatscode" size="52" value="<?=$emergingthreatscode;?>" > <br>
+ <span class="vexpl">Obtain a emergingthreatspro.com Pro rules code and paste here.</span>
+ </td>
+ </table>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell2"><span>Update rules automatically</span></td>
+ <td width="78%" class="vtable">
+ <select name="updaterules" class="formfld2" id="updaterules">
+ <?php
+ $updateDaysList = array('never' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS');
+ snortDropDownList($updateDaysList, $updaterules);
+ ?>
+ </select><br>
+ <span class="vexpl">
+ Please select the update times for rules.<br> Hint: in most cases, every 12 hours is a good choice.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><span>General Settings</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2"><span>Log Directory SizeLimit</span><br>
+ <br><br><br><br><br>
+ <span class="red"><strong>Note:</strong><br>Available space is <strong><?=$snortlogCurrentDSKsize; ?>MB</strong></span>
+ </td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2">
+ <input name="snortloglimit" type="radio" id="snortloglimiton" value="on" <?=$snortloglimit_on;?> >
+ <span class="vexpl"><strong>Enable</strong> directory size limit (Default)</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <input name="snortloglimit" type="radio" id="snortloglimitoff" value="off" <?=$snortloglimit_off ?> >
+ <span class="vexpl"><strong>Disable </strong>directory size limit</span><br><br>
+ <span class="vexpl red"><strong>Warning:</strong> Pfsense Nanobsd should use no more than 10MB of space.</span>
+ </td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="vncell3"><span>Size in <strong>MB</strong></span></td>
+ <td class="vtable">
+ <input name="snortloglimitsize" type="text" class="formfld2" id="snortloglimitsize" size="7" value="<?=$snortloglimitsize;?>">
+ <span class="vexpl">Default is <strong>20%</strong> of available space.</span>
+ </td>
+ </table>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2"><span>Remove blocked hosts every</span></td>
+ <td width="78%" class="vtable">
+ <select name="rm_blocked" class="formfld2" id="rm_blocked">
+ <?php
+ $BlockTimeReset = array('never' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS');
+ snortDropDownList($BlockTimeReset, $rm_blocked);
+ ?>
+ </select><br>
+ <span class="vexpl">Please select the amount of time you would likehosts to be blocked for.<br>Hint: in most cases, 1 hour is a good choice.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2"><span>Alerts file descriptiontype</span></td>
+ <td width="78%" class="vtable">
+ <select name="snortalertlogtype" class="formfld2" id="snortalertlogtype">
+ <?php
+ // TODO: make this option a check box with all log types
+ $alertLogTypeList = array('full' => 'FULL', 'fast' => 'SHORT');
+ snortDropDownList($alertLogTypeList, $snortalertlogtype)
+ ?>
+ </select><br>
+ <span class="vexpl">Please choose the type of Alert logging you will like see in your alert file.<br> Hint: Best pratice is to chose full logging.</span>&nbsp;
+ <span class="red"><strong>WARNING:</strong></span>&nbsp;<strong>On change, alert file will be cleared.</strong>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2"><span>Keep snort settings after deinstall</span></td>
+ <td width="22%" class="vtable">
+ <input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="on" <?=$forcekeepsettings_on;?> >
+ <span class="vexpl">Settings will not be removed during deinstall.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2"><span>Save Settings</span></td>
+ <td width="30%" class="vtable">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ </form>
+ <form id="iform2" >
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ <input name="Reset" type="submit" class="formbtn" value="Reset" onclick="return confirm('Do you really want to remove all your settings ? All Snort Settings will be reset !')" >
+ <input type="hidden" name="reset_snortgeneralsettings" value="1" />
+ <span class="vexpl red"><strong>&nbsp;WARNING:</strong><br> This will reset all global and interface settings.</span>
+ </td>
+ <td class="vtable">
+ <span class="vexpl red"><strong>Note:</strong></span><br>
+ <span class="vexpl">Changing any settings on this page will affect all interfaces. Please, double check if your oink code is correct and the type of snort.org account you hold.</span>
+ </td>
+ </tr>
+ </form>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_rules.php b/config/snort-dev/snortsam-package-code/snort_interfaces_rules.php
new file mode 100644
index 00000000..12f9cec0
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_interfaces_rules.php
@@ -0,0 +1,289 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+$a_rules = array();
+$a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', '');
+
+ if (!is_array($a_rules)) {
+ $a_rules = array();
+ }
+
+ if ($a_rules == 'Error') {
+ echo 'Error';
+ exit(0);
+ }
+
+ // list rules in db that are on in a array
+ $listOnRules = array();
+ $listOnRules = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'All', '');
+
+ $listUsedRules = array();
+ foreach ($listOnRules as $listOnRule)
+ {
+
+ $listUsedRules[] = $listOnRule['ruledbname'];
+
+ }
+ unset($listOnRules);
+
+ $pgtitle = "Services: Snort: Rules";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0px" cellpadding="10px" cellspacing="0px">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0px" cellpadding="0px" cellspacing="0px">
+ <!-- START MAIN AREA -->
+
+ <table width="100%">
+ <tr > <!-- db to lookup -->
+ <td width="25%" class="listhdrr">File Name</td>
+ <td width="60%" class="listhdr">Description</td>
+ </tr>
+ </table>
+
+ <table width="100%">
+
+
+
+ <table width="100%" >
+
+
+ <tr id="maintable_default" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' >
+ <td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">Default</td>
+ <td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">
+ <font color="#FFFFFF">Default rule database&nbsp;</font>
+ </td>
+
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="2">
+ <?php
+ /*
+ * TODO: Must add snort process id to the rest disable block
+ * Example: only disable reset when snort is running and database is selected
+ */
+ if (in_array('default', $listUsedRules)) {
+ $resetObjectDf = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >';
+ }else{
+ $resetObjectDf = '<img id="icon_r_default" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >';
+ }
+
+ ?>
+ <tr>
+ <td valign="middle">
+ <a href="snort_interfaces_rules_edit.php?rdbuuid=default"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a>
+ </td>
+ <td>
+ <?=$resetObjectDf; ?>
+ </td>
+ <td>
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" >
+ </td>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+ <?php foreach ($a_rules as $list): ?>
+
+ <?php
+ /*
+ * TODO: Must add snort process id to the rest disable block
+ * Example: only disable reset when snort is running and database is selected
+ */
+ if (in_array($list['uuid'], $listUsedRules)) {
+ $deleteObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" >';
+ }else{
+ $deleteObject = '<img id="icon_x_' . $list['uuid'] . '" class="icon_click icon_x" src="/themes/' . $g['theme'] . '/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete database" >';
+ }
+
+ if (in_array($list['uuid'], $listUsedRules)) {
+ $resetObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >';
+ }else{
+ $resetObject = '<img id="icon_r_' . $list['uuid'] . '" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >';
+ }
+
+ ?>
+
+ <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' >
+ <td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"><?=$list['ruledbname'];?></td>
+ <td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?>&nbsp;</font>
+ </td>
+
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="2">
+ <tr>
+ <td valign="middle">
+ <a href="snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a>
+ </td>
+ <td>
+ <?=$resetObject; ?>
+ </td>
+ <td>
+ <?=$deleteObject; ?>
+ </td>
+ </tr>
+ </table>
+ </td>
+
+ </tr>
+ <?php $i++; endforeach; ?>
+
+ </table>
+
+ <table width="100%">
+ <tr>
+ <td class="list" width="97%" valign="middle" width="17">&nbsp;</td>
+ <td width="3%" ></td>
+ <td class="list" valign="middle"><a href="snort_interfaces_rules_edit.php?rdbuuid=<?=genAlphaNumMixFast(11, 12);?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new database"></a></td>
+ </tr>
+ </table >
+
+ </table>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+
+ </table>
+ </td>
+ </tr>
+</table>
+
+<!-- 2nd box note -->
+<br>
+<div id=mainarea4>
+<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <td width="100%">
+ <span class="vexpl">
+ <span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">
+ Here you can create rule databases that can be used on multiple interfaces.<br><br>
+
+ Please note that you must restart a running rule so that changes can take effect.<br><br>
+
+ You may only delete rule databases that are not asigned to an interface.<br>
+ </span></p>
+ </td>
+</table>
+</div>
+
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_rules_edit.php b/config/snort-dev/snortsam-package-code/snort_interfaces_rules_edit.php
new file mode 100644
index 00000000..be6467bc
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_interfaces_rules_edit.php
@@ -0,0 +1,282 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+if (isset($_GET['rdbuuid'])) {
+ $rdbuuid = $_GET['rdbuuid'];
+}else{
+ $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+ $rdbuuid = $ruledbname_pre1['ruledbname'];
+}
+
+if ($rdbuuid !== 'default') {
+
+ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid);
+
+ // $a_list returns empty use defaults
+ if ($a_list == '') {
+
+ $a_list = array(
+ 'id' => '',
+ 'date' => date(U),
+ 'uuid' => $rdbuuid,
+ 'ruledbname' => '',
+ 'description' => ''
+
+ );
+
+ }
+
+}
+
+if ($rdbuuid === 'default') {
+
+ // $a_list returns empty use defaults
+ if ($a_list == '') {
+
+ $a_list = array(
+ 'id' => '1',
+ 'date' => date(U),
+ 'uuid' => $rdbuuid,
+ 'ruledbname' => 'default',
+ 'description' => 'Default database'
+
+ );
+
+ }
+
+}
+
+if ( !empty($a_list['id']) ) {
+ $disabled = 'disabled="disabled"';
+}else{
+ $disabled = '';
+}
+
+if ( $rdbuuid === 'default' ) {
+ $disabled_ckbox = 'disabled="disabled"';
+}else{
+ $disabled_ckbox = '';
+}
+
+
+ $pgtitle = 'Services: Snort: Rules: Edit: ' . $rdbuuid;
+ include('/usr/local/pkg/snort/snort_head.inc');
+
+?>
+
+<!-- START page custom script -->
+<script language="JavaScript">
+
+// start a jQuery sand box
+jQuery(document).ready(function() {
+
+ // misc call after a good save
+ jQuery.fn.miscTabCall = function () {
+ jQuery('.hide_newtabmenu').show();
+ jQuery('#ruledbname').attr("disabled", true);
+ };
+
+ <?php
+ // disable tabs if nothing in database
+ if ($a_list['id'] == '') {
+ echo '
+ jQuery(\'.hide_newtabmenu\').hide();
+ ';
+ }
+ ?>
+
+
+}); // end of on ready
+
+</script>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=<?=$rdbuuid;?>"><span>Rules DB Edit</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_rulesets.php?rdbuuid=<?=$rdbuuid;?>"><span>Categories</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_rules.php?rdbuuid=<?=$rdbuuid;?>"><span>Rules</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_rulesets_ips.php?rdbuuid=<?=$rdbuuid;?>"><span>Ruleset Ips</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <!-- table point -->
+ <form id="iform">
+ <input name="snortSaveSettings" type="hidden" value="1" />
+ <input name="ifaceTab" type="hidden" value="snort_interfaces_rules_edit" />
+ <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db -->
+ <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table -->
+ <input name="date" type="hidden" value="<?=$a_list['date'];?>" />
+ <input name="uuid" type="hidden" value="<?=$a_list['uuid'];?>" />
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and description of the rule DB</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq2">Name</td>
+ <td class="vtable">
+ <input class="formfld2" name="ruledbname" type="text" id="ruledbname" size="40" value="<?=$a_list['ruledbname'] ?>" <?=$disabled?> /> <br />
+ <span class="vexpl"> The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Description</td>
+ <td width="78%" class="vtable">
+ <input class="formfld2" name="description" type="text" id="description" size="40" value="<?=$a_list['description'] ?>" <?=$disabled_ckbox?> /> <br />
+ <span class="vexpl"> You may enter a description here for your reference (not parsed). </span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">
+ Examples:
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vncell2">
+ <span class="red"><b>NOTE: </b></span>Rule DB will not be active until snort sensor restart. <br>
+ </td>
+ </tr>
+ </table>
+ <tr>
+ <?php
+ if ($rdbuuid !== 'default') {
+ echo '
+ <td style="padding-left: 10px;">
+ <input name="Submit" type="submit" class="formbtn" value="Save" >
+ <input id="cancel" type="button" class="formbtn" value="Cancel" >
+ </td>
+ ';
+ }
+ ?>
+ </tr>
+</form>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_suppress.php b/config/snort-dev/snortsam-package-code/snort_interfaces_suppress.php
new file mode 100644
index 00000000..977dcf2d
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_interfaces_suppress.php
@@ -0,0 +1,211 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+
+$a_suppress = snortSql_fetchAllWhitelistTypes('SnortSuppress', '');
+
+ if (!is_array($a_suppress))
+ {
+ $a_suppress = array();
+ }
+
+
+ if ($a_suppress == 'Error')
+ {
+ echo 'Error';
+ exit(0);
+ }
+
+ $pgtitle = "Services: Snort: Suppression";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <tr> <!-- db to lookup -->
+ <td width="30%" class="listhdrr">File Name</td>
+ <td width="70%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php foreach ($a_suppress as $list): ?>
+ <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"SnortSuppress", "pagedb":"snortDB", "DoPOST":"true"}' >
+ <td class="listlr" ondblclick="document.location='snort_interfaces_suppress_edit.php?uuid=<?=$list['uuid'];?>'"><?=$list['filename'];?></td>
+ <td class="listbg" ondblclick="document.location='snort_interfaces_suppress_edit.php?uuid=<?=$list['uuid'];?>'">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?>&nbsp;
+ </td>
+ <td></td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle">
+ <a href="snort_interfaces_suppress_edit.php?uuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit suppress list"></a>
+ </td>
+ <td>
+ <img id="icon_x_<?=$list['uuid'];?>" class="icon_click icon_x" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" >
+ </a>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a href="snort_interfaces_suppress_edit.php?uuid=<?=genAlphaNumMixFast(28, 28);?> "><img src="/themes/nervecenter/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+
+ </table>
+ </td>
+ </tr>
+</table>
+
+<!-- 2nd box note -->
+<br>
+<div id=mainarea4>
+<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <td width="100%">
+ <span class="vexpl">
+ <span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">
+ Here you can create event filtering and suppression for your snort package rules.<br>
+ Please note that you must restart a running rule so that changes can take effect.<br>
+ </span></p>
+ </td>
+</table>
+</div>
+
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_suppress_edit.php b/config/snort-dev/snortsam-package-code/snort_interfaces_suppress_edit.php
new file mode 100644
index 00000000..e9f23254
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_interfaces_suppress_edit.php
@@ -0,0 +1,231 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+ echo 'error: no uuid';
+ exit(0);
+}
+
+$a_list = snortSql_fetchAllSettings('snortDB', 'SnortSuppress', 'uuid', $uuid);
+
+
+// $a_list returns empty use defaults
+if ($a_list == '')
+{
+
+ $a_list = array(
+ 'id' => '',
+ 'date' => date(U),
+ 'uuid' => $uuid,
+ 'filename' => '',
+ 'description' => '',
+ 'suppresspassthru' => ''
+
+ );
+
+}
+
+
+
+
+ $pgtitle = 'Services: Snort: Suppression: Edit';
+ include('/usr/local/pkg/snort/snort_head.inc');
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<form id="iform">
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <!-- table point -->
+ <input name="snortSaveSuppresslist" type="hidden" value="1" />
+ <input name="ifaceTab" type="hidden" value="snort_interfaces_suppress_edit" />
+ <input type="hidden" name="dbName" value="snortDB" /> <!-- what db -->
+ <input type="hidden" name="dbTable" value="SnortSuppress" /> <!-- what db table -->
+ <input name="date" type="hidden" value="<?=$a_list['date'];?>" />
+ <input name="uuid" type="hidden" value="<?=$a_list['uuid'];?>" />
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name anddescription of the file.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq2">Name</td>
+ <td class="vtable">
+ <input class="formfld2" name="filename" type="text" id="filename" size="40" value="<?=$a_list['filename'] ?>" /> <br />
+ <span class="vexpl"> The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Description</td>
+ <td width="78%" class="vtable">
+ <input class="formfld2" name="description" type="text" id="description" size="40" value="<?=$a_list['description'] ?>" /> <br />
+ <span class="vexpl"> You may enter a description here for your reference (not parsed). </span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">
+ Examples:
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vncell2">
+ <b>Example 1;</b> suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br>
+ <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit,track by_src, count 1, seconds 60<br>
+ <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10
+ </td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">
+ Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'.
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vncelltextbox">
+ <textarea wrap="off" name="suppresspassthru" cols="101" rows="28" id="suppresspassthru" class="formfld2"><?=base64_decode($a_list['suppresspassthru']); ?></textarea>
+ </td>
+ </tr>
+ </table>
+ <tr>
+ <td style="padding-left: 160px;">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ </form>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist.php b/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist.php
new file mode 100644
index 00000000..3167b65f
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist.php
@@ -0,0 +1,241 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+
+$a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips');
+
+ if (!is_array($a_whitelist))
+ {
+ $a_whitelist = array();
+ }
+
+ if ($a_whitelist == 'Error')
+ {
+ echo 'Error';
+ exit(0);
+ }
+
+ $pgtitle = "Services: Snort: Whitelist";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <tr> <!-- db to lookup -->
+ <td width="20%" class="listhdrr">File Name</td>
+ <td width="45%" class="listhdrr">Values</td>
+ <td width="35%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php foreach ($a_whitelist as $list): ?>
+ <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"SnortWhitelist", "pagedb":"snortDB", "DoPOST":"true"}' >
+ <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>'"><?=$list['filename'];?></td>
+ <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>'">
+ <?php
+ $a = 0;
+ $countList = count($list['list']);
+ foreach ($list['list'] as $value)
+ {
+
+ $a++;
+
+ if ($a != $countList || $countList == 1)
+ {
+ echo $value['ip'];
+ }
+
+ if ($a > 0 && $a != $countList)
+ {
+ echo ',' . ' ';
+ }else{
+ echo ' ';
+ }
+
+ } // end foreach
+
+ if ($a > 3)
+ {
+ echo '...';
+ }
+ ?>
+ </td>
+ <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>'">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle">
+ <a href="snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit whitelist"></a>
+ </td>
+ <td>
+ <img id="icon_x_<?=$list['uuid'];?>" class="icon_click icon_x" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" >
+ </a>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?uuid=<?=genAlphaNumMixFast(28, 28);?> "><img src="/themes/nervecenter/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+
+ </table>
+ </td>
+ </tr>
+</table>
+
+<!-- 2nd box note -->
+<br>
+<div id=mainarea4>
+<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <td width="100%">
+ <span class="vexpl">
+ <span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">
+ Here you can create whitelist files for your snort package rules.<br>
+ Please add all the ips or networks you want to protect against snort block decisions.<br>
+ Remember that the default whitelist only includes local networks.<br>
+ Be careful, it is very easy to get locked out of you system.
+ </span></p>
+ </td>
+</table>
+</div>
+
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist_edit.php b/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist_edit.php
new file mode 100644
index 00000000..dbdbb649
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist_edit.php
@@ -0,0 +1,341 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once('guiconfig.inc');
+require_once('/usr/local/pkg/snort/snort_new.inc');
+require_once('/usr/local/pkg/snort/snort_gui.inc');
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+//$GLOBALS['csrf']['rewrite-js'] = false;
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+ echo 'error: no uuid';
+ exit(0);
+}
+
+$a_list = snortSql_fetchAllSettings('snortDB', 'SnortWhitelist', 'uuid', $uuid);
+
+// $a_list returns empty use defaults
+if ($a_list == '')
+{
+
+ $a_list = array(
+ 'id' => '',
+ 'date' => date(U),
+ 'uuid' => $uuid,
+ 'filename' => '',
+ 'snortlisttype' => 'whitelist',
+ 'description' => '',
+ 'wanips' => 'on',
+ 'wangateips' => 'on',
+ 'wandnsips' => 'on',
+ 'vips' => 'on',
+ 'vpnips' => 'on'
+ );
+
+}
+
+$listFilename = $a_list['filename'];
+
+$a_list['list'] = snortSql_fetchAllSettingsList('SnortWhitelistips', $listFilename);
+
+$wanips_chk = $a_list['wanips'];
+$wanips_on = ($wanips_chk == 'on' ? 'checked' : '');
+
+$wangateips_chk = $a_list['wangateips'];
+$wangateips_on = ($wangateips_chk == 'on' ? 'checked' : '');
+
+$wandnsips_chk = $a_list['wandnsips'];
+$wandnsips_on = ($wandnsips_chk == 'on' ? 'checked' : '');
+
+$vips_chk = $a_list['vips'];
+$vips_on = ($vips_chk == 'on' ? 'checked' : '');
+
+$vpnips_chk = $a_list['vpnips'];
+$vpnips_on = ($vpnips_chk == 'on' ? 'checked' : '');
+
+
+
+ $pgtitle = "Services: Snort: Whitelist Edit";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<form id="iform">
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <!-- table point -->
+ <input name="snortSaveWhitelist" type="hidden" value="1" />
+ <input name="ifaceTab" type="hidden" value="snort_interfaces_whitelist_edit" />
+ <input type="hidden" name="dbName" value="snortDB" /> <!-- what db -->
+ <input type="hidden" name="dbTable" value="SnortWhitelist" /> <!-- what db table -->
+ <input name="date" type="hidden" value="<?=$a_list['date'];?>" />
+ <input name="uuid" type="hidden" value="<?=$a_list['uuid'];?>" />
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td>
+
+ </tr>
+ <tr id="filename" data-options='{"filename":"<?=$listFilename; ?>"}' >
+ <td valign="top" class="vncellreq2">Name</td>
+ <td class="vtable">
+ <input class="formfld2" name="filename" type="text" id="name" size="40" value="<?=$listFilename; ?>" /> <br />
+ <span class="vexpl"> The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Description</td>
+ <td width="78%" class="vtable">
+ <input class="formfld2" name="description" type="text" id="descr" size="40" value="<?=$a_list['description']; ?>" /> <br />
+ <span class="vexpl"> You may enter a description here for your reference (not parsed). </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">List Type</td>
+ <td width="78%" class="vtable">
+ <div style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"id="itemhelp">
+ <strong>WHITELIST:</strong>&nbsp;&nbsp;&nbsp;This list specifies addresses that Snort Package should not block.<br><br>
+ <strong>NETLIST:</strong>&nbsp;&nbsp;&nbsp;This list is for defining addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.
+ </div>
+ <select name="snortlisttype" class="formfld2" id="snortlisttype">
+ <?php
+ $updateDaysList = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST');
+ snortDropDownList($updateDaysList, $a_list['snortlisttype']);
+ ?>
+ </select>
+ <span class="vexpl"> &nbsp;&nbsp;&nbsp;Choose the type of list you will like see in your <span class="red">Interface Edit Tab</span>.</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add auto generated ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">WAN IPs</td>
+ <td width="78%" class="vtable">
+ <input name="wanips" type="checkbox" id="wanips" size="40" value="on" <?=$wanips_on; ?> />
+ <span class="vexpl"> Add WAN IPs to the list. </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Wan Gateways</td>
+ <td width="78%" class="vtable">
+ <input name="wangateips" type="checkbox" id="wangateips" size="40" value="on" <?=$wangateips_on; ?> />
+ <span class="vexpl"> Add WAN Gateways to the list. </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Wan DNS servers</td>
+ <td width="78%" class="vtable">
+ <input name="wandnsips" type="checkbox" id="wandnsips" size="40" value="on" <?=$wandnsips_on; ?> />
+ <span class="vexpl"> Add WAN DNS servers to the list. </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td>
+ <td width="78%" class="vtable">
+ <input name="vips" type="checkbox" id="vips" size="40" value="on" <?=$vips_on; ?> />
+ <span class="vexpl"> Add Virtual IP Addresses to the list. </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">VPNs</td>
+ <td width="78%" class="vtable">
+ <input name="vpnips" type="checkbox" id="vpnips" size="40" value="on" <?=$vpnips_on; ?> />
+ <span class="vexpl"> Add VPN Addresses to the list. </span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add your own custom ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">
+ <div id="addressnetworkport">IP or CIDR items</div>
+ </td>
+ <td width="78%" class="vtable">
+ <table >
+ <tbody class="insertrow">
+ <tr>
+ <td colspan="4">
+ <div style="width:550px; padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"id="itemhelp">
+ For <strong>WHITELIST's</strong> enter <strong>ONLY IPs not CIDRs</strong>. Example: 192.168.4.1<br><br>
+ For <strong>NETLIST's</strong> you may enter <strong>IPs and CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="onecolumn" style="width:175px;"><span class="vexpl">IP or CIDR</span></div>
+ </td>
+ <td>
+ <div id="threecolumn"><span class="vexpl">Add a Description or leave blank and a date will be added.</span></div>
+ </td>
+ </tr>
+ </tbody>
+ <!-- Start of js loop -->
+ <tbody id="listloopblock" class="insertrow">
+ <?php echo "\r"; $i = 0; foreach ($a_list['list'] as $list): ?>
+ <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"SnortWhitelist", "pagedb":"snortDB", "DoPOST":"false"}' >
+ <td>
+ <input class="formfld2" name="list[<?=$i; ?>][ip]" type="text" id="address" size="30" value="<?=$list['ip']; ?>" />
+ </td>
+ <td>
+ <input class="formfld2" name="list[<?=$i; ?>][description]" type="text" id="detail" size="50" value="<?=$list['description'] ?>" />
+ </td>
+ <td>
+ <img id="icon_x_<?=$list['uuid'];?>" class="icon_click icon_x" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" >
+ </td>
+ <input name="list[<?=$i; ?>][uuid]" type="hidden" value="<?=$list['uuid'];?>" />
+ </tr>
+ <?php echo "\r"; $i++; endforeach; ?>
+ </tbody>
+ <!-- End of js loop -->
+ <tbody>
+ <tr>
+ <td>
+ </td>
+ <td>
+ </td>
+ <td>
+ <img id="iconplus_<?=$i;?>" class="icon_click icon_plus" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add list" >
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
+ <input id="cancel" name="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ </form>
+
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_json_get.php b/config/snort-dev/snortsam-package-code/snort_json_get.php
new file mode 100644
index 00000000..92058a75
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_json_get.php
@@ -0,0 +1,137 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// get json blocls sids
+if ($_GET['snortsamjson'] == 1) {
+
+ exec('cat /usr/local/etc/snort/sn_6TPXv7a/rules/dbBlockSplit/splitSidblock_' . $_GET['fileid'] . '.block', $output);
+ echo $output[0];
+
+}
+
+
+// upload created log tar to user
+if ($_GET['snortGetUpdate'] == 1) {
+
+ $tmpfname = "/usr/local/etc/snort/snort_download";
+ $snort_filename = "snortrules-snapshot-2905.tar.gz";
+
+
+ $snortSessionPath = $_SESSION['tmp']['snort']['snort_download_updates'];
+
+ if (!file_exists("{$tmpfname}/{$snort_filename}")) {
+
+ if ($snortSessionPath['download']['working'] != '1') {
+ unset($_SESSION['tmp']);
+ $snortSessionPath['download']['working'] = '1';
+ sendUpdateSnortLogDownload();
+ }
+
+ }
+
+ $time = time();
+ while((time() - $time) < 30)
+ {
+
+ // query memcache, database, etc. for new data
+ $data = $datasource->getLatest();
+
+ // if we have new data return it
+ if(!empty($data)) {
+ echo json_encode($data);
+ ob_flush();
+ flush();
+ break;
+ }
+
+ usleep(25000);
+ }
+
+} // end main if
+
+
+
+// upload created log tar to user
+if ($_GET['snortlogdownload'] == 1) {
+
+ sendFileSnortLogDownload();
+
+}
+
+
+// send Json sid string
+if ($_GET['snortGetSidString'] == 1) {
+
+ // unset
+ unset($_GET['snortGetSidString']);
+
+ // get the SID string from file
+ sendSidStringRuleEditGUI();
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+?> \ No newline at end of file
diff --git a/config/snort-dev/snortsam-package-code/snort_json_post.php b/config/snort-dev/snortsam-package-code/snort_json_post.php
new file mode 100644
index 00000000..418a90be
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_json_post.php
@@ -0,0 +1,568 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_build.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// unset crsf checks
+if(isset($_POST['__csrf_magic'])) {
+ unset($_POST['__csrf_magic']);
+}
+
+
+function snortJsonReturnCode($returnStatus)
+{
+ if ($returnStatus == true) {
+ echo '{"snortgeneralsettings":"success","snortMiscTabCall":"true"}';
+ return true;
+ }else{
+ echo '{"snortgeneralsettings":"fail"}';
+ return false;
+ }
+}
+
+// row from db by uuid
+if ($_POST['snortSidRuleEdit'] == 1) {
+
+ function snortSidRuleEditFunc()
+ {
+
+ unset($_POST['snortSidRuleEdit']);
+ snortSidStringRuleEditGUI();
+
+ } snortSidRuleEditFunc();
+
+}
+
+
+// row from db by uuid
+if ($_POST['snortSaveRuleSets'] == 1) {
+
+ if ($_POST['ifaceTab'] == 'snort_rules') {
+ function snortSaveRuleSetsRulesFunc()
+ {
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveRuleSets']);
+ unset($_POST['ifaceTab']);
+
+ snortJsonReturnCode(snortSql_updateRuleSigList());
+
+ } snortSaveRuleSetsRulesFunc();
+ }
+
+ if ($_POST['ifaceTab'] === 'snort_rules_ips') {
+ function snortSamRulesSaveFunc()
+ {
+ snortJsonReturnCode(snortSql_updateRulesSigsIps());
+ buildSnortSamSidBlockMap($_POST['rdbuuid']); //
+
+ } snortSamRulesSaveFunc();
+ }
+
+
+ if ($_POST['ifaceTab'] == 'snort_rulesets' || $_POST['ifaceTab'] == 'snort_rulesets_ips') {
+
+ function snortSaveRuleSetsRulesetsFunc()
+ {
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveRuleSets']);
+ unset($_POST['ifaceTab']);
+
+ // save to database
+ snortJsonReturnCode(snortSql_updateRuleSetList());
+
+ if (!empty($_POST['rdbuuid'])) {
+ buildSnortSamSidBlockMap($_POST['rdbuuid']); //
+ }
+
+ // only build if uuid is valid
+ if (!empty($_POST['uuid'])) {
+ build_snort_settings($_POST['uuid']);
+ }
+
+ } snortSaveRuleSetsRulesetsFunc();
+ }
+
+
+} // END of rulesSets
+
+// row from db by uuid
+if ( $_POST['RMlistDelRow'] == 1 || $_POST['RSTlistRow'] == 1 ) {
+
+
+ function RMlistDelRowFunc()
+ {
+
+ $rm_row_list = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']);
+
+ // list rules in the default dir
+ if ($_POST['RMlistTable'] == 'SnortIfaces') {
+
+ $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid'];
+
+ exec('/bin/rm -r ' . $snortRuleDir);
+ }
+
+ // rm ruledb and files
+ if ($_POST['RMlistTable'] == 'Snortrules') {
+
+ // remove db tables vals
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RMlistUuid']);
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RMlistUuid']);
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RMlistUuid']);
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RMlistUuid']);
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RMlistUuid']);
+
+ // remove dir
+ $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}";
+ exec('/bin/rm -r ' . $snortRuleDir);
+ }
+
+ if ($_POST['RMlistTable'] == 'SnortWhitelist') {
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortWhitelistips', 'filename', $rm_row_list['filename']);
+ }
+
+ snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']));
+
+ } if ( $_POST['RMlistDelRow'] == 1 ) { RMlistDelRowFunc(); }
+
+ function RSTlistDelRowFunc()
+ {
+
+ // rm ruledb and files
+ if ($_POST['RSTlistTable'] == 'Snortrules') {
+
+ // remove dir
+ $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}";
+ exec('/bin/rm -r ' . $snortRuleDir . '/rules/*.rules');
+
+ // remove db tables vals
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RSTlistUuid']);
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RSTlistUuid']);
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RSTlistUuid']);
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RSTlistUuid']);
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RSTlistUuid']);
+
+ // NOTE: code only works on php5
+ $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules');
+ $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules');
+ $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules');
+
+ if (!empty($listSnortRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules");
+ }
+ if (!empty($listEmergingRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules");
+ }
+ if (!empty($listPfsenseRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules");
+ }
+
+
+ }
+
+ } if ( $_POST['RSTlistRow'] == 1 ) { RSTlistDelRowFunc(); }
+
+
+}
+
+
+// general settings save
+if ($_POST['snortSaveSettings'] == 1) {
+
+ function snortSaveSettingsFunc()
+ {
+
+ // Save ruleDB settings
+ if ($_POST['dbTable'] == 'Snortrules') {
+
+ function saveSnortrules()
+ {
+
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
+
+ if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) {
+
+ // creat iface dir and ifcae rules dir
+ exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+
+ // create at least one file
+ if (!file_exists("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules")) {
+ exec("/usr/bin/touch /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules");
+ }
+
+ // NOTE: code only works on php5
+ $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules');
+ $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules');
+ $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules');
+
+ if (!empty($listSnortRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ }
+ if (!empty($listEmergingRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ }
+ if (!empty($listPfsenseRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ }
+
+
+ } //end of mkdir
+
+ } saveSnortrules();
+
+ snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
+
+ } // END if Snortrules
+
+ // Save general settings
+ if ($_POST['dbTable'] == 'SnortSettings') {
+
+ function saveSnortSettings()
+ {
+
+ if ($_POST['ifaceTab'] == 'snort_interfaces_global') {
+ // checkboxes when set to off never get included in POST thus this code
+ $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']);
+ }
+
+ if ($_POST['ifaceTab'] == 'snort_alerts') {
+
+ if (!isset($_POST['arefresh']))
+ $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']);
+
+ }
+
+ if ($_POST['ifaceTab'] == 'snort_blocked') {
+
+ if (!isset($_POST['brefresh']))
+ $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']);
+
+ }
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
+
+ } saveSnortSettings();
+
+ snortJsonReturnCode(snortSql_updateSettings('id', '1'));
+
+ } // END IF SnortSettings
+
+ // Save rule settings on the interface edit tab
+ if ($_POST['dbTable'] == 'SnortIfaces') {
+
+ function saveSnortIfaces()
+ {
+
+ // snort interface edit
+ if ($_POST['ifaceTab'] == 'snort_interfaces_edit') {
+
+ function SnortIfaces_Snort_Interfaces_edit()
+ {
+ if (!isset($_POST['enable']))
+ $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']);
+
+ if (!isset($_POST['blockoffenders7']))
+ $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']);
+
+ if (!isset($_POST['alertsystemlog']))
+ $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']);
+
+ if (!isset($_POST['tcpdumplog']))
+ $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']);
+
+ if (!isset($_POST['snortunifiedlog']))
+ $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']);
+
+ // convert textbox to base64
+ $_POST['configpassthru'] = base64_encode($_POST['configpassthru']);
+
+ /*
+ * make dir for the new iface, if iface exists or rule dir has changed redo soft link
+ * may need to move this as a func to new_snort.inc
+ */
+ $newSnortDir = 'sn_' . $_POST['uuid'];
+ $pathToSnortDir = '/usr/local/etc/snort';
+
+ // creat iface dir and ifcae rules dir
+ if (!is_dir("{$pathToSnortDir}/{$newSnortDir}")) {
+ createNewIfaceDir($pathToSnortDir, $newSnortDir);
+ } //end of mkdir
+
+ snortRulesCreateSoftlink();
+
+ } SnortIfaces_Snort_Interfaces_edit();
+
+ } // end of snort_interfaces_edit
+
+ // snort preprocessor edit
+ if ($_POST['ifaceTab'] == 'snort_preprocessors') {
+
+ function SnortIfaces_Snort_PreprocessorsFunc()
+ {
+ if (!isset($_POST['dce_rpc_2'])) {
+ $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']);
+ }
+
+ if (!isset($_POST['dns_preprocessor'])) {
+ $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']);
+ }
+
+ if (!isset($_POST['ftp_preprocessor'])) {
+ $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']);
+ }
+
+ if (!isset($_POST['http_inspect'])) {
+ $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']);
+ }
+
+ if (!isset($_POST['other_preprocs'])) {
+ $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']);
+ }
+
+ if (!isset($_POST['perform_stat'])) {
+ $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']);
+ }
+
+ if (!isset($_POST['sf_portscan'])) {
+ $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']);
+ }
+
+ if (!isset($_POST['smtp_preprocessor'])) {
+ $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']);
+ }
+
+ } SnortIfaces_Snort_PreprocessorsFunc();
+
+ }
+
+ // snort barnyard edit
+ if ($_POST['ifaceTab'] == 'snort_barnyard') {
+ function SnortIfaces_Snort_Barnyard()
+ {
+ // make shure iface is lower case
+ $_POST['interface'] = strtolower($_POST['interface']);
+
+ if (!isset($_POST['barnyard_enable'])) {
+ $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']);
+ }
+ } SnortIfaces_Snort_Barnyard();
+ }
+
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
+
+ snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
+ build_snort_settings($_POST['uuid']);
+
+ } saveSnortIfaces();
+
+ } // END IF SnortIfaces
+
+ } snortSaveSettingsFunc();
+
+
+} // STOP General Settings Save
+
+// Suppress settings save
+if ($_POST['snortSaveSuppresslist'] == 1) {
+
+ function snortSaveSuppresslistFunc()
+ {
+
+ // post for supress_edit
+ if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') {
+
+ // make sure filename is valid
+ if (!is_validFileName($_POST['filename'])) {
+ echo 'Error: FileName';
+ return false;
+ }
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSuppresslist']);
+ unset($_POST['ifaceTab']);
+
+ // convert textbox to base64
+ $_POST['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
+
+ // Write to database
+ snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
+
+ }
+
+ }
+ snortSaveSuppresslistFunc();
+
+}
+
+// Whitelist settings save
+if ($_POST['snortSaveWhitelist'] == 1) {
+
+ function snortSaveWhitelistFunc()
+ {
+
+ if ($_POST['ifaceTab'] == 'snort_interfaces_whitelist_edit') {
+
+ if (!is_validFileName($_POST['filename'])) {
+ echo 'Error: FileName';
+ return false;
+ }
+
+ $_POST['wanips'] = ($_POST['wanips'] == '' ? off : $_POST['wanips']);
+ $_POST['wangateips'] = ($_POST['wangateips'] == '' ? off : $_POST['wangateips']);
+ $_POST['wandnsips'] = ($_POST['wandnsips'] == '' ? off : $_POST['wandnsips']);
+ $_POST['vips'] = ($_POST['vips'] == '' ? off : $_POST['vips']);
+ $_POST['vpnips'] = ($_POST['vpnips'] == '' ? off : $_POST['vpnips']);
+
+ }
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveWhitelist']);
+ unset($_POST['ifaceTab']);
+
+ // Split the POST for 2 arraus
+ $whitelistIPs = $_POST['list'];
+ unset($_POST['list']);
+
+
+ if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) {
+ snortJsonReturnCode(true);
+ }else{
+ snortJsonReturnCode(false);
+ }
+
+ }
+ snortSaveWhitelistFunc();
+
+}
+
+// download code for alerts page
+if ($_POST['snortlogsdownload'] == 1) {
+
+ function snortlogsdownloadFunc()
+ {
+ conf_mount_rw();
+ snort_downloadAllLogs();
+ conf_mount_ro();
+ }
+ snortlogsdownloadFunc();
+
+}
+
+// download code for alerts page
+if ($_POST['snortblockedlogsdownload'] == 1) {
+
+ function snortblockedlogsdownloadFunc()
+ {
+ conf_mount_rw();
+ snort_downloadBlockedIPs();
+ conf_mount_ro();
+ }
+ snortblockedlogsdownloadFunc();
+
+}
+
+
+// code neeed to be worked on when finnished rules code
+if ($_POST['snortlogsdelete'] == 1) {
+
+ function snortlogsdeleteFunc()
+ {
+ conf_mount_rw();
+ snortDeleteLogs();
+ conf_mount_ro();
+ }
+ snortlogsdeleteFunc();
+}
+
+// flushes snort2c table
+if ($_POST['snortflushpftable'] == 1) {
+
+ function snortflushpftableFunc()
+ {
+ conf_mount_rw();
+ snortRemoveBlockedIPs();
+ conf_mount_ro();
+ }
+ snortflushpftableFunc();
+}
+
+// reset db reset_snortgeneralsettings
+if ($_POST['reset_snortgeneralsettings'] == 1) {
+
+ function reset_snortgeneralsettingsFunc()
+ {
+ conf_mount_rw();
+ reset_snortgeneralsettings();
+ conf_mount_ro();
+ }
+ reset_snortgeneralsettingsFunc();
+
+}
+
+
+?>
+
+
+
+
+
+
+
+
+
+
diff --git a/config/snort-dev/snortsam-package-code/snort_new.inc b/config/snort-dev/snortsam-package-code/snort_new.inc
new file mode 100644
index 00000000..b9fc2322
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_new.inc
@@ -0,0 +1,1368 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+// unset crsf checks
+if(isset($_POST['__csrf_magic'])) {
+ unset($_POST['__csrf_magic']);
+}
+
+//require_once("pfsense-utils.inc");
+require_once("config.inc");
+require_once("functions.inc");
+
+// create and cp to tmp db dir
+if (!file_exists('/var/snort/')) {
+ exec('/bin/mkdir -p /var/snort/');
+}
+
+if (file_exists('/usr/local/pkg/snort/snortDBtemp')) {
+ exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp');
+}
+
+// used in snort_rules_ips.php and create sid block map
+function snortSearchArray($array, $key, $value)
+{
+ $results = array();
+
+ if (is_array($array))
+ {
+ foreach ($array as $subarray)
+ {
+ if ($subarray[$key] == $value) {
+ $results = $subarray;
+ }
+
+ }
+
+ }
+
+ return $results;
+}
+
+// used in snort_rules_ips.php and create sid block map
+function getCurrentIpsRuleArray($output)
+{
+
+ foreach (array_unique($output) as $line)
+ {
+ $newOutput = explode(' # ', $line);
+ $newLine[] = $newOutput;
+ }
+
+ return $newLine;
+}
+
+/*
+* make dir for the new iface, if iface exists or rule dir has changed redo soft link
+*/
+function snortRulesCreateSoftlink()
+{
+ $newSnortDir = 'sn_' . $_POST['uuid'];
+ $pathToSnortDir = '/usr/local/etc/snort';
+
+ // change the rule path
+ if (is_dir("{$pathToSnortDir}/{$newSnortDir}")) {
+
+ $snortCurrentRuleDbName = snortSql_fetchAllSettings('snortDB', 'snortIfaces', 'uuid', $_POST['uuid']);
+
+ if ($_POST['ruledbname'] !== $snortCurrentRuleDbName['ruledbname'] || !file_exists("{$pathToSnortDir}/{$newSnortDir}/rules")) {
+
+ // NOTE: use full paths or link rm will not work, Freebsd love
+ exec("/bin/rm {$pathToSnortDir}/{$newSnortDir}/rules");
+ exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/{$newSnortDir}/rules");
+
+ }
+
+ }
+}
+
+
+// Wites selected sig to file
+function snortSidStringRuleEditGUI()
+{
+
+ $workingFile = '/usr/local/etc/snort/sn_' . $_POST['snortSidRuleIface'] . '/rules/' . $_POST['snortSidRuleFile'];
+
+ $splitcontents = split_rule_file($workingFile);
+
+ if (!empty($splitcontents)) {
+ $sidLinePosPre = exec('/usr/bin/sed -n /sid:' . $_POST['snortSidNum'] . '\;/= ' . $workingFile);
+ $sidLinePos = $sidLinePosPre - 1;
+
+ $splitcontents[$sidLinePos] = $_POST['sidstring'];
+
+
+ write_rule_file($splitcontents, $workingFile);
+
+ return true;
+ }
+
+ return false;
+
+}
+
+function sendSidStringRuleEditGUI()
+{
+
+ $sidCall = exec('sed -n "/alert.*sid:' . $_GET['sid'] . ';.*/p" /usr/local/etc/snort/sn_' . $_GET['snortIface'] . '/rules/' . $_GET['snortRuleFile']);
+ $sidCallJsonFilter = escapeJsonString($sidCall);
+
+ echo '{"sidstring":' . '"' . $sidCallJsonFilter . '","sid":' . '"' . $_GET['sid'] . '"}';
+ return true;
+}
+
+// create new Ifac dirs and soft links
+function createNewIfaceDir($pathToSnortDir, $newSnortDir) {
+
+ exec("/bin/mkdir -p {$pathToSnortDir}/{$newSnortDir}");
+
+ // create rules dir soft link if setting is default
+ if ($_POST['ruledbname'] === 'default' || empty($_POST['ruledbname'])) {
+ if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) {
+ exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/default/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules");
+ }
+ }
+
+ // create rules dir soft link if setting is not default
+ if ($_POST['ruledbname'] !== 'default' || $_POST['ruledbname'] != '') {
+ if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists("{$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules")) {
+ exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules");
+ }
+ }
+
+ // cp new rules
+ exec("/bin/cp {$pathToSnortDir}/etc/*.config {$pathToSnortDir}/sn_{$_POST['uuid']}");
+ exec("/bin/cp {$pathToSnortDir}/etc/*.conf {$pathToSnortDir}/sn_{$_POST['uuid']}");
+ exec("/bin/cp {$pathToSnortDir}/etc/*.map {$pathToSnortDir}/sn_{$_POST['uuid']}");
+ exec("/bin/cp {$pathToSnortDir}/etc/generators {$pathToSnortDir}/sn_{$_POST['uuid']}");
+ exec("/bin/cp {$pathToSnortDir}/etc/sid {$pathToSnortDir}/sn_{$_POST['uuid']}");
+} // end of func
+
+function escapeJsonString($escapeString)
+{
+ // NOTE: foward slash has added spaces on each side ie and chrome were giving issues with
+ $search = array('\\', '\n', '\r', '\u', '\t', '\f', '\b', '/', '"');
+ $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', ' \/ ', '\"');
+ $encoded_string = str_replace($search, $replace, $escapeString);
+
+ return $encoded_string;
+
+}
+
+// limit the length of the given string to $MAX_LENGTH char
+function trimLength($s) {
+
+
+ $MAX_LENGTH = 13;
+ $str_to_count = $s;
+ if (strlen($str_to_count) <= $MAX_LENGTH) {
+ return $s;
+ }
+
+ $s2 = substr($str_to_count, 0, $MAX_LENGTH - 3);
+ $s2 .= "...";
+ return $s2;
+}
+
+
+// builds base array with sid etc....
+function newFilterRuleSig($baseruleArray)
+{
+
+ function get_middle($source, $beginning, $ending, $init_pos)
+ {
+ $beginning_pos = strpos($source, $beginning, $init_pos);
+ $middle_pos = $beginning_pos + strlen($beginning);
+ $ending_pos = strpos($source, $ending, $beginning_pos);
+ $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+ return $middle;
+ }
+
+
+ $i = 0;
+ $newSigArray[] = array();
+ foreach ( $baseruleArray as $value )
+ {
+ if (preg_match('/^# alert/', $value) || preg_match('/^alert/', $value)) {
+
+ // add sid
+ $newSigArray[$i]['sid'] = get_middle($value, 'sid:', ';', 0);
+
+ // remove whitespaces
+ $rmWhitespaces = preg_replace('/\s\s+/', ' ', $value);
+ // remove whitespace betwin # aerrt
+ $rmAlertWhitespace = preg_replace('/^# alert/', '#alert', $rmWhitespaces);
+ $splitcontents = explode(' ', $rmAlertWhitespace);
+
+ // enable or disable
+ if ($splitcontents[0] === '#alert') {
+ $newSigArray[$i]['enable'] = 'off';
+ }else{
+ $newSigArray[$i]['enable'] = 'on';
+ }
+
+ // proto
+ $newSigArray[$i]['proto'] = $splitcontents[1];
+
+ // source
+ $newSigArray[$i]['src'] = trimLength($splitcontents[2]);
+
+ // source port
+ $newSigArray[$i]['srcport'] = trimLength($splitcontents[3]);
+
+ // Destination
+ $newSigArray[$i]['dst'] = trimLength($splitcontents[5]);
+
+ // Destination port
+ $newSigArray[$i]['dstport'] = trimLength($splitcontents[6]);
+
+ // sig message
+ $newSigArray[$i]['msg'] = get_middle($value, 'msg:"', '";', 0);
+
+ }
+
+ $i++;
+
+ }
+
+ return $newSigArray;
+}
+
+
+function split_rule_file($workingFile)
+{
+ $filehandle = fopen($workingFile, "r");
+ $contents = fread($filehandle, filesize($workingFile));
+
+ fclose ($filehandle);
+
+ $delimiter = "\n";
+
+ $splitcontents = explode($delimiter, $contents);
+
+ return $splitcontents;
+}
+
+
+// write rule file to disk
+function write_rule_file($content_changed, $received_file)
+{
+
+ //read snort file with writing enabled
+ $filehandle = fopen($received_file, "w");
+
+ //delimiter for each new rule is a new line
+ $delimiter = "\n";
+
+ //implode the array back into a string for writing purposes
+ $fullfile = implode($delimiter, $content_changed);
+
+ //write data to file
+ fwrite($filehandle, $fullfile);
+
+ //close file handle
+ fclose($filehandle);
+
+}
+
+
+// Save ruleSets settings
+function snortSql_updateRuleSigList()
+{
+
+ // selected snort rule file
+ $workingFile = "/usr/local/etc/snort/snortDBrules/DB/{$_SESSION['snort']['tmp']['snort_rules']['rdbuuid']}/rules/{$_SESSION['snort']['tmp']['snort_rules']['rulefile']}";
+
+ $splitcontents = split_rule_file($workingFile);
+
+ // open rule file and change enable/disable sids
+ function read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray)
+ {
+
+ foreach ($splitcontents as $sigLine)
+ {
+ $replaceChars = array('/sid:/', '/;/');
+ preg_match('/sid:[0-9]*;/', $sigLine, $matches);
+ $sidLine = preg_replace($replaceChars, '', $matches[0]);
+
+
+ if (empty($sidLine)) {
+ $tempstring[] = $sigLine;
+ }else{
+
+ if (in_array($sidLine, $enableSigsArray)) {
+ $tempstring[] = str_replace("# alert", "alert", $sigLine);
+ }
+
+ if (in_array($sidLine, $disableSigsArray)) {
+ $tempstring[] = str_replace("alert", "# alert", $sigLine);
+ }
+
+ if (!in_array($sidLine, $enableSigsArray) && !in_array($sidLine, $disableSigsArray)) {
+ $tempstring[] = $sigLine;
+ }
+ }
+ }
+
+ return $tempstring;
+ }
+
+ // build user selected enbled and disabled arrays
+ $enableSigsArray = array();
+ $disableSigsArray = array();
+
+ if (!isset($_POST['filenamcheckbox2'])) {
+ $_POST['filenamcheckbox2'] = array();
+ }
+
+ $newFilterRuleSigArray = newFilterRuleSig($splitcontents);
+
+ foreach ($newFilterRuleSigArray as $sigArray)
+ {
+ // enable sig
+ if(in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'off') {
+ $enableSigsArray[] = $sigArray['sid'];
+ }
+
+ // disable sig
+ if(!in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'on') {
+ $disableSigsArray[] = $sigArray['sid'];
+ }
+ }
+
+ // read rule file change disable/enable then write to file if arrays are not empty
+ if (!empty($enableSigsArray) || !empty($disableSigsArray)) {
+ write_rule_file(read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray), $workingFile);
+ }
+
+ // Insert into the DB for oinkmaster
+
+ function sql_EnableDisabeSid($SigArray, $OnOff)
+ {
+
+ $dbname = $_SESSION['snort']['tmp']['snort_rules']['dbName'];
+ $table = $_SESSION['snort']['tmp']['snort_rules']['dbTable'];
+ $rdbuuid = $_SESSION['snort']['tmp']['snort_rules']['rdbuuid'];
+ $rulefile = $_SESSION['snort']['tmp']['snort_rules']['rulefile'];
+ $addDate = date(U);
+
+ // dont let user pick the DB path
+ $db = sqlite_open("/usr/local/pkg/snort/{$dbname}");
+
+ foreach ($SigArray as $mDEanbled)
+ {
+
+ $resultid = sqlite_query($db,
+ "SELECT id FROM {$table} WHERE signatureid = '{$mDEanbled}' AND signaturefilename = '{$rulefile}';
+ ");
+
+ $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);
+
+ if (empty($chktable)) {
+
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "INSERT INTO {$table} (date, rdbuuid, signatureid, signaturefilename, enable) VALUES ('{$addDate}', '{$rdbuuid}', '{$mDEanbled}', '{$rulefile}', '{$OnOff}');
+ ");
+
+ }else{
+ if ($chktable[0]['enable'] != $OnOff) {
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE {$table} SET date = {$addDate}, enable = '{$OnOff}' WHERE signatureid = '{$mDEanbled}' AND signaturefilename = '{$rulefile}';
+ ");
+ }
+
+
+ }
+
+
+ }
+
+ sqlite_close($db);
+
+ } // snd of function
+
+ sql_EnableDisabeSid($enableSigsArray, 'on');
+ sql_EnableDisabeSid($disableSigsArray, 'off');
+
+
+ return true;
+
+
+} // END Save ruleSets settings
+
+
+// Save rulessigs settings for snort_rules_ips
+function snortSql_updateRulesSigsIps()
+{
+
+ // dont let user pick the DB path
+ $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}");
+
+ function insertUpdateDB($db)
+ {
+
+ // get default settings
+ $listGenRules = array();
+ $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']);
+
+ // if $listGenRules empty list defaults
+ if (empty($listGenRules)) {
+ $listGenRules[0] = array(
+ 'id' => 1,
+ 'rdbuuid' => $_POST['rdbuuid'],
+ 'enable' => 'on',
+ 'who' => 'src',
+ 'timeamount' => 15,
+ 'timetype' => 'minutes'
+ );
+ }
+
+ $addDate = date(U);
+
+ // checkbox off catch
+ $listGenRulesEnable = $listGenRules[0]['enable'];
+ if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) {
+
+ $listGenRulesEnable = 'off';
+ }
+
+ // TODO: inprove this foreach so we only interact with db once
+ foreach ($_POST['snortsam']['db'] as $singleSig)
+ {
+
+ $resultid = sqlite_query($db,
+ "SELECT id FROM {$_POST['dbTable']} WHERE siguuid = '{$singleSig['siguuid']}' and rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+
+ $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);
+
+ // checkbox off catch
+ $singleSigEnable = $singleSig['enable'];
+ if ( empty($singleSig['enable']) ) {
+
+ $singleSigEnable = 'off';
+ }
+
+ // only do this if something change from defauts settings, note: timeamount Not equal
+ $somthingChanged = FALSE;
+ if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] != $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) {
+ $somthingChanged = TRUE;
+ }
+
+ if ( empty($chktable) && $somthingChanged ) {
+
+ $rulesetUuid = genAlphaNumMixFast(11, 14);
+
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, siguuid, sigfilename, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['siguuid']}', '{$singleSig['sigfilename']}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}');
+ ");
+
+ }
+
+ if ( !empty($chktable) && $somthingChanged ) {
+
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}';
+ ");
+
+ }
+
+ } // END foreach
+
+ } insertUpdateDB($db);
+
+ function cleanupDB($db)
+ {
+ // clean database of old names and turn rulesets off
+ $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$_POST['rdbuuid']}/rules/", '\.rules');
+
+ $resultAllRulesetname = sqlite_query($db,
+ "SELECT sigfilename FROM {$_POST['dbTable']} WHERE rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+
+ $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC);
+
+ if (!empty($chktable2)) {
+ foreach ($chktable2 as $value)
+ {
+
+ if(!in_array($value['sigfilename'], $listDir)) {
+ $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production
+ "DELETE FROM {$_POST['dbTable']} WHERE sigfilename = '{$value['sigfilename']}' and rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+ }
+
+ }
+ }
+ } cleanupDB($db);
+
+ sqlite_close($db);
+ return true;
+
+}
+
+
+
+// Save ruleSets settings
+function snortSql_updateRuleSetList()
+{
+
+ function createUpdateRulesetTable()
+ {
+
+ $addDate = date(U);
+
+ // dont let user pick the DB path
+ $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}");
+
+ if (empty($_POST['filenamcheckbox'])) {
+ $ruleSetfilenames = array();
+ }
+
+ // foreach selected rulesets do this
+ if (!empty($_POST['filenamcheckbox'])) {
+ foreach ($_POST['filenamcheckbox'] as $ruleSetfilename)
+ {
+
+ $resultid = sqlite_query($db,
+ "SELECT id, enable FROM {$_POST['dbTable']} WHERE rulesetname = '{$ruleSetfilename}' and rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+
+ $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);
+
+ if (empty($chktable)) {
+
+ $rulesetUuid = genAlphaNumMixFast(11, 14);
+
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, rulesetname, enable) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$ruleSetfilename}', 'on');
+ ");
+
+ }else{
+ if ($chktable[0]['enable'] == 'off') {
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE {$_POST['dbTable']} SET enable = 'on' WHERE id = '{$chktable[0]['id']}';
+ ");
+ }
+ }
+ }
+ } // end foreach if
+
+
+ // clean database of old names and turn rulesets off
+ $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$_POST['rdbuuid']}/rules/", '\.rules');
+
+ $resultAllRulesetname = sqlite_query($db,
+ "SELECT rulesetname FROM {$_POST['dbTable']} WHERE rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+
+ $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC);
+
+
+ if (!empty($chktable2)) {
+ foreach ($chktable2 as $value)
+ {
+
+ if(!in_array($value['rulesetname'], $listDir)) {
+ $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production
+ "DELETE FROM {$_POST['dbTable']} WHERE rulesetname = '{$value['rulesetname']}' and rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+ }
+
+ if(!in_array($value['rulesetname'], $_POST['filenamcheckbox'])) {
+ $ruleSetisOff = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE {$_POST['dbTable']} SET enable = 'off' WHERE rulesetname = '{$value['rulesetname']}' and rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+ }
+ }
+ }
+ sqlite_close($db);
+ } // END createUpdateRulesetTable func
+ createUpdateRulesetTable();
+
+ // save gen setting only if on ips tab
+ if ($_POST['dbTable'] === 'SnortruleSetsIps') {
+
+ function createUpdateRulesetGenTable()
+ {
+ $table = 'SnortruleGenIps';
+ $rulesetUuid = genAlphaNumMixFast(11, 14);
+ $addDate = date(U);
+
+ // if enable is empty then set to off
+ if (empty($_POST['snortsam']['db']['gensettings']['enable'])) {
+
+ $_POST['snortsam']['db']['gensettings']['enable'] = 'off';
+ }
+
+ // dont let user pick the DB path
+ $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}");
+
+ $resultid = sqlite_query($db,
+ "SELECT id FROM {$table} WHERE rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+
+ $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);
+
+ if (!empty($chktable)) {
+
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE {$table} SET enable = '{$_POST['snortsam']['db']['gensettings']['enable']}', who = '{$_POST['snortsam']['db']['gensettings']['who']}', timeamount = '{$_POST['snortsam']['db']['gensettings']['timeamount']}', timetype = '{$_POST['snortsam']['db']['gensettings']['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+
+ }else{
+
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "INSERT INTO {$table} (date, uuid, rdbuuid, enable, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$_POST['snortsam']['db']['gensettings']['enable']}', '{$_POST['snortsam']['db']['gensettings']['who']}', '{$_POST['snortsam']['db']['gensettings']['timeamount']}', '{$_POST['snortsam']['db']['gensettings']['timetype']}');
+ ");
+ }
+
+ sqlite_close($db);
+ } // END createUpdateRulesetGenTable
+ createUpdateRulesetGenTable();
+
+ }
+ return true;
+
+} // END Save ruleSets settings
+
+
+function snortSql_fetchAllInterfaceRules($table, $dbname)
+{
+ // do let user pick the DB path
+ $db = sqlite_open("/usr/local/pkg/snort/{$dbname}");
+
+ $result = sqlite_query($db,
+ "SELECT * FROM {$table} WHERE id > 0;
+ ");
+
+ $chktable = sqlite_fetch_all($result, SQLITE_ASSOC);
+
+ sqlite_close($db);
+
+ return $chktable;
+
+}
+
+
+// fetch db Settings NONE Json
+function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid)
+{
+
+ if (empty($dbname) || empty($table) || empty($type)) {
+ return false;
+ }
+
+ $db = sqlite_open("/usr/local/pkg/snort/$dbname");
+
+ if ($type == 'All') {
+
+ $result = sqlite_query($db,
+ "SELECT * FROM {$table} WHERE id > 0;
+ ");
+
+ }else{
+
+ $result = sqlite_query($db,
+ "SELECT * FROM {$table} where {$type} = '{$id_uuid}';
+ ");
+
+ }
+
+ if ($type == 'id' || $type == 'uuid') {
+ $chktable = sqlite_fetch_array($result, SQLITE_ASSOC);
+ }
+
+ if ($type == 'All' || $type == 'ifaceuuid' || $type == 'ruledbname' || $type == 'rdbuuid' || $type == 'filename') {
+ $chktable = sqlite_fetch_all($result, SQLITE_ASSOC);
+ }
+
+ sqlite_close($db);
+
+ return $chktable;
+
+
+} // end func
+
+// fetch db list settings NONE Json
+function snortSql_fetchAllSettingsList($table, $listFilename)
+{
+
+ $db = sqlite_open('/usr/local/pkg/snort/snortDB');
+
+ $result = sqlite_query($db,
+ "SELECT * FROM {$table} WHERE filename = \"{$listFilename}\";
+ ");
+
+ $chktable = sqlite_fetch_all($result, SQLITE_ASSOC);
+
+ sqlite_close($db);
+
+ return $chktable;
+
+}
+
+// Update settings to database
+function snortSql_updateSettings($type, $id_uuid)
+{
+ $dbname = $_POST['dbName'];
+ $settings = $_POST;
+
+ // update date on every save
+ $_POST['date'] = date(U);
+
+ $db = "/usr/local/pkg/snort/$dbname";
+ $mydb = sqlite_open("$db");
+ $table = $settings['dbTable'];
+
+ // unset POSTs that are markers not in db
+ unset($settings['dbName']);
+ unset($settings['dbTable']);
+
+ // START add new row if not set
+ if ($type == 'uuid') {
+
+ $query_ck = sqlite_query($mydb, // @ supress warnings usonly in production
+ "SELECT * FROM {$table} WHERE uuid = '{$id_uuid}';
+ ");
+
+ $query_ckFinal = sqlite_fetch_all($query_ck, SQLITE_ASSOC);
+
+ if (empty($query_ckFinal)) {
+
+ $query_ck = sqlite_query($mydb, // @ supress warnings usonly in production
+ "INSERT INTO {$table} (date, uuid) VALUES ('{$settings['date']}', '{$settings['uuid']}');
+ ");
+
+ if (sqlite_changes($mydb) < 1) {
+ sqlite_close($mydb);
+ return 'Error in query';
+ }
+
+ }
+
+ }
+
+ // START add values to row
+ $kv = array();
+ foreach ($settings as $key => $value)
+ {
+ $kv[] = $key;
+ $val[] = $value;
+ }
+
+ $countKv = count($kv);
+
+ $i = -1;
+ while ($i < $countKv)
+ {
+
+ $i++;
+
+ if (!empty($kv[$i]))
+ {
+
+ if ($type == 'id')
+ {
+ $query = sqlite_query($mydb, // @ supress warnings usonly in production
+ "UPDATE {$table} SET {$kv[$i]} = '{$val[$i]}' WHERE id = '{$id_uuid}';
+ ");
+ }
+
+ if ($type == 'uuid')
+ {
+ $query = sqlite_query($mydb, // @ supress warnings usonly in production
+ "UPDATE {$table} SET {$kv[$i]} = '{$val[$i]}' WHERE uuid = '{$id_uuid}';
+ ");
+ }
+
+ if (sqlite_changes($mydb) < 1)
+ {
+ sqlite_close($mydb);
+ return 'Error in query';
+ }
+
+ }
+ } // end while
+
+ sqlite_close($mydb);
+ return true;
+
+}
+
+
+// fetch for snort_interfaces_whitelist.php NONE Json
+// use sqlite_fetch_array for single and sqlite_fetch_all for lists
+function snortSql_fetchAllWhitelistTypes($table, $table2)
+{
+
+ if (empty($table)) {
+ return false;
+ }
+
+ $db = sqlite_open('/usr/local/pkg/snort/snortDB');
+
+
+ $result = sqlite_query($db,
+ "SELECT * FROM {$table} where id > 0;
+ ");
+
+ $chktable = sqlite_fetch_all($result, SQLITE_ASSOC);
+
+ if (empty($chktable)) {
+ return false;
+ }
+
+ if ($table2 != '')
+ {
+ foreach ($chktable as $value)
+ {
+
+ $filename2 = $value['filename'];
+
+ $result2 = sqlite_query($db,
+ "SELECT ip FROM {$table2} WHERE filename = \"{$filename2}\" LIMIT 4;
+ ");
+
+ $chktable2 = sqlite_fetch_all($result2, SQLITE_ASSOC);
+
+ $final2 = array('id' => $value['id']);
+ $final2['date'] = $value['date'];
+ $final2['uuid'] = $value['uuid'];
+ $final2['filename'] = $value['filename'];
+ $final2['description'] = $value['description'];
+ $final2['snortlisttype'] = $value['snortlisttype'];
+
+
+ $final2['list'] = $chktable2;
+
+ $final[] = $final2;
+
+ } // end foreach
+ }else{
+ $final = $chktable;
+ }
+ sqlite_close($db);
+
+ return $final;
+
+
+} // end func
+
+
+// Save Whitelistips Settings
+function snortSql_updateWhitelistIps($newPostListips)
+{
+
+ if(empty($newPostListips))
+ {
+ return true;
+ }
+
+ $table = $_POST['dbTable'];
+ $filename = $_POST['filename'];
+
+ $db = '/usr/local/pkg/snort/snortDB';
+ $mydb = sqlite_open("$db");
+ $tableips = $table . 'ips';
+ $date = date(U);
+
+ // remove list array that has nul ip
+ foreach ($newPostListips as $ipsListEmpty)
+ {
+ if (!empty($ipsListEmpty['ip']))
+ {
+ $genList[] = $ipsListEmpty;
+ }
+ }
+ unset($newPostListips);
+
+ // remove everything if nothing is in the post
+ if (empty($genList))
+ {
+
+ $query = sqlite_query($mydb, // @ supress warnings use only in production
+ "DELETE FROM {$tableips} WHERE filename = '{$filename}';
+ ");
+
+ sqlite_close($mydb);
+ return true;
+
+ }
+
+ // START Remove entries from DB
+ $resultUuid = sqlite_query($mydb,
+ "SELECT uuid FROM {$tableips} WHERE filename = '{$filename}';
+ ");
+
+ $resultUuidFinal = sqlite_fetch_all($resultUuid, SQLITE_ASSOC);
+
+ if (!empty($genList) && !empty($resultUuidFinal))
+ {
+
+ foreach ($resultUuidFinal as $list3)
+ {
+ $uuidListDB[] = $list3['uuid'];
+ }
+
+ foreach ($genList as $list2)
+ {
+ $uuidListPOST[] = $list2['uuid'];
+ }
+
+ // create diff array
+ $uuidDiff = array_diff($uuidListDB, $uuidListPOST);
+
+ // delet diff list objs
+ if ($uuidDiff != '')
+ {
+ foreach ($uuidDiff as $list4)
+ {
+
+ // remove everything
+ $query = sqlite_query($mydb, // @ supress warnings use only in production
+ "DELETE FROM {$tableips} WHERE uuid = '{$list4}';
+ ");
+
+ } // end foreach
+ }
+ }
+
+ // START add entries/updates to DB
+ foreach ($genList as $list)
+ {
+
+ if ($list['uuid'] == 'EmptyUUID')
+ {
+
+ $uuid = genAlphaNumMixFast(28, 28);
+ $list['uuid'] = $uuid;
+
+ $query = sqlite_query($mydb, // @ supress warnings use only in production
+ "INSERT INTO {$tableips} (date, uuid, filename) VALUES ('{$date}', '{$uuid}', '{$filename}');
+ ");
+
+ if (sqlite_changes($mydb) < 1)
+ {
+ sqlite_close($mydb);
+ return 'Error in query';
+ }
+
+ foreach ($list as $key => $value)
+ {
+
+ if ($key != '')
+ {
+
+ $query = sqlite_query($mydb, // @ supress warnings usonly in production
+ "UPDATE {$tableips} SET {$key} ='{$value}' WHERE uuid = '{$uuid}';
+ ");
+
+ if (sqlite_changes($mydb) < 1)
+ {
+ sqlite_close($mydb);
+ return 'Error in query';
+ }
+
+ }
+
+ } // end foreach
+
+ }else{
+
+ $uuid = $list['uuid'];
+
+ foreach ($list as $key => $value)
+ {
+
+ $query = sqlite_query($mydb, // @ supress warnings usonly in production
+ "UPDATE {$tableips} SET {$key} ='{$value}', date = '{$date}' WHERE uuid = '{$uuid}';
+ ");
+
+ if (sqlite_changes($mydb) < 1)
+ {
+ sqlite_close($mydb);
+ return 'Error in query';
+ }
+
+ } // end foreach
+
+ } // end main if
+
+ } // end Main foreach
+
+ sqlite_close($mydb);
+ return true;
+
+} // end of func
+
+// RMlist Delete
+function snortSql_updatelistDelete($databse, $table, $type, $uuid_filename)
+{
+
+ $db = "/usr/local/pkg/snort/{$databse}";
+
+ $mydb = sqlite_open("$db");
+
+ if (!empty($type)) {
+
+ $query = sqlite_query($mydb, // @ supress warnings usonly in production
+ "DELETE FROM {$table} WHERE {$type} = '{$uuid_filename}';
+ ");
+
+ if (sqlite_changes($mydb) < 1) {
+ sqlite_close($mydb);
+ return 'Error in query';
+ }
+
+ }
+
+ sqlite_close($mydb);
+ return true;
+
+} // END main func
+
+// create dropdown list
+function snortDropDownList($list, $setting) {
+ foreach ($list as $iday => $iday2) {
+
+ echo "\n" . "<option value=\"{$iday}\""; if($iday == $setting) echo " selected "; echo '>' . htmlspecialchars($iday2) . '</option>' . "\r";
+
+ }
+}
+
+// downlod all snort logs
+function snort_downloadAllLogs() {
+
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "snort_logs_{$save_date}.tar.gz";
+
+ exec('/bin/rm /tmp/snort_logs_*.gz'); // remove old file
+ exec('/bin/rm /tmp/snort_blocked_*.gz'); // remove old file
+ exec('/bin/rm /tmp/snort_block.pf'); // remove old file
+ exec('/bin/rm -r /tmp/snort_blocked'); // remove old file
+ exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort");
+
+ if (file_exists("/tmp/snort_logs_{$save_date}.tar.gz")) {
+ echo "
+ {
+ \"snortdownload\": \"success\",
+ \"downloadfilename\": \"{$save_date}\"
+ }
+ ";
+ return true;
+ }else{
+ return false;
+ }
+}
+
+// send log files to browser GET function
+function sendFileSnortLogDownload() {
+ //ob_start(); //importanr or other post will fail
+ $file_name_date = $_GET['snortlogfilename'];
+
+ $file_name1 = "/tmp/snort_logs_{$file_name_date}.tar.gz";
+ $file_name2 = "/tmp/snort_blocked_{$file_name_date}.tar.gz";
+
+ if (file_exists($file_name1)) {
+ $file_name = "snort_logs_{$file_name_date}.tar.gz";
+ }
+
+ if (file_exists($file_name2)) {
+ $file_name = "snort_blocked_{$file_name_date}.tar.gz";
+ }
+
+ if (empty($file_name)) {
+ echo 'Error no saved file.';
+ return false;
+ }
+
+ if(file_exists("/tmp/{$file_name}"))
+ {
+ $file = "/tmp/{$file_name}";
+ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
+ header("Pragma: private"); // needed for IE
+ header("Cache-Control: private, must-revalidate"); // needed for IE
+ header('Content-type: application/force-download');
+ header('Content-Transfer-Encoding: Binary');
+ header("Content-length: ".filesize($file));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ readfile("$file");
+ exec("/bin/rm /tmp/{$file_name}");
+ //od_end_clean(); //importanr or other post will fail
+ }else{
+ echo 'Error no saved file.';
+ return false;
+ }
+}
+
+// Warning code not finnish untill rule code is DONE !
+// Delete Snort logs
+function snortDeleteLogs() {
+ if(file_exists('/var/log/snort/alert'))
+ {
+ exec('/bin/echo "" > /var/log/snort/alert');
+ //post_delete_logs();
+ exec('/usr/sbin/chown snort:snort /var/log/snort/*');
+ exec('/bin/chmod 660 /var/log/snort/*');
+ sleep(2);
+ exec('/usr/bin/killall -HUP snort');
+ }
+
+ echo '
+ {
+ "snortdelete": "success"
+ }
+ ';
+ return true;
+
+}
+
+// Warning code not finnish untill rule code is DONE !
+// code neeed to be worked on when finnished rules code
+function post_delete_logs()
+{
+ global $config, $g;
+
+
+ $snort_log_dir = '/var/log/snort';
+
+ /* do not start config build if rules is empty */
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
+ {
+
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id = -1;
+ foreach ($rule_array as $value)
+ {
+
+ if (empty($id)) {
+ $id = 0;
+ }
+
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+ if ($snort_uuid != '')
+ {
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on')
+ {
+ $snort_log_file_u2 = "{$snort_uuid}.u2.";
+ $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2);
+ if (is_array($snort_list_u2)) {
+ usort($snort_list_u2, "snort_file_sort");
+ $snort_u2_rm_list = snort_build_order($snort_list_u2);
+ snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]);
+ }
+ }else{
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.u2*");
+ }
+
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on')
+ {
+ $snort_log_file_tcpd = "{$snort_uuid}.tcpdump.";
+ $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd);
+ if (is_array($snort_list_tcpd)) {
+ usort($snort_list_tcpd, "snort_file_sort");
+ $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd);
+ snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]);
+ }
+ }else{
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.tcpdump*");
+ }
+
+ /* create barnyard2 configuration file */
+ //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on')
+ //create_barnyard2_conf($id, $if_real, $snort_uuid);
+
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on)
+ {
+ exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}.stats");
+ }
+ }
+ }
+ }
+}
+
+// END General Functions
+
+// downlod all blocked ips to log
+function snort_downloadBlockedIPs() {
+
+ exec('/bin/rm /tmp/snort_logs_*.gz'); // remove old file
+ exec('/bin/rm /tmp/snort_blocked_*.gz'); // remove old file
+ exec('/bin/rm /tmp/snort_block.pf'); // remove old file
+ exec('/bin/rm -r /tmp/snort_blocked'); // remove old file
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "snort_blocked_{$save_date}.tar.gz";
+ exec('/bin/mkdir /tmp/snort_blocked');
+ exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf');
+
+ $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf'))));
+
+ if ($blocked_ips_array_save[0] != '')
+ {
+ /* build the list */
+ $counter = 0;
+ foreach($blocked_ips_array_save as $fileline3)
+ {
+ $counter++;
+ exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf");
+ }
+ }
+
+ exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked");
+
+ if (file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) {
+ echo "
+ {
+ \"snortdownload\": \"success\",
+ \"downloadfilename\": \"{$save_date}\"
+ }
+ ";
+ return true;
+ }else{
+ return false;
+ }
+
+}
+
+// flush all ips from snort2c table
+function snortRemoveBlockedIPs() {
+
+ exec("/sbin/pfctl -t snort2c -T flush");
+
+ echo '
+ {
+ "snortdelete": "success"
+ }
+ ';
+ return true;
+
+}
+
+/* returns true if $name is a valid name for a whitelist file name or ip */
+function is_validFileName($name) {
+
+ if (empty($name)) {
+ return false;
+ }
+
+ if (!is_string($name)) {
+ return false;
+ }
+
+ if (preg_match("/\s+/", $name)) {
+ return false;
+ }
+
+ if (!preg_match("/[^a-zA-Z0-9\-_]/", $name)) {
+ return true;
+ }
+
+ return false;
+}
+
+/* gen Alpha Num Mix for uuids or anything random, NEVER USE rand() */
+/* mt_rand/mt_srand is insecure way to gen random nums and strings, when posible use /dev/random or /dev/urandom */
+function genAlphaNumMixFast($min = 14, $max = 28)
+{
+
+ // gen random lenth
+ mt_srand(crc32(microtime()));
+ $num = mt_rand($min, $max);
+ // reseed
+ mt_srand();
+
+ // Gen random string
+ $num = $num > 36 ? 30 : $num;
+
+ $pool = array_merge(range('A', 'Z'), range(0, 9), range('a', 'z'));
+
+ $rand_keys = array_rand($pool, $num);
+
+ $randAlpaNum = '';
+
+ if (is_array($rand_keys)) {
+ foreach ($rand_keys as $key)
+ {
+ $randAlpaNum .= $pool[$key];
+ }
+ }else{
+ $randAlpaNum .= $pool[$rand_keys];
+ }
+
+ return str_shuffle($randAlpaNum);
+
+}
+
+// scan a dir, build array with filetr
+function snortScanDirFilter($path, $filtername)
+{
+ // list rules in the default dir
+ $listDir = array();
+ $listDir = scandir("{$path}");
+
+ if (empty($filtername)) {
+
+ return $listDir;
+
+ }else{
+
+ $pattern = "/{$filtername}/";
+ foreach ( $listDir as $val )
+ {
+ if (preg_match($pattern, $val)) {
+ $filterDirList[] = $val;
+ }
+ }
+ unset($listDir);
+ }
+ return $filterDirList;
+}
+
+?>
+
diff --git a/config/snort-dev/snortsam-package-code/snort_preprocessors.php b/config/snort-dev/snortsam-package-code/snort_preprocessors.php
new file mode 100644
index 00000000..d99f7f75
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_preprocessors.php
@@ -0,0 +1,337 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+ echo 'error: no uuid';
+ exit(0);
+}
+
+
+$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+
+ $pgtitle = "Snort: Interface Preprocessors and Flow";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_rulesets_ips.php?uuid=<?=$uuid;?>"><span>Ruleset Ips</span></a></li>
+ <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li>
+ <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <form id="iform" >
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDB" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_preprocessors" /> <!-- what interface tab -->
+ <input name="uuid" type="hidden" value="<?=$a_list['uuid']; ?>">
+
+
+
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl">
+ <span class="red"><strong>Note:</strong></span>
+ <br>
+ <span class="vexpl">Rules may be dependent on preprocessors!<br>
+ Defaults will be used when there is no user input.</span><br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Performance Statistics</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable">
+ <input name="perform_stat" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['perform_stat'] == 'on' || $a_list['perform_stat'] == '' ? 'checked' : '';?> >
+ <span class="vexpl">Performance Statistics for this interface.</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable">
+ <input name="http_inspect" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['http_inspect'] == 'on' || $a_list['http_inspect'] == '' ? 'checked' : '';?> >
+ <span class="vexpl">Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies.</span>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">HTTP server flow depth</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=$a_list['flow_depth']; ?>">
+ <span class="vexpl"><strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</span>
+ </td>
+ </tr>
+ </table>
+ <span class="vexpl">Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value.
+ <br>
+ Setting this value too low may cause false negatives. Values above 0 are specified in bytes. Default value is <strong>0</strong></span>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">Max Queued Bytes</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <input name="max_queued_bytes" type="text" class="formfld" id="max_queued_bytes" size="5" value="<?=$a_list['max_queued_bytes']; ?>">
+ <span class="vexpl">Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>1048576</strong>, <strong>0</strong>means Maximum )</span>
+ </td>
+ </tr>
+ </table>
+ <span class="vexpl">The number of bytes to be queued for reassembly for TCP sessions in memory. Default value is <strong>1048576</strong></span>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">Max Queued Segs</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <input name="max_queued_segs" type="text" class="formfld" id="max_queued_segs" size="5" value="<?=$a_list['max_queued_segs']; ?>" >
+ <span class="vexpl">Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>2621</strong>, <strong>0</strong> means Maximum )</span>
+ </td>
+ </tr>
+ </table>
+ <span class="vexpl">The number of segments to be queued for reassembly for TCP sessions in memory. Default value is <strong>2621</strong></span>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Preprocessor Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable <br>
+ RPC Decode and Back Orifice detector
+ </td>
+ <td width="78%" class="vtable">
+ <input name="other_preprocs" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['other_preprocs'] == 'on' || $a_list['other_preprocs'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ FTP and Telnet Normalizer
+ </td>
+ <td width="78%" class="vtable">
+ <input name="ftp_preprocessor" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['ftp_preprocessor'] == 'on' || $a_list['ftp_preprocessor'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Normalize/Decode FTP and Telnet traffic and protocol anomalies.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ SMTP Normalizer
+ </td>
+ <td width="78%" class="vtable">
+ <input name="smtp_preprocessor" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['smtp_preprocessor'] == 'on' || $a_list['smtp_preprocessor'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Normalize/Decode SMTP protocol for enforcement and buffer overflows.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ Portscan Detection
+ </td>
+ <td width="78%" class="vtable">
+ <input name="sf_portscan" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['sf_portscan'] == 'on' || $a_list['sf_portscan'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Detects various types of portscans and portsweeps.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ DCE/RPC2 Detection
+ </td>
+ <td width="78%" class="vtable">
+ <input name="dce_rpc_2" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['dce_rpc_2'] == 'on' || $a_list['dce_rpc_2'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ DNS Detection
+ </td>
+ <td width="78%" class="vtable">
+ <input name="dns_preprocessor" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['dns_preprocessor'] == 'on' || $a_list['dns_preprocessor'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td>
+ <td width="78%" class="vtable">
+ <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=$a_list['def_ssl_ports_ignore']; ?>" >
+ <br>
+ <span class="vexpl">Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.
+ <br>
+ Default: "443 465 563 636 989 990 992 993 994 995". <strong>Please use spaces and not commas.</strong></span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel" >
+ </td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl">
+ <span class="vexpl"><span class="red"><strong>Note:</strong></span> Please save your settings before you click Start.</span>
+ </td>
+ </tr>
+
+
+ </form>
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_rules.php b/config/snort-dev/snortsam-package-code/snort_rules.php
new file mode 100644
index 00000000..fd102538
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_rules.php
@@ -0,0 +1,600 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+
+if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) {
+ echo 'Error: more than one uuid';
+ exit(0);
+}
+
+if (isset($_GET['uuid'])) {
+ $uuid = $_GET['uuid'];
+}
+
+if (isset($_GET['rdbuuid'])) {
+ $rdbuuid = $_GET['rdbuuid'];
+}else{
+ $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+ $rdbuuid = $ruledbname_pre1['ruledbname'];
+}
+
+// unset Session tmp on page load
+unset($_SESSION['snort']['tmp']);
+
+// list rules in the default dir
+$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid);
+
+$snortRuleDir = '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid;
+
+ // list rules in the default dir
+ $filterDirList = array();
+ $filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '\.rules');
+
+ // START read rule file
+ if ($_GET['openruleset']) {
+ $rulefile = $_GET['openruleset'];
+ }else{
+ $rulefile = $filterDirList[0];
+ }
+
+ // path of rule file
+ $workingFile = $snortRuleDir . '/rules/' . $rulefile;
+
+function load_rule_file($incoming_file, $splitcontents)
+{
+ $pattern = '/(^alert |^# alert )/';
+ foreach ( $splitcontents as $val )
+ {
+ // remove whitespaces
+ $rmWhitespaces = preg_replace('/\s\s+/', ' ', $val);
+
+ // filter none alerts
+ if (preg_match($pattern, $rmWhitespaces))
+ {
+ $splitcontents2[] = $val;
+ }
+
+ }
+ unset($splitcontents);
+
+ return $splitcontents2;
+
+}
+
+ // Load the rule file
+ // split the contents of the string file into an array using the delimiter
+ // used by rule gui edit and table build code
+ if (filesize($workingFile) > 0) {
+ $splitcontents = split_rule_file($workingFile);
+
+ $splitcontents2 = load_rule_file($workingFile, $splitcontents);
+
+ $countSig = count($splitcontents2);
+
+ if ($countSig > 0) {
+ $newFilterRuleSigArray = newFilterRuleSig($splitcontents2);
+ }
+ }
+
+ /*
+ * SET GLOBAL ARRAY $_SESSION['snort']
+ * Use SESSION instead POST for security because were writing to files.
+ */
+
+ $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules';
+ $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs';
+ $_SESSION['snort']['tmp']['snort_rules']['rdbuuid'] = $rdbuuid;
+ $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile;
+
+
+// find ./ -name test.txt | xargs grep "^disablesid 127 "
+
+ $pgtitle = "Snort: Category: rule: $rulefile";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<!-- hidden div -->
+<div id="loadingRuleEditGUI">
+
+ <div class="loadingRuleEditGUIDiv">
+ <form id="iform2" action="">
+ <input type="hidden" name="snortSidRuleEdit" value="1" />
+ <input type="hidden" name="snortSidRuleDBuuid" value="<?=$rdbuuid;?>" /> <!-- what to do, save -->
+ <input type="hidden" name="snortSidRuleFile" value="<?=$rulefile; ?>" /> <!-- what to do, save -->
+ <input type="hidden" name="snortSidNum" value="" /> <!-- what to do, save -->
+ <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
+ <tr>
+ <td>
+ <input name="save" type="submit" class="formbtn" id="save" value="Save" />
+ <input type="button" class="formbtn closeRuleEditGUI" value="Close" >
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <textarea id="sidstring" name="sidstring" wrap="off" style="width: 98%; margin: 7px;" rows="1" cols="" ></textarea> <!-- SID to EDIT -->
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <textarea wrap="off" style="width: 98%; margin: 7px;" rows="<?php if(count($splitcontents) > 24){echo 24;}else{echo count($splitcontents);} ?>" cols="" disabled >
+
+ <?php
+
+ echo "\n";
+
+ foreach ($splitcontents as $sidLineGui)
+
+ echo $sidLineGui . "\n";
+
+
+
+ ?>
+ </textarea> <!-- Display rule file -->
+ </td>
+ </tr>
+ </table>
+ <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
+ <tr>
+ <td>
+ <input name="save" type="submit" class="formbtn" id="save" value="Save" />
+ <input type="button" class="formbtn closeRuleEditGUI" value="Close" >
+ </td>
+ </tr>
+ </table>
+ </form>
+ </div>
+
+
+</div>
+
+<?php include("fbegin.inc"); ?>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <?php
+ if (!empty($uuid)) {
+ echo '
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_rulesets_ips.php?uuid=' . $uuid . '"><span>Ruleset Ips</span></a></li>
+ <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li>
+ <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li>
+ <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ ';
+ }else{
+ echo '
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li class="hide_newtabmenu"><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li>
+ <li class="hide_newtabmenu newtabmenu_active"><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_rulesets_ips.php?rdbuuid=' . $rdbuuid . '"><span>Ruleset Ips</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ ';
+ }
+ ?>
+ <tr>
+ <td id="tdbggrey">
+ <div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;">
+ <!-- START MAIN AREA -->
+
+
+ <!-- start Interface Satus -->
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="maintable77" >
+ <td colspan="2" valign="top" class="listtopic2">
+ Category:
+ <select name="selectbox" class="formfld" >
+ <?php
+ if(isset($_GET['uuid'])) {
+ $urlUuid = "&uuid=$uuid";
+ }
+
+ if(isset($_GET['rdbuuid'])) {
+ $urlUuid = "&rdbuuid=$rdbuuid";
+ }
+
+ $i=0;
+ foreach ($filterDirList as $value)
+ {
+ $selectedruleset = '';
+ if ($value === $rulefile) {
+ $selectedruleset = 'selected';
+ }
+
+ echo "\n" . '<option value="?&openruleset=' . $ruledir . $value . $urlUuid . '" ' . $selectedruleset . ' >' . $value . '</option>' . "\r";
+
+ $i++;
+
+ }
+ ?>
+ </select>
+ There are <?=$countSig; ?> rules in this category.
+ </td>
+ <td width="6%" colspan="2" valign="middle" class="listtopic3" >
+ <a href="snort_interfaces_edit.php?uuid=<?=$new_ruleUUID;?>">
+ <img style="padding-left:3px;" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add rule">
+ </a>
+ </td>
+ </tr>
+ </table>
+<br>
+
+ <!-- Save all inputs -->
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <input id="select_all" type="button" class="formbtn" value="Select All" >
+ <input id="deselect_all" type="button" class="formbtn" value="Deselect All" >
+ </td>
+ </tr>
+ </table>
+
+<br>
+
+ <!-- start User Interface -->
+
+
+ <form id="iform" action="">
+ <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="ifaceTab" value="snort_rules" /> <!-- what interface tab -->
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="maintable77" >
+ <td colspan="2" valign="top" class="listtopic">Snort Signatures:</td>
+ </tr>
+ </table>
+
+ <table id="mainCreateTable" width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <tr id="frheader" >
+ <td class="listhdrr2">On</td>
+ <td class="listhdrr2">Sid</td>
+ <td class="listhdrr2">Proto</td>
+ <td class="listhdrr2">Src</td>
+ <td class="listhdrr2">Port</td>
+ <td class="listhdrr2">Dst</td>
+ <td class="listhdrr2">Port</td>
+ <td class="listhdrr2">Message</td>
+ <td class="listhdrr2">&nbsp;</td>
+ </tr>
+ <tr>
+ <!-- START javascript sid loop here -->
+ <tbody class="rulesetloopblock">
+
+
+
+ </tbody>
+ <!-- STOP javascript sid loop here -->
+ </tr>
+
+ </table>
+ <br>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ </table>
+ </form>
+ <br>
+
+ <!-- stop snortsam -->
+
+ <!-- STOP MAIN AREA -->
+ </div>
+ </td>
+ </tr>
+</table>
+</form>
+</div>
+
+<!-- start info box -->
+
+<br>
+
+<div style="width:790px; background-color: #dddddd;" id="mainarea4">
+<div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;">
+<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>&nbsp;&nbsp;&nbsp;</td>
+ </tr>
+ <tr >
+ <td width="100%">
+ <span class="red"><strong>Note:</strong></span> <br>
+ This is the <strong>Snort Rule Signature Viewer</strong>.
+ Please make sure not to add a <strong>whitespace</strong> before <strong>alert</strong> or <strong>#alert</strong>.
+ <br>
+ <br>
+ <span class="red"><strong>Warning:</strong></span>
+ <br>
+ <strong>New settings will not take effect until interface restart.</strong>
+ <br><br>
+ </td>
+ </tr>
+</table>
+</div>
+</div>
+
+
+<script type="text/javascript">
+
+
+//prepare the form when the DOM is ready
+jQuery(document).ready(function() {
+
+ // NOTE: needs to be watched
+ // change url on selected dropdown rule
+ jQuery('select[name=selectbox]').change(function() {
+ window.location.replace(jQuery(this).val());
+ });
+
+<?php
+
+ /*
+ * NOTE:
+ * I could have used a php loop to build the table but I wanted to see if off loading to client is faster.
+ * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see.
+ * WARNING:
+ * If Json string is to long browsers start asking to terminate javascript.
+ * FIX:
+ * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended.
+ */
+ if (!empty($newFilterRuleSigArray))
+ {
+ $countSigList = count($newFilterRuleSigArray);
+
+ echo "\n";
+
+ echo 'var snortObjlist = [';
+ $i = 0;
+ foreach ($newFilterRuleSigArray as $val3)
+ {
+
+ $i++;
+
+ // NOTE: escapeJsonString; foward slash has added spaces on each side, ie and chrome were giving issues with tablw widths
+ if( $i !== $countSigList ) {
+ echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},';
+ }else{
+ echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}';
+ }
+ }
+
+ echo '];' . "\n";
+ }
+
+
+
+ if (!empty($countSig)) {
+ echo 'var countRowAppend = ' . $countSig . ';' . "\n";
+ }else{
+ echo 'var countRowAppend = 0;' . "\n";
+ }
+
+?>
+
+if(typeof escapeHtmlEntities == 'undefined') {
+ escapeHtmlEntities = function (text) {
+ return text.replace(/[\u00A0-\u2666<>\&]/g, function(c) { return '&' +
+ escapeHtmlEntities.entityTable[c.charCodeAt(0)] || '#'+c.charCodeAt(0) + ';'; });
+ };
+
+ // all HTML4 entities as defined here: http://www.w3.org/TR/html4/sgml/entities.html
+ // added: amp, lt, gt, quot and apos
+ escapeHtmlEntities.entityTable = { 34 : 'quot', 38 : 'amp', 39 : 'apos', 47 : 'slash', 60 : 'lt', 62 : 'gt', 160 : 'nbsp', 161 : 'iexcl', 162 : 'cent', 163 : 'pound', 164 : 'curren', 165 : 'yen', 166 : 'brvbar', 167 : 'sect', 168 : 'uml', 169 : 'copy', 170 : 'ordf', 171 : 'laquo', 172 : 'not', 173 : 'shy', 174 : 'reg', 175 : 'macr', 176 : 'deg', 177 : 'plusmn', 178 : 'sup2', 179 : 'sup3', 180 : 'acute', 181 : 'micro', 182 : 'para', 183 : 'middot', 184 : 'cedil', 185 : 'sup1', 186 : 'ordm', 187 : 'raquo', 188 : 'frac14', 189 : 'frac12', 190 : 'frac34', 191 : 'iquest', 192 : 'Agrave', 193 : 'Aacute', 194 : 'Acirc', 195 : 'Atilde', 196 : 'Auml', 197 : 'Aring', 198 : 'AElig', 199 : 'Ccedil', 200 : 'Egrave', 201 : 'Eacute', 202 : 'Ecirc', 203 : 'Euml', 204 : 'Igrave', 205 : 'Iacute', 206 : 'Icirc', 207 : 'Iuml', 208 : 'ETH', 209 : 'Ntilde', 210 : 'Ograve', 211 : 'Oacute', 212 : 'Ocirc', 213 : 'Otilde', 214 : 'Ouml', 215 : 'times', 216 : 'Oslash', 217 : 'Ugrave', 218 : 'Uacute', 219 : 'Ucirc', 220 : 'Uuml', 221 : 'Yacute', 222 : 'THORN', 223 : 'szlig', 224 : 'agrave', 225 : 'aacute', 226 : 'acirc', 227 : 'atilde', 228 : 'auml', 229 : 'aring', 230 : 'aelig', 231 : 'ccedil', 232 : 'egrave', 233 : 'eacute', 234 : 'ecirc', 235 : 'euml', 236 : 'igrave', 237 : 'iacute', 238 : 'icirc', 239 : 'iuml', 240 : 'eth', 241 : 'ntilde', 242 : 'ograve', 243 : 'oacute', 244 : 'ocirc', 245 : 'otilde', 246 : 'ouml', 247 : 'divide', 248 : 'oslash', 249 : 'ugrave', 250 : 'uacute', 251 : 'ucirc', 252 : 'uuml', 253 : 'yacute', 254 : 'thorn', 255 : 'yuml', 402 : 'fnof', 913 : 'Alpha', 914 : 'Beta', 915 : 'Gamma', 916 : 'Delta', 917 : 'Epsilon', 918 : 'Zeta', 919 : 'Eta', 920 : 'Theta', 921 : 'Iota', 922 : 'Kappa', 923 : 'Lambda', 924 : 'Mu', 925 : 'Nu', 926 : 'Xi', 927 : 'Omicron', 928 : 'Pi', 929 : 'Rho', 931 : 'Sigma', 932 : 'Tau', 933 : 'Upsilon', 934 : 'Phi', 935 : 'Chi', 936 : 'Psi', 937 : 'Omega', 945 : 'alpha', 946 : 'beta', 947 : 'gamma', 948 : 'delta', 949 : 'epsilon', 950 : 'zeta', 951 : 'eta', 952 : 'theta', 953 : 'iota', 954 : 'kappa', 955 : 'lambda', 956 : 'mu', 957 : 'nu', 958 : 'xi', 959 : 'omicron', 960 : 'pi', 961 : 'rho', 962 : 'sigmaf', 963 : 'sigma', 964 : 'tau', 965 : 'upsilon', 966 : 'phi', 967 : 'chi', 968 : 'psi', 969 : 'omega', 977 : 'thetasym', 978 : 'upsih', 982 : 'piv', 8226 : 'bull', 8230 : 'hellip', 8242 : 'prime', 8243 : 'Prime', 8254 : 'oline', 8260 : 'frasl', 8472 : 'weierp', 8465 : 'image', 8476 : 'real', 8482 : 'trade', 8501 : 'alefsym', 8592 : 'larr', 8593 : 'uarr', 8594 : 'rarr', 8595 : 'darr', 8596 : 'harr', 8629 : 'crarr', 8656 : 'lArr', 8657 : 'uArr', 8658 : 'rArr', 8659 : 'dArr', 8660 : 'hArr', 8704 : 'forall', 8706 : 'part', 8707 : 'exist', 8709 : 'empty', 8711 : 'nabla', 8712 : 'isin', 8713 : 'notin', 8715 : 'ni', 8719 : 'prod', 8721 : 'sum', 8722 : 'minus', 8727 : 'lowast', 8730 : 'radic', 8733 : 'prop', 8734 : 'infin', 8736 : 'ang', 8743 : 'and', 8744 : 'or', 8745 : 'cap', 8746 : 'cup', 8747 : 'int', 8756 : 'there4', 8764 : 'sim', 8773 : 'cong', 8776 : 'asymp', 8800 : 'ne', 8801 : 'equiv', 8804 : 'le', 8805 : 'ge', 8834 : 'sub', 8835 : 'sup', 8836 : 'nsub', 8838 : 'sube', 8839 : 'supe', 8853 : 'oplus', 8855 : 'otimes', 8869 : 'perp', 8901 : 'sdot', 8968 : 'lceil', 8969 : 'rceil', 8970 : 'lfloor', 8971 : 'rfloor', 9001 : 'lang', 9002 : 'rang', 9674 : 'loz', 9824 : 'spades', 9827 : 'clubs', 9829 : 'hearts', 9830 : 'diams', 34 : 'quot', 38 : 'amp', 60 : 'lt', 62 : 'gt', 338 : 'OElig', 339 : 'oelig', 352 : 'Scaron', 353 : 'scaron', 376 : 'Yuml', 710 : 'circ', 732 : 'tilde', 8194 : 'ensp', 8195 : 'emsp', 8201 : 'thinsp', 8204 : 'zwnj', 8205 : 'zwj', 8206 : 'lrm', 8207 : 'rlm', 8211 : 'ndash', 8212 : 'mdash', 8216 : 'lsquo', 8217 : 'rsquo', 8218 : 'sbquo', 8220 : 'ldquo', 8221 : 'rdquo', 8222 : 'bdquo', 8224 : 'dagger', 8225 : 'Dagger', 8240 : 'permil', 8249 : 'lsaquo', 8250 : 'rsaquo', 8364 : 'euro' };
+}
+
+ // if rowcount is not empty do this
+ if (countRowAppend > 0){
+
+ // if rowcount is more than 300
+ if (countRowAppend > 200){
+ // call to please wait
+ showLoading('#loadingWaiting');
+ }
+
+
+ // Break up append row adds by chunks of 300
+ // NOTE: ie9 is still giving me issues on deleted.rules 6000 sigs. I should break up the json code above into smaller parts.
+ incrementallyProcess(function (i){
+ // loop code goes in here
+ //console.log('loop: ', i);
+
+ if (isEven(i) === true){
+ var rowIsEvenOdd = 'odd_ruleset2';
+ }else{
+ var rowIsEvenOdd = 'even_ruleset2';
+ }
+
+ if (snortObjlist[i].enable === 'on'){
+ var rulesetChecked = 'checked';
+ }else{
+ var rulesetChecked = '';
+ }
+
+ jQuery('.rulesetloopblock').append(
+
+ "\n" + '<tr valign="top" id="fr0">' + "\n" +
+ '<td class="' + rowIsEvenOdd + '">' + "\n" +
+ '<input class="domecheck" type="checkbox" name="filenamcheckbox2[]" value="' + snortObjlist[i].sid + '" ' + rulesetChecked + ' >' + "\n" +
+ '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].sid + '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].proto + '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].src + '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].srcport + '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dst + '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dstport + '</td>' + "\n" +
+ '<td class="listbg" id="frd0" ><font color="white">' + escapeHtmlEntities(snortObjlist[i].msg) + '</font></td>' + "\n" +
+ '<td class="' + rowIsEvenOdd+ '">' + "\n" +
+ '<img id="' + snortObjlist[i].sid + '" class="icon_click showeditrulegui" src="/themes/<?=$g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule">' + "\n" +
+ '</td>' + "\n" +
+ '</tr>' + "\n"
+
+ );
+
+ },
+ snortObjlist, // Object to work with the case Json object
+ 500, // chunk size
+ 200, // how many secs to wait
+ function (){
+ // things that happen after the processing is done go here
+ // console.log('done!');
+
+ // if rowcount is more than 300
+ if (countRowAppend > 200){
+ // call to please wait
+ hideLoading('#loadingWaiting');
+ }
+
+ });
+ } // end of if stopRowAppend
+
+
+ // On click show rule edit GUI
+ jQuery('.showeditrulegui').live('click', function(){
+
+ // Get sid
+ jQuery.getJSON('/snort/snort_json_get.php',
+ {
+ "snortGetSidString": "1",
+ "snortIface": "<?=$uuid . '_' . $a_list['interface']; ?>",
+ "snortRuleFile": "<?=$rulefile; ?>",
+ "sid": jQuery(this).attr('id')
+ },
+ function(data){
+ jQuery("textarea#sidstring").val(data.sidstring); // add string to textarea
+ jQuery("input[name=snortSidNum]").val(data.sid); // add sid to input
+ showLoading('#loadingRuleEditGUI');
+ });
+ });
+
+ jQuery('.closeRuleEditGUI').live('click', function(){
+ hideLoading('#loadingRuleEditGUI');
+ });
+
+
+}); // end of document ready
+
+</script>
+
+
+<!-- stop info box -->
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_rules_ips.php b/config/snort-dev/snortsam-package-code/snort_rules_ips.php
new file mode 100644
index 00000000..d026b566
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_rules_ips.php
@@ -0,0 +1,471 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+
+if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) {
+ echo 'Error: more than one uuid';
+ exit(0);
+}
+
+// set page vars
+if (isset($_GET['uuid'])) {
+ $uuid = $_GET['uuid'];
+}
+
+if (isset($_GET['rdbuuid'])) {
+ $rdbuuid = $_GET['rdbuuid'];
+}else{
+ $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+ $rdbuuid = $ruledbname_pre1['ruledbname'];
+}
+
+if (empty($rdbuuid)) {
+ echo 'ERROR: Missing RDBUUID';
+ exit;
+}
+
+if (isset($_GET['rulefilename'])) {
+ $rulefilename = $_GET['rulefilename'];
+}else{
+ echo 'ERROR: Missing rulefilename';
+ exit;
+}
+
+
+
+
+// get default settings
+$listGenRules = array();
+$listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid);
+
+// get sigs in db
+$listSigRules = array();
+$listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid);
+
+// if $listGenRules empty list defaults
+if (empty($listGenRules)) {
+ $listGenRules[0] = array(
+ 'id' => 1,
+ 'rdbuuid' => $_POST['rdbuuid'],
+ 'enable' => 'on',
+ 'who' => 'src',
+ 'timeamount' => 15,
+ 'timetype' => 'minutes'
+ );
+}
+
+ $pgtitle = "Services: Snort: Ruleset Ips:";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<div id="loadingWaiting">
+ <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <?php
+ if (!empty($uuid)) {
+ echo '
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_rulesets_ips.php?uuid=' . $uuid . '"><span>Ruleset Ips</span></a></li>
+ <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li>
+ <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li>
+ <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ ';
+ }else{
+ echo '
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_rulesets_ips.php?rdbuuid=' . $rdbuuid . '"><span>Ruleset Ips</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ ';
+ }
+ ?>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" >
+ <tr>
+ <td>
+ </td>
+ <td>
+ <input id="select_all" type="button" class="formbtn" value="Select All" >
+ <input id="deselect_all" type="button" class="formbtn" value="Deselect All" >
+ </td>
+ </tr>
+ </table>
+
+ <div id="checkboxdo" style="width:100%; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 0px;">
+ <form id="iform" action="" >
+
+ <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="SnortruleSigsIps" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_rules_ips" /> <!-- what interface tab -->
+ <input type="hidden" name="rdbuuid" value="<?=$rdbuuid;?>" /> <!-- what interface to save for -->
+ <input type="hidden" name="uuid" value="<?=$uuid;?>" /> <!-- create snort.conf -->
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Rule File Ips Settings</td>
+ </tr>
+ </table>
+
+ <table class="rulesetloopblock" width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;">
+ <tr id="frheader" >
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;On</td>
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Sid</td>
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Source</td>
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Amount</td>
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Duration</td>
+ <td width="20%" class="listhdrr2">Message</td>
+ </tr>
+
+ </table>
+ <br>
+ <table>
+ <tr>
+ <td>
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ </table>
+ </div>
+ </form >
+
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+<script type="text/javascript">
+
+//prepare the form when the DOM is ready
+jQuery(document).ready(function() {
+
+
+
+<?php
+
+ /*
+ * Builds Json long string from a snort rules file
+ * Options: $rdbuuid, $rulefilename
+ * Used in Ips Tab
+ */
+ function createSidTmpBlockSpit($rdbuuid, $rulefilename)
+ {
+
+ function getSidBlockJsonArray($getEnableSid)
+ {
+ global $listGenRules, $listSigRules;
+
+ if (!empty($getEnableSid)) {
+
+ $i = 0;
+
+ $countSigList = count($getEnableSid);
+ foreach ($getEnableSid as $val3)
+ {
+
+ //$listGenRules $listSigRules
+ $snortSigIpsExists = snortSearchArray($listSigRules, 'siguuid', trim($val3['0']));
+
+ // if sig is in db use its settings else use default settings
+ if(!empty($snortSigIpsExists['siguuid'])) {
+
+ $getSid = $snortSigIpsExists['siguuid'];
+ $getEnable = $snortSigIpsExists['enable'];
+ $getWho = $snortSigIpsExists['who'];
+ $getTimeamount = $snortSigIpsExists['timeamount'];
+ $getTimetype = $snortSigIpsExists['timetype'];
+
+ }else{
+
+ $getSid = escapeJsonString(trim($val3['0']));
+ $getEnable = $listGenRules[0]['enable'];
+ $getWho = $listGenRules[0]['who'];
+ $getTimeamount = $listGenRules[0]['timeamount'];
+ $getTimetype = $listGenRules[0]['timetype'];
+
+ }
+
+ $i++;
+
+ if ($i == 1) {
+ $main .= '[';
+ }
+
+ if ( $i == $countSigList ) {
+ $main .= '{"sid":"' . $getSid . '","enable":"' . $getEnable . '","who":"' . $getWho . '","timeamount":"' . $getTimeamount . '","timetype":"' . $getTimetype . '","msg":"' . escapeJsonString($val3['1']) . '"}';
+ }else{
+ $main .= '{"sid":"' . $getSid . '","enable":"' . $getEnable . '","who":"' . $getWho . '","timeamount":"' . $getTimeamount . '","timetype":"' . $getTimetype . '","msg":"' . escapeJsonString($val3['1']) . '"},';
+ }
+
+ if ($i == $countSigList) {
+ $main .= ']';
+ }
+
+ } // END foreach
+
+ return $main;
+
+ } // END of jSON build
+
+ return false;
+
+ }
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit')) {
+ exec('mkdir /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit');
+ }
+
+ exec('rm /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/*.rules');
+ exec('cp /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules/' . $rulefilename . ' ' . '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/' . $rulefilename);
+
+ //$getEnableSidArray = '';
+ exec('perl /usr/local/bin/make_snortsam_map.pl /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/', $getEnableSidArray);
+
+ return getSidBlockJsonArray(getCurrentIpsRuleArray($getEnableSidArray));
+
+ } // END of build json rule func
+
+ // Build table from json, anf $_GET
+ $getJsonRulefile = createSidTmpBlockSpit($rdbuuid, $rulefilename);
+
+ if (!empty($getJsonRulefile)) {
+ echo 'var getLogJsonRuleFile = ' . $getJsonRulefile . ';';
+ }
+
+?>
+
+// create option list through js
+function createDropdownOptionList(list, opselected) {
+
+ var strOut = '';
+ var selectedOptionON = '';
+ for (var key in list) {
+
+ if (opselected.toUpperCase() == list[key]) {
+ selectedOptionON = 'selected="selected"';
+ }
+
+ strOut = strOut + '<option value="' + list[key].toLowerCase() + '" ' + selectedOptionON + '>' + list[key] + '</option>' + "\n";
+ selectedOptionON = '';
+ }
+ return strOut;
+}
+
+function makeLargeSidTables(snortObjlist) {
+
+ //disable Row Append if row count is less than 0
+ var countRowAppend = snortObjlist.length;
+
+ var timeValuePerfList = {"src":"SRC", "dst":"DST", "both":"BOTH"};
+ var timeTypePerfList = {"minutes":"MINUTES", "seconds":"SECONDS", "hours":"HOURS", "days":"DAYS", "weeks":"WEEKS", "months":"MONTHS", "ALWAYS":"ALWAYS"};
+
+ // if rowcount is not empty do this
+ if (countRowAppend > 0){
+
+ // Break up append row adds by chunks of 300
+ // NOTE: ie9 is still giving me issues on deleted.rules 6000 sigs. I should break up the json code above into smaller parts.
+ incrementallyProcess(function (i){
+
+ if (isEven(i) === true){
+ var rowIsEvenOdd = 'odd_ruleset2';
+ }else{
+ var rowIsEvenOdd = 'even_ruleset2';
+ }
+
+ if (snortObjlist[i].enable == 'on'){
+ var rulesetChecked = 'checked="checked"';
+ }else{
+ var rulesetChecked = '';
+ }
+
+ jQuery('.rulesetloopblock').append(
+ "\n" + '<tr class="hidemetr" id="ipstable_' + snortObjlist[i].sid + '" valign="top">' + "\n" +
+ '<td class="' + rowIsEvenOdd + '">' + "\n" +
+ '<input class="domecheck" id="checkbox_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][enable]" value="on" ' + rulesetChecked + ' type="checkbox">' + "\n" +
+ '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '" id="sid_' + snortObjlist[i].sid + '" >' + snortObjlist[i].sid + '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '">' + "\n" +
+ '<select class="formfld2" id="who_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][who]">' + "\n" +
+ createDropdownOptionList(timeValuePerfList, snortObjlist[i].who) +
+ '</select>' + "\n" +
+ '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '">' + "\n" +
+ '<input class="formfld2" id="timeamount_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][timeamount]" type="text" size="7" value="' + snortObjlist[i].timeamount + '">' + "\n" +
+ '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '">' + "\n" +
+ '<select class="formfld2" id="timetype_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][timetype]" >' + "\n" +
+ createDropdownOptionList(timeTypePerfList, snortObjlist[i].timetype) +
+ '</select>' + "\n" +
+ '</td>' + "\n" +
+ '<td class="listbg" id="msg_' + snortObjlist[i].sid + '"><font color="white">' + snortObjlist[i].msg + '</font></td>' + "\n" +
+ '</tr>' + "\n" +
+ '<input type="hidden" name="snortsam[db][' + i + '][siguuid]" value="' + snortObjlist[i].sid + '" />' + "\n" +
+ '<input type="hidden" name="snortsam[db][' + i + '][sigfilename]" value="<?=$rulefilename; ?>" />' + "\n"
+ );
+
+ },
+ snortObjlist, // Object to work with the case Json object
+ 300, // chunk size
+ 25, // how many secs to wait
+ function (){
+
+ hideLoading('#loadingWaiting');
+
+ }); // end incrament
+ } // end of if stopRowAppend
+
+}; // END make table func
+
+
+ // Build table call
+ function startTableBuild() {
+
+ showLoading('#loadingWaiting');
+ lastTableBuild();
+ }
+ function lastTableBuild() {
+
+ makeLargeSidTables(getLogJsonRuleFile);
+
+ }
+
+ <?php
+ if (!empty($getJsonRulefile)) {
+ echo 'startTableBuild();';
+ }
+ ?>
+
+}); // end of document ready
+
+
+
+
+</script>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snortsam-package-code/snort_rulesets.php b/config/snort-dev/snortsam-package-code/snort_rulesets.php
new file mode 100644
index 00000000..a2e4f7f3
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_rulesets.php
@@ -0,0 +1,347 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) {
+ echo 'Error: more than one uuid';
+ exit(0);
+}
+
+// set page vars
+if (isset($_GET['uuid'])) {
+ $uuid = $_GET['uuid'];
+}
+
+if (isset($_GET['rdbuuid'])) {
+ $rdbuuid = $_GET['rdbuuid'];
+}else{
+ $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+ $rdbuuid = $ruledbname_pre1['ruledbname'];
+}
+
+//$a_list = snortSql_fetchAllSettings('snortDBrules', 'SnortIfaces', 'uuid', $uuid);
+
+ // list rules in the default dir
+ $filterDirList = array();
+ $filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules');
+
+ // list rules in db that are on in a array
+ $listOnRules = array();
+ $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'rdbuuid', $rdbuuid);
+
+ if (!empty($listOnRules)) {
+ foreach ( $listOnRules as $val2 )
+ {
+ if ($val2['enable'] == 'on') {
+ $rulesetOn[] = $val2['rulesetname'];
+ }
+ }
+ unset($listOnRules);
+ }
+
+ $pgtitle = "Snort: Interface Rule Categories";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<script type="text/javascript">
+
+//prepare the form when the DOM is ready
+jQuery(document).ready(function() {
+
+ <?php
+ /*
+ * NOTE: I could have used a php loop to build the table but off loading to client is faster
+ * use jQuery jason parse, make sure its in one line
+ */
+ if (!empty($filterDirList)) {
+
+ $countDirList = count($filterDirList);
+
+ echo "\n";
+
+ echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [ ';
+ $i = 0;
+ foreach ($filterDirList as $val3)
+ {
+
+ $i++;
+
+ // if list ruleset is in the db ON mark it checked
+ $rulesetOnChecked = 'off';
+ if(!empty($rulesetOn))
+ {
+ if (in_array($val3, $rulesetOn))
+ {
+ $rulesetOnChecked = 'on';
+ }
+ }
+
+ if ( $i !== $countDirList )
+ {
+ echo '{"rule": ' . '"' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '}, ';
+ }else{
+ echo '{"rule": "' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '} ';
+ }
+ }
+
+ echo ' ]}\');' . "\n";
+
+ }else{
+
+ echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n";
+
+ }
+
+
+ ?>
+
+ // loop through object, dont use .each in jQuery as its slow
+ if(snortObjlist.ruleSets.length > 0) {
+ for (var i = 0; i < snortObjlist.ruleSets.length; i++) {
+
+ if (isEven(i) === true) {
+ var rowIsEvenOdd = 'even_ruleset';
+ }else{
+ var rowIsEvenOdd = 'odd_ruleset';
+ }
+
+ if (snortObjlist.ruleSets[i].enable === 'on') {
+ var rulesetChecked = 'checked';
+ }else{
+ var rulesetChecked = '';
+ }
+
+ jQuery('.rulesetloopblock').append(
+ "\n" + '<tr>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '" align="center" valign="top" width="9%">' + "\n" +
+ ' <input class="domecheck" name="filenamcheckbox[]" value="' + snortObjlist.ruleSets[i].rule + '" type="checkbox" ' + rulesetChecked + ' >' + "\n" +
+ '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '">' + "\n" +
+ ' <a href="/snort/snort_rules.php?openruleset=' + snortObjlist.ruleSets[i].rule + '<?php if(isset($uuid)){echo "&uuid=$uuid";}else{echo "&rdbuuid=$rdbuuid";}?>' + '">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" +
+ '</td>' + "\n" +
+ '</tr>' + "\n\n"
+ );
+ };
+ }
+
+
+}); // end of document ready
+
+</script>
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0" alt="transgif" ></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <?php
+ if (!empty($uuid)) {
+ echo '
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_rulesets_ips.php?uuid=' . $uuid . '"><span>Ruleset Ips</span></a></li>
+ <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li>
+ <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li>
+ <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ ';
+ }else{
+ echo '
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li class="hide_newtabmenu"><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li>
+ <li class="hide_newtabmenu newtabmenu_active"><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li>
+ <li class="hide_newtabmenu"><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_rulesets_ips.php?rdbuuid=' . $rdbuuid . '"><span>Ruleset Ips</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ ';
+ }
+ ?>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0" >
+ <!-- START MAIN AREA -->
+
+
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" >
+ <tr>
+ <td>
+ </td>
+ <td>
+ <input id="select_all" type="button" class="formbtn" value="Select All" >
+ <input id="deselect_all" type="button" class="formbtn" value="Deselect All" >
+ </td>
+ </tr>
+ </table>
+
+ <div id="checkboxdo" style="width: 100%; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 0px;">
+ <form id="iform" action="" >
+ <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="SnortruleSets" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_rulesets" /> <!-- what interface tab -->
+ <input type="hidden" name="rdbuuid" value="<?=$rdbuuid;?>" /> <!-- what interface to save for -->
+ <input type="hidden" name="uuid" value="<?=$uuid;?>" /> <!-- create snort.conf -->
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <tr >
+ <td width="5%" class="listtopic">Enabled</td>
+ <td class="listtopic">Ruleset: Rules that end with "so.rules" are shared object rules.</td>
+ </tr>
+ <table class="rulesetbkg" width="100%">
+
+ <tbody class="rulesetloopblock" >
+ <!-- javscript loop table build here -->
+ </tbody>
+
+ </table>
+ <table class="vncell1" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listtopic" >Check the rulesets that you would like Snort to load at startup.</td>
+ </tr>
+ </table>
+ <tr>
+ <td>
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ <tr>
+ <td width="78%">
+ <span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ Please save your settings before you click start.</span>
+ </td>
+ </tr>
+
+ </table>
+ </form>
+ </div>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
+
diff --git a/config/snort-dev/snortsam-package-code/snort_rulesets_ips.php b/config/snort-dev/snortsam-package-code/snort_rulesets_ips.php
new file mode 100644
index 00000000..abac2b6b
--- /dev/null
+++ b/config/snort-dev/snortsam-package-code/snort_rulesets_ips.php
@@ -0,0 +1,411 @@
+<?php
+/* $Id$ */
+/*
+
+ part of pfSense
+ All rights reserved.
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) {
+ echo 'Error: more than one uuid';
+ exit(0);
+}
+
+// set page vars
+if (isset($_GET['uuid'])) {
+ $uuid = $_GET['uuid'];
+}
+
+if (isset($_GET['rdbuuid'])) {
+ $rdbuuid = $_GET['rdbuuid'];
+}else{
+ $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid);
+ $rdbuuid = $ruledbname_pre1['ruledbname'];
+}
+
+//$a_list = snortSql_fetchAllSettings('snortDBrules', 'SnortIfaces', 'uuid', $uuid);
+
+ // list rules in the default dir
+ $filterDirList = array();
+ $filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules');
+
+ // list rules in db that are on in a array
+ $listOnRules = array();
+ $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSetsIps', 'rdbuuid', $rdbuuid);
+
+ // list rules in db that are on in a array
+ $listGenRules = array();
+ $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid);
+
+ if (!empty($listOnRules)) {
+ foreach ( $listOnRules as $val2 )
+ {
+ if ($val2['enable'] == 'on') {
+ $rulesetOn[] = $val2['rulesetname'];
+ }
+ }
+ unset($listOnRules);
+ }
+
+ $pgtitle = "Services: Snort: Ruleset Ips";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<script type="text/javascript">
+
+//prepare the form when the DOM is ready
+jQuery(document).ready(function() {
+
+ <?php
+ /*
+ * NOTE: I could have used a php loop to build the table but off loading to client is faster
+ * use jQuery jason parse, make sure its in one line
+ */
+ if (!empty($filterDirList)) {
+
+ $countDirList = count($filterDirList);
+
+ echo "\n";
+
+ echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [ ';
+ $i = 0;
+ foreach ($filterDirList as $val3)
+ {
+
+ $i++;
+
+ // if list ruleset is in the db ON mark it checked
+ $rulesetOnChecked = 'off';
+ if(!empty($rulesetOn))
+ {
+ if (in_array($val3, $rulesetOn))
+ {
+ $rulesetOnChecked = 'on';
+ }
+ }
+
+ if ( $i !== $countDirList )
+ {
+ echo '{"rule": ' . '"' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '}, ';
+ }else{
+ echo '{"rule": "' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '} ';
+ }
+ }
+
+ echo ' ]}\');' . "\n";
+
+ }else{
+ //
+ echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n";
+
+ }
+
+ ?>
+
+ // loop through object, dont use .each in jQuery as its slow
+ if(snortObjlist.ruleSets.length > 0) {
+ for (var i = 0; i < snortObjlist.ruleSets.length; i++) {
+
+ if (isEven(i) === true) {
+ var rowIsEvenOdd = 'even_ruleset';
+ }else{
+ var rowIsEvenOdd = 'odd_ruleset';
+ }
+
+ if (snortObjlist.ruleSets[i].enable === 'on') {
+ var rulesetChecked = 'checked';
+ }else{
+ var rulesetChecked = '';
+ }
+
+ jQuery('.rulesetloopblock').append(
+ "\n" + '<tr>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '" align="center" valign="top" width="9%">' + "\n" +
+ ' <input class="domecheck" name="filenamcheckbox[]" value="' + snortObjlist.ruleSets[i].rule + '" type="checkbox" ' + rulesetChecked + ' >' + "\n" +
+ '</td>' + "\n" +
+ '<td class="' + rowIsEvenOdd + '">' + "\n" +
+ ' <a href="/snort/snort_rules_ips.php?rulefilename=' + snortObjlist.ruleSets[i].rule + '<?php if(isset($uuid)){echo "&uuid=$uuid";}else{echo "&rdbuuid=$rdbuuid";}?>' + '">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" +
+ '</td>' + "\n" +
+ '</tr>' + "\n\n"
+ );
+ };
+ }
+
+
+}); // end of document ready
+
+</script>
+
+<!-- loading msg -->
+<div id="loadingWaiting">
+ <div class="snortModal" style="top: 200px; left: 700px;">
+ <div class="snortModalTop">
+ <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> -->
+ </div>
+ <div class="snortModalTitle">
+ <p><img src="./images/loading.gif" /><br><br>Please Wait...</p>
+ </div>
+ <div>
+ <p class="loadingWaitingMessage"></p>
+ </div>
+ </div>
+</div>
+
+<?php include("fbegin.inc"); ?>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0" alt="transgif" ></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <?php
+ if (!empty($uuid)) {
+ echo '
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_rulesets_ips.php?uuid=' . $uuid . '"><span>Ruleset Ips</span></a></li>
+ <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li>
+ <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li>
+ <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ ';
+ }else{
+ echo '
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_rulesets_ips.php?rdbuuid=' . $rdbuuid . '"><span>Ruleset Ips</span></a></li>
+ </ul>
+ </div>
+ </td>
+ </tr>
+ ';
+ }
+ ?>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0" >
+ <!-- START MAIN AREA -->
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" >
+ <tr>
+ <td>
+ </td>
+ <td>
+ <input id="select_all" type="button" class="formbtn" value="Select All" >
+ <input id="deselect_all" type="button" class="formbtn" value="Deselect All" >
+ </td>
+ </tr>
+ </table>
+
+ <div id="checkboxdo" style="width:100%; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 0px;">
+ <form id="iform" action="" >
+ <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="SnortruleSetsIps" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_rulesets_ips" /> <!-- what interface tab -->
+ <input type="hidden" name="rdbuuid" value="<?=$rdbuuid;?>" /> <!-- what interface to save for -->
+ <input type="hidden" name="uuid" value="<?=$uuid;?>" /> <!-- create snort.conf -->
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Settings</td>
+ </tr>
+ </table>
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;">
+ <tr>
+ <td>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" >
+
+ <tr class="hidemetr" id="ipstitle_gensettings" valign="top">
+ <td class="listhdrr2" width="20%"></td>
+ <td class="listhdrr2" width="1%">&nbsp;&nbsp;&nbsp;On</td>
+ <td class="listhdrr2" width="1%">&nbsp;&nbsp;&nbsp;Source</td>
+ <td class="listhdrr2" width="1%">&nbsp;&nbsp;&nbsp;Amount</td>
+ <td class="listhdrr2" width="1%">&nbsp;&nbsp;&nbsp;Duration</td>
+ </tr>
+
+ <tr class="hidemetr" id="ipstable_gensettings" valign="top">
+ <td class="vncell2" id="infotext_ips"><font color="#000000">Default settings for all block rules</font></td>
+ <td class="odd_ruleset2">
+ <?php
+ $enableGenRuleSidChkBox = '';
+ if ( $listGenRules[0]['enable'] === 'on' || empty($listGenRules[0]['enable'])) {
+ $enableGenRuleSidChkBox = 'checked="checked"';
+ }
+ ?>
+ <input class="domecheck" id="checkbox_253" name="snortsam[db][gensettings][enable]" value="on" <?=$enableGenRuleSidChkBox; ?> type="checkbox">
+ </td>
+ <td class="odd_ruleset2">
+ <select class="formfld2" id="who_gensettings" name="snortsam[db][gensettings][who]">
+ <?php
+ $whoList = array('src' => 'SRC', 'dst' => 'DST', 'both' => 'BOTH');
+ snortDropDownList($whoList, $listGenRules[0]['who']);
+ ?>
+ </select>
+ </td>
+ <td class="odd_ruleset2">
+ <?php
+ if (!empty($listGenRules[0]['timeamount'])) {
+ $timeamount = $listGenRules[0]['timeamount'];
+ }else{
+ $timeamount = '15';
+ }
+ ?>
+ <input class="formfld2" id="timeamount_gensettings" name="snortsam[db][gensettings][timeamount]" size="7" value="<?=$timeamount; ?>" type="text">
+ </td>
+ <td class="odd_ruleset2">
+ <select class="formfld2" id="timetype_gensettings" name="snortsam[db][gensettings][timetype]">
+ <?php
+ $timeTypeList = array('minutes' => 'MINUTES', 'seconds' => 'SECONDS', 'hours' => 'HOURS', 'days' => 'DAYS', 'weeks' => 'WEEKS', 'months' => 'MONTHS', 'always' => 'ALWAYS');
+ snortDropDownList($timeTypeList, $listGenRules[0]['timetype']);
+ ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <tr >
+ <td width="5%" class="listtopic">Enabled</td>
+ <td class="listtopic">Select The Rulesets To Eable IPS On</td>
+ </tr>
+ <table class="rulesetbkg" width="100%">
+
+ <tbody class="rulesetloopblock" >
+ <!-- javscript loop table build here -->
+ </tbody>
+
+ </table>
+ <table class="vncell1" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listtopic" >Check the rulesets that you would like Snort to load at startup.</td>
+ </tr>
+ </table>
+ <tr>
+ <td>
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ <tr>
+ <td width="78%">
+ <span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ Please save your settings before you click start.</span>
+ </td>
+ </tr>
+
+ </table>
+ </form>
+ </div>
+
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
+