diff options
| -rw-r--r-- | config/snort-dev/bkup/snort.inc (renamed from config/snort-dev/snort.inc) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort.xml (renamed from config/snort-dev/snort.xml) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_advanced.xml (renamed from config/snort-dev/snort_advanced.xml) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_alerts.php (renamed from config/snort-dev/snort_alerts.php) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_blocked.php (renamed from config/snort-dev/snort_blocked.php) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_check_for_rule_updates.php (renamed from config/snort-dev/snort_check_for_rule_updates.php) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_define_servers.xml (renamed from config/snort-dev/snort_define_servers.xml) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_download_rules.php (renamed from config/snort-dev/snort_download_rules.php) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_dynamic_ip_reload.php (renamed from config/snort-dev/snort_dynamic_ip_reload.php) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_rules.php (renamed from config/snort-dev/snort_rules.php) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_rules_edit.php (renamed from config/snort-dev/snort_rules_edit.php) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_rulesets.php (renamed from config/snort-dev/snort_rulesets.php) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_threshold.xml (renamed from config/snort-dev/snort_threshold.xml) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_whitelist.xml (renamed from config/snort-dev/snort_whitelist.xml) | 0 | ||||
| -rw-r--r-- | config/snort-dev/bkup/snort_xmlrpc_sync.php (renamed from config/snort-dev/snort_xmlrpc_sync.php) | 0 | ||||
| -rw-r--r-- | config/snort-dev/snort_base_files.php | 2025 | ||||
| -rw-r--r-- | config/snort-dev/snort_interfaces.php | 296 | ||||
| -rw-r--r-- | config/snort-dev/snort_interfaces_edit.php | 402 |
18 files changed, 2723 insertions, 0 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/bkup/snort.inc index 575192b9..575192b9 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/bkup/snort.inc diff --git a/config/snort-dev/snort.xml b/config/snort-dev/bkup/snort.xml index fc32ceb9..fc32ceb9 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/bkup/snort.xml diff --git a/config/snort-dev/snort_advanced.xml b/config/snort-dev/bkup/snort_advanced.xml index 1fdddda2..1fdddda2 100644 --- a/config/snort-dev/snort_advanced.xml +++ b/config/snort-dev/bkup/snort_advanced.xml diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/bkup/snort_alerts.php index f463c0b9..f463c0b9 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/bkup/snort_alerts.php diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/bkup/snort_blocked.php index ff158853..ff158853 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/bkup/snort_blocked.php diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/bkup/snort_check_for_rule_updates.php index 95adbaa6..95adbaa6 100644 --- a/config/snort-dev/snort_check_for_rule_updates.php +++ b/config/snort-dev/bkup/snort_check_for_rule_updates.php diff --git a/config/snort-dev/snort_define_servers.xml b/config/snort-dev/bkup/snort_define_servers.xml index 7df880d0..7df880d0 100644 --- a/config/snort-dev/snort_define_servers.xml +++ b/config/snort-dev/bkup/snort_define_servers.xml diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/bkup/snort_download_rules.php index 133f2d2a..133f2d2a 100644 --- a/config/snort-dev/snort_download_rules.php +++ b/config/snort-dev/bkup/snort_download_rules.php diff --git a/config/snort-dev/snort_dynamic_ip_reload.php b/config/snort-dev/bkup/snort_dynamic_ip_reload.php index 0fad085b..0fad085b 100644 --- a/config/snort-dev/snort_dynamic_ip_reload.php +++ b/config/snort-dev/bkup/snort_dynamic_ip_reload.php diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/bkup/snort_rules.php index 233841b1..233841b1 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/bkup/snort_rules.php diff --git a/config/snort-dev/snort_rules_edit.php b/config/snort-dev/bkup/snort_rules_edit.php index cbabce73..cbabce73 100644 --- a/config/snort-dev/snort_rules_edit.php +++ b/config/snort-dev/bkup/snort_rules_edit.php diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/bkup/snort_rulesets.php index 8e5179d6..8e5179d6 100644 --- a/config/snort-dev/snort_rulesets.php +++ b/config/snort-dev/bkup/snort_rulesets.php diff --git a/config/snort-dev/snort_threshold.xml b/config/snort-dev/bkup/snort_threshold.xml index f9075d3d..f9075d3d 100644 --- a/config/snort-dev/snort_threshold.xml +++ b/config/snort-dev/bkup/snort_threshold.xml diff --git a/config/snort-dev/snort_whitelist.xml b/config/snort-dev/bkup/snort_whitelist.xml index 42769e4e..42769e4e 100644 --- a/config/snort-dev/snort_whitelist.xml +++ b/config/snort-dev/bkup/snort_whitelist.xml diff --git a/config/snort-dev/snort_xmlrpc_sync.php b/config/snort-dev/bkup/snort_xmlrpc_sync.php index db8b3f3e..db8b3f3e 100644 --- a/config/snort-dev/snort_xmlrpc_sync.php +++ b/config/snort-dev/bkup/snort_xmlrpc_sync.php diff --git a/config/snort-dev/snort_base_files.php b/config/snort-dev/snort_base_files.php new file mode 100644 index 00000000..1bc9cea0 --- /dev/null +++ b/config/snort-dev/snort_base_files.php @@ -0,0 +1,2025 @@ +<?php
+/*
+ amanda.php
+ Copyright (C) 2008, 2009 Robert Zelaya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("filter.inc");
+
+
+/* create snort.xml for every interface selected */
+function create_snort_xml()
+{
+include("filter.inc");
+include("config.inc");
+
+ global $bconfig, $bg;
+
+ conf_mount_rw();
+
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+
+ if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
+ $if = "ng0";
+ }
+
+ /* build a list of user specified interfaces -gtm */
+ if($if){
+ array_push($snortInterfaces, $if);
+ $first = 1;
+ }
+ }
+
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
+ }
+ }
+
+
+ foreach($snortInterfaces as $snortIf)
+ {
+
+$snort_xml_text = <<<EOD
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* \$Id\$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfsense.com)
+ Copyright (C) 2007 Robert Zelaya
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>Snort{$snortIf}</name>
+ <version>2.8.4.1_5</version>
+ <title>Services: Snort 2.8.4.1_5 pkg v. 1.6 {$snortIf}</title>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
+ <tabs>
+ <tab>
+ <text>Snort Interfaces</text>
+ <url>/snort_interfaces.php</url>
+ </tab>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Categories</text>
+ <url>snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php</url>
+ </tab>
+ <tab>
+ <text>Rules</text>
+ <url>snort/snort_{$snortIf}/snort_rules_{$snortIf}.php</url>
+ </tab>
+ <tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0</url>
+ </tab>
+ <tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml</url>
+ </tab>
+ <tab>
+ <text>Barnyard2</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0</url>
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <fielddescr>Interface</fielddescr>
+ <fieldname>iface_array</fieldname>
+ <description>Select the interface(s) Snort will listen on.</description>
+ <type>interfaces_selection</type>
+ <size>3</size>
+ <value>lan</value>
+ <multiple>true</multiple>
+ </field>
+ <field>
+ <fielddescr>Memory Performance</fielddescr>
+ <fieldname>performance</fieldname>
+ <description>Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small
+memory,moderate performance, ac-sparsebands: small memory, high performance.</description>
+ <type>select</type>
+ <options>
+ <option>
+ <name>ac-bnfa</name>
+ <value>ac-bnfa</value>
+ </option>
+ <option>
+ <name>lowmem</name>
+ <value>lowmem</value>
+ </option>
+ <option>
+ <name>ac-std</name>
+ <value>ac-std</value>
+ </option>
+ <option>
+ <name>ac</name>
+ <value>ac</value>
+ </option>
+ <option>
+ <name>ac-banded</name>
+ <value>ac-banded</value>
+ </option>
+ <option>
+ <name>ac-sparsebands</name>
+ <value>ac-sparsebands</value>
+ </option>
+ <option>
+ <name>acs</name>
+ <value>acs</value>
+ </option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>BPF Buffer size</fielddescr>
+ <fieldname>bpfbufsize</fieldname>
+ <description>Changing this option adjusts the system BPF buffer size. Leave blank if you do not know what this does. Default is 1024.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Maximum BPF buffer size</fielddescr>
+ <fieldname>bpfmaxbufsize</fieldname>
+ <description>Changing this option adjusts the system maximum BPF buffer size. Leave blank if you do not know what this does. Default is 524288. This value should never be set above hardware cache size. The
+best (optimal size) is 50% - 80% of the hardware cache size.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Maximum BPF inserts</fielddescr>
+ <fieldname>bpfmaxinsns</fieldname>
+ <description>Changing this option adjusts the system maximum BPF insert size. Leave blank if you do not know what this does. Default is 512.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Advanced configuration pass through</fielddescr>
+ <fieldname>configpassthru</fieldname>
+ <description>Add items to here will be automatically inserted into the running snort configuration</description>
+ <type>textarea</type>
+ <cols>40</cols>
+ <rows>5</rows>
+ </field>
+ <field>
+ <fielddescr>Snort signature info files.</fielddescr>
+ <fieldname>signatureinfo</fieldname>
+ <description>Snort signature info files will be installed during updates. At leats 500 mb of memory is needed.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Alerts Tab logging type.</fielddescr>
+ <fieldname>snortalertlogtype</fieldname>
+ <description>Please choose the type of Alert logging you will like see in the Alerts Tab. The options are Full descriptions or Fast short descriptions</description>
+ <type>select</type>
+ <options>
+ <option>
+ <name>fast</name>
+ <value>fast</value>
+ </option>
+ <option>
+ <name>full</name>
+ <value>full</value>
+ </option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Send alerts to main System logs.</fielddescr>
+ <fieldname>alertsystemlog</fieldname>
+ <description>Snort will send Alerts to the Pfsense system logs.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Log to a Tcpdump file.</fielddescr>
+ <fieldname>tcpdumplog</fieldname>
+ <description>Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by a wireshark type of application. WARNING: File may become large.</description>
+ <type>checkbox</type>
+ </field>
+ </fields>
+ <custom_php_deinstall_command>
+ snort_deinstall();
+ </custom_php_deinstall_command>
+</packagegui>
+
+EOD;
+
+/* write out snort_xml */
+$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_{$snortIf}.xml", "w");
+if(!$bconf)
+{
+ log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_{$snortIf}.xml for writing.");
+ exit;
+ }
+ fwrite($bconf, $snort_xml_text);
+ fclose($bconf);
+
+ conf_mount_ro();
+
+ }
+}
+
+/* create barnyard2.xml for every interface selected */
+function create_snort_barnyard2_xml()
+{
+include("filter.inc");
+include("config.inc");
+
+ global $bconfig, $bg;
+
+ conf_mount_rw();
+
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+
+ if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
+ $if = "ng0";
+ }
+
+ /* build a list of user specified interfaces -gtm */
+ if($if){
+ array_push($snortInterfaces, $if);
+ $first = 1;
+ }
+ }
+
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
+ }
+ }
+
+
+ foreach($snortInterfaces as $snortIf)
+ {
+
+$snort_barnyard2_text = <<<EOD
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* \$Id\$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2007 Robert Zelaya
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>barnyard2{$snortIf}</name>
+ <version>none</version>
+ <title>Services: Barnyard2 {$snortIf}</title>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
+ <tabs>
+ <tab>
+ <text>Snort Interfaces</text>
+ <url>/snort_interfaces.php</url>
+ </tab>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0</url>
+ </tab>
+ <tab>
+ <text>Categories</text>
+ <url>snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php</url>
+ </tab>
+ <tab>
+ <text>Rules</text>
+ <url>snort/snort_{$snortIf}/snort_rules_{$snortIf}.php</url>
+ </tab>
+ <tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0</url>
+ </tab>
+ <tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml</url>
+ </tab>
+ <tab>
+ <text>Barnyard2</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0</url>
+ <active/>
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <fielddescr>Enable Barnyard2.</fielddescr>
+ <fieldname>snortbarnyardlog</fieldname>
+ <description>This will enable barnyard2 in the snort package. You will also have to set the database credentials.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Barnyard2 Log Mysql Database.</fielddescr>
+ <fieldname>snortbarnyardlog_database</fieldname>
+ <description>Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Barnyard2 Configure Hostname ID.</fielddescr>
+ <fieldname>snortbarnyardlog_hostname</fieldname>
+ <description>Example: pfsense.local</description>
+ <type>input</type>
+ <size>25</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Barnyard2 Configure Interface ID</fielddescr>
+ <fieldname>snortbarnyardlog_interface</fieldname>
+ <description>Example: vr0</description>
+ <type>input</type>
+ <size>25</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Log Alerts to a snort unified2 file.</fielddescr>
+ <fieldname>snortunifiedlog</fieldname>
+ <description>Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</description>
+ <type>checkbox</type>
+ </field>
+ </fields>
+ <custom_php_deinstall_command>
+ snort_advanced();
+ </custom_php_deinstall_command>
+</packagegui>
+
+EOD;
+
+/* write out snort_barnyard2_xml */
+$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml", "w");
+if(!$bconf)
+{
+ log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml for writing.");
+ exit;
+ }
+ fwrite($bconf, $snort_barnyard2_text);
+ fclose($bconf);
+
+ conf_mount_ro();
+
+ }
+}
+
+
+/* create snort_define_servers.xml for every interface selected */
+function create_snort_define_servers_xml()
+{
+include("filter.inc");
+include("config.inc");
+
+ global $bconfig, $bg;
+
+ conf_mount_rw();
+
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+
+ if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
+ $if = "ng0";
+ }
+
+ /* build a list of user specified interfaces -gtm */
+ if($if){
+ array_push($snortInterfaces, $if);
+ $first = 1;
+ }
+ }
+
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
+ }
+ }
+
+
+ foreach($snortInterfaces as $snortIf)
+ {
+
+$snort_define_servers_xml_text = <<<EOD
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* \$Id\$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2007 Robert Zelaya
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>SnortDefServers{$snortIf}</name>
+ <version>none</version>
+ <title>Services: Snort Define Servers {$snortIf}</title>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
+ <tabs>
+ <tab>
+ <text>Snort Interfaces</text>
+ <url>/snort_interfaces.php</url>
+ </tab>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0</url>
+ </tab>
+ <tab>
+ <text>Categories</text>
+ <url>snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php</url>
+ </tab>
+ <tab>
+ <text>Rules</text>
+ <url>snort/snort_{$snortIf}/snort_rules_{$snortIf}.php</url>
+ </tab>
+ <tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml</url>
+ </tab>
+ <tab>
+ <text>Barnyard2</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0</url>
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <fielddescr>Define DNS_SERVERS</fielddescr>
+ <fieldname>def_dns_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define DNS_PORTS</fielddescr>
+ <fieldname>def_dns_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 53.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SMTP_SERVERS</fielddescr>
+ <fieldname>def_smtp_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SMTP_PORTS</fielddescr>
+ <fieldname>def_smtp_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 25.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define Mail_Ports</fielddescr>
+ <fieldname>def_mail_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 25,143,465,691.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define HTTP_SERVERS</fielddescr>
+ <fieldname>def_http_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define WWW_SERVERS</fielddescr>
+ <fieldname>def_www_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define HTTP_PORTS</fielddescr>
+ <fieldname>def_http_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 80.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SQL_SERVERS</fielddescr>
+ <fieldname>def_sql_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define ORACLE_PORTS</fielddescr>
+ <fieldname>def_oracle_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 1521.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define MSSQL_PORTS</fielddescr>
+ <fieldname>def_mssql_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 1433.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define TELNET_SERVERS</fielddescr>
+ <fieldname>def_telnet_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define TELNET_PORTS</fielddescr>
+ <fieldname>def_telnet_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 23.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SNMP_SERVERS</fielddescr>
+ <fieldname>def_snmp_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SNMP_PORTS</fielddescr>
+ <fieldname>def_snmp_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 161.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define FTP_SERVERS</fielddescr>
+ <fieldname>def_ftp_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define FTP_PORTS</fielddescr>
+ <fieldname>def_ftp_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 21.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SSH_SERVERS</fielddescr>
+ <fieldname>def_ssh_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SSH_PORTS</fielddescr>
+ <fieldname>def_ssh_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is Pfsense SSH port.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define POP_SERVERS</fielddescr>
+ <fieldname>def_pop_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define POP2_PORTS</fielddescr>
+ <fieldname>def_pop2_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 109.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define POP3_PORTS</fielddescr>
+ <fieldname>def_pop3_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 110.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define IMAP_SERVERS</fielddescr>
+ <fieldname>def_imap_servers</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define IMAP_PORTS</fielddescr>
+ <fieldname>def_imap_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 143.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SIP_PROXY_IP</fielddescr>
+ <fieldname>def_sip_proxy_ip</fieldname>
+ <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
+ <type>input</type>
+ <size>101</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SIP_PROXY_PORTS</fielddescr>
+ <fieldname>def_sip_proxy_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 5060:5090,16384:32768.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define AUTH_PORTS</fielddescr>
+ <fieldname>def_auth_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 113.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define FINGER_PORTS</fielddescr>
+ <fieldname>def_finger_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 79.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define IRC_PORTS</fielddescr>
+ <fieldname>def_irc_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 6665,6666,6667,6668,6669,7000.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define NNTP_PORTS</fielddescr>
+ <fieldname>def_nntp_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 119.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define RLOGIN_PORTS</fielddescr>
+ <fieldname>def_rlogin_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 513.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define RSH_PORTS</fielddescr>
+ <fieldname>def_rsh_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 514.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ <field>
+ <fielddescr>Define SSL_PORTS</fielddescr>
+ <fieldname>def_ssl_ports</fieldname>
+ <description>Example: Specific ports "25,443" or All ports betwen "5060:5090". Default is 25,443,465,636,993,995.</description>
+ <type>input</type>
+ <size>43</size>
+ <value></value>
+ </field>
+ </fields>
+ <custom_php_deinstall_command>
+ snort_define_servers();
+ </custom_php_deinstall_command>
+</packagegui>
+
+EOD;
+
+/* write out snort_define_servers_xml */
+$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml", "w");
+if(!$bconf)
+{
+ log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml for writing.");
+ exit;
+ }
+ fwrite($bconf, $snort_define_servers_xml_text);
+ fclose($bconf);
+
+ conf_mount_ro();
+
+ }
+}
+
+/* create snort_threshold.xml for every interface selected */
+function create_snort_threshold_xml()
+{
+include("filter.inc");
+include("config.inc");
+
+ global $bconfig, $bg;
+
+ conf_mount_rw();
+
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+
+ if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
+ $if = "ng0";
+ }
+
+ /* build a list of user specified interfaces -gtm */
+ if($if){
+ array_push($snortInterfaces, $if);
+ $first = 1;
+ }
+ }
+
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
+ }
+ }
+
+
+ foreach($snortInterfaces as $snortIf)
+ {
+
+$snort_threshold_xml_text = <<<EOD
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* \$Id\$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2004, 2005 Scott Robert Zelaya
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>snort-threshold{$snortIf}</name>
+ <version>0.1.0</version>
+ <title>Snort: Alert Thresholding and Suppression {$snortIf}</title>
+ <include_file>/usr/local/pkg/snort.inc</include_file>
+ <!-- Menu is where this packages menu will appear -->
+ <tabs>
+ <tab>
+ <text>Snort Interfaces</text>
+ <url>/snort_interfaces.php</url>
+ </tab>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0</url>
+ </tab>
+ <tab>
+ <text>Categories</text>
+ <url>snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php</url>
+ </tab>
+ <tab>
+ <text>Rules</text>
+ <url>snort/snort_{$snortIf}/snort_rules_{$snortIf}.php</url>
+ </tab>
+ <tab>
+ <text>Servers</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0</url>
+ </tab>
+ <tab>
+ <text>Threshold</text>
+ <url>/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Barnyard2</text>
+ <url>/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0</url>
+ </tab>
+ </tabs>
+ <adddeleteeditpagefields>
+ <columnitem>
+ <fielddescr>Thresholding or Suppression Rule</fielddescr>
+ <fieldname>threshrule</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Description</fielddescr>
+ <fieldname>description</fieldname>
+ </columnitem>
+ </adddeleteeditpagefields>
+ <fields>
+ <field>
+ <fielddescr>Thresholding or Suppression Rule</fielddescr>
+ <fieldname>threshrule</fieldname>
+ <description>Enter the Rule. Example; "suppress gen_id 125, sig_id 4" or "threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60"</description>
+ <type>input</type>
+ <size>40</size>
+ </field>
+ <field>
+ <fielddescr>Description</fielddescr>
+ <fieldname>description</fieldname>
+ <description>Enter the description for this item</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ </fields>
+ <custom_php_command_before_form>
+ </custom_php_command_before_form>
+ <custom_delete_php_command>
+ </custom_delete_php_command>
+ <custom_php_resync_config_command>
+ create_snort_conf();
+ </custom_php_resync_config_command>
+</packagegui>
+
+EOD;
+
+/* write out snort_threshold_xml */
+$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml", "w");
+if(!$bconf)
+{
+ log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml for writing.");
+ exit;
+ }
+ fwrite($bconf, $snort_threshold_xml_text);
+ fclose($bconf);
+
+ conf_mount_ro();
+
+ }
+}
+
+/* create snort_rules.php for every interface selected */
+function create_snort_rules_php()
+{
+include("filter.inc");
+include("config.inc");
+
+ global $bconfig, $bg;
+
+ conf_mount_rw();
+
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+
+ if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
+ $if = "ng0";
+ }
+
+ /* build a list of user specified interfaces -gtm */
+ if($if){
+ array_push($snortInterfaces, $if);
+ $first = 1;
+ }
+ }
+
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
+ }
+ }
+
+
+ foreach($snortInterfaces as $snortIf)
+ {
+
+$snort_rules_php_text = <<<EOD
+<?php
+/* \$Id\$ */
+/*
+ edit_snortrule.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ Copyright (C) 2004, 2005 Scott Robert Zelaya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+require("guiconfig.inc");
+require("config.inc");
+
+if(!is_dir("/usr/local/etc/snort_{$snortIf}/rules_{$snortIf}")) {
+ conf_mount_rw();
+ exec('mkdir /usr/local/etc/snort_{$snortIf}/rules_{$snortIf}/');
+ conf_mount_ro();
+}
+
+/* Check if the rules dir is empy if so warn the user */
+/* TODO give the user the option to delete the installed rules rules */
+\$isrulesfolderempty = exec('ls -A /usr/local/etc/snort_{$snortIf}/rules_{$snortIf}/*.rules');
+if (\$isrulesfolderempty == "") {
+
+include("head.inc");
+include("fbegin.inc");
+
+echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+
+echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
+<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
+<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n";
+
+ \$tab_array = array();
+ \$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0");
+ \$tab_array[] = array(gettext("Categories"), false, "snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php");
+ \$tab_array[] = array(gettext("Rules"), true, "snort/snort_{$snortIf}/snort_rules_{$snortIf}.php");
+ \$tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0");
+ \$tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml");
+ \$tab_array[] = array(gettext("Barnyard2"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0");
+ display_top_tabs(\$tab_array);
+
+echo "</td>\n
+ </tr>\n
+ <tr>\n
+ <td>\n
+ <div id=\"mainarea\">\n
+ <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+ <tr>\n
+ <td>\n
+# The rules directory is empty.\n
+ </td>\n
+ </tr>\n
+ </table>\n
+ </div>\n
+ </td>\n
+ </tr>\n
+</table>\n
+\n
+</form>\n
+\n
+<p>\n\n";
+
+echo "Please click on the Update Rules tab to install your selected rule sets.";
+include("fend.inc");
+
+echo "</body>";
+echo "</html>";
+
+exit(0);
+
+}
+
+function get_middle(\$source, \$beginning, \$ending, \$init_pos) {
+ \$beginning_pos = strpos(\$source, \$beginning, \$init_pos);
+ \$middle_pos = \$beginning_pos + strlen(\$beginning);
+ \$ending_pos = strpos(\$source, \$ending, \$beginning_pos);
+ \$middle = substr(\$source, \$middle_pos, \$ending_pos - \$middle_pos);
+ return \$middle;
+}
+
+function write_rule_file(\$content_changed, \$received_file)
+{
+ conf_mount_rw();
+
+ //read snort file with writing enabled
+ \$filehandle = fopen(\$received_file, "w");
+
+ //delimiter for each new rule is a new line
+ \$delimiter = "\n";
+
+ //implode the array back into a string for writing purposes
+ \$fullfile = implode(\$delimiter, \$content_changed);
+
+ //write data to file
+ fwrite(\$filehandle, \$fullfile);
+
+ //close file handle
+ fclose(\$filehandle);
+
+ conf_mount_rw();
+}
+
+function load_rule_file(\$incoming_file)
+{
+
+ //read snort file
+ \$filehandle = fopen(\$incoming_file, "r");
+
+ //read file into string, and get filesize
+ \$contents = fread(\$filehandle, filesize(\$incoming_file));
+
+ //close handler
+ fclose (\$filehandle);
+
+ //string for populating category select
+ \$currentruleset = substr(\$file, 27);
+
+ //delimiter for each new rule is a new line
+ \$delimiter = "\n";
+
+ //split the contents of the string file into an array using the delimiter
+ \$splitcontents = explode(\$delimiter, \$contents);
+
+ return \$splitcontents;
+
+}
+
+\$ruledir = "/usr/local/etc/snort_{$snortIf}/rules_{$snortIf}/";
+\$dh = opendir(\$ruledir);
+
+\$message_reload = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect.";
+
+while (false !== (\$filename = readdir(\$dh)))
+{
+ //only populate this array if its a rule file
+ \$isrulefile = strstr(\$filename, ".rules");
+ if (\$isrulefile !== false)
+ {
+ \$files[] = \$filename;
+ }
+}
+
+sort(\$files);
+
+if (\$_GET['openruleset'])
+{
+ \$file = \$_GET['openruleset'];
+}
+else
+{
+ \$file = \$ruledir.\$files[0];
+
+}
+
+//Load the rule file
+\$splitcontents = load_rule_file(\$file);
+
+if (\$_POST)
+{
+ if (!\$_POST['apply']) {
+ //retrieve POST data
+ \$post_lineid = \$_POST['lineid'];
+ \$post_enabled = \$_POST['enabled'];
+ \$post_src = \$_POST['src'];
+ \$post_srcport = \$_POST['srcport'];
+ \$post_dest = \$_POST['dest'];
+ \$post_destport = \$_POST['destport'];
+
+ //clean up any white spaces insert by accident
+ \$post_src = str_replace(" ", "", \$post_src);
+ \$post_srcport = str_replace(" ", "", \$post_srcport);
+ \$post_dest = str_replace(" ", "", \$post_dest);
+ \$post_destport = str_replace(" ", "", \$post_destport);
+
+ //copy rule contents from array into string
+ \$tempstring = \$splitcontents[\$post_lineid];
+
+ //search string
+ \$findme = "# alert"; //find string for disabled alerts
+
+ //find if alert is disabled
+ \$disabled = strstr(\$tempstring, \$findme);
+
+ //if find alert is false, then rule is disabled
+ if (\$disabled !== false)
+ {
+ //has rule been enabled
+ if (\$post_enabled == "yes")
+ {
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ \$tempstring = str_replace("# alert", "alert", \$tempstring);
+ \$counter2 = 1;
+ }
+ else
+ {
+ //rule is staying disabled
+ \$counter2 = 2;
+ }
+ }
+ else
+ {
+ //has rule been disabled
+ if (\$post_enabled != "yes")
+ {
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ \$tempstring = str_replace("alert", "# alert", \$tempstring);
+ \$counter2 = 2;
+ }
+ else
+ {
+ //rule is staying enabled
+ \$counter2 = 1;
+ }
+ }
+
+ //explode rule contents into an array, (delimiter is space)
+ \$rule_content = explode(' ', \$tempstring);
+
+ //insert new values
+ \$counter2++;
+ \$rule_content[\$counter2] = \$post_src;//source location
+ \$counter2++;
+ \$rule_content[\$counter2] = \$post_srcport;//source port location
+ \$counter2 = \$counter2+2;
+ \$rule_content[\$counter2] = \$post_dest;//destination location
+ \$counter2++;
+ \$rule_content[\$counter2] = \$post_destport;//destination port location
+
+ //implode the array back into string
+ \$tempstring = implode(' ', \$rule_content);
+
+ //copy string into file array for writing
+ \$splitcontents[\$post_lineid] = \$tempstring;
+
+ //write the new .rules file
+ write_rule_file(\$splitcontents, \$file);
+
+ //once file has been written, reload file
+ \$splitcontents = load_rule_file(\$file);
+
+ \$stopMsg = true;
+ }
+
+ if (\$_POST['apply']) {
+// stop_service("snort");
+// sleep(2);
+// start_service("snort");
+ \$savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab.";
+ \$stopMsg = false;
+ }
+
+}
+else if (\$_GET['act'] == "toggle")
+{
+ \$toggleid = \$_GET['id'];
+
+ //copy rule contents from array into string
+ \$tempstring = \$splitcontents[\$toggleid];
+
+ //explode rule contents into an array, (delimiter is space)
+ \$rule_content = explode(' ', \$tempstring);
+
+ //search string
+ \$findme = "# alert"; //find string for disabled alerts
+
+ //find if alert is disabled
+ \$disabled = strstr(\$tempstring, \$findme);
+
+ //if find alert is false, then rule is disabled
+ if (\$disabled !== false)
+ {
+ //rule has been enabled
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ \$tempstring = str_replace("# alert", "alert", \$tempstring);
+
+ }
+ else
+ {
+ //has rule been disabled
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ \$tempstring = str_replace("alert", "# alert", \$tempstring);
+
+ }
+
+ //copy string into array for writing
+ \$splitcontents[\$toggleid] = \$tempstring;
+
+ //write the new .rules file
+ write_rule_file(\$splitcontents, \$file);
+
+ //once file has been written, reload file
+ \$splitcontents = load_rule_file(\$file);
+
+ \$stopMsg = true;
+
+ //write disable/enable sid to config.xml
+ if (\$disabled == false) {
+ \$string_sid = strstr(\$tempstring, 'sid:');
+ \$sid_pieces = explode(";", \$string_sid);
+ \$sid_off_cut = \$sid_pieces[0];
+ // sid being turned off
+ \$sid_off = str_replace("sid:", "", \$sid_off_cut);
+ // rule_sid_on registers
+ \$sid_on_pieces = \$config['installedpackages']['snort']['rule_sid_on'];
+ // if off sid is the same as on sid remove it
+ \$sid_on_old = str_replace("||enablesid \$sid_off", "", "\$sid_on_pieces");
+ // write the replace sid back as empty
+ \$config['installedpackages']['snort']['rule_sid_on'] = \$sid_on_old;
+ // rule sid off registers
+ \$sid_off_pieces = \$config['installedpackages']['snort']['rule_sid_off'];
+ // if off sid is the same as off sid remove it
+ \$sid_off_old = str_replace("||disablesid \$sid_off", "", "\$sid_off_pieces");
+ // write the replace sid back as empty
+ \$config['installedpackages']['snort']['rule_sid_off'] = \$sid_off_old;
+ // add sid off registers to new off sid
+ \$config['installedpackages']['snort']['rule_sid_off'] = "||disablesid \$sid_off" . \$config['installedpackages']['snort']['rule_sid_off'];
+ write_config();
+ }
+ else
+ {
+ \$string_sid = strstr(\$tempstring, 'sid:');
+ \$sid_pieces = explode(";", \$string_sid);
+ \$sid_on_cut = \$sid_pieces[0];
+ // sid being turned off
+ \$sid_on = str_replace("sid:", "", \$sid_on_cut);
+ // rule_sid_off registers
+ \$sid_off_pieces = \$config['installedpackages']['snort']['rule_sid_off'];
+ // if off sid is the same as on sid remove it
+ \$sid_off_old = str_replace("||disablesid \$sid_on", "", "\$sid_off_pieces");
+ // write the replace sid back as empty
+ \$config['installedpackages']['snort']['rule_sid_off'] = \$sid_off_old;
+ // rule sid on registers
+ \$sid_on_pieces = \$config['installedpackages']['snort']['rule_sid_on'];
+ // if on sid is the same as on sid remove it
+ \$sid_on_old = str_replace("||enablesid \$sid_on", "", "\$sid_on_pieces");
+ // write the replace sid back as empty
+ \$config['installedpackages']['snort']['rule_sid_on'] = \$sid_on_old;
+ // add sid on registers to new on sid
+ \$config['installedpackages']['snort']['rule_sid_on'] = "||enablesid \$sid_on" . \$config['installedpackages']['snort']['rule_sid_on'];
+ write_config();
+ }
+
+}
+
+
+\$pgtitle = "Snort: Rules";
+require("guiconfig.inc");
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<?php
+if(!\$pgtitle_output)
+ echo "<p class=\"pgtitle\"><?=\$pgtitle?></p>";
+?>
+<form action="snort_rules.php" method="post" name="iform" id="iform">
+<?php if (\$savemsg){print_info_box(\$savemsg);} else if (\$stopMsg){print_info_box_np(\$message_reload);}?>
+<br>
+</form>
+<script type="text/javascript" language="javascript" src="row_toggle.js">
+ <script src="/javascript/sorttable.js" type="text/javascript">
+</script>
+
+<script language="javascript" type="text/javascript">
+<!--
+function go()
+{
+ var agt=navigator.userAgent.toLowerCase();
+ if (agt.indexOf("msie") != -1) {
+ box = document.forms.selectbox;
+ } else {
+ box = document.forms[1].selectbox;
+ }
+ destination = box.options[box.selectedIndex].value;
+ if (destination)
+ location.href = destination;
+}
+// -->
+</script>
+
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+<?php
+ \$tab_array = array();
+ \$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0");
+ \$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+ \$tab_array[] = array(gettext("Categories"), false, "snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php");
+ \$tab_array[] = array(gettext("Rules"), true, "snort/snort_{$snortIf}/snort_rules_{$snortIf}.php");
+ \$tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0");
+ \$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ \$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ \$tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml");
+ \$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ \$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs(\$tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="3%" class="list"> </td>
+ <td width="5%" class="listhdr">SID</td>
+ <td width="6%" class="listhdrr">Proto</td>
+ <td width="15%" class="listhdrr">Source</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="15%" class="listhdrr">Destination</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="32%" class="listhdrr">Message</td>
+
+ </tr>
+ <tr>
+ <?php
+
+ echo "<br>Category: ";
+
+ //string for populating category select
+ \$currentruleset = substr(\$file, 27);
+ ?>
+ <form name="forms">
+ <select name="selectbox" class="formfld" onChange="go()">
+ <?php
+ \$i=0;
+ foreach (\$files as \$value)
+ {
+ \$selectedruleset = "";
+ if (\$files[\$i] === \$currentruleset)
+ \$selectedruleset = "selected";
+ ?>
+ <option value="?&openruleset=<?=\$ruledir;?><?=\$files[\$i];?>" <?=\$selectedruleset;?>><?=\$files[\$i];?></option>"
+ <?php
+ \$i++;
+
+ }
+ ?>
+ </select>
+ </form>
+ </tr>
+ <?php
+
+ \$counter = 0;
+ \$printcounter = 0;
+
+ foreach ( \$splitcontents as \$value )
+ {
+
+ \$counter++;
+ \$disabled = "False";
+ \$comments = "False";
+
+ \$tempstring = \$splitcontents[\$counter];
+ \$findme = "# alert"; //find string for disabled alerts
+
+ //find alert
+ \$disabled_pos = strstr(\$tempstring, \$findme);
+
+
+ //do soemthing, this rule is enabled
+ \$counter2 = 1;
+
+ //retrieve sid value
+ \$sid = get_middle(\$tempstring, 'sid:', ';', 0);
+
+ //check to see if the sid is numberical
+ \$is_sid_num = is_numeric(\$sid);
+
+ //if SID is numerical, proceed
+ if (\$is_sid_num)
+ {
+
+ //if find alert is false, then rule is disabled
+ if (\$disabled_pos !== false){
+ \$counter2 = \$counter2+1;
+ \$textss = "<span class=\"gray\">";
+ \$textse = "</span>";
+ \$iconb = "icon_block_d.gif";
+ }
+ else
+ {
+ \$textss = \$textse = "";
+ \$iconb = "icon_block.gif";
+ }
+
+ \$rule_content = explode(' ', \$tempstring);
+
+ \$protocol = \$rule_content[\$counter2];//protocol location
+ \$counter2++;
+ \$source = \$rule_content[\$counter2];//source location
+ \$counter2++;
+ \$source_port = \$rule_content[\$counter2];//source port location
+ \$counter2 = \$counter2+2;
+ \$destination = \$rule_content[\$counter2];//destination location
+ \$counter2++;
+ \$destination_port = \$rule_content[\$counter2];//destination port location
+
+ \$message = get_middle(\$tempstring, 'msg:"', '";', 0);
+
+ echo "<tr>";
+ echo "<td class=\"listt\">";
+ echo \$textss;
+ ?>
+ <a href="?&openruleset=<?=\$file;?>&act=toggle&id=<?=\$counter;?>"><img src="./themes/<?= \$g['theme']; ?>/images/icons/<?=\$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
+ <?php
+ echo \$textse;
+ echo "</td>";
+
+
+ echo "<td class=\"listlr\">";
+ echo \$textss;
+ echo \$sid;
+ echo \$textse;
+ echo "</td>";
+
+ echo "<td class=\"listlr\">";
+ echo \$textss;
+ echo \$protocol;
+ \$printcounter++;
+ echo \$textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo \$textss;
+ echo \$source;
+ echo \$textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo \$textss;
+ echo \$source_port;
+ echo \$textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo \$textss;
+ echo \$destination;
+ echo \$textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo \$textss;
+ echo \$destination_port;
+ echo \$textse;
+ echo "</td>";
+ ?>
+ <td class="listbg"><font color="white">
+ <?php
+ echo \$textss;
+ echo \$message;
+ echo \$textse;
+ echo "</td>";
+ ?>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="snort_rules_edit.php?openruleset=<?=\$file;?>&id=<?=\$counter;?>"><img src="./themes/<?= \$g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ <?php
+ }
+ }
+ echo " ";
+ echo "There are ";
+ echo \$printcounter;
+ echo " rules in this category. <br><br>";
+ ?>
+ </table>
+ </td>
+ </tr>
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td width="16"><img src="./themes/<?= \$g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
+ <td>Rule Enabled</td>
+ </tr>
+ <tr>
+ <td><img src="./themes/<?= \$g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
+ <td nowrap>Rule Disabled</td>
+
+
+ </tr>
+ <tr>
+ <td colspan="10">
+ <p>
+ <!--<strong><span class="red">Warning:<br>
+ </span></strong>Editing these r</p>-->
+ </td>
+ </tr>
+ </table>
+ </table>
+
+ </td>
+ </tr>
+</table>
+
+
+<?php include("fend.inc"); ?>
+</div></body>
+</html>
+
+EOD;
+
+/* write out snort_rules_php */
+$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_rules_{$snortIf}.php", "w");
+if(!$bconf)
+{
+ log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_rules_{$snortIf}.php for writing.");
+ exit;
+ }
+ fwrite($bconf, $snort_rules_php_text);
+ fclose($bconf);
+
+ conf_mount_ro();
+
+ }
+}
+
+/* create snort_rules_edit.php for every interface selected */
+function create_snort_rules_edit_php()
+{
+include("filter.inc");
+include("config.inc");
+
+ global $bconfig, $bg;
+
+ conf_mount_rw();
+
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+
+ if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
+ $if = "ng0";
+ }
+
+ /* build a list of user specified interfaces -gtm */
+ if($if){
+ array_push($snortInterfaces, $if);
+ $first = 1;
+ }
+ }
+
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
+ }
+ }
+
+
+ foreach($snortInterfaces as $snortIf)
+ {
+
+$snort_rules_edit_php_text = <<<EOD
+<?php
+/* \$Id\$ */
+/*
+ snort_rules_edit.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ Copyright (C) 2004, 2005 Scott Robert Zelaya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function get_middle(\$source, \$beginning, \$ending, \$init_pos) {
+ \$beginning_pos = strpos(\$source, \$beginning, \$init_pos);
+ \$middle_pos = \$beginning_pos + strlen(\$beginning);
+ \$ending_pos = strpos(\$source, \$ending, \$beginning_pos);
+ \$middle = substr(\$source, \$middle_pos, \$ending_pos - \$middle_pos);
+ return \$middle;
+}
+
+
+\$file = \$_GET['openruleset'];
+
+//read snort file
+\$filehandle = fopen(\$file, "r");
+
+//get rule id
+\$lineid = \$_GET['id'];
+
+//read file into string, and get filesize
+\$contents = fread(\$filehandle, filesize(\$file));
+
+//close handler
+fclose (\$filehandle);
+
+//delimiter for each new rule is a new line
+\$delimiter = "\n";
+
+//split the contents of the string file into an array using the delimiter
+\$splitcontents = explode(\$delimiter, \$contents);
+
+//copy rule contents from array into string
+\$tempstring = \$splitcontents[\$lineid];
+
+//explode rule contents into an array, (delimiter is space)
+\$rule_content = explode(' ', \$tempstring);
+
+//search string
+\$findme = "# alert"; //find string for disabled alerts
+
+//find if alert is disabled
+\$disabled = strstr(\$tempstring, \$findme);
+
+//get sid
+\$sid = get_middle(\$tempstring, 'sid:', ';', 0);
+
+
+//if find alert is false, then rule is disabled
+if (\$disabled !== false)
+{
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ \$counter2 = 2;
+}
+else
+{
+ \$counter2 = 1;
+}
+
+
+\$protocol = \$rule_content[\$counter2];//protocol location
+\$counter2++;
+\$source = \$rule_content[\$counter2];//source location
+\$counter2++;
+\$source_port = \$rule_content[\$counter2];//source port location
+\$counter2++;
+\$direction = \$rule_content[\$counter2];
+\$counter2++;
+\$destination = \$rule_content[\$counter2];//destination location
+\$counter2++;
+\$destination_port = \$rule_content[\$counter2];//destination port location
+\$message = get_middle(\$tempstring, 'msg:"', '";', 0);
+
+\$content = get_middle(\$tempstring, 'content:"', '";', 0);
+\$classtype = get_middle(\$tempstring, 'classtype:', ';', 0);
+\$revision = get_middle(\$tempstring, 'rev:', ';',0);
+
+\$pgtitle = "Snort: Edit Rule";
+require("guiconfig.inc");
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("fbegin.inc"); ?>
+<?php
+if(!\$pgtitle_output)
+ echo "<p class=\"pgtitle\"><?=\$pgtitle?></p>";
+?>
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+<?php
+ \$tab_array = array();
+ \$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0");
+ \$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+ \$tab_array[] = array(gettext("Categories"), false, "snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php");
+ \$tab_array[] = array(gettext("Rules"), true, "snort/snort_{$snortIf}/snort_rules_{$snortIf}.php");
+ \$tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0");
+ \$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+ \$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ \$tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml");
+ \$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+ \$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs(\$tab_array);
+?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <form action="snort_rules.php?openruleset=<?=\$file;?>&id=<?=\$lineid;?>" target="" method="post" name="editform" id="editform">
+ <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listhdr" width="10%">Enabled: </td>
+ <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if (\$disabled === false) echo "checked";?>></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">SID: </td>
+ <td class="listlr" width="30%"><?php echo \$sid; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Protocol: </td>
+ <td class="listlr" width="30%"><?php echo \$protocol; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Source: </td>
+ <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo \$source;?>"></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Source Port: </td>
+ <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo \$source_port;?>"></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Direction:</td>
+ <td class="listlr" width="30%"><?php echo \$direction;?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Destination:</td>
+ <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo \$destination;?>"></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Destination Port: </td>
+ <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo \$destination_port;?>"></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Message: </td>
+ <td class="listlr" width="30%"><?php echo \$message; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Content: </td>
+ <td class="listlr" width="30%"><?php echo \$content; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Classtype: </td>
+ <td class="listlr" width="30%"><?php echo \$classtype; ?></td>
+ </tr>
+ <tr>
+ <td class="listhdr" width="10%">Revision: </td>
+ <td class="listlr" width="30%"><?php echo \$revision; ?></td>
+ </tr>
+ <tr><td> </td></tr>
+ <tr>
+ <td><input name="lineid" type="hidden" value="<?=\$lineid;?>"></td>
+ <td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">   <input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td>
+ </tr>
+ </table>
+ </form>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+
+<?php include("fend.inc"); ?>
+</div></body>
+</html>
+
+EOD;
+
+/* write out snort_rules_edit_php */
+$bconf = fopen("/usr/local/pkg/snort/snort_{$snortIf}/snort_rules_edit_{$snortIf}.php", "w");
+if(!$bconf)
+{
+ log_error("Could not open /usr/local/pkg/snort/snort_{$snortIf}/snort_rules_edit_{$snortIf}.php for writing.");
+ exit;
+ }
+ fwrite($bconf, $snort_rules_edit_php_text);
+ fclose($bconf);
+
+ conf_mount_ro();
+
+ }
+}
+
+
+create_snort_xml();
+
+create_snort_barnyard2_xml();
+
+create_snort_define_servers_xml();
+
+create_snort_threshold_xml();
+
+create_snort_rules_php();
+
+create_snort_rules_edit_php();
+
+?>
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php new file mode 100644 index 00000000..065ec0dc --- /dev/null +++ b/config/snort-dev/snort_interfaces.php @@ -0,0 +1,296 @@ +<?php
+/* $Id$ */
+/*
+ snort_interfaces.php
+ Copyright (C) 2004 Scott Ullrich
+ Copyright (C) 2004 Robert Zelaya
+ All rights reserved.
+
+ originally part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']))
+ $config['installedpackages']['snortglobal'] = array();
+
+$a_nat = &$config['installedpackages']['snortglobal'];
+
+/* if a custom message has been passed along, lets process it */
+if ($_GET['savemsg'])
+ $savemsg = $_GET['savemsg'];
+
+if ($_POST) {
+
+ $pconfig = $_POST;
+
+ if ($_POST['apply']) {
+
+ write_config();
+
+ $retval = 0;
+
+ if(stristr($retval, "error") <> true)
+ $savemsg = get_std_save_message($retval);
+ else
+ $savemsg = $retval;
+
+ unlink_if_exists("/tmp/config.cache");
+ $retval |= filter_configure();
+
+ if ($retval == 0) {
+ if (file_exists($d_natconfdirty_path))
+ unlink($d_natconfdirty_path);
+ if (file_exists($d_filterconfdirty_path))
+ unlink($d_filterconfdirty_path);
+ }
+
+ }
+}
+
+if (isset($_POST['del_x'])) {
+ /* delete selected rules */
+ if (is_array($_POST['rule']) && count($_POST['rule'])) {
+ foreach ($_POST['rule'] as $rulei) {
+ $target = $rule['target'];
+ $helpers = exec("/bin/ps awwux | grep pftpx | grep \"{$target}\" | grep -v grep | awk '{ print \$2 }'");
+ if($helpers) {
+ /* kill ftp proxy helper */
+ mwexec("/bin/kill {$helpers}");
+ }
+ unset($a_nat[$rulei]);
+ }
+ write_config();
+ touch($d_natconfdirty_path);
+ header("Services: snort_interfaces.php");
+ exit;
+ }
+
+} else {
+ /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
+ unset($movebtn);
+ foreach ($_POST as $pn => $pd) {
+ if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
+ $movebtn = $matches[1];
+ break;
+ }
+ }
+ /* move selected rules before this rule */
+ if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
+ $a_nat_new = array();
+
+ /* copy all rules < $movebtn and not selected */
+ for ($i = 0; $i < $movebtn; $i++) {
+ if (!in_array($i, $_POST['rule']))
+ $a_nat_new[] = $a_nat[$i];
+ }
+
+ /* copy all selected rules */
+ for ($i = 0; $i < count($a_nat); $i++) {
+ if ($i == $movebtn)
+ continue;
+ if (in_array($i, $_POST['rule']))
+ $a_nat_new[] = $a_nat[$i];
+ }
+
+ /* copy $movebtn rule */
+ if ($movebtn < count($a_nat))
+ $a_nat_new[] = $a_nat[$movebtn];
+
+ /* copy all rules > $movebtn and not selected */
+ for ($i = $movebtn+1; $i < count($a_nat); $i++) {
+ if (!in_array($i, $_POST['rule']))
+ $a_nat_new[] = $a_nat[$i];
+ }
+ $a_nat = $a_nat_new;
+ write_config();
+ touch($d_natconfdirty_path);
+ header("Services: snort_interfaces.php");
+ exit;
+ }
+}
+
+$pgtitle = "Services: Snort 2.8.4.1_5 pkg v. 1.7";
+include("head.inc");
+
+?>
+<body link="#000000" vlink="#000000" alink="#000000">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></font></p>
+<form action="snort_interfaces.php" method="post" name="iform">
+<script type="text/javascript" language="javascript" src="row_toggle.js">
+</script>
+<?php if (file_exists($d_natconfdirty_path)): ?><p>
+<?php
+ if($savemsg)
+ print_info_box_np("{$savemsg}<br>The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");
+ else
+ print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");
+?>
+<?php endif; ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Interfaces", true, "snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "snort_interfaces.php");
+ $tab_array[] = array("Rules Update", false, "firewall_nat_1to1.php");
+ $tab_array[] = array("Alerts", false, "firewall_nat_out.php");
+ $tab_array[] = array("Blocked", false, "firewall_nat_out.php");
+ $tab_array[] = array("Help & Info", false, "firewall_nat_out.php");
+ display_top_tabs($tab_array);
+?>
+ </td></tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="3%" class="list"> </td>
+ <td width="3%" class="list"> </td>
+ <td width="5%" class="listhdrr">If</td>
+ <td width="5%" class="listhdrr">Inline</td>
+ <td width="5%" class="listhdrr">Inline port</td>
+ <td width="15%" class="listhdrr">Inline port range</td>
+ <td width="5%" class="listhdrr">Block Hosts</td>
+ <td width="5%" class="listhdrr">Barnyard2</td>
+ <td width="15%" class="listhdr">Description</td>
+ <td width="5%" class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td><a href="/snort_interfaces_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
+ <tr valign="top" id="fr<?=$nnats;?>">
+ <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td>
+ <td class="listt" align="center"></td>
+ <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ echo "WAN";
+ else if(strtolower($natent['interface']) == "lan")
+ echo "LAN";
+ else if(strtolower($natent['interface']) == "pppoe")
+ echo "PPPoE";
+ else if(strtolower($natent['interface']) == "pptp")
+ echo "PPTP";
+ else
+ echo strtoupper($config['interfaces'][$natent['interface']]['descr']);
+ ?>
+ </td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?=strtoupper($natent['protocol']);?>
+ </td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ list($beginport, $endport) = split("-", $natent['external-port']);
+ if ((!$endport) || ($beginport == $endport)) {
+ echo $beginport;
+ if ($wkports[$beginport])
+ echo " (" . $wkports[$beginport] . ")";
+ else
+ echo " ";
+ } else
+ echo $beginport . " - " . $endport;
+ ?>
+ </td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?=$natent['target'];?>
+ <?php if ($natent['external-address'])
+ echo "<br>(ext.: " . $natent['external-address'] . ")";
+ else
+ echo "<br>(ext.: " . find_interface_ip(convert_friendly_interface_to_real_interface_name($natent['interface'])) . ")";
+ ?>
+ </td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php if ((!$endport) || ($beginport == $endport)) {
+ echo $natent['local-port'];
+ if ($wkports[$natent['local-port']])
+ echo " (" . $wkports[$natent['local-port']] . ")";
+ else
+ echo " ";
+ } else
+ echo $natent['local-port'] . " - " .
+ ($natent['local-port']+$endport-$beginport);
+ ?>
+ </td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?=strtoupper($natent['protocol']);?>
+ </td>
+ <td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <font color="#ffffff">
+ <?=htmlspecialchars($natent['descr']);?>
+ </td>
+ <td valign="middle" class="list" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a></td>
+ </tr>
+ <tr>
+ <td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="move selected rules before this rule" height="17" type="image" width="17" border="0"></td>
+ <td><a href="snort_interfaces_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add a new nat based on this one" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </tr>
+ <?php $i++; $nnats++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="8"></td>
+ <td class="list" valign="middle" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php endif; ?></td>
+ <td><a href="snort_interfaces_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <tr>
+ <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected mappings?')"><?php endif; ?></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+ <td class="tabcont" colspan="3">
+ <p><span class="vexpl"><span class="red"><strong>Note:<br></strong></span>Snort Inline mode is disabled and in private testing. Snort Inline release target is pfSense 2.0.</span></p>
+ </td>
+
+
+<?php
+if ($pkg['tabs'] <> "") {
+ echo "</td></tr></table>";
+}
+?>
+
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php new file mode 100644 index 00000000..4ee9203e --- /dev/null +++ b/config/snort-dev/snort_interfaces_edit.php @@ -0,0 +1,402 @@ +<?php +/* $Id$ */ +/* + firewall_nat_edit.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2003-2004 Robert Zelaya + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + +if (isset($id) && $a_nat[$id]) { + $pconfig['proto'] = $a_nat[$id]['protocol']; + list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']); + $pconfig['localip'] = $a_nat[$id]['target']; + $pconfig['localbeginport'] = $a_nat[$id]['local-port']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['block'] = isset($a_nat[$id]['block']); + $pconfig['inline'] = isset($a_nat[$id]['inline']); + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; +} else { + $pconfig['interface'] = "wan"; +} + +if (isset($_GET['dup'])) + unset($id); + +if ($_POST) { + + if ($_POST['beginport_cust'] && !$_POST['beginport']) + $_POST['beginport'] = $_POST['beginport_cust']; + if ($_POST['endport_cust'] && !$_POST['endport']) + $_POST['endport'] = $_POST['endport_cust']; + if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) + $_POST['localbeginport'] = $_POST['localbeginport_cust']; + + if (!$_POST['endport']) + $_POST['endport'] = $_POST['beginport']; + /* Make beginning port end port if not defined and endport is */ + if (!$_POST['beginport'] && $_POST['endport']) + $_POST['beginport'] = $_POST['endport']; + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { + $reqdfields = explode(" ", "interface proto beginport endport localip localbeginport"); + $reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port"); + } else { + $reqdfields = explode(" ", "interface proto localip"); + $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP"); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + +// if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { +// $input_errors[] = "\"{$_POST['localip']}\" is not valid subnet address."; +// } + + /* only validate the ports if the protocol is TCP, UDP or TCP/UDP */ + if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { + + if (($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport']))) { + $input_errors[] = "The start port must be an integer between 1 and 65535."; + } + + if (($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport']))) { + $input_errors[] = "The end port must be an integer between 1 and 65535."; + } + + if (($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport']))) { + $input_errors[] = "The local port must be an integer between 1 and 65535."; + } + + if ($_POST['beginport'] > $_POST['endport']) { + /* swap */ + $tmp = $_POST['endport']; + $_POST['endport'] = $_POST['beginport']; + $_POST['beginport'] = $tmp; + } + + if (!$input_errors) { + if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535) + $input_errors[] = "The target port range must be an integer between 1 and 65535."; + } + + } + + /* check for overlaps */ + foreach ($a_nat as $natent) { + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + continue; + if ($natent['interface'] != $_POST['interface']) + continue; + if ($natent['external-address'] != $_POST['extaddr']) + continue; + if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) + continue; + + list($begp,$endp) = explode("-", $natent['external-port']); + if (!$endp) + $endp = $begp; + + if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) + || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { + + $input_errors[] = "The external port range overlaps with an existing entry."; + break; + } + } + + if (!$input_errors) { + $natent = array(); + if ($_POST['extaddr']) + $natent['external-address'] = $_POST['extaddr']; + $natent['protocol'] = $_POST['proto']; + + if ($_POST['beginport'] == $_POST['endport']) + $natent['external-port'] = $_POST['beginport']; + else + $natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport']; + + $natent['target'] = $_POST['localip']; + $natent['local-port'] = $_POST['localbeginport']; + $natent['interface'] = $_POST['interface']; + $natent['descr'] = $_POST['descr']; + + if($_POST['block'] == "yes") + $natent['block'] = true; + else + unset($natent['block']); + + if($_POST['inline'] == "yes") + $natent['inline'] = true; + else + unset($natent['inline']); + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + header("Location: snort_interfaces.php"); + exit; + } +} + +$pgtitle = "Services: Snort Interfaces"; +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="snort_interfaces_edit.php" method="post" name="iform" id="iform"> + <tr><td> +<?php + if($id != "") { + + /* get the interface name */ + $first = 0; + $snortInterfaces = array(); /* -gtm */ + + $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_array = split(',', $if_list); + //print_r($if_array); + if($if_array) { + foreach($if_array as $iface2) { + $if2 = convert_friendly_interface_to_real_interface_name($iface2); + + if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") { + $if2 = "ng0"; + } + + /* build a list of user specified interfaces -gtm */ + if($if2){ + array_push($snortInterfaces, $if2); + $first = 1; + } + } + + if (count($snortInterfaces) < 1) { + log_error("Snort will not start. You must select an interface for it to listen on."); + return; + } + } + foreach($snortInterfaces as $snortIf) + + $tab_array = array(); + $tab_array[] = array("Interfaces", false, "snort_interfaces.php"); + $tab_array[] = array("Settings", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0"); + $tab_array[] = array("Categories", false, "snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php"); + $tab_array[] = array("Rules", false, "snort/snort_{$snortIf}/snort_rules_{$snortIf}.php"); + $tab_array[] = array("Servers", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0"); + $tab_array[] = array("Threshold", false, "/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml"); + $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0"); + display_top_tabs($tab_array); + + } +?> + </td></tr> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vncellreq">Interface</td> + <td width="78%" class="vtable"> + <select name="interface" class="formfld"> + <?php + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose which interface this rule applies to.<br> + Hint: in most cases, you'll want to use WAN here.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Block all offenders</td> + <td width="78%" class="vtable"> + <input type="checkbox" value="yes" name="block"<?php if($pconfig['block']) echo " CHECKED"; ?>><br> + HINT: Block all offenders that trigger an alert on the selected interface. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Enable Inline Mode</td> + <td width="78%" class="vtable"> + <input type="checkbox" value="yes" name="inline"<?php if($pconfig['inline']) echo " CHECKED"; ?>><br> + HINT: This will enable Snort Inline mode on the selected interafce. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Inline listening port </td> + <td width="78%" class="vtable"> + <select name="localbeginport" class="formfld" onChange="ext_change();check_for_aliases();"> + <option value="">(other)</option> + <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> + <?php endforeach; ?> + </select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['localbeginport']; ?>"> + <br> + <span class="vexpl">Specify the port Snort Inline should lissten on.<br> + Hint: Never enter a port that is already being used by the system.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Inline Divert Protocol</td> + <td width="78%" class="vtable"> + <select name="proto" class="formfld" onChange="proto_change(); check_for_aliases();"> + <?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP All"); foreach ($protocols as $proto): ?> + <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option> + <?php endforeach; ?> + </select> <br> <span class="vexpl">Choose which IP protocol Snort Inline should divert.<br> + Hint: in most cases, you should specify <em>All</em> here.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Inline Divert External port range </td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>from: </td> + <td><select name="beginport" class="formfld" onChange="ext_rep_change(); ext_change(); check_for_aliases();"> + <option value="">(other)</option> + <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['beginport']) { + echo "selected"; + $bfound = 1; + }?>> + <?=htmlspecialchars($wkportdesc);?> + </option> + <?php endforeach; ?> + </select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="beginport_cust" id="beginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['beginport']; ?>"></td> + </tr> + <tr> + <td>to:</td> + <td><select name="endport" class="formfld" onChange="ext_change(); check_for_aliases();"> + <option value="">(other)</option> + <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['endport']) { + echo "selected"; + $bfound = 1; + }?>> + <?=htmlspecialchars($wkportdesc);?> + </option> + <?php endforeach; ?> + </select> <input onChange="check_for_aliases();" class="formfldalias" autocomplete='off' name="endport_cust" id="endport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['endport']; ?>"></td> + </tr> + </table> + <br> <span class="vexpl">Specify the port or port range Snort Inline should divert on the firewall's external address.<br> + Hint: you can leave the <em>'to'</em> field empty if you only want to divert a single port<br> + Hint: you can leave from and to empty to divert all ports.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Inline IP Subnet</td> + <td width="78%" class="vtable"> + <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> + <br> <span class="vexpl">Enter the internal IP subnet address you wish to sniff. Leave blank for all.<br> + e.g. <em>192.168.1.0/24</em></span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Description</td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br> <span class="vexpl">You may enter a description here + for your reference (not parsed).</span></td> + </tr> + <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']))): ?> + <?php endif; ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + </table> +</form> +<script language="JavaScript"> +<!-- + ext_change(); +//--> +</script> +<?php +$isfirst = 0; +$aliases = ""; +$addrisfirst = 0; +$aliasesaddr = ""; +if($config['aliases']['alias'] <> "") + foreach($config['aliases']['alias'] as $alias_name) { + if(!stristr($alias_name['address'], ".")) { + if($isfirst == 1) $aliases .= ","; + $aliases .= "'" . $alias_name['name'] . "'"; + $isfirst = 1; + } else { + if($addrisfirst == 1) $aliasesaddr .= ","; + $aliasesaddr .= "'" . $alias_name['name'] . "'"; + $addrisfirst = 1; + } + } +?> +<script language="JavaScript"> +<!-- + var addressarray=new Array(<?php echo $aliasesaddr; ?>); + var customarray=new Array(<?php echo $aliases; ?>); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> |