diff options
609 files changed, 25350 insertions, 66147 deletions
diff --git a/config/Fit123/fit123.inc b/config/Fit123/fit123.inc index f8e5bab3..b1338df2 100644 --- a/config/Fit123/fit123.inc +++ b/config/Fit123/fit123.inc @@ -33,24 +33,24 @@ function Fit123_install_config() { //Greate directories and downloading files to them //Date exec("mkdir /usr/local/pkg/Fit123/date"); - exec("fetch -o /usr/local/pkg/Fit123/date/index.php http://www.pfsense.com/packages/config/Fit123/bin/date/index.abc"); + exec("fetch -o /usr/local/pkg/Fit123/date/index.php https://packages.pfsense.org/packages/config/Fit123/bin/date/index.abc"); //Captive Portal Add-On exec("mkdir /usr/local/pkg/Fit123/cpaddon"); - exec("fetch -o /usr/local/pkg/Fit123/cpaddon/filter.inc http://www.pfsense.com/packages/config/Fit123/bin/cpaddon/filter.inc"); - exec("fetch -o /usr/local/pkg/Fit123/cpaddon/services_captiveportal.php http://www.pfsense.com/packages/config/Fit123/bin/cpaddon/services_captiveportal.abc"); + exec("fetch -o /usr/local/pkg/Fit123/cpaddon/filter.inc https://packages.pfsense.org/packages/config/Fit123/bin/cpaddon/filter.inc"); + exec("fetch -o /usr/local/pkg/Fit123/cpaddon/services_captiveportal.php https://packages.pfsense.org/packages/config/Fit123/bin/cpaddon/services_captiveportal.abc"); //LTSP 3th network boot Option exec("mkdir /usr/local/pkg/Fit123/LTSP"); - exec("fetch -o /usr/local/pkg/Fit123/LTSP/ http://www.pfsense.com/packages/config/Fit123/bin/ltsp/services.inc"); - exec("fetch -o /usr/local/pkg/Fit123/LTSP/services_dhcp.php http://www.pfsense.com/packages/config/Fit123/bin/ltsp/services_dhcp.abc"); + exec("fetch -o /usr/local/pkg/Fit123/LTSP/ https://packages.pfsense.org/packages/config/Fit123/bin/ltsp/services.inc"); + exec("fetch -o /usr/local/pkg/Fit123/LTSP/services_dhcp.php https://packages.pfsense.org/packages/config/Fit123/bin/ltsp/services_dhcp.abc"); //AFC Reset's states after filter change exec("mkdir /usr/local/pkg/Fit123/afc"); - exec("fetch -o /usr/local/pkg/Fit123/afc/reset_states.sh http://www.pfsense.com/packages/config/Fit123/bin/afc/reset_states.sh"); + exec("fetch -o /usr/local/pkg/Fit123/afc/reset_states.sh https://packages.pfsense.org/packages/config/Fit123/bin/afc/reset_states.sh"); exec("chmod 744 /usr/local/pkg/Fit123/afc/reset_states.sh"); //DDNS exec("mkdir /usr/local/pkg/Fit123/ddns"); //DNS Server adds option for a 3th and 4th DNS Server exec("mkdir /usr/local/pkg/Fit123/dnssrv"); - exec("fetch -o /usr/local/pkg/Fit123/dnssrv/system.php http://www.pfsense.com/packages/config/Fit123/bin/dnssrv/system.abc"); + exec("fetch -o /usr/local/pkg/Fit123/dnssrv/system.php https://packages.pfsense.org/packages/config/Fit123/bin/dnssrv/system.abc"); conf_mount_ro(); config_unlock(); } diff --git a/config/Fit123/fit123.xml b/config/Fit123/fit123.xml index fc7f85c3..0ff202f9 100644 --- a/config/Fit123/fit123.xml +++ b/config/Fit123/fit123.xml @@ -34,17 +34,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/Fit123/fit123.inc</item> + <item>https://packages.pfsense.org/packages/config/Fit123/fit123.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/Fit123/ddns.xml</item> + <item>https://packages.pfsense.org/packages/config/Fit123/ddns.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/Fit123/cass.xml</item> + <item>https://packages.pfsense.org/packages/config/Fit123/cass.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/anyterm/anyterm.inc b/config/anyterm/anyterm.inc index 12cf7c2c..5ec4e5f1 100644 --- a/config/anyterm/anyterm.inc +++ b/config/anyterm/anyterm.inc @@ -42,7 +42,7 @@ function anyterm_install() { // Grab latest version of executablevi / $freebsdv=trim(`uname -r | cut -d'.' -f1`); - `fetch -q -o /usr/local/sbin/ http://www.pfsense.org/packages/config/anyterm/binaries{$freebsdv}/anytermd`; + `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/anyterm/binaries{$freebsdv}/anytermd`; exec("chmod a+rx /usr/local/sbin/anytermd"); if($config['installedpackages']['anyterm']['config'][0]['username']) diff --git a/config/anyterm/anyterm.xml b/config/anyterm/anyterm.xml index e155696c..f3b78012 100644 --- a/config/anyterm/anyterm.xml +++ b/config/anyterm/anyterm.xml @@ -59,12 +59,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/anyterm/anyterm.inc</item> + <item>https://packages.pfsense.org/packages/config/anyterm/anyterm.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/anyterm/access_anyterm.php</item> + <item>https://packages.pfsense.org/packages/config/anyterm/access_anyterm.php</item> </additional_files_needed> <tabs> <tab> diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 31be95cf..2728e2e9 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -569,9 +569,14 @@ EOF; $vh_config.= " SSLCertificateKeyFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.key\n"; } } - $svr_ca =lookup_ca($virtualhost["reverse_int_ca"]); + $svr_ca =lookup_ca($virtualhost["ssl_cert_chain"]); if ($svr_ca != false) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); + file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); + $vh_config.= " SSLCertificateChainFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt\n"; + } + $cli_ca =lookup_ca($virtualhost["reverse_int_ca"]); + if ($cli_ca != false) { + file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX); $vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt\n"; } } diff --git a/config/apache_mod_security-dev/apache_mod_security_view_logs.php b/config/apache_mod_security-dev/apache_mod_security_view_logs.php index 669c71f4..68d41f59 100755 --- a/config/apache_mod_security-dev/apache_mod_security_view_logs.php +++ b/config/apache_mod_security-dev/apache_mod_security_view_logs.php @@ -38,8 +38,8 @@ require_once("/etc/inc/pkg-utils.inc"); require_once("/etc/inc/globals.inc"); require_once("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Apache Proxy: Logs"; diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php index 10bb1db6..3338d5f3 100644 --- a/config/apache_mod_security-dev/apache_view_logs.php +++ b/config/apache_mod_security-dev/apache_view_logs.php @@ -38,8 +38,8 @@ require_once("/etc/inc/functions.inc"); require_once("/etc/inc/pkg-utils.inc"); require_once("/etc/inc/globals.inc"); require_once("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Status: Apache VirtualHost Logs"; diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 747ef975..488eb822 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -52,77 +52,77 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security.inc</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security.template</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security.template</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_groups.xml</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_groups.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_view_logs.php</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_view_logs.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache.template</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache.template</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_balancer.template</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_balancer.template</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_balancer.xml</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_balancer.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_logs_data.php</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_logs_data.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_manipulation.xml</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_manipulation.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_view_logs.php</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_view_logs.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/apache_mod_security-dev/pkg_apache.inc</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/pkg_apache.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/apache_mod_security-dev/apache_location.xml</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_location.xml</item> </additional_files_needed> <tabs> <tab> @@ -267,9 +267,19 @@ <show_disable_value>none</show_disable_value> </field> <field> - <fielddescr>Intermediate CA certificate (optional)</fielddescr> + <fielddescr>HTTPS SSL certificate chain</fielddescr> + <fieldname>ssl_cert_chain</fieldname> + <description>Select intermediate CA assigned to server certificate. Not all certificates require this.</description> + <type>select_source</type> + <source><![CDATA[$config['ca']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + <show_disable_value>none</show_disable_value> + </field> + <field> + <fielddescr>Client certificates CA (optional)</fielddescr> <fieldname>reverse_int_ca</fieldname> - <description>Select intermediate CA assigned to certificate. Not all certificates require this.</description> + <description>Select CA assigned to client certificates.</description> <type>select_source</type> <source><![CDATA[$config['ca']]]></source> <source_name>descr</source_name> diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index af8159bf..8475ca50 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -105,19 +105,19 @@ function apache_mod_security_resync() { global $config, $g; apache_mod_security_install(); if(!file_exists(rules_directory . "/10_asl_rules.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/10_asl_rules.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/10_asl_rules.conf"); + exec("/usr/bin/fetch -q -o " . rules_directory . "/10_asl_rules.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/10_asl_rules.conf"); if(!file_exists(rules_directory . "/a_exclude.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/a_exclude.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/a_exclude.conf"); + exec("/usr/bin/fetch -q -o " . rules_directory . "/a_exclude.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/a_exclude.conf"); if(!file_exists(rules_directory . "/blacklist.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/blacklist.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/blacklist.conf"); + exec("/usr/bin/fetch -q -o " . rules_directory . "/blacklist.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/blacklist.conf"); if(!file_exists(rules_directory . "/default.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/rules/default.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/default.conf"); + exec("/usr/bin/fetch -q -o " . rules_directory . "/rules/default.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/default.conf"); if(!file_exists(rules_directory . "/recons.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/recons.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/recons.conf"); + exec("/usr/bin/fetch -q -o " . rules_directory . "/recons.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/recons.conf"); if(!file_exists(rules_directory . "/rootkits.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/rootkits.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/rootkits.conf"); + exec("/usr/bin/fetch -q -o " . rules_directory . "/rootkits.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/rootkits.conf"); if(!file_exists(rules_directory . "/useragents.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/useragents.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/useragents.conf"); + exec("/usr/bin/fetch -q -o " . rules_directory . "/useragents.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/useragents.conf"); apache_mod_security_checkconfig(); apache_mod_security_restart(); } diff --git a/config/apache_mod_security/apache_mod_security.xml b/config/apache_mod_security/apache_mod_security.xml index c42ebddf..0b973689 100644 --- a/config/apache_mod_security/apache_mod_security.xml +++ b/config/apache_mod_security/apache_mod_security.xml @@ -50,17 +50,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security.inc</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security_view_logs.php</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security_view_logs.php</item> </additional_files_needed> <tabs> <tab> diff --git a/config/apache_mod_security/apache_mod_security_view_logs.php b/config/apache_mod_security/apache_mod_security_view_logs.php index 921b44db..b2e60320 100644 --- a/config/apache_mod_security/apache_mod_security_view_logs.php +++ b/config/apache_mod_security/apache_mod_security_view_logs.php @@ -2,7 +2,7 @@ /* $Id$ */ /* apache_mod_security_view_logs.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009, 2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -40,8 +40,8 @@ if($_REQUEST['getactivity']) { exit; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: Mod_Security+Apache+Proxy: Logs"; diff --git a/config/apcupsd/apcupsd.conf.php b/config/apcupsd/apcupsd.conf.php index 6a19b915..7b6096bc 100644 --- a/config/apcupsd/apcupsd.conf.php +++ b/config/apcupsd/apcupsd.conf.php @@ -109,6 +109,7 @@ UPSCABLE {$upscable} # default of 3052 will be used. # UPSTYPE {$upstype} +{$device} # POLLTIME <int> # Interval (in seconds) at which apcupsd polls the UPS for status. This @@ -121,7 +122,7 @@ POLLTIME {$polltime} # LOCKFILE <path to lockfile> # Path for device lock file. Not used on Win32. -LOCKFILE /var/spool/lock +LOCKFILE {$lockfile} # SCRIPTDIR <path to script directory> # Directory in which apccontrol and event scripts are located. diff --git a/config/apcupsd/apcupsd.inc b/config/apcupsd/apcupsd.inc index 9abc23ba..3340738a 100644 --- a/config/apcupsd/apcupsd.inc +++ b/config/apcupsd/apcupsd.inc @@ -39,6 +39,7 @@ require_once("globals.inc"); function php_install_apcupsd(){ sync_package_apcupsd(); + apccontrol_scripts_install(); } function php_deinstall_apcupsd(){ @@ -138,6 +139,7 @@ function sync_package_apcupsd(){ $upsname=$apcupsd_config['upsname']; $upscable=$apcupsd_config['upscable']; $upstype=$apcupsd_config['upstype']; + $device=($apcupsd_config['device'] != ''? "DEVICE {$apcupsd_config['device']}" : "#DEVICE"); $polltime=($apcupsd_config['polltime'] != ''? $apcupsd_config['polltime'] : "60"); $onbatterydelay=($apcupsd_config['onbatterydelay'] != ''? $apcupsd_config['onbatterydelay'] : "6"); $batterylevel=($apcupsd_config['batterylevel'] != ''? $apcupsd_config['batterylevel'] : "5"); @@ -151,6 +153,7 @@ function sync_package_apcupsd(){ $nisport=($apcupsd_config['nisport'] != ''? $apcupsd_config['nisport'] : "3551"); $upsclass=$apcupsd_config['upsclass']; $upsmode=$apcupsd_config['upsmode']; + $lockfile=($apcupsd_config['lockfile'] != ''? $apcupsd_config['lockfile'] : "/var/tmp"); include("/usr/local/pkg/apcupsd.conf.php"); file_put_contents(APCUPSD_BASE . "/etc/apcupsd/apcupsd.conf", $apcupsdconf, LOCK_EX); @@ -161,6 +164,12 @@ function sync_package_apcupsd(){ $apcupsd_rcfile="/usr/local/etc/rc.d/apcupsd.sh"; if (is_array($apcupsd_config) && $apcupsd_config['apcupsdenabled']=="on"){ $apcupsd_start = "echo \"Starting APC UPS Daemon...\"\n"; + $apcupsd_start .= " if [ ! -d {$lockfile} ]; then \n"; + $apcupsd_start .= " /bin/mkdir -p {$lockfile} \n"; + $apcupsd_start .= " fi \n"; + $apcupsd_start .= " if [ -f {$lockfile}/LCK.. ]; then \n"; + $apcupsd_start .= " /bin/rm -f {$lockfile}/LCK.. \n"; + $apcupsd_start .= " fi \n"; if ($apcupsd_config['killonpowerfail']=="on"){ $apcupsd_start .= " " . APCUPSD_BASE . "/sbin/apcupsd --kill-on-powerfail"; }else{ @@ -185,7 +194,37 @@ function sync_package_apcupsd(){ unlink($apcupsd_rcfile); } } - + conf_mount_ro(); } + +function apccontrol_scripts_install(){ + + // check pfsense version + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + if ($pfs_version > 2.0){ + define('APCUPSD_BASE', '/usr/pbi/apcupsd-' . php_uname("m")); + } + else { + define('APCUPSD_BASE', '/usr/local'); + } + + $apccontrol_scripts = array("offbattery","onbattery","commfailure","commok","changeme"); + foreach($apccontrol_scripts as $apccontrol_script) { + + $apccontrol_script_file=<<<EOF +#!/bin/sh + +/usr/local/bin/php -f /usr/local/pkg/apcupsd_mail.php {$apccontrol_script} > /dev/null + +exit 0 + +EOF; + + file_put_contents(APCUPSD_BASE . "/etc/apcupsd/" . $apccontrol_script, $apccontrol_script_file, LOCK_EX); + } + +} + ?> + diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml index 8674af61..3ed95a7a 100644 --- a/config/apcupsd/apcupsd.xml +++ b/config/apcupsd/apcupsd.xml @@ -40,23 +40,28 @@ <name>Apcupsd</name> <title>Services: Apcupsd (General)</title> <category>Monitoring</category> - <version>0.1</version> + <version>0.3</version> <include_file>/usr/local/pkg/apcupsd.inc</include_file> <addedit_string>Apcupsd has been created/modified.</addedit_string> <delete_string>Apcupsd has been deleted.</delete_string> <restart_command>/usr/local/etc/rc.d/apcupsd.sh restart</restart_command> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd.inc</item> + <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd_status.php</item> + <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd_status.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd.conf.php</item> + <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.conf.php</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd_mail.php</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> @@ -152,12 +157,6 @@ UPSTYPE DEVICE Description <br> catching; you usually want "APC". Port is usually 161. Community is usually "private".<br> <br> -<strong>netsnmp hostname:port:vendor:community</strong> - OBSOLETE - Same as SNMP above but requires use of the - net-snmp library. Unless you have a specific need - for this old driver, you should use 'snmp' instead.<br> -<br> <strong>dumb /dev/tty**</strong> Old serial character device for use with simple-signaling UPSes.<br> <br> @@ -178,6 +177,13 @@ UPSTYPE DEVICE Description <br> <required>true</required> </field> <field> + <fielddescr>Device</fielddescr> + <fieldname>device</fieldname> + <description></description> + <type>input</type> + <size>60</size> + </field> + <field> <fielddescr>Poll Time</fielddescr> <fieldname>polltime</fieldname> <description>Interval (in seconds) at which apcupsd polls the UPS for status. Default is 60</description> @@ -192,6 +198,13 @@ UPSTYPE DEVICE Description <br> <type>checkbox</type> </field> <field> + <fielddescr>Lock File</fielddescr> + <fieldname>lockfile</fieldname> + <description>Path for device lock file. Default is /var/tmp</description> + <type>input</type> + <size>60</size> + </field> + <field> <name>Configuration parameters used during power failures</name> <type>listtopic</type> </field> @@ -322,7 +335,7 @@ UPSTYPE DEVICE Description <br> </options> </field> </fields> - <custom_php_install_command>sync_package_apcupsd();</custom_php_install_command> + <custom_php_install_command>php_install_apcupsd();</custom_php_install_command> <custom_php_command_before_form></custom_php_command_before_form> <custom_php_after_head_command></custom_php_after_head_command> <custom_php_after_form_command></custom_php_after_form_command> diff --git a/config/apcupsd/apcupsd_mail.php b/config/apcupsd/apcupsd_mail.php new file mode 100755 index 00000000..d5b97f92 --- /dev/null +++ b/config/apcupsd/apcupsd_mail.php @@ -0,0 +1,95 @@ +<?php +/* + apcupsd_mail.php + part of pfSense (https://www.pfsense.org/) + Copyright (C) 2014 Danilo G. Baio <dbaio@bsd.com.br> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("pkg-utils.inc"); +require_once("globals.inc"); +require_once("phpmailer/class.phpmailer.php"); + +global $config, $g; + +$apcstatus[killpower] = "UPS now committed to shut down"; +$apcstatus[commfailure] = "Communications with UPS lost"; +$apcstatus[commok] = "Communications with UPS restored"; +$apcstatus[onbattery] = "Power failure. Running on UPS batteries"; +$apcstatus[offbattery] = "Power has returned..."; +$apcstatus[failing] = "UPS battery power exhausted. Doing shutdown"; +$apcstatus[timeout] = "UPS battery runtime limit exceeded. Doing shutdown"; +$apcstatus[loadlimit] = "UPS battery discharge limit reached. Doing shutdown"; +$apcstatus[runlimit] = "UPS battery runtime percent reached. Doing shutdown"; +$apcstatus[doreboot] = "Beginning Reboot Sequence"; +$apcstatus[doshutdown] = "Beginning Shutdown Sequence"; +$apcstatus[annoyme] = "Power problems please logoff"; +$apcstatus[emergency] = "Emergency Shutdown. Possible UPS battery failure"; +$apcstatus[changeme] = "Emergency! UPS batteries have failed. Change them NOW"; +$apcstatus[remotedown] = "Remote Shutdown. Beginning Shutdown Sequence"; + +if (empty($argv[1]) || empty($apcstatus["$argv[1]"])) + return; + +$apcsubject = $apcstatus["$argv[1]"]; + +if (empty($config['notifications']['smtp']['ipaddress'])) + return; + +$mail = new PHPMailer(); +$mail->IsSMTP(); +$mail->Host = $config['notifications']['smtp']['ipaddress']; + +if ($config['notifications']['smtp']['ssl'] == "checked") + $mail->SMTPSecure = "ssl"; + +$mail->Port = empty($config['notifications']['smtp']['port']) ? 25 : $config['notifications']['smtp']['port']; + +if($config['notifications']['smtp']['username'] && + $config['notifications']['smtp']['password']) { + $mail->SMTPAuth = true; + $mail->Username = $config['notifications']['smtp']['username']; + $mail->Password = $config['notifications']['smtp']['password']; +} + +$mail->ContentType = 'text/html'; +$mail->IsHTML(true); +$mail->AddReplyTo($config['notifications']['smtp']['fromaddress'], "Apcupsd"); +$mail->SetFrom($config['notifications']['smtp']['fromaddress'], "Apcupsd"); +$address = $config['notifications']['smtp']['notifyemailaddress']; +$mail->AddAddress($address, "Apcupsd Recipient"); +$mail->Subject = "{$config['system']['hostname']}.{$config['system']['domain']} - {$apcsubject}"; + +putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); +$mail->Body = "<pre>"; +$ph = popen('apcaccess status 2>&1', "r" ); +while ($line = fgets($ph)) $mail->Body .= htmlspecialchars($line); +pclose($ph); +$mail->Body .= "</pre>"; + +if(!$mail->Send()) { + echo "Mailer Error: " . $mail->ErrorInfo; +} + +?> diff --git a/config/apcupsd/apcupsd_status.php b/config/apcupsd/apcupsd_status.php index e465f62c..693ec290 100755 --- a/config/apcupsd/apcupsd_status.php +++ b/config/apcupsd/apcupsd_status.php @@ -1,7 +1,7 @@ <?php /* apcupsd_status.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 Danilo G. Baio <dbaio@bsd.com.br> All rights reserved. @@ -29,9 +29,8 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); - -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: Apcupsd (Status)"; diff --git a/config/archive/assp.xml b/config/archive/assp.xml index 94f35b2e..626b2438 100644 --- a/config/archive/assp.xml +++ b/config/archive/assp.xml @@ -61,7 +61,7 @@ <executable>perl</executable> </service> <additional_files_needed> - <item>http://www.pfsense.com/packages/All/assp-1.0.tgz</item> + <item>https://www.pfsense.org/packages/All/assp-1.0.tgz</item> </additional_files_needed> <custom_php_install_command> $start = "/usr/bin/perl /usr/local/assp/assp.pl &\necho $! > /var/run/assp.pid"; diff --git a/config/archive/clamsmtp.xml b/config/archive/clamsmtp.xml index 16bb5d6d..4f2bf443 100644 --- a/config/archive/clamsmtp.xml +++ b/config/archive/clamsmtp.xml @@ -56,12 +56,12 @@ <description>SMTP virus scanner.</description> </service> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/clamsmtp.inc</item> + <item>https://packages.pfsense.org/packages/config/clamsmtp.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/All/clamsmtpd</item> + <item>https://www.pfsense.org/packages/All/clamsmtpd</item> </additional_files_needed> <custom_php_install_command> clamsmtp_install_command(); diff --git a/config/archive/doorman.xml b/config/archive/doorman.xml index 64f35087..c2a5f18e 100644 --- a/config/archive/doorman.xml +++ b/config/archive/doorman.xml @@ -74,7 +74,7 @@ </tabs> <configpath>installedpackages->package->$packagename->configuration->settings</configpath> <additional_files_needed> - <item>http://www.pfsense.com/packages/config/doormanusers.xml</item> + <item>https://packages.pfsense.org/packages/config/doormanusers.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/archive/dspam/conf.default/config.xml b/config/archive/dspam/conf.default/config.xml index 4b33662e..9aabd08e 100644 --- a/config/archive/dspam/conf.default/config.xml +++ b/config/archive/dspam/conf.default/config.xml @@ -849,9 +849,9 @@ <version>0.1</version> <status>ALPHA</status> <maintainer>fernando@netfilter.com.br</maintainer> - <depends_on_package_base_url>http://www.pfsense.com/packages/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://www.pfsense.org/packages/All/</depends_on_package_base_url> <depends_on_package>p3scan-pf-2.3.2.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/p3scan-pf/p3scan-pf.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf.xml</config_file> <configurationfile>p3scan-pf.xml</configurationfile> </package> <package> @@ -898,9 +898,9 @@ <version>0.1</version> <status>ALPHA</status> <maintainer>me@daniel.stefan.haischt.name</maintainer> - <depends_on_package_base_url>http://www.pfsense.com/packages/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://www.pfsense.org/packages/All/</depends_on_package_base_url> <depends_on_package>sshtools-0.2.2.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/sshterm/sshterm.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/sshterm/sshterm.xml</config_file> <configurationfile>sshterm.xml</configurationfile> </package> <menu> diff --git a/config/archive/dspam/pkg/dspam-config.inc b/config/archive/dspam/pkg/dspam-config.inc index 211bee51..bffae808 100644 --- a/config/archive/dspam/pkg/dspam-config.inc +++ b/config/archive/dspam/pkg/dspam-config.inc @@ -27,14 +27,14 @@ $CONFIG = array('DSPAM_HOME' => '/var/db/dspam', 'AUTODETECT' => 1, 'OPENSOURCE' => 0, /* Is there a website which provides dedicated infos? */ - 'PACKAGE_WEBSITE' => 'http://www.pfsense.com/', + 'PACKAGE_WEBSITE' => 'https://www.pfsense.org/', /* Is there a forum which provides dedicated infos? */ - 'PACKAGE_FORUM' => 'http://www.pfsense.com/', + 'PACKAGE_FORUM' => 'https://www.pfsense.org/', /* * Is there a issue tracker which allows to fill a * support request or a bug report? */ - 'PACKAGE_TRACKER' => 'http://www.pfsense.com/', + 'PACKAGE_TRACKER' => 'https://www.pfsense.org/', /* 'DATE_FORMAT' => '%d.%m.%Y %H:%M' */ 'DATE_FORMAT' => '%b %d %H:%M' ); diff --git a/config/archive/dspam/pkg/dspam.xml b/config/archive/dspam/pkg/dspam.xml index 59740ae1..54373ffa 100644 --- a/config/archive/dspam/pkg/dspam.xml +++ b/config/archive/dspam/pkg/dspam.xml @@ -104,32 +104,32 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-perf.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-perf.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-admin.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-admin.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-admin-graph.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-admin-graph.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-admin-prefs.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-admin-prefs.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-admin-stats.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-admin-stats.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> @@ -199,32 +199,32 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-prefs.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-prefs.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-quarantine.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-quarantine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-analysis.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-analysis.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-analysis-graph.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-analysis-graph.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-hfragment.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-hfragment.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/dspam-history.php</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-history.php</item> </additional_files_needed> <!-- package files --> <additional_files_needed> @@ -235,93 +235,93 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam.inc</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam-config.inc</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam-config.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam-guifunc.inc</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam-guifunc.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam-pkgfunc.inc</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam-pkgfunc.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam-utilfunc.inc</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam-utilfunc.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/000.mysql.sh</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/000.mysql.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/010.clamav-clamd.sh</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/010.clamav-clamd.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/020.clamav-freshclam.sh</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/020.clamav-freshclam.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/030.p3scan.sh</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/030.p3scan.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/clamd.conf</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/clamd.conf</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/default.prefs.sample</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/default.prefs.sample</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/freshclam.conf</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/freshclam.conf</item> </additional_files_needed> <!-- misc files --> <additional_files_needed> <prefix>/usr/local/www/wizards/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/wizards/dspam_wizard.xml</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/wizards/dspam_wizard.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/wizards/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/wizards/dspam-lda-proxy.png</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/wizards/dspam-lda-proxy.png</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/wizards/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/wizards/dspam-pop-proxy.png</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/wizards/dspam-pop-proxy.png</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/wizards/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/wizards/dspam-smtp-relay.png</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/wizards/dspam-smtp-relay.png</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/pkg/verdana.ttf</item> + <item>https://packages.pfsense.org/packages/config/dspam/pkg/verdana.ttf</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/themes/metallic/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dspam/www/themes/metallic/dspam.css</item> + <item>https://packages.pfsense.org/packages/config/dspam/www/themes/metallic/dspam.css</item> </additional_files_needed> <!-- fields gets invoked when the user adds or edits a item. The following items diff --git a/config/archive/dspam/pkg/p3scan-pf.xml b/config/archive/dspam/pkg/p3scan-pf.xml index f78c3912..b26dc32c 100644 --- a/config/archive/dspam/pkg/p3scan-pf.xml +++ b/config/archive/dspam/pkg/p3scan-pf.xml @@ -97,32 +97,32 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf-msg.xml</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf-msg.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf-emer.xml</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf-emer.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf-vir.xml</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf-vir.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf-spam.xml</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf-spam.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan_rules.php</item> + <item>https://packages.pfsense.org/packages/config/p3scan_rules.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan.inc</item> + <item>https://packages.pfsense.org/packages/config/p3scan.inc</item> </additional_files_needed> <!-- fields gets invoked when the user adds or edits a item. The following items diff --git a/config/archive/dspam/www/wizards/dspam_wizard.xml b/config/archive/dspam/www/wizards/dspam_wizard.xml index 4ac96a4c..6590f149 100644 --- a/config/archive/dspam/www/wizards/dspam_wizard.xml +++ b/config/archive/dspam/www/wizards/dspam_wizard.xml @@ -15,7 +15,7 @@ <![CDATA[ /* dspam_wizard.xml - part of pfSense (http://www.pfsense.org/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Daniel S. Haischt All rights reserved. diff --git a/config/archive/freenas/pkg/freenas.xml b/config/archive/freenas/pkg/freenas.xml index edac8085..f5b875ef 100644 --- a/config/archive/freenas/pkg/freenas.xml +++ b/config/archive/freenas/pkg/freenas.xml @@ -126,430 +126,430 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage_edit.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage_init.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage_init.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage_iscsi.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage_iscsi.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage_tools.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage_tools.php</item> </additional_files_needed> <!-- PHP files (RAID management) --> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror_edit.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror_infos.php</item> </additional_files_needed> <!-- <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror_init.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror_init.php</item> </additional_files_needed> --> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror_tools.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror_tools.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum_edit.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum_infos.php</item> </additional_files_needed> <!-- <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum_init.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum_init.php</item> </additional_files_needed> --> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum_tools.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum_tools.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gconcat.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gconcat.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gconcat_edit.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gconcat_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gconcat_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gconcat_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gconcat_tools.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gconcat_tools.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gstripe.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gstripe.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gstripe_edit.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gstripe_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gstripe_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gstripe_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gstripe_tools.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gstripe_tools.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_graid5.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_graid5.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_graid5_edit.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_graid5_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_graid5_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_graid5_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_graid5_tools.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_graid5_tools.php</item> </additional_files_needed> <!-- PHP files (mount management) --> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_mount.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_mount.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_mount_edit.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_mount_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/disks_mount_tools.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/disks_mount_tools.php</item> </additional_files_needed> <!-- PHP files (diagnostics) --> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_ad_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_ad_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_ataidle_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_ataidle_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_disk_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_disk_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_iscsi_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_iscsi_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_mounts_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_mounts_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_part_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_part_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_raid_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_raid_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_smart_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_smart_infos.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_space_infos.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_space_infos.php</item> </additional_files_needed> <!-- PHP files (logs) --> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_daemon.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_daemon.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_ftp.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_ftp.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_rsyncd.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_rsyncd.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_samba.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_samba.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_settings.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_settings.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_smartd.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_smartd.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_sshd.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_sshd.php</item> </additional_files_needed> <!-- PHP files (services) --> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_afp.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_afp.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_ftp.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_ftp.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_nfs.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_nfs.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_nfs_export.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_nfs_export.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_nfs_export_edit.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_nfs_export_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_rsyncd.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_rsyncd.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_rsyncd_client.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_rsyncd_client.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_rsyncd_local.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_rsyncd_local.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_samba.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_samba.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_samba_share.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_samba_share.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_samba_edit.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_samba_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/services_unison.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/services_unison.php</item> </additional_files_needed> <!-- PHP files (misc) --> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/www/status_disks.php</item> + <item>https://packages.pfsense.org/packages/config/freenas/www/status_disks.php</item> </additional_files_needed> <!-- package files --> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas.inc</item> + <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_disks.inc</item> + <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_disks.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_config.inc</item> + <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_config.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_functions.inc</item> + <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_functions.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_guiconfig.inc</item> + <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_guiconfig.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_services.inc</item> + <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_services.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_utils.inc</item> + <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_utils.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_system.inc</item> + <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_system.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/pkg/rc.freenas</item> + <item>https://packages.pfsense.org/packages/config/freenas/pkg/rc.freenas</item> </additional_files_needed> <!-- kernel binaries --> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/iscsi_initiator.ko</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/iscsi_initiator.ko</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/ext2fs.ko</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/ext2fs.ko</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/geom_concat.ko</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_concat.ko</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/geom_gpt.ko</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_gpt.ko</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/geom_mirror.ko</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_mirror.ko</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/geom_stripe.ko</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_stripe.ko</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/geom_vinum.ko</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_vinum.ko</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/kernel.gz</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/kernel.gz</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/ntfs.ko</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/ntfs.ko</item> </additional_files_needed> <!-- misc binaries --> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/iscontrol</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/iscontrol</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/mountd</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/mountd</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/nfsd</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/nfsd</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/rpcbind</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/rpcbind</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/rpc.lockd</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/rpc.lockd</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freenas/bin/rpc.statd</item> + <item>https://packages.pfsense.org/packages/config/freenas/bin/rpc.statd</item> </additional_files_needed> <!-- fields gets invoked when the user adds or edits a item. The following items diff --git a/config/archive/frickin/frickin.xml b/config/archive/frickin/frickin.xml index 79f8ca5b..51e4c0b6 100644 --- a/config/archive/frickin/frickin.xml +++ b/config/archive/frickin/frickin.xml @@ -59,12 +59,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/frickin/frickin.inc</item> + <item>https://packages.pfsense.org/packages/config/frickin/frickin.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/frickin/bin/frickin2</item> + <item>https://packages.pfsense.org/packages/config/frickin/bin/frickin2</item> </additional_files_needed> <fields> <field> diff --git a/config/archive/p3scan-pf/p3scan-pf.xml b/config/archive/p3scan-pf/p3scan-pf.xml index f309cb50..d4bea8ec 100644 --- a/config/archive/p3scan-pf/p3scan-pf.xml +++ b/config/archive/p3scan-pf/p3scan-pf.xml @@ -104,32 +104,32 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-msg.xml</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-msg.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-transex.xml</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-transex.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-emer.xml</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-emer.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-vir.xml</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-vir.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-spam.xml</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-spam.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf.inc</item> + <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf.inc</item> </additional_files_needed> <!-- fields gets invoked when the user adds or edits a item. The following items diff --git a/config/archive/p3scan.xml b/config/archive/p3scan.xml index 9bc438ff..86376536 100644 --- a/config/archive/p3scan.xml +++ b/config/archive/p3scan.xml @@ -56,16 +56,16 @@ <description>POP3 virus/spam scanner.</description> </service> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/p3scan.inc</item> + <item>https://packages.pfsense.org/packages/config/p3scan.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/All/p3scan</item> + <item>https://www.pfsense.org/packages/All/p3scan</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/etc/</prefix> - <item>http://www.pfsense.org/packages/config/p3scan.mail</item> + <item>https://packages.pfsense.org/packages/config/p3scan.mail</item> </additional_files_needed> <custom_php_install_command> p3scan_install_command(); diff --git a/config/archive/portsentry/portsentry.xml b/config/archive/portsentry/portsentry.xml index 3220c8ff..175417b5 100644 --- a/config/archive/portsentry/portsentry.xml +++ b/config/archive/portsentry/portsentry.xml @@ -58,7 +58,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/portsentry/portsentry.inc</item> + <item>https://packages.pfsense.org/packages/config/portsentry/portsentry.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/archive/quagga/quagga.xml b/config/archive/quagga/quagga.xml index 4f4b65dc..732bd1c1 100644 --- a/config/archive/quagga/quagga.xml +++ b/config/archive/quagga/quagga.xml @@ -57,7 +57,7 @@ <additional_files_needed> <prefix>/usr/local/etc/rc.d/</prefix> <chmod>0777</chmod> - <item>http://www.pfsense.org/packages/config/quagga/quagga.sh</item> + <item>https://packages.pfsense.org/packages/config/quagga/quagga.sh</item> </additional_files_needed> <custom_php_install_command> mwexec("/usr/local/etc/rc.d/quagga.sh start"); diff --git a/config/archive/sassassin.xml b/config/archive/sassassin.xml index eb82fd55..61cc0653 100644 --- a/config/archive/sassassin.xml +++ b/config/archive/sassassin.xml @@ -77,13 +77,13 @@ </tab> </tabs> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sassassin_wl.xml</item> + <item>https://packages.pfsense.org/packages/config/sassassin_wl.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sassassin_bl.xml</item> + <item>https://packages.pfsense.org/packages/config/sassassin_bl.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sassassin.inc</item> + <item>https://packages.pfsense.org/packages/config/sassassin.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/archive/viralator.xml b/config/archive/viralator.xml index 7573af94..3953b126 100644 --- a/config/archive/viralator.xml +++ b/config/archive/viralator.xml @@ -50,10 +50,10 @@ <title>none</title> <include_file>viralator.inc</include_file> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/viralator.inc</item> + <item>https://packages.pfsense.org/packages/config/viralator.inc</item> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/All/viralator.tgz</item> + <item>https://www.pfsense.org/packages/All/viralator.tgz</item> </additional_files_needed> <custom_php_install_command> viralator_install_command(); diff --git a/config/arping/arping.inc b/config/arping/arping.inc index be21a790..0054adf0 100644 --- a/config/arping/arping.inc +++ b/config/arping/arping.inc @@ -35,7 +35,11 @@ function arping_package_reinstall() { } function arping_package_php_command() { - system("arping -c3 " . $_POST['hostip']); + require_once("util.inc"); + if (is_ipaddr($_POST['hostip']) || is_hostname($_POST['hostip']) || is_macaddr($_POST['hostip'])) + system("arping -c3 " . escapeshellarg($_POST['hostip'])); + else + echo "Invalid input. Supplied address must be a valid IP or MAC address."; exit; } diff --git a/config/arping/arping.xml b/config/arping/arping.xml index 01651e83..02531b76 100644 --- a/config/arping/arping.xml +++ b/config/arping/arping.xml @@ -68,7 +68,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/arping/arping.inc</item> + <item>https://packages.pfsense.org/packages/config/arping/arping.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/arpwatch.xml b/config/arpwatch.xml index bf163ad6..f77fce34 100644 --- a/config/arpwatch.xml +++ b/config/arpwatch.xml @@ -75,12 +75,12 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>a+rx</chmod> - <item>http://www.pfsense.com/packages/config/arpwatch_reports.php</item> + <item>https://packages.pfsense.org/packages/config/arpwatch_reports.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/sbin/</prefix> <chmod>a+rx</chmod> - <item>http://www.pfsense.com/packages/config/sm.php</item> + <item>https://packages.pfsense.org/packages/config/sm.php</item> </additional_files_needed> <fields> <field> @@ -113,7 +113,7 @@ $debug = ""; if(($pf_version > 2.0) && (isset($_POST['enable_email']) || ($config['installedpackages']['arpwatch']['config'][0]['enable_email'] == "on"))) { if (!empty($config['notifications']['smtp']['notifyemailaddress'])) - $mail = " -m {$config['notifications']['smtp']['notifyemailaddress']}"; + $mail = " -m \"{$config['notifications']['smtp']['notifyemailaddress']}\""; } else { $debug = "-d"; } diff --git a/config/asterisk/asterisk.xml b/config/asterisk/asterisk.xml index 7f9f56bf..d5fb3161 100644 --- a/config/asterisk/asterisk.xml +++ b/config/asterisk/asterisk.xml @@ -47,32 +47,32 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/asterisk/asterisk.inc</item> + <item>https://packages.pfsense.org/packages/config/asterisk/asterisk.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/asterisk/asterisk_calls.php</item> + <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_calls.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/asterisk/asterisk_edit_file.php</item> + <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_edit_file.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/asterisk/asterisk_log.php</item> + <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_log.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/asterisk/asterisk_cmd.php</item> + <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_cmd.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/asterisk/pkg_asterisk.inc</item> + <item>https://packages.pfsense.org/packages/config/asterisk/pkg_asterisk.inc</item> </additional_files_needed> <menu> <name>Asterisk</name> diff --git a/config/authng/bin/patch b/config/authng/bin/patch Binary files differdeleted file mode 100644 index f807fa85..00000000 --- a/config/authng/bin/patch +++ /dev/null diff --git a/config/authng/diff/authng-fbegin.inc.diff b/config/authng/diff/authng-fbegin.inc.diff deleted file mode 100644 index 8a38c1b4..00000000 --- a/config/authng/diff/authng-fbegin.inc.diff +++ /dev/null @@ -1,15 +0,0 @@ -Index: usr/local/www/fbegin.inc -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/fbegin.inc,v -retrieving revision 1.104.2.37.2.7 -diff -u -r1.104.2.37.2.7 fbegin.inc ---- usr/local/www/fbegin.inc 31 May 2007 03:21:59 -0000 1.104.2.37.2.7 -+++ usr/local/www/fbegin.inc 8 Sep 2007 21:16:29 -0000 -@@ -127,6 +127,7 @@ - <?php endif; ?> - <li><a href="/wizard.php?xml=setup_wizard.xml" class="navlnk">Setup wizard</a></li> - <li><a href="/system_routes.php" class="navlnk">Static routes</a></li> -+ <?php echo return_ext_menu("System"); ?> - </ul> - </li> - <li class="drop"> diff --git a/config/authng/diff/authng-globals.inc.diff b/config/authng/diff/authng-globals.inc.diff deleted file mode 100644 index 6dea7e6f..00000000 --- a/config/authng/diff/authng-globals.inc.diff +++ /dev/null @@ -1,16 +0,0 @@ -Index: globals.inc -=================================================================== -RCS file: /cvsroot/pfSense/etc/inc/globals.inc,v -retrieving revision 1.40.2.16 -diff -u -r1.40.2.16 globals.inc ---- globals.inc 27 Feb 2007 20:45:31 -0000 1.40.2.16 -+++ globals.inc 9 Sep 2007 20:54:52 -0000 -@@ -47,6 +47,8 @@ - "cf_conf_path" => "/cf/conf", - "www_path" => "/usr/local/www", - "xml_rootobj" => "pfsense", -+ "admin_group" => "admins", -+ "product_name" => "pfSense", - "pppoe_interface" => "ng0", - "n_pptp_units" => 16, /* this value can be overriden in pptp->n_pptp_units */ - "pptp_subnet" => 28, /* this value can be overriden in pptp->pptp_subnet */ diff --git a/config/authng/diff/authng-guiconfig.inc.diff b/config/authng/diff/authng-guiconfig.inc.diff deleted file mode 100644 index e65ae8b8..00000000 --- a/config/authng/diff/authng-guiconfig.inc.diff +++ /dev/null @@ -1,27 +0,0 @@ -Index: guiconfig.inc -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/guiconfig.inc,v -retrieving revision 1.90.2.31.2.3 -diff -u -r1.90.2.31.2.3 guiconfig.inc ---- guiconfig.inc 10 May 2007 20:49:41 -0000 1.90.2.31.2.3 -+++ guiconfig.inc 9 Sep 2007 19:43:31 -0000 -@@ -41,7 +41,7 @@ - - /* Include authentication routines */ - /* THIS MUST BE ABOVE ALL OTHER CODE */ --require_once("auth.inc"); -+require_once("authng_authgui.inc"); - - /* parse the configuration and include all configuration functions */ - require_once("config.inc"); -@@ -574,10 +574,6 @@ - - usort($config['shaper']['rule'], "rqpcmp"); - } --function gentitle($pgname) { -- global $config; -- return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname; --} - - /* update the changedesc and changecount(er) variables */ - function update_changedesc($update) { diff --git a/config/authng/diff/authng-pfSenseHead.diff b/config/authng/diff/authng-pfSenseHead.diff deleted file mode 100644 index 2a531271..00000000 --- a/config/authng/diff/authng-pfSenseHead.diff +++ /dev/null @@ -1,2128 +0,0 @@ -Index: usr/local/www/carp_status.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/carp_status.php,v -retrieving revision 1.27.2.3 -diff -u -r1.27.2.3 carp_status.php ---- usr/local/www/carp_status.php 3 Apr 2006 21:05:11 -0000 1.27.2.3 -+++ usr/local/www/carp_status.php 8 Sep 2007 18:31:52 -0000 -@@ -56,6 +56,7 @@ - - $pgtitle = "CARP: Status"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_arp.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_arp.php,v -retrieving revision 1.3.2.4 -diff -u -r1.3.2.4 diag_arp.php ---- usr/local/www/diag_arp.php 19 Mar 2006 22:23:31 -0000 1.3.2.4 -+++ usr/local/www/diag_arp.php 8 Sep 2007 18:32:10 -0000 -@@ -31,6 +31,7 @@ - require("guiconfig.inc"); - $pgtitle = "Diagnostics: ARP Table"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - ?> - <body link="#000000" vlink="#000000" alink="#000000"> - <script src="/javascript/sorttable.js"></script> -Index: usr/local/www/diag_backup.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_backup.php,v -retrieving revision 1.70.2.18.2.2 -diff -u -r1.70.2.18.2.2 diag_backup.php ---- usr/local/www/diag_backup.php 3 May 2007 22:16:01 -0000 1.70.2.18.2.2 -+++ usr/local/www/diag_backup.php 8 Sep 2007 18:32:26 -0000 -@@ -225,6 +225,7 @@ - - $pgtitle = "Diagnostics: Backup/restore"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_confbak.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_confbak.php,v -retrieving revision 1.20.2.2 -diff -u -r1.20.2.2 diag_confbak.php ---- usr/local/www/diag_confbak.php 2 Jan 2006 23:46:23 -0000 1.20.2.2 -+++ usr/local/www/diag_confbak.php 8 Sep 2007 18:32:54 -0000 -@@ -50,6 +50,7 @@ - - $pgtitle = "Diagnostics: Configuration History"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_defaults.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_defaults.php,v -retrieving revision 1.6.4.3 -diff -u -r1.6.4.3 diag_defaults.php ---- usr/local/www/diag_defaults.php 28 Apr 2006 02:27:19 -0000 1.6.4.3 -+++ usr/local/www/diag_defaults.php 8 Sep 2007 18:32:58 -0000 -@@ -46,6 +46,7 @@ - - $pgtitle = "Diagnostics: Factory defaults"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_dhcp_leases.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_dhcp_leases.php,v -retrieving revision 1.11.2.17 -diff -u -r1.11.2.17 diag_dhcp_leases.php ---- usr/local/www/diag_dhcp_leases.php 2 Mar 2007 15:31:08 -0000 1.11.2.17 -+++ usr/local/www/diag_dhcp_leases.php 8 Sep 2007 18:33:04 -0000 -@@ -35,6 +35,7 @@ - - $pgtitle = "Diagnostics: DHCP leases"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_dump_states.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_dump_states.php,v -retrieving revision 1.10.2.14.2.1 -diff -u -r1.10.2.14.2.1 diag_dump_states.php ---- usr/local/www/diag_dump_states.php 11 May 2007 17:21:06 -0000 1.10.2.14.2.1 -+++ usr/local/www/diag_dump_states.php 8 Sep 2007 18:33:11 -0000 -@@ -30,6 +30,7 @@ - - $pgtitle = "Diagnostics: Show States"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - /* handle AJAX operations */ - if($_GET['action']) { -Index: usr/local/www/diag_ipsec_sad.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_ipsec_sad.php,v -retrieving revision 1.12.2.3 -diff -u -r1.12.2.3 diag_ipsec_sad.php ---- usr/local/www/diag_ipsec_sad.php 3 Apr 2006 21:05:11 -0000 1.12.2.3 -+++ usr/local/www/diag_ipsec_sad.php 8 Sep 2007 18:33:18 -0000 -@@ -35,6 +35,7 @@ - - $pgtitle = "Diagnostics: IPSec: SA"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_ipsec_spd.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_ipsec_spd.php,v -retrieving revision 1.12.2.2 -diff -u -r1.12.2.2 diag_ipsec_spd.php ---- usr/local/www/diag_ipsec_spd.php 2 Jan 2006 23:46:23 -0000 1.12.2.2 -+++ usr/local/www/diag_ipsec_spd.php 8 Sep 2007 18:33:22 -0000 -@@ -35,6 +35,7 @@ - - $pgtitle = "Diagnostics: IPSec: SPD"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_logs.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs.php,v -retrieving revision 1.32.2.11 -diff -u -r1.32.2.11 diag_logs.php ---- usr/local/www/diag_logs.php 9 Oct 2006 00:19:17 -0000 1.32.2.11 -+++ usr/local/www/diag_logs.php 8 Sep 2007 18:33:30 -0000 -@@ -56,6 +56,7 @@ - - $pgtitle = "Diagnostics: System logs: System"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_logs_auth.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs_auth.php,v -retrieving revision 1.19.2.4 -diff -u -r1.19.2.4 diag_logs_auth.php ---- usr/local/www/diag_logs_auth.php 5 Oct 2006 21:51:02 -0000 1.19.2.4 -+++ usr/local/www/diag_logs_auth.php 8 Sep 2007 18:33:38 -0000 -@@ -43,6 +43,7 @@ - - $pgtitle = "Diagnostics: System logs: Portal Auth"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_logs_dhcp.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs_dhcp.php,v -retrieving revision 1.19.2.4 -diff -u -r1.19.2.4 diag_logs_dhcp.php ---- usr/local/www/diag_logs_dhcp.php 5 Oct 2006 21:51:02 -0000 1.19.2.4 -+++ usr/local/www/diag_logs_dhcp.php 8 Sep 2007 18:33:43 -0000 -@@ -45,6 +45,7 @@ - - $pgtitle = "Diagnostics: System logs: DHCP"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_logs_filter.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs_filter.php,v -retrieving revision 1.46.2.33.2.1 -diff -u -r1.46.2.33.2.1 diag_logs_filter.php ---- usr/local/www/diag_logs_filter.php 5 Jul 2007 22:31:03 -0000 1.46.2.33.2.1 -+++ usr/local/www/diag_logs_filter.php 8 Sep 2007 18:33:53 -0000 -@@ -173,6 +173,7 @@ - - $pgtitle = "Diagnostics: System logs: Firewall"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/diag_logs_filter_dynamic.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/diag_logs_filter_dynamic.php,v -retrieving revision 1.13.2.16.2.2 -diff -u -r1.13.2.16.2.2 diag_logs_filter_dynamic.php ---- usr/local/www/diag_logs_filter_dynamic.php 4 Jul 2007 20:14:26 -0000 1.13.2.16.2.2 -+++ usr/local/www/diag_logs_filter_dynamic.php 8 Sep 2007 18:34:01 -0000 -@@ -157,6 +157,7 @@ - - $pgtitle = "Diagnostics: System logs: Firewall"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/diag_logs_ipsec.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs_ipsec.php,v -retrieving revision 1.30.2.5 -diff -u -r1.30.2.5 diag_logs_ipsec.php ---- usr/local/www/diag_logs_ipsec.php 5 Oct 2006 21:51:02 -0000 1.30.2.5 -+++ usr/local/www/diag_logs_ipsec.php 8 Sep 2007 18:35:14 -0000 -@@ -47,6 +47,7 @@ - - $pgtitle = "Diagnostics: System logs: IPSEC VPN"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/diag_logs_ntpd.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs_ntpd.php,v -retrieving revision 1.1.2.4 -diff -u -r1.1.2.4 diag_logs_ntpd.php ---- usr/local/www/diag_logs_ntpd.php 22 Oct 2006 05:30:56 -0000 1.1.2.4 -+++ usr/local/www/diag_logs_ntpd.php 8 Sep 2007 18:35:19 -0000 -@@ -45,6 +45,7 @@ - - $pgtitle = "Diagnostics: System logs: OpenNTPD"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_logs_openvpn.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs_openvpn.php,v -retrieving revision 1.2.2.8 -diff -u -r1.2.2.8 diag_logs_openvpn.php ---- usr/local/www/diag_logs_openvpn.php 5 Oct 2006 21:51:02 -0000 1.2.2.8 -+++ usr/local/www/diag_logs_openvpn.php 8 Sep 2007 18:35:24 -0000 -@@ -48,6 +48,7 @@ - } - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/diag_logs_settings.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs_settings.php,v -retrieving revision 1.18.2.8 -diff -u -r1.18.2.8 diag_logs_settings.php ---- usr/local/www/diag_logs_settings.php 5 Oct 2006 21:51:02 -0000 1.18.2.8 -+++ usr/local/www/diag_logs_settings.php 8 Sep 2007 18:35:31 -0000 -@@ -94,6 +94,7 @@ - - $pgtitle = "Diagnostics: System logs: Settings"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_logs_slbd.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs_slbd.php,v -retrieving revision 1.3.2.5 -diff -u -r1.3.2.5 diag_logs_slbd.php ---- usr/local/www/diag_logs_slbd.php 5 Oct 2006 21:51:02 -0000 1.3.2.5 -+++ usr/local/www/diag_logs_slbd.php 8 Sep 2007 18:35:36 -0000 -@@ -46,6 +46,7 @@ - - $pgtitle = "Diagnostics: System logs: Load Balancer"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/diag_logs_vpn.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_logs_vpn.php,v -retrieving revision 1.26.2.8 -diff -u -r1.26.2.8 diag_logs_vpn.php ---- usr/local/www/diag_logs_vpn.php 22 Oct 2006 05:30:56 -0000 1.26.2.8 -+++ usr/local/www/diag_logs_vpn.php 8 Sep 2007 18:35:43 -0000 -@@ -70,6 +70,7 @@ - } - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/diag_packet_capture.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_packet_capture.php,v -retrieving revision 1.2.2.4.2.5 -diff -u -r1.2.2.4.2.5 diag_packet_capture.php ---- usr/local/www/diag_packet_capture.php 1 Jul 2007 05:09:05 -0000 1.2.2.4.2.5 -+++ usr/local/www/diag_packet_capture.php 8 Sep 2007 18:35:53 -0000 -@@ -106,7 +106,9 @@ - - } - $pgtitle = "Diagnostics: Packet Capture"; --include("head.inc"); ?> -+include("head.inc"); -+echo $pfSenseHead->getHTML(); -+?> - <body link="#000000" vlink="#0000CC" alink="#0000CC"> - <? include("fbegin.inc"); ?> - -Index: usr/local/www/diag_ping.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/diag_ping.php,v -retrieving revision 1.8.2.6 -diff -u -r1.8.2.6 diag_ping.php ---- usr/local/www/diag_ping.php 25 Apr 2006 22:06:42 -0000 1.8.2.6 -+++ usr/local/www/diag_ping.php 8 Sep 2007 18:36:01 -0000 -@@ -86,7 +86,9 @@ - } - - $pgtitle = "Diagnostics: Ping"; --include("head.inc"); ?> -+include("head.inc"); -+echo $pfSenseHead->getHTML(); -+?> - <body link="#000000" vlink="#000000" alink="#000000"> - <? include("fbegin.inc"); ?> - <p class="pgtitle"><?=$pgtitle?></p> -Index: usr/local/www/diag_pkglogs.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_pkglogs.php,v -retrieving revision 1.20.4.1 -diff -u -r1.20.4.1 diag_pkglogs.php ---- usr/local/www/diag_pkglogs.php 2 Jan 2006 23:46:23 -0000 1.20.4.1 -+++ usr/local/www/diag_pkglogs.php 8 Sep 2007 18:36:08 -0000 -@@ -68,6 +68,7 @@ - - $pgtitle = "Diagnostics: Package logs"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/diag_resetstate.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_resetstate.php,v -retrieving revision 1.6.4.2 -diff -u -r1.6.4.2 diag_resetstate.php ---- usr/local/www/diag_resetstate.php 2 Jan 2006 23:46:23 -0000 1.6.4.2 -+++ usr/local/www/diag_resetstate.php 8 Sep 2007 18:36:12 -0000 -@@ -45,6 +45,7 @@ - - $pgtitle = "Diagnostics: Reset state"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/diag_routes.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/diag_routes.php,v -retrieving revision 1.2.2.4 -diff -u -r1.2.2.4 diag_routes.php ---- usr/local/www/diag_routes.php 11 Mar 2006 08:25:22 -0000 1.2.2.4 -+++ usr/local/www/diag_routes.php 8 Sep 2007 18:36:16 -0000 -@@ -34,6 +34,7 @@ - $pgtitle = 'Diagnostics: Routing tables'; - - include('head.inc'); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#000000" vlink="#000000" alink="#000000"> -Index: usr/local/www/diag_traceroute.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/diag_traceroute.php,v -retrieving revision 1.4.2.7 -diff -u -r1.4.2.7 diag_traceroute.php ---- usr/local/www/diag_traceroute.php 25 Apr 2006 22:06:42 -0000 1.4.2.7 -+++ usr/local/www/diag_traceroute.php 8 Sep 2007 18:36:24 -0000 -@@ -32,6 +32,7 @@ - require("guiconfig.inc"); - $pgtitle = "Diagnostics: Traceroute"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - ?> - <body link="#000000" vlink="#000000" alink="#000000"> - <? include("fbegin.inc"); ?> -Index: usr/local/www/edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/edit.php,v -retrieving revision 1.35.2.5 -diff -u -r1.35.2.5 edit.php ---- usr/local/www/edit.php 26 Sep 2006 22:49:53 -0000 1.35.2.5 -+++ usr/local/www/edit.php 8 Sep 2007 19:09:08 -0000 -@@ -133,6 +133,7 @@ - $pgtitle = "Diagnostics: Edit File"; - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/exec.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/exec.php,v -retrieving revision 1.10.4.9 -diff -u -r1.10.4.9 exec.php ---- usr/local/www/exec.php 20 Mar 2007 18:38:33 -0000 1.10.4.9 -+++ usr/local/www/exec.php 8 Sep 2007 19:09:08 -0000 -@@ -52,6 +52,7 @@ - - $pgtitle = "Diagnostics: Execute command"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - ?> - - <script language="javascript"> -Index: usr/local/www/firewall_aliases.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_aliases.php,v -retrieving revision 1.21.2.10.2.1 -diff -u -r1.21.2.10.2.1 firewall_aliases.php ---- usr/local/www/firewall_aliases.php 8 May 2007 22:06:49 -0000 1.21.2.10.2.1 -+++ usr/local/www/firewall_aliases.php 8 Sep 2007 18:36:53 -0000 -@@ -144,7 +144,7 @@ - - $pgtitle = "Firewall: Aliases"; - include("head.inc"); -- -+echo $pfSenseHead->getHTML(); - ?> - - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/firewall_aliases_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_aliases_edit.php,v -retrieving revision 1.25.2.12.2.1 -diff -u -r1.25.2.12.2.1 firewall_aliases_edit.php ---- usr/local/www/firewall_aliases_edit.php 2 May 2007 12:43:56 -0000 1.25.2.12.2.1 -+++ usr/local/www/firewall_aliases_edit.php 8 Sep 2007 18:40:54 -0000 -@@ -284,6 +284,7 @@ - } - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - $jscriptstr = <<<EOD - -@@ -400,12 +401,13 @@ - - EOD; - -+$pfSenseHead->addScript($jscriptstr); -+echo $pfSenseHead->getHTML(); - ?> - - <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> - <?php - include("fbegin.inc"); -- echo $jscriptstr; - ?> - - <script type="text/javascript" src="row_helper.js"> -Index: usr/local/www/firewall_nat.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_nat.php,v -retrieving revision 1.31.2.15.2.1 -diff -u -r1.31.2.15.2.1 firewall_nat.php ---- usr/local/www/firewall_nat.php 8 May 2007 22:06:49 -0000 1.31.2.15.2.1 -+++ usr/local/www/firewall_nat.php 8 Sep 2007 18:41:11 -0000 -@@ -134,6 +134,7 @@ - - $pgtitle = "Firewall: NAT: Port Forward"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#000000" vlink="#000000" alink="#000000"> -Index: usr/local/www/firewall_nat_1to1.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_nat_1to1.php,v -retrieving revision 1.20.2.2.2.1 -diff -u -r1.20.2.2.2.1 firewall_nat_1to1.php ---- usr/local/www/firewall_nat_1to1.php 8 May 2007 22:06:49 -0000 1.20.2.2.2.1 -+++ usr/local/www/firewall_nat_1to1.php 8 Sep 2007 18:41:22 -0000 -@@ -71,6 +71,7 @@ - - $pgtitle = "Firewall: NAT: 1:1"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/firewall_nat_1to1_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_nat_1to1_edit.php,v -retrieving revision 1.9.2.2 -diff -u -r1.9.2.2 firewall_nat_1to1_edit.php ---- usr/local/www/firewall_nat_1to1_edit.php 2 Jan 2006 23:46:23 -0000 1.9.2.2 -+++ usr/local/www/firewall_nat_1to1_edit.php 8 Sep 2007 19:09:08 -0000 -@@ -130,6 +130,7 @@ - - $pgtitle = "Firewall: NAT: 1:1: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/firewall_nat_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_nat_edit.php,v -retrieving revision 1.30.2.19 -diff -u -r1.30.2.19 firewall_nat_edit.php ---- usr/local/www/firewall_nat_edit.php 27 Dec 2006 07:49:18 -0000 1.30.2.19 -+++ usr/local/www/firewall_nat_edit.php 8 Sep 2007 18:41:35 -0000 -@@ -257,6 +257,7 @@ - - $pgtitle = "Firewall: NAT: Port Forward: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/firewall_nat_out.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_nat_out.php,v -retrieving revision 1.47.2.16.2.3 -diff -u -r1.47.2.16.2.3 firewall_nat_out.php ---- usr/local/www/firewall_nat_out.php 9 May 2007 15:42:19 -0000 1.47.2.16.2.3 -+++ usr/local/www/firewall_nat_out.php 8 Sep 2007 18:41:42 -0000 -@@ -177,6 +177,7 @@ - - $pgtitle = "Firewall: NAT: Outbound"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/firewall_nat_out_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_nat_out_edit.php,v -retrieving revision 1.26.2.19 -diff -u -r1.26.2.19 firewall_nat_out_edit.php ---- usr/local/www/firewall_nat_out_edit.php 6 Sep 2006 17:49:16 -0000 1.26.2.19 -+++ usr/local/www/firewall_nat_out_edit.php 8 Sep 2007 18:44:06 -0000 -@@ -238,6 +238,8 @@ - $pgtitle = "Firewall: NAT: Outbound: Edit"; - $closehead = false; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/firewall_nat_server.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_nat_server.php,v -retrieving revision 1.17.4.2 -diff -u -r1.17.4.2 firewall_nat_server.php ---- usr/local/www/firewall_nat_server.php 2 Jan 2006 23:46:24 -0000 1.17.4.2 -+++ usr/local/www/firewall_nat_server.php 8 Sep 2007 18:44:22 -0000 -@@ -83,6 +83,7 @@ - - $pgtitle = "Firewall: NAT: NAT Addresses"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/firewall_nat_server_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_nat_server_edit.php,v -retrieving revision 1.8.4.2 -diff -u -r1.8.4.2 firewall_nat_server_edit.php ---- usr/local/www/firewall_nat_server_edit.php 2 Jan 2006 23:46:24 -0000 1.8.4.2 -+++ usr/local/www/firewall_nat_server_edit.php 8 Sep 2007 18:44:27 -0000 -@@ -113,6 +113,7 @@ - - $pgtitle = "Firewall: NAT: NAT Addresses: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/firewall_rules.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_rules.php,v -retrieving revision 1.42.2.17.2.6 -diff -u -r1.42.2.17.2.6 firewall_rules.php ---- usr/local/www/firewall_rules.php 5 Jul 2007 22:35:33 -0000 1.42.2.17.2.6 -+++ usr/local/www/firewall_rules.php 8 Sep 2007 18:45:02 -0000 -@@ -171,6 +171,8 @@ - - $pgtitle = "Firewall: Rules"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domLib.js\"></script>"; - echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domTT.js\"></script>"; -Index: usr/local/www/firewall_rules_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_rules_edit.php,v -retrieving revision 1.86.2.34.2.3 -diff -u -r1.86.2.34.2.3 firewall_rules_edit.php ---- usr/local/www/firewall_rules_edit.php 1 Jun 2007 17:12:12 -0000 1.86.2.34.2.3 -+++ usr/local/www/firewall_rules_edit.php 8 Sep 2007 18:45:23 -0000 -@@ -349,10 +349,9 @@ - - $page_filename = "firewall_rules_edit.php"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> -- --</head> - - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/firewall_schedule.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_schedule.php,v -retrieving revision 1.1.2.7.2.2 -diff -u -r1.1.2.7.2.2 firewall_schedule.php ---- usr/local/www/firewall_schedule.php 9 May 2007 02:09:06 -0000 1.1.2.7.2.2 -+++ usr/local/www/firewall_schedule.php 8 Sep 2007 18:45:43 -0000 -@@ -75,6 +75,7 @@ - } - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - ?> - - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/firewall_schedule_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_schedule_edit.php,v -retrieving revision 1.1.2.15.2.2 -diff -u -r1.1.2.15.2.2 firewall_schedule_edit.php ---- usr/local/www/firewall_schedule_edit.php 7 May 2007 11:46:55 -0000 1.1.2.15.2.2 -+++ usr/local/www/firewall_schedule_edit.php 8 Sep 2007 18:46:49 -0000 -@@ -725,6 +725,9 @@ - - </script> - EOD; -+ -+$pfSenseHead->addScript($jscriptstr); -+echo $pfSenseHead->getHTML(); - ?> - - <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> -Index: usr/local/www/firewall_shaper.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_shaper.php,v -retrieving revision 1.41.2.10 -diff -u -r1.41.2.10 firewall_shaper.php ---- usr/local/www/firewall_shaper.php 25 Mar 2006 00:14:06 -0000 1.41.2.10 -+++ usr/local/www/firewall_shaper.php 8 Sep 2007 18:47:46 -0000 -@@ -189,6 +189,7 @@ - - $pgtitle = "Firewall: Shaper: Rules"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/firewall_shaper_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_shaper_edit.php,v -retrieving revision 1.28.2.6 -diff -u -r1.28.2.6 firewall_shaper_edit.php ---- usr/local/www/firewall_shaper_edit.php 24 Apr 2006 18:41:52 -0000 1.28.2.6 -+++ usr/local/www/firewall_shaper_edit.php 8 Sep 2007 18:48:15 -0000 -@@ -291,6 +291,8 @@ - $pgtitle = "Firewall: Shaper: Rules: Edit"; - $closehead = false; - include("head.inc"); -+$pfSenseHead->setCloseHead(); -+echo $pfSenseHead->getHTML(); - ?> - - <script language="JavaScript"> -Index: usr/local/www/firewall_shaper_queues.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_shaper_queues.php,v -retrieving revision 1.51.2.4 -diff -u -r1.51.2.4 firewall_shaper_queues.php ---- usr/local/www/firewall_shaper_queues.php 2 Jan 2006 23:46:24 -0000 1.51.2.4 -+++ usr/local/www/firewall_shaper_queues.php 8 Sep 2007 18:48:26 -0000 -@@ -157,6 +157,7 @@ - - $pgtitle = "Firewall: Shaper: Queues"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/firewall_shaper_queues_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_shaper_queues_edit.php,v -retrieving revision 1.59.2.11 -diff -u -r1.59.2.11 firewall_shaper_queues_edit.php ---- usr/local/www/firewall_shaper_queues_edit.php 21 Aug 2006 03:25:24 -0000 1.59.2.11 -+++ usr/local/www/firewall_shaper_queues_edit.php 8 Sep 2007 18:48:32 -0000 -@@ -240,6 +240,7 @@ - - $pgtitle = "Firewall: Shaper: Queues: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/firewall_virtual_ip.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_virtual_ip.php,v -retrieving revision 1.9.2.6.2.10 -diff -u -r1.9.2.6.2.10 firewall_virtual_ip.php ---- usr/local/www/firewall_virtual_ip.php 21 May 2007 19:28:20 -0000 1.9.2.6.2.10 -+++ usr/local/www/firewall_virtual_ip.php 8 Sep 2007 18:48:38 -0000 -@@ -80,6 +80,7 @@ - - $pgtitle = "Firewall: Virtual IP Addresses"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/firewall_virtual_ip_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/firewall_virtual_ip_edit.php,v -retrieving revision 1.11.2.23 -diff -u -r1.11.2.23 firewall_virtual_ip_edit.php ---- usr/local/www/firewall_virtual_ip_edit.php 27 Feb 2007 17:09:46 -0000 1.11.2.23 -+++ usr/local/www/firewall_virtual_ip_edit.php 8 Sep 2007 18:48:44 -0000 -@@ -205,6 +205,7 @@ - - $pgtitle = "Firewall: Virtual IP Address: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/halt.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/halt.php,v -retrieving revision 1.6.4.1 -diff -u -r1.6.4.1 halt.php ---- usr/local/www/halt.php 2 Jan 2006 23:46:24 -0000 1.6.4.1 -+++ usr/local/www/halt.php 8 Sep 2007 18:48:57 -0000 -@@ -46,6 +46,7 @@ - - $pgtitle = "Diagnostics: Halt system"; - include('head.inc'); -+echo $pfSenseHead->getHTML(); - ?> - - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/index.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/index.php,v -retrieving revision 1.88.2.9 -diff -u -r1.88.2.9 index.php ---- usr/local/www/index.php 21 May 2006 23:26:30 -0000 1.88.2.9 -+++ usr/local/www/index.php 8 Sep 2007 18:51:09 -0000 -@@ -80,6 +80,7 @@ - - $pgtitle = 'pfSense first time setup'; - include('head.inc'); -+ echo $pfSenseHead->getHTML(); - - echo "<body link=\"#0000CC\" vlink=\"#0000CC\" alink=\"#0000CC\">\n"; - echo "<form>\n"; -@@ -118,6 +119,7 @@ - ## Set Page Title and Include Header - $pgtitle = "pfSense webGUI"; - include("head.inc"); -+ echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/interfaces_assign.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/interfaces_assign.php,v -retrieving revision 1.13.2.11.2.2 -diff -u -r1.13.2.11.2.2 interfaces_assign.php ---- usr/local/www/interfaces_assign.php 24 Apr 2007 01:00:36 -0000 1.13.2.11.2.2 -+++ usr/local/www/interfaces_assign.php 8 Sep 2007 18:51:21 -0000 -@@ -193,6 +193,7 @@ - - $pgtitle = "Interfaces: Assign"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - if(file_exists("/var/run/interface_mismatch_reboot_needed")) - if ($_POST) -Index: usr/local/www/interfaces_lan.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/interfaces_lan.php,v -retrieving revision 1.49.2.23.2.1 -diff -u -r1.49.2.23.2.1 interfaces_lan.php ---- usr/local/www/interfaces_lan.php 6 Jul 2007 18:10:05 -0000 1.49.2.23.2.1 -+++ usr/local/www/interfaces_lan.php 8 Sep 2007 18:51:29 -0000 -@@ -138,6 +138,7 @@ - - $pgtitle = "Interfaces: LAN"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/interfaces_opt.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/interfaces_opt.php,v -retrieving revision 1.56.2.25 -diff -u -r1.56.2.25 interfaces_opt.php ---- usr/local/www/interfaces_opt.php 9 Jan 2007 17:40:16 -0000 1.56.2.25 -+++ usr/local/www/interfaces_opt.php 8 Sep 2007 18:52:02 -0000 -@@ -228,6 +228,8 @@ - - $pgtitle = "Interfaces: Optional {$index} (" . htmlspecialchars($optcfg['descr']) . ")"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/interfaces_vlan.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/interfaces_vlan.php,v -retrieving revision 1.9.2.3 -diff -u -r1.9.2.3 interfaces_vlan.php ---- usr/local/www/interfaces_vlan.php 25 Jan 2007 22:26:20 -0000 1.9.2.3 -+++ usr/local/www/interfaces_vlan.php 8 Sep 2007 18:52:16 -0000 -@@ -88,6 +88,7 @@ - - $pgtitle = "Interfaces: VLAN"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/interfaces_vlan_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/interfaces_vlan_edit.php,v -retrieving revision 1.10.2.4 -diff -u -r1.10.2.4 interfaces_vlan_edit.php ---- usr/local/www/interfaces_vlan_edit.php 14 Mar 2007 21:15:41 -0000 1.10.2.4 -+++ usr/local/www/interfaces_vlan_edit.php 8 Sep 2007 18:52:28 -0000 -@@ -98,6 +98,7 @@ - - $pgtitle = "Firewall: VLAN: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/interfaces_wan.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/interfaces_wan.php,v -retrieving revision 1.37.2.24.2.1 -diff -u -r1.37.2.24.2.1 interfaces_wan.php ---- usr/local/www/interfaces_wan.php 17 May 2007 13:52:34 -0000 1.37.2.24.2.1 -+++ usr/local/www/interfaces_wan.php 8 Sep 2007 19:09:08 -0000 -@@ -519,6 +519,8 @@ - $pgtitle = "Interfaces: WAN"; - $closehead = false; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/interfaces_wlan_scan.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/interfaces_wlan_scan.php,v -retrieving revision 1.3.2.1 -diff -u -r1.3.2.1 interfaces_wlan_scan.php ---- usr/local/www/interfaces_wlan_scan.php 2 Jan 2006 23:46:24 -0000 1.3.2.1 -+++ usr/local/www/interfaces_wlan_scan.php 8 Sep 2007 18:53:12 -0000 -@@ -36,6 +36,7 @@ - - $pgtitle = "Interfaces: Scan Wireless"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/license.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/license.php,v -retrieving revision 1.6.4.5 -diff -u -r1.6.4.5 license.php ---- usr/local/www/license.php 23 Feb 2007 00:40:28 -0000 1.6.4.5 -+++ usr/local/www/license.php 8 Sep 2007 18:53:20 -0000 -@@ -3,6 +3,7 @@ - require("guiconfig.inc"); - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - ?> - - -Index: usr/local/www/load_balancer_pool.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/load_balancer_pool.php,v -retrieving revision 1.5.2.6.2.1 -diff -u -r1.5.2.6.2.1 load_balancer_pool.php ---- usr/local/www/load_balancer_pool.php 8 May 2007 22:06:49 -0000 1.5.2.6.2.1 -+++ usr/local/www/load_balancer_pool.php 8 Sep 2007 18:53:27 -0000 -@@ -76,6 +76,7 @@ - - $pgtitle = "Load Balancer: Pool"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/load_balancer_pool_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/load_balancer_pool_edit.php,v -retrieving revision 1.24.2.23.2.2 -diff -u -r1.24.2.23.2.2 load_balancer_pool_edit.php ---- usr/local/www/load_balancer_pool_edit.php 20 Jun 2007 23:24:56 -0000 1.24.2.23.2.2 -+++ usr/local/www/load_balancer_pool_edit.php 8 Sep 2007 18:53:32 -0000 -@@ -165,6 +165,7 @@ - - $pgtitle = "Load Balancer: Pool: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/load_balancer_virtual_server.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/load_balancer_virtual_server.php,v -retrieving revision 1.6.2.1.2.1 -diff -u -r1.6.2.1.2.1 load_balancer_virtual_server.php ---- usr/local/www/load_balancer_virtual_server.php 8 May 2007 22:06:49 -0000 1.6.2.1.2.1 -+++ usr/local/www/load_balancer_virtual_server.php 8 Sep 2007 18:53:38 -0000 -@@ -66,6 +66,7 @@ - - $pgtitle = "Services: Load Balancer: Virtual Servers"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/load_balancer_virtual_server_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/load_balancer_virtual_server_edit.php,v -retrieving revision 1.16.2.5 -diff -u -r1.16.2.5 load_balancer_virtual_server_edit.php ---- usr/local/www/load_balancer_virtual_server_edit.php 28 May 2006 18:53:19 -0000 1.16.2.5 -+++ usr/local/www/load_balancer_virtual_server_edit.php 8 Sep 2007 18:53:45 -0000 -@@ -113,6 +113,7 @@ - - $pgtitle = "Load Balancer: Virtual Server: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/pkg.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/pkg.php,v -retrieving revision 1.41.4.4 -diff -u -r1.41.4.4 pkg.php ---- usr/local/www/pkg.php 21 Feb 2007 03:56:09 -0000 1.41.4.4 -+++ usr/local/www/pkg.php 8 Sep 2007 18:54:16 -0000 -@@ -99,6 +99,7 @@ - - $pgtitle = $title; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/pkg_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/pkg_edit.php,v -retrieving revision 1.90.2.24 -diff -u -r1.90.2.24 pkg_edit.php ---- usr/local/www/pkg_edit.php 20 Jan 2007 20:52:51 -0000 1.90.2.24 -+++ usr/local/www/pkg_edit.php 8 Sep 2007 18:54:41 -0000 -@@ -102,9 +102,10 @@ - } else { - if($pkg['custom_add_php_command']) { - if($pkg['donotsave'] <> "" or $pkg['preoutput'] <> "") { -- ?> - --<?php include("head.inc"); ?> -+include("head.inc"); -+echo $pfSenseHead->getHTML(); -+?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc"); ?> - <?php -Index: usr/local/www/pkg_mgr.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/pkg_mgr.php,v -retrieving revision 1.64.2.12 -diff -u -r1.64.2.12 pkg_mgr.php ---- usr/local/www/pkg_mgr.php 25 Aug 2006 23:04:56 -0000 1.64.2.12 -+++ usr/local/www/pkg_mgr.php 8 Sep 2007 18:55:09 -0000 -@@ -54,6 +54,7 @@ - - $pgtitle = "System: Package Manager"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/pkg_mgr_install.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/pkg_mgr_install.php,v -retrieving revision 1.147.2.10 -diff -u -r1.147.2.10 pkg_mgr_install.php ---- usr/local/www/pkg_mgr_install.php 2 Feb 2007 17:47:53 -0000 1.147.2.10 -+++ usr/local/www/pkg_mgr_install.php 8 Sep 2007 18:55:12 -0000 -@@ -39,6 +39,7 @@ - - $pgtitle = "System: Package Manager: Install Package"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/pkg_mgr_installed.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/pkg_mgr_installed.php,v -retrieving revision 1.43.4.5 -diff -u -r1.43.4.5 pkg_mgr_installed.php ---- usr/local/www/pkg_mgr_installed.php 25 Aug 2006 23:04:57 -0000 1.43.4.5 -+++ usr/local/www/pkg_mgr_installed.php 8 Sep 2007 18:55:17 -0000 -@@ -39,6 +39,7 @@ - - $pgtitle = "System: Package Manager"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/reboot.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/reboot.php,v -retrieving revision 1.7.2.5 -diff -u -r1.7.2.5 reboot.php ---- usr/local/www/reboot.php 11 Feb 2006 03:04:21 -0000 1.7.2.5 -+++ usr/local/www/reboot.php 8 Sep 2007 18:55:31 -0000 -@@ -42,6 +42,7 @@ - - $pgtitle = "Diagnostics: Reboot System"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/restart_httpd.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/restart_httpd.php,v -retrieving revision 1.3.2.1 -diff -u -r1.3.2.1 restart_httpd.php ---- usr/local/www/restart_httpd.php 2 Jan 2006 23:46:24 -0000 1.3.2.1 -+++ usr/local/www/restart_httpd.php 8 Sep 2007 18:55:37 -0000 -@@ -30,6 +30,7 @@ - require_once("system.inc"); - $pgtitle = "Restarting mini_httpd"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - ?> - - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/services_captiveportal.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_captiveportal.php,v -retrieving revision 1.51.2.23.2.1 -diff -u -r1.51.2.23.2.1 services_captiveportal.php ---- usr/local/www/services_captiveportal.php 9 May 2007 02:09:43 -0000 1.51.2.23.2.1 -+++ usr/local/www/services_captiveportal.php 8 Sep 2007 18:56:01 -0000 -@@ -197,6 +197,8 @@ - } - } - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - ?> - <?php include("fbegin.inc"); ?> - <script language="JavaScript"> -Index: usr/local/www/services_captiveportal_filemanager.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_captiveportal_filemanager.php,v -retrieving revision 1.4.2.4.2.2 -diff -u -r1.4.2.4.2.2 services_captiveportal_filemanager.php ---- usr/local/www/services_captiveportal_filemanager.php 9 May 2007 02:09:43 -0000 1.4.2.4.2.2 -+++ usr/local/www/services_captiveportal_filemanager.php 8 Sep 2007 18:56:24 -0000 -@@ -98,6 +98,7 @@ - } - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/services_captiveportal_ip.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_captiveportal_ip.php,v -retrieving revision 1.30.2.6.2.2 -diff -u -r1.30.2.6.2.2 services_captiveportal_ip.php ---- usr/local/www/services_captiveportal_ip.php 9 May 2007 02:09:43 -0000 1.30.2.6.2.2 -+++ usr/local/www/services_captiveportal_ip.php 8 Sep 2007 18:56:32 -0000 -@@ -69,6 +69,7 @@ - - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - ?> - <?php include("fbegin.inc"); ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/services_captiveportal_ip_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_captiveportal_ip_edit.php,v -retrieving revision 1.17.2.2.2.1 -diff -u -r1.17.2.2.2.1 services_captiveportal_ip_edit.php ---- usr/local/www/services_captiveportal_ip_edit.php 9 May 2007 02:09:43 -0000 1.17.2.2.2.1 -+++ usr/local/www/services_captiveportal_ip_edit.php 8 Sep 2007 18:56:39 -0000 -@@ -93,6 +93,7 @@ - } - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/services_captiveportal_mac.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_captiveportal_mac.php,v -retrieving revision 1.35.2.6.2.1 -diff -u -r1.35.2.6.2.1 services_captiveportal_mac.php ---- usr/local/www/services_captiveportal_mac.php 9 May 2007 02:09:43 -0000 1.35.2.6.2.1 -+++ usr/local/www/services_captiveportal_mac.php 8 Sep 2007 18:56:45 -0000 -@@ -68,6 +68,7 @@ - } - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/services_captiveportal_mac_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_captiveportal_mac_edit.php,v -retrieving revision 1.16.2.2.2.1 -diff -u -r1.16.2.2.2.1 services_captiveportal_mac_edit.php ---- usr/local/www/services_captiveportal_mac_edit.php 9 May 2007 02:09:43 -0000 1.16.2.2.2.1 -+++ usr/local/www/services_captiveportal_mac_edit.php 8 Sep 2007 18:57:06 -0000 -@@ -92,6 +92,7 @@ - } - } - include("head.inc"); -+echo $pfSenseHead->getHTML(); - ?> - <?php include("fbegin.inc"); ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/services_captiveportal_users.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_captiveportal_users.php,v -retrieving revision 1.24.2.3.2.2 -diff -u -r1.24.2.3.2.2 services_captiveportal_users.php ---- usr/local/www/services_captiveportal_users.php 9 May 2007 02:09:43 -0000 1.24.2.3.2.2 -+++ usr/local/www/services_captiveportal_users.php 8 Sep 2007 18:57:13 -0000 -@@ -63,6 +63,7 @@ - } - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/services_captiveportal_users_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_captiveportal_users_edit.php,v -retrieving revision 1.7.2.3.2.1 -diff -u -r1.7.2.3.2.1 services_captiveportal_users_edit.php ---- usr/local/www/services_captiveportal_users_edit.php 9 May 2007 02:09:43 -0000 1.7.2.3.2.1 -+++ usr/local/www/services_captiveportal_users_edit.php 8 Sep 2007 18:57:20 -0000 -@@ -124,6 +124,7 @@ - } - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/services_dhcp.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_dhcp.php,v -retrieving revision 1.38.2.18.2.2 -diff -u -r1.38.2.18.2.2 services_dhcp.php ---- usr/local/www/services_dhcp.php 8 May 2007 22:06:49 -0000 1.38.2.18.2.2 -+++ usr/local/www/services_dhcp.php 8 Sep 2007 18:57:42 -0000 -@@ -255,6 +255,8 @@ - - $pgtitle = "Services: DHCP server"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false): -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_dhcp_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_dhcp_edit.php,v -retrieving revision 1.18.2.5.2.1 -diff -u -r1.18.2.5.2.1 services_dhcp_edit.php ---- usr/local/www/services_dhcp_edit.php 8 May 2007 18:58:26 -0000 1.18.2.5.2.1 -+++ usr/local/www/services_dhcp_edit.php 8 Sep 2007 18:57:48 -0000 -@@ -147,6 +147,7 @@ - - $pgtitle = "Services: DHCP: Edit static mapping"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_dhcp_relay.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_dhcp_relay.php,v -retrieving revision 1.8.2.3.2.2 -diff -u -r1.8.2.3.2.2 services_dhcp_relay.php ---- usr/local/www/services_dhcp_relay.php 23 May 2007 21:08:15 -0000 1.8.2.3.2.2 -+++ usr/local/www/services_dhcp_relay.php 8 Sep 2007 18:58:08 -0000 -@@ -141,6 +141,8 @@ - - $pgtitle = "Services: DHCP Relay"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_dnsmasq.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_dnsmasq.php,v -retrieving revision 1.17.4.4.2.1 -diff -u -r1.17.4.4.2.1 services_dnsmasq.php ---- usr/local/www/services_dnsmasq.php 8 May 2007 22:06:49 -0000 1.17.4.4.2.1 -+++ usr/local/www/services_dnsmasq.php 8 Sep 2007 18:58:55 -0000 -@@ -93,6 +93,8 @@ - - $pgtitle = "Services: DNS forwarder"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_dnsmasq_domainoverride_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_dnsmasq_domainoverride_edit.php,v -retrieving revision 1.7.4.2 -diff -u -r1.7.4.2 services_dnsmasq_domainoverride_edit.php ---- usr/local/www/services_dnsmasq_domainoverride_edit.php 2 Jan 2006 23:46:24 -0000 1.7.4.2 -+++ usr/local/www/services_dnsmasq_domainoverride_edit.php 8 Sep 2007 18:59:01 -0000 -@@ -96,6 +96,7 @@ - - $pgtitle = "Services: DNS forwarder: Edit Domain Override"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_dnsmasq_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_dnsmasq_edit.php,v -retrieving revision 1.11.4.2 -diff -u -r1.11.4.2 services_dnsmasq_edit.php ---- usr/local/www/services_dnsmasq_edit.php 2 Jan 2006 23:46:24 -0000 1.11.4.2 -+++ usr/local/www/services_dnsmasq_edit.php 8 Sep 2007 18:59:09 -0000 -@@ -102,6 +102,7 @@ - - $pgtitle = "Services: DNS forwarder: Edit host"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_dyndns.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_dyndns.php,v -retrieving revision 1.12.2.9 -diff -u -r1.12.2.9 services_dyndns.php ---- usr/local/www/services_dyndns.php 7 Feb 2007 03:42:33 -0000 1.12.2.9 -+++ usr/local/www/services_dyndns.php 8 Sep 2007 18:59:40 -0000 -@@ -128,6 +128,8 @@ - - $pgtitle = "Services: Dynamic DNS client"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_proxyarp.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_proxyarp.php,v -retrieving revision 1.16.2.1 -diff -u -r1.16.2.1 services_proxyarp.php ---- usr/local/www/services_proxyarp.php 2 Jan 2006 23:46:24 -0000 1.16.2.1 -+++ usr/local/www/services_proxyarp.php 8 Sep 2007 18:59:47 -0000 -@@ -66,6 +66,7 @@ - - $pgtitle = "Services: Proxy ARP"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_proxyarp_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_proxyarp_edit.php,v -retrieving revision 1.13.4.2 -diff -u -r1.13.4.2 services_proxyarp_edit.php ---- usr/local/www/services_proxyarp_edit.php 2 Jan 2006 23:46:24 -0000 1.13.4.2 -+++ usr/local/www/services_proxyarp_edit.php 8 Sep 2007 19:00:15 -0000 -@@ -133,6 +133,8 @@ - - $pgtitle = "Services: Proxy ARP: Edit"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_snmp.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_snmp.php,v -retrieving revision 1.9.4.12 -diff -u -r1.9.4.12 services_snmp.php ---- usr/local/www/services_snmp.php 4 Mar 2007 21:18:17 -0000 1.9.4.12 -+++ usr/local/www/services_snmp.php 8 Sep 2007 19:00:58 -0000 -@@ -145,6 +145,8 @@ - - $pgtitle = "Services: SNMP"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - <script language="JavaScript"> -Index: usr/local/www/services_usermanager.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_usermanager.php,v -retrieving revision 1.10.4.1 -diff -u -r1.10.4.1 services_usermanager.php ---- usr/local/www/services_usermanager.php 2 Jan 2006 23:46:24 -0000 1.10.4.1 -+++ usr/local/www/services_usermanager.php 8 Sep 2007 19:01:11 -0000 -@@ -77,6 +77,7 @@ - - $pgtitle = "Services: User Manager"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_wol.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_wol.php,v -retrieving revision 1.12.2.2.2.1 -diff -u -r1.12.2.2.2.1 services_wol.php ---- usr/local/www/services_wol.php 8 May 2007 22:06:49 -0000 1.12.2.2.2.1 -+++ usr/local/www/services_wol.php 8 Sep 2007 19:01:15 -0000 -@@ -92,6 +92,7 @@ - - $pgtitle = "Services: Wake on LAN"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/services_wol_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/services_wol_edit.php,v -retrieving revision 1.11.2.2 -diff -u -r1.11.2.2 services_wol_edit.php ---- usr/local/www/services_wol_edit.php 2 Jan 2006 23:46:24 -0000 1.11.2.2 -+++ usr/local/www/services_wol_edit.php 8 Sep 2007 19:01:21 -0000 -@@ -91,6 +91,7 @@ - - $pgtitle = "Services: Wake on LAN: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/status.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status.php,v -retrieving revision 1.24.2.9 -diff -u -r1.24.2.9 status.php ---- usr/local/www/status.php 27 Mar 2007 20:34:35 -0000 1.24.2.9 -+++ usr/local/www/status.php 8 Sep 2007 19:02:02 -0000 -@@ -160,6 +160,8 @@ - - $pgtitle = "pfSense: status"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - <style type="text/css"> -@@ -172,6 +174,7 @@ - } - --> - </style> -+</head> - - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/status_captiveportal.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_captiveportal.php,v -retrieving revision 1.7.2.4 -diff -u -r1.7.2.4 status_captiveportal.php ---- usr/local/www/status_captiveportal.php 3 Apr 2006 21:05:12 -0000 1.7.2.4 -+++ usr/local/www/status_captiveportal.php 8 Sep 2007 19:02:17 -0000 -@@ -36,6 +36,7 @@ - $pgtitle = "Status: Captive portal ({$concurrent})"; - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/status_filter_reload.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_filter_reload.php,v -retrieving revision 1.1.2.8 -diff -u -r1.1.2.8 status_filter_reload.php ---- usr/local/www/status_filter_reload.php 5 Apr 2006 02:01:18 -0000 1.1.2.8 -+++ usr/local/www/status_filter_reload.php 8 Sep 2007 19:02:22 -0000 -@@ -33,6 +33,7 @@ - $pgtitle = "Diagnostics: Filter Reload Status"; - - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - if(file_exists("{$g['varrun_path']}/filter_reload_status")) - $status = file_get_contents("{$g['varrun_path']}/filter_reload_status"); -Index: usr/local/www/status_graph.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_graph.php,v -retrieving revision 1.14.2.5.2.2 -diff -u -r1.14.2.5.2.2 status_graph.php ---- usr/local/www/status_graph.php 24 Apr 2007 21:25:11 -0000 1.14.2.5.2.2 -+++ usr/local/www/status_graph.php 8 Sep 2007 19:02:27 -0000 -@@ -54,6 +54,7 @@ - - $pgtitle = "Status: Traffic Graph"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/status_interfaces.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_interfaces.php,v -retrieving revision 1.29.2.13.2.3 -diff -u -r1.29.2.13.2.3 status_interfaces.php ---- usr/local/www/status_interfaces.php 30 May 2007 16:11:26 -0000 1.29.2.13.2.3 -+++ usr/local/www/status_interfaces.php 8 Sep 2007 19:02:33 -0000 -@@ -61,6 +61,7 @@ - - $pgtitle = "Status: Interfaces"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/status_queues.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_queues.php,v -retrieving revision 1.25.2.10 -diff -u -r1.25.2.10 status_queues.php ---- usr/local/www/status_queues.php 24 Apr 2006 22:02:15 -0000 1.25.2.10 -+++ usr/local/www/status_queues.php 8 Sep 2007 19:02:40 -0000 -@@ -53,6 +53,7 @@ - - $pgtitle = "Status: Traffic shaper: Queues"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/status_rrd_graph.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_rrd_graph.php,v -retrieving revision 1.7.2.31.2.1 -diff -u -r1.7.2.31.2.1 status_rrd_graph.php ---- usr/local/www/status_rrd_graph.php 6 Jul 2007 21:43:43 -0000 1.7.2.31.2.1 -+++ usr/local/www/status_rrd_graph.php 8 Sep 2007 19:03:22 -0000 -@@ -78,10 +78,13 @@ - - $pgtitle = gettext("Status: RRD Graphs"); - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> - <script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script> -+</head> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc"); ?> - <p class="pgtitle"><?=$pgtitle?></p> -Index: usr/local/www/status_services.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_services.php,v -retrieving revision 1.40.2.19.2.4 -diff -u -r1.40.2.19.2.4 status_services.php ---- usr/local/www/status_services.php 2 Jun 2007 20:47:41 -0000 1.40.2.19.2.4 -+++ usr/local/www/status_services.php 8 Sep 2007 19:03:38 -0000 -@@ -142,6 +142,7 @@ - - $pgtitle = "Status: Services"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/status_slbd_pool.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_slbd_pool.php,v -retrieving revision 1.3.2.4.2.1 -diff -u -r1.3.2.4.2.1 status_slbd_pool.php ---- usr/local/www/status_slbd_pool.php 28 Apr 2007 16:46:56 -0000 1.3.2.4.2.1 -+++ usr/local/www/status_slbd_pool.php 8 Sep 2007 19:03:44 -0000 -@@ -47,6 +47,7 @@ - - $pgtitle = "Status: Load Balancer: Pool"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/status_slbd_vs.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_slbd_vs.php,v -retrieving revision 1.2.2.2 -diff -u -r1.2.2.2 status_slbd_vs.php ---- usr/local/www/status_slbd_vs.php 8 May 2007 16:29:17 -0000 1.2.2.2 -+++ usr/local/www/status_slbd_vs.php 8 Sep 2007 19:03:50 -0000 -@@ -51,6 +51,7 @@ - - $pgtitle = "Status: Load Balancer: Virtual Server"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/status_upnp.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_upnp.php,v -retrieving revision 1.1.2.3.2.1 -diff -u -r1.1.2.3.2.1 status_upnp.php ---- usr/local/www/status_upnp.php 23 May 2007 20:26:19 -0000 1.1.2.3.2.1 -+++ usr/local/www/status_upnp.php 8 Sep 2007 19:04:09 -0000 -@@ -49,7 +49,7 @@ - /* put your custom HTML head content here */ - /* using some of the $pfSenseHead function calls */ - //$pfSenseHead->addMeta("<meta http-equiv=\"refresh\" content=\"120;url={$_SERVER['SCRIPT_NAME']}\" />"); --//echo $pfSenseHead->getHTML(); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/status_wireless.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/status_wireless.php,v -retrieving revision 1.9.2.9 -diff -u -r1.9.2.9 status_wireless.php ---- usr/local/www/status_wireless.php 5 May 2006 21:31:47 -0000 1.9.2.9 -+++ usr/local/www/status_wireless.php 8 Sep 2007 19:04:16 -0000 -@@ -36,6 +36,7 @@ - - $pgtitle = "Diagnostics: Wireless Status"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - $if = $_POST['if']; - if($_GET['if'] <> "") -Index: usr/local/www/system.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/system.php,v -retrieving revision 1.41.2.7.2.1 -diff -u -r1.41.2.7.2.1 system.php ---- usr/local/www/system.php 6 Jul 2007 18:30:31 -0000 1.41.2.7.2.1 -+++ usr/local/www/system.php 8 Sep 2007 19:04:21 -0000 -@@ -190,6 +190,7 @@ - - $pgtitle = "System: General Setup"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/system_advanced.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/system_advanced.php,v -retrieving revision 1.114.2.46.2.4 -diff -u -r1.114.2.46.2.4 system_advanced.php ---- usr/local/www/system_advanced.php 21 Jul 2007 21:22:18 -0000 1.114.2.46.2.4 -+++ usr/local/www/system_advanced.php 8 Sep 2007 19:04:26 -0000 -@@ -266,6 +266,7 @@ - - $pgtitle = "System: Advanced functions"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/system_advanced_create_certs.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/system_advanced_create_certs.php,v -retrieving revision 1.14.4.4 -diff -u -r1.14.4.4 system_advanced_create_certs.php ---- usr/local/www/system_advanced_create_certs.php 19 Jan 2006 05:58:23 -0000 1.14.4.4 -+++ usr/local/www/system_advanced_create_certs.php 8 Sep 2007 19:04:32 -0000 -@@ -140,6 +140,7 @@ - - $pgtitle = "System: Advanced functions: Create Certificates"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/system_firmware.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/system_firmware.php,v -retrieving revision 1.73.2.12 -diff -u -r1.73.2.12 system_firmware.php ---- usr/local/www/system_firmware.php 14 Mar 2007 19:22:10 -0000 1.73.2.12 -+++ usr/local/www/system_firmware.php 8 Sep 2007 19:04:47 -0000 -@@ -37,6 +37,7 @@ - if(file_exists($d_firmwarelock_path)) { - $pgtitle = "System: Firmware: Manual Update"; - include("head.inc"); -+ echo $pfSenseHead->getHTML(); - echo "<body link=\"#0000CC\" vlink=\"#0000CC\" alink=\"#0000CC\">\n"; - include("fbegin.inc"); - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>\n"; -@@ -124,6 +125,7 @@ - - $pgtitle = "System: Firmware: Manual Update"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/system_firmware_auto.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/system_firmware_auto.php,v -retrieving revision 1.52.4.2 -diff -u -r1.52.4.2 system_firmware_auto.php ---- usr/local/www/system_firmware_auto.php 15 Apr 2006 16:50:47 -0000 1.52.4.2 -+++ usr/local/www/system_firmware_auto.php 8 Sep 2007 19:05:05 -0000 -@@ -41,6 +41,7 @@ - - $pgtitle = "System: Firmware: Auto Update"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/system_firmware_check.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/system_firmware_check.php,v -retrieving revision 1.38.4.3 -diff -u -r1.38.4.3 system_firmware_check.php ---- usr/local/www/system_firmware_check.php 15 Apr 2006 16:50:47 -0000 1.38.4.3 -+++ usr/local/www/system_firmware_check.php 8 Sep 2007 19:05:21 -0000 -@@ -39,6 +39,7 @@ - $versions = check_firmware_version(); - $pgtitle = "System: Firmware: Auto Update"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/system_firmware_settings.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/system_firmware_settings.php,v -retrieving revision 1.15.2.4 -diff -u -r1.15.2.4 system_firmware_settings.php ---- usr/local/www/system_firmware_settings.php 15 Apr 2006 16:50:47 -0000 1.15.2.4 -+++ usr/local/www/system_firmware_settings.php 8 Sep 2007 19:06:04 -0000 -@@ -57,6 +57,8 @@ - - $pgtitle = "System: Firmware: Settings"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - -@@ -88,7 +90,7 @@ - - // --> - </script> -- -+</head> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc");?> - <p class="pgtitle"><?=$pgtitle?></p> -Index: usr/local/www/system_routes.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/system_routes.php,v -retrieving revision 1.16.2.4.2.2 -diff -u -r1.16.2.4.2.2 system_routes.php ---- usr/local/www/system_routes.php 10 May 2007 16:06:32 -0000 1.16.2.4.2.2 -+++ usr/local/www/system_routes.php 8 Sep 2007 19:06:11 -0000 -@@ -89,6 +89,7 @@ - - $pgtitle = "System: Static Routes"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/system_routes_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/system_routes_edit.php,v -retrieving revision 1.9.4.4.2.1 -diff -u -r1.9.4.4.2.1 system_routes_edit.php ---- usr/local/www/system_routes_edit.php 10 May 2007 16:06:32 -0000 1.9.4.4.2.1 -+++ usr/local/www/system_routes_edit.php 8 Sep 2007 19:06:16 -0000 -@@ -112,6 +112,7 @@ - - $pgtitle = "System: Static Routes: Edit route"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_ipsec.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_ipsec.php,v -retrieving revision 1.28.2.10.2.5 -diff -u -r1.28.2.10.2.5 vpn_ipsec.php ---- usr/local/www/vpn_ipsec.php 5 Jun 2007 00:23:07 -0000 1.28.2.10.2.5 -+++ usr/local/www/vpn_ipsec.php 8 Sep 2007 19:06:38 -0000 -@@ -84,6 +84,7 @@ - - $pgtitle = "VPN: IPsec"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_ipsec_ca.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_ipsec_ca.php,v -retrieving revision 1.12.4.2 -diff -u -r1.12.4.2 vpn_ipsec_ca.php ---- usr/local/www/vpn_ipsec_ca.php 18 Mar 2007 03:37:06 -0000 1.12.4.2 -+++ usr/local/www/vpn_ipsec_ca.php 8 Sep 2007 19:06:42 -0000 -@@ -48,6 +48,7 @@ - - $pgtitle = "VPN: IPsec: Certificate Authority"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_ipsec_ca_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_ipsec_ca_edit.php,v -retrieving revision 1.12.4.2 -diff -u -r1.12.4.2 vpn_ipsec_ca_edit.php ---- usr/local/www/vpn_ipsec_ca_edit.php 2 Jan 2006 23:46:25 -0000 1.12.4.2 -+++ usr/local/www/vpn_ipsec_ca_edit.php 8 Sep 2007 19:06:47 -0000 -@@ -94,6 +94,7 @@ - - $pgtitle = "VPN: IPsec: Certificate Authority: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_ipsec_ca_edit_create_cert.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_ipsec_ca_edit_create_cert.php,v -retrieving revision 1.13.4.1 -diff -u -r1.13.4.1 vpn_ipsec_ca_edit_create_cert.php ---- usr/local/www/vpn_ipsec_ca_edit_create_cert.php 2 Jan 2006 23:46:25 -0000 1.13.4.1 -+++ usr/local/www/vpn_ipsec_ca_edit_create_cert.php 8 Sep 2007 19:06:53 -0000 -@@ -143,6 +143,7 @@ - - $pgtitle = "VPN: IPSec: Certificate Authority: Create Certificate"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/vpn_ipsec_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_ipsec_edit.php,v -retrieving revision 1.29.2.13.2.1 -diff -u -r1.29.2.13.2.1 vpn_ipsec_edit.php ---- usr/local/www/vpn_ipsec_edit.php 8 May 2007 22:06:49 -0000 1.29.2.13.2.1 -+++ usr/local/www/vpn_ipsec_edit.php 8 Sep 2007 19:06:58 -0000 -@@ -263,6 +263,7 @@ - - $pgtitle = "VPN: IPsec: Edit tunnel"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_ipsec_keys.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_ipsec_keys.php,v -retrieving revision 1.15.4.2.2.1 -diff -u -r1.15.4.2.2.1 vpn_ipsec_keys.php ---- usr/local/www/vpn_ipsec_keys.php 8 May 2007 22:06:49 -0000 1.15.4.2.2.1 -+++ usr/local/www/vpn_ipsec_keys.php 8 Sep 2007 19:07:03 -0000 -@@ -48,6 +48,7 @@ - - $pgtitle = "VPN: IPsec: Keys"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_ipsec_keys_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_ipsec_keys_edit.php,v -retrieving revision 1.11.4.2 -diff -u -r1.11.4.2 vpn_ipsec_keys_edit.php ---- usr/local/www/vpn_ipsec_keys_edit.php 2 Jan 2006 23:46:25 -0000 1.11.4.2 -+++ usr/local/www/vpn_ipsec_keys_edit.php 8 Sep 2007 19:07:07 -0000 -@@ -92,6 +92,7 @@ - - $pgtitle = "VPN: IPsec: Edit pre-shared key"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_ipsec_mobile.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_ipsec_mobile.php,v -retrieving revision 1.12.4.2 -diff -u -r1.12.4.2 vpn_ipsec_mobile.php ---- usr/local/www/vpn_ipsec_mobile.php 18 Mar 2007 03:37:06 -0000 1.12.4.2 -+++ usr/local/www/vpn_ipsec_mobile.php 8 Sep 2007 19:07:11 -0000 -@@ -162,6 +162,7 @@ - - $pgtitle = "VPN: IPsec: Mobile"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/vpn_openvpn.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/vpn_openvpn.php,v -retrieving revision 1.13.2.2 -diff -u -r1.13.2.2 vpn_openvpn.php ---- usr/local/www/vpn_openvpn.php 30 Jan 2006 02:25:12 -0000 1.13.2.2 -+++ usr/local/www/vpn_openvpn.php 8 Sep 2007 19:07:16 -0000 -@@ -144,6 +144,7 @@ - - $pgtitle = "VPN: OpenVPN"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_openvpn_ccd.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/vpn_openvpn_ccd.php,v -retrieving revision 1.1.2.2 -diff -u -r1.1.2.2 vpn_openvpn_ccd.php ---- usr/local/www/vpn_openvpn_ccd.php 30 Jan 2006 02:25:12 -0000 1.1.2.2 -+++ usr/local/www/vpn_openvpn_ccd.php 8 Sep 2007 19:07:20 -0000 -@@ -95,6 +95,7 @@ - - $pgtitle = "VPN: OpenVPN"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/vpn_openvpn_ccd_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/vpn_openvpn_ccd_edit.php,v -retrieving revision 1.1.2.2 -diff -u -r1.1.2.2 vpn_openvpn_ccd_edit.php ---- usr/local/www/vpn_openvpn_ccd_edit.php 30 Jan 2006 02:25:12 -0000 1.1.2.2 -+++ usr/local/www/vpn_openvpn_ccd_edit.php 8 Sep 2007 19:07:26 -0000 -@@ -209,6 +209,7 @@ - - $pgtitle = "VPN: OpenVPN: Edit client-specific configuration"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/vpn_openvpn_cli.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/vpn_openvpn_cli.php,v -retrieving revision 1.16.2.3 -diff -u -r1.16.2.3 vpn_openvpn_cli.php ---- usr/local/www/vpn_openvpn_cli.php 30 Jan 2006 02:25:12 -0000 1.16.2.3 -+++ usr/local/www/vpn_openvpn_cli.php 8 Sep 2007 19:07:31 -0000 -@@ -83,6 +83,7 @@ - - $pgtitle = "VPN: OpenVPN"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/vpn_openvpn_cli_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/vpn_openvpn_cli_edit.php,v -retrieving revision 1.15.2.3 -diff -u -r1.15.2.3 vpn_openvpn_cli_edit.php ---- usr/local/www/vpn_openvpn_cli_edit.php 30 Jan 2006 02:25:12 -0000 1.15.2.3 -+++ usr/local/www/vpn_openvpn_cli_edit.php 8 Sep 2007 19:07:36 -0000 -@@ -285,6 +285,7 @@ - - $pgtitle = "VPN: OpenVPN: Edit client"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/vpn_openvpn_create_certs.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_openvpn_create_certs.php,v -retrieving revision 1.14.4.2 -diff -u -r1.14.4.2 vpn_openvpn_create_certs.php ---- usr/local/www/vpn_openvpn_create_certs.php 7 Apr 2006 21:36:51 -0000 1.14.4.2 -+++ usr/local/www/vpn_openvpn_create_certs.php 8 Sep 2007 19:07:57 -0000 -@@ -151,6 +151,8 @@ - - $pgtitle = "VPN: OpenVPN: Create Certs"; - include("head.inc"); -+$pfSenseHead->setCloseHead(false); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_openvpn_crl.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/vpn_openvpn_crl.php,v -retrieving revision 1.1.2.2 -diff -u -r1.1.2.2 vpn_openvpn_crl.php ---- usr/local/www/vpn_openvpn_crl.php 30 Jan 2006 02:25:12 -0000 1.1.2.2 -+++ usr/local/www/vpn_openvpn_crl.php 8 Sep 2007 19:08:02 -0000 -@@ -76,6 +76,7 @@ - - $pgtitle = "VPN: OpenVPN"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/vpn_openvpn_crl_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/vpn_openvpn_crl_edit.php,v -retrieving revision 1.1.2.2 -diff -u -r1.1.2.2 vpn_openvpn_crl_edit.php ---- usr/local/www/vpn_openvpn_crl_edit.php 30 Jan 2006 02:25:12 -0000 1.1.2.2 -+++ usr/local/www/vpn_openvpn_crl_edit.php 8 Sep 2007 19:08:07 -0000 -@@ -152,6 +152,7 @@ - - $pgtitle = "VPN: OpenVPN: Edit CRL"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/vpn_openvpn_srv.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/vpn_openvpn_srv.php,v -retrieving revision 1.1.2.3 -diff -u -r1.1.2.3 vpn_openvpn_srv.php ---- usr/local/www/vpn_openvpn_srv.php 30 Jan 2006 02:25:12 -0000 1.1.2.3 -+++ usr/local/www/vpn_openvpn_srv.php 8 Sep 2007 19:08:11 -0000 -@@ -84,6 +84,7 @@ - - $pgtitle = "VPN: OpenVPN"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <?php include("fbegin.inc"); ?> -Index: usr/local/www/vpn_openvpn_srv_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/Attic/vpn_openvpn_srv_edit.php,v -retrieving revision 1.1.2.3 -diff -u -r1.1.2.3 vpn_openvpn_srv_edit.php ---- usr/local/www/vpn_openvpn_srv_edit.php 30 Jan 2006 02:25:12 -0000 1.1.2.3 -+++ usr/local/www/vpn_openvpn_srv_edit.php 8 Sep 2007 19:08:16 -0000 -@@ -513,6 +513,7 @@ - - $pgtitle = "VPN: OpenVPN: Edit server"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/vpn_pppoe.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_pppoe.php,v -retrieving revision 1.14.2.8.2.1 -diff -u -r1.14.2.8.2.1 vpn_pppoe.php ---- usr/local/www/vpn_pppoe.php 27 Apr 2007 20:19:26 -0000 1.14.2.8.2.1 -+++ usr/local/www/vpn_pppoe.php 8 Sep 2007 19:08:22 -0000 -@@ -139,6 +139,7 @@ - - $pgtitle = "VPN: PPPoE"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_pppoe_users.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_pppoe_users.php,v -retrieving revision 1.5.2.4.2.1 -diff -u -r1.5.2.4.2.1 vpn_pppoe_users.php ---- usr/local/www/vpn_pppoe_users.php 8 May 2007 22:06:49 -0000 1.5.2.4.2.1 -+++ usr/local/www/vpn_pppoe_users.php 8 Sep 2007 19:08:26 -0000 -@@ -67,6 +67,7 @@ - - $pgtitle = "VPN: PPPoE: Users"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_pppoe_users_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_pppoe_users_edit.php,v -retrieving revision 1.3.2.3 -diff -u -r1.3.2.3 vpn_pppoe_users_edit.php ---- usr/local/www/vpn_pppoe_users_edit.php 11 Mar 2006 20:35:47 -0000 1.3.2.3 -+++ usr/local/www/vpn_pppoe_users_edit.php 8 Sep 2007 19:08:32 -0000 -@@ -113,6 +113,7 @@ - - $pgtitle = "VPN: PPPoE: User: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/vpn_pptp.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_pptp.php,v -retrieving revision 1.21.2.5 -diff -u -r1.21.2.5 vpn_pptp.php ---- usr/local/www/vpn_pptp.php 5 May 2006 02:15:20 -0000 1.21.2.5 -+++ usr/local/www/vpn_pptp.php 8 Sep 2007 19:08:36 -0000 -@@ -148,6 +148,7 @@ - - $pgtitle = "VPN PPTP"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_pptp_users.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_pptp_users.php,v -retrieving revision 1.16.2.3.2.1 -diff -u -r1.16.2.3.2.1 vpn_pptp_users.php ---- usr/local/www/vpn_pptp_users.php 8 May 2007 22:06:49 -0000 1.16.2.3.2.1 -+++ usr/local/www/vpn_pptp_users.php 8 Sep 2007 19:08:42 -0000 -@@ -65,6 +65,7 @@ - - $pgtitle = "VPN: PPTP: Users"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - -Index: usr/local/www/vpn_pptp_users_edit.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/vpn_pptp_users_edit.php,v -retrieving revision 1.12.4.3 -diff -u -r1.12.4.3 vpn_pptp_users_edit.php ---- usr/local/www/vpn_pptp_users_edit.php 19 Jan 2007 16:39:07 -0000 1.12.4.3 -+++ usr/local/www/vpn_pptp_users_edit.php 8 Sep 2007 19:08:47 -0000 -@@ -110,6 +110,7 @@ - - $pgtitle = "VPN: PPTP: User: Edit"; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -Index: usr/local/www/wizard.php -=================================================================== -RCS file: /cvsroot/pfSense/usr/local/www/wizard.php,v -retrieving revision 1.46.2.15 -diff -u -r1.46.2.15 wizard.php ---- usr/local/www/wizard.php 6 Feb 2007 19:33:01 -0000 1.46.2.15 -+++ usr/local/www/wizard.php 8 Sep 2007 19:08:58 -0000 -@@ -148,6 +148,7 @@ - - $pgtitle = $title; - include("head.inc"); -+echo $pfSenseHead->getHTML(); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onLoad="enablechange();"> diff --git a/config/authng/doc/images/pfSense-AuthMethods.png b/config/authng/doc/images/pfSense-AuthMethods.png Binary files differdeleted file mode 100644 index afd62083..00000000 --- a/config/authng/doc/images/pfSense-AuthMethods.png +++ /dev/null diff --git a/config/authng/doc/images/pfSense-Backends.png b/config/authng/doc/images/pfSense-Backends.png Binary files differdeleted file mode 100644 index 9086f5d4..00000000 --- a/config/authng/doc/images/pfSense-Backends.png +++ /dev/null diff --git a/config/authng/doc/images/pfSense-Peers.png b/config/authng/doc/images/pfSense-Peers.png Binary files differdeleted file mode 100644 index b1ca8ea7..00000000 --- a/config/authng/doc/images/pfSense-Peers.png +++ /dev/null diff --git a/config/authng/pkg/authng.inc b/config/authng/pkg/authng.inc deleted file mode 100644 index 06774acd..00000000 --- a/config/authng/pkg/authng.inc +++ /dev/null @@ -1,323 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - authng.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -/* PHP classes like factories users, and groups */ -require_once("authng_classdefs.inc"); -/* PHP classes representing specific auth methods */ -require_once("authng_authmethods.inc"); -/* PHP classes representing specific backends */ -require_once("authng_backends.inc"); -/* PHP peer classes that are providing a persistence layer */ -require_once("authng_peers.inc"); - -// TODO: Define user- and groupindex array - -// get principal store type from config.xml -// TODO: needs to be defined in config.xml -//$principalStore = $config['system']['webgui']['principal_store']; -$principalStore = "xml"; -// get PeerFactory instance -$peerFactory =& PeerFactory::getInstance(); -// get the actual UserPeer that holds the user index -$userPeer =& $peerFactory->getUserPeerByPrincipalStore($principalStore); -// get the actual GroupPeer that holds the user index -$groupPeer =& $peerFactory->getGroupPeerByPrincipalStore($principalStore); -// get AuthMethodFactory instance -$authMethodFactory =& AuthMethodFactory::getInstance(); -// get BackendFactory instance -$backendFactory =& BackendFactory::getInstance(); -// get the actual auth method -$authMethod =& $authMethodFactory->getAuthMethodByName($config['system']['webgui']['auth_method']); -// get the actual backend -$backend =& $backendFactory->getBackendByName($config['system']['webgui']['backing_method']); - -function getUsermanagerPagetitle() { - global $userPeer; - - $result = ""; - - if ($userPeer->isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { - // Page title for admins - $result = array(gettext("System"), gettext("User manager")); - } else { - // Page title for non-admins - $result = array(gettext("System"), gettext("User password")); - } - - return $result; -} - -function processUserManagerPostVars() { - global $input_errors, $savemsg, $config; - - if (isset($_POST['save'])) { - unset($input_errors); - - /* input validation */ - $reqdfields = explode(" ", "passwordfld1"); - $reqdfieldsn = explode(",", "Password"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if ($_POST['passwordfld1'] != $_POST['passwordfld2']) - $input_errors[] = "The passwords do not match."; - - if (!$input_errors) { - // all values are okay --> saving changes - $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); - - write_config(); - - sync_webgui_passwords(); - - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg = "Password successfully changed<br />"; - } - } -} - -function processUserManagerAdminPostVars() { - global $config; - - $id = $_GET['id']; - if (isset($_POST['id'])) - $id = $_POST['id']; - - if (!is_array($config['system']['user'])) { - $config['system']['user'] = array(); - } - - admin_users_sort(); - $a_user = &$config['system']['user']; - $t_privs = $a_user[$id]['priv']; - - if ($_GET['act'] == "del" && $_GET['what'] == "user") { - if ($a_user[$_GET['id']]) { - $userdeleted = $a_user[$_GET['id']]['name']; - unset($a_user[$_GET['id']]); - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg = gettext("User") . " " . $userdeleted . " " . gettext("successfully deleted") . "<br />"; - } - } else if ($_GET['act'] == "del" && $_GET['what'] == "priv") { - if ($t_privs[$_GET['privid']]) { - $privdeleted = $t_privs[$_GET['privid']]['id']; - unset($t_privs[$_GET['privid']]); - write_config(); - $_GET['act'] = "edit"; - $retval = 0; - $savemsg = get_std_save_message($retval); - $savemsg = gettext("Privilege") . " " . $privdeleted . " " . gettext("of user") . " " . $a_user[$_GET['id']]['name'] . " " . gettext("successfully deleted") . "<br />"; - } - } - - if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if (isset($id) && ($a_user[$id])) { - $reqdfields = explode(" ", "usernamefld"); - $reqdfieldsn = explode(",", "Username"); - } else { - $reqdfields = explode(" ", "usernamefld passwordfld1"); - $reqdfieldsn = explode(",", "Username,Password"); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (hasShellAccess($_POST['usernamefld'])) { - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); - } else { - if (preg_match("/[^a-zA-Z0-9\@\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); - } - - if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) - $input_errors[] = gettext("The passwords do not match."); - - if (!$input_errors && !(isset($id) && $a_user[$id])) { - /* make sure there are no dupes */ - foreach ($a_user as $userent) { - if ($userent['name'] == $_POST['usernamefld']) { - $input_errors[] = gettext("Another entry with the same username already exists."); - break; - } - } - } - - if ($pconfig['utype'] <> "system" && !isset($groupindex[$_POST['groupname']])) { - $input_errors[] = gettext("group does not exist, please define the group before assigning users."); - } - - if (isset($config['system']['ssh']['sshdkeyonly']) && - empty($_POST['authorizedkeys'])) { - $input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system."); - } - - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } - - if (!$input_errors) { - if (isset($id) && $a_user[$id]) - $userent = $a_user[$id]; - - /* the user did change his username */ - if ($_POST['usernamefld'] <> $_POST['oldusername']) { - $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - } - - $userent['name'] = $_POST['usernamefld']; - $userent['fullname'] = $_POST['fullname']; - if ($pconfig['utype'] <> "system") { - $userent['groupname'] = $_POST['groupname']; - } - isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; - - if ($_POST['passwordfld1']) - $userent['password'] = crypt($_POST['passwordfld1']); - - if(isset($config['system']['ssh']['sshdkeyonly'])) { - $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); - } - - if (isset($id) && $a_user[$id]) - $a_user[$id] = $userent; - else - $a_user[] = $userent; - - write_config(); - $retval = system_password_configure(); - sync_webgui_passwords(); - - pfSenseHeader("system_usermanager.php"); - } - } -} - -/** - * getWindowJSScriptRefs() - * - * @return - */ -function getWindowJSScriptRefs(){ - $result = array('<script type="text/javascript" src="/javascript/windows-js/javascript/window.js"></script>', - '<script type="text/javascript" src="/javascript/windows-js/javascript/window_effects.js"></script>', - '<script type="text/javascript" src="/javascript/windows-js/javascript/debug.js"></script>'); - - return $result; -} - -function gotNoUsers() { - global $config; - return empty($config['installedpackages']['authng']['config']); -} - -/** - * openNoUserDefsDialog() - * - * @param mixed $effectClass - * @return - */ -function openNoUserDefsDialog($effectClass) { - if (gotNoUsers()) { - $alertMessage = gettext("No users or groups found. You will be forwarded to the AuthNG wizard to be able to define users and groups."); - $dialogScript = " - <script type='text/javascript'> - var anchor = document.getElementById('popupanchor'); - - function forwardToWizard() { - window.location.href = '/wizard.php?xml=authng_wizard.xml'; - } - - function openNoUserDefsDialog(html) { - var effect = new PopupEffect(html, {className: '${effectClass}'}); - Dialog.alert('${alertMessage}',{className:'alphacube', top:150, width:400, height:null, showEffect:effect.show.bind(effect), hideEffect:effect.hide.bind(effect), onOk:forwardToWizard}); - } - - openNoUserDefsDialog(anchor); - </script> - "; - - return $dialogScript; - } -} - -/** - * getWindowJSStyleRefs() - * - * @return - */ -function getWindowJSStyleRefs(){ - $result = array('<link href="/javascript/windows-js/themes/default.css" rel="stylesheet" type="text/css" />', - '<link href="/javascript/windows-js/themes/alert.css" rel="stylesheet" type="text/css" />', - '<link href="/javascript/windows-js/themes/alphacube.css" rel="stylesheet" type="text/css" />'); - - return $result; -} - -/** - * installPackageAuthNG() - * - * @return - */ -function installPackageAuthNG() { - mwexec("cd / && /usr/bin/patch < /usr/local/pkg/authng-pfSenseHead.diff"); - mwexec("cd / && /usr/bin/patch < /usr/local/pkg/authng-fbegin.inc.diff"); - mwexec("cd / && /usr/bin/patch < /usr/local/pkg/authng-guiconfig.inc.diff"); - mwexec("cd / && /usr/bin/patch < /usr/local/pkg/authng-globals.inc.diff"); -} - -/** - * deinstallPackageAuthNG() - * - * @return - */ -function deinstallPackageAuthNG() { - mwexec("cd / && /usr/bin/patch -R < /usr/local/pkg/authng-pfSenseHead.diff"); - mwexec("cd / && /usr/bin/patch -R < /usr/local/pkg/authng-fbegin.inc.diff"); - mwexec("cd / && /usr/bin/patch -R < /usr/local/pkg/authng-guiconfig.inc.diff"); - mwexec("cd / && /usr/bin/patch -R < /usr/local/pkg/authng-globals.inc.diff"); -} -?>
\ No newline at end of file diff --git a/config/authng/pkg/authng.xml b/config/authng/pkg/authng.xml deleted file mode 100644 index cebcea93..00000000 --- a/config/authng/pkg/authng.xml +++ /dev/null @@ -1,194 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description> - This package provides a user- and groupmanager which - allows to add arbitrary groups to the system and assign - them to a particular group. - - Permission control is provided on a per group basis. - </description> - <requirements> - This package is supposed to be run on RELENG based pfSense systems. - </requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>authng</name> - <version>1.0</version> - <title>System: User Manager</title> - <include_file>/usr/local/pkg/authng.inc</include_file> - <!-- Menu is where this packages menu will appear --> - <menu> - <name>Auth Manager</name> - <section>System</section> - <url>/system_usermanager.php</url> - </menu> - <!-- - <service> - <name>yourservice</name> - <rcfile>/usr/local/etc/rc.d/yourservice.sh</rcfile> - </service> - --> - <tabs /> - <!-- - configpath gets expanded out automatically and config items - will be stored in that location - --> - <configpath>['installedpackages']['authng']['config']</configpath> - <!-- - | - | PHP files (user management) - | - --> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/www/php/system_usermanager.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/www/php/system_usermanager_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/www/php/system_usermanager_settings.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/www/php/system_groupmanager.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/www/php/head.inc</item> - </additional_files_needed> - <!-- - | - | Include files (class defs etc.) - | - --> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/pkg/authng_classdefs.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/pkg/authng_peers.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/pkg/authng.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/pkg/authng_backends.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/pkg/authng_authmethods.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/pkg/authng_authgui.inc</item> - </additional_files_needed> - <!-- - | - | Patch files - | - --> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/diff/authng-pfSenseHead.diff</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/diff/authng-fbegin.inc.diff</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/diff/authng-globals.inc.diff</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/diff/authng-guiconfig.inc.diff</item> - </additional_files_needed> - <!-- - | - | Binary files - | - --> - <additional_files_needed> - <prefix>/usr/bin/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/authng/bin/patch</item> - </additional_files_needed> - <!-- - fields gets invoked when the user adds or edits a item. The following items - will be parsed and rendered for the user as a gui with input, and selectboxes. - --> - <!-- - Arbitrary PHP Code, that gets executed if a certain event gets triggered. - --> - <custom_php_resync_config_command> - syncPackageAuthNG(); - </custom_php_resync_config_command> - <custom_php_install_command> - installPackageAuthNG(); - </custom_php_install_command> - <custom_php_deinstall_command> - deinstallPackageAuthNG(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/authng/pkg/authng_authgui.inc b/config/authng/pkg/authng_authgui.inc deleted file mode 100644 index 944c9b89..00000000 --- a/config/authng/pkg/authng_authgui.inc +++ /dev/null @@ -1,287 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - authng_authgui.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -require_once("authng.inc"); - -/* Authenticate user - exit if failed (we should have a callback for this maybe) */ -if (empty($authMethod)) { print "auth_method missing!\n"; } -if (empty($backend)) { print "backing_method missing!\n"; } -if (!$authMethod->authenticate($backend)) { exit; } - -/* scriptname is set in headjs.php if the user did try to access a page other - * than index.php without beeing logged in. - */ -if (isset($_POST['scriptname']) && $userPeer->isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { - pfSenseHeader("{$_POST['scriptname']}"); - exit; -} - -$allowed = array(); - -// Once here, the user has authenticated with the web server. -// Now, we give them access only to the appropriate pages for their group. -if (!($userPeer->isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) { - $allowed[] = ''; - if (isset($config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages'][0]['page'])) { - $useridx = $userindex[$HTTP_SERVER_VARS['AUTH_USER']]; - $grouidx = $groupindex[$config['system']['user'][$useridx]]; - $allowed = &$config['system']['group'][$groupidx]['pages'][0]['page']; - } - - $group = $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']; - /* get the group homepage, to be able to forward - * the user to this particular PHP page. - */ - $groupPeer->getGroupHomePage($group) == "" ? $home = "/index.php" : $home = "/" . $groupPeer->getGroupHomePage($group); - - /* okay but if the user realy tries to explicitely access a particular - * page, set $home to that page instead. - */ - if (isset($_POST['scriptname']) && $_POST['scriptname'] <> "/" && $_POST['scriptname'] <> "/index.php") - $home = basename($_POST['scriptname']); - - // If the user is attempting to hit the default page, set it to specifically look for /index.php. - // Without this, any user would have access to the index page. - //if ($_SERVER['SCRIPT_NAME'] == '/') - // $_SERVER['SCRIPT_NAME'] = $home; - - // Strip the leading / from the currently requested PHP page - if (!in_array(basename($_SERVER['SCRIPT_NAME']),$allowed)) { - // The currently logged in user is not allowed to access the page - // they are attempting to go to. Redirect them to an allowed page. - - if(stristr($_SERVER['SCRIPT_NAME'],"sajax")) { - echo "||Access to AJAX has been disallowed for this user."; - exit; - } - - if ($home <> "" && in_array($home, $allowed)) { - pfSenseHeader("{$home}"); - exit; - } else { - header("HTTP/1.0 401 Unauthorized"); - header("Status: 401 Unauthorized"); - - echo display_error_form("401", "401 Unauthorized. Authorization required."); - exit; - } - } - - if (isset($_SESSION['Logged_In'])) { - /* - * only forward if the user has just logged in - * TODO: session auth based - may be an issue. - */ - if ($_SERVER['SCRIPT_NAME'] <> $home && empty($_SESSION['First_Visit'])) { - $_SESSION['First_Visit'] = "False"; - pfSenseHeader("{$home}"); - exit; - } - } -} - -function display_error_form($http_code, $desc) { - global $g; - - $htmlstr = <<<EOD -<html> - <head> - <script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script> - <script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script> - <title>An error occurred: {$http_code}</title> - <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> - <link rel="shortcut icon" href="/themes/{$g['theme']}/images/icons/favicon.ico" /> - <link rel="stylesheet" type="text/css" href="/themes/{$g['theme']}/all.css" media="all" /> - <style type="text/css"> - #errordesc { - background: #cccccc; - border: 0px solid #666666; - margin: 5em auto; - padding: 0em; - width: 340px; - } - #errordesc h1 { - background: url(/themes/{$g['theme']}/images/misc/logon.png) no-repeat top left; - margin-top: 0; - display: block; - text-indent: -1000px; - height: 50px; - border-bottom: none; - } - - #login p { - font-size: 1em; - font-weight: bold; - padding: 3px; - margin: 0em; - text-indent: 10px; - } - - #login span { - font-size: 1em; - font-weight: bold; - width: 20%; - padding: 3px; - margin: 0em; - text-indent: 10px; - } - - #login p#text { - font-size: 1em; - font-weight: normal; - padding: 3px; - margin: 0em; - text-indent: 10px; - } - </style> - - <script type="text/javascript"> - <!-- - function page_load() { - NiftyCheck(); - Rounded("div#errordesc","bl br","#333","#cccccc","smooth"); - Effect.Pulsate('errortext', { duration: 10 }); - } - <?php - require("headjs.php"); - echo getHeadJS(); - ?> - //--> - </script> - <script type="text/javascript" src="/themes/{$g['theme']}/javascript/niftyjsCode.js"></script> - </head> - <body onload="page_load();"> - <div id="errordesc"> - <h1> </h1> - <p id="errortext" style="vertical-align: middle; text-align: center;"><span style="color: #000000; font-weight: bold;">{$desc}</span></p> - </div> - </body> -</html> - -EOD; - - return $htmlstr; -} - -function display_login_form() { - require_once("globals.inc"); - global $g; - - if(isAjax()) { - if (isset($_POST['login'])) { - if($_SESSION['Logged_In'] <> "True") { - isset($_SESSION['Login_Error']) ? $login_error = $_SESSION['Login_Error'] : $login_error = "unknown reason"; - echo "showajaxmessage('Invalid login ({$login_error}).');"; - } - if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) { - $whom = file_get_contents("{$g['tmp_path']}/webconfigurator.lock"); - echo "showajaxmessage('This device is currently beeing maintained by: {$whom}.');"; - } - } - exit; - } - -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html> - <head> - <script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script> - <script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script> - <title><?=gettext("Login"); ?></title> - <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> - <link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" /> - <?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?> - <link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" /> - <?php else: ?> - <link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" /> - <?php endif; ?> - <script type="text/javascript"> - <!-- - <?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?> - var dontUseCustomBGColor = false; - <?php else: ?> - var dontUseCustomBGColor = true; - <?php endif; ?> - function page_load() { - NiftyCheck(); - Rounded("div#login","bl br","#333","#cccccc","smooth"); - document.login_iform.usernamefld.focus(); - } - function clearError() { - if($('inputerrors')) - $('inputerrors').innerHTML=''; - } - <?php -// require("headjs.php"); -// echo getHeadJS(); - ?> - //--> - </script> - <script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script> - </head> - <body onload="page_load()"> - <div id="login"> - <h1> </h1> - <form id="iform" name="login_iform" method="post" autocomplete="off" action="<?= $_SERVER['SCRIPT_NAME'] ?>"> - <div id="inputerrors"></div> - <p> - <span style="text-align: left;"> - <?=gettext("Username"); ?>: - </span> - <input onclick="clearError();" onchange="clearError();" id="usernamefld" type="text" name="usernamefld" class="formfld user" tabindex="1" /> - </p> - <p> - <span style="text-align: left;"> - <?=gettext("Password"); ?>: - </span> - <input onclick="clearError();" onchange="clearError();" id="passwordfld" type="password" name="passwordfld" class="formfld pwd" tabindex="2" /> - </p> - <table width="90%" style="margin-right: auto; margin-left: auto;"> - <tr> - <td valign="middle" align="right" style="font-style: italic;"><br /><?=gettext("Enter username and password to login."); ?></td> - <td valign="middle" align="left"><input type="submit" id="submit" name="login" class="formbtn" value="<?=gettext("Login"); ?>" tabindex="3" /></td> - </tr> - </table> - </form> - </div> - </body> -</html> -<?php -} // end function -?>
\ No newline at end of file diff --git a/config/authng/pkg/authng_authmethods.inc b/config/authng/pkg/authng_authmethods.inc deleted file mode 100644 index 15e15566..00000000 --- a/config/authng/pkg/authng_authmethods.inc +++ /dev/null @@ -1,222 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - authng_authmethods.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -class AbstractAuthMethod { - function authenticate($backend) { - trigger_error('AbstractAuthMethod::authenticate() needs to be overridden in a subclass.', E_USER_ERROR); - } -} - -class BasicAuthMethod extends AbstractAuthMethod { - function authenticate($backend) { - global $HTTP_SERVER_VARS; - - /* Check for AUTH_USER */ - if ($HTTP_SERVER_VARS['PHP_AUTH_USER'] <> "") { - $HTTP_SERVER_VARS['AUTH_USER'] = $HTTP_SERVER_VARS['PHP_AUTH_USER']; - $HTTP_SERVER_VARS['AUTH_PW'] = $HTTP_SERVER_VARS['PHP_AUTH_PW']; - } - if (!isset($HTTP_SERVER_VARS['AUTH_USER'])) { - require_once("authng_authgui.inc"); - header("WWW-Authenticate: Basic realm=\".\""); - header("HTTP/1.0 401 Unauthorized"); - display_error_form("401", gettext("You must enter valid credentials to access this resource.")); - exit; - } else { - return $backend($HTTP_SERVER_VARS['AUTH_USER'],$HTTP_SERVER_VARS['AUTH_PW']); - } - } -} - -class SessionAuthMethod extends AbstractAuthMethod { - function authenticate($backend) { - global $g, $HTTP_SERVER_VARS, $userindex, $config; - - session_start(); - - /* Validate incoming login request */ - if (isset($_POST['login'])) { - if ($backend($_POST['usernamefld'], $_POST['passwordfld'])) { - $_SESSION['Logged_In'] = "True"; - $_SESSION['Username'] = $_POST['usernamefld']; - $_SESSION['last_access'] = time(); - } else { - $_SESSION['Login_Error'] = "Username or password incorrect."; - } - } - - /* Show login page if they aren't logged in */ - if (empty($_SESSION['Logged_In'])) { - - /* Don't display login forms to AJAX */ - if (isAjax()) - return false; - - require_once("authng_authgui.inc"); - display_login_form(); - return false; - } else { - /* If session timeout isn't set, we don't mark sessions stale */ - if (!isset($config['system']['webgui']['session_timeout']) or - $config['system']['webgui']['session_timeout'] == 0 or - $config['system']['webgui']['session_timeout'] == "") - $_SESSION['last_access'] = time(); - else - /* Check for stale session */ - if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60))) - $_GET['logout'] = true; - else - /* only update if it wasn't ajax */ - if (!isAjax()) - $_SESSION['last_access'] = time(); - - /* user hit the logout button */ - if (isset($_GET['logout'])) { - if (hasLockAbility($_SESSION['Username'])) { - unlink_if_exists("{$g['tmp_path']}/webconfigurator.lock"); - } - - /* wipe out $_SESSION */ - $_SESSION = array(); - - if (isset($_COOKIE[session_name()])) { - setcookie(session_name(), '', time()-42000, '/'); - } - - /* and destroy it */ - session_destroy(); - - $scriptName = split("/", $_SERVER["SCRIPT_FILENAME"]); - $scriptElms = count($scriptName); - $scriptName = $scriptName[$scriptElms-1]; - - if (isAjax()) - return false; - - /* redirect to page the user is on, it'll prompt them to login again */ - pfSenseHeader($scriptName); - - return false; - - /* user wants to explicitely delete the log file. - * Requires a particular privilege. - */ - } else if ($_GET['deletelock'] && hasLockAbility($_SESSION['Username'])) { - unlink_if_exists("{$g['tmp_path']}/webconfigurator.lock"); - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; - return true; - - /* this is for debugging purpose if you do not want to use Ajax - * to submit a HTML form. It basically disables the observation - * of the submit event and hence does not trigger Ajax. - */ - } else if ($_GET['disable_ajax']) { - $_SESSION['NO_AJAX'] = "True"; - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; - return true; - - /* Same to re-enable Ajax. - */ - } else if ($_GET['enable_ajax']) { - unset($_SESSION['NO_AJAX']); - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; - return true; - - /* user wants to explicitely create a lock. - * Requires a particular privilege. - */ - } else if ($_GET['createlock'] && hasLockAbility($_SESSION['Username'])) { - $fd = fopen("{$g['tmp_path']}/webconfigurator.lock", "w"); - fputs($fd, "{$_SERVER['REMOTE_ADDR']} (" . - getRealName($_SESSION['Username']) . ")"); - fclose($fd); - /* if the user did delete the lock manually, do not - * re-create it while the session is valide. - */ - $_SESSION['Lock_Created'] = "True"; - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; - return true; - - /* proceed with the login process */ - } else { - /* if the user is allowed to create a lock, - * create it once per session. - */ - if (hasLockAbility($_SESSION['Username']) && - ! isset($_SESSION['Lock_Created'])) { - - $fd = fopen("{$g['tmp_path']}/webconfigurator.lock", "w"); - fputs($fd, "{$_SERVER['REMOTE_ADDR']} (" . - getRealName($_SESSION['Username']) . ")"); - fclose($fd); - /* if the user did delete the lock manually, do not - * re-create it while the session is valide. - */ - $_SESSION['Lock_Created'] = "True"; - - /* give regular users a chance to automatically invalidate - * a lock if its older than a particular time. - */ - } else if (! hasLockAbility($_SESSION['Username']) && - file_exists("{$g['tmp_path']}/webconfigurator.lock")) { - - $offset = 12; //hours - $mtime = filemtime("{$g['tmp_path']}/webconfigurator.lock"); - $now_minus_offset = mktime(date("H") - $offset, 0, 0, date("m"), date("d"), date("Y")); - - if (($mtime - $now_minus_offset) < $mtime) { - require_once("auth/authgui.inc"); - display_login_form(); - return false; - } else { - /* file is older than mtime + offset which may - * indicate a stale lockfile, hence we are going - * to remove it. - */ - unlink_if_exists("{$g['tmp_path']}/webconfigurator.lock"); - } - } - - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; - return true; - } // end if - } // end if - } // end function -} - -?>
\ No newline at end of file diff --git a/config/authng/pkg/authng_backends.inc b/config/authng/pkg/authng_backends.inc deleted file mode 100644 index 1b58e6c1..00000000 --- a/config/authng/pkg/authng_backends.inc +++ /dev/null @@ -1,234 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - authng_backends.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -class AbstractBackend { - function authenticate($username, $passwd) { - trigger_error('AbstractBackend::authenticate() needs to be overridden in a subclass.', E_USER_ERROR); - } -} - -class HtpasswdBackend extends AbstractBackend { - function HtpasswdBackend() { - } - - function authenticate($username, $passd) { - $authfile = file("/var/run/htpasswd"); - - /* sanity check to ensure that /usr/local/www/.htpasswd doesn't exist */ - unlink_if_exists("/usr/local/www/.htpasswd"); - - $matches=""; - if(!($line = array_shift(preg_grep("/^$username:.*$/", $authfile)))) - return false; - - /* Get crypted password */ - preg_match("/^$username:((\\$1\\$[.\d\w_\/]{8}\\$)[.\d\w_\/]{22})$/", $line, $matches); - $pass = $matches[1]; - $salt = $matches[2]; - - /* Encrypt entered password with salt - * And finally validate password - */ - if ($pass == crypt($passwd, $salt)) - return true; - else - return false; - } -} - -class PasswdBackend extends AbstractBackend { - function PasswdBackend() { - } - - function authenticate($username, $passd) { - $authfile = file("/etc/master.passwd"); - - $matches=""; - - /* Check to see if user even exists */ - if(!($line = array_shift(preg_grep("/^$username:.*$/", $authfile)))) - return false; - - /* Get crypted password */ - preg_match("/^$username:((\\$1\\$[.\d\w_\/]{8}\\$)[.\d\w_\/]{22})$/", $line, $matches); - $pass = $matches[1]; - $salt = $matches[2]; - - /* Encrypt entered password with salt - * And finally validate password - */ - if ($pass == crypt($passwd, $salt)) - return true; - else - return false; - } -} - -class PamBackend extends AbstractBackend { - function PamBackend() { - } - - function authenticate($username, $passd) { - /* we do not support blank pwds, don't we? */ - if ($username == "" || passwd == "") { return false; } - - if(! extension_loaded( 'pam_auth' )) { - if(! @dl( 'pam_auth.so' )) { - return false; - } else { - /* no php file no auth, sorry */ - if (! file_exists("/etc/pam.d/php")) { - if (! file_exists("/etc/pam.d")) { mkdir("/etc/pam.d"); } - - $pam_php = <<<EOD -# /etc/pam.d/php -# -# note: both an auth and account entry are required - -# auth -auth required pam_nologin.so no_warn -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -auth required pam_unix.so no_warn try_first_pass - -# account -account required pam_unix.so - -# session -session required pam_permit.so - -# password -password required pam_unix.so no_warn try_first_pass - -EOD; - - file_put_contents("/etc/pam.d/php", $pam_php); - } // end if - - if (pam_auth($username, $passwd, &$error)) { - return true; - } else { - return false; - } - } // end if - } // end if - } // end function -} - -class RadiusBackend extends AbstractBackend { - function RadiusBackend() { - } - - function authenticate($username, $passwd) { - global $config, $debug; - $ret = false; - $radiusservers = $config['system']['radius']['servers']; - - $rauth = new Auth_RADIUS_PAP($username, $passwd); - foreach ($radiusservers as $radsrv) { - // Add a new server to our instance - $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['sharedsecret']); - } - - if (!$rauth->start()) { - $retvalue['auth_val'] = 1; - $retvalue['error'] = $rauth->getError(); - if ($debug) - printf("Radius start: %s", $retvalue['error']); - } - - // XXX - billm - somewhere in here we need to handle securid challenge/response - - // Send request - $result = $rauth->send(); - - if (PEAR::isError($result)) { - $retvalue['auth_val'] = 1; - $retvalue['error'] = $result->getMessage(); - if ($debug) - printf("Radius send failed: %s", $retvalue['error']); - } else if ($result === true) { - $retvalue['auth_val'] = 2; - if ($debug) - printf (gettext("Radius Auth succeeded")); - $ret = true; - } else { - $retvalue['auth_val'] = 3; - if ($debug) - printf (gettext("Radius Auth rejected")); - } - // close OO RADIUS_AUTHENTICATION - $rauth->close(); - - return $ret; - } // end function -} - -class LdapBackend extends AbstractBackend { - function LdapBackend() { - } - - function authenticate($username, $passwd) { - $ldapserver = $config['system']['ldap']['server']; - $ldapport = isset($config['system']['ldap']['port']) ? $config['system']['ldap']['server'] : 389; - $retval = false; - - $connection = ldap_connect($ldapserver, $ldapport) - or die("Could not connect to $ldaphost"); - - if ($connection) { - $bind = ldap_bind($connection); - - if ($bind) { - $basedn = $config['system']['ldap']['basedn']; - $result = ldap_search($connection, $basedn, "uid={$username}"); - $info = ldap_get_entries($connection, $result); - $userPassword = $info[0]['userPassword']; - - if ($userPassword == $passwd) { - $retval = true; - } else { - $retval = false; - } - } // end if - } // end if - - return $retval; - } -} -?>
\ No newline at end of file diff --git a/config/authng/pkg/authng_classdefs.inc b/config/authng/pkg/authng_classdefs.inc deleted file mode 100644 index 64f0ff14..00000000 --- a/config/authng/pkg/authng_classdefs.inc +++ /dev/null @@ -1,479 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - authng_classdefs.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -class Object { - function Object() { - $args = func_get_args(); - if (method_exists($this, '__destruct')) { - register_shutdown_function(array(&$this, '__destruct')); - } - call_user_func_array(array(&$this, '__construct'), $args); - } - - function __construct() { - } -} - -class SingletonInterface extends Object { - function __construct() { - // Perform object initialization here. - } - - function &__getInstanceImp($name) { - static $instances = array(); - if (!isset($instances[$name])) { - $instances[$name] = new $name(); // No changes necessary here. - } - return $instances[$name]; - } - - function &getInstance() { - trigger_error('SingletonInterface::getInstance() needs to be overridden in a subclass.', E_USER_ERROR); - } -} - -class BackendFactory extends SingletonInterface { - function __construct() { - // Perform object initialization here. - parent::__construct(); - } - - function &getInstance() { - return parent::__getInstanceImp('BackendFactory'); - } - - function &getBackendByName($name) { - $result = null; - - /* Each name links to an entry in config.xml - * Example: <auth_method>session</auth_method> - */ - switch ($name) { - case "htpasswd": - $result = new HtpasswdBackend(); - break; - case "pam": - $result = new PamBackend(); - break; - case "radius": - $result = new RadiusBackend(); - break; - case "passwd": - $result = new PasswdBackend(); - break; - case "ldap": - $result = new LdapBackend(); - break; - default: - } - - return $result; - } -} - -class AuthMethodFactory extends SingletonInterface { - function __construct() { - // Perform object initialization here. - parent::__construct(); - } - - function &getInstance() { - return parent::__getInstanceImp('AuthMethodFactory'); - } - - function &getAuthMethodByName($name) { - $result = null; - - /* Each name links to an entry in config.xml - * Example: <backing_method>htpasswd</backing_method> - */ - switch ($name) { - case "session": - $result = new SessionAuthMethod(); - break; - case "basic": - $result = new BasicAuthMethod(); - break; - default: - } - - return $result; - } -} - -class AuthngAuxiliary { - /* ========================================================================== */ - /* == Auxiliary Functions == */ - /* ========================================================================== */ - function &getSystemAdminNames() { - global $config, $g, $userindex; - $adminUsers = array(); - - if (is_array($config['system']['user'])) { - foreach($config['system']['user'] as $user){ - if (isSystemAdmin($user['name'])) { - $adminUsers[] = $user['name']; - } - } // end foreach - } // end if - - return $adminUsers; - } // end function - - function assignUID($username = "") { - global $userindex, $config, $g; - - if ($username == "") { return; } - - $nextuid = $config['system']['nextuid']; - $user =& $config['system']['user'][$userindex[$username]]; - - if (empty($user['uid'])) { - $user['uid'] = $nextuid; - $nextuid++; - $config['system']['nextuid'] = $nextuid; - - write_config(); - - return $user; - } // end if - } // end function -} - -class AuthngPrivilege { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - var $id; - var $name; - var $description; - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function AuthngPrivilege() { - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - function getId() { - return $this->id; - } - - function setId($id) { - $this->id = $id; - } - - function getName() { - return $this->name; - } - - function setName($name) { - $this->name = $name; - } - - function getDescription() { - return $this->description; - } - - function setDescription($desc) { - $this->description = $desc; - } -} - -class SystemPrivileges { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - var $privileges = array(); - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function SystemPrivileges() { - $newPriv = new Privilege(); - $newPriv->setId("lockwc"); - $newPriv->setName("Lock webConfigurator"); - $newPriv->setDescription("Indicates whether this user will lock access to the webConfigurator for other users."); - - $this->privileges[$newPriv->getId()] = $newPriv; - - $newPriv = new Privilege(); - $newPriv->setId("lock-ipages"); - $newPriv->setName("Lock individual pages"); - $newPriv->setDescription("Indicates whether this user will lock individual " . - "HTML pages after having accessed a particular page" . - "(the lock will be freed if the user leaves or " . - "saves the page form)."); - - $this->privileges[$newPriv->getId()] = $newPriv; - - $newPriv = new Privilege(); - $newPriv->setId("hasshell"); - $newPriv->setName("Has shell access"); - $newPriv->setDescription("Indicates whether this user is able to login for " . - "example via SSH."); - - $this->privileges[$newPriv->getId()] = $newPriv; - - $newPriv = new Privilege(); - $newPriv->setId("copyfiles"); - $newPriv->setName("Is allowed to copy files"); - $newPriv->setDescription("Indicates whether this user is allowed to copy files " . - "onto the {$g['product_name']} appliance via SCP/SFTP. " . - "If you are going to use this privilege, you must install " . - "scponly on the appliance (Hint: pkg_add -r scponly)."); - - $this->privileges[$newPriv->getId()] = $newPriv; - - $newPriv = new Privilege(); - $newPriv->setId("isroot"); - $newPriv->setName("Is root user"); - $newPriv->setDescription("This user is associated with the UNIX root user " . - "(you should associate this privilege only with one " . - "single user)."); - - $this->privileges[$newPriv->getId()] = $newPriv; - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - function getPrivileges() { - return $this->privileges; - } - - function setPrivileges($privs) { - $this->privileges = $privs; - } - - function getPrivilegeById($id) { - return $this->privileges[$id]; - } - - function setPrivilegeById($privilege, $id) { - return $this->privileges[$id] = $privilege; - } -} - -class AuthngUser { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - var $name; - var $fullname; - var $scope; - var $groupname; - var $password; - var $uid; - var $systemAdmin = false; - var $unixRoot = false; - var $privileges = array(); - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function AuthngUser() { - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - function isSystemAdmin() { - return $this->systemAdmin; - } - - function setIsSystemAdmin($flag = false) { - $this->systemAdmin = $flag; - } - - function isUNIXRoot() { - return $this->unixRoot; - } - - function setIsUNIXRoot($flag = false) { - $this->unixRoot = $flag; - } - - function getName() { - return $this->name; - } - - function setName($name) { - $this->name = $name; - } - - function getFullname() { - return $this->fullname; - } - - function setFullname($name) { - $this->fullname = $name; - } - - function getScope() { - return $this->scope; - } - - function setScope($scope) { - $this->scope = $scope; - } - - function getGroupname() { - return $this->groupname; - } - - function setGroupname($name) { - $this->groupname = $name; - } - - function getPassword() { - return $this->password; - } - - function setPassword($pwd) { - $this->password = $pwd; - } - - function getUid() { - return $this->uid; - } - - function setUid($uid) { - $this->uid = $uid; - } - - function getPrivileges() { - return $this->privileges; - } - - function setPrivileges($privs) { - $this->privileges = $privs; - } - - function addPrivilege($priv) { - $this->privileges[] = $priv; - } -} - -class AuthngGroup { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - var $name; - var $description; - var $scope; - var $pages = array(); - var $home; - var $gid; - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function AuthngGroup() { - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - function getName() { - return $this->name; - } - - function setName($name) { - $this->name = $name; - } - - function getDescription() { - return $this->description; - } - - function setDescription($desc) { - $this->description = $desc; - } - - function getScope() { - return $this->scope; - } - - function setScope($scope) { - $this->scope = $scope; - } - - function getPages() { - return $this->pages; - } - - function setPages($pages) { - $this->pages = $pages; - } - function getHome() { - return $this->home; - } - - function setHome($home) { - $this->home = $home; - } - - function getGid() { - return $this->gid; - } - - function setGid($gid) { - $this->gid = $gid; - } - - function addPage($page) { - $this->pages[] = $page; - } -} - -?>
\ No newline at end of file diff --git a/config/authng/pkg/authng_peers.inc b/config/authng/pkg/authng_peers.inc deleted file mode 100644 index bce3c494..00000000 --- a/config/authng/pkg/authng_peers.inc +++ /dev/null @@ -1,501 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - authng_peers.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -class PeerFactory extends SingletonInterface { - function __construct() { - // Perform object initialization here. - parent::__construct(); - } - - function &getInstance() { - return parent::__getInstanceImp('PeerFactory'); - } - - function &getGroupPeerByPrincipalStore($store) { - $result = null; - - /* Each name links to an entry in config.xml - * Example: <principal_store>xml</principal_store> - */ - switch ($store) { - case "xml": - $result = new XMLGroupPeer(); - break; - case "ldap": - trigger_error('PeerFactory::getGroupPeerByPrincipal() LDAP peer type is not supported.', E_USER_ERROR); - break; - case "db": - trigger_error('PeerFactory::getGroupPeerByPrincipal() DB peer type is not supported.', E_USER_ERROR); - break; - default: - } - - return $result; - } - - function &getUserPeerByPrincipalStore($store) { - $result = null; - - /* Each name links to an entry in config.xml - * Example: <principal_store>xml</principal_store> - */ - switch ($store) { - case "xml": - $result = new XMLUserPeer(); - break; - case "ldap": - trigger_error('PeerFactory::getGroupPeerByPrincipal() LDAP peer type is not supported.', E_USER_ERROR); - break; - case "db": - trigger_error('PeerFactory::getGroupPeerByPrincipal() DB peer type is not supported.', E_USER_ERROR); - break; - default: - } - - return $result; - } -} - -/** - * @author Daniel S. Haischt <me@daniel.stefan.haischt.name> - * @abstract - */ -class AbstractPrivilegePeer { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - var $privilege_index; - var $privileges; - var $userPeer; - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function AbstractPrivilegePeer() { - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - function setUserPeer($peer) { - $this->userPeer = $peer; - } - - function getUserPeer() { - return $this->userPeer; - } - - /** - * @return mixed int array of priv indexes - */ - function getPrivilegeIndex() { - return $this->privilege_index; - } - - /** - * @param string a priv name - * @return int the index that corresponds to a username - */ - function getPrivilegeIndexByID($id) { - return $this->privilege_index[$id]; - } - - /** - * @param int an index - * @return mixed an instance of AuthngPrivilege - */ - function getPrivilegeByIndex($index) { - return $this->privileges[$index]; - } -} - -/** - * @author Daniel S. Haischt <me@daniel.stefan.haischt.name> - * @abstract - */ -class AbstractUserPeer { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - var $user_index; - var $users; - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function AbstractUserPeer() { - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - /** - * @return mixed int array of user indexes - */ - function getUserIndex() { - return $this->user_index; - } - - /** - * @param string a username - * @return int the index that corresponds to a username - */ - function getUserIndexByName($username) { - return $this->user_index[$username]; - } - - /** - * @param int an index - * @return mixed an instance of AuthngUser - */ - function getUserByIndex($index) { - return $this->users[$index]; - } - - function getUserByName($username) { - return $this->users[$username]; - } - - function isSystemAdmin($username) { - $result = false; - $user = $this->getUserByName($username); - - if ($user) { - $result = $user->isSystemAdmin(); - } - - return $result; - } -} - -/** - * @author Daniel S. Haischt <me@daniel.stefan.haischt.name> - * @abstract - */ -class AbstractGroupPeer { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - var $group_index; - var $groups; - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function AbstractGroupPeer() { - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - function getGroupIndex() { - return $this->group_index; - } - - function getGroupIndexByName($groupname) { - return $this->group_index[$groupname]; - } - - function getGroupByIndex($index) { - return $this->groups[$index]; - } - - function getGroupByName($groupname) { - return $this->groups[$groupname]; - } - - function getGroupHomePage($groupname) { - $result = false; - $group = $this->getGroupByName($groupname); - - if ($group) { - $result = $group->getHome(); - } - - return $result; - } -} - -/** - * @author Daniel S. Haischt <me@daniel.stefan.haischt.name> - */ -class XMLPrivilegePeer extends AbstractPrivilegePeer { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function XMLPrivilegePeer($userPeer) { - global $g, $config; - - parent::AbstractPrivilegePeer(); - - $this->setUserPeer($peer); - - foreach ($peer->users as $userent) { - foreach ($userent->getPrivileges() as $privent) { - $this->privileges[$userent->getName()] = $privent; - } - } - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - /* ========================================================================== */ - /* == Helper Methods == */ - /* ========================================================================== */ - - function addPrivilegeFromEnt(&$ent) { - $newPrivilege = new AuthngUser(); - $newPrivilege->setId($ent['id']); - $newPrivilege->setName($ent['name']); - $newPrivilege->setDescription($ent['description']); - $newPrivilege->setPassword($ent['password']); - $newPrivilege->setUid($ent['uid']); - - $this->privileges[] = $newPrivilege; - } - - function setPrivilegeID($id, $name, $username) { - $userid = getPrivilegeIndexByName($username); - $user = $config['system']['user'][$userid]; - } - - function setFullName($id, $name) { - $userid = getUserIndexByName($id); - $config['system']['user'][$userid]['fullname'] = $name; - } - - function setGroupName($id, $name) { - $userid = getUserIndexByName($id); - $config['system']['user'][$userid]['groupname'] = $name; - } - - function setPassword($id, $pwd) { - $userid = getUserIndexByName($id); - $config['system']['user'][$userid]['password'] = $pwd; - } - - function setUid($id, $uid) { - $userid = getUserIndexByName($id); - $config['system']['user'][$userid]['uid'] = $uid; - } -} - -/** - * @author Daniel S. Haischt <me@daniel.stefan.haischt.name> - */ -class XMLUserPeer extends AbstractUserPeer { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function XMLUserPeer() { - global $g, $config; - - parent::AbstractUserPeer(); - - if (isset($config['system']['user'])) { - $i = 0; - - foreach($config['system']['user'] as $userent) { - $this->user_index[$userent['name']] = $i; - $this->addUserFromEnt($userent); - $i++; - } - } - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - /* ========================================================================== */ - /* == Helper Methods == */ - /* ========================================================================== */ - - function addUserFromEnt(&$ent) { - print "HURTZ"; - $newUser = new AuthngUser(); - $newUser->setName($ent['name']); - $newUser->setFullname($ent['fullname']); - $newUser->setGroupname($ent['groupname']); - $newUser->setPassword($ent['password']); - $newUser->setUid($ent['uid']); - - if ($ent['priv'] && is_array($ent['priv'])) { - foreach ($ent['priv'] as $privent) { - $newPrivilege = new Privilege(); - $newPrivilege->setId($privent['id']); - $newPrivilege->setName($privent['name']); - $newPrivilege->setDescription($privent['description']); - - $newUser->addPrivilege($newPrivilege); - } - } - - $this->users["${ent['name']}"] = $newUser; - } - - function setUserName($id, $name) { - $userid = getUserIndexByName($id); - $config['system']['user'][$userid]['name'] = $name; - } - - function setFullName($id, $name) { - $userid = getUserIndexByName($id); - $config['system']['user'][$userid]['fullname'] = $name; - } - - function setGroupName($id, $name) { - $userid = getUserIndexByName($id); - $config['system']['user'][$userid]['groupname'] = $name; - } - - function setPassword($id, $pwd) { - $userid = getUserIndexByName($id); - $config['system']['user'][$userid]['password'] = $pwd; - } - - function setUid($id, $uid) { - $userid = getUserIndexByName($id); - $config['system']['user'][$userid]['uid'] = $uid; - } -} - -/** - * @author Daniel S. Haischt <me@daniel.stefan.haischt.name> - */ -class XMLGroupPeer extends AbstractGroupPeer { - /* ========================================================================== */ - /* == Class Members == */ - /* ========================================================================== */ - - /* ========================================================================== */ - /* == Constructor == */ - /* ========================================================================== */ - - function XMLGroupPeer() { - global $g, $config; - - parent::AbstractGroupPeer(); - - if (isset($config['system']['group'])) { - $i = 0; - - foreach($config['system']['group'] as $groupent) { - $this->group_index[$groupent['name']] = $i; - $i++; - } - } - } - - /* ========================================================================== */ - /* == Accessors == */ - /* ========================================================================== */ - - /* ========================================================================== */ - /* == Helper Methods == */ - /* ========================================================================== */ - - function addGroupFromEnt(&$ent) { - $newGoup = new AuthngGroup(); - $newGoup->setName($ent['name']); - $newGoup->setDescription($ent['description']); - $newGoup->setScope($ent['scope']); - $newGoup->setHome($ent['home']); - $newGoup->setGid($ent['gid']); - - if ($ent['pages'] && is_array($ent['gid'])) { - foreach ($ent['pages'] as $pageent) { - $newGoup->addPage($pageent); - } - } - - $this->groups["${ent['name']}"] = $newGoup; - } - - function setGroupName($id, $name) { - $groupid = getGroupIndexByName($id); - $config['system']['group'][$groupid]['name'] = $name; - } - - function setGroupDescription($id, $desc) { - $groupid = getGroupIndexByName($id); - $config['system']['group'][$groupid]['description'] = $desc; - } - - function setGroupScope($id, $scope) { - $groupid = getGroupIndexByName($id); - $config['system']['group'][$groupid]['scope'] = $scope; - } - - function setGroupHome($id, $home) { - $groupid = getGroupIndexByName($id); - $config['system']['group'][$groupid]['home'] = $home; - } - - function setGroupGid($id, $gid) { - $groupid = getGroupIndexByName($id); - $config['system']['group'][$groupid]['gid'] = $gid; - } - - function addPageToGroup($id, $page) { - $groupid = getGroupIndexByName($id); - $config['system']['group'][$groupid]['pages'][] = $page; - } -} -?> diff --git a/config/authng/pkg/authng_usermanager.inc b/config/authng/pkg/authng_usermanager.inc deleted file mode 100644 index f96759fb..00000000 --- a/config/authng/pkg/authng_usermanager.inc +++ /dev/null @@ -1,247 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - authng_usermanager.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -function initUserFromGetVars() { - if ($_GET['act'] == "edit") { - if (isset($id) && $a_user[$id]) { - $pconfig['usernamefld'] = $a_user[$id]['name']; - $pconfig['fullname'] = $a_user[$id]['fullname']; - $pconfig['groupname'] = $a_user[$id]['groupname']; - $pconfig['utype'] = $a_user[$id]['scope']; - $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); - } - } else if ($_GET['act'] == "new") { - /* set this value cause the text field is read only - * and the user should not be able to mess with this - * setting. - */ - $pconfig['utype'] = "user"; - } -} -function processUserManagerPostVarsUser() { - if (isset($_POST['save'])) { - unset($input_errors); - - /* input validation */ - $reqdfields = explode(" ", "passwordfld1"); - $reqdfieldsn = explode(",", "Password"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if ($_POST['passwordfld1'] != $_POST['passwordfld2']) - $input_errors[] = "The passwords do not match."; - - if (!$input_errors) { - // all values are okay --> saving changes - $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); - - write_config(); - - sync_webgui_passwords(); - - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg = "Password successfully changed<br />"; - } - } -} - -function processUserManagerPostVarsAdmin() { - $id = $_GET['id']; - if (isset($_POST['id'])) - $id = $_POST['id']; - - if (!is_array($config['system']['user'])) { - $config['system']['user'] = array(); - } - - admin_users_sort(); - $a_user = &$config['system']['user']; - $t_privs = $a_user[$id]['priv']; - - if ($_GET['act'] == "del" && $_GET['what'] == "user") { - if ($a_user[$_GET['id']]) { - $userdeleted = $a_user[$_GET['id']]['name']; - unset($a_user[$_GET['id']]); - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg = gettext("User") . " " . $userdeleted . " " . gettext("successfully deleted") . "<br />"; - } - } else if ($_GET['act'] == "del" && $_GET['what'] == "priv") { - if ($t_privs[$_GET['privid']]) { - $privdeleted = $t_privs[$_GET['privid']]['id']; - unset($t_privs[$_GET['privid']]); - write_config(); - $_GET['act'] = "edit"; - $retval = 0; - $savemsg = get_std_save_message($retval); - $savemsg = gettext("Privilege") . " " . $privdeleted . " " . gettext("of user") . " " . $a_user[$_GET['id']]['name'] . " " . gettext("successfully deleted") . "<br />"; - } - } - - if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if (isset($id) && ($a_user[$id])) { - $reqdfields = explode(" ", "usernamefld"); - $reqdfieldsn = explode(",", "Username"); - } else { - $reqdfields = explode(" ", "usernamefld passwordfld1"); - $reqdfieldsn = explode(",", "Username,Password"); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (hasShellAccess($_POST['usernamefld'])) { - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); - } else { - if (preg_match("/[^a-zA-Z0-9\@\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); - } - - if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) - $input_errors[] = gettext("The passwords do not match."); - - if (!$input_errors && !(isset($id) && $a_user[$id])) { - /* make sure there are no dupes */ - foreach ($a_user as $userent) { - if ($userent['name'] == $_POST['usernamefld']) { - $input_errors[] = gettext("Another entry with the same username already exists."); - break; - } - } - } - - if ($pconfig['utype'] <> "system" && !isset($groupindex[$_POST['groupname']])) { - $input_errors[] = gettext("group does not exist, please define the group before assigning users."); - } - - if (isset($config['system']['ssh']['sshdkeyonly']) && - empty($_POST['authorizedkeys'])) { - $input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system."); - } - - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } - - if (!$input_errors) { - if (isset($id) && $a_user[$id]) - $userent = $a_user[$id]; - - /* the user did change his username */ - if ($_POST['usernamefld'] <> $_POST['oldusername']) { - $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - } - - $userent['name'] = $_POST['usernamefld']; - $userent['fullname'] = $_POST['fullname']; - if ($pconfig['utype'] <> "system") { - $userent['groupname'] = $_POST['groupname']; - } - isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; - - if ($_POST['passwordfld1']) - $userent['password'] = crypt($_POST['passwordfld1']); - - if(isset($config['system']['ssh']['sshdkeyonly'])) { - $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); - } - - if (isset($id) && $a_user[$id]) - $a_user[$id] = $userent; - else - $a_user[] = $userent; - - write_config(); - $retval = system_password_configure(); - sync_webgui_passwords(); - - pfSenseHeader("system_usermanager.php"); - } - } -} - -/** - * getWindowJSScriptRefs() - * - * @return - */ -function getWindowJSScriptRefs(){ - $result = array('<script type="text/javascript" src="/javascripts/windows-js/javascript/effects.js"></script>', - '<script type="text/javascript" src="/javascripts/windows-js/javascript/window.js"></script>', - '<script type="text/javascript" src="/javascripts/windows-js/javascript/window_effects.js"></script>', - '<script type="text/javascript" src="/javascripts/windows-js/javascript/window_effects.js"></script>', - '<script type="text/javascript" src="/javascripts/windows-js/javascript/debug.js"></script>'); - - return $result; -} - -/** - * openNoUserDefsDialog() - * - * @param mixed $effectClass - * @return - */ -function openNoUserDefsDialog($effectClass) { - if (empty($config['installedpackages']['authng']['config'])) { - $alertMessage = gettext("No users or group found. You will be forwarded to the AuthNG wizard to be able to define users and groups."); - $dialogScript = " - <script type='text/javascript'> - function forwardToWizard() { - window.location.href = '/wizard.php?xml=authng_wizard.xml'; - } - - function openNoUserDefsDialog(html) { - var effect = new PopupEffect(html, {className: '${effectClass}'}); - Dialog.alert('${alertMessage},{className:'alphacube', width: 400, height:null, showEffect:effect.show.bind(effect), hideEffect:effect.hide.bind(effect), onOk:forwardToWizard}); - } - </script> - "; - - return $dialogScript; - } -} - -?>
\ No newline at end of file diff --git a/config/authng/www/js/headjs.inc b/config/authng/www/js/headjs.inc deleted file mode 100644 index 73c0a4db..00000000 --- a/config/authng/www/js/headjs.inc +++ /dev/null @@ -1,157 +0,0 @@ -<?php - -function getHeadJS() { - global $_SERVER, $HTTP_SERVER_VARS, $g, $use_loader_tab_gif; - - if(!$use_loader_tab_gif) - $loader_gif = "/themes/{$g['theme']}/images/misc/loader.gif"; - else - $loader_gif = "/themes/{$g['theme']}/images/misc/loader_tab.gif"; - - $headjs = " - var input_errors = ''; - Event.observe(window, 'load', init, false); - "; - - $_SESSION['NO_AJAX'] == "True" ? $noajax = "var noAjaxOnSubmit = true;" : $noajax = "var noAjaxOnSubmit = false;"; - - $headjs .= " - {$noajax} - - function init() { - if($('submit') && ! noAjaxOnSubmit) { - // debugging helper - //alert('adding observe event for submit button'); - - Event.observe(\"submit\", \"click\", submit_form, false); - $('submit').onclick = function() {return false;}; - var to_insert = \"<div style='visibility:hidden' id='loading' name='loading'><img src='{$loader_gif}' \/><\/div>\"; - new Insertion.Before('submit', to_insert); - } - } - - function submit_form(e){ - // debugging helper - //alert(Form.serialize($('iform'))); - - if($('inputerrors')) - $('inputerrors').innerHTML = ''; - - /* dsh: Introduced because pkg_edit tries to set some hidden fields - * if executing submit's onclick event. Tho click gets deleted - * by Ajax. Hence using onkeydown instead. - */ - if($('submit') && $('submit').onkeydown) - $('submit').onkeydown(); - if($('submit')) - $('submit').style.visibility = 'hidden'; - if($('cancelbutton')) - $('cancelbutton').style.visibility = 'hidden'; - $('loading').style.visibility = 'visible'; - // submit the form using Ajax - "; - - - isset($HTTP_SERVER_VARS['AUTH_USER']) ? $scriptName = split("/", $_SERVER["SCRIPT_FILENAME"]) : $scriptName = split("/", "/index.php"); - isset($HTTP_SERVER_VARS['AUTH_USER']) ? $loggedin = "var isLoggedIn = true;" : $loggedin = "var isLoggedIn = false;"; - $scriptElms = count($scriptName); - $scriptName = $scriptName[$scriptElms-1]; - $realScriptName = $_SERVER["SCRIPT_NAME"]; - - $headjs .= " - {$loggedin} - - if (! isLoggedIn) { - var newInput = document.createElement('input'); - newInput.setAttribute('id', 'scriptname'); - newInput.setAttribute('name', 'scriptname'); - newInput.setAttribute('value', '$realScriptName'); - newInput.setAttribute('type', 'hidden'); - - $('iform').appendChild(newInput); - } - - new Ajax.Request('{$scriptName}', { - method : 'post', - parameters : Form.serialize($('iform')), - onSuccess : formSubmitted, - onFailure : formFailure - }); - } - - function formSubmitted(resp) { - var responseText = resp.responseText; - - // debugging helper - //alert(responseText); - - if(responseText.indexOf('html') > 0) { - /* somehow we have been fed an html page! */ - //alert('Somehow we have been fed an html page! Forwarding to /.'); - document.location.href = '/'; - } - - eval(responseText); - } - - /* this function will be called if an HTTP error will be triggered */ - function formFailure(resp) { - alert('An error occured while saving the data ' + resp.responseText); - } - - function showajaxmessage(message) { - var message_html; - - if (message == '') { - NiftyCheck(); - Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\"); - Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\"); - - if($('submit')) - $('submit').style.visibility = 'visible'; - if($('cancelbutton')) - $('cancelbutton').style.visibility = 'visible'; - if($('loading')) - $('loading').style.visibility = 'hidden'; - - return; - } - - message_html = '<table height=\"32\" width=\"100%\"><tr><td>'; - message_html += '<div style=\"background-color:#990000\" id=\"redbox\">'; - message_html += '<table width=\"100%\"><tr><td width=\"8%\">'; - message_html += ' '; - message_html += '<img style=\"vertical-align:middle\" src=\"/themes/{$g['theme']}/images/icons/icon_exclam.gif\" width=\"28\" height=\"32\" \/>'; - message_html += '<\/td><td width=\"70%\"><font color=\"white\">'; - message_html += '<b>' + message + '<\/b><\/font><\/td>'; - - if(message.indexOf('apply') > 0) { - message_html += '<td>'; - message_html += '<input name=\"apply\" type=\"submit\" class=\"formbtn\" id=\"apply\" value=\"" . gettext("Apply changes") . "\" \/>'; - message_html += '<\/td>'; - } - - message_html += '<\/tr><\/table><\/div><\/td><\/table><br \/>'; - $('inputerrors').innerHTML = message_html; - - NiftyCheck(); - Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\"); - Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\"); - - if($('submit')) - $('submit').style.visibility = 'visible'; - if($('cancelbutton')) - $('cancelbutton').style.visibility = 'visible'; - if($('loading')) - $('loading').style.visibility = 'hidden'; - if($('inputerrors')) - window.scrollTo(0, 0); - if($('inputerrors')) - new Effect.Shake($('inputerrors')); - } - "; - - return $headjs; -} - -?> diff --git a/config/authng/www/php/head.inc b/config/authng/www/php/head.inc deleted file mode 100644 index 5365c715..00000000 --- a/config/authng/www/php/head.inc +++ /dev/null @@ -1,669 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - authng_classdefs.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -require("headjs.inc"); - -/* if user has selected a custom template, use it. - * otherwise default to pfsense tempalte - */ -if($config['theme'] <> "") { - $g['theme'] = $config['theme']; -} else { - $g['theme'] = "pfsense"; -} - -// navigation level separator string -$navlevelsep = ": "; - -function gentitle($title) { - global $navlevelsep; - - if(!is_array($title)) { - return $title; - } - - return join($navlevelsep, $title); -} - -function genhtmltitle($title) { - global $config; - //return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . gentitle($title); - return gentitle($title); -} - -$scriptName = split("/", $_SERVER["SCRIPT_FILENAME"]); -$scriptElms = count($scriptName); -$scriptName = $scriptName[$scriptElms-1]; - -$pfSenseHead = new pfSenseHTMLHead(); -$pfSenseHead->setCloseHead(true); -$pfSenseHead->setTitle(genhtmltitle($pgtitle)); - -/* all.css has to be treated a bit different, compared to generic stylesheets */ -$allID = $pfSenseHead->addLink("<link rel=\"stylesheet\" type=\"text/css\" href=\"/themes/" . $g['theme'] . "/all.css\" media=\"all\" />\n"); -$pfSenseHead->setAllCssID($allID); - -$pfSenseHead->addLink("<link rel='shortcut icon' href='/themes/{$g['theme']}/images/icons/favicon.ico' />\n"); -$pfSenseHead->addScript("<script type='text/javascript'>\nvar theme = '" . $g['theme'] . "';\nvar dontUseCustomBGColor = true;\n</script>\n", 1); -$pfSenseHead->addScript("<script type='text/javascript' src=\"/themes/" . $g['theme'] . "/loader.js\"></script>\n", 2); -//TODO: if ((($_POST || $_GET || isAjax()) && -if ((($_POST || $_GET) && - is_array($error_bucket)) || - strpos($_SERVER['SCRIPT_NAME'], "wizard.php") !== false) { - $pfSenseHead->addScript("<script type='text/javascript' src='/javascript/domTT/domLib.js'></script>", 500); - $pfSenseHead->addScript("<script type='text/javascript' src='/javascript/domTT/domTT.js'></script>", 510); - $pfSenseHead->addScript("<script type='text/javascript' src='/javascript/domTT/behaviour.js'></script>", 520); - $pfSenseHead->addScript("<script type='text/javascript' src='/javascript/domTT/fadomatic.js'></script>", 530); -} - -/* - * Find all javascript files that need to be included - * for this page ... from the arrays ... :) - * Coded by: Erik Kristensen - */ -$scriptWeight = 100; - -$dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php'); -$path = "/usr/local/www/javascript/" . $dir . "/"; -if (is_dir($path)) { - if ($dh = opendir($path)) { - while (($file = readdir($dh)) !== false) { - if (is_dir($file)) { continue; } - if (strpos($file, ".js") === false) { continue; } - - $pfSenseHead->addScript("<script type='text/javascript' src='/javascript/{$dir}/{$file}'></script>\n", $scriptWeight); - $scriptWeight++; - } - closedir($dh); - } -} - -/* - * Find all JavaScript files that may be provided by the current theme - * TODO: Commented because this pulls in PHP5 specific stuff from the theme. - * - */ -//$path = "/usr/local/www/themes/{$g['theme']}/javascript/"; - -//if (is_dir($path)) { -// if ($dh = opendir($path)) { -// while (($file = readdir($dh)) !== false) { -// if (is_dir($file)) { continue; } -// if (strpos($file, ".js") !== false) { -// $pfSenseHead->addScript("<script type='text/javascript' src='/themes/{$g['theme']}/javascript/{$file}'></script>\n", $scriptWeight); -// } else if (strpos($file, ".php") !== false && -// strpos($file, "-head") !== false && -// strpos($file, ".disabled") === false) { -// $filename = ucfirst(trim(trim($file, '.php'), '-head')); -// require_once("themes/{$g['theme']}/javascript/{$file}"); - -// if (function_exists("{$g['theme']}{$filename}GetHeadJS")) { -// $jsfunction = "{$g['theme']}{$filename}GetHeadJS"; -// $jscript = $jsfunction(); -// $pfSenseHead->addScript("<script type='text/javascript'>\n<!--\n{$jscript}\n-->\n</script>\n", $scriptWeight); -// } -// } else { -// continue; -// } - -// $scriptWeight++; -// } -// closedir($dh); -// } -//} - -/* - * Find all JavaScript events that may be provided by the current theme - * - */ -$path = "/usr/local/www/themes/{$g['theme']}/jsevents/"; -if (is_dir($path)) { - if ($dh = opendir($path)) { - while (($file = readdir($dh)) !== false) { - if (is_dir($file)) { continue; } - if (strpos($file, ".def") !== false) { - if (empty($jsevents)) { $jsevents = array(); } - - switch ($file) { - case "body.def": - $contents = file_get_contents("/usr/local/www/themes/{$g['theme']}/jsevents/{$file}"); - $contents_a = split("\n", $contents); - foreach ($contents_a as $line) { - if (strpos($line, "#") === 0) { continue; } - if (strpos($line, "!") !== false) { - $events_forbidden_pages = split("!", $line); - $keyval = split("=", $events_forbidden_pages[0]); - - if (strpos($events_forbidden_pages[1], basename($_SERVER['SCRIPT_NAME'])) !== false) { continue; } - } else { - $keyval = split("=", $line); - } - $jsevents["body"][$keyval[0]] = $keyval[1]; - } - break; - } - } else { - continue; - } - } - closedir($dh); - } -} - -/* - * Find all CSS files that may be provided by the current theme - * TODO: Not needed right now. - */ -//$path = "/usr/local/www/themes/{$g['theme']}/styles/"; -//if (is_dir($path)) { -// if ($dh = opendir($path)) { -// while (($file = readdir($dh)) !== false) { -// if (is_dir($file)) { continue; } -// if (strpos($file, ".css") === false) { continue; } - -// $pfSenseHead->addLink("<link rel='stylesheet' type='text/css' href='/themes/{$g['theme']}/styles/{$file}' media='all' />\n"); -// } -// closedir($dh); -// } -//} - -if ($oSajax) { -$pfSenseHead->addScript("<script type='text/javascript'>\n" . - $oSajax->sajax_get_javascript() . "\n</script>\n", ++$scriptWeight); -} - -// TODO: This line needs to be commented if any PHP calls -// $pfSenseHead->getHTML(); on its own. -//echo $pfSenseHead->getHTML(); - -/** - * pfSenseHTMLHead - * - * @package www - * @author Daniel S. Haischt <me@daniel.stefan.haischt.name> - * @copyright Copyright (c) 2006 - * @version $Id$ - * @access public - **/ -class pfSenseHTMLHead -{ - var $xmlHead = "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n"; - var $docType = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"; - var $title = "UNSET"; - var $meta = array(); - var $link = array(); - var $script = array(); - var $style = array(); - var $html = "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n<head>\n<title>%TITLE%</title>\n%META%\n%STYLE%\n%LINK%\n%SCRIPT%"; - var $closehead = true; - var $returnedHTML = false; - var $allCSSID = "NOT-SET"; - - /** - * pfSenseHTMLHead::pfSenseHTMLHead() - * - * Class Konstructor - **/ - function pfSenseHTMLHead() { - $this->meta[] = array("meta" => " <meta http-equiv=\"Content-Type\" " . - "content=\"text/html; charset=iso-8859-1\" />", - "ID" => "meta-" . strval(microtime())); - $this->link[] = array("link" => " <link rel=\"stylesheet\" type=\"text/css\" " . - "href=\"/niftycssprintCode.css\" media=\"print\" />", - "ID" => "link-" . strval(microtime())); - $this->script[] = array("script" => " <script type=\"text/javascript\" " . - "src=\"/javascript/scriptaculous/prototype.js\"></script>", - "weight" => 3, - "ID" => "script-" . strval(microtime())); - $this->script[] = array("script" => " <script type=\"text/javascript\" " . - "src=\"/javascript/scriptaculous/scriptaculous.js\"></script>", - "weight" => 4, - "ID" => "script-" . strval(microtime())); -// $this->script[] = array("script" => " <script type=\"text/javascript\">\n<!--\n" . getHeadJS() . "\n//-->\n</script>", -// "weight" => 5, -// "ID" => "script-" . strval(microtime())); - } - - /** - * pfSenseHTMLHead::getAllCssID() - * - * Allows to store the ID associated with the all CSS file. - * @return an ID - **/ - function getAllCssID() { - return $this->allCSSID; - } - - /** - * pfSenseHTMLHead::setAllCssID() - * - * Allows to set the ID associated with the all CSS file. - * @param mixed $myID a string representing an ID that was already generated. - **/ - function setAllCssID($myID = "") { - if ($myID == "") { return; } - - $this->allCSSID = $myID; - } - - /** - * pfSenseHTMLHead::setCloseHead() - * - * Should the HTML <head /> element be closed by the class or - * do you want to close it manually? - * @param mixed $myCloseHead Boolean value which indicates whether <head /> should be closed by the class - * @return - **/ - function setCloseHead($myCloseHead = true) { - $this->closehead = $myCloseHead; - } - - /** - * pfSenseHTMLHead::setTitle() - * - * Set the HTML <title /> element. - * @param string $myTitle The title (without any markup) - * @return NULL - **/ - function setTitle($myTitle = "") { - $this->title = $myTitle; - } - - /** - * pfSenseHTMLHead::addStyle() - * - * Allows to add a complete HTML <style /> element to the current - * meta element array. You can provide an ID if you want to access your - * particular element at a later time, for example to delete it from the - * array etc.. If you don't provide an ID, a random ID will be generated - * and returned. - * @param string $myStyleElement an HTML string that represents a <style /> tag. - * @param string $myID an ID that identifies this element. - * @return the ID that identifies the particular element that you've just added. - **/ - function addStyle($myStyleElement = "", $myID = "") { - if ($myID == "") { $myID = "style-" . strval(microtime()); } - - $this->style[] = array("style" => $myStyleElement, - "ID" => $myID); - - return $myID; - } - - /** - * pfSenseHTMLHead::getStyleArray() - * - * @return a reference to the meta element array. - **/ - function &getStyleArray() { - return $this->style; - } - - /** - * pfSenseHTMLHead::getStyleByID() - * - * Returns a reference to an array element that is identified by an ID. - * Can be used for example to manipulate an array element after it was - * already stored in the array. - * @param string $myID an ID that identifies the element that should be retrieved. - * @return a reference to an array element or NULL if the element does not exist. - **/ - function &getStyleByID($myID = "") { - foreach($this->style as $styleel){ - if ($styleel["ID"] == $myID) { - return $styleel; - } - } - return NULL; - } - - /** - * pfSenseHTMLHead::removeStyleByID() - * - * Provides a way to delete an element from an HTML element array. - * You must provide an ID which identifies the element to be deleted. - * @param string $myID an ID the identifies the element. - * @return 1 if the element was found or 0 if it does not exist. - **/ - function removeStyleByID($myID = "") { - foreach($this->style as $styleel){ - if ($styleel["ID"] == $myID) { - unset($styleel); - return 1; - } - } - return 0; - } - - /** - * pfSenseHTMLHead::addMeta() - * - * Allows to add a complete HTML <meta /> element to the current - * meta element array. You can provide an ID if you want to access your - * particular element at a later time, for example to delete it from the - * array etc.. If you don't provide an ID, a random ID will be generated - * and returned. - * @param string $myMetaElement an HTML string that represents a <meta /> tag. - * @param string $myID an ID that identifies this element. - * @return the ID that identifies the particular element that you've just added. - **/ - function addMeta($myMetaElement = "", $myID = "") { - if ($myID == "") { $myID = "meta-" . strval(microtime()); } - - $this->meta[] = array("meta" => $myMetaElement, - "ID" => $myID); - - return $myID; - } - - /** - * pfSenseHTMLHead::getMetaArray() - * - * @return a reference to the meta element array. - **/ - function &getMetaArray() { - return $this->meta; - } - - /** - * pfSenseHTMLHead::getMetaByID() - * - * Returns a reference to an array element that is identified by an ID. - * Can be used for example to manipulate an array element after it was - * already stored in the array. - * @param string $myID an ID that identifies the element that should be retrieved. - * @return a reference to an array element or NULL if the element does not exist. - **/ - function &getMetaByID($myID = "") { - foreach($this->meta as $metael){ - if ($metael["ID"] == $myID) { - return $metael; - } - } - return NULL; - } - - /** - * pfSenseHTMLHead::removeMetaByID() - * - * Provides a way to delete an element from an HTML element array. - * You must provide an ID which identifies the element to be deleted. - * @param string $myID an ID the identifies the element. - * @return 1 if the element was found or 0 if it does not exist. - **/ - function removeMetaByID($myID = "") { - foreach($this->meta as $metael){ - if ($metael["ID"] == $myID) { - unset($metael); - return 1; - } - } - return 0; - } - - /** - * pfSenseHTMLHead::addLink() - * - * Allows to add a complete HTML <link /> element to the current - * link element array. You can provide an ID if you want to access your - * particular element at a later time, for example to delete it from the - * array etc.. If you don't provide an ID, a random ID will be generated - * and returned. - * @param string $myLinkElement an HTML string that represents a <link /> tag. - * @param string $myID an ID that identifies this element. - * @return the ID that identifies the particular element that you've just added. - **/ - function addLink ($myLinkElement = "", $myID = "") { - if ($myID == "") { $myID = "link-" . strval(microtime()); } - - $this->link[] = array("link" => $myLinkElement, - "ID" => $myID); - - return $myID; - } - - /** - * pfSenseHTMLHead::getLinkArray() - * - * @return a reference to the link element array. - **/ - function &getLinkArray() { - return $this->link; - } - - /** - * pfSenseHTMLHead::getLinkByID() - * - * Returns a reference to an array element that is identified by an ID. - * Can be used for example to manipulate an array element after it was - * already stored in the array. - * @param string $myID an ID that identifies the element that should be retrieved. - * @return a reference to an array element or NULL if the element does not exist. - **/ - function &getLinkByID($myID = "") { - foreach($this->link as $linkel){ - if ($linkel["ID"] == $myID) { - return $linkel; - } - } - return NULL; - } - - /** - * pfSenseHTMLHead::removeLinkByID() - * - * Provides a way to delete an element from an HTML element array. - * You must provide an ID which identifies the element to be deleted. - * @param string $myID an ID the identifies the element. - * @return 1 if the element was found or 0 if it does not exist. - **/ - function removeLinkByID($myID = "") { - foreach($this->link as $linkel){ - if ($linkel["ID"] == $myID) { - unset($linkel); - return 1; - } - } - return 0; - } - - /** - * pfSenseHTMLHead::replaceLinkByID() - * - * Provides a way to replace an element from an HTML element array. - * You must provide an ID which identifies the element to be replace. - * @param string $myID an ID the identifies the element. - * @return 1 if the element was found or 0 if it does not exist. - **/ - function replaceLinkByID($myID = "", $byWhat = "") { - for ($i = 0; $i < count($this->link); $i++) { - $linkel =& $this->link[$i]; - if ($linkel["ID"] == $myID) { - $linkel["link"] = $byWhat; - return 1; - } - } - - return 0; - } - - /** - * pfSenseHTMLHead::addScript() - * - * Allows to add a complete HTML <link /> element to the current - * link element array. You can provide an ID if you want to access your - * particular element at a later time, for example to delete it from the - * array etc.. If you don't provide an ID, a random ID will be generated - * and returned. - * - * The <code>weight</code> parameter can be used to force the <script /> - * element to appear at the beginning of the HTML <head /> element or at - * its end. The greater the value for weight, the later the <script /> - * element will appear within the HTML <head /> element. - * @param string $myScriptElement an HTML string that represents a <script /> tag. - * @param integer $weight allows to position this element within the HTML <head /> - * @param string $myID an ID that identifies this element. - * @return the ID that identifies the particular element that you've just added. - **/ - function addScript($myScriptElement = "", $weight = 1000000, $myID = "") { - if ($myID == "") { $myID = "script-" . strval(microtime()); } - - $this->script[] = array("script" => $myScriptElement, - "weight" => $weight, - "ID" => $myID); - } - - /** - * pfSenseHTMLHead::getScriptArray() - * - * @return a reference to the script element array. - **/ - function &getScriptArray() { - return $this->script; - } - - /** - * pfSenseHTMLHead::getScriptByID() - * - * Returns a reference to an array element that is identified by an ID. - * Can be used for example to manipulate an array element after it was - * already stored in the array. - * @param string $myID an ID that identifies the element that should be retrieved. - * @return a reference to an array element or NULL if the element does not exist. - **/ - function &getScriptByID($myID = "") { - foreach($this->script as $scriptel){ - if ($scriptel["ID"] == $myID) { - return $scriptel; - } - } - return NULL; - } - - /** - * pfSenseHTMLHead::removeScriptByID() - * - * Provides a way to delete an element from an HTML element array. - * You must provide an ID which identifies the element to be deleted. - * @param string $myID an ID the identifies the element. - * @return 1 if the element was found or 0 if it does not exist. - **/ - function removeScriptByID($myID = "") { - foreach($this->script as $scriptel){ - if ($scriptel["ID"] == $myID) { - unset($scriptel); - return 1; - } - } - return 0; - } - - /** - * pfSenseHTMLHead::getHTML() - * - * This function finally renders the HTML string representation of the - * HTML document header that is represented by this class. If you did - * specify to not close the HTML <head /> element via <code>closehead</code> - * you need to close it manually. - * - * @return a string that contains a HTML <head /> element. - **/ - function getHTML () { - $language = $GLOBALS['config']['system']['language']; - - if ($this->returnedHTML) { - return; - } else { - $metastr = ""; - if (is_array($this->meta) && count($this->meta) > 0) - foreach($this->meta as $metael) { - $metastr .= $metael["meta"] . "\n"; - } - - $linkstr = ""; - if (is_array($this->link) && count($this->link) > 0) - foreach($this->link as $linkel) { - $linkstr .= $linkel["link"] . "\n"; - } - - $stylestr = ""; - if (is_array($this->style) && count($this->style) > 0) - foreach($this->style as $styleel) { - $stylestr .= $styleel["style"] . "\n"; - } - - $scriptstr = ""; - usort($this->script, "sortScriptArray"); - if (is_array($this->script) && count($this->script) > 0) - foreach($this->script as $scriptel) { - - $scriptstr .= $scriptel["script"] . "\n"; - } - - $this->html = str_replace("%TITLE%", $this->title, $this->html); - $this->html = str_replace("%META%", $metastr, $this->html); - $this->html = str_replace("%STYLE%", $stylestr, $this->html); - $this->html = str_replace("%LINK%", $linkstr, $this->html); - $this->html = str_replace("%SCRIPT%", $scriptstr, $this->html); - //$this->html = str_replace("%LANG%", $language, $this->html); - $this->html = $this->xmlHead . $this->docType . $this->html; - - $this->returnedHTML = true; - - return $this->closehead ? ($this->html . "</head>") : ($this->html); - } - } -} - -/** - * sortScriptArray() - * - * Sorts the script array according of the weight of a particular - * script element. - * @param mixed $a - * @param mixed $b - * @return - **/ -function sortScriptArray($a, $b) { - if ($a["weigth"] == $b["weight"]) { - return 0; - } - - return (intval($a["weight"]) > intval($b["weight"])) ? 1 : -1; -} - -?> diff --git a/config/authng/www/php/system_groupmanager.php b/config/authng/www/php/system_groupmanager.php deleted file mode 100644 index 13259e63..00000000 --- a/config/authng/www/php/system_groupmanager.php +++ /dev/null @@ -1,797 +0,0 @@ -<?php -/* - $Id$ - part of pfSense (http://www.pfSense.com) - originally part of part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>. - All rights reserved. - - Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>. - All rights reserved. - - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); - -$_SESSION['NO_AJAX'] = true; - -$pgtitle = array(gettext("System"), gettext("Group manager")); -$treeItemID = 0; - -function walkArea($title, - $t, - $area, - $id, - &$counter, - &$script_tag, - $tmpfname, - &$group) { - global $treeItemID; - - foreach($area as $a => $aa) { - if (is_array($aa) && count($aa) > 0) { - $title .= "_{$a}"; - echo "<li class=\"closed\"><a id=\"treeitem_{$treeItemID}\" href=\"#\">$a</a><ul>"; - $treeItemID++; - walkArea($title, - $a, - $aa, - $id, - $counter, - $script_tag, - $tmpfname, - $group); - echo "</ul>\n"; - } else { - $tmp_string = "{$t}"; - $tmp_string .= ": "; - $tmp_string .= $a; - $trimmed_title = trim($title); - $trimmed_a = trim($a); - $this_id = "{$trimmed_title}_{$trimmed_a}_{$counter}"; - $this_id = str_replace(" ", "", $this_id); - $this_id = str_replace("/", "", $this_id); - $stripped_session = str_replace("/tmp/", "", $tmpfname); - $allowed = false; - if (is_array($group['pages'][0]['page'])) { - foreach($group['pages'][0]['page'] as $page) { - if (stristr($aa, $page)) - $allowed = true; - // echo "$page || $aa"; - } - } - $allowed ? $checked = " checked=\"checked\"" : $checked = ""; - echo " <li id=\"treeitem_{$treeItemID}\" class=\"closed\" title=\"{$aa}\"><a name=\"anchor_{$treeItemID}\" style=\"display: none;\"> </a>"; - $idForOnClick = $treeItemID; - $treeItemID++; - echo "<input type=\"checkbox\" class=\"formfld\" id=\"treeitem_{$treeItemID}\" "; - $treeItemID++; - echo "name=\"treeitem_{$treeItemID}\" title=\"{$area}\" onClick=\"getURL('system_groupmanager.php?id={$id}&toggle={$aa}&item={$idForOnClick}&session={$stripped_session}', after_request_callback); rotate();\" {$checked} /> "; - $treeItemID++; - echo "<a id=\"treeitem_{$treeItemID}\" href=\"#anchor_{$idForOnClick}\" onclick=\"getURL('system_groupmanager.php?id={$id}&toggle={$aa}&item={$idForOnClick}&session={$stripped_session}', after_request_callback); rotate();\">{$a}</a></li>\n"; - $idForScript = $treeItemID; - $treeItemID++; - -//echo "$script_tag <hr />"; - $script_tag .= "var item = document.getElementById('treeitem_{$idForScript}');\n"; - if ($allowed) { - $script_tag .= "item.style.backgroundImage = \"url('/tree/page-file_play.gif')\";\n"; - } else { - $script_tag .= "item.style.backgroundImage = \"url('/tree/page-file_x.gif')\";\n"; - } - $counter++; - } // end if - } // end foreach -} - -function init_ajax_helper_file($tmpfname) -{ - global $config, $id, $global; - $a_group = &$config['system']['group']; - $id = $_GET['id']; - if (isset($id) && $a_group[$id]) - $group = $a_group[$id]; - else - $group = array(); - $fd = fopen("/tmp/{$tmpfname}", "w"); - if ($group['pages'][0]['page']) - foreach($group['pages'][0]['page'] as $page) { - fwrite($fd, $page . "\n"); - } - fclose($fd); - return; -} - -if ($_GET['toggle'] <> "") { - /* AJAX is calling, lets take care of it */ - if (!file_exists("/tmp/" . $_GET['session'])) { - init_ajax_helper_file($_GET['session']); - } - $fc = file_get_contents("/tmp/" . $_GET['session']); - $file_split = split("\n", $fc); - $found = -1; - for($x = 0; $x < count($file_split); $x++) { - if ($file_split[$x] == $_GET['toggle']) { - $found = $x; - } - } - if ($found == -1) { - $file_split[] = $_GET['toggle']; - $image = "/tree/page-file_play.gif"; - } else { - unset($file_split[$found]); - $image = "/tree/page-file_x.gif"; - } - $fd = fopen("/tmp/{$_GET['session']}", "w"); - if ($file_split) - foreach($file_split as $fs) { - if ($fs) - fwrite($fd, $fs . "\n"); - } - fclose($fd); - echo $_GET['item'] . "_a||" . "{$image}"; - exit; -} - -function convert_array_to_pgtitle($orig) -{ - $newstring = ""; - foreach($orig as $o) { - if ($newstring <> "") - $newstring .= ": "; - $newstring .= $o; - } - return $newstring; -} -// Returns an array of pages with their descriptions -function getAdminPageList() -{ - global $g; - - $tmp = Array(); - - if ($dir = opendir($g['www_path'])) { - while ($file = readdir($dir)) { - // Make sure the file exists and is not a directory - if ($file == "." or $file == ".." or $file[0] == '.') - continue; - // Is this a .inc.php file? pfSense! - if (fnmatch('guiconfig.inc', $file)) - continue; - if (fnmatch('*.inc', $file)) - continue; - if (fnmatch('*.inc.php', $file)) - continue; - if (fnmatch('*.php', $file)) { - // Read the description out of the file - $contents = file_get_contents($file); - $contents_split = split("\n", $contents); - $mlinestr = ""; - foreach($contents_split as $contents) { - $pgtitle = ""; - // Looking for a line like: - // $pgtitle = array(gettext("System"), gettext("Group manager")); // - DO NOT REMOVE. - if ($mlinestr == "" && stristr($contents, "\$pgtitle") == false) - continue; - if ($mlinestr == "" && stristr($contents, "=") == false) - continue; - if (stristr($contents, "<")) - continue; - if (stristr($contents, ">")) - continue; - /* at this point its evalable */ - $contents = trim ($contents); - $lastchar = substr($contents, strlen($contents) - 1, strlen($contents)); - $firstchar = substr($contents, 0, 1); - - /* check whether pgtitle is on one or multible lines */ - if ($firstchar <> "/" && $firstchar <> "#" && $lastchar <> ";") { - /* remember the partitial pgtitle string for the next loop iteration */ - $mlinestr .= $contents; - continue; - } else if ($mlinestr <> "" && $lastchar == ";") { - /* this is the final pgtitle part including the semicolon */ - $mlinestr .= $contents; - } else if ($mlinestr == "" && $lastchar == ";") { - /* this is a single line pgtitle, hence just - * copy its contents into mlinestr - */ - $mlinestr = $contents; - } else if ($firstchar == "/" || $firstchar == "#") { - /* same applies for comment lines */ - $mlinestr = $contents; - } - - eval($mlinestr); - - /* after eval, if not an array, continue */ - if (!is_array($pgtitle)) { - /* reset mlinestr for the next loop iteration */ - $mlinestr = ""; - continue; - } - - $tmp[$file] = convert_array_to_pgtitle($pgtitle); - - /* break out of the for loop, on to next file */ - break; - } - } - } - - /* loop through and read in wizard information */ - if ($dir = opendir("{$g['www_path']}/wizards")) { - while ($file = readdir($dir)) { - // Make sure the file exists and is not directory - if ($file == "." or $file == ".." or $file[0] == '.') - continue; - // Is this a .xml file? pfSense! - if (fnmatch('*.xml', $file)) { - /* parse package and retrieve the package title */ - $pkg = parse_xml_config_pkg("{$g['www_path']}/wizards/{$file}", "pfsensewizard"); - $title = $pkg['title']; - if ($title) - $tmp[$file] = trim($title); - } - } - } - - /* loop through and read in package information */ - if ($dir = opendir("{$g['pkg_path']}")) { - while ($file = readdir($dir)) { - // Make sure the file exists and is not directory - if ($file == "." or $file == ".." or $file[0] == '.') - continue; - // Is this a .xml file? pfSense! - if (fnmatch('*.xml', $file)) { - /* parse package and retrieve the package title */ - $pkg = parse_xml_config_pkg("{$g['pkg_path']}/{$file}", "packagegui"); - $title = $pkg['title']; - if ($title) - $tmp[$file] = trim($title); - } - } - } - - closedir($dir); - // Sets Interfaces:Optional page that didn't read in properly with the above method, - // and pages that don't have descriptions. - $tmp['interfaces_opt.php'] = ("Interfaces: Optional"); - $tmp['graph.php'] = ("Status: Traffic Graph"); - $tmp['graph_cpu.php'] = ("Diagnostics: CPU Utilization"); - $tmp['exec_raw.php'] = ("Hidden: Exec Raw"); - $tmp['uploadconfig.php'] = ("Hidden: Upload Configuration"); - $tmp['index.php'] = ("Status: System"); - $tmp['system_usermanager.php'] = ("System: User Password"); - $tmp['diag_logs_settings.php'] = ("Diagnostics: Logs: Settings"); - $tmp['diag_logs_vpn.php'] = ("Diagnostics: Logs: PPTP VPN"); - $tmp['diag_logs_filter.php'] = ("Diagnostics: Logs: Firewall"); - $tmp['diag_logs_portal.php'] = ("Diagnostics: Logs: Captive Portal"); - $tmp['diag_logs_dhcp.php'] = ("Diagnostics: Logs: DHCP"); - $tmp['diag_logs.php'] = ("Diagnostics: Logs: System"); - - $tmp['ifstats.php'] = ("Hidden: *XMLRPC Interface Stats"); - $tmp['license.php'] = ("System: License"); - $tmp['progress.php'] = ("Hidden: *No longer included"); - $tmp['diag_logs_filter_dynamic.php'] = ("Hidden: *No longer included"); - $tmp['preload.php'] = ("Hidden: *XMLRPC Preloader"); - $tmp['xmlrpc.php'] = ("Hidden: *XMLRPC Library"); - $tmp['pkg.php'] = ("System: *Renderer for XML based package GUIs (Part I)"); - $tmp['pkg_edit.php'] = ("System: *Renderer for XML based package GUIs (Part II)"); - - $tmp['functions.inc.php'] = ("Hidden: Ajax Helper 1"); - $tmp['javascript.inc.php'] = ("Hidden: Ajax Helper 2 "); - $tmp['sajax.class.php'] = ("Hidden: Ajax Helper 3"); - - asort($tmp); - - return $tmp; - } -} -// Get a list of all admin pages & Descriptions -$pages = getAdminPageList(); - -if (!is_array($config['system']['group'])) { - $config['system']['group'] = array(); -} -admin_groups_sort(); -$a_group = &$config['system']['group']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if ($_GET['act'] == "del") { - if ($a_group[$_GET['id']]) { - $ok_to_delete = true; - if (isset($config['system']['user'])) { - foreach ($config['system']['user'] as $userent) { - if ($userent['groupname'] == $a_group[$_GET['id']]['name']) { - $ok_to_delete = false; - $input_errors[] = gettext("users still exist who are members of this group!"); - break; - } - } - } - if ($ok_to_delete) { - unset($a_group[$_GET['id']]); - write_config(); - pfSenseHeader("system_groupmanager.php"); - exit; - } - } -} - -if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - /* input validation */ - $reqdfields = explode(" ", "groupname"); - $reqdfieldsn = explode(",", "Group Name"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (preg_match("/[^a-zA-Z0-9\.\-_ ]/", $_POST['groupname'])) - $input_errors[] = gettext("The group name contains invalid characters."); - - if (!$input_errors && !(isset($id) && $a_group[$id])) { - /* make sure there are no dupes */ - foreach ($a_group as $group) { - if ($group['name'] == $_POST['groupname']) { - $input_errors[] = gettext("Another entry with the same group name already exists."); - break; - } - } - } - - if (!$input_errors) { - if (isset($id) && $a_group[$id]) - $group = $a_group[$id]; - - $group['name'] = $_POST['groupname']; - isset($_POST['homepage']) ? $group['home'] = $_POST['homepage'] : $group['home'] = "index.php"; - isset($_POST['gtype']) ? $group['scope'] = $_POST['gtype'] : $group['scope'] = "system"; - $group['description'] = $_POST['description']; - unset($group['pages'][0]['page']); - - $file_split = split("\n", file_get_contents("/tmp/" . $_POST['session'])); - for($x = 0; $x < count($file_split); $x++) { - if ($file_split[$x]) - $group['pages'][0]['page'][] = $file_split[$x]; - } - - if (isset($id) && $a_group[$id]) - $a_group[$id] = $group; - else - $a_group[] = $group; - - write_config(); - - unlink_if_exists("/tmp/" . $_GET['session']); - - pfSenseHeader("system_groupmanager.php"); - exit; - } -} - -include("head.inc"); - -$checkallstr = <<<EOD - function checkallareas(enable) { - var elem = document.iform.elements.length; - var endis = (document.iform.checkall.checked || enable); - - for (i = 0; i < elem; i++) { - if (document.iform.elements[i].name.indexOf("chk-") >= 0) { - document.iform.elements[i].checked = true; - document.iform.elements[i].click(); - } - } - } - -EOD; - -$pfSenseHead->addScript("<script type=\"text/javascript\">\n" . $checkallstr . "</script>\n"); -$pfSenseHead->addLink("<link href=\"/tree/tree.css\" rel=\"stylesheet\" type=\"text/css\" />"); -echo $pfSenseHead->getHTML(); - -?> -<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php include("fbegin.inc");?> -<?php if ($input_errors) print_input_errors($input_errors);?> -<?php if ($savemsg) print_info_box($savemsg);?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); - $tab_array[] = array(gettext("Group"), true, "system_groupmanager.php"); - $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td class="tabcont"> -<?php -if ($_GET['act'] == "new" || $_GET['act'] == "edit") { - $tmpfname = tempnam("/tmp", "edit_add_groupmanager"); - $tmpfname = str_replace("/tmp/", "", $tmpfname); - unlink("/tmp/$tmpfname"); - init_ajax_helper_file($tmpfname); - if ($_GET['act'] == "edit") { - if (isset($id) && $a_group[$id]) { - $pconfig['name'] = $a_group[$id]['name']; - $pconfig['description'] = $a_group[$id]['description']; - $pconfig['home'] = $a_group[$id]['home']; - $pconfig['gtype'] = $a_group[$id]['scope']; - $pconfig['pages'] = $a_group[$id]['pages'][0]['page']; - } - } else if ($_GET['act'] == "new") { - /* set this value cause the text field is read only - * and the user should not be able to mess with this - * setting. - */ - $pconfig['gtype'] = "user"; - } - -?> - <form action="system_groupmanager.php" method="post" name="iform" id="iform"> - <div id="inputerrors"></div> -<script type="text/javascript"> -if (typeof getURL == 'undefined') { - getURL = function(url, callback) { - if (!url) - throw 'No URL for getURL'; - try { - if (typeof callback.operationComplete == 'function') - callback = callback.operationComplete; - } catch (e) {} - if (typeof callback != 'function') - throw 'No callback function for getURL'; - var http_request = null; - if (typeof XMLHttpRequest != 'undefined') { - http_request = new XMLHttpRequest(); - } - else if (typeof ActiveXObject != 'undefined') { - try { - http_request = new ActiveXObject('Msxml2.XMLHTTP'); - } catch (e) { - try { - http_request = new ActiveXObject('Microsoft.XMLHTTP'); - } catch (e) {} - } - } - if (!http_request) - throw 'Both getURL and XMLHttpRequest are undefined'; - http_request.onreadystatechange = function() { - if (http_request.readyState == 4) { - callback( { success : true, - content : http_request.responseText, - contentType : http_request.getResponseHeader("Content-Type") } ); - } - } - http_request.open('GET', url, true); - http_request.send(null); - } -} -function after_request_callback(callback_data) { - var data = callback_data.content; - data_split = data.split("||"); - var item = document.getElementById(data_split[0]); - var check = document.getElementById("chk-" + data_split[0]); - item.style.backgroundImage = 'url(' + data_split[1] + ')'; - if (data_split[1] == "/tree/page-file_play.gif") { - check.checked = true; - } else { - check.checked = false; - } - $('troot_text').innerHTML = '<?= gettext("webConfigurator"); ?>'; -} - -function rotate() { - $('troot_text').innerHTML = '<img src="/themes/<?= $g['theme'] ?>/images/misc/loader.gif" alt="" />'; -} -</script> - - <input type="hidden" name="session" value="<?=$tmpfname?>" /> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq"> - <?=gettext("Group name");?> - </td> - <td width="78%" class="vtable"> - <input name="groupname" type="text" class="formfld group" id="groupname" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"> - <?=gettext("Home Page");?> - </td> - <td width="78%" class="vtable"> - <input name="homepage" type="text" class="formfld url" id="homepage" size="20" value="<?=htmlspecialchars($pconfig['home']);?>" /> - <br /> - <?=gettext("A webpage that should be shown to the user after having logged in.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"> - <?=gettext("Group Type");?> - </td> - <td width="78%" class="vtable"> - <input name="gtype" type="text" class="formfld unknown" id="gtype" size="20" value="<?=htmlspecialchars($pconfig['gtype']);?>" readonly="readonly" /> - <br /> - <?=gettext("Indicates whether this is a system (aka non-deletable) group or a group created by the user.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> - <td width="78%" class="vtable"> - <textarea name="description" class="formpre" id="description" rows="2" cols="20"><?=htmlspecialchars($pconfig['description']);?></textarea> - <br /> - <?=gettext("Group description, for your own information only");?> - </td> - </tr> - <tr> - <td colspan="5"> - <script type="text/javascript" src="/tree/tree.js"></script> -<?php - if (isset($id) && $a_group[$id]) - $group = $a_group[$id]; - else - $group = array(); - $menu_array = array(); - /* build up an array similar to fbegin.inc's $menu */ - foreach ($pages as $fname => $title) { - $identifier = str_replace('.php', '', $fname); - $identifier = $fname; - $title_split = split(": ", $title); - $tmp = "\$menu_array"; - foreach($title_split as $ts) - $tmp .= "['{$ts}']"; - $tmp .= " = \"{$identifier}\";"; - echo "<!-- $tmp -->\n"; - eval($tmp); - } - - echo "<span id=\"troot_text\" style=\"position: relative; top: 12px;\">" . gettext("webConfigurator") . "</span><ul class=\"tree\" id=\"troot\">\n"; - $counter = 0; - /* XXX: we may wanna pull from or add to each row a +e item (+edit) */ - $script_tag = ""; - - if (is_array($menu_array) && count($menu_array) > 0) { - foreach($menu_array as $title => $m) { - echo "<li class=\"closed\"><a id=\"treeitem_{$treeItemID}\" href=\"#\">$title</a><ul>"; - $treeItemID++; - if (is_array($m) && count($m) > 0) { - foreach($m as $t => $area) { - if (is_array($area) && count($area) > 0) { - echo "<li class=\"closed\"><a id=\"treeitem_{$treeItemID}\" href=\"#\">$t</a><ul>"; - $treeItemID++; - walkArea("{$title}_{$t}", - $t, - $area, - $id, - $counter, - $script_tag, - $tmpfname, - $group); - echo "</ul>\n"; - } else { - $trimmed_title = trim($title); - $trimmed_t = trim($t); - $this_id = "{$trimmed_title}_{$trimmed_t}_{$counter}"; - $this_id = str_replace(" ", "", $this_id); - $this_id = str_replace("/", "", $this_id); - $allowed = false; - if (is_array($group['pages'][0]['page'])) { - foreach($group['pages'][0]['page'] as $page) { - if (stristr($area, $page)) - $allowed = true; - // echo "$page || $area || $t"; - } - } - $allowed ? $checked = " checked=\"checked\"" : $checked = ""; - $stripped_session = str_replace("/tmp/", "", $tmpfname); - echo"<li id=\"treeitem_{$treeItemID}\" class=\"closed\" title=\"{$area}\"><a name=\"anchor_{$treeItemID}\" style=\"display: none;\"> </a>"; - $idForOnClick = $treeItemID; - $treeItemID++; - echo " <input type=\"checkbox\" class=\"formfld\" id=\"treeitem_{$treeItemID}\" "; - $treeItemID++; - echo "name=\"treeitem_{$treeItemID}\" title=\"{$area}\" onclick=\"getURL('system_groupmanager.php?id={$id}&toggle={$area}&item={$idForOnClick}&session={$stripped_session}', after_request_callback); rotate();\" {$checked}/> "; - echo " <a id=\"treeitem_{$treeItemID}\" "; - $idForScript = $treeItemID; - $treeItemID++; - echo "href=\"#anchor_{$idForOnClick}\" onclick=\"getURL('system_groupmanager.php?id={$id}&toggle={$area}&item={$idForOnClick}&session={$stripped_session}', after_request_callback); rotate();\">{$t}</a></li>\n"; - $treeItemID++; - $script_tag .= "var item = document.getElementById('treeitem_{$idForScript}');\n"; - if ($allowed) { - $script_tag .= "item.style.backgroundImage = \"url('/tree/page-file_play.gif')\";\n"; - } else { - $script_tag .= "item.style.backgroundImage = \"url('/tree/page-file_x.gif')\";\n"; - } - $counter++; - } - } - } - echo "</ul>\n"; - } - } - echo "</ul>\n"; - -?> - </td> - </tr> - <tr> - <td colspan="5"> - <table> - <tr> - <td><input type="checkbox" name="checkall" id="checkall" title="Check/Uncheck all areas" onclick="checkallareas();"/></td> - <td><?=gettext("Check/Uncheck all areas");?></td> - </tr> - <tr> - <td><img src="/tree/page-file_play.gif" alt="" /></td> - <td><?=gettext("Allowed access to area");?></td> - </tr> - <tr> - <td><img src="/tree/page-file_x.gif" alt="" /></td> - <td><?=gettext("Disallowed access to area");?></td> - </tr> - </table> - </td> - </tr> - <tr> - <td colspan="5"> - <?=gettext("Select that pages that this group may access. Members of this group will be able to perform all actions that are possible from each individual web page. Ensure you set access levels appropriately.");?> - </td> - </tr> - <tr> - <td colspan="5"> - <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <?php if (isset($id) && $a_group[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> - <?php endif;?> - <p> - <span class="vexpl"> - <span class="red"> - <strong><?=gettext("Note");?>: </strong> - </span> - <?=gettext("Pages marked with an * are strongly recommended for every group.");?> - </span> - </p> - </td> - </tr> - </table> - </form> - </td> <!-- end <td class="tabcont"/> --> - </tr> - </table> -<?php -} else { - -?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="35%" class="listhdrr"><?=gettext("Group name");?></td> - <td width="20%" class="listhdrr"><?=gettext("Description");?></td> - <td width="20%" class="listhdrr"><?=gettext("Pages Accessible");?></td> - <td width="10%" class="list"></td> - </tr> -<?php - $i = 0; - foreach($a_group as $group): -?> - <tr> - <td class="listlr" valign="middle" nowrap="nowrap"> - <table border="0" cellpadding="0" cellspacing="0"> - <tr> - <td align="left" valign="middle"> - <?php if($group['scope'] == "user"): ?> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_system-group.png" alt="Group" title="Group" border="0" height="20" width="20" /> - <?php else: ?> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_system-group-grey.png" alt="Group" title="Group" border="0" height="20" width="20" /> - <?php endif; ?> - - </td> - <td align="left" valign="middle"> - <? - if($group['name'] != "") - echo htmlspecialchars($group['name']); - else - echo " "; - ?> - </td> - </tr> - </table> - </td> - <td class="listr"> - <? - if($group['description'] != "") - echo htmlspecialchars($group['description']); - else - echo " "; - ?> - </td> - <td class="listbg"> - <?php if(is_array($group['pages'][0])): ?> - <font color="white"><?=count($group['pages'][0]['page']);?></font> - <?php elseif (isset($group['pages'][0])): ?> - <font color="white"><?=$group['pages'][0];?></font> - <?php else: ?> - <font color="white"><?=gettext("NOT SET");?></font> - <?php endif; ?> - </td> - <?php if($group['scope'] == "user"): ?> - <td valign="middle" nowrap class="list"> - <a href="system_groupmanager.php?act=edit&id=<?=$i;?>"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit group");?>" width="17" height="17" border="0" alt="" /> - </a> - <a href="system_groupmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this group?");?>')"> - <img src="./themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete group");?>" width="17" height="17" border="0" alt="" /> - </a> - </td> - <?php endif; ?> - </tr> -<?php - $i++; - endforeach; -?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <a href="system_groupmanager.php?act=new"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add group");?>" width="17" height="17" border="0" alt="" /> - </a> - </td> - </tr> - <tr> - <td colspan="3"> - <p> - <?=gettext("Additional webConfigurator admin groups can be added here. Each group can be restricted to specific portions of the webConfigurator. Individually select the desired web pages each group may access. For example, a troubleshooting group could be created which has access only to selected Status and Diagnostics pages.");?> - </p> - <p> - <?=gettext("A group icon that appears grey indicates that it is a system group and thus can't be modified or deleted.");?> - </p> - </td> - </tr> - </table> -</td></tr> -</table> -<?php -} -?> - -<script type="text/javascript"> - window.setTimeout('afterload()', '10'); - function afterload() { - <?php echo $script_tag ?> - } -</script> -<?php include("fend.inc");?> -</body> -</html> diff --git a/config/authng/www/php/system_usermanager.php b/config/authng/www/php/system_usermanager.php deleted file mode 100644 index 0a13be95..00000000 --- a/config/authng/www/php/system_usermanager.php +++ /dev/null @@ -1,84 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - system_usermanager.php - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -require("guiconfig.inc"); -// The page title for non-admins -$pgtitle = getUsermanagerPagetitle(); - -include("head.inc"); - -$effectStyle = ' - <style type="text/css"> - .popup_nousers { - background: #000000; - opacity: 0.2; - } - </style> -'; -foreach(getWindowJSScriptRefs() as $jscript){ - $pfSenseHead->addScript($jscript); -} -foreach(getWindowJSStyleRefs() as $style){ - $pfSenseHead->addStyle($style); -} -$pfSenseHead->addStyle($effectStyle); -echo $pfSenseHead->getHTML(); -?> -<body link="#000000" vlink="#000000" alink="#000000"> -<?php include("fbegin.inc");?> -<p class="pgtitle"><?= gentitle($pgtitle); ?></p> -<form action="system_usermanager.php" method="post" name="iform" id="iform"> -<?php if ($input_errors) print_input_errors($input_errors);?> -<?php if ($savemsg) print_info_box($savemsg);?> -<?php - if (! gotNoUsers()) { - if ($userPeer->isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { - processUserManagerAdminPostVars(); - require_once("system_usermanager_admin.inc"); - } else { - processUserManagerPostVars(); - require_once("system_usermanager_user.inc"); - } - } -?> -</form> -<div id="popupanchor"> </div> -<?= openNoUserDefsDialog("popup_nousers"); ?> -<?php include("fend.inc");?> -</body> -</html> diff --git a/config/authng/www/php/system_usermanager_admin.inc b/config/authng/www/php/system_usermanager_admin.inc deleted file mode 100644 index 73cda74f..00000000 --- a/config/authng/www/php/system_usermanager_admin.inc +++ /dev/null @@ -1,92 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - system_usermanager_admin.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -/* ======================= P A G E F R A G M E N T ======================== */ -/* ========================================================================== */ -?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); - $tab_array[] = array(gettext("Group"), false, "system_groupmanager.php"); - $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td> - <?php - if ($_GET['act'] == "new" || $_GET['act'] == "edit" || $input_errors) { - if ($_GET['act'] == "edit") { - if (isset($id) && $a_user[$id]) { - $pconfig['usernamefld'] = $a_user[$id]['name']; - $pconfig['fullname'] = $a_user[$id]['fullname']; - $pconfig['groupname'] = $a_user[$id]['groupname']; - $pconfig['utype'] = $a_user[$id]['scope']; - $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); - } - } else if ($_GET['act'] == "new") { - /* set this value cause the text field is read only - * and the user should not be able to mess with this - * setting. - */ - $pconfig['utype'] = "user"; - } - - // finally pull in the php file containing the appropriate markup - require_once("system_usermanager_admin_newedit.inc"); - ?> - <?php - } else { - // finally pull in the php file containing the appropriate markup - require_once("system_usermanager_admin_index.inc"); - ?> - <?php } ?> - </td> - </tr> - </table> - </div> <!-- MAINAREA DIV --> - </td> - </tr> - </table> diff --git a/config/authng/www/php/system_usermanager_admin_index.inc b/config/authng/www/php/system_usermanager_admin_index.inc deleted file mode 100644 index 807c7e53..00000000 --- a/config/authng/www/php/system_usermanager_admin_index.inc +++ /dev/null @@ -1,108 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - system_usermanager_admin_edituser.php - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -/* ======================= P A G E F R A G M E N T ======================== */ -/* ========================================================================== */ -?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr> - <td width="35%" class="listhdrr">Username</td> - <td width="20%" class="listhdrr">Full name</td> - <td width="20%" class="listhdrr">Group</td> - <td width="10%" class="list"></td> -</tr> -<?php - $i = 0; - foreach($a_user as $userent): -?> -<tr ondblclick="document.location.herf = 'system_usermanager.php?act=edit&id=<?=$i;?>';"> - <td class="listlr"> - <table border="0" cellpadding="0" cellspacing="0"> - <tr> - <td align="left" valign="middle"> - <?php if($userent['scope'] == "user"): ?> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_system-user.png" alt="User" title="User" border="0" height="20" width="20" /> - <?php else: ?> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_system-user-grey.png" alt="User" title="User" border="0" height="20" width="20" /> - <?php endif; ?> - - </td> - <td align="left" valign="middle"> - <?=htmlspecialchars($userent['name']);?> - </td> - </tr> - </table> - </td> - <td class="listr"><?=htmlspecialchars($userent['fullname']);?> </td> - <td class="listbg"> - <font color="white"><?=htmlspecialchars($userent['groupname']);?></font> - </td> - <td valign="middle" nowrap class="list"> - <a href="system_usermanager.php?act=edit&id=<?=$i;?>"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit user" alt="edit user" width="17" height="17" border="0" /> - </a> - <?php if($userent['scope'] == "user"): ?> - - <a href="system_usermanager.php?act=del&what=user&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete user" alt="delete user" width="17" height="17" border="0" /> - </a> - <?php endif; ?> - </td> -</tr> -<?php - $i++; - endforeach; -?> -<tr> - <td class="list" colspan="3"></td> - <td class="list"> - <a href="system_usermanager.php?act=new"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="add user" alt="add user" width="17" height="17" border="0" /> - </a> - </td> -</tr> -<tr> - <td colspan="3"> - <p> - <?=gettext("Additional webConfigurator users can be added here. User permissions are determined by the admin group they are a member of.");?> - </p> - <p> - <?=gettext("An user icon that appears grey indicates that it is a system user and thus it's only possible to modified a subset of the regular user data. Additionally such an user can't be deleted.");?> - </p> - </td> -</tr> -</table>
\ No newline at end of file diff --git a/config/authng/www/php/system_usermanager_admin_newedit.inc b/config/authng/www/php/system_usermanager_admin_newedit.inc deleted file mode 100644 index d5b7126d..00000000 --- a/config/authng/www/php/system_usermanager_admin_newedit.inc +++ /dev/null @@ -1,167 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - system_usermanager_admin_newuser.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -/* ======================= P A G E F R A G M E N T ======================== */ -/* ========================================================================== */ -?> - -<div id="inputerrors"></div> -<table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td> - <td width="78%" class="vtable"> - <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?php if ($pconfig['utype'] == "system") { echo "readonly=\"readonly\" "; }?>/> - <input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td> - <td width="78%" class="vtable"> - <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" /> - </td> - </tr> - <tr> - <td width="78%" class="vtable"> - <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td> - <td width="78%" class="vtable"> - <input name="fullname" type="text" class="formfld unknown" id="fullname" size="20" value="<?=htmlspecialchars($pconfig['fullname']);?>" <?php if ($pconfig['utype'] == "system") { echo "readonly=\"readonly\" "; }?>/> - <br /> - <?=gettext("User's full name, for your own information only");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("User type");?></td> - <td width="78%" class="vtable"> - <input name="utype" type="text" class="formfld unknown" id="utype" size="20" value="<?=htmlspecialchars($pconfig['utype']);?>" readonly="readonly" /> - <br /> - <?=gettext("Indicates whether this is a system (aka non-deletable) user or a user created by a particular user.");?> - </td> - </tr> - <?php if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("User Privileges");?></td> - <td width="78%" class="vtable"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="5%" class="listhdrr"><?=gettext("ID");?></td> - <td width="30%" class="listhdrr"><?=gettext("Name");?></td> - <td width="40%" class="listhdrr"><?=gettext("Description");?></td> - <td width="5%" class="list"></td> - </tr> - - <?php if(is_array($t_privs)): ?> - <?php $i = 0; foreach ($t_privs as $priv): ?> - <?php if($priv['id'] <> ""): ?> - <tr> - <td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> - <?=htmlspecialchars($priv['id']);?> - </td> - <td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> - <?=htmlspecialchars($priv['name']);?> - </td> - <td class="listbg" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> - <font color="#FFFFFF"><?=htmlspecialchars($priv['descr']);?> </font> - </td> - <td valign="middle" nowrap class="list"> - <?php if($a_user[$id]['scope'] == "user"): ?> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="system_usermanager_edit.php?id=<?=$i;?>&userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="" /></a></td> - <td valign="middle"><a href="system_usermanager.php?act=del&privid=<?=$i;?>&what=priv&id=<?= $id ?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" /></a></td> - </tr> - </table> - <?php endif; ?> - </td> - </tr> - <?php endif; ?> - <?php $i++; endforeach; ?> - <?php endif; ?> - - <?php if($a_user[$id]['scope'] == "user"): ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="system_usermanager_edit.php?userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" /></a></td> - </tr> - </table> - </td> - </tr> - <?php endif; ?> - </table> - </td> - </tr> - <?php endif; ?> - <?php if (isset($config['system']['ssh']['sshdkeyonly'])): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td> - <td width="78%" class="vtable"> - <textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea> - <br /> - <?=gettext("Paste an authorized keys file here.");?> - </td> - </tr> - <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Group Name");?></td> - <td width="78%" class="vtable"> - <select name="groupname" class="formselect" id="groupname" <?php if ($pconfig['utype'] == "system") { echo "disabled=\"disabled\" "; } ?>> - <?php foreach ($config['system']['group'] as $group): ?> - <option value="<?=$group['name'];?>" <?php if ($group['name'] == $pconfig['groupname']) { echo "selected"; } ?>> - <?=htmlspecialchars($group['name']);?> - </option> - <?php endforeach;?> - </select> - <br /> - <?=gettext("The admin group to which this user is assigned.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="save" type="submit" class="formbtn" value="Save" /> - <?php if (isset($id) && $a_user[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> - <?php endif;?> - </td> - </tr> -</table> diff --git a/config/authng/www/php/system_usermanager_edit.php b/config/authng/www/php/system_usermanager_edit.php deleted file mode 100644 index 25dc2ac3..00000000 --- a/config/authng/www/php/system_usermanager_edit.php +++ /dev/null @@ -1,294 +0,0 @@ -<?php -/* $Id$ */ -/* - system_usermanager_edit.php - - Copyright (C) 2006 Daniel S. Haischt. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array(gettext("System"), - gettext("User manager"), - gettext("Edit Privilege")); - -require("guiconfig.inc"); - -/* - The following code presumes, that the following XML structure exists or - if it does not exist, it will be created. - - <priv> - <id>fooid</id> - <name>foo</name> - <descr>foo desc</descr> - </priv> - <priv> - <id>barid</id> - <name>bar</name> - <descr>bar desc</descr> - </priv> -*/ - -$useract = $_GET['useract']; -if (isset($_POST['useract'])) - $useract = $_POST['useract']; - -/* USERID must be set no matter whether this is a new entry or an existing entry */ -$userid = $_GET['userid']; -if (isset($_POST['userid'])) - $userid = $_POST['userid']; - -/* ID is only set if the user wants to edit an existing entry */ -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (empty($config['system']['user'][$userid])) { - pfSenseHeader("system_usermanager.php?id={$userid}&act={$_GET['useract']}"); - exit; -} - -if (!is_array($config['system']['user'][$userid]['priv'])) { - $config['system']['user'][$userid]['priv'] = array(); -} - -$t_privs = &$config['system']['user'][$userid]['priv']; - -if (isset($id) && $t_privs[$id]) { - $pconfig['pid'] = $t_privs[$id]['id']; - $pconfig['pname'] = $t_privs[$id]['name']; - $pconfig['descr'] = $t_privs[$id]['descr']; -} else { - $pconfig['pid'] = $_GET['pid']; - $pconfig['pname'] = $_GET['pname']; - $pconfig['descr'] = $_GET['descr']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "pid pname"); - $reqdfieldsn = explode(",", "ID, Privilege Name"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - /* check for overlaps */ - foreach ($t_privs as $priv) { - if (isset($id) && ($t_privs[$id]) && ($t_privs[$id] === $priv)) { - continue; - } - if ($priv['id'] == $pconfig['pid']) { - $input_errors[] = gettext("This privilege ID already exists."); - break; - } - } - - if (hasShellAccess($userindex[$userid]['name']) || - isAllowedToCopyFiles($userindex[$userid]['name'])) { - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $userindex[$userid]['name'])) - $input_errors[] = gettext("The username contains invalid characters " . - "((this means this user can't be used to create" . - " a shell account)."); - } - - /* if this is an AJAX caller then handle via JSON */ - if(isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } - - if (!$input_errors) { - $priv = array(); - $priv['id'] = $pconfig['pid']; - $priv['name'] = $pconfig['pname']; - $priv['descr'] = $pconfig['descr']; - - if (isset($id) && $t_privs[$id]) - $t_privs[$id] = $priv; - else - $t_privs[] = $priv; - - if ($priv['id'] == "hasshell") { - assignUID($user['name']); - assignGID($user['groupname']); - } - - write_config(); - - $retval = 0; - config_lock(); - config_unlock(); - - $savemsg = get_std_save_message($retval); - - pfSenseHeader("system_usermanager.php?id={$userid}&act={$useract}"); - exit; - } -} - -/* if ajax is calling, give them an update message */ -if(isAjax()) - print_info_box_np($savemsg); - -include("head.inc"); -/* put your custom HTML head content here */ -/* using some of the $pfSenseHead function calls */ - -$jscriptstr = <<<EOD -<script type="text/javascript"> -<!-- - - var privs = new Array(); - - -EOD; - -$privs =& getSystemPrivs(); - -if (is_array($privs)) { - $id = 0; - - $jscriptstr .= "privs[{$id}] = new Object();\n"; - $jscriptstr .= "privs[{$id}]['id'] = 'custom';\n"; - $jscriptstr .= "privs[{$id}]['name'] = '*** Custom privilege ***';\n"; - $jscriptstr .= "privs[{$id}]['desc'] = 'This is your own, user defined privilege that you may change according to your requirements.';\n"; - $id++; - - foreach($privs as $priv){ - $jscriptstr .= "privs[{$id}] = new Object();\n"; - $jscriptstr .= "privs[{$id}]['id'] = '{$priv['id']}';\n"; - $jscriptstr .= "privs[{$id}]['name'] = '{$priv['name']}';\n"; - $jscriptstr .= "privs[{$id}]['desc'] = '{$priv['desc']}';\n"; - $id++; - } -} - -$jscriptstr .= <<<EOD - function setTextFields() { - var idx = document.iform.sysprivs.selectedIndex; - var value = document.iform.sysprivs.options[idx].value; - - for (var i = 0; i < privs.length; i++) { - if (privs[i]['id'] == value && privs[i]['id'] != 'custom') { - document.iform.pid.value = privs[i]['id']; - document.iform.pid.readOnly = true; - document.iform.pname.value = privs[i]['name']; - document.iform.pname.readOnly = true; - document.iform.descr.value = privs[i]['desc']; - document.iform.descr.readOnly = true; - break; - } else if (privs[i]['id'] == value) { - document.iform.pid.value = privs[i]['id']; - document.iform.pid.readOnly = false; - document.iform.pname.value = privs[i]['name']; - document.iform.pname.readOnly = false; - document.iform.descr.value = privs[i]['desc']; - document.iform.descr.readOnly = false; - break; - } - } - } - -//--> -</script> - -EOD; - -$pfSenseHead->addScript($jscriptstr); -echo $pfSenseHead->getHTML(); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php include("fbegin.inc"); ?> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> - <form action="system_usermanager_edit.php" method="post" name="iform" id="iform"> - <div id="inputerrors"></div> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("System Privileges");?></td> - <td width="78%" class="vtable"> - <select name="sysprivs" id="sysprivs" class="formselect" onchange="setTextFields();"> - <option value="custom">*** Custom privilege ***</option> - <?php - $privs =& getSystemPrivs(); - - if (is_array($privs)) { - foreach($privs as $priv){ - if (isset($config['system']['ssh']['sshdkeyonly']) && $priv['name'] <> "copyfiles") - echo "<option value=\"{$priv['id']}\">${priv['name']}</option>"; - else if (empty($config['system']['ssh']['sshdkeyonly'])) - echo "<option value=\"{$priv['id']}\">${priv['name']}</option>"; - } - } - ?> - </select><br /> - (If you do not want to define your own privilege, you may - select one from this list) - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Privilege Identifier");?></td> - <td width="78%" class="vtable"> - <input name="pid" type="text" class="formfld unknown" id="pid" size="30" value="<?=htmlspecialchars($pconfig['pid']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Privilege Name");?></td> - <td width="78%" class="vtable"> - <input name="pname" type="text" class="formfld unknown" id="pname" size="30" value="<?=htmlspecialchars($pconfig['pname']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="60" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here - for your reference (not parsed).");?></span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" /> - <?php if (isset($id) && $t_privs[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> - <?php endif; ?> - <?php if (isset($userid)): ?> - <input name="userid" type="hidden" value="<?=$userid;?>" /> - <?php endif; ?> - <?php if (isset($useract)): ?> - <input name="useract" type="hidden" value="<?=$useract;?>" /> - <?php endif; ?> - </td> - </tr> - </table> - </form> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/authng/www/php/system_usermanager_settings.php b/config/authng/www/php/system_usermanager_settings.php deleted file mode 100755 index 5853fab4..00000000 --- a/config/authng/www/php/system_usermanager_settings.php +++ /dev/null @@ -1,110 +0,0 @@ -<?php -/* $Id$ */ -/* - part of pfSense (http://www.pfsense.org/) - - Copyright (C) 2007 Bill Marquette <bill.marquette@gmail.com> - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -require("guiconfig.inc"); - -$pconfig['session_timeout'] = &$config['system']['webgui']['session_timeout']; - -// Page title for main admin -$pgtitle = array(gettext("System"), gettext("User manager settings")); - -if ($_POST) { - unset($input_errors); - - /* input validation */ - $reqdfields = explode(" ", "session_timeout"); - $reqdfieldsn = explode(",", "Session Timeout"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if ($_POST['session_timeout'] != "" && !is_numeric($_POST['session_timeout'])) - $input_errors[] = gettext("Session timeout must be an integer with value 0 or greater."); - - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } - - - if (!$input_errors) { - $pconfig['session_timeout'] = $_POST['session_timeout']; - - write_config(); - pfSenseHeader("system_usermanager_settings.php"); - } -} - -include("head.inc"); -echo $pfSenseHead->getHTML(); -?> - -<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php include("fbegin.inc");?> -<?php if ($input_errors) print_input_errors($input_errors);?> -<?php if ($savemsg) print_info_box($savemsg);?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); - $tab_array[] = array(gettext("Group"), false, "system_groupmanager.php"); - $tab_array[] = array(gettext("Settings"), true, "system_usermanager_settings.php"); - display_top_tabs($tab_array); -?> - </td> - <tr> - <td> - <div id="mainarea"> - <form id="iform" name="iform" action="system_usermanager_settings.php" method="post"> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="22%" valign="top" class="vncell">Session Timeout</td> - <td width="78%" class="vtable"> <input name="session_timeout" id="session_timeout" type="text"size="20" class="formfld unknown" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> - <br /> - <?=gettext("Time in minutes to expire idle management sessions.");?><br /> - </td> - </tr> - - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - </td> - </tr> - </table> - </form> - </div> - </td> - </tr> - </table> - -<?php include("fend.inc");?> -</body> -</html> diff --git a/config/authng/www/php/system_usermanager_user.inc b/config/authng/www/php/system_usermanager_user.inc deleted file mode 100644 index 25d2e210..00000000 --- a/config/authng/www/php/system_usermanager_user.inc +++ /dev/null @@ -1,66 +0,0 @@ -<?php -/* $Id$ */ -/* ========================================================================== */ -/* - system_usermanager_user.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -/* ======================= P A G E F R A G M E N T ======================== */ -/* ========================================================================== */ -?> - <div id="inputerrors"></div> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s Password</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell" rowspan="2">Password</td> - <td width="78%" class="vtable"> - <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> - </td> - </tr> - <tr> - <td width="78%" class="vtable"> - <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> - <?=gettext("(confirmation)");?> - <br /> - <span class="vexpl"><?=gettext("Select a new password");?></span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - </td> - </tr> - </table> diff --git a/config/authng/www/wizards/authng_wizard.xml b/config/authng/www/wizards/authng_wizard.xml deleted file mode 100644 index 94796e2f..00000000 --- a/config/authng/www/wizards/authng_wizard.xml +++ /dev/null @@ -1,496 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<pfsensewizard> -<copyright> -/* $Id$ */ -/* ========================================================================== */ -/* - authng_wizard.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -</copyright> -<totalsteps>8</totalsteps> -<step> - <id>1</id> - <title>pfSense AuthNG Wizard</title> - <disableheader>true</disableheader> - <description> - This wizard will guide you through the initial configuration of - the pfSense authentication system. - </description> - <fields> - <field> - <name>Next</name> - <type>submit</type> - </field> - </fields> -</step> -<step> - <id>2</id> - <title>pfSense Backend settings</title> - <description> - On this screen you will define where to define pfSense users and groups - </description> - <fields> - <field> - <name>PrincipalStore</name> - <type>select</type> - <donotdisable>true</donotdisable> - <bindstofield>installedpackages->authng->config->principal_store</bindstofield> - <options> - <option> - <name>XML</name> - <value>xml</value> - </option> - <option> - <name>LDAP</name> - <value>ldap</value> - </option> - <option> - <name>DB</name> - <value>db</value> - </option> - </options> - </field> - <field> - <name>Backend</name> - <type>select</type> - <donotdisable>true</donotdisable> - <bindstofield>installedpackages->authng->config->backend</bindstofield> - <options> - <option> - <name>htpasswd</name> - <value>htpasswd</value> - </option> - <option> - <name>PAM</name> - <value>pam</value> - </option> - <option> - <name>Radius</name> - <value>radius</value> - </option> - <option> - <name>passwd</name> - <value>passwd</value> - </option> - <option> - <name>LDAP</name> - <value>ldap</value> - </option> - </options> - </field> - <field> - <name>AuthenticationMethod</name> - <type>select</type> - <donotdisable>true</donotdisable> - <bindstofield>installedpackages->authng->config->auth_method</bindstofield> - <options> - <option> - <name>Session</name> - <value>session</value> - </option> - <option> - <name>Basic</name> - <value>basic</value> - </option> - </options> - </field> - </fields -</step> -<step> - <id>3</id> - <title>Time Server Information</title> - <description>Please enter the time, date and time zone.</description> - <fields> - <field> - <name>Time server dns name</name> - <description>Enter the name of the time server.</description> - <type>input</type> - <bindstofield>system->timeservers</bindstofield> - </field> - <field> - <name>Timezone</name> - <type>timezone_select</type> - <bindstofield>system->timezone</bindstofield> - </field> - <field> - <name>Next</name> - <type>submit</type> - </field> - </fields> -</step> -<step> - <id>4</id> - <disableallfieldsbydefault>true</disableallfieldsbydefault> - <title>Configure WAN Interface</title> - <description>On this screen we will configure the Wide Area Network information.</description> - <javascriptafterformdisplay> - var selectedItem = 0; - if(document.forms[0].ipaddress.value == 'dhcp') { - selectedItem = 1; - document.forms[0].ipaddress.value = ''; - } else if(document.forms[0].ipaddress.value == 'PPPoE') { - selectedItem = 2; - document.forms[0].ipaddress.value = ''; - } else if(document.forms[0].ipaddress.value == 'PPTP') { - selectedItem = 3; - document.forms[0].ipaddress.value = ''; - } else if(document.forms[0].ipaddress.value == 'BigPond') { - selectedItem = 4; - document.forms[0].ipaddress.value = ''; - } else { - selectedItem = 0; - } - document.forms[0].selectedtype.selectedIndex = selectedItem; - enableitems(selectedItem); - </javascriptafterformdisplay> - <fields> - <field> - <name>SelectedType</name> - <type>select</type> - <donotdisable>true</donotdisable> - <options> - <option> - <name>Static</name> - <value>Static</value> - <enablefields>ipaddress,subnetmask,gateway</enablefields> - </option> - <option> - <name>DHCP</name> - <value>dhcp</value> - <enablefields>dhcphostname</enablefields> - </option> - <option> - <name>PPPoE</name> - <value>pppoe</value> - <enablefields>pppoeusername,pppoepassword,pppoeservicename,pppoedialondemand,pppoeidletimeout</enablefields> - </option> - <option> - <name>PPTP</name> - <value>pptp</value> - <enablefields>pptpusername,pptppassword,pptplocalipaddress,pptplocalsubnet,pptpremoteipaddress,pptpdialondemand,pptpidletimeout - </enablefields> - </option> - <option> - <name>BigPond</name> - <value>bigpond</value> - <enablefields>bigpondusername,bigpondpassword,bigpondauthenticationserver,bigpondauthenticationdomain,bigpondminheartbeatinterval</enablefields> - </option> - </options> - </field> - <field> - <name>General configuration</name> - <type>listtopic</type> - </field> - <field> - <donotdisable>true</donotdisable> - <name>MAC Address</name> - <bindstofield>interfaces->wan->spoofmac</bindstofield> - <type>input</type> - <description> This field can be used to modify ("spoof") the MAC address of the WAN interface (may be required with some cable connections) Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx or leave blank</description> - </field> - <field> - <donotdisable>true</donotdisable> - <name>MTU</name> - <type>input</type> - <bindstofield>interfaces->wan->mtu</bindstofield> - <description> If you enter a value in this field, then MSS clamping for TCP connections to the value entered above minus 40 (TCP/IP header size) will be in effect. If you leave this field blank, an MTU of 1492 bytes for PPPoE and 1500 bytes for all other connection types will be assumed.</description> - </field> - <field> - <name>Static IP Configuration</name> - <type>listtopic</type> - </field> - <field> - <name>IP Address</name> - <bindstofield>interfaces->wan->ipaddr</bindstofield> - <type>input</type> - <typehint> / </typehint> - <combinefieldsbegin>true</combinefieldsbegin> - </field> - <field> - <combinefieldsend>true</combinefieldsend> - <dontdisplayname>true</dontdisplayname> - <dontcombinecells>true</dontcombinecells> - <name>Subnet Mask</name> - <bindstofield>interfaces->wan->subnet</bindstofield> - <type>subnet_select</type> - </field> - <field> - <name>Gateway</name> - <bindstofield>interfaces->wan->gateway</bindstofield> - <type>input</type> - </field> - <field> - <name>DHCP client configuration</name> - <type>listtopic</type> - </field> - <field> - <name>DHCP Hostname</name> - <type>input</type> - <bindstofield>interfaces->wan->dhcphostname</bindstofield> - <description> The value in this field is sent as the DHCP client identifier and hostname when requesting a DHCP lease. Some ISPs may require this (for client identification).</description> - </field> - <field> - <name>PPPoE configuration</name> - <type>listtopic</type> - </field> - <field> - <name>PPPoE Username</name> - <type>input</type> - <bindstofield>pppoe->username</bindstofield> - </field> - <field> - <name>PPPoE Password</name> - <type>input</type> - <bindstofield>pppoe->password</bindstofield> - </field> - <field> - <name>PPPoE Service name</name> - <type>input</type> - <description>Hint: this field can usually be left empty</description> - </field> - <field> - <name>PPPoE Dial on demand</name> - <typehint>Enable Dial-On-Demand mode</typehint> - <type>checkbox</type> - <description>This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.</description> - </field> - <field> - <name>PPPoE Idle timeout</name> - <type>input</type> - <description>If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature.</description> - </field> - <field> - <name>PPTP configuration</name> - <type>listtopic</type> - </field> - <field> - <name>PPTP Username</name> - <type>input</type> - <bindstofield>pptp->username</bindstofield> - </field> - <field> - <name>PPTP Password</name> - <type>input</type> - <bindstofield>pptp->password</bindstofield> - </field> - <field> - <combinefieldsbegin>true</combinefieldsbegin> - <name>PPTP Local IP Address</name> - <type>input</type> - <typehint> / </typehint> - <bindstofield>pptp->local</bindstofield> - </field> - <field> - <combinefieldsend>true</combinefieldsend> - <dontdisplayname>true</dontdisplayname> - <dontcombinecells>true</dontcombinecells> - <name>pptplocalsubnet</name> - <bindstofield>pptp->subnet</bindstofield> - <type>subnet_select</type> - </field> - <field> - <name>PPTP Remote IP Address</name> - <bindstofield>pptp->remote</bindstofield> - <type>input</type> - </field> - <field> - <name>PPTP Dial on demand</name> - <typehint>Enable Dial-On-Demand mode</typehint> - <type>checkbox</type> - <description>This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.</description> - </field> - <field> - <name>PPTP Idle timeout</name> - <type>input</type> - <description>If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature.</description> - </field> - <field> - <name>BigPond configuration</name> - <type>listtopic</type> - </field> - <field> - <name>BigPond Username</name> - <type>input</type> - <bindstofield>bigpond->username</bindstofield> - </field> - <field> - <name>BigPond Password</name> - <type>input</type> - <bindstofield>bigpond->password</bindstofield> - </field> - <field> - <name>BigPond Authentication server</name> - <type>input</type> - <bindstofield>bigpond->authserver</bindstofield> - <description>If this field is left empty, the default ("dce-server") is used.</description> - </field> - <field> - <name>BigPond Authentication domain</name> - <type>input</type> - <bindstofield>bigpond->authdomain</bindstofield> - <description>If this field is left empty, the domain name assigned via DHCP will be used. Note: the BigPond client implicitly sets the "Allow DNS server list to be overridden by DHCP/PPP on WAN" on the System: General setup page.</description> - </field> - <field> - <name>BigPond min heartbeat interval</name> - <type>input</type> - <typehint>seconds</typehint> - <bindstofield>bigpond->minheartbeatinterval</bindstofield> - <description> Setting this to a sensible value (e.g. 60 seconds) can protect against DoS attacks.</description> - </field> - <field> - <name>RFC1918 Networks</name> - <type>listtopic</type> - </field> - <field> - <donotdisable>true</donotdisable> - <name>Block RFC1918 Private Networks</name> - <description> When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8). You should generally leave this option turned on, unless your WAN network lies in such a private address space, too.</description> - <type>checkbox</type> - <bindstofield>interfaces->wan->blockpriv</bindstofield> - <typehint>Block private networks from entering via WAN</typehint> - </field> - <field> - <name>Block bogon networks</name> - <type>listtopic</type> - </field> - <field> - <donotdisable>true</donotdisable> - <name>Block bogon networks</name> - <description>Block bogon networks when set, this option blocks traffic from IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA. Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive.</description> - <type>checkbox</type> - <bindstofield>interfaces->wan->blockbogons</bindstofield> - <typehint>Block non-Internet routed networks from entering via WAN</typehint> - </field> - <field> - <name>Next</name> - <type>submit</type> - </field> - </fields> - <stepsubmitbeforesave> - if($_POST['selectedtype'] == "Static") { } else { - $_POST['ipaddress'] = $_POST['selectedtype']; - $config['interfaces']['wan']['ipaddr'] = $_POST['selectedtype']; - write_config(); - } - </stepsubmitbeforesave> -</step> -<step> - <id>5</id> - <title>Configure LAN Interface</title> - <description>On this screen we will configure the Local Area Network information.</description> - <fields> - <field> - <name>LAN IP Address</name> - <type>input</type> - <bindstofield>interfaces->lan->ipaddr</bindstofield> - <description>Type dhcp if this interface uses dhcp to obtain its ip address.</description> - </field> - <field> - <name>Subnet Mask</name> - <type>subnet_select</type> - <bindstofield>interfaces->lan->subnet</bindstofield> - </field> - <field> - <name>Next</name> - <type>submit</type> - </field> - </fields> - <stepsubmitphpaction> - $ft = split("\.", $_POST['lanipaddress']); - $ft_ip = $ft[0] . "." . $ft[1] . "." . $ft[2] . "."; - $config['dhcpd']['lan']['range']['from'] = $ft_ip . "10"; - $highestip = gen_subnet_max($_POST['lanipaddress'], $config['interfaces']['lan']['subnet']); - $hi = split("\.", $highestip); - $highestip = $hi[3]-10; - $config['dhcpd']['lan']['range']['to'] = $ft_ip . $highestip; - </stepsubmitphpaction> -</step> -<step> - <id>6</id> - <title>Set Admin WebGUI Password</title> - <description>On this screen we will set the Admin password which is used to access the WebGUI and also SSH services if you wish to enable.</description> - <fields> - <field> - <name>Admin Password</name> - <type>password</type> - </field> - <field> - <name>Admin Password AGAIN</name> - <type>password</type> - </field> - <field> - <name>Next</name> - <type>submit</type> - </field> - </fields> - <stepsubmitphpaction> - if($_POST['adminpassword'] != "") { - if($_POST['adminpassword'] == $_POST['adminpasswordagain']) { - $fd = popen("/usr/sbin/pw usermod -n root -H 0", "w"); - $salt = md5(time()); - $crypted_pw = crypt($_POST['adminpassword'],$salt); - fwrite($fd, $crypted_pw); - pclose($fd); - $config['system']['password'] = crypt($_POST['adminpassword']); - write_config(); - system_password_configure(); - } else { - print_info_box_np("Passwords do not match! Please press back in your browser window and correct."); - die; - } - } - </stepsubmitphpaction> -</step> -<step> - <id>7</id> - <title>Reload configuration</title> - <disableheader>true</disableheader> - <description>Click 'Reload' to reload pfSense with new changes. If you changed the password, pfSense will ask you to log in again.</description> - <fields> - <field> - <name>Reload</name> - <type>submit</type> - </field> - </fields> -</step> -<step> - <id>8</id> - <title>Reload in progress</title> - <description>A reload is now in progress. Please wait. <p> The system will automatically try to access $myurl in 120 seconds. <p> You can click on the icon above to access the site more quickly. - <meta http-equiv="refresh" content="60; url=$myurl" ></description> - <stepafterformdisplay> - reload_all(); - </stepafterformdisplay> -</step> -</pfsensewizard> diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc index 0286ffec..313cc1ac 100644 --- a/config/autoconfigbackup/autoconfigbackup.inc +++ b/config/autoconfigbackup/autoconfigbackup.inc @@ -29,8 +29,8 @@ require_once("filter.inc"); require_once("notices.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) require_once("crypt_acb.php"); // Plugin moved to save only @@ -86,8 +86,8 @@ function test_connection($post) { // Populate available backups $curl_session = curl_init(); - curl_setopt($curl_session, CURLOPT_USERPWD, "{$username}:{$password}"); curl_setopt($curl_session, CURLOPT_URL, $get_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -148,7 +148,7 @@ function upload_config($reasonm = "") { $encryptpw = $config['installedpackages']['autoconfigbackup']['config'][0]['crypto_password']; // Define upload_url, must be present after other variable definitions due to username, password - $upload_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/backup.php"; + $upload_url = "https://portal.pfsense.org/pfSconfigbackups/backup.php"; if(!$username or !$password or !$encryptpw) { if(!file_exists("/cf/conf/autoconfigback.notice")) { @@ -192,9 +192,10 @@ function upload_config($reasonm = "") { $fields_string .= $key.'='.$value.'&'; rtrim($fields_string,'&'); - // Check configuration into the BSDP repo + // Check configuration into the ESF repo $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $upload_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, count($post_fields)); curl_setopt($curl_session, CURLOPT_POSTFIELDS, $fields_string); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php index 5ebe8e20..20f5f741 100644 --- a/config/autoconfigbackup/autoconfigbackup.php +++ b/config/autoconfigbackup/autoconfigbackup.php @@ -29,8 +29,8 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) require("crypt_acb.php"); // Seperator used during client / server communications @@ -46,13 +46,13 @@ $username = $config['installedpackages']['autoconfigbackup']['config'][0]['use $password = $config['installedpackages']['autoconfigbackup']['config'][0]['password']; // URL to restore.php -$get_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php"; +$get_url = "https://portal.pfsense.org/pfSconfigbackups/restore.php"; // URL to stats -$stats_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/showstats.php"; +$stats_url = "https://portal.pfsense.org/pfSconfigbackups/showstats.php"; // URL to delete.php -$del_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php"; +$del_url = "https://portal.pfsense.org/pfSconfigbackups/delete.php"; // Set hostname if($_REQUEST['hostname']) @@ -79,10 +79,11 @@ else include("head.inc"); function get_hostnames() { - global $stats_url, $username, $oper_sep; + global $stats_url, $username, $password, $oper_sep; // Populate available backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $stats_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -114,7 +115,7 @@ function get_hostnames() { <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> <?php include("fbegin.inc"); - if(strstr($pfSversion, "1.2")) + if ($pf_version < 2.0) echo "<p class=\"pgtitle\">{$pgtitle}</p>"; if($savemsg) { echo "<div id='savemsg'>"; @@ -157,6 +158,7 @@ function get_hostnames() { if($_REQUEST['rmver'] != "") { $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $del_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -183,6 +185,7 @@ function get_hostnames() { // Phone home and obtain backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $get_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -191,7 +194,7 @@ function get_hostnames() { "&revision=" . urlencode($_REQUEST['newver'])); $data = curl_exec($curl_session); $data_split = split("\+\+\+\+", $data); - $sha256 = $data_split[0]; // sha256 + $sha256 = trim($data_split[0]); // sha256 $data = $data_split[1]; if (!tagfile_deformat($data, $data, "config.xml")) $input_errors[] = "The downloaded file does not appear to contain an encrypted pfSense configuration."; @@ -246,6 +249,7 @@ EOF; // Phone home and obtain backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $get_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -297,6 +301,7 @@ EOF; // Populate available backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $get_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml index a7640f7e..0d324d8a 100644 --- a/config/autoconfigbackup/autoconfigbackup.xml +++ b/config/autoconfigbackup/autoconfigbackup.xml @@ -34,10 +34,10 @@ */ ]]> </copyright> - <description>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org</description> - <requirements>pfSense Premium Support Portal</requirements> + <description>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires Gold or Support Subscription from https://portal.pfsense.org</description> + <requirements>pfSense Portal subscription</requirements> <name>AutoConfigBackup</name> - <version>1.20</version> + <version>1.22</version> <title>Diagnostics: Auto Configuration Backup</title> <savetext>Change</savetext> <include_file>/usr/local/pkg/autoconfigbackup.inc</include_file> @@ -51,37 +51,37 @@ <additional_files_needed> <prefix>/usr/local/pkg/write_config/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/autoconfigbackup/parse_config_upload.inc</item> + <item>https://packages.pfsense.org/packages/config/autoconfigbackup/parse_config_upload.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup.php</item> + <item>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup.inc</item> + <item>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/etc/inc/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/autoconfigbackup/crypt_acb.php</item> + <item>https://packages.pfsense.org/packages/config/autoconfigbackup/crypt_acb.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup_backup.php</item> + <item>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup_backup.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/write_config/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/autoconfigbackup/parse_config_upload.php</item> + <item>https://packages.pfsense.org/packages/config/autoconfigbackup/parse_config_upload.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup_stats.php</item> + <item>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup_stats.php</item> </additional_files_needed> <tabs> <tab> @@ -122,7 +122,7 @@ </field> <field> <fielddescr>Encryption Password</fielddescr> - <description>This password will be used to encrypt config.xml before sending to portal.pfsense.org. Do not share the password and keep it safe!</description> + <description>This password will be used to encrypt config.xml before uploading. We recommend not setting this to the same thing as your portal.pfsense.org account. Keep record of this password in a safe place - without it, your configurations will be impossible to restore.</description> <fieldname>crypto_password</fieldname> <type>password</type> </field> diff --git a/config/autoconfigbackup/autoconfigbackup_backup.php b/config/autoconfigbackup/autoconfigbackup_backup.php index 47336c27..a65fba4d 100644 --- a/config/autoconfigbackup/autoconfigbackup_backup.php +++ b/config/autoconfigbackup/autoconfigbackup_backup.php @@ -31,32 +31,11 @@ require("globals.inc"); require("guiconfig.inc"); require("/usr/local/pkg/autoconfigbackup.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) require("crypt_acb.php"); -// Seperator used during client / server communications -$oper_sep = "\|\|"; - -// Encryption password -$decrypt_password = $config['installedpackages']['autoconfigbackup']['config'][0]['crypto_password']; - -// Defined username -$username = $config['installedpackages']['autoconfigbackup']['config'][0]['username']; - -// Defined password -$password = $config['installedpackages']['autoconfigbackup']['config'][0]['password']; - -// URL to restore.php -$get_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php"; - -// URL to delete.php -$del_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php"; - -// Set hostname -$hostname = $config['system']['hostname'] . "." . $config['system']['domain']; - -if(!$username) { +if(!$config['installedpackages']['autoconfigbackup']['config'][0]['username']) { Header("Location: /pkg_edit.php?xml=autoconfigbackup.xml&id=0&savemsg=Please+setup+Auto+Config+Backup"); exit; } @@ -84,7 +63,7 @@ include("head.inc"); <div id='maincontent'> <?php include("fbegin.inc"); - if(strstr($pfSversion, "1.2")) + if ($pf_version < 2.0) echo "<p class=\"pgtitle\">{$pgtitle}</p>"; if($savemsg) { print_info_box($savemsg); diff --git a/config/autoconfigbackup/autoconfigbackup_stats.php b/config/autoconfigbackup/autoconfigbackup_stats.php index c024d689..b991e3d3 100644 --- a/config/autoconfigbackup/autoconfigbackup_stats.php +++ b/config/autoconfigbackup/autoconfigbackup_stats.php @@ -31,8 +31,8 @@ require("globals.inc"); require("guiconfig.inc"); require("/usr/local/pkg/autoconfigbackup.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) require("crypt_acb.php"); // Seperator used during client / server communications @@ -48,13 +48,13 @@ $username = $config['installedpackages']['autoconfigbackup']['config'][0]['use $password = $config['installedpackages']['autoconfigbackup']['config'][0]['password']; // URL to restore.php -$get_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php"; +$get_url = "https://portal.pfsense.org/pfSconfigbackups/restore.php"; // URL to delete.php -$del_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php"; +$del_url = "https://portal.pfsense.org/pfSconfigbackups/delete.php"; // URL to stats.php -$stats_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/showstats.php"; +$stats_url = "https://portal.pfsense.org/pfSconfigbackups/showstats.php"; // Set hostname $hostname = $config['system']['hostname'] . "." . $config['system']['domain']; @@ -67,6 +67,7 @@ if(!$username) { if($_REQUEST['delhostname']) { $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $del_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 2); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -96,7 +97,7 @@ include("head.inc"); <div id='maincontent'> <?php include("fbegin.inc"); - if(strstr($pfSversion, "1.2")) + if ($pf_version < 2.0) echo "<p class=\"pgtitle\">{$pgtitle}</p>"; if($savemsg) { print_info_box($savemsg); @@ -138,6 +139,7 @@ include("head.inc"); // Populate available backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $stats_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); diff --git a/config/autoconfigbackup/certs/gd-class2-root.crt b/config/autoconfigbackup/certs/gd-class2-root.crt deleted file mode 100644 index 42e8d1ee..00000000 --- a/config/autoconfigbackup/certs/gd-class2-root.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh -MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE -YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 -MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo -ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg -MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN -ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA -PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w -wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi -EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY -avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ -YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE -sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h -/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 -IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD -ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy -OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P -TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ -HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER -dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf -ReYNnyicsbkqWletNw+vHX/bvZ8= ------END CERTIFICATE----- diff --git a/config/autoconfigbackup/certs/gd_intermediate.crt b/config/autoconfigbackup/certs/gd_intermediate.crt deleted file mode 100644 index 33d97396..00000000 --- a/config/autoconfigbackup/certs/gd_intermediate.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx -ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g -RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw -MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH -QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j -b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j -b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H -KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm -VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR -SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT -cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ -6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu -MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS -kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB -BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f -BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv -c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH -AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG -OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU -A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o -0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX -RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH -qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV -U+4= ------END CERTIFICATE-----
\ No newline at end of file diff --git a/config/avahi/avahi.xml b/config/avahi/avahi.xml index ef4fd961..d1e58bdc 100644 --- a/config/avahi/avahi.xml +++ b/config/avahi/avahi.xml @@ -85,27 +85,27 @@ <additional_files_needed> <prefix>/root/</prefix> <chmod>0755</chmod> - <item>http://files.pfsense.org/packages/avahi/avahi.tar.gz</item> + <item>https://files.pfsense.org/packages/avahi/avahi.tar.gz</item> </additional_files_needed> <additional_files_needed> <prefix>/root/</prefix> <chmod>0755</chmod> - <item>http://files.pfsense.org/packages/avahi/avahi8.tar.gz</item> + <item>https://files.pfsense.org/packages/avahi/avahi8.tar.gz</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/avahi/avahi.inc</item> + <item>https://packages.pfsense.org/packages/config/avahi/avahi.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/etc/avahi/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/avahi/services/ssh.service</item> + <item>https://packages.pfsense.org/packages/config/avahi/services/ssh.service</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/etc/avahi/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/avahi/services/sftp-ssh.service</item> + <item>https://packages.pfsense.org/packages/config/avahi/services/sftp-ssh.service</item> </additional_files_needed> <custom_php_resync_config_command> avahi_sync(); diff --git a/config/backup/backup.xml b/config/backup/backup.xml index 8f26e3de..1ed9c46e 100644 --- a/config/backup/backup.xml +++ b/config/backup/backup.xml @@ -67,22 +67,22 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/backup/backup.xml</item> + <item>https://packages.pfsense.org/packages/config/backup/backup.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/backup/backup.inc</item> + <item>https://packages.pfsense.org/packages/config/backup/backup.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/backup/backup.tmp</item> + <item>https://packages.pfsense.org/packages/config/backup/backup.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/backup/backup_edit.tmp</item> + <item>https://packages.pfsense.org/packages/config/backup/backup_edit.tmp</item> </additional_files_needed> <fields> <field> diff --git a/config/bacula-client/bacula-client.xml b/config/bacula-client/bacula-client.xml index c79a5a0c..8deb459a 100644 --- a/config/bacula-client/bacula-client.xml +++ b/config/bacula-client/bacula-client.xml @@ -53,17 +53,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/bacula-client/bacula-client.inc</item> + <item>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/bacula-client/bacula-client_fd.xml</item> + <item>https://packages.pfsense.org/packages/config/bacula-client/bacula-client_fd.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/bacula-client/bacula-client_view_config.php</item> + <item>https://packages.pfsense.org/packages/config/bacula-client/bacula-client_view_config.php</item> </additional_files_needed> <menu> <name>Bacula-client</name> diff --git a/config/bacula-client/bacula-client_view_config.php b/config/bacula-client/bacula-client_view_config.php index 021e1c15..305bcb83 100644 --- a/config/bacula-client/bacula-client_view_config.php +++ b/config/bacula-client/bacula-client_view_config.php @@ -1,7 +1,7 @@ <?php /* bacula-client_view_config.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2012 M�rcio Carlos Ant�o All rights reserved. @@ -30,11 +30,10 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) define('BACULA_LOCALBASE', '/usr/pbi/bacula-' . php_uname("m")); else diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index 44a33bac..7f0f12fe 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -77,7 +77,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0677</chmod> - <item>http://www.pfsense.com/packages/config/bandwidthd/bandwidthd.inc</item> + <item>https://packages.pfsense.org/packages/config/bandwidthd/bandwidthd.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/bind/bind.inc b/config/bind/bind.inc index ff3728fb..17d171d1 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -43,7 +43,7 @@ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) define('BIND_LOCALBASE', '/usr/pbi/bind-' . php_uname("m")); else - define('BIND_LOCALBASE','/usr/local'); + define('BIND_LOCALBASE','/usr/local'); define('CHROOT_LOCALBASE','/cf/named'); @@ -95,8 +95,7 @@ function bind_zone_validate($post, $input_errors){ } } - function bind_sync(){ - +function bind_sync(){ global $config; conf_mount_rw(); //create rndc @@ -164,8 +163,8 @@ EOD; } //check ips to listen on if (preg_match("/All/",$bind['listenon'])){ - $bind_listenonv6="Any;"; - $bind_listenon="Any;"; + $bind_listenonv6="any;"; + $bind_listenon="any;"; } else{ $bind_listenonv6=""; @@ -198,10 +197,10 @@ EOD; if ($bind_notify == on) $bind_conf .="\t\tnotify yes;\n"; if ($hide_version == on) - $bind_conf .="\t\tversion \"N/A\";\n"; + $bind_conf .="\t\tversion none;\n"; - $bind_conf .="\t\t$custom_options\n"; - $bind_conf .= "\t};\n\n"; + $bind_conf .= preg_replace("/^/m","\t\t",$custom_options); + $bind_conf .= "\n\t};\n\n"; if ($bind_logging == on){ //check if bind is included on syslog @@ -209,8 +208,9 @@ EOD; $restart_syslog=0; foreach ($syslog_files as $syslog_file){ $syslog_file_data=file_get_contents($syslog_file); - if (!preg_match("/dnsmasq,named,filterdns/",$syslog_file_data)){ + if ( !preg_match("/dnsmasq,named,filterdns/",$syslog_file_data) || !preg_match("/'dnsmasq','named','filterdns'/",$syslog_file_data) ) { $syslog_file_data=preg_replace("/dnsmasq,filterdns/","dnsmasq,named,filterdns",$syslog_file_data); + $syslog_file_data=preg_replace("/'dnsmasq','filterdns'/","'dnsmasq','named','filterdns'",$syslog_file_data); file_put_contents($syslog_file,$syslog_file_data); $restart_syslog++; } @@ -244,15 +244,22 @@ EOD; #Config Zone domain if(!is_array($config["installedpackages"]["bindacls"]) || !is_array($config["installedpackages"]["bindacls"]["config"])){ - $config["installedpackages"]["bindacls"]["config"][] =array("name"=>"any","description"=>"Default Access list","row" => array("value"=> "","description"=>"")); - write_config("Create Default bind acl 'Any'"); + $config["installedpackages"]["bindacls"]["config"][] = + array("name"=>"none","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); + $config["installedpackages"]["bindacls"]["config"][] = + array("name"=>"any","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); + $config["installedpackages"]["bindacls"]["config"][] = + array("name"=>"localhost","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); + $config["installedpackages"]["bindacls"]["config"][] = + array("name"=>"localnets","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); + write_config("Create BIND Built-in ACLs"); } $bindacls = $config["installedpackages"]["bindacls"]["config"]; for ($i=0; $i<sizeof($bindacls); $i++) { $aclname = $bindacls[$i]['name']; $aclhost = $bindacls[$i]['row']; - if($aclname != "any"){ + if($aclname != "none" && $aclname != "any" && $aclname != "localhost" && $aclname != "localnets"){ $bind_conf .= "acl \"$aclname\" {\n"; for ($u=0; $u<sizeof($aclhost); $u++) { @@ -438,14 +445,46 @@ EOD; $zone_conf .= "$hostname \t IN $hosttype $hostvalue \t$hostdst\n"; } - if (($zone[regdhcpstatic] == 'on') && is_array($config['dhcpd'])) { - foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) - if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) - foreach ($dhcpifconf['staticmap'] as $host) - if ($host['ipaddr'] && $host['hostname']) { + + # Register DHCP static mappings + if (($zone[regdhcpstatic] == 'on') && is_array($config['dhcpd'])) { + $zoneparts = array_reverse(explode('.',$zonename)); + foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { + if (!isset($dhcpifconf['enable']) || !is_array($dhcpifconf['staticmap'])) { + continue; + } + foreach ($dhcpifconf['staticmap'] as $host) { + if (is_domain($host['domain'])) { + $domain = $host['domain']; + } elseif (is_domain($dhcpifconf['domain'])) { + $domain = $dhcpifconf['domain']; + } elseif (is_domain($config['system']['domain'])) { + $domain = $config['system']['domain']; + } else { + continue; + } + if (!is_hostname($host['hostname']) || !is_ipaddr($host['ipaddr'])) { + continue; + } + if ($zonereverso == "on") { + $parts = explode('.',$host['ipaddr']); + $intersect = array_intersect_assoc($parts,$zoneparts); + if (count($zoneparts) == count($intersect)) { + $diff = array_diff_assoc($parts,$zoneparts); + $shortaddr = implode('.',array_reverse($diff)); + $zone_conf .= "{$shortaddr}\tIN PTR\t{$host['hostname']}.{$domain}.\n"; + } + } else { + $parts = array_reverse(explode('.',$domain)); + $diff = array_diff_assoc($parts,$zoneparts); + if (count($diff) == 0) { $zone_conf .= "{$host['hostname']}\tIN A\t{$host['ipaddr']}\n"; - } - } + } + } + } + } + } + if ($zone['customzonerecords']!=""){ $zone_conf .= "\n\n;\n;custom zone records\n;\n".base64_decode($zone['customzonerecords'])."\n"; } diff --git a/config/bind/bind.widget.php b/config/bind/bind.widget.php index 490ded9b..dc6b3bf0 100644 --- a/config/bind/bind.widget.php +++ b/config/bind/bind.widget.php @@ -1,7 +1,7 @@ <?php /* Copyright 2013 Marcello Coutinho - Part of bind package for pfSense(www.pfsense.com) + Part of bind package for pfSense(www.pfsense.org) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/config/bind/bind.xml b/config/bind/bind.xml index 76fdf523..beb96589 100644 --- a/config/bind/bind.xml +++ b/config/bind/bind.xml @@ -91,42 +91,42 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/bind/bind.xml</item> + <item>https://packages.pfsense.org/packages/config/bind/bind.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/bind/bind_views.xml</item> + <item>https://packages.pfsense.org/packages/config/bind/bind_views.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/bind/bind_zones.xml</item> + <item>https://packages.pfsense.org/packages/config/bind/bind_zones.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/bind/bind_acls.xml</item> + <item>https://packages.pfsense.org/packages/config/bind/bind_acls.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/bind/bind.inc</item> + <item>https://packages.pfsense.org/packages/config/bind/bind.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/bind/bind_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/bind/bind_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/bind/pkg_bind.inc</item> + <item>https://packages.pfsense.org/packages/config/bind/pkg_bind.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/bind/bind.widget.php</item> + <item>https://packages.pfsense.org/packages/config/bind/bind.widget.php</item> </additional_files_needed> <fields> <field> @@ -160,7 +160,7 @@ <field> <fielddescr>Hide Version</fielddescr> <fieldname>bind_hide_version</fieldname> - <description>Hide the version of BIND, this prevents discover the version of our servers, use any exploit that exploits a vulnerability in Bind.</description> + <description>Hide the version of BIND (do not process queries to version.bind at all). This makes it more difficult to exploit the server.</description> <type>checkbox</type> </field> <field> diff --git a/config/bind/bind_acls.xml b/config/bind/bind_acls.xml index b8d10158..dbd9e29d 100644 --- a/config/bind/bind_acls.xml +++ b/config/bind/bind_acls.xml @@ -108,7 +108,7 @@ <type>input</type> </field> <field> - <fielddescr>Enter IP or range bloc network.</fielddescr> + <fielddescr>Enter IP or range block network.</fielddescr> <description>Leave blank to allow All</description> <fieldname>none</fieldname> <type>rowhelper</type> diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index be4da9cf..3506df63 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -126,7 +126,7 @@ <fieldname>name</fieldname> <description><![CDATA[Enter the name for zone (ex:mydomain.com)<br> For reverse zones, include zone ip in reverse order or following your provider instructions.(Ex: 1.168.192)<br> - IN-ADDR.ARPA will be automaticaly included on conf files when reveser zone option is checked.]]></description> + IN-ADDR.ARPA will be automaticaly included on conf files when reverse zone option is checked.]]></description> <type>input</type> <required/> </field> diff --git a/config/blinkled/blinkled.xml b/config/blinkled/blinkled.xml index d1141dbd..fb0965c9 100644 --- a/config/blinkled/blinkled.xml +++ b/config/blinkled/blinkled.xml @@ -12,7 +12,7 @@ <url>/pkg_edit.php?xml=blinkled.xml</url> </menu> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/blinkled/blinkled.inc</item> + <item>https://packages.pfsense.org/packages/config/blinkled/blinkled.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/blinkled8/blinkled.xml b/config/blinkled8/blinkled.xml index 5fb5ff7c..475e88fc 100644 --- a/config/blinkled8/blinkled.xml +++ b/config/blinkled8/blinkled.xml @@ -12,14 +12,14 @@ <url>/pkg_edit.php?xml=blinkled.xml&id=0</url> </menu> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/blinkled8/blinkled.inc</item> + <item>https://packages.pfsense.org/packages/config/blinkled8/blinkled.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/blinkled8/binaries/blinkled</item> + <item>https://packages.pfsense.org/packages/config/blinkled8/binaries/blinkled</item> </additional_files_needed> <service> <name>blinkled</name> diff --git a/config/bsdstats/bsdstats.xml b/config/bsdstats/bsdstats.xml index d66d6f58..e2cc4393 100644 --- a/config/bsdstats/bsdstats.xml +++ b/config/bsdstats/bsdstats.xml @@ -58,7 +58,7 @@ <additional_files_needed> <prefix>/usr/bin/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/bsdstats/bin/dig</item> + <item>https://packages.pfsense.org/packages/config/bsdstats/bin/dig</item> </additional_files_needed> <custom_php_install_command> system("/bin/mkdir -p /usr/local/etc/periodic/monthly/"); diff --git a/config/checkmk-agent/checkmk.xml b/config/checkmk-agent/checkmk.xml index 6f458a1d..120b6634 100644 --- a/config/checkmk-agent/checkmk.xml +++ b/config/checkmk-agent/checkmk.xml @@ -47,12 +47,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/checkmk-agent/checkmk.inc</item> + <item>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/checkmk-agent/checkmk_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk_sync.xml</item> </additional_files_needed> <menu> <name>Check_mk Agent</name> diff --git a/config/clamav.xml b/config/clamav.xml index 465c635a..94f8c74f 100644 --- a/config/clamav.xml +++ b/config/clamav.xml @@ -68,7 +68,7 @@ <description>A daemon that periodically updates the ClamAV virus database.</description> </service> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/clamav.inc</item> + <item>https://packages.pfsense.org/packages/config/clamav.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/countryblock/countryblock.inc b/config/countryblock/countryblock.inc index 5451b4bf..dc7bffd3 100644 --- a/config/countryblock/countryblock.inc +++ b/config/countryblock/countryblock.inc @@ -139,7 +139,7 @@ function deinstall_command_cb() exec("rm /usr/local/pkg/pf/countryblock.sh"); exec("pfctl -t countryblock -T kill"); exec("sed -i -e '/countryblock/d' /tmp/rules.debug"); - exec("pfctl -o basic -f /tmp/rules.debug"); + exec("pfctl -f /tmp/rules.debug"); conf_mount_ro(); } diff --git a/config/countryblock/countryblock.xml b/config/countryblock/countryblock.xml index 146918d3..b7336e98 100644 --- a/config/countryblock/countryblock.xml +++ b/config/countryblock/countryblock.xml @@ -39,7 +39,7 @@ </copyright> <description>Country Block</description> <requirements>Active Internet</requirements> - <faq>http://forum.pfsense.org/index.php/topic,25732.0.html</faq> + <faq>https://forum.pfsense.org/index.php/topic,25732.0.html</faq> <name>Country Block Settings</name> <version>0.2.4</version> <title>Settings</title> @@ -62,112 +62,112 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/countryblock.xml</item> + <item>https://packages.pfsense.org/packages/config/countryblock/countryblock.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/countryblock.inc</item> + <item>https://packages.pfsense.org/packages/config/countryblock/countryblock.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/interfaces.txt</item> + <item>https://packages.pfsense.org/packages/config/countryblock/interfaces.txt</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/countryblock.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/countryblock.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/execute.sh</item> + <item>https://packages.pfsense.org/packages/config/countryblock/execute.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/countryblock.sh</item> + <item>https://packages.pfsense.org/packages/config/countryblock/countryblock.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/index.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/index.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/ddaccordion.js</item> + <item>https://packages.pfsense.org/packages/config/countryblock/ddaccordion.js</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/jquery.min.js</item> + <item>https://packages.pfsense.org/packages/config/countryblock/jquery.min.js</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/public_smo_scripts.js</item> + <item>https://packages.pfsense.org/packages/config/countryblock/public_smo_scripts.js</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/titlebar.png</item> + <item>https://packages.pfsense.org/packages/config/countryblock/titlebar.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/titlebar-active.png</item> + <item>https://packages.pfsense.org/packages/config/countryblock/titlebar-active.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/purge.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/purge.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/whitelist.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/whitelist.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/countryblock_if.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/countryblock_if.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/firewall_shaper.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/firewall_shaper.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/help.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/help.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/settings.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/settings.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/class.phpmailer.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/class.phpmailer.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/class.smtp.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/class.smtp.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/email.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/email.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/countryblock/countryblock_IPBlocklist.widget.tmp</item> + <item>https://packages.pfsense.org/packages/config/countryblock/countryblock_IPBlocklist.widget.tmp</item> </additional_files_needed> <fields> <field> diff --git a/config/countryblock/countryblock_IPBlocklist.widget.tmp b/config/countryblock/countryblock_IPBlocklist.widget.tmp index 0ad1573b..59911f5a 100644 --- a/config/countryblock/countryblock_IPBlocklist.widget.tmp +++ b/config/countryblock/countryblock_IPBlocklist.widget.tmp @@ -1,7 +1,7 @@ <?php /* Copyright 2012 Thomas Schaefer - Tomschaefer.org - Part of pfSense widgets (www.pfsense.com) + Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/config/countryblock/help.tmp b/config/countryblock/help.tmp index 2f466947..577a7f49 100644 --- a/config/countryblock/help.tmp +++ b/config/countryblock/help.tmp @@ -91,7 +91,7 @@ To run countryblock as a cron job use /usr/local/etc/rc.d/countryblock.sh <br> <span style="color:red">Warning!</span> - Apply after every firewall change or state reset. Use at your own risk. ---> -<a href="http://doc.pfsense.org/index.php/Country_Block">Please see wiki for help</a> or the <a href="http://forum.pfsense.org/index.php/topic,25732.0.html">Forum</a> +<a href="https://doc.pfsense.org/index.php/Country_Block">Please see wiki for help</a> or the <a href="https://forum.pfsense.org/index.php/topic,25732.0.html">Forum</a> </div> diff --git a/config/cron/cron.xml b/config/cron/cron.xml index 71e524b3..3376d9e0 100644 --- a/config/cron/cron.xml +++ b/config/cron/cron.xml @@ -68,27 +68,27 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/cron/cron.xml</item> + <item>https://packages.pfsense.org/packages/config/cron/cron.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/cron/cron.inc</item> + <item>https://packages.pfsense.org/packages/config/cron/cron.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/cron/cron.tmp</item> + <item>https://packages.pfsense.org/packages/config/cron/cron.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/cron/cron_edit.tmp</item> + <item>https://packages.pfsense.org/packages/config/cron/cron_edit.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/packages/cron/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/cron/index.php</item> + <item>https://packages.pfsense.org/packages/config/cron/index.php</item> </additional_files_needed> <fields> <field> diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index ad6e6482..0dd8ff99 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -87,6 +87,7 @@ function check_ca_hashes(){ $cert=0; } } + conf_mount_ro(); } } @@ -934,8 +935,8 @@ EOF; } else{ if ($dansguardian_blacklist['cron']=="force_download"){ - log_error("Blacklist udpate process started"); - file_notice("Dansguardian - Blacklist udpate process started",""); + log_error("Blacklist update process started"); + file_notice("Dansguardian - Blacklist update process started",""); file_put_contents("/root/dansguardian_custom.script",base64_decode($dansguardian_blacklist['custom_script']),LOCK_EX); if ($dansguardian_blacklist['enable_custom_script'] && $dansguardian_blacklist['custom_script'] != "") mwexec_bg("/root/dansguardian_custom.script"); @@ -1094,6 +1095,7 @@ EOF; conf_mount_rw(); write_config(); + #update cron if ($cron_found > 0){ $config['cron']=$new_cron; @@ -1180,8 +1182,8 @@ EOF; $script='/usr/local/etc/rc.d/dansguardian.sh'; unlink_if_exists('/usr/local/etc/rc.d/dansguardian'); if($config['installedpackages']['dansguardian']['config'][0]['enable']=="on"){ - copy('/usr/local/pkg/dansguardian_rc.template',$script); - chmod ($script,0755); + @copy('/usr/local/pkg/dansguardian_rc.template',$script); + @chmod ($script,0755); if (is_process_running('dansguardian')){ log_error('Reloading Dansguardian'); exec("/usr/local/sbin/dansguardian -r"); @@ -1195,13 +1197,12 @@ EOF; if (is_process_running('dansguardian')){ log_error('Dansguardian is disabled, stopping process...'); mwexec("$script stop"); - } - if (file_exists($script)) - chmod ($script,444); + } + @unlink($script); } if (!file_exists(DANSGUARDIAN_DIR . '/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8')) - file_put_contents(DANSGUARDIAN_DIR . '/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX); + @file_put_contents(DANSGUARDIAN_DIR . '/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX); #check ca certs hashes check_ca_hashes(); @@ -1299,7 +1300,7 @@ function dansguardian_php_deinstall_command() { if (file_exists("/usr/local/etc/rc.d/dansguardian.sh")){ conf_mount_rw(); - chmod ("/usr/local/etc/rc.d/dansguardian.sh",0444); + @unlink("/usr/local/etc/rc.d/dansguardian.sh"); conf_mount_ro(); } } diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml index e0cb58fd..55860775 100644 --- a/config/dansguardian/dansguardian.xml +++ b/config/dansguardian/dansguardian.xml @@ -59,137 +59,137 @@ <description><![CDATA[Award winning Open Source web content filter]]></description> </service> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian.inc</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian.php</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ldap.php</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_ldap.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ldap.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_ldap.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ips_header.template</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_ips_header.template</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_users_header.template</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_users_header.template</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_users_footer.template</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_users_footer.template</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_about.php</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_about.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_config.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_config.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_sync.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardianfx.conf.template</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardianfx.conf.template</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_url_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_url_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_site_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_site_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_search_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_search_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_pics_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_pics_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_phrase_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_phrase_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_log.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_log.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_header_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_header_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_groups.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_groups.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_file_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_file_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_content_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_content_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_blacklist.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_blacklist.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_antivirus_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_antivirus_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian.conf.template</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.conf.template</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/icapscan.conf.template</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/icapscan.conf.template</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_rc.template</item> + <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_rc.template</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/dansguardian/dansguardian_about.php b/config/dansguardian/dansguardian_about.php index b7834281..4cb47200 100755 --- a/config/dansguardian/dansguardian_about.php +++ b/config/dansguardian/dansguardian_about.php @@ -1,7 +1,7 @@ <?php /* dansguardian_about.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> All rights reserved. @@ -29,8 +29,8 @@ require_once("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "About: Dansguardian Package"; @@ -93,11 +93,11 @@ include("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td> - <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> + <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Donations ");?></td> - <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br><br> + <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br><br> If you want your donation to go to this package developer, make a note on the donation forwarding it to me.<br><br>");?></td> </tr> </table> diff --git a/config/dashboard/dashboard.xml b/config/dashboard/dashboard.xml index c09a2eda..5d8b59fc 100644 --- a/config/dashboard/dashboard.xml +++ b/config/dashboard/dashboard.xml @@ -52,12 +52,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/dashboard/dashboard.inc</item> + <item>https://packages.pfsense.org/packages/config/dashboard/dashboard.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://files.pfsense.org/packages/widgets.tgz</item> + <item>https://files.pfsense.org/packages/widgets.tgz</item> </additional_files_needed> <custom_php_install_command> dashboard_install(); diff --git a/config/denyhosts/denyhosts.inc b/config/denyhosts/denyhosts.inc index 8a862e01..37209715 100644 --- a/config/denyhosts/denyhosts.inc +++ b/config/denyhosts/denyhosts.inc @@ -38,7 +38,7 @@ function denyhosts_sync_package() } -// bounty: http://forum.pfsense.org/index.php/topic,15791.0/topicseen.html +// bounty: https://forum.pfsense.org/index.php/topic,15791.0/topicseen.html // pkg_add -r denyhosts // python /usr/local/share/denyhosts/denyhosts.py –file=/var/log/auth.log // /var/run/denyhosts.pid @@ -60,7 +60,7 @@ function denyhosts_install_command() exec("mkdir /usr/local/www/packages/denyhosts/"); } - exec("pkg_add -r http://files.pfsense.com/packages/security/denyhosts-2.5.tbz"); + exec("pkg_add -r https://files.pfsense.org/packages/security/denyhosts-2.5.tbz"); //misc files if (!is_dir('/usr/local/www/edit_area/')) { @@ -94,7 +94,7 @@ function denyhosts_install_command() exec ('touch /var/log/denyhosts'); } - $download_path = 'http://www.pfsense.com/packages/config/denyhosts/'; + $download_path = 'https://packages.pfsense.org/packages/config/denyhosts/'; //rename PHP files from .tmp to .php chdir('/tmp/'); diff --git a/config/denyhosts/denyhosts.xml b/config/denyhosts/denyhosts.xml index 53658a7a..720f1b95 100644 --- a/config/denyhosts/denyhosts.xml +++ b/config/denyhosts/denyhosts.xml @@ -68,7 +68,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/denyhosts/denyhosts.inc</item> + <item>https://packages.pfsense.org/packages/config/denyhosts/denyhosts.inc</item> </additional_files_needed> <adddeleteeditpagefields> <columnitem> diff --git a/config/developers/developers.xml b/config/developers/developers.xml index b6850d54..8b7ddb90 100644 --- a/config/developers/developers.xml +++ b/config/developers/developers.xml @@ -51,7 +51,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/~sullrich/extra/developer_pkg.tgz</item> + <item>https://www.pfsense.org/~sullrich/extra/developer_pkg.tgz</item> </additional_files_needed> <custom_php_install_command> update_status("Extracing Developers package contents... This will take a bit!"); diff --git a/config/diag_states_pt/diag_new_states.xml b/config/diag_states_pt/diag_new_states.xml index b8ea9dc3..0e4e6c7d 100644 --- a/config/diag_states_pt/diag_new_states.xml +++ b/config/diag_states_pt/diag_new_states.xml @@ -57,7 +57,7 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/diag_states_pt/diag_new_states.php</item> + <item>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.php</item> </additional_files_needed> <custom_php_deinstall_command> mwexec("rm /usr/local/www/diag_new_states.php"); diff --git a/config/dnsblacklist/dnsblacklist.xml b/config/dnsblacklist/dnsblacklist.xml index 52c59b35..75314810 100644 --- a/config/dnsblacklist/dnsblacklist.xml +++ b/config/dnsblacklist/dnsblacklist.xml @@ -62,22 +62,22 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dnsblacklist/dnsblacklist.xml</item> + <item>https://packages.pfsense.org/packages/config/dnsblacklist/dnsblacklist.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dnsblacklist/dnsblacklist.inc</item> + <item>https://packages.pfsense.org/packages/config/dnsblacklist/dnsblacklist.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dnsblacklist/dnsblacklist.tmp</item> + <item>https://packages.pfsense.org/packages/config/dnsblacklist/dnsblacklist.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://files.pfsense.org/packages/blacklists.tar.gz</item> + <item>https://files.pfsense.org/packages/blacklists.tar.gz</item> </additional_files_needed> <fields> <field> diff --git a/config/dnsmasq-edns/dnsmasq-edns.xml b/config/dnsmasq-edns/dnsmasq-edns.xml index 35bf2901..c63c828e 100644 --- a/config/dnsmasq-edns/dnsmasq-edns.xml +++ b/config/dnsmasq-edns/dnsmasq-edns.xml @@ -52,12 +52,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/dnsmasq-edns/dnsmasq-edns.inc</item> + <item>https://packages.pfsense.org/packages/config/dnsmasq-edns/dnsmasq-edns.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/dnsmasq-edns/dnsmasq-edns.patch</item> + <item>https://packages.pfsense.org/packages/config/dnsmasq-edns/dnsmasq-edns.patch</item> </additional_files_needed> <custom_php_install_command> dnsmasq_edns_install(); diff --git a/config/dyntables/pkg/dyntables.xml b/config/dyntables/pkg/dyntables.xml index 8a249966..8047b80b 100644 --- a/config/dyntables/pkg/dyntables.xml +++ b/config/dyntables/pkg/dyntables.xml @@ -83,7 +83,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dyntables/www/php/diag_dhcp_leases.php</item> + <item>https://packages.pfsense.org/packages/config/dyntables/www/php/diag_dhcp_leases.php</item> </additional_files_needed> <!-- | @@ -93,7 +93,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dyntables/www/js/dyntables.js</item> + <item>https://packages.pfsense.org/packages/config/dyntables/www/js/dyntables.js</item> </additional_files_needed> <!-- | @@ -103,12 +103,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dyntables/pkg/dyntables.inc</item> + <item>https://packages.pfsense.org/packages/config/dyntables/pkg/dyntables.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dyntables/pkg/dyntables_classdefs.inc</item> + <item>https://packages.pfsense.org/packages/config/dyntables/pkg/dyntables_classdefs.inc</item> </additional_files_needed> <!-- | @@ -118,7 +118,7 @@ <additional_files_needed> <prefix>/usr/local/lib/php/extensions/no-debug-non-zts-20020429/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dyntables/bin/json.so</item> + <item>https://packages.pfsense.org/packages/config/dyntables/bin/json.so</item> </additional_files_needed> <!-- fields gets invoked when the user adds or edits a item. The following items diff --git a/config/filemgr/filemgr.xml b/config/filemgr/filemgr.xml index 57f0e1f9..5c44ba13 100644 --- a/config/filemgr/filemgr.xml +++ b/config/filemgr/filemgr.xml @@ -29,7 +29,7 @@ </copyright> <description>PHP File Manager</description> <requirements>none</requirements> - <faq>http://forum.pfsense.org/index.php/topic,26974.0.html</faq> + <faq>https://forum.pfsense.org/index.php/topic,26974.0.html</faq> <name>File Manager</name> <version>0.1.2</version> <title>Settings</title> @@ -52,162 +52,162 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/filemgr.xml</item> + <item>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/filemgr.inc</item> + <item>https://packages.pfsense.org/packages/config/filemgr/filemgr.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/file_manager.tmp</item> + <item>https://packages.pfsense.org/packages/config/filemgr/file_manager.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/index.tmp</item> + <item>https://packages.pfsense.org/packages/config/filemgr/index.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/bg_footer.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/bg_footer.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/bg_header.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/bg_header.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/bg_page.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/bg_page.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/file_editor_bg.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/file_editor_bg.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/folder.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/folder.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/folder_go.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/folder_go.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/folder_up.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/folder_up.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/go.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/go.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_delete.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_delete.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_download.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_download.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_file.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_file.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_html.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_html.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_open_as_web.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_open_as_web.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_php.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_php.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_picture.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_picture.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_rename.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_rename.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_script_edit.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_script_edit.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_use_file.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_use_file.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_use_file_inactive.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_use_file_inactive.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/index.html</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/index.html</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/new.png</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/new.png</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/config.tmp</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/config.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/download.tmp</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/download.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/file_editor_style.css</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/file_editor_style.css</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/functions.tmp</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/functions.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/index.html</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/index.html</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/rename.tmp</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/rename.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/session.tmp</item> + <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/session.tmp</item> </additional_files_needed> <fields> <field> diff --git a/config/filer/filer.xml b/config/filer/filer.xml index 9196f889..ecb24bcd 100644 --- a/config/filer/filer.xml +++ b/config/filer/filer.xml @@ -49,12 +49,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filer/filer.inc</item> + <item>https://packages.pfsense.org/packages/config/filer/filer.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/filer/filer_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/filer/filer_sync.xml</item> </additional_files_needed> <menu> <name>Filer</name> diff --git a/config/freeradius.xml b/config/freeradius.xml index 86a3300f..20f6675b 100644 --- a/config/freeradius.xml +++ b/config/freeradius.xml @@ -119,17 +119,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0775</chmod> - <item>http://www.pfsense.org/packages/config/freeradiusclients.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradiusclients.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0775</chmod> - <item>http://www.pfsense.org/packages/config/freeradiussettings.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradiussettings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0775</chmod> - <item>http://www.pfsense.org/packages/config/freeradius.inc</item> + <item>https://packages.pfsense.org/packages/config/freeradius.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index 8e3105ef..13b4123a 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -111,57 +111,57 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradius.inc</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item> </additional_files_needed> <adddeleteeditpagefields> <columnitem> diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php index a1943653..bfabd7fa 100644 --- a/config/freeradius2/freeradius_view_config.php +++ b/config/freeradius2/freeradius_view_config.php @@ -1,7 +1,7 @@ <?php /* freeradius_view_config.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> based on postfix_view_config.php @@ -67,8 +67,8 @@ if ($_REQUEST['file']!=""){ get_file($_REQUEST['file']); } else{ - $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); - if(strstr($pfSversion, "1.2")) + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.0) $one_two = true; $pgtitle = "FreeRADIUS: View Configuration"; diff --git a/config/freeradius2/freeradiusauthorizedmacs.xml b/config/freeradius2/freeradiusauthorizedmacs.xml index 235d0218..05b5515a 100644 --- a/config/freeradius2/freeradiusauthorizedmacs.xml +++ b/config/freeradius2/freeradiusauthorizedmacs.xml @@ -111,57 +111,57 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradius.inc</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item> </additional_files_needed> <adddeleteeditpagefields> <columnitem> diff --git a/config/freeswitch/freeswitch.inc b/config/freeswitch/freeswitch.inc index 0c073487..3a2be3c2 100644 --- a/config/freeswitch/freeswitch.inc +++ b/config/freeswitch/freeswitch.inc @@ -3018,7 +3018,7 @@ function freeswitch_php_install_command() // $freebsd_version = "7.2"; //} - $download_path = 'http://www.pfsense.com/packages/config/freeswitch/'; + $download_path = 'https://packages.pfsense.org/packages/config/freeswitch/'; //exec("cd /tmp/;fetch ".$download_path."freeswitch.tgz"); //handled by freeswitch.xml exec("tar zxvf /tmp/freeswitch.tgz -C /usr/local/"); unlink_if_exists("/tmp/freeswitch.tgz"); diff --git a/config/freeswitch/freeswitch.xml b/config/freeswitch/freeswitch.xml index 1e815566..dc5cfc36 100644 --- a/config/freeswitch/freeswitch.xml +++ b/config/freeswitch/freeswitch.xml @@ -108,7 +108,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch.inc</item> + <item>https://packages.pfsense.org/packages/config/freeswitch/freeswitch.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/freeswitch_dev/freeswitch.xml b/config/freeswitch_dev/freeswitch.xml index 783b08cc..ed6f2320 100644 --- a/config/freeswitch_dev/freeswitch.xml +++ b/config/freeswitch_dev/freeswitch.xml @@ -103,7 +103,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/freeswitch_dev/v_config.inc</item> + <item>https://packages.pfsense.org/packages/config/freeswitch_dev/v_config.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/freeswitch_dev/v_config.inc b/config/freeswitch_dev/v_config.inc index 49e05642..67c9fce9 100644 --- a/config/freeswitch_dev/v_config.inc +++ b/config/freeswitch_dev/v_config.inc @@ -68,7 +68,7 @@ function v_settings() $config['installedpackages']['freeswitchsettings']['config'][0]['v_scripts_dir'] = '/usr/local/freeswitch/scripts'; $config['installedpackages']['freeswitchsettings']['config'][0]['v_storage_dir'] = '/usr/local/freeswitch/storage'; $config['installedpackages']['freeswitchsettings']['config'][0]['v_recordings_dir'] = '/usr/local/freeswitch/recordings'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_download_path'] = 'http://www.pfsense.com/packages/config/freeswitch_dev'; + $config['installedpackages']['freeswitchsettings']['config'][0]['v_download_path'] = 'https://packages.pfsense.org/packages/config/freeswitch_dev'; } //Update the settings diff --git a/config/gwled/gwled.xml b/config/gwled/gwled.xml index 35df41ee..4237454b 100644 --- a/config/gwled/gwled.xml +++ b/config/gwled/gwled.xml @@ -12,14 +12,14 @@ <url>/pkg_edit.php?xml=gwled.xml&id=0</url> </menu> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/gwled/gwled.inc</item> + <item>https://packages.pfsense.org/packages/config/gwled/gwled.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/gwled/gwled.php</item> + <item>https://packages.pfsense.org/packages/config/gwled/gwled.php</item> </additional_files_needed> <service> <name>gwled</name> diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 5e798dc2..1d85cc51 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -37,6 +37,7 @@ require_once("haproxy_xmlrpcsyncclient.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; +global $a_acltypes; $a_acltypes = array(); $a_acltypes["host_starts_with"] = array('name' => 'Host starts with', 'mode' => 'http', 'syntax' => 'hdr_beg(host) -i %1$s'); @@ -66,6 +67,7 @@ $a_acltypes["backendservercount"] = array('name' => 'Minimum count usable server $a_acltypes["ssl_sni_matches"] = array('name' => 'Server Name Indication TLS extension matches', 'mode' => 'https', 'syntax' => 'req_ssl_sni -i %1$s', 'advancedoptions' => "tcp-request inspect-delay 5s\n\ttcp-request content accept if { req_ssl_hello_type 1 }"); +global $a_checktypes; $a_checktypes = array(); $a_checktypes['none'] = array('name' => 'none', 'syntax' => '', 'descr' => 'No health checks will be performed.'); @@ -92,6 +94,7 @@ $a_checktypes['ESMTP'] = array('name' => 'ESMTP', 'syntax' => 'smtpchk EHLO', $a_checktypes['SSL'] = array('name' => 'SSL', 'syntax' => 'ssl-hello-chk', 'descr' => 'Use SSLv3 client hello health checks for server testing.'); +global $a_httpcheck_method; $a_httpcheck_method = array(); $a_httpcheck_method['OPTIONS'] = array('name' => 'OPTIONS', 'syntax' => 'OPTIONS'); $a_httpcheck_method['HEAD'] = array('name' => 'HEAD', 'syntax' => 'HEAD'); @@ -101,6 +104,7 @@ $a_httpcheck_method['PUT'] = array('name' => 'PUT', 'syntax' => 'PUT'); $a_httpcheck_method['DELETE'] = array('name' => 'DELETE', 'syntax' => 'DELETE'); $a_httpcheck_method['TRACE'] = array('name' => 'TRACE', 'syntax' => 'TRACE'); +global $a_closetypes; $a_closetypes = array(); $a_closetypes['none'] = array('name' => 'none', 'syntax' => '', 'descr' => 'No close headers will be changed.'); @@ -113,32 +117,156 @@ $a_closetypes['forceclose'] = array('name' => 'forceclose', 'syntax' => 'forcecl $a_closetypes['http-keep-alive'] = array('name' => 'http-keep-alive', 'syntax' => 'http-keep-alive', 'descr' => 'By default, when a client communicates with a server, HAProxy will only analyze, log, and process the first request of each connection. Setting "option http-keep-alive" enables HTTP keep-alive mode on the client- and server- sides. This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side at the expense of maintaining idle connections to the servers. In general, it is possible with this option to achieve approximately twice the request rate that the "http-server-close" option achieves on small objects. There are mainly two situations where this option may be useful : - when the server is non-HTTP compliant and authenticates the connection instead of requests (eg: NTLM authentication) - when the cost of establishing the connection to the server is significant compared to the cost of retrieving the associated object from the server.'); +global $a_servermodes; $a_servermodes = array(); $a_servermodes["active"]['name'] = "active"; $a_servermodes["backup"]['name'] = "backup"; $a_servermodes["disabled"]['name'] = "disabled"; $a_servermodes["inactive"]['name'] = "inactive"; +// http://www.exceliance.fr/sites/default/files/biblio/aloha_load_balancer_haproxy_cookie_persistence_methods_memo.pdf +global $a_cookiemode; +$a_cookiemode = array(); +$a_cookiemode['passive'] = array('name' => 'Passive', 'syntax' => 'cookie <cookie name>', + 'descr' => 'Cookie is analysed on incoming request to choose server. HAProxy does not perform any insertion update or deletion on the Cookie or Set-Cookie. If the Cookie is not set, then the load-balancing algorithm is applied.'); +$a_cookiemode['passive-silent'] = array('name' => 'Passive-silent', 'syntax' => 'cookie <cookie name> indirect', + 'descr' => 'Cookie is analysed on incoming request to choose server. HAProxy does not perform any insertion, update or deletion on the Cookie. Set-Cookie is removed from response if not required. If the Cookie is not set, then HAProxy applies the load-balancing algorithm.'); +$a_cookiemode['reset'] = array('name' => 'Reset', 'syntax' => 'cookie <cookie name> rewrite', + 'descr' => 'Cookie is analysed on incoming request to choose server and Set-Cookie value is overwritten in response if present. If the Set-Cookie isn\'t sent by the server, then HAProxy won\'t set it.'); +$a_cookiemode['set'] = array('name' => 'Insert', 'syntax' => 'cookie <cookie name> insert', + 'descr' => 'Cookie is analyzed on incoming request to choose server and Set-Cookie value is overwritten if present and set to an unknown value or inserted in response if not present.'); +$a_cookiemode['set-silent'] = array('name' => 'Insert-silent', 'syntax' => 'cookie <cookie name> insert indirect', + 'descr' => 'Cookie is analyzed on incoming request to choose server and Set-Cookie value is overwritten if present, inserted in response if needed and removed if a valid Cookie was provided.'); +$a_cookiemode['insert-only'] = array('name' => 'Insert-preserve', 'syntax' => 'cookie <cookie name> preserve insert', + 'descr' => 'Cookie is analyzed on incoming request to choose server. Set-Cookie value is set only if the server does not provide one or if the client came without the Cookie.'); +$a_cookiemode['insert-only-silent'] = array('name' => 'Insert-preserve-silent', 'syntax' => 'cookie <cookie name> preserve insert indirect', + 'descr' => 'Cookie is analyzed on incoming request to choose server and Set-Cookie value is left untouched if present, inserted in response if needed or removed if not needed.'); +$a_cookiemode['session-prefix'] = array('name' => 'Session-prefix', 'syntax' => 'cookie <cookie name> prefix', + 'descr' => 'Cookie is analyzed on incoming request to choose server whose Cookie Name prefix matches. Set Cookie value is prefixed using server line Cookie ID in response. Cookie is modified only between HAProxy and the client only'); +$a_cookiemode['passive-session-prefix'] = array('name' => 'Passive-session-prefix', 'syntax' => 'cookie <cookie name> preserve prefix indirect', + 'descr' => 'Cookie is analysed on incoming request to choose server whose Cookie ID prefix matches.'); +foreach($a_cookiemode as &$cookiemode) + $cookiemode['descr'] = $cookiemode['descr'] . "\n\n" . $cookiemode['syntax'] . ""; + +global $a_sticky_type; +$a_sticky_type = array(); +$a_sticky_type['none'] = array('name' => 'none', + 'descr' => "No stick-table will be used"); +$a_sticky_type['stick_sslsessionid'] = array('name' => 'Stick on SSL-Session-ID', + 'descr' => "Only used on https frontends. Uses the SSL-Session-ID to persist clients to a server."); +$a_sticky_type['stick_sourceipv4'] = array('name' => 'Stick on SourceIP IPv4', + 'descr' => "Stick on the client ip, drawback is that multiple clients behind a natted public ip will be balanced to the same server."); +$a_sticky_type['stick_sourceipv6'] = array('name' => 'Stick on SourceIP IPv6', + 'descr' => "Stick on the client ip, drawback is that multiple clients behind a natted public ip will be balanced to the same server."); +$a_sticky_type['stick_cookie_value'] = array('name' => 'Stick on existing Cookie value', + 'descr' => "Stick on the value of a session cookie", + 'cookiedescr' => "Enables SSL-session-id based persistence. (only use on 'https' and 'tcp' frontends that use SSL)<br/>EXAMPLE: JSESSIONID PHPSESSIONID ASP.NET_SessionId"); +$a_sticky_type['stick_rdp_cookie'] = array('name' => 'Stick on RDP-cookie', + 'descr' => "Uses a RDP-Cookie send by the mstsc client, note that not all clients send this.", + 'cookiedescr' => 'EXAMPLE: msts or mstshash'); + +if(!function_exists('group_ports')){ +// function group_ports() is present in pfSense 2.2 in util.inc +/* create ranges of sequential port numbers (200:215) and remove duplicates */ +function group_ports($ports) { + if (!is_array($ports) || empty($ports)) + return; + + $uniq = array(); + foreach ($ports as $port) { + if (is_portrange($port)) { + list($begin, $end) = explode(":", $port); + if ($begin > $end) { + $aux = $begin; + $begin = $end; + $end = $aux; + } + for ($i = $begin; $i <= $end; $i++) + if (!in_array($i, $uniq)) + $uniq[] = $i; + } else if (is_port($port)) { + if (!in_array($port, $uniq)) + $uniq[] = $port; + } + } + sort($uniq, SORT_NUMERIC); + + $result = array(); + foreach ($uniq as $idx => $port) { + if ($idx == 0) { + $result[] = $port; + continue; + } + + $last = end($result); + if (is_portrange($last)) + list($begin, $end) = explode(":", $last); + else + $begin = $end = $last; + + if ($port == ($end+1)) { + $end++; + $result[count($result)-1] = "{$begin}:{$end}"; + } else { + $result[] = $port; + } + } + + return $result; +} +} + +function haproxy_portoralias_to_list($port_or_alias) { + // input: a port or aliasname: 80 https MyPortAlias + // returns: a array of ports and portranges 80 443 8000:8010 + global $aliastable; + $portresult = array(); + if (alias_get_type($port_or_alias) == "port") { + $aliasports = $aliastable[$port_or_alias]; + $ports = explode(' ',$aliasports); + foreach($ports as $port) { + $portresults = haproxy_portoralias_to_list($port); + $portresult = array_merge($portresult, $portresults); + } + return $portresult; + } else if (is_portrange($port_or_alias)) { + return (array)$port_or_alias; + } else if (is_port($port_or_alias)) { + if (getservbyname($port_or_alias, "tcp")) + return (array)getservbyname($port_or_alias, "tcp"); + if (getservbyname($port_or_alias, "udp")) + return (array)getservbyname($port_or_alias, "udp"); + return (array)$port_or_alias; + } + else + return null; +} + function haproxy_custom_php_deinstall_command() { - exec("cd /var/db/pkg && pkg_delete `ls | grep haproxy`"); - exec("rm /usr/local/pkg/haproxy*"); - exec("rm /usr/local/www/haproxy*"); + global $static_output; + $static_output .= "HAProxy, running haproxy_custom_php_deinstall_command()\n"; + update_output_window($static_output); + $static_output .= "HAProxy, deleting haproxy webgui\n"; + update_output_window($static_output); exec("rm /usr/local/etc/rc.d/haproxy.sh"); - exec("rm /etc/devd/haproxy.conf"); - exec("/etc/rc.d/devd restart"); + $static_output .= "HAProxy, installing cron job if needed\n"; + update_output_window($static_output); haproxy_install_cron(false); + $static_output .= "HAProxy, running haproxy_custom_php_deinstall_command() DONE\n"; + update_output_window($static_output); } function haproxy_custom_php_install_command() { - global $g, $config; + global $g, $config, $static_output; + $static_output .= "HAProxy, running haproxy_custom_php_install_command()\n"; + update_output_window($static_output); + + $static_output .= "HAProxy, conf_mount_rw\n"; + update_output_window($static_output); conf_mount_rw(); - - $freebsd_version = substr(trim(`uname -r`), 0, 1); - if(!file_exists("/usr/bin/limits")) { - exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits"); - exec("chmod a+rx /usr/bin/limits"); - } + $static_output .= "HAProxy, create '/usr/local/etc/rc.d/haproxy.sh'\n"; + update_output_window($static_output); $haproxy = <<<EOD #!/bin/sh @@ -150,7 +278,7 @@ function haproxy_custom_php_install_command() { name="haproxy" rcvar=`set_rcvar` -command="/usr/local/bin/haproxy" +command="/usr/pbi/haproxy-devel-`uname -m`/sbin/haproxy" haproxy_enable=\${haproxy-"YES"} start_cmd="haproxy_start" @@ -202,27 +330,11 @@ EOD; fclose($fd); exec("chmod a+rx /usr/local/etc/rc.d/haproxy.sh"); - $devd = <<<EOD -notify 0 { - match "system" "IFNET"; - match "subsystem" "carp[0-9]+"; - match "type" "LINK_UP"; - action "/usr/local/etc/rc.d/haproxy.sh check"; -}; -notify 0 { - match "system" "IFNET"; - match "subsystem" "carp[0-9]+"; - match "type" "LINK_DOWN"; - action "/usr/local/etc/rc.d/haproxy.sh check"; -}; -EOD; - exec("mkdir -p /etc/devd"); - $fd = fopen("/etc/devd/haproxy.conf", "w"); - fwrite($fd, $devd); - fclose($fd); - exec("/etc/rc.d/devd restart"); + $static_output .= "HAProxy, update configuration\n"; + update_output_window($static_output); + $writeconfigupdate = false; /* Do XML upgrade from haproxy 0.31 to haproxy-dev */ if (is_array($config['installedpackages']['haproxy']['ha_servers'])) { @@ -293,9 +405,8 @@ EOD; $writeconfigupdate = true; } // update config to "haproxy-devel 1.5-dev19 pkg v0.5" - $a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item']; - if(is_array($a_backends)) { - foreach ($a_backends as &$bind) { + if(is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { + foreach ($config['installedpackages']['haproxy']['ha_backends']['item'] as &$bind) { if($bind['httpclose'] && $bind['httpclose'] == "yes" ) { $bind['httpclose'] = "httpclose"; $writeconfigupdate = true; @@ -314,12 +425,22 @@ EOD; } } } - if ($writeconfigupdate) - write_config("haproxy, update xml config version"); + if ($writeconfigupdate) { + $static_output .= "HAProxy, write updated config\n"; + update_output_window($static_output); + write_config("HAProxy, update xml config version"); + } + $static_output .= "HAProxy, conf_mount_ro\n"; + update_output_window($static_output); conf_mount_ro(); - exec("/usr/local/etc/rc.d/haproxy.sh start"); + $static_output .= "HAProxy, starting haproxy (if previously enabled)\n"; + update_output_window($static_output); + haproxy_check_run(1); + + $static_output .= "HAProxy, running haproxy_custom_php_install_command() DONE\n"; + update_output_window($static_output); } function haproxy_install_cron($should_install) { @@ -380,33 +501,66 @@ function haproxy_find_acl($name) { function write_backend($fd, $name, $pool, $frontend) { if(!is_array($pool['ha_servers']['item']) && !$pool['stats_enabled']=='yes') return; - global $a_checktypes; + global $a_checktypes, $a_cookiemode; $a_servers = &$pool['ha_servers']['item']; - - unset($sslserverpresent); - if (is_array($a_servers)) - { - foreach($a_servers as $be) { - if (!$be['status'] == "inactive") - continue; - if ($be['ssl']) - $sslserverpresent = true; - } - } + $frontendtype = $frontend['type']; + $frontend_ip = haproxy_interface_ip($frontend['extaddr']); fwrite ($fd, "backend " . $name . "\n"); - if($pool['cookie_name'] && strtolower($frontend['type']) == "http") - fwrite ($fd, "\tcookie\t\t\t" . $pool['cookie_name'] . " insert indirect\n"); - - // https is an alias for tcp for clarity purpouses - if(strtolower($frontend['type']) == "https") { - $backend_type = "tcp"; + // https is an alias for tcp for clarity purposes + if($frontendtype == "https") { + $backend_mode = "tcp"; } else { - $backend_type = $frontend['type']; + $backend_mode = $frontendtype; + } + fwrite ($fd, "\tmode\t\t\t" . $backend_mode . "\n"); + + if ($frontendtype == "http") { + if ($pool["persist_cookie_enabled"] == "yes") { + $cookie_mode = $pool["persist_cookie_mode"]; + $cookie_cachable = $pool["persist_cookie_cachable"]; + $cookiesyntax = $a_cookiemode[$cookie_mode]["syntax"]; + $cookie = str_replace("<cookie name>", $pool["persist_cookie_name"], $cookiesyntax); + $cookie .= $cookie_cachable == "yes" ? "" : " nocache"; + fwrite ($fd, "\t" . $cookie . "\n"); + } + } + switch($pool["persist_sticky_type"]) { + case 'stick_sslsessionid': + if ($frontendtype == "https") { + fwrite ($fd, "\ttcp-request inspect-delay 5s\n"); + fwrite ($fd, "\tstick-table type binary len 32 size ".$pool["persist_stick_tablesize"]." expire ".$pool["persist_stick_expire"]."\n"); + fwrite ($fd, "\tacl clienthello req_ssl_hello_type 1\n"); + fwrite ($fd, "\tacl serverhello rep_ssl_hello_type 2\n"); + fwrite ($fd, "\ttcp-request content accept if clienthello\n"); + fwrite ($fd, "\ttcp-response content accept if serverhello\n"); + fwrite ($fd, "\tstick on payload_lv(43,1) if clienthello\n"); + fwrite ($fd, "\tstick store-response payload_lv(43,1) if serverhello\n"); + } + break; + case 'stick_rdp_cookie': + //tcp-request content accept if RDP_COOKIE + //fwrite ($fd, "\tstick on req.rdp_cookie(msts)\n"); + fwrite ($fd, "\tstick-table type binary len 32 size ".$pool["persist_stick_tablesize"]." expire ".$pool["persist_stick_expire"]."\n"); + fwrite ($fd, "\tstick on req.rdp_cookie(mstshash)\n"); + break; + case 'stick_sourceipv4': + fwrite ($fd, "\tstick-table type ip size ".$pool["persist_stick_tablesize"]." expire ".$pool["persist_stick_expire"]."\n"); + fwrite ($fd, "\tstick on src\n"); + break; + case 'stick_sourceipv6': + fwrite ($fd, "\tstick-table type ip size ".$pool["persist_stick_tablesize"]." expire ".$pool["persist_stick_expire"]."\n"); + fwrite ($fd, "\tstick on src\n"); + break; + case 'stick_cookie_value': + if ($frontendtype == "http") { + fwrite ($fd, "\tstick-table type string len {$pool["persist_stick_length"]} size ".$pool["persist_stick_tablesize"]." expire ".$pool["persist_stick_expire"]."\n"); + fwrite ($fd, "\tstick store-response res.cook({$pool["persist_stick_cookiename"]})\n"); + fwrite ($fd, "\tstick on req.cook({$pool["persist_stick_cookiename"]})\n"); + } + break; } - - fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n"); unset($checkport); $check_type = $pool['check_type']; @@ -456,17 +610,25 @@ function write_backend($fd, $name, $pool, $frontend) { fwrite ($fd, "\tstats\t\t\trealm " . haproxy_escapestring($pool['stats_realm']) . "\n"); else fwrite ($fd, "\tstats\t\t\trealm .\n"); - fwrite ($fd, "\tstats\t\t\tauth " . haproxy_escapestring($pool['stats_username']).":". haproxy_escapestring($pool['stats_password'])."\n"); + + if ($pool['stats_username'] && $pool['stats_password']) + fwrite ($fd, "\tstats\t\t\tauth " . haproxy_escapestring($pool['stats_username']).":". haproxy_escapestring($pool['stats_password'])."\n"); if($pool['stats_admin']=='yes') fwrite ($fd, "\tstats\t\t\tadmin if TRUE" . "\n"); - if($pool['stats_node_enabled']=='yes') + if($pool['stats_node']) fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n"); if($pool['stats_desc']) - fwrite ($fd, "\tstats\t\t\tshow-desc " . $pool['stats_desc'] . "\n"); + fwrite ($fd, "\tstats\t\t\tshow-desc " . haproxy_escapestring($pool['stats_desc']) . "\n"); if($pool['stats_refresh']) fwrite ($fd, "\tstats\t\t\trefresh " . $pool['stats_refresh'] . "\n"); + + if ($pool['stats_scope']) { + $scope_items = explode(",", $pool['stats_scope']); + foreach($scope_items as $scope_item) + fwrite ($fd, "\tstats\t\t\tscope " . $scope_item . "\n"); + } } $uri = $pool['monitor_uri']; @@ -478,6 +640,10 @@ function write_backend($fd, $name, $pool, $frontend) { if ($optioncheck) fwrite ($fd, "\toption\t\t\t{$optioncheck}\n"); + if ($pool["strict_transport_security"] && is_numeric($pool["strict_transport_security"])){ + fwrite ($fd, "\trspadd Strict-Transport-Security:\ max-age={$pool["strict_transport_security"]};\n"); + } + if ($pool['advanced_backend']) { $adv_be = explode("\n", base64_decode($pool['advanced_backend'])); foreach($adv_be as $adv_line) { @@ -487,10 +653,6 @@ function write_backend($fd, $name, $pool, $frontend) { } } - if($pool['cookie'] && strtolower($frontend['type']) == "http") - $cookie = " cookie {$pool['cookie']} "; - else - $cookie = ""; if($pool['advanced']) { $advanced = base64_decode($pool['advanced']); $advanced_txt = " " . $advanced; @@ -501,9 +663,9 @@ function write_backend($fd, $name, $pool, $frontend) { if ($check_type != 'none') { if($pool['checkinter']) - $checkinter = "check inter {$pool['checkinter']}"; + $checkinter = " check inter {$pool['checkinter']}"; else - $checkinter = "check inter 1000"; + $checkinter = " check inter 1000"; } //agent-check requires at least haproxy v1.5dev20 @@ -515,6 +677,10 @@ function write_backend($fd, $name, $pool, $frontend) { foreach($a_servers as $be) { if ($be['status'] == "inactive") continue; + if($be['cookie'] && $frontendtype == "http") + $cookie = " cookie {$be['cookie']}"; + else + $cookie = ""; if (!$be['name']) $be['name'] = $be['address']; @@ -526,9 +692,13 @@ function write_backend($fd, $name, $pool, $frontend) { $ssl = ""; if ($be['ssl'] == 'yes') { - $ssl = $backend_type == "http" ? ' ssl' : ' check-ssl'; + $ssl = $frontendtype == "http" ? ' ssl' : ' check-ssl'; + } + $weight = ""; + if (is_numeric($be['weight'])){ + $weight = " weight " . $be['weight']; } - fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter$checkport$agentcheck $isbackup weight " . $be['weight'] . "{$advanced_txt} {$be['advanced']}\n"); + fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl$cookie$checkinter$checkport$agentcheck $isbackup$weight{$advanced_txt} {$be['advanced']}\n"); } } fwrite ($fd, "\n"); @@ -537,13 +707,11 @@ function write_backend($fd, $name, $pool, $frontend) { function haproxy_configure() { global $g; // reload haproxy - haproxy_writeconf("{$g['varetc_path']}/haproxy"); return haproxy_check_run(1); } function haproxy_check_and_run(&$messages, $reload) { global $g; - $configpath = "{$g['varetc_path']}/haproxy"; $testpath = "{$g['varetc_path']}/haproxy_test"; haproxy_writeconf($testpath); $retval = exec("haproxy -c -V -f $testpath/haproxy.cfg 2>&1", $output, $err); @@ -561,7 +729,6 @@ function haproxy_check_and_run(&$messages, $reload) { $ok = strstr($retval, "Configuration file is valid"); if ($ok && $reload) { global $haproxy_run_message; - haproxy_writeconf($configpath); rmdir_recursive($testpath); $ok = haproxy_check_run(1) == 0; $messages = $haproxy_run_message; @@ -617,6 +784,7 @@ function haproxy_writeconf($configpath) { fwrite ($fd, "\tnbproc\t\t\t$numprocs\n"); fwrite ($fd, "\tchroot\t\t\t/var/empty\n"); fwrite ($fd, "\tdaemon\n"); + fwrite ($fd, "\tssl-server-verify none\n"); // Keep the advanced options on the bottom of the global settings, to allow additional sections to be easely added if($a_global['advanced']) { @@ -627,6 +795,22 @@ function haproxy_writeconf($configpath) { } } fwrite ($fd, "\n"); + + $localstatsport = $a_global['localstatsport']; + if ($localstatsport){ + fwrite ($fd, "listen HAProxyLocalStats\n"); + fwrite ($fd, "\tbind 127.0.0.1:$localstatsport\n"); + fwrite ($fd, "\tmode http\n"); + fwrite ($fd, "\tstats enable\n"); + if (is_numeric($a_global['localstats_refreshtime'])) + fwrite ($fd, "\tstats refresh {$a_global['localstats_refreshtime']}\n"); + fwrite ($fd, "\tstats admin if TRUE\n"); + fwrite ($fd, "\tstats uri /haproxy_stats.php?haproxystats=1\n"); + fwrite ($fd, "\ttimeout client 5000\n"); + fwrite ($fd, "\ttimeout connect 5000\n"); + fwrite ($fd, "\ttimeout server 5000\n"); + fwrite ($fd, "\n"); + } } // Try and get a unique array for address:port as frontends can duplicate @@ -643,11 +827,11 @@ function haproxy_writeconf($configpath) { unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt"); continue; } - + $primaryfrontend = get_primaryfrontend($frontend); $bname = get_frontend_ipport($frontend); //check ssl info - if (strtolower($frontend['type']) == "http" && $frontend['ssloffload']){ + if (strtolower($primaryfrontend['type']) == "http" && $frontend['ssloffload']){ //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem $filename = "$configpath/{$frontend['name']}.{$frontend['port']}.pem"; $ssl_crt = " crt $filename"; @@ -672,7 +856,6 @@ function haproxy_writeconf($configpath) { $a_bind[$bname] = array(); $a_bind[$bname]['config'] = array(); // Settings which are used only from the primary frontend - $primaryfrontend = get_primaryfrontend($frontend); $a_bind[$bname]['name'] = $primaryfrontend['name']; $a_bind[$bname]['extaddr'] = $primaryfrontend['extaddr']; $a_bind[$bname]['port'] = $primaryfrontend['port']; @@ -689,7 +872,7 @@ function haproxy_writeconf($configpath) { if (($frontend['secondary'] != 'yes') && ($frontend['name'] != $b['name'])) { // only 1 frontend can be the primary for a set of frontends that share 1 address:port. - $input_errors[] = "Multiple primary frondends for $bname"; + $input_errors[] = "Multiple primary frontends for $bname use the 'Shared Frontend' option instead"; } if ($ssl_crt != "") { @@ -718,17 +901,28 @@ function haproxy_writeconf($configpath) { // Prepare ports for processing by splitting $portss = "{$bind['port']},"; $ports = split(",", $portss); - $ssl_info = $bind['ssl_info']; - $advanced_bind = $bind['advanced_bind']; + + if($bind['type'] == "http") { + // ssl offloading is only possible in http mode. + $ssl_info = $bind['ssl_info']; + $advanced_bind = $bind['advanced_bind']; + } else { + $ssl_info = ""; + $advanced_bind = ""; + } // Initialize variable $listenip = ""; // Process and add bind directives for ports $ip = haproxy_interface_ip($bind['extaddr']); if ($ip){ - foreach($ports as $port) { - if($port) { - $listenip .= "\tbind\t\t\t$ip:{$port} {$ssl_info} {$advanced_bind}\n"; + foreach($ports as $alias_or_port) { + if($alias_or_port) { + $portsnumeric = group_ports(haproxy_portoralias_to_list($alias_or_port)); + foreach($portsnumeric as $portnumeric) { + $portnumeric = str_replace(":","-",$portnumeric); + $listenip .= "\tbind\t\t\t$ip:{$portnumeric} {$ssl_info} {$advanced_bind}\n"; + } } } } @@ -746,7 +940,7 @@ function haproxy_writeconf($configpath) { } } - // https is an alias for tcp for clarity purpouses + // https is an alias for tcp for clarity purposes if($bind['type'] == "https") { $backend_type = "tcp"; } else { @@ -784,45 +978,15 @@ function haproxy_writeconf($configpath) { $default_backend = ""; $i = 0; foreach ($bind['config'] as $frontend) { - $a_acl=&$frontend['ha_acls']['item']; - if(!is_array($a_acl)) - $a_acl=array(); - - $poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']); + $a_acl = get_frontend_acls($frontend); - // Create different pools if the svrport is set - if ($frontend['svrport'] > 0) - $poolname .= "_" . $frontend['svrport']; + $poolname = $frontend['backend_serverpool'] . "_" . strtolower($bind['type']); if (!isset($a_pendingpl[$poolname])) { $a_pendingpl[$poolname] = array(); $a_pendingpl[$poolname]['name'] = $poolname; - $a_pendingpl[$poolname]['frontend'] = $frontend; - } - - if (strtolower($bind['type']) == "http" && $frontend['ssloffload']) { - $aclname = "SNI_" . $poolname; - if ($frontend['ssloffloadacl']){ - $cert = lookup_cert($frontend['ssloffloadcert']); - $cert_cn = cert_get_cn($cert['crt']); - $descr = haproxy_escape_acl_name($cert['descr']); - $a_acl[] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); - unset($cert); - } - if ($frontend['ssloffloadacladditional']){ - $certs = $frontend['ha_certificates']['item']; - if (is_array($certs)){ - if (count($certs) > 0){ - foreach($certs as $certref){ - $cert = lookup_cert($certref['ssl_certificate']); - $cert_cn = cert_get_cn($cert['crt']); - $descr = haproxy_escape_acl_name($cert['descr']); - $a_acl[] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); - unset($cert); - } - } - } - } + $a_pendingpl[$poolname]['backend'] = $frontend['backend_serverpool']; + $a_pendingpl[$poolname]['frontend'] = $bind; } // Write this out once, and must be before any backend config text @@ -833,8 +997,8 @@ function haproxy_writeconf($configpath) { // combine acl's with same name to allow for 'combined checks' to check for example hostname and fileextension together.. $a_acl_combine = array(); foreach ($a_acl as $entry) { - $name = $entry['name']; - $a_acl_combine[$name][] = $entry; + $name = $entry['ref']['name']; + $a_acl_combine[$name][] = $entry['ref']; } foreach ($a_acl_combine as $a_usebackend) { @@ -873,7 +1037,7 @@ function haproxy_writeconf($configpath) { if (is_array($a_pendingpl) && is_array($a_backends)) { foreach ($a_pendingpl as $pending) { foreach ($a_backends as $pool) { - if ($pending['frontend']['backend_serverpool'] == $pool['name']) { + if ($pending['backend'] == $pool['name']) { write_backend($fd, $pending['name'], $pool, $pending['frontend']); } } @@ -935,16 +1099,9 @@ function use_transparent_clientip_proxying() { return false; } -function load_ipfw_rules() { - // On FreeBSD 8 pf does not support "divert-reply" so ipfw is needed. - global $g, $config; - $ipfw_zone_haproxy = "haproxy"; - +function haproxy_get_transparent_backends(){ + global $config; $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; - - haproxy_load_modules(); - - $transparent_interfaces = array(); $transparent_backends = array(); foreach ($a_backends as $backend) { if ($backend["transparent_clientip"] != 'yes') @@ -960,15 +1117,51 @@ function load_ipfw_rules() { if (!is_ipaddr($be['address'])) continue; $item = array(); + $item['name'] = $be['name']; + $item['interface'] = $real_if; $item['address'] = $be['address']; $item['port'] = $be['port']; - $item['interface'] = $real_if; $transparent_backends[] = $item; - $transparent_interfaces[$real_if] = 1; } } } } + return $transparent_backends; +} + +function haproxy_generate_rules($type) { + // called by filter.inc when pfSense rules generation happens + global $g, $config; + $rules = ""; + switch($type) { + case 'filter': + $transparent_backends = haproxy_get_transparent_backends(); + foreach($transparent_backends as $tb){ + // This sloppy rule is needed because of ipfw is used to 'catch' return traffic. + $rules .= "# allow HAProxy transparent traffic\n"; + $rules .= "pass out quick on {$tb['interface']} inet proto tcp from any to {$tb['address']} port {$tb['port']} flags S/SA keep state ( sloppy ) label \"HAPROXY_transparent_rule_{$tb['name']}\"\n"; + } + break; + } + return $rules; +} + +function load_ipfw_rules() { + // On FreeBSD 8 pf does not support "divert-reply" so ipfw is needed. + global $g, $config; + $ipfw_zone_haproxy = "haproxy"; + + $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; + + haproxy_load_modules(); + + $transparent_backends = haproxy_get_transparent_backends(); + + $transparent_interfaces = array(); + foreach($transparent_backends as $transparent_backend){ + $interface = $transparent_backend['interface']; + $transparent_interfaces[$interface] = 1; + } mwexec("/usr/local/sbin/ipfw_context -a $ipfw_zone_haproxy", true); foreach($transparent_interfaces as $transparent_if => $value) { @@ -988,19 +1181,27 @@ function load_ipfw_rules() { mwexec("/sbin/ipfw -x $ipfw_zone_haproxy -q {$g['tmp_path']}/ipfw_{$ipfw_zone_haproxy}.haproxy.rules", true); } +function haproxy_plugin_carp($pluginparams) { + // called by pfSense when a CARP interface changes its state (called multiple times when multiple interfaces change state) + // $pluginparams['type'] always 'carp' + // $pluginparams['event'] either 'rc.carpmaster' or 'rc.carpbackup' + // $pluginparams['interface'] contains the affected interface + $type = $pluginparams['type']; + $event = $pluginparams['event']; + $interface = $pluginparams['interface']; + haproxy_check_run(0); +} + function haproxy_check_run($reload) { global $config, $g, $haproxy_run_message; + $haproxylock = lock("haproxy", LOCK_EX); $a_global = &$config['installedpackages']['haproxy']; $configpath = "{$g['varetc_path']}/haproxy"; - - exec("/usr/bin/limits -n 300014"); - - if(use_transparent_clientip_proxying()) - load_ipfw_rules(); - else - mwexec("/usr/local/sbin/ipfw_context -d haproxy", true); + if ($reload) + haproxy_writeconf($configpath); + if(isset($a_global['enable'])) { if (isset($a_global['carpdev'])) { $status = get_carp_interface_status($a_global['carpdev']); @@ -1010,15 +1211,25 @@ function haproxy_check_run($reload) { //exec("/bin/pkill -F /var/run/haproxy.pid haproxy");//doesnt work for multiple pid's in a pidfile haproxy_kill(); } + unlock($haproxylock); return (0); } else if (haproxy_is_running() && $reload == 0) { + unlock($haproxylock); return (0); } log_error("Starting haproxy on CARP master."); /* fallthrough */ - } else if ($reload == 0) + } else if ($reload == 0){ + unlock($haproxylock); return (0); + } + if(use_transparent_clientip_proxying()) { + filter_configure(); + load_ipfw_rules(); + } else + mwexec("/usr/local/sbin/ipfw_context -d haproxy", true); + if (haproxy_is_running()) { if (isset($a_global['terminate_on_reload'])) $sf_st = "-st";//terminate old process as soon as the new process is listening @@ -1030,14 +1241,15 @@ function haproxy_check_run($reload) { } foreach($output as $line) $haproxy_run_message .= "<br/>" . htmlspecialchars($line) . "\n"; - return ($errcode); } else { if ($reload && haproxy_is_running()) { //exec("/bin/pkill -F /var/run/haproxy.pid haproxy");//doesnt work for multiple pid's in a pidfile haproxy_kill(); } - return (0); + $errcode = 0; } + unlock($haproxylock); + return ($errcode); } function haproxy_kill($killimmediately = true) { @@ -1120,7 +1332,7 @@ function get_primaryfrontend($frontend) { function get_frontend_ipport($frontend,$userfriendly=false) { $mainfrontend = get_primaryfrontend($frontend); - $result = haproxy_interface_ip($mainfrontend['extaddr'],$userfriendly); + $result = haproxy_interface_ip($mainfrontend['extaddr'], $userfriendly); if ($userfriendly and is_ipaddrv6($result)) $result = "[{$result}]"; return $result . ":" . $mainfrontend['port']; @@ -1174,6 +1386,7 @@ function get_haproxy_frontends($excludeitem="") { } function get_frontend_acls($frontend) { + $mainfrontend = get_primaryfrontend($frontend); $result = array(); $a_acl = &$frontend['ha_acls']['item']; if (is_array($a_acl)) @@ -1184,7 +1397,7 @@ function get_frontend_acls($frontend) { continue; // Filter out acls for different modes - if ($acl['mode'] != '' && $acl['mode'] != strtolower($frontend['type'])) + if ($acl['mode'] != '' && $acl['mode'] != strtolower($mainfrontend['type'])) continue; $acl_item = array(); @@ -1194,17 +1407,52 @@ function get_frontend_acls($frontend) { $result[] = $acl_item; } } + + if (strtolower($mainfrontend['type']) == "http" && $mainfrontend['ssloffload']) { + $a_acl = &$frontend['ha_acls']['item']; + if(!is_array($a_acl)) + $a_acl=array(); + + $poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']); + $aclname = "SNI_" . $poolname; + if ($frontend['ssloffloadacl']){ + $cert = lookup_cert($frontend['ssloffloadcert']); + $cert_cn = cert_get_cn($cert['crt']); + $descr = haproxy_escape_acl_name($cert['descr']); + unset($cert); + $acl_item = array(); + $acl_item['descr'] = "Certificate ACL ".$cert_cn; + $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); + $result[] = $acl_item; + } + if ($frontend['ssloffloadacladditional']){ + $certs = $frontend['ha_certificates']['item']; + if (is_array($certs)){ + foreach($certs as $certref){ + $cert = lookup_cert($certref['ssl_certificate']); + $cert_cn = cert_get_cn($cert['crt']); + $descr = haproxy_escape_acl_name($cert['descr']); + unset($cert); + $acl_item = array(); + $acl_item['descr'] = "Additional certificate ACLs: ".$cert_cn; + $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); + $result[] = $acl_item; + } + } + } + } return $result; } function get_backend($name) { global $config; $a_backend = &$config['installedpackages']['haproxy']['ha_pools']['item']; - foreach($a_backend as $key => $backend) - { - if ($backend['name'] == $name) - return $backend; - } + if(is_array($a_backend)) + foreach($a_backend as $key => $backend) + { + if ($backend['name'] == $name) + return $backend; + } return null; } @@ -1218,4 +1466,25 @@ function haproxy_escape_acl_name($aclname) { return preg_replace_callback('([^A-Za-z0-9\._\-\:])', function($match){return "_".dechex(ord($match[0]));}, $aclname); } +function haproxy_find_create_certificate($certificatename) { + global $g; + $cert = lookup_cert_by_name($certificatename); + if (is_array($cert)) + return $cert; + global $config; + $a_cert =& $config['cert']; + $cert = array(); + $cert['refid'] = uniqid(); + $cert['descr'] = gettext($certificatename); + mwexec("/usr/local/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key"); + mwexec("/usr/local/bin/openssl req -new -x509 -nodes -sha256 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt"); + $crt = file_get_contents("{$g['tmp_path']}/ssl.crt"); + $key = file_get_contents("{$g['tmp_path']}/ssl.key"); + unlink("{$g['tmp_path']}/ssl.key"); + unlink("{$g['tmp_path']}/ssl.crt"); + cert_import($cert, $crt, $key); + $a_cert[] = $cert; + return $cert; +} + ?> diff --git a/config/haproxy-devel/haproxy.widget.php b/config/haproxy-devel/haproxy.widget.php index 7954e404..5d664e81 100644 --- a/config/haproxy-devel/haproxy.widget.php +++ b/config/haproxy-devel/haproxy.widget.php @@ -3,7 +3,7 @@ Copyright (C) 2013 PiBa-NL Copyright 2011 Thomas Schaefer - Tomschaefer.org Copyright 2011 Marcello Coutinho - Part of pfSense widgets (www.pfsense.com) + Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml index 6b25dd46..5c534522 100644 --- a/config/haproxy-devel/haproxy.xml +++ b/config/haproxy-devel/haproxy.xml @@ -58,66 +58,81 @@ <executable>haproxy</executable> <description>The Reliable, High Performance TCP/HTTP Load Balancer</description> </service> + <plugins> + <item> + <type>plugin_carp</type> + </item> + </plugins> <configpath>installedpackages->haproxy->config</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_listeners.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_listeners.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_listeners_edit.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_listeners_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_global.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_global.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_pools.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_pools.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_pool_edit.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_pool_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_stats.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_socketinfo.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_socketinfo.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_htmllist.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_htmllist.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_utils.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_utils.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy.widget.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.widget.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/haproxy-devel/pkg_haproxy.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/pkg_haproxy.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/pkg_haproxy_tabs.inc</item> </additional_files_needed> <custom_delete_php_command> </custom_delete_php_command> diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index 0a92cde7..50472d9f 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool.php,v 1.5.2.6 2007/03/02 23:48:32 smos Exp $ */ /* haproxy_global.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> @@ -34,6 +34,9 @@ require_once("guiconfig.inc"); require_once("haproxy.inc"); require_once("haproxy_utils.inc"); require_once("globals.inc"); +require_once("pkg_haproxy_tabs.inc"); + +$simplefields = array('localstats_refreshtime','localstats_sticktable_refreshtime'); if (!is_array($config['installedpackages']['haproxy'])) $config['installedpackages']['haproxy'] = array(); @@ -65,6 +68,15 @@ if ($_POST) { if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) $input_errors[] = "The maximum number of connections should be numeric."; + + if ($_POST['localstatsport'] && (!is_numeric($_POST['localstatsport']))) + $input_errors[] = "The local stats port should be numeric or empty."; + + if ($_POST['localstats_refreshtime'] && (!is_numeric($_POST['localstats_refreshtime']))) + $input_errors[] = "The local stats refresh time should be numeric or empty."; + + if ($_POST['localstats_sticktable_refreshtime'] && (!is_numeric($_POST['localstats_sticktable_refreshtime']))) + $input_errors[] = "The local stats sticktable refresh time should be numeric or empty."; /*if($_POST['synchost1'] && !is_ipaddr($_POST['synchost1'])) $input_errors[] = "Synchost1 needs to be an IPAddress."; @@ -86,8 +98,11 @@ if ($_POST) { $config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false; $config['installedpackages']['haproxy']['carpdev'] = $_POST['carpdev'] ? $_POST['carpdev'] : false; //$config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false; + $config['installedpackages']['haproxy']['localstatsport'] = $_POST['localstatsport'] ? $_POST['localstatsport'] : false; $config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false; $config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false; + foreach($simplefields as $stat) + $config['installedpackages']['haproxy'][$stat] = $_POST[$stat]; touch($d_haproxyconfdirty_path); write_config(); } @@ -106,8 +121,11 @@ $pconfig['remotesyslog'] = $config['installedpackages']['haproxy']['remotesyslog $pconfig['logfacility'] = $config['installedpackages']['haproxy']['logfacility']; $pconfig['loglevel'] = $config['installedpackages']['haproxy']['loglevel']; $pconfig['carpdev'] = $config['installedpackages']['haproxy']['carpdev']; +$pconfig['localstatsport'] = $config['installedpackages']['haproxy']['localstatsport']; $pconfig['advanced'] = base64_decode($config['installedpackages']['haproxy']['advanced']); $pconfig['nbproc'] = $config['installedpackages']['haproxy']['nbproc']; +foreach($simplefields as $stat) + $pconfig[$stat] = $config['installedpackages']['haproxy'][$stat]; // defaults if (!$pconfig['logfacility']) @@ -115,8 +133,8 @@ if (!$pconfig['logfacility']) if (!$pconfig['loglevel']) $pconfig['loglevel'] = 'info'; -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Settings"; @@ -148,12 +166,7 @@ function enable_change(enable_change) { <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php - /* active tabs */ - $tab_array = array(); - $tab_array[] = array("Settings", true, "haproxy_global.php"); - $tab_array[] = array("Frontend", false, "haproxy_listeners.php"); - $tab_array[] = array("Backend", false, "haproxy_pools.php"); - display_top_tabs($tab_array); + haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "settings"); ?> </td></tr> <tr> @@ -161,20 +174,6 @@ function enable_change(enable_change) { <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic">Recalculate certificate chain.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"> </td> - <td width="78%" class="vtable"> - <input type="hidden" name="calculate_certificate_chain" id="calculate_certificate_chain" /> - <input type="button" class="formbtn" value="Recalculate certificate chains" onclick="$('calculate_certificate_chain').value='true';document.iform.submit();" /> - <br/> - This can be required after certificates have been created or imported. As pfSense 2.1.0 currently does not - always keep track of these dependencies which might be required to create a proper certificate chain when using SSLoffloading. - </td> - </tr> - - <tr> <td colspan="2" valign="top" class="listtopic">General settings</td> </tr> <tr> @@ -198,11 +197,17 @@ function enable_change(enable_change) { </table> Sets the maximum per-process number of concurrent connections to X.<br/> <strong>NOTE:</strong> setting this value too high will result in HAProxy not being able to allocate enough memory.<br/> + <p> <?php $memusage = trim(`ps auxw | grep haproxy | grep -v grep | awk '{ print $5 }'`); if($memusage) - echo "<p>Current memory usage: {$memusage} K.</p>"; + echo "Current memory usage: <b>{$memusage} kB.</b><br/>"; ?> + Current <a href='/system_advanced_sysctl.php'>'System Tunables'</a> settings.<br/> + 'kern.maxfiles': <b><?=`sysctl kern.maxfiles | awk '{ print $2 }'`?></b><br/> + 'kern.maxfilesperproc': <b><?=`sysctl kern.maxfilesperproc | awk '{ print $2 }'`?></b><br/> + </p> + Full memory usage will only show after all connections have actually been used. </td><td> <table style="border: 1px solid #000;"> <tr> @@ -215,23 +220,29 @@ function enable_change(enable_change) { </td> </tr> <tr> - <td align="right"><font size=-1>999</font></td> - <td><font size=-1>1888K</font></td> + <td align="right"><font size=-1>1</font></td> + <td><font size=-1>50 kB</font></td> </tr> <tr> - <td align="right"><font size=-1>99999</font></td> - <td><font size=-1>8032K</font></td> + <td align="right"><font size=-1>1.000</font></td> + <td><font size=-1>48 MB</font></td> </tr> <tr> - <td align="right"><font size=-1>999999</font></td> - <td><font size=-1>50016K</font></td> + <td align="right"><font size=-1>10.000</font></td> + <td><font size=-1>488 MB</font></td> </tr> <tr> - <td align="right"><font size=-1>9999999</font></td> - <td><font size=-1>467M</font></td> + <td align="right"><font size=-1>100.000</font></td> + <td><font size=-1>4,8 GB</font></td> + </tr> + <tr> + <td colspan="2" style="white-space: nowrap"><font size=-2>Calculated for plain HTTP connections,<br/>using ssl offloading will increase this.</font></td> </tr> </table> </td></tr></table> + When setting a high amount of allowed simultaneous connections you will need to add and or increase the following two <b><a href='/system_advanced_sysctl.php'>'System Tunables'</a></b> kern.maxfiles and kern.maxfilesperproc. + For HAProxy alone set these to at least the number of allowed connections * 2 + 31. So for 100.000 connections these need to be 200.031 or more to avoid trouble, take into account that handles are also used by other processes when setting kern.maxfiles. + <br/> </td> </tr> <tr> @@ -339,12 +350,37 @@ function enable_change(enable_change) { </td> </tr> <tr> + <td colspan="2" valign="top" class="listtopic">Stats tab, 'internal' stats port</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Internal stats port</td> + <td class="vtable"> + <input name="localstatsport" type="text" <?if(isset($pconfig['localstatsport'])) echo "value=\"{$pconfig['localstatsport']}\"";?> size="10" maxlength="5" /> EXAMPLE: 2200<br/> + Sets the internal port to be used for the stats tab. + This is bound to 127.0.0.1 so will not be directly exposed on any LAN/WAN/other interface. It is used to internally pass through the stats page. + Leave this setting empty to remove the "HAProxyLocalStats" item from the stats page and save a little on recources. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Internal stats refresh rate</td> + <td class="vtable"> + <input name="localstats_refreshtime" type="text" <?if(isset($pconfig['localstats_refreshtime'])) echo "value=\"{$pconfig['localstats_refreshtime']}\"";?> size="10" maxlength="5" /> Seconds, Leave this setting empty to not refresh the page automatically. EXAMPLE: 10 + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Sticktable page refresh rate</td> + <td class="vtable"> + <input name="localstats_sticktable_refreshtime" type="text" <?if(isset($pconfig['localstats_sticktable_refreshtime'])) echo "value=\"{$pconfig['localstats_sticktable_refreshtime']}\"";?> size="10" maxlength="5" /> Seconds, Leave this setting empty to not refresh the page automatically. EXAMPLE: 10 + </td> + </tr> + <tr> <td colspan="2" valign="top" class="listtopic">Global Advanced pass thru</td> </tr> <tr> <td width="22%" valign="top" class="vncell"> </td> <td width="78%" class="vtable"> - <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea> + <? $textrowcount = max(substr_count($pconfig['advanced'],"\n"), 2) + 2; ?> + <textarea name='advanced' rows="<?=$textrowcount;?>" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea> <br/> NOTE: paste text into this box that you would like to pass thru in the global settings area. </td> @@ -355,6 +391,19 @@ function enable_change(enable_change) { </td> </tr> <tr> + <td colspan="2" valign="top" class="listtopic">Recalculate certificate chain.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> </td> + <td width="78%" class="vtable"> + <input type="hidden" name="calculate_certificate_chain" id="calculate_certificate_chain" /> + <input type="button" class="formbtn" value="Recalculate certificate chains" onclick="$('calculate_certificate_chain').value='true';document.iform.submit();" />(Other changes on this page will be lost) + <br/> + This can be required after certificates have been created or imported. As pfSense 2.1.0 currently does not + always keep track of these dependencies which might be required to create a proper certificate chain when using SSLoffloading. + </td> + </tr> + <tr> <td colspan="2" valign="top" class="listtopic">Configuration synchronization</td> </tr> <tr> diff --git a/config/haproxy-devel/haproxy_htmllist.inc b/config/haproxy-devel/haproxy_htmllist.inc index 2e93ca2a..ae46ffd4 100644 --- a/config/haproxy-devel/haproxy_htmllist.inc +++ b/config/haproxy-devel/haproxy_htmllist.inc @@ -1,7 +1,7 @@ <?php /* haproxy_htmllist.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 PiBa-NL All rights reserved. diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index 3ff53cea..7022ec34 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ /* haproxy_listeners.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> @@ -34,6 +34,7 @@ require_once("guiconfig.inc"); require_once("haproxy.inc"); require_once("certs.inc"); require_once("haproxy_utils.inc"); +require_once("pkg_haproxy_tabs.inc"); if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); @@ -69,8 +70,8 @@ if ($_GET['act'] == "del") { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Frontends"; @@ -91,12 +92,7 @@ include("head.inc"); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php - /* active tabs */ - $tab_array = array(); - $tab_array[] = array("Settings", false, "haproxy_global.php"); - $tab_array[] = array("Frontend", true, "haproxy_listeners.php"); - $tab_array[] = array("Backend", false, "haproxy_pools.php"); - display_top_tabs($tab_array); + haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "frontend"); ?> </td></tr> <tr> @@ -127,8 +123,10 @@ include("head.inc"); $a_frontend_grouped = array(); foreach($a_frontend as &$frontend2) { + $mainfrontend = get_primaryfrontend($frontend2); $ipport = get_frontend_ipport($frontend2, true); $frontend2['ipport'] = $ipport; + $frontend2['type'] = $mainfrontend['type']; $a_frontend_grouped[$ipport][] = $frontend2; } ksort($a_frontend_grouped); @@ -171,29 +169,27 @@ include("head.inc"); $acls = get_frontend_acls($frontend); $isaclset = ""; foreach ($acls as $acl) { - $isaclset .= " " . $acl['descr']; + $isaclset .= " " . htmlspecialchars($acl['descr']); } - if ($frontend['ssloffloadacl']) - $isaclset .= " " . "Certificate ACL"; - if ($frontend['ssloffloadacladditional']) - $isaclset .= " " . "Additional certificate ACLs"; if ($isaclset) echo "<img src=\"$img_acl\" title=\"" . gettext("acl's used") . ": {$isaclset}\" border=\"0\" />"; $isadvset = ""; - if ($frontend['advanced_bind']) $isadvset .= "Advanced bind: {$frontend['advanced_bind']}\r\n"; + if ($frontend['advanced_bind']) $isadvset .= "Advanced bind: ".htmlspecialchars($frontend['advanced_bind'])."\r\n"; if ($frontend['advanced']) $isadvset .= "Advanced pass thru setting used\r\n"; if ($isadvset) echo "<img src=\"$img_adv\" title=\"" . gettext("Advanced settings set") . ": {$isadvset}\" border=\"0\" />"; $backend_serverpool = $frontend['backend_serverpool']; $backend = get_backend($backend_serverpool ); - $servers = $backend['ha_servers']['item']; - $backend_serverpool_hint = gettext("Servers in pool:"); - if (is_array($servers)){ - foreach($servers as $server){ - $backend_serverpool_hint .= "\n".$server['address'].":".$server['port']; + if ($backend && is_array($backend['ha_servers']['item'])){ + $servers = $backend['ha_servers']['item']; + $backend_serverpool_hint = gettext("Servers in pool:"); + if (is_array($servers)){ + foreach($servers as $server){ + $backend_serverpool_hint .= "\n".$server['address'].":".$server['port']; + } } } ?> diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index 3c62ec3a..6731731d 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */ /* haproxy_listeners_edit.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> Copyright (C) 2013 PiBa-NL merging (some of the) "haproxy-devel" changes from: Marcello Coutinho <marcellocoutinho@gmail.com> @@ -34,6 +34,7 @@ require("guiconfig.inc"); require_once("haproxy.inc"); require_once("haproxy_utils.inc"); require_once("haproxy_htmllist.inc"); +require_once("pkg_haproxy_tabs.inc"); /* Compatibility function for pfSense 2.0 */ if (!function_exists("cert_get_purpose")) { @@ -56,8 +57,6 @@ function haproxy_js_acl_select($mode) { return $seltext; } -$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; - if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); } @@ -79,6 +78,12 @@ if (isset($_GET['dup'])) $id = get_frontend_id($id); +if (!is_numeric($id)) +{ + //default value for new items. + $pconfig['ssloffloadacl'] = "yes"; +} + $servercerts = get_certificates_server(); $fields_sslCertificates=array(); @@ -150,8 +155,8 @@ if ($_POST) { $ports = split(",", $_POST['port'] . ","); foreach($ports as $port) - if ($port && !is_numeric($port)) - $input_errors[] = "The field 'Port' value is not a number."; + if ($port && !is_numeric($port) && !is_portoralias($port)) + $input_errors[] = "The field 'Port' value '".htmlspecialchars($port)."' is not a number or alias thereof."; if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout'])) $input_errors[] = "The field 'Client timeout' value is not a number."; @@ -222,21 +227,17 @@ if ($_POST) { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; -if (!$id) -{ - //default value for new items. - $pconfig['ssloffloadacl'] = "yes"; -} - $closehead = false; $pgtitle = "HAProxy: Frontend: Edit"; include("head.inc"); -$primaryfrontends = get_haproxy_frontends($pconfig['name']); +if (!isset($_GET['dup'])) + $excludefrontend = $pconfig['name']; +$primaryfrontends = get_haproxy_frontends($excludefrontend); $interfaces = haproxy_get_bindable_interfaces(); ?> @@ -246,6 +247,8 @@ $interfaces = haproxy_get_bindable_interfaces(); .haproxy_primary{} .haproxy_secondary{display:none;} </style> + <script type="text/javascript" src="/javascript/suggestions.js"></script> + <script type="text/javascript" src="/javascript/autosuggest.js"></script> </head> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -254,12 +257,18 @@ $interfaces = haproxy_get_bindable_interfaces(); <script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script> <?php endif; ?> - <script type="text/javascript"> function htmllist_get_select_options(tableId) { var seltext; seltext = ""; - var type = d.getElementById("type").value; + var type; + var secondary = d.getElementById("secondary"); + var primary_frontend = d.getElementById("primary_frontend"); + if ((secondary !== null) && (secondary.checked)) + type = primaryfrontends[primary_frontend.value]['ref']['type']; + else + type = d.getElementById("type").value; + if (tableId == 'tableA_acltable'){ if (type == 'health') seltext = "<?php echo haproxy_js_acl_select('health');?>"; @@ -295,10 +304,10 @@ $interfaces = haproxy_get_bindable_interfaces(); function updatevisibility() { d = document; ssloffload = d.getElementById("ssloffload"); - type = d.getElementById("type"); - secondary = d.getElementById("secondary"); - primary_frontend = d.getElementById("primary_frontend"); + var type; + var secondary = d.getElementById("secondary"); + var primary_frontend = d.getElementById("primary_frontend"); if ((secondary !== null) && (secondary.checked)) type = primaryfrontends[primary_frontend.value]['ref']['type']; else @@ -373,12 +382,7 @@ $interfaces = haproxy_get_bindable_interfaces(); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php - /* active tabs */ - $tab_array = array(); - $tab_array[] = array("Settings", false, "haproxy_global.php"); - $tab_array[] = array("Frontend", true, "haproxy_listeners.php"); - $tab_array[] = array("Backend", false, "haproxy_pools.php"); - display_top_tabs($tab_array); + haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "frontend"); ?> </td></tr> <tr> @@ -448,8 +452,8 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr class="haproxy_primary" align="left"> <td width="22%" valign="top" class="vncellreq">External port</td> <td width="78%" class="vtable" colspan="2"> - <input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="10" maxlength="500" /> - <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div> + <input name="port" id="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="10" maxlength="500" /> + <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,8000</div> </td> </tr> <tr class="haproxy_primary" align="left"> @@ -550,7 +554,8 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr align="left"> <td width="22%" valign="top" class="vncell">Advanced pass thru</td> <td width="78%" class="vtable" colspan="2"> - <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo htmlspecialchars($pconfig['advanced']); ?></textarea> + <? $textrowcount = max(substr_count($pconfig['advanced'],"\n"), 2) + 2; ?> + <textarea name='advanced' rows="<?=$textrowcount;?>" cols="70" id='advanced'><?php echo htmlspecialchars($pconfig['advanced']); ?></textarea> <br/> NOTE: paste text into this box that you would like to pass thru. </td> @@ -601,7 +606,7 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr class="haproxy_ssloffloading_enabled haproxy_primary" align="left"> <td width="22%" valign="top" class="vncell">Advanced ssl options</td> <td width="78%" class="vtable" colspan="2"> - <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> maxlength="64" /> + <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo 'value="'.htmlspecialchars($pconfig['dcertadv']).'"';?> /> <br/> NOTE: Paste additional ssl options(without commas) to include on ssl listening options.<br/> some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets @@ -642,6 +647,9 @@ $interfaces = haproxy_get_bindable_interfaces(); <script type="text/javascript"> totalrows = <?php echo $counter; ?>; updatevisibility(); + + var customarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>; + var oTextbox1 = new AutoSuggestControl(document.getElementById("port"), new StateSuggestions(customarray)); </script> <?php haproxy_htmllist_js(); diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index 93fa20dc..49eb4271 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */ /* haproxy_pool_edit.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> @@ -34,8 +34,7 @@ require("guiconfig.inc"); require_once("haproxy.inc"); require_once("haproxy_utils.inc"); require_once("haproxy_htmllist.inc"); - -$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; +require_once("pkg_haproxy_tabs.inc"); if (!is_array($config['installedpackages']['haproxy']['ha_pools']['item'])) { $config['installedpackages']['haproxy']['ha_pools']['item'] = array(); @@ -53,49 +52,58 @@ if (isset($_GET['dup'])) global $simplefields; $simplefields = array( -"name","cookie","balance","transparent_clientip","transparent_interface", +"name","balance","transparent_clientip","transparent_interface", "check_type","checkinter","httpcheck_method","monitor_uri","monitor_httpversion","monitor_username","monitor_domain","monitor_agentport", "agent_check","agent_port","agent_inter", "connection_timeout","server_timeout","retries", -"stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_admin","stats_node_enabled","stats_node","stats_desc","stats_refresh"); +"stats_enabled","stats_username","stats_password","stats_uri","stats_scope","stats_realm","stats_admin","stats_node","stats_desc","stats_refresh", +"persist_stick_expire","persist_stick_tablesize","persist_stick_length","persist_stick_cookiename","persist_sticky_type", +"persist_cookie_enabled","persist_cookie_name","persist_cookie_mode","persist_cookie_cachable", +"strict_transport_security" +); $fields_servers=array(); -$fields_servers[0]['name']="name"; -$fields_servers[0]['columnheader']="Name"; -$fields_servers[0]['colwidth']="20%"; -$fields_servers[0]['type']="textbox"; -$fields_servers[0]['size']="30"; -$fields_servers[1]['name']="address"; -$fields_servers[1]['columnheader']="Address"; -$fields_servers[1]['colwidth']="10%"; +$fields_servers[0]['name']="status"; +$fields_servers[0]['columnheader']="Mode"; +$fields_servers[0]['colwidth']="5%"; +$fields_servers[0]['type']="select"; +$fields_servers[0]['size']="5"; +$fields_servers[0]['items']=&$a_servermodes; +$fields_servers[1]['name']="name"; +$fields_servers[1]['columnheader']="Name"; +$fields_servers[1]['colwidth']="20%"; $fields_servers[1]['type']="textbox"; -$fields_servers[1]['size']="20"; -$fields_servers[2]['name']="port"; -$fields_servers[2]['columnheader']="Port"; -$fields_servers[2]['colwidth']="5%"; +$fields_servers[1]['size']="30"; +$fields_servers[2]['name']="address"; +$fields_servers[2]['columnheader']="Address"; +$fields_servers[2]['colwidth']="10%"; $fields_servers[2]['type']="textbox"; -$fields_servers[2]['size']="5"; -$fields_servers[3]['name']="ssl"; -$fields_servers[3]['columnheader']="SSL"; +$fields_servers[2]['size']="20"; +$fields_servers[3]['name']="port"; +$fields_servers[3]['columnheader']="Port"; $fields_servers[3]['colwidth']="5%"; -$fields_servers[3]['type']="checkbox"; -$fields_servers[3]['size']="30"; -$fields_servers[4]['name']="weight"; -$fields_servers[4]['columnheader']="Weight"; -$fields_servers[4]['colwidth']="8%"; -$fields_servers[4]['type']="textbox"; -$fields_servers[4]['size']="5"; -$fields_servers[5]['name']="status"; -$fields_servers[5]['columnheader']="Mode"; -$fields_servers[5]['colwidth']="5%"; -$fields_servers[5]['type']="select"; +$fields_servers[3]['type']="textbox"; +$fields_servers[3]['size']="5"; +$fields_servers[4]['name']="ssl"; +$fields_servers[4]['columnheader']="SSL"; +$fields_servers[4]['colwidth']="5%"; +$fields_servers[4]['type']="checkbox"; +$fields_servers[4]['size']="30"; +$fields_servers[5]['name']="weight"; +$fields_servers[5]['columnheader']="Weight"; +$fields_servers[5]['colwidth']="8%"; +$fields_servers[5]['type']="textbox"; $fields_servers[5]['size']="5"; -$fields_servers[5]['items']=&$a_servermodes; -$fields_servers[6]['name']="advanced"; -$fields_servers[6]['columnheader']="Advanced"; -$fields_servers[6]['colwidth']="15%"; +$fields_servers[6]['name']="cookie"; +$fields_servers[6]['columnheader']="Cookie"; +$fields_servers[6]['colwidth']="10%"; $fields_servers[6]['type']="textbox"; -$fields_servers[6]['size']="20"; +$fields_servers[6]['size']="10"; +$fields_servers[7]['name']="advanced"; +$fields_servers[7]['columnheader']="Advanced"; +$fields_servers[7]['colwidth']="15%"; +$fields_servers[7]['type']="textbox"; +$fields_servers[7]['size']="20"; if (isset($id) && $a_pools[$id]) { $pconfig['advanced'] = base64_decode($a_pools[$id]['advanced']); @@ -123,9 +131,14 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['stats_enabled']) { - $reqdfields = explode(" ", "name stats_username stats_password stats_uri stats_realm"); - $reqdfieldsn = explode(",", "Name,Stats Username,Stats Password,Stats Uri,Stats Realm"); + $reqdfields = explode(" ", "name stats_uri"); + $reqdfieldsn = explode(",", "Name,Stats Uri"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($_POST['stats_username']) { + $reqdfields = explode(" ", "stats_password stats_realm"); + $reqdfieldsn = explode(",", "Stats Password,Stats Realm"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + } } if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) @@ -151,6 +164,9 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9!-~ ]/", $_POST['stats_password'])) $input_errors[] = "The field 'Stats Password' contains invalid characters."; + if (preg_match("/[^a-zA-Z0-9\-_]/", $_POST['stats_node'])) + $input_errors[] = "The field 'Stats Node' contains invalid characters. Should be a string with digits(0-9), letters(A-Z, a-z), hyphen(-) or underscode(_)"; + /* Ensure that our pool names are unique */ for ($i=0; isset($config['installedpackages']['haproxy']['ha_pools']['item'][$i]); $i++) if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_pools']['item'][$i]['name']) && ($i != $id)) @@ -162,23 +178,25 @@ if ($_POST) { $server_address = $server['address']; $server_port = $server['port']; $server_weight = $server['weight']; + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name)) $input_errors[] = "The field 'Name' contains invalid characters."; - if (!is_ipaddr($server_address)) - $input_errors[] = "The field 'Address' is not a valid ip address."; + + if (!is_ipaddr($server_address) && !is_hostname($server_address)) + $input_errors[] = "The field 'Address' is not a valid ip address or hostname."; if (!preg_match("/.{2,}/", $server_name)) $input_errors[] = "The field 'Name' is required (and must be at least 2 characters)."; - if (!preg_match("/.{2,}/", $server_address)) - $input_errors[] = "The field 'Address' is required (and must be at least 2 characters)."; - - if (!is_numeric($server_weight)) + if ($server_weight && !is_numeric($server_weight)) $input_errors[] = "The field 'Weight' value is not a number."; if ($server_port && !is_numeric($server_port)) $input_errors[] = "The field 'Port' value is not a number."; } + + if ($_POST['strict_transport_security'] !== "" && !is_numeric($_POST['strict_transport_security'])) + $input_errors[] = "The field 'Strict-Transport-Security' is not empty or a number."; if (!$input_errors) { $pool = array(); @@ -203,12 +221,8 @@ if ($_POST) { $pool['ha_servers']['item']=$a_servers; - update_if_changed("name", $pool['name'], $_POST['name']); - update_if_changed("cookie", $pool['cookie'], $_POST['cookie']); update_if_changed("advanced", $pool['advanced'], base64_encode($_POST['advanced'])); update_if_changed("advanced_backend", $pool['advanced_backend'], base64_encode($_POST['advanced_backend'])); - update_if_changed("checkinter", $pool['checkinter'], $_POST['checkinter']); - update_if_changed("monitor_uri", $pool['monitor_uri'], $_POST['monitor_uri']); global $simplefields; foreach($simplefields as $stat) @@ -236,8 +250,8 @@ if ($_POST) { $pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item']; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $closehead = false; @@ -259,6 +273,10 @@ foreach($simplefields as $field){ .haproxy_transparent_clientip{display:none;} .haproxy_check_agent{display:none;} .haproxy_agent_check{display:none;} + .haproxy_stick_cookiename{display:none;} + .haproxy_stick_tableused{display:none;} + .haproxy_cookie_visible{display:none;} + .haproxy_help_serverlist{display:none;} </style> </head> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -286,15 +304,35 @@ foreach($simplefields as $field){ } } } + function toggleCSSdisplay(cssID) + { + var ss = document.styleSheets; + for (var i=0; i<ss.length; i++) { + var rules = ss[i].cssRules || ss[i].rules; + for (var j=0; j<rules.length; j++) { + if (rules[j].selectorText === cssID) { + rules[j].style.display = rules[j].style.display == "none" ? "" : "none"; + } + } + } + } function updatevisibility() { d = document; setCSSdisplay(".haproxy_stats_visible", stats_enabled.checked); + setCSSdisplay(".haproxy_cookie_visible", persist_cookie_enabled.checked); check_type = d.getElementById("check_type").value; check_type_description = d.getElementById("check_type_description"); check_type_description.innerHTML=checktypes[check_type]["descr"]; + + persist_cookie_mode = d.getElementById("persist_cookie_mode").value; + persist_cookie_mode_description = d.getElementById("persist_cookie_mode_description"); + persist_cookie_mode_description.innerHTML=cookiemode[persist_cookie_mode]["descr"]; + persist_cookie_mode_description.setAttribute('style','padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt; height:30px'); + persist_cookie_mode_description.setAttribute('style','padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt; height:'+persist_cookie_mode_description.scrollHeight+'px'); + setCSSdisplay(".haproxy_check_enabled", check_type != 'none'); setCSSdisplay(".haproxy_check_http", check_type == 'HTTP'); setCSSdisplay(".haproxy_check_username", check_type == 'MySQL' || check_type == 'PostgreSQL'); @@ -306,6 +344,16 @@ foreach($simplefields as $field){ transparent_clientip = d.getElementById("transparent_clientip"); setCSSdisplay(".haproxy_transparent_clientip", transparent_clientip.checked); + + persist_sticky_type = d.getElementById("persist_sticky_type").value; + setCSSdisplay(".haproxy_stick_tableused", persist_sticky_type != 'none'); + setCSSdisplay(".haproxy_stick_cookiename", persist_sticky_type == 'stick_rdp_cookie' || persist_sticky_type == 'stick_cookie_value'); + + cookie_example = sticky_type[persist_sticky_type]['cookiedescr']; + stick_cookiename_description = d.getElementById("stick_cookiename_description"); + stick_cookiename_description.innerHTML = cookie_example; + sticky_type_description.innerHTML = sticky_type[persist_sticky_type]['descr']; + monitor_username = d.getElementById("monitor_username"); sqlcheckusername = d.getElementById("sqlcheckusername"); if(!browser_InnerText_support){ @@ -325,12 +373,7 @@ foreach($simplefields as $field){ <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php - /* active tabs */ - $tab_array = array(); - $tab_array[] = array("Settings", false, "haproxy_global.php"); - $tab_array[] = array("Frontend", false, "haproxy_listeners.php"); - $tab_array[] = array("Backend", true, "haproxy_pools.php"); - display_top_tabs($tab_array); + haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "backend"); ?> </td></tr> <tr> @@ -347,25 +390,37 @@ foreach($simplefields as $field){ </td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncell">Cookie</td> - <td width="78%" class="vtable" colspan="2"> - <input name="cookie" type="text" <?if(isset($pconfig['cookie'])) echo "value=\"{$pconfig['cookie']}\"";?>size="64" /><br/> - This value will be checked in incoming requests, and the first - operational pool possessing the same value will be selected. In return, in - cookie insertion or rewrite modes, this value will be assigned to the cookie - sent to the client. There is nothing wrong in having several servers sharing - the same cookie value, and it is in fact somewhat common between normal and - backup servers. See also the "cookie" keyword in backend section. - - </td> - </tr> - <tr align="left"> <td class="vncell" colspan="3"><strong>Server list</strong> + <span style="float:right;"> + Toggle serverlist help. <a onclick="toggleCSSdisplay('.haproxy_help_serverlist');" title="<?php echo gettext("Help"); ?>"><img style="vertical-align:middle" src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_help.gif" border="0" alt="help" /></a> + </span> <? $counter=0; $a_servers = $pconfig['a_servers']; haproxy_htmllist("tableA_servers", $a_servers, $fields_servers); ?> + <table class="haproxy_help_serverlist" style="border:1px dashed green" cellspacing="0"> + <tr><td class="vncell"> + Mode: </td><td class="vncell">Active: server will be used normally<br/> + Backup: server is only used in load balancing when all other non-backup servers are unavailable<br/> + Disabled: server is marked down in maintenance mode<br/> + Inactive: server will not be available for use + </td></tr><tr><td class="vncell"> + Name: </td><td class="vncell">Used to as a name for the server in for example the stats<br/>EXAMPLE: MyWebServer + </td></tr><tr><td class="vncell"> + Address: </td><td class="vncell">IP or hostname(only resolved on start-up.)<br/>EXAMPLE: 192.168.1.22 , fe80::1000:2000:3000:4000%em0 , WebServer1.localdomain + </td></tr><tr><td class="vncell"> + Port: </td><td class="vncell">The port of the backend.<br/>EXAMPLE: 80 or 443<br/> + </td></tr><tr><td class="vncell"> + SSL: </td><td class="vncell">Is the backend using SSL (commonly with port 443)<br/> + </td></tr><tr><td class="vncell"> + Weight: </td><td class="vncell">A weight between 0 and 256, this setting can be used when multiple servers on different hardware need to be balanced with with a different part the traffic. A server with weight 0 wont get new traffic. Default if empty: 1 + </td></tr><tr><td class="vncell"> + Cookie: </td><td class="vncell">the value of the cookie used to identify a server (only when cookie-persistence is enabled below) + </td></tr><tr><td class="vncell"> + Advanced: </td><td class="vncell">More advanced settings like rise,fall,error-limit,send-proxy and others can be configured here.<br/>For a full list of options see the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2">HAProxy manual: Server and default-server options</a> + </td></tr> + </table> </td> </tr> <tr align="left"> @@ -437,6 +492,7 @@ foreach($simplefields as $field){ <tr align="left"> <td width="22%" valign="top" class="vncell">Transparent ClientIP</td> <td width="78%" class="vtable" colspan="2"> + WARNING Activating this option will load rules in IPFW and might interfere with CaptivePortal and possibly other services due to the way server return traffic must be 'captured' with a automatically created fwd rule. This also breaks directly accessing the (web)server on the ports configured above. Also a automatic sloppy pf rule is made to allow HAProxy to server traffic.<br/> <input id="transparent_clientip" name="transparent_clientip" type="checkbox" value="yes" <?php if ($pconfig['transparent_clientip']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> Use Client-IP to connect to backend servers. <div class="haproxy_transparent_clientip"> @@ -457,13 +513,13 @@ foreach($simplefields as $field){ For proper workings this requires the reply's traffic to pass through pfSense by means of correct routing. (uses the option "source 0.0.0.0 usesrc clientip") <br/><br/> - Note : When this is enabled for a single backend HAProxy will run as 'root', which reduces security. + Note : When this is enabled for a single backend HAProxy will run as 'root' instead of chrooting to a lower privileged user, this reduces security in case of a a bit. </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell">Per server pass thru</td> <td width="78%" class="vtable" colspan="2"> - <input type="text" name='advanced' id='advanced' value='<?php echo $pconfig['advanced']; ?>' size="64" /> + <input type="text" name='advanced' id='advanced' value='<?php echo htmlspecialchars($pconfig['advanced']); ?>' size="64" /> <br/> NOTE: paste text into this box that you would like to pass thru. Applied to each 'server' line. </td> @@ -472,7 +528,8 @@ foreach($simplefields as $field){ <tr align="left"> <td width="22%" valign="top" class="vncell">Backend pass thru</td> <td width="78%" class="vtable" colspan="2"> - <textarea rows="4" cols="70" name='advanced_backend' id='advanced_backend'><?php echo $pconfig['advanced_backend']; ?></textarea> + <? $textrowcount = max(substr_count($pconfig['advanced_backend'],"\n"), 2) + 2; ?> + <textarea rows="<?=$textrowcount;?>" cols="70" name='advanced_backend' id='advanced_backend'><?php echo htmlspecialchars($pconfig['advanced_backend']); ?></textarea> <br/> NOTE: paste text into this box that you would like to pass thru. Applied to the backend section. </td> @@ -608,71 +665,167 @@ set by the 'retries' parameter.</div> </tr> <tr><td> </td></tr> <tr> - <td colspan="2" valign="top" class="listtopic">Statistics</td> + <td colspan="2" valign="top" class="listtopic">Cookie persistence</td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncell">Stats Enabled</td> + <td width="22%" valign="top" class="vncell">Cookie Enabled</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + <input id="persist_cookie_enabled" name="persist_cookie_enabled" type="checkbox" value="yes" <?php if ($pconfig['persist_cookie_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + Enables cookie based persistence. (only used on 'http' frontends) </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_realm_row'> - <td width="22%" valign="top" class="vncellreq">Stats Realm</td> + <tr class="haproxy_cookie_visible" align="left"> + <td width="22%" valign="top" class="vncellreq">Server Cookies</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_realm" name="stats_realm" type="text" <?if(isset($pconfig['stats_realm'])) echo "value=\"{$pconfig['stats_realm']}\"";?> size="64" /><br/> - EXAMPLE: haproxystats + <b>Make sure to configure a different cookie on every server in this backend.<b/> + </td> + </tr> + <tr class="haproxy_cookie_visible" align="left"> + <td width="22%" valign="top" class="vncellreq">Cookie Name</td> + <td width="78%" class="vtable" colspan="2"> + <input id="persist_cookie_name" name="persist_cookie_name" type="text" <?if(isset($pconfig['persist_cookie_name'])) echo "value=\"{$pconfig['persist_cookie_name']}\"";?> size="64" /><br/> + The string name to track in Set-Cookie and Cookie HTTP headers.<br/> + EXAMPLE: MyLoadBalanceCookie JSESSIONID PHPSESSIONID ASP.NET_SessionId + </td> + </tr> + <tr class="haproxy_cookie_visible" align="left"> + <td width="22%" valign="top" class="vncellreq">Cookie Mode</td> + <td width="78%" class="vtable" colspan="2"> + <? + echo_html_select("persist_cookie_mode",$a_cookiemode,$pconfig['persist_cookie_mode'],"","updatevisibility();"); + ?> + Determines how HAProxy inserts/prefixes/replaces or examines cookie and set-cookie headers.<br/> + EXAMPLE: with an existing PHPSESSIONID you can for example use "Session-prefix" or to create a new cookie use "Insert-silent".<br/> + <br/> + <textarea readonly="yes" cols="60" rows="2" id="persist_cookie_mode_description" name="persist_cookie_mode_description" style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea> + </td> + </tr> + <tr class="haproxy_cookie_visible" align="left"> + <td width="22%" valign="top" class="vncell">Cookie Cachable</td> + <td width="78%" class="vtable" colspan="2"> + <input id="persist_cookie_cachable" name="persist_cookie_cachable" type="checkbox" value="yes" <?php if ($pconfig['persist_cookie_cachable']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + Allows shared caches to cache the server response. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Stick-table persistence</td> + </tr> + <tr><td class="vncell"></td><td class="vncell">These options are used to make sure seperate requests from a single client go to the same backend. This can be required for servers that keep track of for example a shopping cart.</td></tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Stick tables</td> + <td width="78%" class="vtable" colspan="2"> + <? + echo_html_select("persist_sticky_type",$a_sticky_type,$pconfig['persist_sticky_type'],"","updatevisibility();"); + ?> + Sticktables that are kept in memory, and when matched make sure the same server will be used.<br/> + <textarea readonly="yes" cols="60" rows="2" id="sticky_type_description" name="sticky_type_description" style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea> + </td> + </tr> + <tr align="left" class="haproxy_stick_cookiename"> + <td width="22%" valign="top" class="vncellreq">Stick cookie name</td> + <td width="78%" class="vtable" colspan="2"> + <input name="persist_stick_cookiename" type="text" <?if(isset($pconfig['persist_stick_cookiename'])) echo "value=\"{$pconfig['persist_stick_cookiename']}\"";?> size="20" /> + Cookiename to use for sticktable<br/> + <span id="stick_cookiename_description"></span> + </td> + </tr> + <tr align="left" class="haproxy_stick_cookiename"> + <td width="22%" valign="top" class="vncellreq">Stick cookie length</td> + <td width="78%" class="vtable" colspan="2"> + <input name="persist_stick_length" type="text" <?if(isset($pconfig['persist_stick_length'])) echo "value=\"{$pconfig['persist_stick_length']}\"";?> size="20" /> + The maximum number of characters that will be stored in a "string" type stick-table<br/> + <span id="stick_cookiename_description"></span> + </td> + </tr> + <tr align="left" class="haproxy_stick_tableused"> + <td width="22%" valign="top" class="vncellreq">stick-table expire</td> + <td width="78%" class="vtable" colspan="2"> + <input name="persist_stick_expire" type="text" <?if(isset($pconfig['persist_stick_expire'])) echo "value=\"{$pconfig['persist_stick_expire']}\"";?> size="20" /> d=days h=hour m=minute s=seconds ms=miliseconds(default)<br/> + Defines the maximum duration of an entry in the stick-table since it was last created, refreshed or matched.<br/> + EXAMPLE: 30m + </td> + </tr> + <tr align="left" class="haproxy_stick_tableused"> + <td width="22%" valign="top" class="vncellreq">stick-table size</td> + <td width="78%" class="vtable" colspan="2"> + <input name="persist_stick_tablesize" type="text" <?if(isset($pconfig['persist_stick_tablesize'])) echo "value=\"{$pconfig['persist_stick_tablesize']}\"";?> size="20" /> maximum number of entries supports suffixes "k", "m", "g" for 2^10, 2^20 and 2^30 factors.<br/> + Is the maximum number of entries that can fit in the table. This value directly impacts memory usage. Count approximately + 50 bytes per entry, plus the size of a string if any.<br/> + EXAMPLE: 50k + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Statistics</td> + </tr> + <tr align="left"> + <td width="22%" valign="top" class="vncell">Stats Enabled</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> </td> </tr> <tr class="haproxy_stats_visible" align="left" id='stats_uri_row'> <td width="22%" valign="top" class="vncellreq">Stats Uri</td> <td width="78%" class="vtable" colspan="2"> <input id="stats_uri" name="stats_uri" type="text" <?if(isset($pconfig['stats_uri'])) echo "value=\"{$pconfig['stats_uri']}\"";?> size="64" /><br/> - EXAMPLE: /haproxy?stats + This url can be used when this same backend is used for passing connections to backends<br/> + EXAMPLE: / or /haproxy?stats + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_scope_row'> + <td width="22%" valign="top" class="vncell">Stats Scope</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_scope" name="stats_scope" type="text" <?if(isset($pconfig['stats_scope'])) echo "value=\"{$pconfig['stats_scope']}\"";?> size="64" /><br/> + Determines which frontends and backends are shown, leave empty to show all.<br/> + EXAMPLE: frontendA,backend1,backend2 + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_realm_row'> + <td width="22%" valign="top" class="vncell">Stats Realm</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_realm" name="stats_realm" type="text" <?if(isset($pconfig['stats_realm'])) echo "value=\"{$pconfig['stats_realm']}\"";?> size="64" /><br/> + The realm is shown when authentication is requested by haproxy.<br/> + EXAMPLE: haproxystats </td> </tr> <tr class="haproxy_stats_visible" align="left" id='stats_username_row'> - <td width="22%" valign="top" class="vncellreq">Stats Username</td> + <td width="22%" valign="top" class="vncell">Stats Username</td> <td width="78%" class="vtable" colspan="2"> <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"".$pconfig['stats_username']."\"";?> size="64" /> + EXAMPLE: admin </td> </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_password_row'> - <td width="22%" valign="top" class="vncellreq">Stats Password</td> + <td width="22%" valign="top" class="vncell">Stats Password</td> <td width="78%" class="vtable" colspan="2"> <input id="stats_password" name="stats_password" type="password" <? if(isset($pconfig['stats_password'])) echo "value=\"".$pconfig['stats_password']."\""; ?> size="64" /> - <br/> + EXAMPLE: 1Your2Secret3P@ssword </td> </tr> <tr class="haproxy_stats_visible" align="left" id='stats_node_admin_row'> <td width="22%" valign="top" class="vncell">Stats Admin</td> <td width="78%" class="vtable" colspan="2"> <input id="stats_admin" name="stats_admin" type="checkbox" value="yes" <?php if ($pconfig['stats_admin']=='yes') echo "checked"; ?> /> - <br/> - </td> - </tr> - <tr class="haproxy_stats_visible" align="left" id='stats_node_enabled_row'> - <td width="22%" valign="top" class="vncell">Stats Enable Node Name</td> - <td width="78%" class="vtable" colspan="2"> - <input id="stats_node_enabled" name="stats_node_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_node_enabled']=='yes') echo "checked"; ?> /> - <br/> + Makes available the options disable/enable/softstop/softstart/killsessions from the stats page.<br/> + Note: This is not persisted when haproxy restarts. For publicly visible stats pages this should be disabled. </td> </tr> <tr class="haproxy_stats_visible" align="left" id='stats_node_row'> - <td width="22%" valign="top" class="vncell">Stats Node</td> + <td width="22%" valign="top" class="vncell">Stats Nodename</td> <td width="78%" class="vtable" colspan="2"> <input id="stats_node" name="stats_node" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_node']}\"";?> size="64" /><br/> - The node name is displayed in the stats and helps to differentiate which server in a cluster is actually serving clients.<br/> - Leave blank to use the system name. + The short name is displayed in the stats and helps to differentiate which server in a cluster is actually serving clients. </td> </tr> <tr class="haproxy_stats_visible" align="left" id='stats_desc_row'> <td width="22%" valign="top" class="vncell">Stats Description</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_desc" name="stats_desc" type="text" <?if(isset($pconfig['stats_node'])) echo "value=\"{$pconfig['stats_desc']}\"";?> size="64" /><br/> + <input id="stats_desc" name="stats_desc" type="text" <?if(isset($pconfig['stats_desc'])) echo "value=\"{$pconfig['stats_desc']}\"";?> size="64" /><br/><br/> + The description is displayed behind the Nodename set above. </td> </tr> <tr class="haproxy_stats_visible" align="left" id='stats_refresh_row'> @@ -683,6 +836,21 @@ set by the 'retries' parameter.</div> </td> </tr> <tr><td> </td></tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Advanced</td> + </tr> + <tr class="" align="left" id='Strict-Transport-Security'> + <td width="22%" valign="top" class="vncell">Strict-Transport-Security</td> + <td width="78%" class="vtable" colspan="2"> + When configured enables "HTTP Strict Transport Security" leave empty to disable.<br/> + <b>WARNING! the domain will only work over https with a valid certificate!</b><br/> + <input id="strict_transport_security" name="strict_transport_security" type="text" <?if(isset($pconfig['strict_transport_security'])) echo "value=\"{$pconfig['strict_transport_security']}\"";?> size="20" /> Seconds<br/> + If configured clients that requested the page with this setting active will not be able to visit this domain over a unencrypted http connection. + So make sure you understand the consequence of this setting or start with a really low value.<br/> + EXAMPLE: 60 for testing if you are absolutely sure you want this 31536000 (12 months) would be good for production. + </td> + </tr> + <tr><td> </td></tr> <tr align="left"> <td width="22%" valign="top"> </td> <td width="78%"> @@ -702,6 +870,8 @@ set by the 'retries' parameter.</div> <? phparray_to_javascriptarray($fields_servers,"fields_servers",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); phparray_to_javascriptarray($a_checktypes,"checktypes",Array('/*','/*/name','/*/descr')); + phparray_to_javascriptarray($a_cookiemode,"cookiemode",Array('/*','/*/name','/*/descr')); + phparray_to_javascriptarray($a_sticky_type,"sticky_type",Array('/*','/*/descr','/*/cookiedescr')); ?> browser_InnerText_support = (document.getElementsByTagName("body")[0].innerText != undefined) ? true : false; diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php index 39009633..92235933 100644 --- a/config/haproxy-devel/haproxy_pools.php +++ b/config/haproxy-devel/haproxy_pools.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ /* haproxy_pools.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 PiBa-NL Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> @@ -32,6 +32,7 @@ $shortcut_section = "haproxy"; require_once("guiconfig.inc"); require_once("haproxy.inc"); +require_once("pkg_haproxy_tabs.inc"); if (!is_array($config['installedpackages']['haproxy']['ha_pools']['item'])) { @@ -64,8 +65,8 @@ if ($_GET['act'] == "del") { exit; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Backend server pools"; @@ -86,12 +87,7 @@ include("head.inc"); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php - /* active tabs */ - $tab_array = array(); - $tab_array[] = array("Settings", false, "haproxy_global.php"); - $tab_array[] = array("Frontend", false, "haproxy_listeners.php"); - $tab_array[] = array("Backend", true, "haproxy_pools.php"); - display_top_tabs($tab_array); + haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "backend"); ?> </td></tr> <tr> diff --git a/config/haproxy-devel/haproxy_socketinfo.inc b/config/haproxy-devel/haproxy_socketinfo.inc index eeaba8b6..6beb17c5 100644 --- a/config/haproxy-devel/haproxy_socketinfo.inc +++ b/config/haproxy-devel/haproxy_socketinfo.inc @@ -3,7 +3,7 @@ Copyright (C) 2013 PiBa-NL Copyright 2011 Thomas Schaefer - Tomschaefer.org Copyright 2011 Marcello Coutinho - Part of pfSense widgets (www.pfsense.com) + Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -57,15 +57,36 @@ function haproxy_set_server_enabled($backend, $server, $enable) {//"enable be/se return haproxy_socket_command("$enablecommand server $backend/$server"); } +function haproxy_get_tables(){// "show table" + $result = array(); + $cmdresult = haproxy_socket_command("show table"); + foreach($cmdresult as $line) { + if (trim($line) == "") + continue; + list($table,$type,$size,$used) = explode(",", $line); + $table = explode(":", $table); + $type = explode(":", $type); + $size = explode(":", $size); + $used = explode(":", $used); + $newtable = array(); + $tablename = trim($table[1]); + $newtable['type'] = trim($type[1]); + $newtable['size'] = $size[1]; + $newtable['used'] = $used[1]; + $result[$tablename] = $newtable; + } + return $result; +} + function haproxy_get_statistics(){// "show stat" $result = array(); $frontends=array(); $backends=array(); $servers=array(); - $result = haproxy_socket_command("show stat"); + $cmdresult = haproxy_socket_command("show stat"); - foreach($result as $line) { + foreach($cmdresult as $line) { list($pxname,$svname,$qcur,$qmax,$scur,$smax,$slim,$stot,$bin,$bout,$dreq,$dresp,$ereq,$econ,$eresp,$wretr,$wredis,$status,$weight,$act,$bck,$chkfail,$chkdown,$lastchg,$downtime,$qlimit,$pid,$iid,$sid,$throttle,$lbtot,$tracked,$type,$rate,$rate_lim,$rate_max,$check_status,$check_code,$check_duration,$hrsp_1xx,$hrsp_2xx,$hrsp_3xx,$hrsp_4xx,$hrsp_5xx,$hrsp_other,$hanafail,$req_rate,$req_rate_max,$req_tot,$cli_abrt,$srv_abrt,$comp_in,$comp_out,$comp_byp,$comp_rsp) = explode(",", $line); #Retrieve data switch ($svname) { diff --git a/config/haproxy-devel/haproxy_stats.php b/config/haproxy-devel/haproxy_stats.php new file mode 100644 index 00000000..10dd136a --- /dev/null +++ b/config/haproxy-devel/haproxy_stats.php @@ -0,0 +1,257 @@ +<?php +/* + haproxy_stats.php + part of pfSense (https://www.pfsense.org/) + Copyright (C) 2013 PiBa-NL + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("authgui.inc"); +require_once("config.inc"); +require_once("haproxy_socketinfo.inc"); + +$pconfig = $config['installedpackages']['haproxy']; +if (isset($_GET['haproxystats']) || isset($_GET['scope']) || (isset($_POST) && isset($_POST['action']))){ + $fail = false; + try{ + $request = ""; + if (is_array($_GET)){ + foreach($_GET as $key => $arg) + $request .= ";$key=$arg"; + } + $options = array( + 'http'=>array( + 'method'=>"POST", + 'header'=>"Accept-language: en\r\n". + "Content-type: application/x-www-form-urlencoded\r\n", + 'content'=>http_build_query($_POST) + )); + $context = stream_context_create($options); + $response = file_get_contents("http://127.0.0.1:{$pconfig['localstatsport']}/haproxy_stats.php?haproxystats=1".$request, false, $context); + if (is_array($http_response_header)){ + foreach($http_response_header as $header){ + if (strpos($header,"Refresh: ") == 0) + header($header); + } + } + $fail = $response === false; + } catch (Exception $e) { + $fail = true; + } + if ($fail) + $response = "<br/><br/>Make sure HAProxy settings are applied and HAProxy is enabled and running"; + echo $response; + exit(0); +} +require_once("guiconfig.inc"); +if (isset($_GET['showsticktablecontent'])){ + if (is_numeric($pconfig['localstats_sticktable_refreshtime'])) + header("Refresh: {$pconfig['localstats_sticktable_refreshtime']}"); +} +$shortcut_section = "haproxy"; +require_once("haproxy.inc"); +require_once("certs.inc"); +require_once("haproxy_utils.inc"); +require_once("pkg_haproxy_tabs.inc"); + +if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { + $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); +} +$a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; + +function haproxy_add_stats_example() { + global $config, $d_haproxyconfdirty_path; + $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; + $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $webcert = haproxy_find_create_certificate("HAProxy stats default"); + + $backend = array(); + $backend["name"] = "HAProxy_stats_ssl_backend"; + $backend["stats_enabled"] = "yes"; + $backend["stats_uri"] = "/"; + $backend["stats_refresh"] = "10"; + $a_backends[] = $backend; + $changecount++; + + $frontend = array(); + $frontend["name"] = "HAProxy_stats_ssl_frontend"; + $frontend["status"] = "active"; + $frontend["type"] = "http"; + $frontend["port"] = "444"; + $frontend["extaddr"] = "lan_ipv4"; + $frontend["ssloffload"] = "yes"; + $frontend["ssloffloadcert"] = $webcert['refid']; + $frontend["backend_serverpool"] = $backend["name"]; + $a_frontends[] = $frontend; + $changecount++; + $changedesc = "add new HAProxy stats example"; + + if ($changecount > 0) { + echo "touching: $d_haproxyconfdirty_path"; + touch($d_haproxyconfdirty_path); + write_config($changedesc); + } +} + +if (isset($_GET['add_stats_example'])) { + haproxy_add_stats_example(); + write_config(); + touch($d_haproxyconfdirty_path); + header("Location: haproxy_listeners.php"); + exit; +} + +if ($_POST) { + if ($_POST['apply']) { + $result = haproxy_check_and_run($savemsg, true); + if ($result) + unlink_if_exists($d_haproxyconfdirty_path); + } +} + +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) + $one_two = true; + +$pgtitle = "Services: HAProxy: Stats"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="haproxy_stats.php" method="post"> +<?php if($one_two): ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php endif; ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_haproxyconfdirty_path)): ?> +<?php print_info_box_np("The haproxy configuration has been changed.<br/>You must apply the changes in order for them to take effect.");?><br/> +<?php endif; ?> +</form> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> + <?php + haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "stats"); + ?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" height="100%" cellspacing="0"> + <tr> + <? +if (isset($_GET['showsticktablecontent'])){ + $sticktablename = $_GET['showsticktablecontent']; +echo "<td colspan='2'>"; + echo "Contents of the sticktable: $sticktablename<br/>"; + $res = haproxy_socket_command("show table $sticktablename"); + foreach($res as $line){ + echo "<br/>".print_r($line,true); + } +echo "</td>"; +} else { +?> + <td colspan="2"> + This page contains a 'stats' page available from haproxy accessible through the pfSense gui.<br/> + <br/> + As the page is forwarded through the pfSense gui, this might cause some functionality to not work.<br/> + Though the normal haproxy stats page can be tweaked more, and doesn't use a user/pass from pfSense itself.<br/> + Some examples are configurable automatic page refresh,<br/> + only showing certain servers, not providing admin options, and can be accessed from wherever the associated frontend is accessible.(as long as rules permit access)<br/> + To use this or for simply an example how to use SSL-offloading configure stats on either a real backend while utilizing the 'stats uri'. + Or create a backend specifically for serving stats, for that you can start with the 'stats example' template below.<br/> + </td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Stats example template</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Example</td> + <td class="vtable"> + As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.<br/> + <a href="haproxy_stats.php?add_stats_example=1">TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl</a><br/> + <br/> + After applying the changes made by the template use this link to visit the stats page: <a target="_blank" href="https://<?=get_interface_ip("lan");?>:444">https://pfSense-LAN-ip:444/</a> + </td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">HAProxy stick-tables</td> + </tr> + <tr> + <td colspan="2" valign="top" class="vncell"> + These tables are used to store information for session persistence and can be used with ssl-session-id information, application-cookies, or other information that is used to persist a user to a server. + <table class="tabcont sortable" id="sortabletable" width="100%" cellspacing="0" cellpadding="6" border="0"> + <head> + <td class="listhdrr">Stick-table</td> + <td class="listhdrr">Type</td> + <td class="listhdrr">Size</td> + <td class="listhdrr">Used</td> + </head> + <? $tables = haproxy_get_tables(); + foreach($tables as $key => $table) { ?> + <tr> + <td class="listlr"><a href="/haproxy_stats.php?showsticktablecontent=<?=$key;?>"><?=$key;?></td> + <td class="listr"><?=$table['type'];?></td> + <td class="listr"><?=$table['size'];?></td> + <td class="listr"><?=$table['used'];?></td> + </tr> + <? } ?> + </table> + </td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">HAProxy stats</td> + </tr> + <tr> + <td colspan="2" valign="top" class="vncell"><a href="/haproxy_stats.php?haproxystats=1" target="_blank">Fullscreen stats page</a></td> + </tr> + <tr> + <td colspan="2" class="listlr"> + <? if (isset($pconfig['enable']) && $pconfig['localstatsport'] && is_numeric($pconfig['localstatsport'])){?> + <iframe id="frame_haproxy_stats" width="1000px" height="1500px" seamless=1 src="/haproxy_stats.php?haproxystats=1<?=$request;?>"></iframe> + <? } else { ?> + <br/> + In the "Settings" configure a internal stats port and enable haproxy for this to be functional.<br/> + <br/> + <? } ?> +<?}?> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/haproxy-devel/haproxy_utils.inc b/config/haproxy-devel/haproxy_utils.inc index 058efc98..03bd434f 100644 --- a/config/haproxy-devel/haproxy_utils.inc +++ b/config/haproxy-devel/haproxy_utils.inc @@ -1,7 +1,7 @@ <?php /* haproxy_utils.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 PiBa-NL All rights reserved. diff --git a/config/haproxy-devel/pkg_haproxy_tabs.inc b/config/haproxy-devel/pkg_haproxy_tabs.inc new file mode 100644 index 00000000..8cb280f8 --- /dev/null +++ b/config/haproxy-devel/pkg_haproxy_tabs.inc @@ -0,0 +1,25 @@ +<?php + +//require_once("guiconfig.inc"); DO NOT REQUIRE THIS! + +// DO NOT REQUIRE guiconfig.inc HERE! though it contains the function display_top_tabs needed below. +// however if included it will hang filter rule generation, and might cause pf to not load any rules. +// This happens when /usr/local/pkg/*.inc files are dynamically loaded during package generation from filter.inc with function discover_pkg_rules(x). + +global $haproxy_tab_array; + +$haproxy_tab_array['haproxy'] = array(); +$haproxy_tab_array['haproxy']['settings'] = Array(name => "Settings", url => "haproxy_global.php"); +$haproxy_tab_array['haproxy']['frontend'] = Array(name => "Frontend", url => "haproxy_listeners.php"); +$haproxy_tab_array['haproxy']['backend'] = Array(name => "Backend", url => "haproxy_pools.php"); +$haproxy_tab_array['haproxy']['stats'] = Array(name => "Stats", url => "haproxy_stats.php"); + +function haproxy_display_top_tabs_active($top_tabs, $activetab) { + $tab_array = array(); + foreach($top_tabs as $key => $tab_item){ + $tab_array[] = array($tab_item['name'], $key == $activetab, $tab_item['url']); + } + display_top_tabs($tab_array); +} + +?> diff --git a/config/haproxy-legacy/haproxy.inc b/config/haproxy-legacy/haproxy.inc index 47dc5474..9f4b4ba6 100644 --- a/config/haproxy-legacy/haproxy.inc +++ b/config/haproxy-legacy/haproxy.inc @@ -308,7 +308,7 @@ function haproxy_configure() { $freebsd_version = substr(trim(`uname -r`), 0, 1); if(!file_exists("/usr/bin/limits")) { - exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits"); + exec("fetch -q -o /usr/bin/limits https://files.pfsense.org/extras/{$freebsd_version}/limits"); exec("chmod a+rx /usr/bin/limits"); } diff --git a/config/haproxy-legacy/haproxy.xml b/config/haproxy-legacy/haproxy.xml index 5706f3c7..8892c77c 100644 --- a/config/haproxy-legacy/haproxy.xml +++ b/config/haproxy-legacy/haproxy.xml @@ -62,42 +62,42 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_frontends.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_frontends.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_frontends_edit.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_frontends_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_global.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_global.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_servers.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_servers.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_servers_edit.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_servers_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/haproxy-legacy/pkg_haproxy.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy-legacy/pkg_haproxy.inc</item> </additional_files_needed> <custom_delete_php_command> </custom_delete_php_command> @@ -110,7 +110,7 @@ included in package install $freebsdv=trim(`uname -r | cut -d'.' -f1`); conf_mount_rw(); - `fetch -q -o /usr/local/sbin/ http://www.pfsense.org/packages/config/haproxy-legacy/binaries{$freebsdv}/haproxy`; + `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/haproxy-legacy/binaries{$freebsdv}/haproxy`; exec("chmod a+rx /usr/local/sbin/haproxy"); */ haproxy_custom_php_install_command(); diff --git a/config/haproxy-legacy/haproxy_frontends.php b/config/haproxy-legacy/haproxy_frontends.php index e97fbc7b..1aef0b8f 100755 --- a/config/haproxy-legacy/haproxy_frontends.php +++ b/config/haproxy-legacy/haproxy_frontends.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ /* haproxy_baclkends.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -65,8 +65,8 @@ if ($_GET['act'] == "del") { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Frontend"; diff --git a/config/haproxy-legacy/haproxy_frontends_edit.php b/config/haproxy-legacy/haproxy_frontends_edit.php index 99391fe9..db1c71be 100755 --- a/config/haproxy-legacy/haproxy_frontends_edit.php +++ b/config/haproxy-legacy/haproxy_frontends_edit.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */ /* haproxy_frontends_edit.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 Marcello Coutinho Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> @@ -263,8 +263,8 @@ if ($_POST) { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "HAProxy: Frontend: Edit"; diff --git a/config/haproxy-legacy/haproxy_global.php b/config/haproxy-legacy/haproxy_global.php index f47ada8b..509fdfe2 100755 --- a/config/haproxy-legacy/haproxy_global.php +++ b/config/haproxy-legacy/haproxy_global.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool.php,v 1.5.2.6 2007/03/02 23:48:32 smos Exp $ */ /* haproxy_global.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 Marcello Coutinho Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> @@ -81,8 +81,8 @@ $pconfig['remotesyslog'] = $config['installedpackages']['haproxy']['remotesyslog $pconfig['advanced'] = base64_decode($config['installedpackages']['haproxy']['advanced']); $pconfig['nbproc'] = $config['installedpackages']['haproxy']['nbproc']; -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Settings"; diff --git a/config/haproxy-legacy/haproxy_servers.php b/config/haproxy-legacy/haproxy_servers.php index b8f58b73..e04ed74c 100755 --- a/config/haproxy-legacy/haproxy_servers.php +++ b/config/haproxy-legacy/haproxy_servers.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ /* haproxy_servers.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -66,8 +66,8 @@ if ($_GET['act'] == "del") { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Servers"; diff --git a/config/haproxy-legacy/haproxy_servers_edit.php b/config/haproxy-legacy/haproxy_servers_edit.php index 4a8072b3..86431992 100755 --- a/config/haproxy-legacy/haproxy_servers_edit.php +++ b/config/haproxy-legacy/haproxy_servers_edit.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */ /* haproxy_servers_edit.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2013 Marcello Coutinho Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> @@ -149,8 +149,8 @@ if ($_POST) { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "HAProxy: Server: Edit"; diff --git a/config/haproxy-stable/haproxy.inc b/config/haproxy-stable/haproxy.inc index eb45f21d..2b132a85 100644 --- a/config/haproxy-stable/haproxy.inc +++ b/config/haproxy-stable/haproxy.inc @@ -445,7 +445,7 @@ function haproxy_configure() { $freebsd_version = substr(trim(`uname -r`), 0, 1); if(!file_exists("/usr/bin/limits")) { - exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits"); + exec("fetch -q -o /usr/bin/limits https://files.pfsense.org/extras/{$freebsd_version}/limits"); exec("chmod a+rx /usr/bin/limits"); } diff --git a/config/haproxy-stable/haproxy.xml b/config/haproxy-stable/haproxy.xml index 50907cfe..a69b5df9 100644 --- a/config/haproxy-stable/haproxy.xml +++ b/config/haproxy-stable/haproxy.xml @@ -62,32 +62,32 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_listeners.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_listeners.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_listeners_edit.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_listeners_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_global.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_global.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_pools.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_pools.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_pool_edit.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_pool_edit.php</item> </additional_files_needed> <custom_delete_php_command> </custom_delete_php_command> @@ -98,7 +98,7 @@ <custom_php_install_command> $freebsdv=trim(`uname -r | cut -d'.' -f1`); conf_mount_rw(); - `fetch -q -o /usr/local/sbin/ http://files.pfsense.org/packages/7/haproxy-dev/haproxy`; + `fetch -q -o /usr/local/sbin/ https://files.pfsense.org/packages/7/haproxy-dev/haproxy`; exec("chmod a+rx /usr/local/sbin/haproxy"); haproxy_custom_php_install_command(); </custom_php_install_command> diff --git a/config/haproxy-stable/haproxy_global.php b/config/haproxy-stable/haproxy_global.php index 0e960611..c8b05d52 100755 --- a/config/haproxy-stable/haproxy_global.php +++ b/config/haproxy-stable/haproxy_global.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool.php,v 1.5.2.6 2007/03/02 23:48:32 smos Exp $ */ /* haproxy_global.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -107,8 +107,8 @@ if (!$pconfig['logfacility']) if (!$pconfig['loglevel']) $pconfig['loglevel'] = 'info'; -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Settings"; diff --git a/config/haproxy-stable/haproxy_listeners.php b/config/haproxy-stable/haproxy_listeners.php index ef67108b..8c6125f0 100755 --- a/config/haproxy-stable/haproxy_listeners.php +++ b/config/haproxy-stable/haproxy_listeners.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ /* haproxy_baclkends.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -65,8 +65,8 @@ if ($_GET['act'] == "del") { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Listener"; diff --git a/config/haproxy-stable/haproxy_listeners_edit.php b/config/haproxy-stable/haproxy_listeners_edit.php index 22be121b..e9c6187c 100755 --- a/config/haproxy-stable/haproxy_listeners_edit.php +++ b/config/haproxy-stable/haproxy_listeners_edit.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */ /* haproxy_listeners_edit.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -241,8 +241,8 @@ if ($_POST) { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "HAProxy: Listener: Edit"; diff --git a/config/haproxy-stable/haproxy_pool_edit.php b/config/haproxy-stable/haproxy_pool_edit.php index 6087e9d7..1e9958eb 100755 --- a/config/haproxy-stable/haproxy_pool_edit.php +++ b/config/haproxy-stable/haproxy_pool_edit.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */ /* haproxy_pool_edit.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -173,8 +173,8 @@ if ($_POST) { $pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item']; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "HAProxy: pool: Edit"; diff --git a/config/haproxy-stable/haproxy_pools.php b/config/haproxy-stable/haproxy_pools.php index 78a1fdff..0edc2ad8 100755 --- a/config/haproxy-stable/haproxy_pools.php +++ b/config/haproxy-stable/haproxy_pools.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ /* haproxy_pools.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -67,8 +67,8 @@ if ($_GET['act'] == "del") { exit; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Server pools"; diff --git a/config/haproxy/haproxy.inc b/config/haproxy/haproxy.inc index aa8d5a3e..5eb2160e 100644 --- a/config/haproxy/haproxy.inc +++ b/config/haproxy/haproxy.inc @@ -627,7 +627,7 @@ function haproxy_writeconf() { $freebsd_version = substr(trim(`uname -r`), 0, 1); if(!file_exists("/usr/bin/limits")) { - exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits"); + exec("fetch -q -o /usr/bin/limits https://files.pfsense.org/extras/{$freebsd_version}/limits"); exec("chmod a+rx /usr/bin/limits"); } } diff --git a/config/haproxy/haproxy.xml b/config/haproxy/haproxy.xml index 227d1b27..3be05802 100644 --- a/config/haproxy/haproxy.xml +++ b/config/haproxy/haproxy.xml @@ -62,32 +62,32 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy/haproxy.inc</item> + <item>https://packages.pfsense.org/packages/config/haproxy/haproxy.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy/haproxy_listeners.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_listeners.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy/haproxy_listeners_edit.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_listeners_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy/haproxy_global.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_global.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy/haproxy_pools.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_pools.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/haproxy/haproxy_pool_edit.php</item> + <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_pool_edit.php</item> </additional_files_needed> <custom_delete_php_command> </custom_delete_php_command> @@ -100,7 +100,7 @@ included in package install $freebsdv=trim(`uname -r | cut -d'.' -f1`); conf_mount_rw(); - `fetch -q -o /usr/local/sbin/ http://www.pfsense.org/packages/config/haproxy/binaries{$freebsdv}/haproxy`; + `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/haproxy/binaries{$freebsdv}/haproxy`; exec("chmod a+rx /usr/local/sbin/haproxy"); */ haproxy_custom_php_install_command(); diff --git a/config/haproxy/haproxy_global.php b/config/haproxy/haproxy_global.php index aa046544..16f5152d 100755 --- a/config/haproxy/haproxy_global.php +++ b/config/haproxy/haproxy_global.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool.php,v 1.5.2.6 2007/03/02 23:48:32 smos Exp $ */ /* haproxy_global.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -120,8 +120,8 @@ if (!$pconfig['logfacility']) if (!$pconfig['loglevel']) $pconfig['loglevel'] = 'info'; -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Settings"; diff --git a/config/haproxy/haproxy_listeners.php b/config/haproxy/haproxy_listeners.php index 1f6031c2..a5bc9a22 100755 --- a/config/haproxy/haproxy_listeners.php +++ b/config/haproxy/haproxy_listeners.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ /* haproxy_baclkends.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -65,8 +65,8 @@ if ($_GET['act'] == "del") { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Listener"; diff --git a/config/haproxy/haproxy_listeners_edit.php b/config/haproxy/haproxy_listeners_edit.php index 1695b5d5..2b71c7ea 100755 --- a/config/haproxy/haproxy_listeners_edit.php +++ b/config/haproxy/haproxy_listeners_edit.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */ /* haproxy_listeners_edit.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -241,8 +241,8 @@ if ($_POST) { } } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "HAProxy: Listener: Edit"; diff --git a/config/haproxy/haproxy_pool_edit.php b/config/haproxy/haproxy_pool_edit.php index 4560bea2..4da508f2 100755 --- a/config/haproxy/haproxy_pool_edit.php +++ b/config/haproxy/haproxy_pool_edit.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */ /* haproxy_pool_edit.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -171,8 +171,8 @@ if ($_POST) { $pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item']; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "HAProxy: pool: Edit"; diff --git a/config/haproxy/haproxy_pools.php b/config/haproxy/haproxy_pools.php index 52b7650d..a0bf75a2 100755 --- a/config/haproxy/haproxy_pools.php +++ b/config/haproxy/haproxy_pools.php @@ -2,7 +2,7 @@ /* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ /* haproxy_pools.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com> Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com> All rights reserved. @@ -67,8 +67,8 @@ if ($_GET['act'] == "del") { exit; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: HAProxy: Server pools"; diff --git a/config/havp/havp.xml b/config/havp/havp.xml index 6d991a81..1e50eb5e 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -18,22 +18,22 @@ <description>Antivirus HTTP proxy Service</description> </service> <additional_files_needed> - <item>http://www.pfsense.com/packages/config/havp/havp.inc</item> + <item>https://packages.pfsense.org/packages/config/havp/havp.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <!--additional_files_needed> - <item>http://www.pfsense.com/packages/config/havp/havp_fscan.xml</item> + <item>https://packages.pfsense.org/packages/config/havp/havp_fscan.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed--> <additional_files_needed> - <item>http://www.pfsense.com/packages/config/havp/havp_avset.xml</item> + <item>https://packages.pfsense.org/packages/config/havp/havp_avset.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.com/packages/config/havp/antivirus.php</item> + <item>https://packages.pfsense.org/packages/config/havp/antivirus.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/hula.xml b/config/hula.xml index 0270e8c5..fa3d7273 100644 --- a/config/hula.xml +++ b/config/hula.xml @@ -72,7 +72,7 @@ </menu> <additional_files_needed> - <item>http://www.pfsense.com/packages/All/hula.tgz</item> + <item>https://www.pfsense.org/packages/All/hula.tgz</item> </additional_files_needed> <!-- Do not save invokes a simple input menu and will not update diff --git a/config/igmpproxy/firewall_rules_edit.tmp b/config/igmpproxy/firewall_rules_edit.tmp index dfb40bc8..25b669af 100755 --- a/config/igmpproxy/firewall_rules_edit.tmp +++ b/config/igmpproxy/firewall_rules_edit.tmp @@ -2,7 +2,7 @@ /* $Id: firewall_rules_edit.php,v 1.86.2.34.2.5 2007/11/20 00:29:07 cmb Exp $ */ /* firewall_rules_edit.php - part of pfSense (http://www.pfsense.com) + part of pfSense (https://www.pfsense.org) Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com) originally part of m0n0wall (http://m0n0.ch/wall) diff --git a/config/igmpproxy/igmpproxy.xml b/config/igmpproxy/igmpproxy.xml index 5d6fee04..2b531039 100644 --- a/config/igmpproxy/igmpproxy.xml +++ b/config/igmpproxy/igmpproxy.xml @@ -54,27 +54,27 @@ <description>IGMP(multicast) proxy.</description> </service> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/igmpproxy/igmpproxy.inc</item> + <item>https://packages.pfsense.org/packages/config/igmpproxy/igmpproxy.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://files.pfsense.org/packages/igmpproxy</item> + <item>https://files.pfsense.org/packages/igmpproxy</item> <prefix>/usr/local/sbin/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/igmpproxy/firewall_rules_edit.tmp</item> + <item>https://packages.pfsense.org/packages/config/igmpproxy/firewall_rules_edit.tmp</item> <prefix>/tmp/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/igmpproxy/filter.tmp</item> + <item>https://packages.pfsense.org/packages/config/igmpproxy/filter.tmp</item> <prefix>/tmp/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/igmpproxy/igmpproxy.tbz</item> + <item>https://packages.pfsense.org/packages/config/igmpproxy/igmpproxy.tbz</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/imspector-dev/imspector.inc b/config/imspector-dev/imspector.inc deleted file mode 100644 index 52c7ae1b..00000000 --- a/config/imspector-dev/imspector.inc +++ /dev/null @@ -1,546 +0,0 @@ -<?php -/* - imspector.inc - part of pfSense (http://www.pfsense.com/) - Copyright (C) 2012 Marcello Coutinho. - Copyright (C) 2011 Scott Ullrich <sullrich@gmail.com>. - Copyright (C) 2011 Bill Marquette <billm@gmail.com>. - Copyright (C) 2007 Ryan Wagoner <rswagoner@gmail.com>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - - require_once("config.inc"); - require_once("functions.inc"); - require_once("service-utils.inc"); - - /* IMSpector */ - - define('IMSPECTOR_RCFILE', '/usr/local/etc/rc.d/imspector.sh'); - define('IMSPECTOR_ETC', '/usr/local/etc/imspector'); - define('IMSPECTOR_CONFIG', IMSPECTOR_ETC . '/imspector.conf'); - - function imspector_warn ($msg) { syslog(LOG_WARNING, "imspector: {$msg}"); } - - function ims_text_area_decode($text){ - return preg_replace('/\r\n/', "\n",base64_decode($text)); - } - - function imspector_action ($action) { - if (file_exists(IMSPECTOR_RCFILE)) - mwexec(IMSPECTOR_RCFILE.' '.$action); - } - - function write_imspector_config($file, $text) { - $conf = fopen($file, 'w'); - if(!$conf) { - imspector_warn("Could not open {$file} for writing."); - exit; - } - fwrite($conf, $text); - fclose($conf); - } - - function imspector_pf_rdr($iface, $port) { - return "rdr pass on {$iface} inet proto tcp from any to any port = {$port} -> 127.0.0.1 port 16667\n"; - } - - function imspector_pf_rule($iface, $port) { - return "pass in quick on {$iface} inet proto tcp from any to any port {$port} keep state\n"; - } - - function imspector_proto_to_port ($proto) - { - switch ($proto) { - case 'gadu-gadu': - return 8074; - case 'jabber': - return 5222; - case 'jabber-ssl': - return 5223; - case 'msn': - return 1863; - case 'icq': - return 5190; - case 'yahoo': - return 5050; - case 'irc': - return 6667; - default: - return null; - } - } - - function validate_form_imspector($post, $input_errors) { - if($post['iface_array']) - foreach($post['iface_array'] as $iface) - if($iface == 'wanx') - $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; - } - - function deinstall_package_imspector() { - imspector_action('stop'); - - unlink_if_exists(IMSPECTOR_RCFILE); - unlink_if_exists(IMSPECTOR_CONFIG); - unlink_if_exists(IMSPECTOR_ETC . '/badwords_custom.txt'); - unlink_if_exists(IMSPECTOR_ETC . '/acl_blacklist.txt'); - unlink_if_exists(IMSPECTOR_ETC . '/acl_whitelist.txt'); - unlink_if_exists('/usr/local/www/imspector_logs.php'); - - //exec('pkg_delete imspector-0.4'); - } - - function imspector_generate_rules($type) { - - $rules = ""; - switch ($type) { - case 'rdr': - case 'nat': - $rules = "# IMSpector rdr anchor\n"; - $rules .= "rdr-anchor \"imspector\"\n"; - break; - case 'rule': - $rules = "# IMSpector \n"; - $rules .= "anchor \"imspector\"\n"; - break; - } - - return $rules; - } - - function sync_package_imspector() { - global $config; - global $input_errors; - - /*detect boot process*/ - if (is_array($_POST)){ - if (preg_match("/\w+/",$_POST['__csrf_magic'])) - unset($boot_process); - else - $boot_process="on"; - } - - if (is_process_running('imspector') && isset($boot_process)) - return; - - /* check default options and sample files*/ - $load_samples=0; - - #bannedphraselist - if (!is_array($config['installedpackages']['imspectoracls'])){ - $config['installedpackages']['imspectoracls']['config'][]=array('enable'=> 'on', - 'description' => 'allow access to all ids', - 'action' => 'allow', - 'localid' => 'all', - 'remoteid' => base64_encode('all')); - $load_samples++; - } - $ims_acls = $config['installedpackages']['imspectoracls']['config']; - - if (is_array($config['installedpackages']['imspectorreplacements'])){ - if ($config['installedpackages']['imspectorreplacements']['config'][0]['badwords_list'] == "" && file_exists(IMSPECTOR_ETC . '/badwords.txt')){ - $config['installedpackages']['imspectorreplacements']['config'][0]['badwords_list'] = base64_encode(file_get_contents(IMSPECTOR_ETC . '/badwords.txt')); - $load_samples++; - } - $ims_replacements = $config['installedpackages']['imspectorreplacements']['config'][0]; - } - - if (is_array($config['installedpackages']['imspector'])) - $ims_config = $config['installedpackages']['imspector']['config'][0]; - - if($load_samples > 0) - write_config(); - - /*continue sync process*/ - log_error("Imspector: Saving changes."); - config_lock(); - - /* remove existing rules */ - exec('/sbin/pfctl -a imspector -Fr > /dev/null'); - exec('/sbin/pfctl -a imspector -Fn > /dev/null'); - - $ifaces_active = ''; - - if($ims_config['enable'] && $ims_config['proto_array']) - $proto_array = explode(',', $ims_config['proto_array']); - - if($ims_config['enable'] && $ims_config['iface_array']) - $iface_array = explode(',', $ims_config['iface_array']); - - if($iface_array && $proto_array) { - foreach($iface_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - /* above function returns iface if fail */ - if($if!=$iface) { - $addr = find_interface_ip($if); - /* non enabled interfaces are displayed in list on imspector settings page */ - /* check that the interface has an ip address before adding parameters */ - if($addr) { - foreach($proto_array as $proto) { - if(imspector_proto_to_port($proto)) { - /* we can use rdr pass to auto create the filter rule */ - $pf_rules .= imspector_pf_rdr($if,imspector_proto_to_port($proto)); - } - } - if(!$ifaces_active) - $ifaces_active = "{$iface}"; - else - $ifaces_active .= ", {$iface}"; - } else { - imspector_warn("Interface {$iface} has no ip address, ignoring"); - } - } else { - imspector_warn("Could not resolve real interface for {$iface}"); - } - } - - - /*reload rules*/ - if($pf_rules) { - log_error("Imspector: Reloading rules."); - exec("echo \"{$pf_rules}\" | /sbin/pfctl -a imspector -f -"); - - conf_mount_rw(); - - /* generate configuration files */ - - $conf['plugin_dir'] = '/usr/local/lib/imspector'; - - foreach($proto_array as $proto) - $conf[$proto . '_protocol'] = 'on'; - - if($ims_config['log_file']) { - @mkdir('/var/imspector'); - $conf['file_logging_dir'] = '/var/imspector'; - } - - if($ims_config['log_mysql']) { - $conf['mysql_server'] = $ims_config['mysql_server']; - $conf['mysql_database'] = $ims_config['mysql_database']; - $conf['mysql_username'] = $ims_config['mysql_username']; - $conf['mysql_password'] = $ims_config['mysql_password']; - } - - if($ims_replacements['filter_badwords']) { - write_imspector_config(IMSPECTOR_ETC . '/badwords_custom.txt', ims_text_area_decode($ims_replacements["badwords_list"])); - $conf['badwords_filename'] = IMSPECTOR_ETC . '/badwords_custom.txt'; - } - - if($ims_replacements['block_files']) - $conf['block_files'] = 'on'; - - if($ims_replacements['block_webcams']) - $conf['block_webcams'] = 'on'; - - $acls=""; - $conf['acl_filename'] = IMSPECTOR_ETC . '/acls.txt'; - foreach ($ims_acls as $rule){ - if ($rule['enable']){ - $acls.= "{$rule['action']} {$rule['localid']} ".preg_replace("/\s+/"," ",base64_decode($rule['remoteid']))."\n"; - } - } - write_imspector_config(IMSPECTOR_ETC . '/acls.txt', $acls); - - // Handle Jabber SSL options - if(isset($ims_config["ssl_ca_cert"]) && $ims_config["ssl_ca_cert"] != "none" && - isset($ims_config["ssl_server_cert"]) && $ims_config["ssl_server_cert"] != "none") { - $conf['ssl'] = "on"; - if(!is_dir(IMSPECTOR_ETC . "/ssl")) - mkdir(IMSPECTOR_ETC . "/ssl"); - - $ca_cert = lookup_ca($ims_config["ssl_ca_cert"]); - if ($ca_cert != false) { - if(base64_decode($ca_cert['prv'])) { - file_put_contents(IMSPECTOR_ETC . "/ssl/ssl_ca_key.pem", base64_decode($ca_cert['prv'])); - $conf['ssl_ca_key'] = IMSPECTOR_ETC . '/ssl/ssl_ca_key.pem'; - } - if(base64_decode($ca_cert['crt'])) { - file_put_contents(IMSPECTOR_ETC . "/ssl/ssl_ca_cert.pem", base64_decode($ca_cert['crt'])); - $conf['ssl_ca_cert'] = IMSPECTOR_ETC . "/ssl/ssl_ca_cert.pem"; - } - $svr_cert = lookup_cert($ims_config["ssl_server_cert"]); - if ($svr_cert != false) { - if(base64_decode($svr_cert['prv'])) { - file_put_contents(IMSPECTOR_ETC . "/ssl/ssl_server_key.pem", base64_decode($svr_cert['prv'])); - $conf['ssl_key'] = IMSPECTOR_ETC . '/ssl/ssl_server_key.pem'; - } - - } - $conf['ssl_cert_dir'] = IMSPECTOR_ETC . '/ssl'; - } - } else { - // SSL Not enabled. Make sure Jabber-SSL is not processed. - unset($conf['jabber-ssl']); - unset($conf['ssl']); - } - - if (isset($ims_replacements['responder']) && $ims_replacements['responder'] == 'on') { - $conf['responder_filename'] = IMSPECTOR_ETC . "/responder.db"; - if (isset($ims_replacements['prefix_message']) && $ims_replacements['prefix_message'] != '' ) { - $conf['response_prefix'] = " .={$ims_replacements['prefix_message']}=."; - } - else{ - $conf['response_prefix'] = " .=Your activities are being logged=."; - } - if (isset($ims_replacements['notice_days']) && is_numeric($ims_replacements['notice_days'])) { - if ($ims_replacements['notice_days'] != 0) { - $conf['notice_days'] = $ims_replacements['notice_days']; - } - } else { - $conf['notice_days'] = 1; - } - - /*Custom recorded message response*/ - if(isset($ims_replacements['recorded_message']) && $ims_replacements['recorded_message'] != '' ){ - $conf['notice_response'] = ims_text_area_decode($ims_replacements['recorded_message']); - } - else{ - $conf['notice_response'] = "Your activities are being logged"; - } - - /*Filtered Frequency*/ - if (isset($ims_replacements['filtered_minutes']) && is_numeric($ims_replacements['filtered_minutes'])) { - if ($ims_replacements['filtered_minutes'] != 0) { - $conf['filtered_mins'] = $ims_replacements['filtered_minutes']; - } - } else { - $conf['filtered_mins'] = 15; - } - - /*Custom filtered message response*/ - if(isset($ims_replacements['filtered_message']) && $ims_replacements['filtered_message'] != '' ){ - $conf['filtered_response'] = ims_text_area_decode($ims_replacements['filtered_message']); - } - else{ - $conf['filtered_response'] = "Your message has been filtered"; - } - } - - $conftext = ''; - foreach($conf as $var => $key) - $conftext .= "{$var}={$key}\n"; - write_imspector_config(IMSPECTOR_CONFIG, $conftext); - - /*Check template settings*/ - if ($ims_config['template'] == "") - $template="services_imspector_logs.php"; - else - $template=$ims_config['template']; - - /*link template file*/ - $link="/usr/local/www/imspector_logs.php"; - unlink_if_exists($link); - symlink("/usr/local/www/{$template}", $link); - - /* generate rc file start and stop */ - $stop = <<<EOD -/bin/pkill -x imspector -/bin/sleep 1 -EOD; - $start = $stop."\n\tldconfig -m /usr/local/lib/mysql\n"; - $start .= "\t/usr/local/sbin/imspector -c \"".IMSPECTOR_CONFIG."\""; - - write_rcfile(array( - 'file' => 'imspector.sh', - 'start' => $start, - 'stop' => $stop - ) - ); - - conf_mount_ro(); - } - } - - if(!$iface_array || !$proto_array || !$pf_rules) { - /* no parameters user does not want imspector running */ - /* lets stop the service and remove the rc file */ - - if(file_exists(IMSPECTOR_RCFILE)) { - if(!$ims_config['enable']) - log_error('Impsector: Stopping service: imspector disabled'); - else - log_error('Impsector: Stopping service: no interfaces and/or protocols selected'); - - imspector_action('stop'); - - conf_mount_rw(); - unlink(IMSPECTOR_RCFILE); - unlink(IMSPECTOR_CONFIG); - @unlink(IMSPECTOR_ETC . '/badwords_custom.txt'); - @unlink(IMSPECTOR_ETC . '/acl_blacklist.txt'); - @unlink(IMSPECTOR_ETC . '/acl_whitelist.txt'); - conf_mount_ro(); - } - } - else{ - /* if imspector not running start it */ - if(!is_process_running('imspector')) { - log_error("Impsector: Starting service on interface: {$ifaces_active}"); - imspector_action('start'); - } - /* or restart imspector if settings were changed */ - else{ - log_error("Impsector: Restarting service on interface: {$ifaces_active}"); - imspector_action('restart'); - } - } - config_unlock(); - - /*check xmlrpc sync*/ - imspector_sync_on_changes(); - } - - function imspector_get_ca_certs() { - global $config; - - $ca_arr = array(); - $ca_arr[] = array('refid' => 'none', 'descr' => 'none'); - foreach ($config['ca'] as $ca) { - $ca_arr[] = array('refid' => $ca['refid'], 'descr' => $ca['descr']); - } - return $ca_arr; - } - - function imspector_get_server_certs() { - global $config; - $cert_arr = array(); - $cert_arr[] = array('refid' => 'none', 'descr' => 'none'); - - foreach ($config['cert'] as $cert) { - $cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']); - } - return $cert_arr; - } - -/* Uses XMLRPC to synchronize the changes to a remote node */ -function imspector_sync_on_changes() { - global $config, $g; - - $synconchanges = $config['installedpackages']['imspectorsync']['config'][0]['synconchanges']; - if(!$synconchanges) - return; - log_error("Imspector: xmlrpc sync is starting."); - foreach ($config['installedpackages']['imspectorsync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - if($password && $sync_to_ip) - imspector_do_xmlrpc_sync($sync_to_ip, $password); - } - } - log_error("Imspector: xmlrpc sync is ending."); -} -/* Do the actual XMLRPC sync */ -function imspector_do_xmlrpc_sync($sync_to_ip, $password) { - global $config, $g; - - if(!$password) - return; - - if(!$sync_to_ip) - return; - $username="admin"; - - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } - $synchronizetoip .= $sync_to_ip; - - /* xml will hold the sections to sync */ - $xml = array(); - $xml['imspector'] = $config['installedpackages']['imspector']; - $xml['imspectorreplacements'] = $config['installedpackages']['imspectorreplacements']; - $xml['imspectoracls'] = $config['installedpackages']['imspectoracls']; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - log_error("Imspector: Beginning XMLRPC sync to {$url}:{$port}."); - $method = 'pfsense.merge_installedpackages_section_xmlrpc'; - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials($username, $password); - if($g['debug']) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after 250 seconds */ - $resp = $cli->send($msg, "250"); - if(!$resp) { - $error = "A communications error occurred while attempting imspector XMLRPC sync with {$url}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "imspector Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting imspector XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "imspector Settings Sync", ""); - } else { - log_error("imspector XMLRPC sync successfully completed with {$url}:{$port}."); - } - - /* tell imspector to reload our settings on the destionation sync host. */ - $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/imspector.inc');\n"; - $execcmd .= "sync_package_imspector();"; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); - - log_error("imspector XMLRPC reload data {$url}:{$port}."); - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials($username, $password); - $resp = $cli->send($msg, "250"); - if(!$resp) { - $error = "A communications error occurred while attempting imspector XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); - file_notice("sync_settings", $error, "imspector Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting imspector XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "imspector Settings Sync", ""); - } else { - log_error("imspector XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); - } - -} -?> diff --git a/config/imspector-dev/imspector.xml b/config/imspector-dev/imspector.xml deleted file mode 100644 index c68fc70e..00000000 --- a/config/imspector-dev/imspector.xml +++ /dev/null @@ -1,251 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* ========================================================================== */ -/* - imspector.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011 Bill Marquette <billm@gmail.com> - Copyright (C) 2007 Ryan Wagoner <rswagoner@gmail.com> - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>imspector</name> - <version>20111108</version> - <title>Services: IMSpector</title> - <savetext>Save</savetext> - <include_file>/usr/local/pkg/imspector.inc</include_file> - <menu> - <name>IMSpector</name> - <tooltiptext>Set IMSpector settings such as protocols to listen on.</tooltiptext> - <section>Services</section> - <url>/services_imspector_logs.php</url> - </menu> - <service> - <name>imspector</name> - <rcfile>imspector.sh</rcfile> - <executable>imspector</executable> - <description><![CDATA[Instant Messenger transparent proxy]]></description> - </service> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=imspector.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Replacements</text> - <url>/pkg_edit.php?xml=imspector_replacements.xml&id=0</url> - </tab> - <tab> - <text>Access Lists</text> - <url>/pkg.php?xml=imspector_acls.xml</url> - </tab> - <tab> - <text>Log</text> - <url>/imspector_logs.php</url> - </tab> - <tab> - <text>Sync</text> - <url>/pkg_edit.php?xml=imspector_sync.xml</url> - </tab> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/imspector-dev/imspector_sync.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/imspector-dev/imspector_replacements.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/imspector-dev/imspector_acls.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/imspector-dev/imspector.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/imspector-dev/imspector_logs.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/imspector-dev/services_imspector_logs.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/imspector-dev/services_imspector_logs2.php</item> - </additional_files_needed> - <fields> - <field> - <name>General Settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Enable IMSpector</fielddescr> - <fieldname>enable</fieldname> - <type>checkbox</type> - </field> - <field> - <fielddescr>Interfaces</fielddescr> - <fieldname>iface_array</fieldname> - <description><![CDATA[<strong>Generally select internal interface(s) like LAN</strong><br> - You can use the CTRL or COMMAND key to select multiple interfaces.]]></description> - <type>interfaces_selection</type> - <size>3</size> - <required/> - <value>lan</value> - <multiple>true</multiple> - </field> - <field> - <fielddescr>Listen on protocols</fielddescr> - <fieldname>proto_array</fieldname> - <description><![CDATA[<strong>NOTE: Gtalk/Jabber-SSL requires SSL certificates.</strong><br> - You can use the CTRL or COMMAND key to select multiple protocols.]]></description> - <type>select</type> - <size>7</size> - <required/> - <multiple>true</multiple> - <options> - <option><name>MSN</name><value>msn</value></option> - <option><name>ICQ/AIM</name><value>icq</value></option> - <option><name>Yahoo</name><value>yahoo</value></option> - <option><name>IRC</name><value>irc</value></option> - <option><name>Jabber</name><value>jabber</value></option> - <option><name>Gtalk/Jabber-SSL</name><value>jabber-ssl</value></option> - <option><name>Gadu-Gadu</name><value>gadu-gadu</value></option> - </options> - </field> - <field> - <fielddescr>SSL CA Certificate</fielddescr> - <fieldname>ssl_ca_cert</fieldname> - <description> - Choose the SSL CA Certficate here. - </description> - <type>select_source</type> - <source><![CDATA[imspector_get_ca_certs()]]></source> - <source_name>descr</source_name> - <source_value>refid</source_value> - </field> - <field> - <fielddescr>SSL Certificate</fielddescr> - <fieldname>ssl_server_cert</fieldname> - <description> - Choose the SSL Server Certificate here. - </description> - <type>select_source</type> - <source><![CDATA[imspector_get_server_certs()]]></source> - <source_name>descr</source_name> - <source_value>refid</source_value> - </field> - <field> - <name>Logging</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Enable file logging</fielddescr> - <fieldname>log_file</fieldname> - <description>Log files stored in /var/imspector.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Report limit</fielddescr> - <fieldname>reportlimit</fieldname> - <description>Max entries to fetch from log dir(s). Default is 50</description> - <type>input</type> - <size>10</size> - </field> - <field> - <fielddescr>Report template</fielddescr> - <fieldname>template</fieldname> - <description>Template to use on reports</description> - <type>select</type> - <required/> - <options> - <option><name>Default Template</name><value>services_imspector_logs.php</value></option> - <option><name>0guzcan Template</name><value>services_imspector_logs2.php</value></option> - </options> - </field> - <field> - <fielddescr>Enable mySQL logging</fielddescr> - <fieldname>log_mysql</fieldname> - <description>Make sure to specify your MySQL credentials below.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>mySQL server</fielddescr> - <fieldname>mysql_server</fieldname> - <type>input</type> - <size>35</size> - </field> - <field> - <fielddescr>mySQL database</fielddescr> - <fieldname>mysql_database</fieldname> - <type>input</type> - <size>35</size> - </field> - <field> - <fielddescr>mySQL username</fielddescr> - <fieldname>mysql_username</fieldname> - <type>input</type> - <size>35</size> - </field> - <field> - <fielddescr>mySQL password</fielddescr> - <fieldname>mysql_password</fieldname> - <type>password</type> - <size>35</size> - </field> - </fields> - <custom_php_validation_command> - validate_form_imspector($_POST, &$input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - sync_package_imspector(); - </custom_php_resync_config_command> - <custom_php_deinstall_command> - deinstall_package_imspector(); - </custom_php_deinstall_command> - <filter_rules_needed>imspector_generate_rules</filter_rules_needed> -</packagegui>
\ No newline at end of file diff --git a/config/imspector-dev/services_imspector_logs.php b/config/imspector-dev/services_imspector_logs.php deleted file mode 100644 index adb3fa66..00000000 --- a/config/imspector-dev/services_imspector_logs.php +++ /dev/null @@ -1,311 +0,0 @@ -<?php -/* - services_imspector_logs.php - part of pfSense (http://www.pfsense.com/) - - JavaScript Code is GPL Licensed from SmoothWall Express. - - Copyright (C) 2007 Ryan Wagoner <rswagoner@gmail.com>. - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); - -/* variables */ -$log_dir = '/var/imspector'; -$imspector_config = $config['installedpackages']['imspector']['config'][0]; - -$border_color = '#c0c0c0'; -$default_bgcolor = '#eeeeee'; - -$list_protocol_color = '#000000'; -$list_local_color = '#000000'; -$list_remote_color = '#000000'; -$list_convo_color = '#000000'; - -$list_protocol_bgcolor = '#cccccc'; -$list_local_bgcolor = '#dddddd'; -$list_remote_bgcolor = '#eeeeee'; -$list_end_bgcolor = '#bbbbbb'; - -$convo_title_color = 'black'; -$convo_local_color = 'blue'; -$convo_remote_color = 'red'; - -$convo_title_bgcolor = '#cccccc'; -$convo_local_bgcolor = '#dddddd'; -$convo_remote_bgcolor = '#eeeeee'; - -/* functions */ - -function convert_dir_list ($topdir) { - global $config; - if (!is_dir($topdir)) - return; - $imspector_config = $config['installedpackages']['imspector']['config'][0]; - $limit=(preg_match("/\d+/",$imspector_config['reportlimit'])?$imspector_config['reportlimit']:"50"); - $count=0; - if ($dh = opendir($topdir)) { - while (($file = readdir($dh)) !== false) { - if(!preg_match('/^\./', $file) == 0) - continue; - if (is_dir("$topdir/$file")) - $list .= convert_dir_list("$topdir/$file"); - else - $list .= "$topdir/$file\n"; - $count ++; - if($count >= $limit){ - closedir($dh); - return $list; - } - } - closedir($dh); - } - return $list; - } - -/* ajax response */ -if ($_POST['mode'] == "render") { - - /* user list */ - print(str_replace(array($log_dir,'/'),array('','|'),convert_dir_list($log_dir))); - print("--END--\n"); - - /* log files */ - if ($_POST['section'] != "none") { - $section = explode('|',$_POST['section']); - $protocol = $section[0]; - $localuser = $section[1]; - $remoteuser = $section[2]; - $conversation = $section[3]; - - /* conversation title */ - print(implode(', ', $section)."\n"); - print("--END--\n"); - - /* conversation content */ - $filename = $log_dir.'/'.implode('/', $section); - if($fd = fopen($filename, 'r')) { - print("<table width='100%' border='0' cellpadding='2' cellspacing='0'>\n"); - while (!feof($fd)) { - $line = fgets($fd); - if(feof($fd)) continue; - $new_format = '([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),(.*)'; - $old_format = '([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),(.*)'; - preg_match("/${new_format}|${old_format}/", $line, $matches); - $address = $matches[1]; - $timestamp = $matches[2]; - $direction = $matches[3]; - $type = $matches[4]; - $filtered = $matches[5]; - if(count($matches) == 8) { - $category = $matches[6]; - $data = $matches[7]; - } else { - $category = ""; - $data = $matches[6]; - } - - if($direction == '0') { - $bgcolor = $convo_remote_bgcolor; - $user = "<<span style='color: $convo_remote_color;'>$remoteuser</span>>"; - } - if($direction == '1') { - $bgcolor = $convo_local_bgcolor; - $user = "<<span style='color: $convo_local_color;'>$localuser</span>>"; - } - - $time = strftime("%H:%M:%S", $timestamp); - - print("<tr bgcolor='$bgcolor'><td style='width: 30px; vertical-align: top;'>[$time]</td>\n - <td style=' width: 60px; vertical-align: top;'>$user</td>\n - <td style=' width: 60px; vertical-align: top;'>$category</td>\n - <td style='vertical-align: top;'>$data</td></tr>\n"); - } - print("</table>\n"); - fclose($fd); - } - } - exit; -} -/* defaults to this page but if no settings are present, redirect to setup page */ -if(!$imspector_config["enable"] || !$imspector_config["iface_array"] || !$imspector_config["proto_array"]) - Header("Location: /pkg_edit.php?xml=imspector.xml&id=0"); - -$pgtitle = "Services: IMSpector Log Viewer"; -include("head.inc"); -/* put your custom HTML head content here */ -/* using some of the $pfSenseHead function calls */ -//$pfSenseHead->addMeta("<meta http-equiv=\"refresh\" content=\"120;url={$_SERVER['SCRIPT_NAME']}\" />"); -//echo $pfSenseHead->getHTML(); -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings "), false, "/pkg_edit.php?xml=imspector.xml&id=0"); - $tab_array[] = array(gettext("Replacements "), false, "/pkg_edit.php?xml=imspector_replacements.xml&id=0"); - $tab_array[] = array(gettext("Access Lists "), false, "/pkg.php?xml=imspector_acls.xml"); - $tab_array[] = array(gettext("Log "), true, "/imspector_logs.php"); - $tab_array[] = array(gettext("Sync "), false, "/pkg_edit.php?xml=imspector_sync.xml&id=0"); - - display_top_tabs($tab_array); -?> -</table> - -<?php -$csrf_token= csrf_get_tokens(); -$zz = <<<EOD -<script type="text/javascript"> -var section = 'none'; -var moveit = 1; -var the_timeout; - -function xmlhttpPost() -{ - var xmlHttpReq = false; - var self = this; - - if (window.XMLHttpRequest) - self.xmlHttpReq = new XMLHttpRequest(); - else if (window.ActiveXObject) - self.xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP"); - - self.xmlHttpReq.open('POST', 'imspector_logs.php', true); - self.xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); - - self.xmlHttpReq.onreadystatechange = function() { - if (self.xmlHttpReq && self.xmlHttpReq.readyState == 4) - updatepage(self.xmlHttpReq.responseText); - } - - document.getElementById('im_status').style.display = "inline"; - self.xmlHttpReq.send("mode=render§ion=" + section + "&__csrf_magic={$csrf_token}"); -} - -function updatepage(str) -{ - /* update the list of conversations ( if we need to ) */ - var parts = str.split("--END--\\n"); - var lines = parts[0].split("\\n"); - - for (var line = 0 ; line < lines.length ; line ++) { - var a = lines[line].split("|"); - - if (!a[1] || !a[2] || !a[3]) continue; - - /* create titling information if needed */ - if (!document.getElementById(a[1])) { - document.getElementById('im_convos').innerHTML += - "<div id='" + a[1] + "_t' style='width: 100%; background-color: $list_protocol_bgcolor; color: $list_protocol_color;'>" + a[1] + "</div>" + - "<div id='" + a[1] + "' style='width: 100%; background-color: $list_local_bgcolor;'></div>"; - } - if (!document.getElementById(a[1] + "_" + a[2])) { - var imageref = ""; - if (a[0]) imageref = "<img src='" + a[0] + "' alt='" + a[1] + "'/>"; - document.getElementById(a[1]).innerHTML += - "<div id='" + a[1] + "_" + a[2] + "_t' style='width: 100%; color: $list_local_color; padding-left: 5px;'>" + imageref + a[2] + "</div>" + - "<div id='" + a[1] + "_" + a[2] + "' style='width: 100%; background-color: $list_remote_bgcolor; border-bottom: solid 1px $list_end_bgcolor;'></div>"; - } - if (!document.getElementById(a[1] + "_" + a[2] + "_" + a[3])) { - document.getElementById(a[1] + "_" + a[2]).innerHTML += - "<div id='" + a[1] + "_" + a[2] + "_" + a[3] + "_t' style='width: 100%; color: $list_remote_color; padding-left: 10px;'>" + a[3] + "</div>" + - "<div id='" + a[1] + "_" + a[2] + "_" + a[3] + "' style='width: 100%;'></div>"; - } - if (!document.getElementById(a[1] + "_" + a[2] + "_" + a[3] + "_" + a[4])) { - document.getElementById(a[1] + "_" + a[2] + "_" + a[3]).innerHTML += - "<div id='" + a[1] + "_" + a[2] + "_" + a[3] + "_" + a[4] + - "' style='width: 100%; color: $list_convo_color; cursor: pointer; padding-left: 15px;' onClick=" + - '"' + "setsection('" + a[1] + "|" + a[2] + "|" + a[3] + "|" + a[4] + "');" + '"' + "' + >»" + a[4] + "</div>"; - } - } - - /* determine the title of this conversation */ - var details = parts[1].split(","); - var title = details[0] + " conversation between <span style='color: $convo_local_color;'>" + details[ 1 ] + - "</span> and <span style='color: $convo_remote_color;'>" + details[2] + "</span>"; - if (!details[1]) title = " "; - if (!parts[2]) parts[2] = " "; - - document.getElementById('im_status').style.display = "none"; - var bottom = parseInt(document.getElementById('im_content').scrollTop); - var bottom2 = parseInt(document.getElementById('im_content').style.height); - var absheight = parseInt( bottom + bottom2 ); - if (absheight == document.getElementById('im_content').scrollHeight) { - moveit = 1; - } else { - moveit = 0; - } - document.getElementById('im_content').innerHTML = parts[2]; - if (moveit == 1) { - document.getElementById('im_content').scrollTop = 0; - document.getElementById('im_content').scrollTop = document.getElementById('im_content').scrollHeight; - } - document.getElementById('im_content_title').innerHTML = title; - the_timeout = setTimeout( "xmlhttpPost();", 5000 ); -} - -function setsection(value) -{ - section = value; - clearTimeout(the_timeout); - xmlhttpPost(); - document.getElementById('im_content').scrollTop = 0; - document.getElementById('im_content').scrollTop = document.getElementById('im_content').scrollHeight; -} -</script> -EOD; -print($zz); -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont"> - <div style='width: 100%; text-align: right;'><span id='im_status' style='display: none;'>Updating</span> </div> - <table width="100%"> - <tr> - <td width="15%" bgcolor="<?=$default_bgcolor?>" style="overflow: auto; border: solid 1px <?=$border_color?>;"> - <div id="im_convos" style="height: 400px; overflow: auto; overflow-x: hidden;"></div> - </td> - <td width="75%" bgcolor="<?=$default_bgcolor?>" style="border: solid 1px <?=$border_color?>;"> - <div id="im_content_title" style="height: 20px; overflow: auto; vertical-align: top; - color: <?=$convo_title_color?>; background-color: <?=$convo_title_bgcolor?>;"></div> - <div id="im_content" style="height: 380px; overflow: auto; vertical-align: bottom; overflow-x: hidden;"></div> - </td> - </tr> - </table> - </td> - </tr> -</table> - -<script type="text/javascript">xmlhttpPost();</script> - -</div> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/imspector/imspector.inc b/config/imspector/imspector.inc index d2757be8..7ade2e68 100644 --- a/config/imspector/imspector.inc +++ b/config/imspector/imspector.inc @@ -1,7 +1,8 @@ <?php /* imspector.inc - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) + Copyright (C) 2012 Marcello Coutinho. Copyright (C) 2011 Scott Ullrich <sullrich@gmail.com>. Copyright (C) 2011 Bill Marquette <billm@gmail.com>. Copyright (C) 2007 Ryan Wagoner <rswagoner@gmail.com>. @@ -31,6 +32,7 @@ require_once("config.inc"); require_once("functions.inc"); + require_once("service-utils.inc"); /* IMSpector */ @@ -38,20 +40,17 @@ define('IMSPECTOR_ETC', '/usr/local/etc/imspector'); define('IMSPECTOR_CONFIG', IMSPECTOR_ETC . '/imspector.conf'); - function imspector_notice ($msg) { syslog(LOG_NOTICE, "imspector: {$msg}"); } function imspector_warn ($msg) { syslog(LOG_WARNING, "imspector: {$msg}"); } + function ims_text_area_decode($text){ + return preg_replace('/\r\n/', "\n",base64_decode($text)); + } + function imspector_action ($action) { if (file_exists(IMSPECTOR_RCFILE)) mwexec(IMSPECTOR_RCFILE.' '.$action); } - function imspector_running () { - if((int)exec('pgrep imspector | wc -l') > 0) - return true; - return false; - } - function write_imspector_config($file, $text) { $conf = fopen($file, 'w'); if(!$conf) { @@ -95,18 +94,19 @@ function validate_form_imspector($post, $input_errors) { if($post['iface_array']) foreach($post['iface_array'] as $iface) - if($iface == 'wan') + if($iface == 'wanx') $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; } function deinstall_package_imspector() { imspector_action('stop'); - @unlink(IMSPECTOR_RCFILE); - @unlink(IMSPECTOR_CONFIG); - @unlink(IMSPECTOR_ETC . '/badwords_custom.txt'); - @unlink(IMSPECTOR_ETC . '/acl_blacklist.txt'); - @unlink(IMSPECTOR_ETC . '/acl_whitelist.txt'); + unlink_if_exists(IMSPECTOR_RCFILE); + unlink_if_exists(IMSPECTOR_CONFIG); + unlink_if_exists(IMSPECTOR_ETC . '/badwords_custom.txt'); + unlink_if_exists(IMSPECTOR_ETC . '/acl_blacklist.txt'); + unlink_if_exists(IMSPECTOR_ETC . '/acl_whitelist.txt'); + unlink_if_exists('/usr/local/www/imspector_logs.php'); //exec('pkg_delete imspector-0.4'); } @@ -122,7 +122,7 @@ break; case 'rule': $rules = "# IMSpector \n"; - $rules .= "anchor \"miniupnpd\"\n"; + $rules .= "anchor \"imspector\"\n"; break; } @@ -133,21 +133,60 @@ global $config; global $input_errors; + /*detect boot process*/ + if (is_array($_POST)){ + if (preg_match("/\w+/",$_POST['__csrf_magic'])) + unset($boot_process); + else + $boot_process="on"; + } + + if (is_process_running('imspector') && isset($boot_process)) + return; + + /* check default options and sample files*/ + $load_samples=0; + + #bannedphraselist + if (!is_array($config['installedpackages']['imspectoracls'])){ + $config['installedpackages']['imspectoracls']['config'][]=array('enable'=> 'on', + 'description' => 'allow access to all ids', + 'action' => 'allow', + 'localid' => 'all', + 'remoteid' => base64_encode('all')); + $load_samples++; + } + $ims_acls = $config['installedpackages']['imspectoracls']['config']; + + if (is_array($config['installedpackages']['imspectorreplacements'])){ + if ($config['installedpackages']['imspectorreplacements']['config'][0]['badwords_list'] == "" && file_exists(IMSPECTOR_ETC . '/badwords.txt')){ + $config['installedpackages']['imspectorreplacements']['config'][0]['badwords_list'] = base64_encode(file_get_contents(IMSPECTOR_ETC . '/badwords.txt')); + $load_samples++; + } + $ims_replacements = $config['installedpackages']['imspectorreplacements']['config'][0]; + } + + if (is_array($config['installedpackages']['imspector'])) + $ims_config = $config['installedpackages']['imspector']['config'][0]; + + if($load_samples > 0) + write_config(); + + /*continue sync process*/ + log_error("Imspector: Saving changes."); config_lock(); - - $imspector_config = $config['installedpackages']['imspector']['config'][0]; - + /* remove existing rules */ - exec('/sbin/pfctl -a imspector -Fr'); - exec('/sbin/pfctl -a imspector -Fn'); + exec('/sbin/pfctl -a imspector -Fr > /dev/null'); + exec('/sbin/pfctl -a imspector -Fn > /dev/null'); $ifaces_active = ''; - if($imspector_config['enable'] && $imspector_config['proto_array']) - $proto_array = explode(',', $imspector_config['proto_array']); + if($ims_config['enable'] && $ims_config['proto_array']) + $proto_array = explode(',', $ims_config['proto_array']); - if($imspector_config['enable'] && $imspector_config['iface_array']) - $iface_array = explode(',', $imspector_config['iface_array']); + if($ims_config['enable'] && $ims_config['iface_array']) + $iface_array = explode(',', $ims_config['iface_array']); if($iface_array && $proto_array) { foreach($iface_array as $iface) { @@ -175,8 +214,11 @@ imspector_warn("Could not resolve real interface for {$iface}"); } } - + + + /*reload rules*/ if($pf_rules) { + log_error("Imspector: Reloading rules."); exec("echo \"{$pf_rules}\" | /sbin/pfctl -a imspector -f -"); conf_mount_rw(); @@ -188,69 +230,59 @@ foreach($proto_array as $proto) $conf[$proto . '_protocol'] = 'on'; - if($imspector_config['log_file']) { + if($ims_config['log_file']) { @mkdir('/var/imspector'); $conf['file_logging_dir'] = '/var/imspector'; } - if($imspector_config['log_mysql']) { - $conf['mysql_server'] = $imspector_config['mysql_server']; - $conf['mysql_database'] = $imspector_config['mysql_database']; - $conf['mysql_username'] = $imspector_config['mysql_username']; - $conf['mysql_password'] = $imspector_config['mysql_password']; + if($ims_config['log_mysql']) { + $conf['mysql_server'] = $ims_config['mysql_server']; + $conf['mysql_database'] = $ims_config['mysql_database']; + $conf['mysql_username'] = $ims_config['mysql_username']; + $conf['mysql_password'] = $ims_config['mysql_password']; } - if($imspector_config['filter_badwords']) { - if(!empty($imspector_config["badwords_list"])) { - $conf['badwords_filename'] = IMSPECTOR_ETC . '/badwords_custom.txt'; - write_imspector_config(IMSPECTOR_ETC . '/badwords_custom.txt', - str_replace("\r", '', base64_decode($imspector_config["badwords_list"]))); - } else - $conf['badwords_filename'] = IMSPECTOR_ETC . '/badwords.txt'; - } + if($ims_replacements['filter_badwords']) { + write_imspector_config(IMSPECTOR_ETC . '/badwords_custom.txt', ims_text_area_decode($ims_replacements["badwords_list"])); + $conf['badwords_filename'] = IMSPECTOR_ETC . '/badwords_custom.txt'; + } - if($imspector_config['block_files']) + if($ims_replacements['block_files']) $conf['block_files'] = 'on'; - - if($imspector_config['block_unlisted']) - $conf['block_unlisted'] = 'on'; - - if(!empty($imspector_config['acl_whitelist'])) { - $conf['whitelist_filename'] = IMSPECTOR_ETC . '/acl_whitelist.txt'; - write_imspector_config(IMSPECTOR_ETC . '/acl_whitelist.txt', - str_replace("\r", '', base64_decode($imspector_config["acl_whitelist"]))); - } - - if(!empty($imspector_config['acl_blacklist'])) { - $conf['blacklist_filename'] = IMSPECTOR_ETC . '/acl_blacklist.txt'; - write_imspector_config(IMSPECTOR_ETC . '/acl_blacklist.txt', - str_replace("\r", '', base64_decode($imspector_config["acl_blacklist"]))); - } + + if($ims_replacements['block_webcams']) + $conf['block_webcams'] = 'on'; + + $acls=""; + $conf['acl_filename'] = IMSPECTOR_ETC . '/acls.txt'; + foreach ($ims_acls as $rule){ + if ($rule['enable']){ + $acls.= "{$rule['action']} {$rule['localid']} ".preg_replace("/\s+/"," ",base64_decode($rule['remoteid']))."\n"; + } + } + write_imspector_config(IMSPECTOR_ETC . '/acls.txt', $acls); // Handle Jabber SSL options - if(isset($imspector_config["ssl_ca_cert"]) && $imspector_config["ssl_ca_cert"] != "none" && - isset($imspector_config["ssl_server_cert"]) && $imspector_config["ssl_server_cert"] != "none") { + if(isset($ims_config["ssl_ca_cert"]) && $ims_config["ssl_ca_cert"] != "none" && + isset($ims_config["ssl_server_cert"]) && $ims_config["ssl_server_cert"] != "none") { $conf['ssl'] = "on"; if(!is_dir(IMSPECTOR_ETC . "/ssl")) mkdir(IMSPECTOR_ETC . "/ssl"); - $ca_cert = lookup_ca($imspector_config["ssl_ca_cert"]); + $ca_cert = lookup_ca($ims_config["ssl_ca_cert"]); if ($ca_cert != false) { if(base64_decode($ca_cert['prv'])) { - file_put_contents(IMSPECTOR_ETC . "/ssl/ssl_ca_key.pem", - base64_decode($ca_cert['prv'])); + file_put_contents(IMSPECTOR_ETC . "/ssl/ssl_ca_key.pem", base64_decode($ca_cert['prv'])); $conf['ssl_ca_key'] = IMSPECTOR_ETC . '/ssl/ssl_ca_key.pem'; } if(base64_decode($ca_cert['crt'])) { - file_put_contents(IMSPECTOR_ETC . "/ssl/ssl_ca_cert.pem", - base64_decode($ca_cert['crt'])); + file_put_contents(IMSPECTOR_ETC . "/ssl/ssl_ca_cert.pem", base64_decode($ca_cert['crt'])); $conf['ssl_ca_cert'] = IMSPECTOR_ETC . "/ssl/ssl_ca_cert.pem"; } - $svr_cert = lookup_cert($imspector_config["ssl_server_cert"]); + $svr_cert = lookup_cert($ims_config["ssl_server_cert"]); if ($svr_cert != false) { if(base64_decode($svr_cert['prv'])) { - file_put_contents(IMSPECTOR_ETC . "/ssl/ssl_server_key.pem", - base64_decode($svr_cert['prv'])); + file_put_contents(IMSPECTOR_ETC . "/ssl/ssl_server_key.pem", base64_decode($svr_cert['prv'])); $conf['ssl_key'] = IMSPECTOR_ETC . '/ssl/ssl_server_key.pem'; } @@ -263,42 +295,68 @@ unset($conf['ssl']); } - if (isset($imspector_config['resonder']) && $imspector_config['resonder'] == 'on') { + if (isset($ims_replacements['responder']) && $ims_replacements['responder'] == 'on') { $conf['responder_filename'] = IMSPECTOR_ETC . "/responder.db"; - if (isset($imspector_config['prefix_message']) && $imspector_config['prefix_message'] != '' ) { - $conf['response_prefix'] = base64_decode($imspector_config['prefix_message']) . " -="; + if (isset($ims_replacements['prefix_message']) && $ims_replacements['prefix_message'] != '' ) { + $conf['response_prefix'] = " .={$ims_replacements['prefix_message']}=."; } - if (isset($imspector_config['notice_days']) && is_numeric($imspector_config['notice_days'])) { - if ($imspector_config['notice_days'] != 0) { - $conf['notice_days'] = $imspector_config['notice_days']; + else{ + $conf['response_prefix'] = " .=Your activities are being logged=."; + } + if (isset($ims_replacements['notice_days']) && is_numeric($ims_replacements['notice_days'])) { + if ($ims_replacements['notice_days'] != 0) { + $conf['notice_days'] = $ims_replacements['notice_days']; } } else { $conf['notice_days'] = 1; } - $conf['notice_response'] = "Your activities are being logged"; - if (isset($imspector_config['filtered_minutes']) && is_numeric($imspector_config['filtered_minutes'])) { - if ($imspector_config['filtered_minutes'] != 0) { - $conf['filtered_mins'] = $imspector_config['filtered_minutes']; + + /*Custom recorded message response*/ + if(isset($ims_replacements['recorded_message']) && $ims_replacements['recorded_message'] != '' ){ + $conf['notice_response'] = ims_text_area_decode($ims_replacements['recorded_message']); + } + else{ + $conf['notice_response'] = "Your activities are being logged"; + } + + /*Filtered Frequency*/ + if (isset($ims_replacements['filtered_minutes']) && is_numeric($ims_replacements['filtered_minutes'])) { + if ($ims_replacements['filtered_minutes'] != 0) { + $conf['filtered_mins'] = $ims_replacements['filtered_minutes']; } } else { $conf['filtered_mins'] = 15; } - $conf['filtered_response'] = "Your message has been filtered"; + + /*Custom filtered message response*/ + if(isset($ims_replacements['filtered_message']) && $ims_replacements['filtered_message'] != '' ){ + $conf['filtered_response'] = ims_text_area_decode($ims_replacements['filtered_message']); + } + else{ + $conf['filtered_response'] = "Your message has been filtered"; + } } $conftext = ''; foreach($conf as $var => $key) $conftext .= "{$var}={$key}\n"; write_imspector_config(IMSPECTOR_CONFIG, $conftext); + + /*Check template settings*/ + if ($ims_config['template'] == "") + $template="services_imspector_logs.php"; + else + $template=$ims_config['template']; + /*link template file*/ + $link="/usr/local/www/imspector_logs.php"; + unlink_if_exists($link); + symlink("/usr/local/www/{$template}", $link); + /* generate rc file start and stop */ $stop = <<<EOD -if [ `pgrep imspector | wc -l` != 0 ]; then - /usr/bin/killall imspector - while [ `pgrep imspector | wc -l` != 0 ]; do - sleep 1 - done - fi +/bin/pkill -x imspector +/bin/sleep 1 EOD; $start = $stop."\n\tldconfig -m /usr/local/lib/mysql\n"; $start .= "\t/usr/local/sbin/imspector -c \"".IMSPECTOR_CONFIG."\""; @@ -310,18 +368,7 @@ EOD; ) ); - conf_mount_ro(); - - /* if imspector not running start it */ - if(!imspector_running()) { - imspector_notice("Starting service on interface: {$ifaces_active}"); - imspector_action('start'); - } - /* or restart imspector if settings were changed */ - elseif($_POST['iface_array']) { - imspector_notice("Restarting service on interface: {$ifaces_active}"); - imspector_action('restart'); - } + conf_mount_ro(); } } @@ -330,10 +377,10 @@ EOD; /* lets stop the service and remove the rc file */ if(file_exists(IMSPECTOR_RCFILE)) { - if(!$imspector_config['enable']) - imspector_notice('Stopping service: imspector disabled'); + if(!$ims_config['enable']) + log_error('Impsector: Stopping service: imspector disabled'); else - imspector_notice('Stopping service: no interfaces and/or protocols selected'); + log_error('Impsector: Stopping service: no interfaces and/or protocols selected'); imspector_action('stop'); @@ -345,9 +392,23 @@ EOD; @unlink(IMSPECTOR_ETC . '/acl_whitelist.txt'); conf_mount_ro(); } + } + else{ + /* if imspector not running start it */ + if(!is_process_running('imspector')) { + log_error("Impsector: Starting service on interface: {$ifaces_active}"); + imspector_action('start'); + } + /* or restart imspector if settings were changed */ + else{ + log_error("Impsector: Restarting service on interface: {$ifaces_active}"); + imspector_action('restart'); + } } - - config_unlock(); + config_unlock(); + + /*check xmlrpc sync*/ + imspector_sync_on_changes(); } function imspector_get_ca_certs() { @@ -371,4 +432,115 @@ EOD; } return $cert_arr; } -?>
\ No newline at end of file + +/* Uses XMLRPC to synchronize the changes to a remote node */ +function imspector_sync_on_changes() { + global $config, $g; + + $synconchanges = $config['installedpackages']['imspectorsync']['config'][0]['synconchanges']; + if(!$synconchanges) + return; + log_error("Imspector: xmlrpc sync is starting."); + foreach ($config['installedpackages']['imspectorsync']['config'] as $rs ){ + foreach($rs['row'] as $sh){ + $sync_to_ip = $sh['ipaddress']; + $password = $sh['password']; + if($password && $sync_to_ip) + imspector_do_xmlrpc_sync($sync_to_ip, $password); + } + } + log_error("Imspector: xmlrpc sync is ending."); +} +/* Do the actual XMLRPC sync */ +function imspector_do_xmlrpc_sync($sync_to_ip, $password) { + global $config, $g; + + if(!$password) + return; + + if(!$sync_to_ip) + return; + $username="admin"; + + $xmlrpc_sync_neighbor = $sync_to_ip; + if($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $sync_to_ip; + + /* xml will hold the sections to sync */ + $xml = array(); + $xml['imspector'] = $config['installedpackages']['imspector']; + $xml['imspectorreplacements'] = $config['installedpackages']['imspectorreplacements']; + $xml['imspectoracls'] = $config['installedpackages']['imspectoracls']; + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + $url = $synchronizetoip; + log_error("Imspector: Beginning XMLRPC sync to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + if($g['debug']) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 250 seconds */ + $resp = $cli->send($msg, "250"); + if(!$resp) { + $error = "A communications error occurred while attempting imspector XMLRPC sync with {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "imspector Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, "250"); + $error = "An error code was received while attempting imspector XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "imspector Settings Sync", ""); + } else { + log_error("imspector XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* tell imspector to reload our settings on the destionation sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/imspector.inc');\n"; + $execcmd .= "sync_package_imspector();"; + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("imspector XMLRPC reload data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, "250"); + if(!$resp) { + $error = "A communications error occurred while attempting imspector XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "imspector Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, "250"); + $error = "An error code was received while attempting imspector XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "imspector Settings Sync", ""); + } else { + log_error("imspector XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + } + +} +?> diff --git a/config/imspector/imspector.xml b/config/imspector/imspector.xml index d42e7a18..fad8d656 100644 --- a/config/imspector/imspector.xml +++ b/config/imspector/imspector.xml @@ -43,10 +43,9 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>imspector</name> - <version>0.9</version> + <version>20111108</version> <title>Services: IMSpector</title> - <savetext>Change</savetext> - <aftersaveredirect>/services_imspector_logs.php</aftersaveredirect> + <savetext>Save</savetext> <include_file>/usr/local/pkg/imspector.inc</include_file> <menu> <name>IMSpector</name> @@ -58,38 +57,81 @@ <name>imspector</name> <rcfile>imspector.sh</rcfile> <executable>imspector</executable> + <description><![CDATA[Instant Messenger transparent proxy]]></description> </service> <tabs> <tab> - <text>IMSpector Log Viewer</text> - <url>/services_imspector_logs.php</url> - </tab> - <tab> - <text>IMSpector Settings</text> + <text>Settings</text> <url>/pkg_edit.php?xml=imspector.xml&id=0</url> <active/> </tab> + <tab> + <text>Replacements</text> + <url>/pkg_edit.php?xml=imspector_replacements.xml&id=0</url> + </tab> + <tab> + <text>Access Lists</text> + <url>/pkg.php?xml=imspector_acls.xml</url> + </tab> + <tab> + <text>Log</text> + <url>/imspector_logs.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=imspector_sync.xml</url> + </tab> </tabs> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/imspector/imspector.inc</item> + <item>https://packages.pfsense.org/packages/config/imspector/imspector_sync.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/imspector/imspector_replacements.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/imspector/imspector_acls.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/imspector/imspector.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/imspector/services_imspector_logs.php</item> + <item>https://packages.pfsense.org/packages/config/imspector/imspector_logs.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/imspector/services_imspector_logs.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/imspector/services_imspector_logs2.php</item> </additional_files_needed> <fields> <field> + <name>General Settings</name> + <type>listtopic</type> + </field> + <field> <fielddescr>Enable IMSpector</fielddescr> <fieldname>enable</fieldname> <type>checkbox</type> </field> <field> - <fielddescr>Interfaces (generally LAN)</fielddescr> + <fielddescr>Interfaces</fielddescr> <fieldname>iface_array</fieldname> - <description>You can use the CTRL or COMMAND key to select multiple interfaces.</description> + <description><![CDATA[<strong>Generally select internal interface(s) like LAN</strong><br> + You can use the CTRL or COMMAND key to select multiple interfaces.]]></description> <type>interfaces_selection</type> <size>3</size> <required/> @@ -99,203 +141,101 @@ <field> <fielddescr>Listen on protocols</fielddescr> <fieldname>proto_array</fieldname> - <description>You can use the CTRL or COMMAND key to select multiple protocols. NOTE: Gtalk/Jabber-SSL requires SSL certificates.</description> + <description><![CDATA[<strong>NOTE: Gtalk/Jabber-SSL requires SSL certificates.</strong><br> + You can use the CTRL or COMMAND key to select multiple protocols.]]></description> <type>select</type> <size>7</size> <required/> <multiple>true</multiple> <options> - <option> - <name>MSN</name> - <value>msn</value> - </option> - <option> - <name>ICQ/AIM</name> - <value>icq</value> - </option> - <option> - <name>Yahoo</name> - <value>yahoo</value> - </option> - <option> - <name>IRC</name> - <value>irc</value> - </option> - <option> - <name>Jabber</name> - <value>jabber</value> - </option> - <option> - <name>Gtalk/Jabber-SSL</name> - <value>jabber-ssl</value> - </option> - <option> - <name>Gadu-Gadu</name> - <value>gadu-gadu</value> - </option> + <option><name>MSN</name><value>msn</value></option> + <option><name>ICQ/AIM</name><value>icq</value></option> + <option><name>Yahoo</name><value>yahoo</value></option> + <option><name>IRC</name><value>irc</value></option> + <option><name>Jabber</name><value>jabber</value></option> + <option><name>Gtalk/Jabber-SSL</name><value>jabber-ssl</value></option> + <option><name>Gadu-Gadu</name><value>gadu-gadu</value></option> </options> </field> <field> - <fielddescr>Enable file logging</fielddescr> - <fieldname>log_file</fieldname> - <description>Log files stored in /var/imspector.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Enable mySQL logging</fielddescr> - <fieldname>log_mysql</fieldname> - <description>Make sure to specify your MySQL credentials below.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>mySQL server</fielddescr> - <fieldname>mysql_server</fieldname> - <type>input</type> - </field> - <field> - <fielddescr>mySQL database</fielddescr> - <fieldname>mysql_database</fieldname> - <type>input</type> - </field> - <field> - <fielddescr>mySQL username</fielddescr> - <fieldname>mysql_username</fieldname> - <type>input</type> - </field> - <field> - <fielddescr>mySQL password</fielddescr> - <fieldname>mysql_password</fieldname> - <type>password</type> - </field> - <field> - <fielddescr>SSL Certificate</fielddescr> - <fieldname>ssl_server_cert</fieldname> + <fielddescr>SSL CA Certificate</fielddescr> + <fieldname>ssl_ca_cert</fieldname> <description> - Choose the SSL Server Certificate here. + Choose the SSL CA Certficate here. </description> <type>select_source</type> - <source><![CDATA[imspector_get_server_certs()]]></source> + <source><![CDATA[imspector_get_ca_certs()]]></source> <source_name>descr</source_name> <source_value>refid</source_value> </field> <field> - <fielddescr>SSL CA Certificate</fielddescr> - <fieldname>ssl_ca_cert</fieldname> + <fielddescr>SSL Certificate</fielddescr> + <fieldname>ssl_server_cert</fieldname> <description> - Choose the SSL CA Certficate here. + Choose the SSL Server Certificate here. </description> <type>select_source</type> - <source><![CDATA[imspector_get_ca_certs()]]></source> + <source><![CDATA[imspector_get_server_certs()]]></source> <source_name>descr</source_name> <source_value>refid</source_value> </field> <field> - <fielddescr>Enable bad word filtering</fielddescr> - <fieldname>filter_badwords</fieldname> - <description>Replace characters of matched bad word with *.</description> - <type>checkbox</type> + <name>Logging</name> + <type>listtopic</type> </field> <field> - <fielddescr>Enable response messages</fielddescr> - <fieldname>resonder</fieldname> - <description> - Inform the users (both local and remote) that the conversation they are having is being recorded. This might be needed for legal reasons. - Inform the sender that a file (or message) was blocked. This is useful because the sender will know a block occured, instead of the transfer simply failing.</description> + <fielddescr>Enable file logging</fielddescr> + <fieldname>log_file</fieldname> + <description>Log files stored in /var/imspector.</description> <type>checkbox</type> </field> <field> - <fielddescr>Notification frequency</fielddescr> - <fieldname>notice_days</fieldname> - <type>input</type> - <description>Frequency in number of days for notifying users they are being logged. Default 1 day if responses are enabled, set to 0 to disable</description> - </field> - <field> - <fielddescr>Filtered frequency</fielddescr> - <fieldname>filtered_minutes</fieldname> + <fielddescr>Report limit</fielddescr> + <fieldname>reportlimit</fieldname> + <description>Max entries to fetch from log dir(s). Default is 50</description> <type>input</type> - <description>The time between sending "filtered" in minutes. Default 15 minutes if responses are enabled, set to 0 to disable</description> - </field> - <field> - <fielddescr>Custom message prefix</fielddescr> - <fieldname>prefix_message</fieldname> - <description> - Message to prepend to all IMSpector generated messages. The default is "Message from IMSpector" - </description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>5</rows> - <cols>40</cols> - </field> - <field> - <fielddescr>Custom recorded message response</fielddescr> - <fieldname>recorded_message</fieldname> - <description> - Message to send to users to let them know they are being recorded. The default is "Your activities are being logged" - </description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>5</rows> - <cols>40</cols> + <size>10</size> </field> <field> - <fielddescr>Custom filtered message response</fielddescr> - <fieldname>filtered_message</fieldname> - <description> - Message to send to users to let them know about filtered messages. - </description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>5</rows> - <cols>40</cols> + <fielddescr>Report template</fielddescr> + <fieldname>template</fieldname> + <description>Template to use on reports</description> + <type>select</type> + <required/> + <options> + <option><name>Default Template</name><value>services_imspector_logs.php</value></option> + <option><name>0guzcan Template</name><value>services_imspector_logs2.php</value></option> + </options> </field> - <field> - <fielddescr>Bad words list</fielddescr> - <fieldname>badwords_list</fieldname> - <description> - Place one word or phrase to match per line.<br /> - If left blank the default list in /usr/local/etc/imspector/badwords.txt will be used. - </description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>5</rows> - <cols>40</cols> + <fielddescr>Enable mySQL logging</fielddescr> + <fieldname>log_mysql</fieldname> + <description>Make sure to specify your MySQL credentials below.</description> + <type>checkbox</type> </field> <field> - <fielddescr>Block file transfers</fielddescr> - <fieldname>block_files</fieldname> - <description>Block file transfers on supported protocols.</description> - <type>checkbox</type> + <fielddescr>mySQL server</fielddescr> + <fieldname>mysql_server</fieldname> + <type>input</type> + <size>35</size> </field> <field> - <fielddescr>Block non ACL defined</fielddescr> - <fieldname>block_unlisted</fieldname> - <description>Overide the default of allowing user's not defined the whitelist or blacklist ACLs.</description> - <type>checkbox</type> + <fielddescr>mySQL database</fielddescr> + <fieldname>mysql_database</fieldname> + <type>input</type> + <size>35</size> </field> <field> - <fielddescr>ACL whitelist</fielddescr> - <fieldname>acl_whitelist</fieldname> - <description> - Example (allow specific access): localuser: remoteuser1 remoteuser2<br /> - Example (allow full access): localuser: - </description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>5</rows> - <cols>40</cols> + <fielddescr>mySQL username</fielddescr> + <fieldname>mysql_username</fieldname> + <type>input</type> + <size>35</size> </field> <field> - <fielddescr>ACL blacklist</fielddescr> - <fieldname>acl_blacklist</fieldname> - <description> - Example (block specifc access): localuser: remoteuser1 remoteuser2<br /> - Example (block all access): localuser: - </description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>5</rows> - <cols>40</cols> + <fielddescr>mySQL password</fielddescr> + <fieldname>mysql_password</fieldname> + <type>password</type> + <size>35</size> </field> </fields> <custom_php_validation_command> @@ -308,4 +248,4 @@ deinstall_package_imspector(); </custom_php_deinstall_command> <filter_rules_needed>imspector_generate_rules</filter_rules_needed> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/imspector-dev/imspector_acls.xml b/config/imspector/imspector_acls.xml index 3176c75f..a8aeecc9 100644 --- a/config/imspector-dev/imspector_acls.xml +++ b/config/imspector/imspector_acls.xml @@ -59,12 +59,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>755</chmod> - <item>http://www.pfsense.com/packages/config/sshdcond/sshdcond.inc</item> + <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>755</chmod> - <item>http://www.pfsense.com/packages/config/sshdcond/sshdcond_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond_sync.xml</item> </additional_files_needed> <tabs> <tab> diff --git a/config/imspector-dev/imspector_logs.php b/config/imspector/imspector_logs.php index e44ef35f..24cd7b0f 100644 --- a/config/imspector-dev/imspector_logs.php +++ b/config/imspector/imspector_logs.php @@ -1,7 +1,7 @@ <?php /* services_imspector_logs.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) JavaScript Code is GPL Licensed from SmoothWall Express. diff --git a/config/imspector-dev/imspector_replacements.xml b/config/imspector/imspector_replacements.xml index 7f53bbd4..7f53bbd4 100644 --- a/config/imspector-dev/imspector_replacements.xml +++ b/config/imspector/imspector_replacements.xml diff --git a/config/imspector-dev/imspector_sync.xml b/config/imspector/imspector_sync.xml index 3ff88d41..3ff88d41 100644 --- a/config/imspector-dev/imspector_sync.xml +++ b/config/imspector/imspector_sync.xml diff --git a/config/imspector/services_imspector_logs.php b/config/imspector/services_imspector_logs.php index fce9b892..4fca4433 100644 --- a/config/imspector/services_imspector_logs.php +++ b/config/imspector/services_imspector_logs.php @@ -1,11 +1,12 @@ <?php /* services_imspector_logs.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) JavaScript Code is GPL Licensed from SmoothWall Express. Copyright (C) 2007 Ryan Wagoner <rswagoner@gmail.com>. + Copyright (C) 2012 Marcello Coutinho All rights reserved. Redistribution and use in source and binary forms, with or without @@ -60,20 +61,30 @@ $convo_remote_bgcolor = '#eeeeee'; /* functions */ function convert_dir_list ($topdir) { - if (!is_dir($topdir)) return; + global $config; + if (!is_dir($topdir)) + return; + $imspector_config = $config['installedpackages']['imspector']['config'][0]; + $limit=(preg_match("/\d+/",$imspector_config['reportlimit'])?$imspector_config['reportlimit']:"50"); + $count=0; if ($dh = opendir($topdir)) { while (($file = readdir($dh)) !== false) { - if(!preg_match('/^\./', $file) == 0) continue; - if (is_dir("$topdir/$file")) { + if(!preg_match('/^\./', $file) == 0) + continue; + if (is_dir("$topdir/$file")) $list .= convert_dir_list("$topdir/$file"); - } else { + else $list .= "$topdir/$file\n"; + $count ++; + if($count >= $limit){ + closedir($dh); + return $list; + } } - } closedir($dh); - } + } return $list; -} + } /* ajax response */ if ($_POST['mode'] == "render") { @@ -157,13 +168,18 @@ include("head.inc"); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <?php $tab_array = array(); - $tab_array[] = array(gettext("IMSpector Log Viewer "), true, "/services_imspector_logs.php"); - $tab_array[] = array(gettext("IMSpector Settings "), false, "/pkg_edit.php?xml=imspector.xml&id=0"); + $tab_array[] = array(gettext("Settings "), false, "/pkg_edit.php?xml=imspector.xml&id=0"); + $tab_array[] = array(gettext("Replacements "), false, "/pkg_edit.php?xml=imspector_replacements.xml&id=0"); + $tab_array[] = array(gettext("Access Lists "), false, "/pkg.php?xml=imspector_acls.xml"); + $tab_array[] = array(gettext("Log "), true, "/imspector_logs.php"); + $tab_array[] = array(gettext("Sync "), false, "/pkg_edit.php?xml=imspector_sync.xml&id=0"); + display_top_tabs($tab_array); ?> </table> <?php +$csrf_token= csrf_get_tokens(); $zz = <<<EOD <script type="text/javascript"> var section = 'none'; @@ -180,7 +196,7 @@ function xmlhttpPost() else if (window.ActiveXObject) self.xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP"); - self.xmlHttpReq.open('POST', 'services_imspector_logs.php', true); + self.xmlHttpReq.open('POST', 'imspector_logs.php', true); self.xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); self.xmlHttpReq.onreadystatechange = function() { @@ -189,7 +205,7 @@ function xmlhttpPost() } document.getElementById('im_status').style.display = "inline"; - self.xmlHttpReq.send("mode=render§ion=" + section); + self.xmlHttpReq.send("mode=render§ion=" + section + "&__csrf_magic={$csrf_token}"); } function updatepage(str) diff --git a/config/imspector-dev/services_imspector_logs2.php b/config/imspector/services_imspector_logs2.php index 30f63058..d7bb4647 100644 --- a/config/imspector-dev/services_imspector_logs2.php +++ b/config/imspector/services_imspector_logs2.php @@ -1,7 +1,7 @@ <?php /* services_imspector_logs.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) JavaScript Code is GPL Licensed from SmoothWall Express. diff --git a/config/ipblocklist/7/email.tmp b/config/ipblocklist/7/email.tmp index 739b0000..abeb4932 100755 --- a/config/ipblocklist/7/email.tmp +++ b/config/ipblocklist/7/email.tmp @@ -155,7 +155,7 @@ tr.d0 td { $tab_array[1] = array("Settings", false, "settings.php"); $tab_array[2] = array("Whitelist", false, "whitelist.php"); $tab_array[3] = array("Interfaces", false, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); $tab_array[5] = array("Email", true, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/ipblocklist/7/ipblocklist.tmp b/config/ipblocklist/7/ipblocklist.tmp index ffbfdc57..c447df6d 100755 --- a/config/ipblocklist/7/ipblocklist.tmp +++ b/config/ipblocklist/7/ipblocklist.tmp @@ -125,7 +125,7 @@ if(isset($_POST['formSubmit'])) $tab_array[1] = array("Settings", false, "settings.php"); $tab_array[2] = array("Whitelist", false, "whitelist.php"); $tab_array[3] = array("Interfaces", false, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); //$tab_array[5] = array("Email", false, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/ipblocklist/7/ipblocklist.xml b/config/ipblocklist/7/ipblocklist.xml index 2b6ec976..d459127b 100755 --- a/config/ipblocklist/7/ipblocklist.xml +++ b/config/ipblocklist/7/ipblocklist.xml @@ -39,7 +39,7 @@ </copyright> <description>IP Blocklist</description> <requirements>perl</requirements> - <faq>http://forum.pfsense.org/index.php/topic,24769.0.html</faq> + <faq>https://forum.pfsense.org/index.php/topic,24769.0.html</faq> <name>IP Blocklist Settings</name> <version>0.3.4</version> <title>Settings</title> @@ -62,97 +62,97 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist.xml</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist.inc</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/interfaces.txt</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/interfaces.txt</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist_list.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist_list.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist_if.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist_if.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/firewall_shaper.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/firewall_shaper.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/convert.pl</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/convert.pl</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/convert-execute.sh</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/convert-execute.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/purge.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/purge.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/index.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/index.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/whitelist.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/whitelist.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/purgeip.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/purgeip.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/IP-Blocklist.sh</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/IP-Blocklist.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/settings.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/settings.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/class.phpmailer.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/class.phpmailer.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/class.smtp.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/class.smtp.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/email.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/email.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/7/lists.txt</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/7/lists.txt</item> </additional_files_needed> <fields> <field> diff --git a/config/ipblocklist/7/ipblocklist_if.tmp b/config/ipblocklist/7/ipblocklist_if.tmp index 42ba2d07..582d856a 100755 --- a/config/ipblocklist/7/ipblocklist_if.tmp +++ b/config/ipblocklist/7/ipblocklist_if.tmp @@ -132,7 +132,7 @@ include("head.inc"); $tab_array[1] = array("Settings", false, "settings.php"); $tab_array[2] = array("Whitelist", false, "whitelist.php"); $tab_array[3] = array("Interfaces", true, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); //$tab_array[5] = array("Email", false, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/ipblocklist/7/manual_add.tmp b/config/ipblocklist/7/manual_add.tmp index 361b782b..a2218e61 100755 --- a/config/ipblocklist/7/manual_add.tmp +++ b/config/ipblocklist/7/manual_add.tmp @@ -6,7 +6,7 @@ </head> <a href="ipblocklist_list.php"><img src="../../themes/nervecenter/images/icons/icon_alias_url_reload.gif" ALT="Manual" ALIGN=RIGHT></a> -<span style="color:red">Experimental!</span> - This uses a different process to block IPs (uses IPFW) <a href="http://forum.pfsense.org/index.php/topic,24822.0.html" target="_blank"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a> +<span style="color:red">Experimental!</span> - This uses a different process to block IPs (uses IPFW) <a href="https://forum.pfsense.org/index.php/topic,24822.0.html" target="_blank"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a> <br/>Enter in IP format (xx.xx.xx.xx) or CIDR format (xx.xx.xx.xx/xx) <br/><form method="post" action=""> <input name="content" type="text" /> diff --git a/config/ipblocklist/7/settings.tmp b/config/ipblocklist/7/settings.tmp index a13dd22b..0c1fd804 100755 --- a/config/ipblocklist/7/settings.tmp +++ b/config/ipblocklist/7/settings.tmp @@ -47,7 +47,7 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past $tab_array[1] = array("Settings", true, "settings.php"); $tab_array[2] = array("Whitelist", false, "whitelist.php"); $tab_array[3] = array("Interfaces", false, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); //$tab_array[5] = array("Email", false, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/ipblocklist/7/whitelist.tmp b/config/ipblocklist/7/whitelist.tmp index 51bd9f97..203cf798 100755 --- a/config/ipblocklist/7/whitelist.tmp +++ b/config/ipblocklist/7/whitelist.tmp @@ -45,7 +45,7 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past $tab_array[1] = array("Settings", false, "settings.php"); $tab_array[2] = array("Whitelist", true, "whitelist.php"); $tab_array[3] = array("Interfaces", false, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); //$tab_array[5] = array("Email", false, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp b/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp index a62fcede..546e27c4 100644 --- a/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp +++ b/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp @@ -1,7 +1,7 @@ <?php /* Copyright 2011 Thomas Schaefer - Tomschaefer.org - Part of pfSense widgets (www.pfsense.com) + Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/config/ipblocklist/8/email.tmp b/config/ipblocklist/8/email.tmp index 739b0000..abeb4932 100755 --- a/config/ipblocklist/8/email.tmp +++ b/config/ipblocklist/8/email.tmp @@ -155,7 +155,7 @@ tr.d0 td { $tab_array[1] = array("Settings", false, "settings.php"); $tab_array[2] = array("Whitelist", false, "whitelist.php"); $tab_array[3] = array("Interfaces", false, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); $tab_array[5] = array("Email", true, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/ipblocklist/8/ipblocklist.tmp b/config/ipblocklist/8/ipblocklist.tmp index 9291a468..ae654241 100755 --- a/config/ipblocklist/8/ipblocklist.tmp +++ b/config/ipblocklist/8/ipblocklist.tmp @@ -128,7 +128,7 @@ if(isset($_POST['formSubmit'])) $tab_array[1] = array("Settings", false, "settings.php"); $tab_array[2] = array("Whitelist", false, "whitelist.php"); $tab_array[3] = array("Interfaces", false, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); //$tab_array[5] = array("Email", false, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/ipblocklist/8/ipblocklist.xml b/config/ipblocklist/8/ipblocklist.xml index 262d1719..77c05bab 100755 --- a/config/ipblocklist/8/ipblocklist.xml +++ b/config/ipblocklist/8/ipblocklist.xml @@ -39,7 +39,7 @@ </copyright> <description>IP Blocklist</description> <requirements>perl</requirements> - <faq>http://forum.pfsense.org/index.php/topic,24769.0.html</faq> + <faq>https://forum.pfsense.org/index.php/topic,24769.0.html</faq> <name>IP Blocklist Settings</name> <version>0.3.5</version> <title>Settings</title> @@ -62,102 +62,102 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist.xml</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist.inc</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/interfaces.txt</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/interfaces.txt</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist_list.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist_list.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist_if.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist_if.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/firewall_shaper.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/firewall_shaper.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/convert.pl</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/convert.pl</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/convert-execute.sh</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/convert-execute.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/purge.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/purge.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/index.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/index.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/whitelist.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/whitelist.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/purgeip.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/purgeip.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/IP-Blocklist.sh</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/IP-Blocklist.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/settings.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/settings.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/class.phpmailer.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/class.phpmailer.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/class.smtp.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/class.smtp.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/email.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/email.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/lists.txt</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/lists.txt</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp</item> + <item>https://packages.pfsense.org/packages/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp</item> </additional_files_needed> <fields> <field> diff --git a/config/ipblocklist/8/ipblocklist_if.tmp b/config/ipblocklist/8/ipblocklist_if.tmp index 42ba2d07..582d856a 100755 --- a/config/ipblocklist/8/ipblocklist_if.tmp +++ b/config/ipblocklist/8/ipblocklist_if.tmp @@ -132,7 +132,7 @@ include("head.inc"); $tab_array[1] = array("Settings", false, "settings.php"); $tab_array[2] = array("Whitelist", false, "whitelist.php"); $tab_array[3] = array("Interfaces", true, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); //$tab_array[5] = array("Email", false, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/ipblocklist/8/manual_add.tmp b/config/ipblocklist/8/manual_add.tmp index 361b782b..a2218e61 100755 --- a/config/ipblocklist/8/manual_add.tmp +++ b/config/ipblocklist/8/manual_add.tmp @@ -6,7 +6,7 @@ </head> <a href="ipblocklist_list.php"><img src="../../themes/nervecenter/images/icons/icon_alias_url_reload.gif" ALT="Manual" ALIGN=RIGHT></a> -<span style="color:red">Experimental!</span> - This uses a different process to block IPs (uses IPFW) <a href="http://forum.pfsense.org/index.php/topic,24822.0.html" target="_blank"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a> +<span style="color:red">Experimental!</span> - This uses a different process to block IPs (uses IPFW) <a href="https://forum.pfsense.org/index.php/topic,24822.0.html" target="_blank"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a> <br/>Enter in IP format (xx.xx.xx.xx) or CIDR format (xx.xx.xx.xx/xx) <br/><form method="post" action=""> <input name="content" type="text" /> diff --git a/config/ipblocklist/8/settings.tmp b/config/ipblocklist/8/settings.tmp index a13dd22b..0c1fd804 100755 --- a/config/ipblocklist/8/settings.tmp +++ b/config/ipblocklist/8/settings.tmp @@ -47,7 +47,7 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past $tab_array[1] = array("Settings", true, "settings.php"); $tab_array[2] = array("Whitelist", false, "whitelist.php"); $tab_array[3] = array("Interfaces", false, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); //$tab_array[5] = array("Email", false, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/ipblocklist/8/whitelist.tmp b/config/ipblocklist/8/whitelist.tmp index 51bd9f97..203cf798 100755 --- a/config/ipblocklist/8/whitelist.tmp +++ b/config/ipblocklist/8/whitelist.tmp @@ -45,7 +45,7 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past $tab_array[1] = array("Settings", false, "settings.php"); $tab_array[2] = array("Whitelist", true, "whitelist.php"); $tab_array[3] = array("Interfaces", false, "ipblocklist_if.php"); - $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist"); + $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist"); //$tab_array[5] = array("Email", false, "email.php"); display_top_tabs($tab_array); ?> diff --git a/config/iperf.xml b/config/iperf.xml index 2fe49699..f64500d9 100644 --- a/config/iperf.xml +++ b/config/iperf.xml @@ -73,7 +73,7 @@ </tab> </tabs> <additional_files_needed> - <item>http://www.pfsense.com/packages/config/iperfserver.xml</item> + <item>https://packages.pfsense.org/packages/config/iperfserver.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/ipguard/ipguard.xml b/config/ipguard/ipguard.xml index cafc6e4e..74b58f86 100644 --- a/config/ipguard/ipguard.xml +++ b/config/ipguard/ipguard.xml @@ -63,12 +63,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>755</chmod> - <item>http://www.pfsense.com/packages/config/ipguard/ipguard.inc</item> + <item>https://packages.pfsense.org/packages/config/ipguard/ipguard.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>755</chmod> - <item>http://www.pfsense.com/packages/config/ipguard/ipguard_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/ipguard/ipguard_sync.xml</item> </additional_files_needed> <tabs> <tab> diff --git a/config/iprangealiases/iprangealiases.xml b/config/iprangealiases/iprangealiases.xml index 0464ec6a..87af9b4b 100644 --- a/config/iprangealiases/iprangealiases.xml +++ b/config/iprangealiases/iprangealiases.xml @@ -52,12 +52,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/iprangealiases/iprangealiases.inc</item> + <item>https://packages.pfsense.org/packages/config/iprangealiases/iprangealiases.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/iprangealiases/iprangealiases.patch</item> + <item>https://packages.pfsense.org/packages/config/iprangealiases/iprangealiases.patch</item> </additional_files_needed> <custom_php_install_command> iprangealiases_install(); diff --git a/config/jail_template.xml b/config/jail_template.xml index d183200b..fc6b2502 100644 --- a/config/jail_template.xml +++ b/config/jail_template.xml @@ -14,12 +14,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/jail_template/jail_template.inc</item> + <item>https://packages.pfsense.org/packages/config/jail_template/jail_template.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/jail_template/jail_template.img.uzip</item> + <item>https://packages.pfsense.org/packages/config/jail_template/jail_template.img.uzip</item> </additional_files_needed> <include_file>/usr/local/pkg/jail_template.inc</include_file> diff --git a/config/jailctl.xml b/config/jailctl.xml index 079ddb6b..ab6cf1e3 100644 --- a/config/jailctl.xml +++ b/config/jailctl.xml @@ -30,37 +30,37 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl_defaults.xml</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_defaults.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl.inc</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl-utils.inc</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl-utils.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl_list.inc</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_list.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/sbin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/sbin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/sysinstall</item> + <item>https://packages.pfsense.org/packages/config/jailctl/sysinstall</item> </additional_files_needed> <tabs> diff --git a/config/jailctl/jailctl.xml b/config/jailctl/jailctl.xml index 5ca6c459..4c96f88d 100644 --- a/config/jailctl/jailctl.xml +++ b/config/jailctl/jailctl.xml @@ -30,32 +30,32 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl_defaults.xml</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_defaults.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl.inc</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl-utils.inc</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl-utils.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl_list.inc</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_list.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/sbin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/jailctl/jailctl</item> + <item>https://packages.pfsense.org/packages/config/jailctl/jailctl</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/sbin/</prefix> diff --git a/config/ladvd/ladvd.inc b/config/ladvd/ladvd.inc new file mode 100644 index 00000000..acf277b3 --- /dev/null +++ b/config/ladvd/ladvd.inc @@ -0,0 +1,104 @@ +<?php +/* + ladvd.inc + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("globals.inc"); +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); + +function ladvd_resync_config() { + global $config; + + conf_mount_rw(); + + if (!is_array($config['installedpackages']['ladvd'])) + return; + if (!is_array($config['installedpackages']['ladvd']['config'])) + return; + + $ladvd_conf = &$config['installedpackages']['ladvd']['config'][0]; + + /* ladvd is turned off in package settings */ + if (empty($ladvd_conf['enable'])) + return; + + $cmdline = ""; + + if (!empty($ladvd_conf['autoenable'])) { + $cmdline .= "-a "; + } + + if (!empty($ladvd_conf['silent'])) { + $cmdline .= "-s "; + } + + if (!empty($ladvd_conf['management'])) { + $cmdline .= "-m " . escapeshellarg(get_real_interface($ladvd_conf['management'])) . " "; + } + + if (!empty($ladvd_conf['location'])) { + $cmdline .= "-l '{$ladvd_conf['location']}' "; + } + + if (!empty($ladvd_conf['lldp'])) { + $cmdline .= "-L "; + } + + if (!empty($ladvd_conf['cdp'])) { + $cmdline .= "-C "; + } + + if (!empty($ladvd_conf['edp'])) { + $cmdline .= "-E "; + } + + if (!empty($ladvd_conf['fdp'])) { + $cmdline .= "-F "; + } + + if (!empty($ladvd_conf['ndp'])) { + $cmdline .= "-N "; + } + + $ifaces = explode(",", $ladvd_conf['iface_array']); + $ifaces = array_map('get_real_interface', $ifaces); + $cmdline .= implode(" ", $ifaces); + + write_rcfile(array( + "file" => "ladvd.sh", + "start" => "/usr/local/sbin/ladvd $cmdline", + "stop" => "/usr/bin/killall -9 ladvd" + ) + ); + + restart_service("ladvd"); + sleep(1); + conf_mount_ro(); +} + +?> diff --git a/config/ladvd/ladvd.xml b/config/ladvd/ladvd.xml new file mode 100644 index 00000000..50f9b568 --- /dev/null +++ b/config/ladvd/ladvd.xml @@ -0,0 +1,149 @@ +<?xml version="1.0" encoding="utf-8" ?> +<packagegui> + <copyright> + <![CDATA[ +/* + ladvd.xml + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> + </copyright> + <description>Link Layer Discovery Protocol</description> + <name>LADVD</name> + <version>1.0.2</version> + <category>Network Management</category> + <title>Services: LADVD</title> + <savetext>ladvd</savetext> + <include_file>/usr/local/pkg/ladvd.inc</include_file> + <aftersaveredirect>/pkg_edit.php?xml=ladvd.xml&id=0</aftersaveredirect> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/ladvd/ladvd.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/ladvd/status_ladvd.php</item> + </additional_files_needed> + <menu> + <name>LADVD</name> + <tooltiptext>Modify LADVD settings.</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=ladvd.xml&id=0</url> + </menu> + <menu> + <name>LADVD Status</name> + <tooltiptext></tooltiptext> + <section>Status</section> + <url>/status_ladvd.php</url> + </menu> + <service> + <name>ladvd</name> + <rcfile>ladvd.sh</rcfile> + <executable>ladvd</executable> + <description>Send and decode link layer advertisements</description> + </service> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=ladvd.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Status</text> + <url>/status_ladvd.php</url> + </tab> + </tabs> + <fields> + <field> + <fielddescr>Enable ladvd</fielddescr> + <fieldname>enable</fieldname> + <description>Enable or disable ladvd</description> + <enablefields>iface_array[],autoenable,silent,management,location,lldp,cdp,edp,ndp</enablefields> + <type>checkbox</type> + </field> + <field> + <fielddescr>Interfaces</fielddescr> + <fieldname>iface_array</fieldname> + <value>lan</value> + <multiple>true</multiple> + <size>3</size> + <type>interfaces_selection</type> + <description>Select the interfaces that LADVD will bind to. You can use the CTRL or COMMAND key to select multiple interfaces.</description> + </field> + <field> + <fielddescr>Auto-enable protocols</fielddescr> + <fieldname>autoenable</fieldname> + <description>Auto-enable protocols based on received packets (also enables receive mode).</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Silent</fielddescr> + <fieldname>silent</fieldname> + <description>Silent, don't transmit packets.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Management interfaces</fielddescr> + <fieldname>management</fieldname> + <value>lan</value> + <type>interfaces_selection</type> + <description>The management interface for this host. Addresses on this interface are auto-detected (IPv4 and IPv6).</description> + </field> + <field> + <fielddescr>System Location</fielddescr> + <fieldname>location</fieldname> + <type>input</type> + <size>30</size> + <description>Specify the physical location of the host.</description> + </field> + <field> + <fielddescr>Enable LLDP</fielddescr> + <fieldname>lldp</fieldname> + <description>Enable LLDP (Link Layer Discovery Protocol).</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable CDP</fielddescr> + <fieldname>cdp</fieldname> + <description>Enable CDP (Cisco Discovery Protocol).</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable EDP</fielddescr> + <fieldname>edp</fieldname> + <description>Enable EDP (Extreme Discovery Protocol).</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable NDP</fielddescr> + <fieldname>ndp</fieldname> + <description>Enable NDP (Nortel Discovery Protocol) formerly called SynOptics Network Management Protocol (SONMP).</description> + <type>checkbox</type> + </field> + </fields> + <custom_php_resync_config_command>ladvd_resync_config();</custom_php_resync_config_command> +</packagegui> diff --git a/config/ladvd/status_ladvd.php b/config/ladvd/status_ladvd.php new file mode 100644 index 00000000..3333145a --- /dev/null +++ b/config/ladvd/status_ladvd.php @@ -0,0 +1,118 @@ +<?php +/* + status_ladvd.php + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$pgtitle = "LADVD: Status"; +include("head.inc"); + +$control_script = "/usr/local/sbin/ladvdc"; + +/* List all of the commands as an index. */ +function listCmds() { + global $commands; + echo "<br/>This status page includes the following information:\n"; + echo "<ul width=\"100%\">\n"; + for ($i = 0; isset($commands[$i]); $i++ ) { + echo "<li><strong><a href=\"#" . $commands[$i][0] . "\">" . $commands[$i][0] . "</a></strong></li>\n"; + } + echo "</ul>\n"; +} + +function execCmds() { + global $commands; + for ($i = 0; isset($commands[$i]); $i++ ) { + doCmdT($commands[$i][0], $commands[$i][1]); + } +} + +/* Define a command, with a title, to be executed later. */ +function defCmdT($title, $command) { + global $commands; + $title = htmlspecialchars($title,ENT_NOQUOTES); + $commands[] = array($title, $command); +} + +function doCmdT($title, $command) { + echo "<p>\n"; + echo "<a name=\"" . $title . "\">\n"; + echo "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"; + echo "<tr><td class=\"listtopic\">" . $title . "</td></tr>\n"; + echo "<tr><td class=\"listlr\"><pre>"; /* no newline after pre */ + + $execOutput = ""; + $execStatus = ""; + $fd = popen("{$command} 2>&1", "r"); + while (($line = fgets($fd)) !== FALSE) { + echo htmlspecialchars($line, ENT_NOQUOTES); + } + pclose($fd); + echo "</pre></tr>\n"; + echo "</table>\n"; +} + +?> + +<html> + <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + <?php include("fbegin.inc"); ?> + <?php if ($savemsg) print_info_box($savemsg); ?> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=ladvd.xml&id=0"); + $tab_array[] = array(gettext("Status"), true, "/status_ladvd.php"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td> +<?php + defCmdT("LADVD Devices", "{$control_script}"); + defCmdT("LADVD Detailed decode", "{$control_script} -f"); +?> + <div id="cmdspace" style="width:100%"> + <?php listCmds(); ?> + <?php execCmds(); ?> + </div> + </td> + </tr> + </table> + </div> + </td> + </tr> + </table> + <?php include("fend.inc"); ?> + </body> +</html> diff --git a/config/lcdproc-dev/lcdproc.xml b/config/lcdproc-dev/lcdproc.xml index bca9b4c8..cf816d53 100644 --- a/config/lcdproc-dev/lcdproc.xml +++ b/config/lcdproc-dev/lcdproc.xml @@ -23,22 +23,22 @@ <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> </menu> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc.inc</item> + <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc_screens.xml</item> + <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc_screens.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc_client.php</item> + <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc_client.php</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://files.pfsense.org/misc/nexcom.so</item> + <item>https://files.pfsense.org/misc/nexcom.so</item> <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/lcdproc/lcdproc.xml b/config/lcdproc/lcdproc.xml index 32a8f900..ba46e941 100644 --- a/config/lcdproc/lcdproc.xml +++ b/config/lcdproc/lcdproc.xml @@ -23,37 +23,37 @@ <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> </menu> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc/lcdproc.inc</item> + <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc/lcdproc_screens.xml</item> + <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc_screens.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc/lcdproc_client.php</item> + <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc_client.php</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://files.pfsense.org/packages/lcdproc/nexcom.so</item> + <item>https://files.pfsense.org/packages/lcdproc/nexcom.so</item> <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://files.pfsense.org/packages/lcdproc/SureElec.so</item> + <item>https://files.pfsense.org/packages/lcdproc/SureElec.so</item> <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://files.pfsense.org/packages/lcdproc/picolcd.so</item> + <item>https://files.pfsense.org/packages/lcdproc/picolcd.so</item> <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://files.pfsense.org/packages/lcdproc/libusb.so.2</item> + <item>https://files.pfsense.org/packages/lcdproc/libusb.so.2</item> <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/lightsquid/lightsquid.xml b/config/lightsquid/lightsquid.xml index 53d074c5..203cff68 100644 --- a/config/lightsquid/lightsquid.xml +++ b/config/lightsquid/lightsquid.xml @@ -74,32 +74,32 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/lightsquid/lightsquid.inc</item> + <item>https://packages.pfsense.org/packages/config/lightsquid/lightsquid.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/var/tmp/</prefix> <chmod>0755</chmod> - <item>http://files.pfsense.org/packages/All/lightsquid_tpl.tbz</item> + <item>https://files.pfsense.org/packages/All/lightsquid_tpl.tbz</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/sqstat/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/lightsquid/sqstat.class.php</item> + <item>https://packages.pfsense.org/packages/config/lightsquid/sqstat.class.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/sqstat/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/lightsquid/sqstat.php</item> + <item>https://packages.pfsense.org/packages/config/lightsquid/sqstat.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/sqstat/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/lightsquid/sqstat.css</item> + <item>https://packages.pfsense.org/packages/config/lightsquid/sqstat.css</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/sqstat/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/lightsquid/zhabascript.js</item> + <item>https://packages.pfsense.org/packages/config/lightsquid/zhabascript.js</item> </additional_files_needed> <fields> <field> diff --git a/config/mactovendor/bin/diag_arp.php_ b/config/mactovendor/bin/diag_arp.php_ index 97e9b4bc..b66395a3 100644 --- a/config/mactovendor/bin/diag_arp.php_ +++ b/config/mactovendor/bin/diag_arp.php_ @@ -1,7 +1,7 @@ <?php /* diag_arp.php - part of the pfSense project (http://www.pfsense.org) + part of the pfSense project (https://www.pfsense.org) Copyright (C) 2004-2009 Scott Ullrich <sullrich@gmail.com> originally part of m0n0wall (http://m0n0.ch/wall) diff --git a/config/mactovendor/mactovendor.xml b/config/mactovendor/mactovendor.xml index f0a67eb5..ab92f9fe 100644 --- a/config/mactovendor/mactovendor.xml +++ b/config/mactovendor/mactovendor.xml @@ -10,32 +10,32 @@ <additional_files_needed> <prefix>/usr/local/pkg/mactovendor/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/mactovendor/mactovendor.inc</item> + <item>https://packages.pfsense.org/packages/config/mactovendor/mactovendor.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/mactovendor/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/mactovendor/bin/diag_arp.php_</item> + <item>https://packages.pfsense.org/packages/config/mactovendor/bin/diag_arp.php_</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/mactovendor/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/mactovendor/bin/status_dhcp_leases.php_</item> + <item>https://packages.pfsense.org/packages/config/mactovendor/bin/status_dhcp_leases.php_</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/mactovendor/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/mactovendor/bin/status_interfaces.php_</item> + <item>https://packages.pfsense.org/packages/config/mactovendor/bin/status_interfaces.php_</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/mactovendor/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/mactovendor/bin/status_wireless.php_</item> + <item>https://packages.pfsense.org/packages/config/mactovendor/bin/status_wireless.php_</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/mactovendor/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/mactovendor/bin/mac-prefixes</item> + <item>https://packages.pfsense.org/packages/config/mactovendor/bin/mac-prefixes</item> </additional_files_needed> <custom_php_install_command> mactovendor_custom_php_install_command(); diff --git a/config/mailreport/mail_reports.inc b/config/mailreport/mail_reports.inc index cf8c837c..aa2bc3ce 100644 --- a/config/mailreport/mail_reports.inc +++ b/config/mailreport/mail_reports.inc @@ -194,11 +194,13 @@ function mail_report_send($headertext, $cmdtext, $logtext, $attachments) { $mail = new PHPMailer(); $mail->IsSMTP(); $mail->Host = $config['notifications']['smtp']['ipaddress']; + $mail->Port = empty($config['notifications']['smtp']['port']) ? 25 : $config['notifications']['smtp']['port']; - if ($config['notifications']['smtp']['ssl'] == "checked") + if ((isset($config['notifications']['smtp']['ssl']) && $config['notifications']['smtp']['ssl'] != "unchecked") || $config['notifications']['smtp']['ssl'] == "checked") $mail->SMTPSecure = "ssl"; - $mail->Port = empty($config['notifications']['smtp']['port']) ? 25 : $config['notifications']['smtp']['port']; + if ((isset($config['notifications']['smtp']['tls']) && $config['notifications']['smtp']['tls'] != "unchecked") || $config['notifications']['smtp']['tls'] == "checked") + $mail->SMTPSecure = "tls"; if($config['notifications']['smtp']['username'] && $config['notifications']['smtp']['password']) { @@ -209,11 +211,11 @@ function mail_report_send($headertext, $cmdtext, $logtext, $attachments) { $mail->ContentType = 'text/html'; $mail->IsHTML(true); - $mail->AddReplyTo($config['notifications']['smtp']['fromaddress'], "Firewall Graph Report"); - $mail->SetFrom($config['notifications']['smtp']['fromaddress'], "Firewall Graph Report"); + $mail->AddReplyTo($config['notifications']['smtp']['fromaddress'], "Firewall Email Report"); + $mail->SetFrom($config['notifications']['smtp']['fromaddress'], "Firewall Email Report"); $address = $config['notifications']['smtp']['notifyemailaddress']; $mail->AddAddress($address, "Report Recipient"); - $mail->Subject = "{$config['system']['hostname']}.{$config['system']['domain']} Graph Report: {$headertext}"; + $mail->Subject = "{$config['system']['hostname']}.{$config['system']['domain']} Email Report: {$headertext}"; $mail->Body .= "This is a periodic report from your firewall, {$config['system']['hostname']}.{$config['system']['domain']}.<br /><br />Current report: {$headertext}<br />\n<br />\n"; if (!empty($cmdtext)) $mail->Body .= $cmdtext; @@ -1232,8 +1234,7 @@ function mail_report_get_log($logfile, $tail, $grepfor) { $logarr = ""; $grepline = " "; if(is_array($grepfor)) - foreach($grepfor as $agrep) - $grepline .= " | grep \"$agrep\""; + $grepline = " | /usr/bin/egrep " . escapeshellarg(implode("|", $grepfor)); if($config['system']['disablesyslogclog']) { exec("cat {$logfile}{$grepline} | /usr/bin/tail -n {$tail}", $logarr); } else { diff --git a/config/mailreport/mailreport.xml b/config/mailreport/mailreport.xml index 3b926753..fe0b98b6 100644 --- a/config/mailreport/mailreport.xml +++ b/config/mailreport/mailreport.xml @@ -37,52 +37,52 @@ ]]> </copyright> <name>mailreport</name> - <version>2.0.7</version> - <title>Status: Mail Reports</title> + <version>2.0.10</version> + <title>Status: Email Reports</title> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/mailreport/mail_reports_generate.php</item> + <item>https://packages.pfsense.org/packages/config/mailreport/mail_reports_generate.php</item> </additional_files_needed> <additional_files_needed> <prefix>/etc/inc/</prefix> - <item>http://www.pfsense.com/packages/config/mailreport/mail_reports.inc</item> + <item>https://packages.pfsense.org/packages/config/mailreport/mail_reports.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/etc/inc/phpmailer/</prefix> - <item>http://www.pfsense.com/packages/config/mailreport/class.phpmailer.php</item> + <item>https://packages.pfsense.org/packages/config/mailreport/class.phpmailer.php</item> </additional_files_needed> <additional_files_needed> <prefix>/etc/inc/phpmailer/</prefix> - <item>http://www.pfsense.com/packages/config/mailreport/class.pop3.php</item> + <item>https://packages.pfsense.org/packages/config/mailreport/class.pop3.php</item> </additional_files_needed> <additional_files_needed> <prefix>/etc/inc/phpmailer/</prefix> - <item>http://www.pfsense.com/packages/config/mailreport/class.smtp.php</item> + <item>https://packages.pfsense.org/packages/config/mailreport/class.smtp.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report.php</item> + <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report_edit.php</item> + <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report_add_cmd.php</item> + <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report_add_cmd.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report_add_log.php</item> + <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report_add_log.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report_add_graph.php</item> + <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report_add_graph.php</item> </additional_files_needed> <menu> - <name>E-Mail Reports</name> - <tooltiptext>Setup periodic e-mail reports.</tooltiptext> + <name>Email Reports</name> + <tooltiptext>Setup periodic email reports.</tooltiptext> <section>Status</section> <url>/status_mail_report.php</url> </menu> @@ -101,4 +101,4 @@ exec("rm /usr/local/www/status_mail_report_add_graph.php"); ]]> </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/mailreport/status_mail_report.php b/config/mailreport/status_mail_report.php index e08a7272..b530587f 100644 --- a/config/mailreport/status_mail_report.php +++ b/config/mailreport/status_mail_report.php @@ -33,8 +33,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreports -##|*NAME=Status: E-Mail Reports page -##|*DESCR=Allow access to the 'Status: E-Mail Reports' page. +##|*NAME=Status: Email Reports page +##|*DESCR=Allow access to the 'Status: Email Reports' page. ##|*MATCH=status_mail_report.php* ##|-PRIV @@ -54,14 +54,14 @@ if ($_GET['act'] == "del") { // Fix up cron job(s) set_mail_report_cron_jobs($a_mailreports); - write_config("Removed Mail Report '{$name}'"); + write_config("Removed Email Report '{$name}'"); configure_cron(); header("Location: status_mail_report.php"); exit; } } -$pgtitle = array(gettext("Status"),gettext("Mail Reports")); +$pgtitle = array(gettext("Status"),gettext("Email Reports")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -69,15 +69,15 @@ include("head.inc"); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td><div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td colspan="4">Here you can define a list of reports to be sent by e-mail. </td></tr> + <tr><td colspan="4">Here you can define a list of reports to be sent by email. </td></tr> <tr><td> </td></tr> <tr> - <td width="35%" class="listhdr"><?=gettext("Description");?></td> - <td width="25%" class="listhdr"><?=gettext("Schedule");?></td> - <td width="10%" class="listhdr"><?=gettext("Cmds");?></td> - <td width="10%" class="listhdr"><?=gettext("Logs");?></td> - <td width="10%" class="listhdr"><?=gettext("Graphs");?></td> - <td width="10%" class="list"><a href="status_mail_report_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td width="34%" class="listhdr"><?=gettext("Description");?></td> + <td width="24%" class="listhdr"><?=gettext("Schedule");?></td> + <td width="12%" class="listhdr"><?=gettext("Commands");?></td> + <td width="12%" class="listhdr"><?=gettext("Logs");?></td> + <td width="12%" class="listhdr"><?=gettext("Graphs");?></td> + <td width="6%" class="list"><a href="status_mail_report_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> </tr> <?php $i = 0; foreach ($a_mailreports as $mailreport): ?> <tr ondblclick="document.location='status_mail_report_edit.php?id=<?=$i;?>'"> diff --git a/config/mailreport/status_mail_report_add_cmd.php b/config/mailreport/status_mail_report_add_cmd.php index b4527584..6a924142 100644 --- a/config/mailreport/status_mail_report_add_cmd.php +++ b/config/mailreport/status_mail_report_add_cmd.php @@ -34,8 +34,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreportsaddcmd -##|*NAME=Status: E-Mail Reports: Add Command page -##|*DESCR=Allow access to the 'Status: E-Mail Reports: Add Command' page. +##|*NAME=Status: Email Reports: Add Command page +##|*DESCR=Allow access to the 'Status: Email Reports: Add Command' page. ##|*MATCH=status_mail_report_add_cmd.php* ##|-PRIV @@ -89,7 +89,7 @@ if ($_POST) { } -$pgtitle = array(gettext("Status"),gettext("Add Mail Report Command")); +$pgtitle = array(gettext("Status"),gettext("Add Email Report Command")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> diff --git a/config/mailreport/status_mail_report_add_graph.php b/config/mailreport/status_mail_report_add_graph.php index 663d8f9b..3f629d56 100644 --- a/config/mailreport/status_mail_report_add_graph.php +++ b/config/mailreport/status_mail_report_add_graph.php @@ -34,8 +34,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreportsaddgraph -##|*NAME=Status: E-Mail Reports: Add Graph page -##|*DESCR=Allow access to the 'Status: E-Mail Reports: Add Graph' page. +##|*NAME=Status: Email Reports: Add Graph page +##|*DESCR=Allow access to the 'Status: Email Reports: Add Graph' page. ##|*MATCH=status_mail_report_add_graph.php* ##|-PRIV @@ -158,7 +158,7 @@ if ($_POST) { } -$pgtitle = array(gettext("Status"),gettext("Add Mail Report Graph")); +$pgtitle = array(gettext("Status"),gettext("Add Email Report Graph")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> diff --git a/config/mailreport/status_mail_report_add_log.php b/config/mailreport/status_mail_report_add_log.php index 0b140723..83786994 100644 --- a/config/mailreport/status_mail_report_add_log.php +++ b/config/mailreport/status_mail_report_add_log.php @@ -34,8 +34,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreportsaddlog -##|*NAME=Status: E-Mail Reports: Add Log page -##|*DESCR=Allow access to the 'Status: E-Mail Reports: Add Log' page. +##|*NAME=Status: Email Reports: Add Log page +##|*DESCR=Allow access to the 'Status: Email Reports: Add Log' page. ##|*MATCH=status_mail_report_add_log.php* ##|-PRIV @@ -95,7 +95,7 @@ if ($_POST) { } -$pgtitle = array(gettext("Status"),gettext("Add Mail Report Log")); +$pgtitle = array(gettext("Status"),gettext("Add Email Report Log")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> diff --git a/config/mailreport/status_mail_report_edit.php b/config/mailreport/status_mail_report_edit.php index 0baa9aa6..e51a4fc6 100644 --- a/config/mailreport/status_mail_report_edit.php +++ b/config/mailreport/status_mail_report_edit.php @@ -33,8 +33,8 @@ ##|+PRIV ##|*IDENT=page-status-mailreportsedit -##|*NAME=Status: E-Mail Reports: Edit Report page -##|*DESCR=Allow access to the 'Status: E-Mail Reports: Edit Report' page. +##|*NAME=Status: Email Reports: Edit Report page +##|*DESCR=Allow access to the 'Status: Email Reports: Edit Report' page. ##|*MATCH=status_mail_report_edit.php* ##|-PRIV @@ -178,7 +178,7 @@ if ($_POST) { if ($pconfig['frequency'] == "yearly") { $pconfig['monthofyear'] = isset($pconfig['monthofyear']) ? $pconfig['monthofyear'] : 1; $friendly = "Yearly, on day {$pconfig['dayofmonth']} of {$monthofyear[$pconfig['monthofyear']]} at {$friendlytime}"; - } else { + } elseif ($pconfig['frequency'] != "quarterly") { if (isset($pconfig['monthofyear'])) unset($pconfig['monthofyear']); } @@ -203,7 +203,7 @@ if ($_POST) { return; } -$pgtitle = array(gettext("Status"),gettext("Edit Mail Reports")); +$pgtitle = array(gettext("Status"),gettext("Edit Email Reports")); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -235,7 +235,7 @@ include("head.inc"); <option value="<?php echo $freq; ?>" <?php if($pconfig["frequency"] === $freq) echo "selected"; ?>><?php echo ucwords($freq); ?></option> <?php endforeach; ?> </select> - <br/>Select the frequency for the report to be sent via e-mail. + <br/>Select the frequency for the report to be sent via email. <br/> </td> <td></td> diff --git a/config/mailscanner/mailscanner.inc b/config/mailscanner/mailscanner.inc index 9f5fd11d..0147bb2e 100644 --- a/config/mailscanner/mailscanner.inc +++ b/config/mailscanner/mailscanner.inc @@ -134,7 +134,7 @@ function sync_package_mailscanner($via_rpc=false) { #General options $info =($mailscanner['orgname']?'%org-name% = '.$mailscanner['orgname']."\n":'%org-name% = Pfsense'."\n"); $info .=($mailscanner['longorgname']?'%org-long-name% = '.$mailscanner['longorgname']."\n":'%org-long-name% = Pfsense Inc.'."\n"); - $info .=($mailscanner['website']?'%web-site% = '.$mailscanner['website']."\n":'%web-site% = www.pfsense.com'."\n"); + $info .=($mailscanner['website']?'%web-site% = '.$mailscanner['website']."\n":'%web-site% = www.pfsense.org'."\n"); $max_children =($mailscanner['max_children']?$mailscanner['max_children']:'5'); $scan_messages=(preg_match('/ScanMessages/',$mailscanner['pim'])?"yes":"no"); $reject_message=(preg_match('/RejectMessage/',$mailscanner['pim'])?"yes":"no"); diff --git a/config/mailscanner/mailscanner.xml b/config/mailscanner/mailscanner.xml index 2f97fcec..a7115a5c 100644 --- a/config/mailscanner/mailscanner.xml +++ b/config/mailscanner/mailscanner.xml @@ -58,64 +58,64 @@ <description>MailScanner</description> </service> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner.inc</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner.xml</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_report.xml</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_report.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_antispam.xml</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_antispam.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_alerts.xml</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_alerts.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_antivirus.xml</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_antivirus.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_attachments.xml</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_attachments.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_content.xml</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_content.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_sync.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_about.php</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_about.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner.conf.template</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.conf.template</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/mailscanner/pkg_mailscanner.inc</item> + <item>https://packages.pfsense.org/packages/config/mailscanner/pkg_mailscanner.inc</item> </additional_files_needed> <tabs> <tab> diff --git a/config/mailscanner/mailscanner_about.php b/config/mailscanner/mailscanner_about.php index c3408906..1909e039 100755 --- a/config/mailscanner/mailscanner_about.php +++ b/config/mailscanner/mailscanner_about.php @@ -1,7 +1,7 @@ <?php /* mailscanner_about.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> All rights reserved. @@ -29,8 +29,8 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "About: Mailscanner Package"; @@ -95,11 +95,11 @@ include("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td> - <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> + <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td> - <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> + <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td> </tr> </table> diff --git a/config/miniupnpd/miniupnpd.xml b/config/miniupnpd/miniupnpd.xml index 53d70851..5474e4ee 100644 --- a/config/miniupnpd/miniupnpd.xml +++ b/config/miniupnpd/miniupnpd.xml @@ -76,17 +76,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/miniupnpd/miniupnpd.inc</item> + <item>https://packages.pfsense.org/packages/config/miniupnpd/miniupnpd.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/miniupnpd/status_upnp.php</item> + <item>https://packages.pfsense.org/packages/config/miniupnpd/status_upnp.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/sbin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/miniupnpd/sbin/miniupnpd</item> + <item>https://packages.pfsense.org/packages/config/miniupnpd/sbin/miniupnpd</item> </additional_files_needed> <fields> <field> diff --git a/config/miniupnpd/sbin/miniupnpd b/config/miniupnpd/sbin/miniupnpd Binary files differindex cb2f107d..cdd5de0e 100755 --- a/config/miniupnpd/sbin/miniupnpd +++ b/config/miniupnpd/sbin/miniupnpd diff --git a/config/miniupnpd/status_upnp.php b/config/miniupnpd/status_upnp.php index 2c374fce..5164c501 100644 --- a/config/miniupnpd/status_upnp.php +++ b/config/miniupnpd/status_upnp.php @@ -2,7 +2,7 @@ /* $Id$ */ /* status_upnp.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Seth Mos <seth.mos@dds.nl>. All rights reserved. diff --git a/config/netio-newpkg.xml b/config/netio-newpkg.xml index 00ba1971..6f8551b8 100644 --- a/config/netio-newpkg.xml +++ b/config/netio-newpkg.xml @@ -59,7 +59,7 @@ </file> <file> <type>configfile</type> - <location>http://www.pfsense.com/packages/config/netioserver-newpkg.xml</location> + <location>https://packages.pfsense.org/packages/config/netioserver-newpkg.xml</location> </file> </files> <services> diff --git a/config/netio.xml b/config/netio.xml index bce2e077..cf0839d7 100644 --- a/config/netio.xml +++ b/config/netio.xml @@ -68,7 +68,7 @@ </tab> </tabs> <additional_files_needed> - <item>http://www.pfsense.com/packages/config/netioserver.xml</item> + <item>https://packages.pfsense.org/packages/config/netioserver.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/nmap/nmap.inc b/config/nmap/nmap.inc index 552ad01c..18708159 100644 --- a/config/nmap/nmap.inc +++ b/config/nmap/nmap.inc @@ -1,7 +1,7 @@ <? /* $Id$ */ /* - part of pfSense (http://www.pfsense.org/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Bill Marquette - bill.marquette@gmail.com. All rights reserved. diff --git a/config/nmap/nmap.xml b/config/nmap/nmap.xml index cb3980a2..4034222a 100644 --- a/config/nmap/nmap.xml +++ b/config/nmap/nmap.xml @@ -62,7 +62,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.org/packages/config/nmap/nmap.inc</item> + <item>https://packages.pfsense.org/packages/config/nmap/nmap.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/notes/notes.xml b/config/notes/notes.xml index ae623493..513bf922 100644 --- a/config/notes/notes.xml +++ b/config/notes/notes.xml @@ -62,7 +62,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/notes/notes.inc</item> + <item>https://packages.pfsense.org/packages/config/notes/notes.inc</item> </additional_files_needed> <adddeleteeditpagefields> <columnitem> diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml index 5b84b97f..8d65c97b 100644 --- a/config/nrpe2/nrpe2.xml +++ b/config/nrpe2/nrpe2.xml @@ -23,7 +23,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/nrpe2/nrpe2.inc</item> + <item>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/ntop/ntop.xml b/config/ntop/ntop.xml index b635ef1f..5a7cd47a 100644 --- a/config/ntop/ntop.xml +++ b/config/ntop/ntop.xml @@ -45,7 +45,7 @@ <additional_files_needed> <prefix>/usr/local/lib/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/ntop/bin/librrd_th.so.2</item> + <item>https://packages.pfsense.org/packages/config/ntop/bin/librrd_th.so.2</item> </additional_files_needed> <menu> <name>ntop Settings</name> diff --git a/config/nut/nut.inc b/config/nut/nut.inc index 46c5741e..793e24fd 100644 --- a/config/nut/nut.inc +++ b/config/nut/nut.inc @@ -1,7 +1,7 @@ <?php /* nut.inc - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2007 Ryan Wagoner <rswagoner@gmail.com>. All rights reserved. diff --git a/config/nut/nut.xml b/config/nut/nut.xml index fcfbdfe6..b78c9dba 100644 --- a/config/nut/nut.xml +++ b/config/nut/nut.xml @@ -77,12 +77,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/nut/nut.inc</item> + <item>https://packages.pfsense.org/packages/config/nut/nut.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/nut/status_nut.php</item> + <item>https://packages.pfsense.org/packages/config/nut/status_nut.php</item> </additional_files_needed> <fields> <field> diff --git a/config/nut/status_nut.php b/config/nut/status_nut.php index 3bee0ba0..0bb1145c 100644 --- a/config/nut/status_nut.php +++ b/config/nut/status_nut.php @@ -1,7 +1,7 @@ <?php /* status_nut.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2007 Ryan Wagoner <rswagoner@gmail.com>. All rights reserved. diff --git a/config/olsrd.xml b/config/olsrd.xml index 9709392d..a1669a33 100644 --- a/config/olsrd.xml +++ b/config/olsrd.xml @@ -24,7 +24,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/olsrd.inc</item> + <item>https://packages.pfsense.org/packages/config/olsrd.inc</item> </additional_files_needed> <!-- configpath gets expanded out automatically and config items will be stored in that location --> diff --git a/config/onatproto/onatproto.xml b/config/onatproto/onatproto.xml index e4e4e8b9..46dd72c7 100644 --- a/config/onatproto/onatproto.xml +++ b/config/onatproto/onatproto.xml @@ -52,12 +52,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/onatproto/onatproto.inc</item> + <item>https://packages.pfsense.org/packages/config/onatproto/onatproto.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/onatproto/onatproto.patch</item> + <item>https://packages.pfsense.org/packages/config/onatproto/onatproto.patch</item> </additional_files_needed> <custom_php_install_command> onatproto_install(); diff --git a/config/open-vm-tools/open-vm-tools.xml b/config/open-vm-tools/open-vm-tools.xml index 40a8fc51..c705f0e9 100644 --- a/config/open-vm-tools/open-vm-tools.xml +++ b/config/open-vm-tools/open-vm-tools.xml @@ -47,7 +47,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/open-vm-tools/open-vm-tools.inc</item> + <item>https://packages.pfsense.org/packages/config/open-vm-tools/open-vm-tools.inc</item> </additional_files_needed> <custom_add_php_command> </custom_add_php_command> diff --git a/config/open-vm-tools_2/open-vm-tools.xml b/config/open-vm-tools_2/open-vm-tools.xml index ad2b465b..02247242 100644 --- a/config/open-vm-tools_2/open-vm-tools.xml +++ b/config/open-vm-tools_2/open-vm-tools.xml @@ -47,7 +47,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/open-vm-tools_2/open-vm-tools.inc</item> + <item>https://packages.pfsense.org/packages/config/open-vm-tools_2/open-vm-tools.inc</item> </additional_files_needed> <custom_add_php_command> </custom_add_php_command> diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 9af83758..76aeb54f 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -90,9 +90,11 @@ function openbgpd_install_conf() { $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n"; // Specify listen ip - if($openbgpd_conf['listenip']) + if(!empty($openbgpd_conf['listenip'])) $conffile .= "listen on {$openbgpd_conf['listenip']}\n"; - + else + $conffile .= "listen on 0.0.0.0\n"; + // Specify router id if($openbgpd_conf['routerid']) $conffile .= "router-id {$openbgpd_conf['routerid']}\n"; @@ -127,8 +129,11 @@ function openbgpd_install_conf() { $conffile .= "\t\t{$row['parameters']} {$row['parmvalue']} \n"; } } - if ($setlocaladdr == true) + if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) $conffile .= "\t\tlocal-address {$openbgpd_conf['listenip']}\n"; + else + $conffile .= "\t\tlocal-address 0.0.0.0\n"; + $conffile .= "}\n"; } } @@ -157,8 +162,11 @@ function openbgpd_install_conf() { $conffile .= "\t{$row['parameters']} {$row['parmvalue']} \n"; } } - if ($setlocaladdr == true) + if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) $conffile .= "\tlocal-address {$openbgpd_conf['listenip']}\n"; + else + $conffile .= "\tlocal-address 0.0.0.0\n"; + $conffile .= "}\n"; } } diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml index 73bda244..ff40452a 100644 --- a/config/openbgpd/openbgpd.xml +++ b/config/openbgpd/openbgpd.xml @@ -54,27 +54,27 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd_status.php</item> + <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_status.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd_raw.php</item> + <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_raw.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd.inc</item> + <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd_groups.xml</item> + <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_groups.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd_neighbors.xml</item> + <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_neighbors.xml</item> </additional_files_needed> <menu> <name>OpenBGPD</name> diff --git a/config/openbgpd/openbgpd_raw.php b/config/openbgpd/openbgpd_raw.php index 506a4475..ac6826b3 100644 --- a/config/openbgpd/openbgpd_raw.php +++ b/config/openbgpd/openbgpd_raw.php @@ -2,7 +2,7 @@ /* $Id$ */ /* openbgpd_raw.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2009 Aarno Aukia (aarnoaukia@gmail.com) All rights reserved. diff --git a/config/openbgpd/openbgpd_status.php b/config/openbgpd/openbgpd_status.php index 99076d12..58d63795 100644 --- a/config/openbgpd/openbgpd_status.php +++ b/config/openbgpd/openbgpd_status.php @@ -2,7 +2,7 @@ /* $Id$ */ /* openbgpd_status.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) All rights reserved. diff --git a/config/openospfd/openospfd.xml b/config/openospfd/openospfd.xml index ab948e7a..9498100f 100644 --- a/config/openospfd/openospfd.xml +++ b/config/openospfd/openospfd.xml @@ -7,17 +7,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openospfd/openospfd.inc</item> + <item>https://packages.pfsense.org/packages/config/openospfd/openospfd.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openospfd/openospfd_interfaces.xml</item> + <item>https://packages.pfsense.org/packages/config/openospfd/openospfd_interfaces.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openospfd/status_ospfd.php</item> + <item>https://packages.pfsense.org/packages/config/openospfd/status_ospfd.php</item> </additional_files_needed> <menu> <name>OpenOSPFd</name> diff --git a/config/openospfd/openospfd_interfaces.xml b/config/openospfd/openospfd_interfaces.xml index 445eefea..61d36976 100644 --- a/config/openospfd/openospfd_interfaces.xml +++ b/config/openospfd/openospfd_interfaces.xml @@ -8,7 +8,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openospfd/openospfd.inc</item> + <item>https://packages.pfsense.org/packages/config/openospfd/openospfd.inc</item> </additional_files_needed> <menu> <name>OSPF</name> diff --git a/config/openospfd/status_ospfd.php b/config/openospfd/status_ospfd.php index 6fcca6bd..25f18d85 100644 --- a/config/openospfd/status_ospfd.php +++ b/config/openospfd/status_ospfd.php @@ -93,8 +93,8 @@ function doCmdT($title, $command) { echo "</table>\n"; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; ?> diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 4d6ded8f..1a34c260 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -236,7 +236,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys if (!empty($proxy)) { if ($proxy['proxy_type'] == "http") { - if ($proto == "udp") { + + if (strtoupper(substr($settings['protocol'], 0, 3)) == "UDP") { $input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy."; return; } @@ -344,7 +345,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys $conf .= "management-hold{$nl}"; $conf .= "# query management channel for user/pass{$nl}"; $conf .= "management-query-passwords{$nl}"; - $conf .= "# disconnect VPN when managment program connection is closed{$nl}"; + $conf .= "# disconnect VPN when management program connection is closed{$nl}"; $conf .= "management-signal{$nl}"; $conf .= "# forget password when management disconnects{$nl}"; $conf .= "management-forget-disconnect{$nl}"; @@ -629,7 +630,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", $outpass, true, true, $openvpnmanager, $advancedoptions); if (!$conf) return false; @@ -733,7 +734,10 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco } else { if (!$interface) $interface = "wan"; - $server_host = get_interface_ip($interface); + if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) + $server_host = get_interface_ipv6($interface); + else + $server_host = get_interface_ip($interface); } } else if ($useaddr == "serverhostname" || empty($useaddr)) { $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; @@ -742,7 +746,10 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco $server_host = $useaddr; $server_port = $settings['local_port']; - $proto = (strtoupper($settings['protocol']) == 'UDP' ? 'udp' : "tcp-client"); + + $proto = strtolower($settings['protocol']); + if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") + $proto .= "-client"; $cipher = $settings['crypto']; $digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1"; @@ -837,7 +844,10 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac } else { if (!$interface || ($interface == "any")) $interface = "wan"; - $server_host = get_interface_ip($interface); + if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) + $server_host = get_interface_ipv6($interface); + else + $server_host = get_interface_ip($interface); } } else if ($useaddr == "serverhostname" || empty($useaddr)) { $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; @@ -845,7 +855,10 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac } else $server_host = $useaddr; - $proto = (strtoupper($settings['protocol']) == 'UDP' ? 'udp' : "tcp"); + $proto = strtolower($settings['protocol']); + if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") + $proto .= "-client"; + if (($expformat == "inlineios") && ($proto == "tcp-client")) $proto = "tcp"; @@ -867,6 +880,9 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe filter_generate_optcfg_array(); $destinations = array(); + if (!is_array($config['nat']) || !is_array($config['nat']['rule'])) + return $destinations; + foreach ($config['nat']['rule'] as $natent) { $dest = array(); if (!isset($natent['disabled']) diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 0af838e9..a6a46649 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.2.4</version> + <version>1.2.9</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> @@ -22,27 +22,27 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.inc</item> + <item>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://files.pfsense.com/packages/openvpn-client-export/openvpn-client-export.tgz</item> + <item>https://files.pfsense.org/packages/openvpn-client-export/openvpn-client-export.tgz</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openvpn-client-export/vpn_openvpn_export.php</item> + <item>https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openvpn-client-export/vpn_openvpn_export_shared.php</item> + <item>https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export_shared.php</item> </additional_files_needed> <additional_files_needed> <prefix>/etc/inc/priv/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openvpn-client-export/openvpnexport.inc</item> + <item>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpnexport.inc</item> </additional_files_needed> <custom_php_install_command> openvpn_client_export_install(); diff --git a/config/openvpn-status/openvpn-status.xml b/config/openvpn-status/openvpn-status.xml index 8ef27ded..cecd6952 100644 --- a/config/openvpn-status/openvpn-status.xml +++ b/config/openvpn-status/openvpn-status.xml @@ -57,7 +57,7 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openvpn-status/status_openvpn.php</item> + <item>https://packages.pfsense.org/packages/config/openvpn-status/status_openvpn.php</item> </additional_files_needed> <custom_php_deinstall_command> <![CDATA[ diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml index a9754610..ef498545 100644 --- a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml +++ b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml @@ -52,17 +52,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc</item> + <item>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch</item> + <item>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch</item> + <item>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch</item> </additional_files_needed> <custom_php_install_command> openvpn_tapfix_20x_install(); diff --git a/config/ovpnenhance/ovpnenhance.xml b/config/ovpnenhance/ovpnenhance.xml index 13f363d6..e6e5ad9d 100644 --- a/config/ovpnenhance/ovpnenhance.xml +++ b/config/ovpnenhance/ovpnenhance.xml @@ -12,27 +12,27 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/ovpnenhance/ovpnenhance.inc</item> + <item>https://packages.pfsense.org/packages/config/ovpnenhance/ovpnenhance.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn.inc_tls</item> + <item>https://packages.pfsense.org/packages/config/ovpnenhance/openvpn.inc_tls</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn.xml_tls</item> + <item>https://packages.pfsense.org/packages/config/ovpnenhance/openvpn.xml_tls</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn_cli.xml_tls</item> + <item>https://packages.pfsense.org/packages/config/ovpnenhance/openvpn_cli.xml_tls</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn_csc.xml_tls</item> + <item>https://packages.pfsense.org/packages/config/ovpnenhance/openvpn_csc.xml_tls</item> </additional_files_needed> <custom_php_install_command> ovpnenhance_install(); diff --git a/config/packetcapturefix/packetcapturefix.xml b/config/packetcapturefix/packetcapturefix.xml index 96386cf9..cea6f4d1 100644 --- a/config/packetcapturefix/packetcapturefix.xml +++ b/config/packetcapturefix/packetcapturefix.xml @@ -52,12 +52,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/packetcapturefix/packetcapturefix.inc</item> + <item>https://packages.pfsense.org/packages/config/packetcapturefix/packetcapturefix.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/packetcapturefix/packetcapturefix.patch</item> + <item>https://packages.pfsense.org/packages/config/packetcapturefix/packetcapturefix.patch</item> </additional_files_needed> <custom_php_install_command> packetcapturefix_install(); diff --git a/config/patch_rc_filter_dirty/patch_rc_filter_dirty.inc b/config/patch_rc_filter_dirty/patch_rc_filter_dirty.inc deleted file mode 100644 index 85b5edf6..00000000 --- a/config/patch_rc_filter_dirty/patch_rc_filter_dirty.inc +++ /dev/null @@ -1,18 +0,0 @@ -<?php - -function patch_rc_filter_dirty_install() { - global $g, $config; - - // Test to make sure the patch is not already applied. - $out = `patch -fslC --reverse -p1 -b .before_patch_rc_filter_dirty -d / -i /usr/local/pkg/patch_rc_filter_dirty.patch |& grep -ci reject`; - if ($out == 0) { - // If the patch has not already been applied, test to see if it will apply cleanly. - $out = `patch -fsNlC -p1 -b .before_patch_rc_filter_dirty -d / -i /usr/local/pkg/patch_rc_filter_dirty.patch |& grep -ci reject`; - if ($out == 0) { - // The patch should apply cleanly, let 'er rip. - mwexec("patch -fsNl -p1 -b .before_patch_rc_filter_dirty -d / -i /usr/local/pkg/patch_rc_filter_dirty.patch "); - } - } -} - -?>
\ No newline at end of file diff --git a/config/patch_rc_filter_dirty/patch_rc_filter_dirty.patch b/config/patch_rc_filter_dirty/patch_rc_filter_dirty.patch deleted file mode 100644 index c0848a8c..00000000 --- a/config/patch_rc_filter_dirty/patch_rc_filter_dirty.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- /etc/rc.orig 2010-06-24 18:38:58.000000000 +0000 -+++ /etc/rc 2010-06-24 18:39:06.000000000 +0000 -@@ -319,7 +319,6 @@ - - # Remove stale files that have already been processed by bootup - # scripts --rm -f /tmp/filter_dirty - rm -f /tmp/rc.linkup - nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status & - diff --git a/config/patch_rc_filter_dirty/patch_rc_filter_dirty.xml b/config/patch_rc_filter_dirty/patch_rc_filter_dirty.xml deleted file mode 100644 index 63f8f7d6..00000000 --- a/config/patch_rc_filter_dirty/patch_rc_filter_dirty.xml +++ /dev/null @@ -1,65 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - patch_rc_filter_dirty.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2010 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Patch to stop /etc/rc from removing /tmp/filter_dirty on boot. Fixes boot issues with some packages on certain platforms.</description> - <requirements>pfSense 1.2.3</requirements> - <faq>None</faq> - <name>Patch rc to leave filter_dirty</name> - <version>0.2</version> - <title>Patch rc to leave filter_dirty</title> - <include_file>/usr/local/pkg/patch_rc_filter_dirty.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/patch_rc_filter_dirty/patch_rc_filter_dirty.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/patch_rc_filter_dirty/patch_rc_filter_dirty.patch</item> - </additional_files_needed> - <custom_php_install_command> - patch_rc_filter_dirty_install(); - </custom_php_install_command> -</packagegui> diff --git a/config/pf-blocker/pfBlocker.widget.php b/config/pf-blocker/pfBlocker.widget.php index 60b0c754..6550ff57 100644 --- a/config/pf-blocker/pfBlocker.widget.php +++ b/config/pf-blocker/pfBlocker.widget.php @@ -2,7 +2,7 @@ /* Copyright 2011 Thomas Schaefer - Tomschaefer.org Copyright 2011 Marcello Coutinho - Part of pfSense widgets (www.pfsense.com) + Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index c40d742e..9740dce5 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -167,15 +167,6 @@ function sync_package_pfblocker($cron="") { #Create rule if action permits switch($continent_config['action']){ case "Deny_Both": - $rule = $base_rule; - $rule["type"] = $deny_action_inbound; - $rule["descr"]= "$pfb_alias auto rule"; - $rule["source"]= array("address"=> $pfb_alias); - $rule["destination"]=array("any"=>""); - if ($pfblocker_config['enable_log']){ - $rule["log"]=""; - } - $deny_inbound[]=$rule; case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; @@ -185,8 +176,9 @@ function sync_package_pfblocker($cron="") { if ($pfblocker_config['enable_log']){ $rule["log"]=""; } - $deny_outbound[]=$rule; - break; + $deny_outbound[]=$rule; + if ($continent_config['action'] != "Deny_Both") + break; case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; @@ -198,6 +190,7 @@ function sync_package_pfblocker($cron="") { } $deny_inbound[]=$rule; break; + case "Permit_Both": case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -208,7 +201,8 @@ function sync_package_pfblocker($cron="") { $rule["log"]=""; } $permit_outbound[]=$rule; - break; + if ($continent_config['action'] != "Permit_Both") + break; case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -317,15 +311,6 @@ function sync_package_pfblocker($cron="") { #Create rule if action permits switch($list['action']){ case "Deny_Both": - $rule = $base_rule; - $rule["type"] = $deny_action_inbound; - $rule["descr"]= "$alias auto rule"; - $rule["source"]= array("address"=> $alias); - $rule["destination"]=array("any"=>""); - if ($pfblocker_config['enable_log']){ - $rule["log"]=""; - } - $deny_inbound[]=$rule; case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; @@ -335,8 +320,9 @@ function sync_package_pfblocker($cron="") { if ($pfblocker_config['enable_log']){ $rule["log"]=""; } - $deny_outbound[]=$rule; - break; + $deny_outbound[]=$rule; + if ($list['action'] != "Deny_Both") + break; case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; @@ -348,6 +334,7 @@ function sync_package_pfblocker($cron="") { } $deny_inbound[]=$rule; break; + case "Permit_Both": case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -358,7 +345,8 @@ function sync_package_pfblocker($cron="") { $rule["log"]=""; } $permit_outbound[]=$rule; - break; + if ($list['action'] != "Permit_Both") + break; case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml index b4da539c..44658bcb 100755 --- a/config/pf-blocker/pfblocker.xml +++ b/config/pf-blocker/pfblocker.xml @@ -53,62 +53,62 @@ <url>/pkg_edit.php?xml=pfblocker.xml</url> </menu> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker.inc</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker.php</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/pfBlocker.widget.php</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/pfBlocker.widget.php</item> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_topspammers.xml</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker_topspammers.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_lists.xml</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker_lists.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker_sync.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/lists/Africa_cidr.txt</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/Africa_cidr.txt</item> <prefix>/usr/local/pkg/</prefix> <chmod>0555</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/lists/Asia_cidr.txt</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/Asia_cidr.txt</item> <prefix>/usr/local/pkg/</prefix> <chmod>0555</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/lists/Europe_cidr.txt</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/Europe_cidr.txt</item> <prefix>/usr/local/pkg/</prefix> <chmod>0555</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/lists/North_America_cidr.txt</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/North_America_cidr.txt</item> <prefix>/usr/local/pkg/</prefix> <chmod>0555</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/lists/Oceania_cidr.txt</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/Oceania_cidr.txt</item> <prefix>/usr/local/pkg/</prefix> <chmod>0555</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/lists/South_America_cidr.txt</item> + <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/South_America_cidr.txt</item> <prefix>/usr/local/pkg/</prefix> <chmod>0555</chmod> </additional_files_needed> @@ -224,13 +224,13 @@ <type>checkbox</type> <description><![CDATA[Continent Lists are provided by <a target=_new href='http://www.countryipblocks.net/'>countryipblocks.net</a>.<br> Dynamic rules can be found in <a target=_new href='http://www.iblocklist.com/'>I-Blocklist.com</a>.</br> - Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a> and <a target=_new href='http://www.tomschaefer.org/pfsense'>TomSchaefer</a>.<br>]]></description> + Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a> and <a target=_new href='http://www.tomschaefer.org/pfsense'>TomSchaefer</a>.<br>]]></description> </field> <field> <fielddescr>Donation</fielddescr> <fieldname>donation</fieldname> <type>checkbox</type> - <description><![CDATA[If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br> + <description><![CDATA[If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br> If you want your donation to go to these package developers, make a note on the donation forwarding it to us.<br>]]></description> </field> </fields> diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml index 4bde4b49..f1798d36 100755 --- a/config/pf-blocker/pfblocker_lists.xml +++ b/config/pf-blocker/pfblocker_lists.xml @@ -18,13 +18,16 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -63,20 +66,24 @@ <active/> </tab> + <tab> <text>Top Spammers</text> <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> </tab> - + + <tab> <text>Africa</text> <url>/pkg_edit.php?xml=pfblocker_Africa.xml&id=0</url> - + + </tab> <tab> <text>Asia</text> <url>/pkg_edit.php?xml=pfblocker_Asia.xml&id=0</url> - + + </tab> <tab> <text>Europe</text> @@ -109,6 +116,7 @@ <fieldname>description</fieldname> </columnitem> + <columnitem> <fielddescr>Action</fielddescr> <fieldname>action</fieldname> @@ -176,15 +184,19 @@ <fielddescr>List Action</fielddescr> <description><![CDATA[Default:<strong>Deny Inbound</strong><br> Select action for network on lists you have selected.<br><br> - <strong>Note: </strong><br>'Deny Both' - Will deny access on Both directions.<br> - 'Deny Inbound' - Will deny access from selected lists to your network.<br> - 'Deny Outbound' - Will deny access from your users to ip lists you selected to block.<br> - 'Permit Inbound' - Will allow access from selected lists to your network.<br> - 'Permit Outbound' - Will allow access from your users to ip lists you selected to block.<br> - 'Disabled' - Will just keep selection and do nothing to selected Lists.<br> - 'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.<br><br> - <strong>While creating rules with this list, keep aliasname in the beggining of rule description and do not end description with 'rule'.<br></strong> - custom rules with 'Aliasname something rule' description will be removed by package.]]></description> + <strong>'Deny' Rules:</strong><br> + 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are:<br> + <ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li> + <li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. </li> + <li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul> + <strong>'Permit' Rules:</strong><br> + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are not the opposite of Deny rules, and don't create any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br> + <ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They override <u>almost all other</u> Firewall rules on the stated interfaces.</li> + <li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a few IPs that should be accessible.</li></ul> + <strong>'Alias' and 'Disabled' Rules:</strong><br> + <ul><li><strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else). This enables a Pfblocker list to be used by name, in any firewall rule or Pfsense function, as desired.</li> + <li><strong>'Disabled'</strong> rules are kept for future use, but nothing is done with them.</li></ul><br> + <strong>While creating rules with this list, keep aliasname in the beginning of rule description and do not end description with 'rule'.</strong> Custom rules with 'Aliasname something rule' description will be removed by package.]]></description> <fieldname>action</fieldname> <type>select</type> <options> @@ -193,6 +205,7 @@ <option><name>Deny Both</name><value>Deny_Both</value></option> <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Permit Both</name><value>Permit_Both</value></option> <option><name>Alias only</name><value>Alias_only</value></option> <option><name>Disabled</name><value>Disabled</value></option> </options> @@ -238,4 +251,5 @@ <custom_php_resync_config_command> sync_package_pfblocker(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> + diff --git a/config/pfstat.xml b/config/pfstat.xml index 29d52bc2..eb07f732 100644 --- a/config/pfstat.xml +++ b/config/pfstat.xml @@ -98,7 +98,7 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/pfstat.php</item> + <item>https://packages.pfsense.org/packages/config/pfstat.php</item> </additional_files_needed> <!-- modify system will modify a file and make sure the text needed to run the package is in place. The following example edits /etc/crontab and adds the diff --git a/config/phpservice/phpservice.xml b/config/phpservice/phpservice.xml index 765dc8c7..44999496 100644 --- a/config/phpservice/phpservice.xml +++ b/config/phpservice/phpservice.xml @@ -73,22 +73,22 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/phpservice/phpservice.xml</item> + <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/phpservice/phpservice.inc</item> + <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/phpservice/phpservice_php.tmp</item> + <item>https://packages.pfsense.org/packages/config/phpservice/phpservice_php.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/phpservice/phpservice_php_edit.tmp</item> + <item>https://packages.pfsense.org/packages/config/phpservice/phpservice_php_edit.tmp</item> </additional_files_needed> <fields> <field> diff --git a/config/phpservice/phpservice_php.tmp b/config/phpservice/phpservice_php.tmp index 45ecf425..55de1ae8 100644 --- a/config/phpservice/phpservice_php.tmp +++ b/config/phpservice/phpservice_php.tmp @@ -91,7 +91,7 @@ if ($config_change == 1) { Is command line PHP designed to run PHP as a Service. The custom PHP code that is defined below is run over and over again inside a continuous loop. There are many possible uses such as monitoring CPU, Memory, File System Space, interacting with Snort, and many others uses that are yet to be discovered. It can send events to the sylog that will can be viewed from the system log or remote syslog server. example: exec("logger This is a test"); <br /><br /> - For more information see: <a href='http://doc.pfsense.org/index.php/PHPService'>http://doc.pfsense.org/index.php/PHPService</a> + For more information see: <a href='https://doc.pfsense.org/index.php/PHPService'>https://doc.pfsense.org/index.php/PHPService</a> </p></td> </tr> </table> diff --git a/config/phpsysinfo/phpsysinfo.xml b/config/phpsysinfo/phpsysinfo.xml index 116643a4..550c0785 100644 --- a/config/phpsysinfo/phpsysinfo.xml +++ b/config/phpsysinfo/phpsysinfo.xml @@ -70,12 +70,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/phpsysinfo/phpsysinfo.inc</item> + <item>https://packages.pfsense.org/packages/config/phpsysinfo/phpsysinfo.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://files.pfsense.org/packages/phpsysinfo-2.5.4.tar.gz</item> + <item>https://files.pfsense.org/packages/phpsysinfo-2.5.4.tar.gz</item> </additional_files_needed> <fields> <field> diff --git a/config/postfix/postfix.php b/config/postfix/postfix.php index 78eb551d..774c7573 100644 --- a/config/postfix/postfix.php +++ b/config/postfix/postfix.php @@ -1,7 +1,7 @@ <?php /* postfix.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. diff --git a/config/postfix/postfix.widget.php b/config/postfix/postfix.widget.php index 70051c1d..b7fc7af9 100755 --- a/config/postfix/postfix.widget.php +++ b/config/postfix/postfix.widget.php @@ -1,7 +1,7 @@ <?php /* Copyright 2011 Marcello Coutinho - Part of pfSense widgets (www.pfsense.com) + Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/config/postfix/postfix.xml b/config/postfix/postfix.xml index e9d2d953..59e58f41 100644 --- a/config/postfix/postfix.xml +++ b/config/postfix/postfix.xml @@ -71,84 +71,84 @@ <executable>master</executable> </service> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix.inc</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_acl.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_domains.xml</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_domains.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.xml</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_recipients.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_antispam.xml</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_antispam.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_sync.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_view_config.php</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_view_config.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.php</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_recipients.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_search.php</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_search.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix.php</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix.widget.php</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix.widget.php</item> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_about.php</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_about.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix_queue.php</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix_queue.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/postfix.priv.inc</item> + <item>https://packages.pfsense.org/packages/config/postfix/postfix.priv.inc</item> <prefix>/etc/inc/priv/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/postfix/adexport.pl</item> + <item>https://packages.pfsense.org/packages/config/postfix/adexport.pl</item> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/postfix/pkg_postfix.inc</item> + <item>https://packages.pfsense.org/packages/config/postfix/pkg_postfix.inc</item> </additional_files_needed> <tabs> <tab> diff --git a/config/postfix/postfix_about.php b/config/postfix/postfix_about.php index 56645646..87d0cf69 100755 --- a/config/postfix/postfix_about.php +++ b/config/postfix/postfix_about.php @@ -1,7 +1,7 @@ <?php /* postfix_about.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -30,8 +30,8 @@ $shortcut_section = "postfix"; require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Diagnostics: Search Mail"; @@ -78,11 +78,11 @@ include("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td> - <td width="78%" class="vtable"><?=gettext("Package v2 Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> + <td width="78%" class="vtable"><?=gettext("Package v2 Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td> - <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> + <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td> </tr> </table> diff --git a/config/postfix/postfix_queue.php b/config/postfix/postfix_queue.php index f60ac83e..7afd8fe7 100755 --- a/config/postfix/postfix_queue.php +++ b/config/postfix/postfix_queue.php @@ -1,7 +1,7 @@ <?php /* postfix_view_config.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -104,8 +104,8 @@ if ($_REQUEST['cmd']!=""){ get_cmd(); } else{ - $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); - if(strstr($pfSversion, "1.2")) + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.0) $one_two = true; $pgtitle = "Status: Postfix Mail Queue"; diff --git a/config/postfix/postfix_search.php b/config/postfix/postfix_search.php index 85648287..c29d8cf2 100755 --- a/config/postfix/postfix_search.php +++ b/config/postfix/postfix_search.php @@ -1,7 +1,7 @@ <?php /* postfix_search.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -34,8 +34,8 @@ $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Diagnostics: Search Mail"; diff --git a/config/postfix/postfix_view_config.php b/config/postfix/postfix_view_config.php index 59deb11e..24bfd575 100644 --- a/config/postfix/postfix_view_config.php +++ b/config/postfix/postfix_view_config.php @@ -1,7 +1,7 @@ <?php /* postfix_view_config.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -57,7 +57,7 @@ if ($_REQUEST['file']!=""){ } else{ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); - if(strstr($pfSversion, "1.2")) + if ($pf_version < 2.0) $one_two = true; $pgtitle = "Services: Postfix View Configuration"; diff --git a/config/pre2upgrade/pre2upgrade.php b/config/pre2upgrade/pre2upgrade.php index 79097002..c9112850 100644 --- a/config/pre2upgrade/pre2upgrade.php +++ b/config/pre2upgrade/pre2upgrade.php @@ -64,7 +64,7 @@ Config check output: <?php endif; ?> <br/><br/> Before proceeding with the upgrade, you should look over the upgrade guide on the doc wiki, which can be found here:<br/> -<a href="http://doc.pfsense.org/index.php/Upgrade_Guide">http://doc.pfsense.org/index.php/Upgrade_Guide</a>. +<a href="https://doc.pfsense.org/index.php/Upgrade_Guide">https://doc.pfsense.org/index.php/Upgrade_Guide</a>. </td></tr> </table> </div> diff --git a/config/pre2upgrade/pre2upgrade.xml b/config/pre2upgrade/pre2upgrade.xml index 0895c1cf..a0a26956 100644 --- a/config/pre2upgrade/pre2upgrade.xml +++ b/config/pre2upgrade/pre2upgrade.xml @@ -41,7 +41,7 @@ <title>Diagnostics: Pre-2.0 Upgrade Check</title> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <item>http://www.pfsense.com/packages/config/pre2upgrade/pre2upgrade.php</item> + <item>https://packages.pfsense.org/packages/config/pre2upgrade/pre2upgrade.php</item> </additional_files_needed> <menu> <name>Pre-Upgrade Check</name> diff --git a/config/pure-ftpd.xml b/config/pure-ftpd.xml index 7d9a70d6..4bace5cf 100644 --- a/config/pure-ftpd.xml +++ b/config/pure-ftpd.xml @@ -78,7 +78,7 @@ </adddeleteeditpagefields> <additional_files_needed> - <item>http://www.pfsense.com/packages/config/pure-ftpdsettings.xml</item> + <item>https://packages.pfsense.org/packages/config/pure-ftpdsettings.xml</item> </additional_files_needed> <!-- fields gets invoked when the user adds or edits a item. the following items diff --git a/config/quagga_ospfd/quagga_ospfd.xml b/config/quagga_ospfd/quagga_ospfd.xml index c975961b..76a396fa 100644 --- a/config/quagga_ospfd/quagga_ospfd.xml +++ b/config/quagga_ospfd/quagga_ospfd.xml @@ -7,22 +7,22 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd.inc</item> + <item>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd_interfaces.xml</item> + <item>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd_interfaces.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/quagga_ospfd/status_ospfd.php</item> + <item>https://packages.pfsense.org/packages/config/quagga_ospfd/status_ospfd.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>777</chmod> - <item>http://www.pfsense.com/packages/config/quagga_ospfd/quaggactl</item> + <item>https://packages.pfsense.org/packages/config/quagga_ospfd/quaggactl</item> </additional_files_needed> <menu> <name>Quagga OSPFd</name> diff --git a/config/quagga_ospfd/quagga_ospfd_interfaces.xml b/config/quagga_ospfd/quagga_ospfd_interfaces.xml index beb6f2b0..09635597 100644 --- a/config/quagga_ospfd/quagga_ospfd_interfaces.xml +++ b/config/quagga_ospfd/quagga_ospfd_interfaces.xml @@ -7,7 +7,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd.inc</item> + <item>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd.inc</item> </additional_files_needed> <menu> <name>OSPF</name> diff --git a/config/rate/rate.xml b/config/rate/rate.xml index 787ad815..a4aa4739 100644 --- a/config/rate/rate.xml +++ b/config/rate/rate.xml @@ -52,17 +52,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/rate/rate.inc</item> + <item>https://packages.pfsense.org/packages/config/rate/rate.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/rate/bandwidth_by_ip.php</item> + <item>https://packages.pfsense.org/packages/config/rate/bandwidth_by_ip.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/rate/status_graph.php</item> + <item>https://packages.pfsense.org/packages/config/rate/status_graph.php</item> </additional_files_needed> <custom_php_install_command> rate_install(); diff --git a/config/routed/routed.xml b/config/routed/routed.xml index b722a28d..8764b172 100644 --- a/config/routed/routed.xml +++ b/config/routed/routed.xml @@ -3,7 +3,7 @@ <copyright> /* $Id$ */ /* - part of pfSense (http://www.pfsense.org/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Bill Marquette - bill.marquette@gmail.com. All rights reserved. @@ -36,7 +36,7 @@ <include_file>/usr/local/pkg/routed.inc</include_file> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/routed/routed.inc</item> + <item>https://packages.pfsense.org/packages/config/routed/routed.inc</item> </additional_files_needed> <!-- Menu is where this packages menu will appear --> diff --git a/config/rrd-summary/rrd-summary.xml b/config/rrd-summary/rrd-summary.xml index a4a7c90f..4b62272d 100644 --- a/config/rrd-summary/rrd-summary.xml +++ b/config/rrd-summary/rrd-summary.xml @@ -57,7 +57,7 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/rrd-summary/status_rrd_summary.php</item> + <item>https://packages.pfsense.org/packages/config/rrd-summary/status_rrd_summary.php</item> </additional_files_needed> <custom_php_deinstall_command> <![CDATA[ diff --git a/config/sarg/sarg.xml b/config/sarg/sarg.xml index cc11cad4..a0162e3b 100644 --- a/config/sarg/sarg.xml +++ b/config/sarg/sarg.xml @@ -53,62 +53,62 @@ <url>/pkg_edit.php?xml=sarg.xml</url> </menu> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg.inc</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg_schedule.xml</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg_schedule.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg_sync.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg_users.xml</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg_users.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg_realtime.php</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg_realtime.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg_about.php</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg_about.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg.php</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg_reports.php</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg_reports.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg_frame.php</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg_frame.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg_sorttable.js</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg_sorttable.js</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg.template</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg.template</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/sarg/sarg.priv.inc</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg.priv.inc</item> <prefix>/etc/inc/priv/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/sarg/sarg_about.php b/config/sarg/sarg_about.php index 1321adf6..573dc5ee 100755 --- a/config/sarg/sarg_about.php +++ b/config/sarg/sarg_about.php @@ -1,7 +1,7 @@ <?php /* sarg_about.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> All rights reserved. @@ -29,8 +29,8 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "About: Sarg Package"; @@ -80,11 +80,11 @@ include("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td> - <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> + <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td> - <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> + <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td> </tr> </table> diff --git a/config/sarg/sarg_frame.php b/config/sarg/sarg_frame.php index 21638247..6f3c941e 100755 --- a/config/sarg/sarg_frame.php +++ b/config/sarg/sarg_frame.php @@ -1,7 +1,7 @@ <?php /* sarg_frame.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. diff --git a/config/sarg/sarg_realtime.php b/config/sarg/sarg_realtime.php index 76e89769..81ea0a79 100755 --- a/config/sarg/sarg_realtime.php +++ b/config/sarg/sarg_realtime.php @@ -1,7 +1,7 @@ <?php /* sarg_realtime.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> All rights reserved. @@ -99,8 +99,8 @@ if ($_REQUEST['cmd']!=""){ } else{ require("guiconfig.inc"); - $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); - if(strstr($pfSversion, "1.2")) + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.0) $one_two = true; $pgtitle = "Status: Sarg Realtime"; diff --git a/config/sarg/sarg_reports.php b/config/sarg/sarg_reports.php index b156a4d7..f18eb80e 100755 --- a/config/sarg/sarg_reports.php +++ b/config/sarg/sarg_reports.php @@ -1,7 +1,7 @@ <?php /* sarg_reports.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> All rights reserved. @@ -29,8 +29,8 @@ require("guiconfig.inc"); - $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); - if(strstr($pfSversion, "1.2")) + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.0) $one_two = true; $pgtitle = "Status: Sarg Reports"; diff --git a/config/sarg/sarg_schedule.xml b/config/sarg/sarg_schedule.xml index 9e1ad709..07e24d5c 100644 --- a/config/sarg/sarg_schedule.xml +++ b/config/sarg/sarg_schedule.xml @@ -47,12 +47,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/sarg/sarg.inc</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/sarg/sarg_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/sarg/sarg_sync.xml</item> </additional_files_needed> <menu> <name>sarg</name> diff --git a/config/servicewatchdog/services_servicewatchdog.php b/config/servicewatchdog/services_servicewatchdog.php index 920fd1bb..bd4d4442 100644 --- a/config/servicewatchdog/services_servicewatchdog.php +++ b/config/servicewatchdog/services_servicewatchdog.php @@ -56,8 +56,33 @@ if ($_GET['act'] == "del") { servicewatchdog_cron_job(); write_config(); header("Location: services_servicewatchdog.php"); - exit; + return; + } +} + +if (isset($_POST['Update'])) { + /* update selected services */ + if (is_array($_POST['notifies']) && count($_POST['notifies'])) { + /* Check each service and set the notify flag only for those chosen, remove those that are unset. */ + foreach ($a_pwservices as $idx => $thisservice) { + if (!is_array($thisservice)) + continue; + if (in_array($idx, $_POST['notifies'])) { + $a_pwservices[$idx]['notify'] = true; + } else { + if (isset($a_pwservices[$idx]['notify'])) + unset($a_pwservices[$idx]['notify']); + } + } + } else { /* No notifies selected, remove them all. */ + foreach ($a_pwservices as $idx => $thisservice) { + unset($a_pwservices[$idx]['notify']); + } } + servicewatchdog_cron_job(); + write_config(); + header("Location: services_servicewatchdog.php"); + return; } if (isset($_POST['del_x'])) { @@ -69,7 +94,7 @@ if (isset($_POST['del_x'])) { servicewatchdog_cron_job(); write_config(); header("Location: services_servicewatchdog.php"); - exit; + return; } } else { /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ @@ -141,6 +166,7 @@ include("head.inc"); </td></tr> <tr id="frheader"> <td width="5%" class="list"> </td> +<td width="5%" class="listhdrr">Notify</td> <td width="30%" class="listhdrr"><?=gettext("Service Name");?></td> <td width="60%" class="listhdrr"><?=gettext("Description");?></td> <td width="5%" class="list"> @@ -164,7 +190,8 @@ foreach ($a_pwservices as $thisservice): ?> <tr valign="top" id="fr<?=$nservices;?>"> <td class="listt"><input type="checkbox" id="frc<?=$nservices;?>" name="pwservices[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nservices;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td> - <td class="listlr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> + <td class="listlr"><input type="checkbox" id="notify<?=$nservices;?>" name="notifies[]" value="<?=$i;?>" style="margin: 0; padding: 0; width: 15px; height: 15px;" <?PHP if (isset($thisservice['notify'])) echo 'checked="CHECKED"';?>/></td> + <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> <?=$thisservice['name'];?> </td> <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> @@ -180,7 +207,7 @@ foreach ($a_pwservices as $thisservice): </td></tr> <?php $i++; $nservices++; endforeach; ?> <tr> - <td class="list" colspan="3"></td> + <td class="list" colspan="4"></td> <td class="list" valign="middle" nowrap> <table border="0" cellspacing="0" cellpadding="1" summary="add"> <tr> @@ -199,7 +226,14 @@ foreach ($a_pwservices as $thisservice): </table> </td> </tr> - <tr><td></td><td colspan="3"> + <tr><td></td><td colspan="4"> + <?php echo gettext("Check Notify next to services to perform an e-mail notification when the service is restarted. Configure e-mail notifications to receive the alerts."); ?> + <br/> + <input name="Update" type="submit" class="formbtn" value="<?=gettext("Update Notification Settings"); ?>" /> + <br/> + <br/> + </td><td></td></tr> + <tr><td></td><td colspan="4"> <?php echo gettext("Click to select a service and use the arrows to re-order them in the list. Higher services are checked first."); ?> </td><td></td></tr> </table> diff --git a/config/servicewatchdog/servicewatchdog.inc b/config/servicewatchdog/servicewatchdog.inc index 1bdb1ce9..5b638836 100644 --- a/config/servicewatchdog/servicewatchdog.inc +++ b/config/servicewatchdog/servicewatchdog.inc @@ -3,6 +3,7 @@ require_once("config.inc"); require_once("services.inc"); require_once("service-utils.inc"); require_once("util.inc"); +require_once("notices.inc"); function servicewatchdog_service_matches($svc1, $svc2) { /* If the arrays are equal, it must be the same service. */ @@ -48,14 +49,14 @@ function servicewatchdog_is_service_watched($svc) { return false; } -function servicewatchdog_cron_job() { +function servicewatchdog_cron_job($force_remove) { global $config; if (!is_array($config['installedpackages']['servicewatchdog']['item'])) { $config['installedpackages']['servicewatchdog']['item'] = array(); } $a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; - if (count($a_pwservices) > 0) { + if (($force_remove == false) && (count($a_pwservices) > 0)) { // Add the cron job if it doesn't exist. install_cron_job("/usr/local/pkg/servicewatchdog_cron.php", true, "*/1"); } else { @@ -74,10 +75,13 @@ function servicewatchdog_check_services() { foreach ($a_pwservices as $svc) { if (!get_service_status($svc)) { $descr = strlen($svc['description']) > 50 ? substr($svc['description'], 0, 50) . "..." : $svc['description']; - log_error("Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})"); + $error_message = "Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})"; + log_error($error_message); + if (isset($svc['notify'])) + notify_via_smtp($error_message); service_control_start($svc['name'], $svc); } } } -?>
\ No newline at end of file +?> diff --git a/config/servicewatchdog/servicewatchdog.xml b/config/servicewatchdog/servicewatchdog.xml index 5e1ce309..685ba997 100644 --- a/config/servicewatchdog/servicewatchdog.xml +++ b/config/servicewatchdog/servicewatchdog.xml @@ -40,7 +40,7 @@ <requirements>None</requirements> <faq>Monitors for stopped services and restarts them.</faq> <name>Service Watchdog</name> - <version>1.4</version> + <version>1.6</version> <title>Services: Service Watchdog</title> <include_file>/usr/local/pkg/servicewatchdog.inc</include_file> <menu> @@ -52,21 +52,27 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/servicewatchdog/services_servicewatchdog.php</item> + <item>https://packages.pfsense.org/packages/config/servicewatchdog/services_servicewatchdog.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/servicewatchdog/services_servicewatchdog_add.php</item> + <item>https://packages.pfsense.org/packages/config/servicewatchdog/services_servicewatchdog_add.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>755</chmod> - <item>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog_cron.php</item> + <item>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog_cron.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.inc</item> + <item>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.inc</item> </additional_files_needed> -</packagegui>
\ No newline at end of file + <custom_php_install_command> + servicewatchdog_cron_job(); + </custom_php_install_command> + <custom_php_deinstall_command> + servicewatchdog_cron_job(true); + </custom_php_deinstall_command> +</packagegui> diff --git a/config/shellcmd/shellcmd.xml b/config/shellcmd/shellcmd.xml index f478a6c2..ca472078 100644 --- a/config/shellcmd/shellcmd.xml +++ b/config/shellcmd/shellcmd.xml @@ -67,22 +67,22 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd.xml</item> + <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd.inc</item> + <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd.tmp</item> + <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd_edit.tmp</item> + <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd_edit.tmp</item> </additional_files_needed> <fields> <field> diff --git a/config/siproxd.xml b/config/siproxd.xml index 1e16a9ea..d989f964 100644 --- a/config/siproxd.xml +++ b/config/siproxd.xml @@ -70,17 +70,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/siproxdusers.xml</item> + <item>https://packages.pfsense.org/packages/config/siproxdusers.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/siproxd.inc</item> + <item>https://packages.pfsense.org/packages/config/siproxd.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/siproxd_registered_phones.php</item> + <item>https://packages.pfsense.org/packages/config/siproxd_registered_phones.php</item> </additional_files_needed> <fields> <field> diff --git a/config/snort-dev/bin/oinkmaster_contrib/README.contrib b/config/snort-dev/bin/oinkmaster_contrib/README.contrib deleted file mode 100644 index 6923fa26..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/README.contrib +++ /dev/null @@ -1,84 +0,0 @@ -# $Id: README.contrib,v 1.21 2005/10/18 10:41:20 andreas_o Exp $ # - -------------------------------------------------------------------------------- -* oinkgui.pl by Andreas Östling <andreaso@it.su.se> - - A graphical front-end to Oinkmaster written in Perl/Tk. - See README.gui for complete documentation. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* addsid.pl by Andreas Östling <andreaso@it.su.se> - - A script that parses *.rules in all specified directories and adds a - SID to (active) rules that don't have any. (Actually, rev and classtype - are also added if missing, unless you edit addsid.pl and tune this.) The - script first looks for the current highest SID (even in inactive rules) - and starts at the next one, unless this value is below MIN_SID (defined - inside addsid.pl). By default, this value is set to 1000001 since this - is the lowest SID assigned for local usage. Handles multi-line rules. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* create-sidmap.pl by Andreas Östling <andreaso@it.su.se> - - A script that parses all active rules in *.rules in all specified - directories and creates a SID map. (Like Snort's regen-sidmap, but this - one handles multi-line rules.) Result goes to standard output which can - be redirected to a sid-msg.map file. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* makesidex.pl, originally by Jerry Applebaum but later rewritten by - Andreas Östling <andreaso@it.su.se> to handle multi-line rules and - multiple rules directories. - - It reads *.rules in all specified directories, looks for all disabled - rules and prints a "disablesid <sid> # <msg>" line for each disabled rule. - The output can be appended to oinkmaster.conf. - Useful to new Oinkmaster users. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* addmsg.pl by Andreas Östling <andreaso@it.su.se>: - - A script that will parse your oinkmaster.conf for - localsid/enablesid/disablesid lines and add their rule message as a #comment. - If your oinkmaster.conf looks like this before addmsg.pl has been run: - - disablesid 286 - disablesid 287 - disablesid 288 - - It will look something like this afterward: - - disablesid 286 # POP3 EXPLOIT x86 bsd overflow - disablesid 287 # POP3 EXPLOIT x86 bsd overflow - disablesid 288 # POP3 EXPLOIT x86 linux overflow - - addmsg.pl will not touch lines that already has a comment in them. - It's not able to handle SID lists when written like this: - disablesid 1,2,3, ... - But it should handle them if written like this: - disablesid \ - 1, \ - 2, \ - 3 - - The new config file will be printed to standard output, so you - probably want to redirect the output to a file, for example: - - ./addmsg.pl oinkmaster.conf rules/ > oinkmaster.conf.new - - If oinkmaster.conf.new looks ok, simply rename it to oinkmaster.conf. - Do NOT redirect to the same file you read from, as this will destroy - that file. -------------------------------------------------------------------------------- diff --git a/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl b/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl deleted file mode 100644 index e5866d6f..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: addmsg.pl,v 1.19 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - - -my $USAGE = << "RTFM"; - -Parse Oinkmaster configuration file and add the rule's "msg" string as a -#comment for each disablesid/enablesid line. - -Usage: $0 <oinkmaster.conf> <rulesdir> [rulesdir2, ...] - -The new config file will be printed to standard output, so you -probably want to redirect the output to a new file (*NOT* the same -file you used as input, because that will destroy the file!). -For example: - -$0 /etc/oinkmaster.conf /etc/rules/ > oinkmaster.conf.new - -If oinkmaster.conf.new looks ok, simply rename it to /etc/oinkmaster.conf. - -RTFM - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - - -my $config = shift || die($USAGE); - -my @rulesdirs = @ARGV; -die($USAGE) unless ($#rulesdirs > -1); - -my $verbose = 1; -my (%sidmsgmap, %config); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - - - -# Read in oinkmaster.conf. -open(CONFIG, "<" , "$config") or die("could not open \"$config\" for reading: $!\n"); -my @config = <CONFIG>; -close(CONFIG); - - -# Read in *.rules in all rulesdirs and create %sidmsgmap ($sidmsgmap{sid} = msg). -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(FILE, "<", "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - $sidmsgmap{$sid} = $msg - if (defined($single)); - } - } -} - - -# Print new oinkmaster.conf. -while ($_ = shift(@config)) { - if (/^\s*(?:disable|enable|local)sid\s+(\d+)\s*$/ || /^\s*(\d+)\s*,\s*\\$/ || /^\s*(\d+)\s*$/) { - my $sid = $1; - my $is_multiline = 0; - chomp; - - if (/\\$/) { - $is_multiline = 1; - s/\\$//; - } - - $_ = sprintf("%-25s", $_); - if (exists($sidmsgmap{$sid})) { - print "$_ # $sidmsgmap{$sid}"; - } else { - print "$_"; - } - print " \\" if ($is_multiline); - print "\n"; - } else { - print; - } -} - - - -# From oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# From oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/addsid.pl b/config/snort-dev/bin/oinkmaster_contrib/addsid.pl deleted file mode 100644 index 64255d22..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/addsid.pl +++ /dev/null @@ -1,382 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: addsid.pl,v 1.30 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); -sub get_next_available_sid(@); - - -# Set this to the default classtype you want to add, if missing. -# Set to 0 or "" if you don't want to add a classtype. -my $CLASSTYPE = "misc-attack"; - -# If ADD_REV is set to 1, "rev: 1;" will be added to rule if it has no rev. -# Set to 0 if you don't want to add it. -my $ADD_REV = 1; - -# Minimum SID to add. Normally, the next available SID will be used, -# unless it's below this value. Only SIDs >= 1000000 are reserved for -# personal use. -my $MIN_SID = 1000001; - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - - -my $USAGE = << "RTFM"; - -Parse *.rules in one or more directories and add "sid:<sid>;" to -active rules that don't have any "sid" entry, starting with the next -available SID after parsing all rules files (but $MIN_SID at minumum). -Also, "rev:1;" is added to rules without a "rev" entry, and -"classtype:misc-attack;" is added to rules without a "classtype" entry -(edit options at the top of $0 if you want to change this). - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - - -# Start in verbose mode. -my $verbose = 1; - -my (%all_sids, %active_sids, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - - -# Find out the next available SID. -my $next_sid = get_next_available_sid(@rulesdirs); - -# Avoid seeing possible warnings about broken rules twice. -$verbose = 0; - -# Add sid/rev/classtype to active rules that don't have any. -foreach my $dir (@rulesdirs) { - opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(OLDFILE, "$dir/$file") - or die("could not open \"$dir/$file\": $!\n"); - my @file = <OLDFILE>; - close(OLDFILE); - - open(NEWFILE, ">", "$dir/$file") - or die("could not open \"$dir/$file\" for writing: $!\n"); - - my ($single, $multi, $nonrule, $msg, $sid); - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - - if (defined($nonrule)) { - print NEWFILE "$nonrule"; - next; - } - - $multi = $single unless (defined($multi)); - - # Don't care about inactive rules. - if ($single =~ /^\s*#/) { - print NEWFILE "$multi"; - next; - } - - my $added; - - # Add SID. - if ($single !~ /sid\s*:\s*\d+\s*;/) { - $added .= "SID $next_sid,"; - $multi =~ s/\)\s*\n/sid:$next_sid;)\n/; - $next_sid++; - } - - # Add revision. - if ($ADD_REV && $single !~ /rev\s*:\s*\d+\s*;/) { - $added .= "rev,"; - $multi =~ s/\)\s*\n/rev:1;)\n/; - } - - # Add classtype. - if ($CLASSTYPE && $single !~ /classtype\s*:\s*.+\s*;/) { - $added .= "classtype $CLASSTYPE,"; - $multi =~ s/\)\s*\n/classtype:$CLASSTYPE;)\n/; - } - - if (defined($added)) { - $added =~ s/,$//; - print "Adding $added to rule \"$msg\"\n" - if (defined($added)); - } - - print NEWFILE "$multi"; - } - - close(NEWFILE); - } - - closedir(RULESDIR); -} - - - -# Read in *.rules in given directory and return highest SID. -sub get_next_available_sid(@) -{ - my @dirs = @_; - - foreach my $dir (@dirs) { - opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n"); - - # Only care about *.rules. - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(OLDFILE, "<$dir/$file") or die("could not open \"$dir/$file\": $!\n"); - my @file = <OLDFILE>; - close(OLDFILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($single) && defined($sid)) { - $all_sids{$sid}++; - - # If this is an active rule add to %active_sids and - # warn if it already exists. - if ($single =~ /^\s*alert/) { - print STDERR "WARNING: duplicate SID: $sid\n" - if (exists($active_sids{$sid})); - $active_sids{$sid}++ - } - } - } - } - } - - # Sort sids and use highest one + 1, unless it's below MIN_SID. - @_ = sort {$a <=> $b} keys(%all_sids); - my $sid = pop(@_); - - if (!defined($sid)) { - $sid = $MIN_SID - } else { - $sid++; - } - - # If it's below MIN_SID, use MIN_SID instead. - $sid = $MIN_SID if ($sid < $MIN_SID); - - return ($sid) -} - - - -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# From oinkmaster.pl except that this version -# has been modified so that the sid is *optional*. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; -# } else { -# return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl b/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl deleted file mode 100644 index 26a9040c..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl +++ /dev/null @@ -1,280 +0,0 @@ -#!/usr/local/bin/perl -w - -# $Id: create-sidmap.pl,v 1.21 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - -# Files to ignore. -my %skipfiles = ( - 'deleted.rules' => 1, -); - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -my $USAGE = << "RTFM"; - -Parse active rules in *.rules in one or more directories and create a SID -map. Result is sent to standard output, which can be redirected to a -sid-msg.map file. - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - -my $verbose = 1; - -my (%sidmap, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - - -# Read in all rules from each rules file (*.rules) in each rules dir. -# into %sidmap. -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - next if ($skipfiles{$file}); - - open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($single)) { - - warn("WARNING: duplicate SID: $sid (discarding old)\n") - if (exists($sidmap{$sid})); - - $sidmap{$sid} = "$sid || $msg"; - - # Print all references. Borrowed from Brian Caswell's regen-sidmap script. - my $ref = $single; - while ($ref =~ s/(.*)reference\s*:\s*([^\;]+)(.*)$/$1 $3/) { - $sidmap{$sid} .= " || $2" - } - - $sidmap{$sid} .= "\n"; - } - } - } -} - -# Print results. -foreach my $sid (sort { $a <=> $b } keys(%sidmap)) { - print "$sidmap{$sid}"; -} - - - -# Same as in oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Same as in oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/make_snortsam_map.pl b/config/snort-dev/bin/oinkmaster_contrib/make_snortsam_map.pl deleted file mode 100644 index 42ce2b3b..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/make_snortsam_map.pl +++ /dev/null @@ -1,265 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: makesidex.pl,v 1.11 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -# Modified by Robert Zelaya for the snort package. -# gets enabled sids and msgs for all rules in a dir - - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -my $USAGE = << "RTFM"; - -Parse *.rules in one or more directories and look for all rules that are -disabled (i.e. begin with "#") and print "disablesid <sid> # <msg>" to -standard output for all those rules. This output can be redirected to a -file, which will be understood by Oinkmaster. - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - -my $verbose = 1; - -my (%disabled, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - $single = $multi if (defined($multi)); - $disabled{$sid} = $msg - if (defined($single) && $single =~ /^alert/); - } - } -} - -# Print results. -foreach my $sid (sort { $a <=> $b } keys(%disabled)) { - printf("%-25s # %s\n", "$sid", $disabled{$sid}); -} - - - -# Same as in oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^alert/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^alert/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^alert/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*alert*\s*/alert/; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^alert+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^alert+\s*/alert/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^alert/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^alert+\s*/alert/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Same as in oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl b/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl deleted file mode 100644 index 80354735..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl +++ /dev/null @@ -1,261 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: makesidex.pl,v 1.11 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -my $USAGE = << "RTFM"; - -Parse *.rules in one or more directories and look for all rules that are -disabled (i.e. begin with "#") and print "disablesid <sid> # <msg>" to -standard output for all those rules. This output can be redirected to a -file, which will be understood by Oinkmaster. - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - -my $verbose = 1; - -my (%disabled, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - $single = $multi if (defined($multi)); - $disabled{$sid} = $msg - if (defined($single) && $single =~ /^\s*#/); - } - } -} - -# Print results. -foreach my $sid (sort { $a <=> $b } keys(%disabled)) { - printf("%-25s # %s\n", "disablesid $sid", $disabled{$sid}); -} - - - -# Same as in oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Same as in oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl b/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl deleted file mode 100644 index 4e96f7db..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl +++ /dev/null @@ -1,1046 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: oinkgui.pl,v 1.52 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use 5.006001; - -use strict; -use File::Spec; -use Tk; -use Tk::Balloon; -use Tk::BrowseEntry; -use Tk::FileSelect; -use Tk::NoteBook; -use Tk::ROText; - -use constant CSIDL_DRIVES => 17; - -sub update_rules(); -sub clear_messages(); -sub create_cmdline($); -sub fileDialog($ $ $ $); -sub load_config(); -sub save_config(); -sub save_messages(); -sub update_file_label_color($ $ $); -sub create_fileSelectFrame($ $ $ $ $ $); -sub create_checkbutton($ $ $); -sub create_radiobutton($ $ $); -sub create_actionbutton($ $ $); -sub execute_oinkmaster(@); -sub logmsg($ $); - - -my $version = 'Oinkmaster GUI v1.1'; - -my @oinkmaster_conf = qw( - /etc/oinkmaster.conf - /usr/local/etc/oinkmaster.conf -); - -# List of URLs that will show up in the URL BrowseEntry. -my @urls = qw( - http://www.bleedingsnort.com/bleeding.rules.tar.gz - http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz - http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz - http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.3.tar.gz -); - -my %color = ( - background => 'Bisque3', - button => 'Bisque2', - label => 'Bisque1', - notebook_bg => 'Bisque2', - notebook_inact => 'Bisque3', - file_label_ok => '#00e000', - file_label_not_ok => 'red', - out_frame_fg => 'white', - out_frame_bg => 'black', - entry_bg => 'white', - button_active => 'white', - button_bg => 'Bisque4', -); - -my %config = ( - animate => 1, - careful => 0, - enable_all => 0, - check_removed => 0, - output_mode => 'normal', - diff_mode => 'detailed', - perl => $^X, - oinkmaster => "", - oinkmaster_conf => "", - outdir => "", - url => "", - varfile => "", - backupdir => "", - editor => "", -); - -my %help = ( - - # File locations. - oinkscript => 'Location of the executable Oinkmaster script (oinkmaster.pl).', - oinkconf => 'The Oinkmaster configuration file to use.', - outdir => 'Where to put the new rules. This should be the directory where you '. - 'store your current rules.', - - url => 'Alternate location of rules archive to download/copy. '. - 'Leave empty to use the location set in oinkmaster.conf.', - varfile => 'Variables that exist in downloaded snort.conf but not in '. - 'this file will be added to it. Leave empty to skip.', - backupdir => 'Directory to put tarball of old rules before overwriting them. '. - 'Leave empty to skip backup.', - editor => 'Full path to editor to execute when pressing the "edit" button '. - '(wordpad is recommended on Windows). ', - - # Checkbuttons. - careful => 'In careful mode, Oinkmaster will just check for changes, '. - 'not update anything.', - enable => 'Some rules may be commented out by default (for a reason!). '. - 'This option will make Oinkmaster enable those.', - removed => 'Check for rules files that exist in the output directory but not '. - 'in the downloaded rules archive.', - - # Action buttons. - clear => 'Clear current output messages.', - save => 'Save current output messages to file.', - exit => 'Exit the GUI.', - update => 'Execute Oinkmaster to update the rules.', - test => 'Test current Oinkmaster configuration. ' . - 'If there are no fatal errors, you are ready to update the rules.', - version => 'Request version information from Oinkmaster.', -); - - -my $gui_config_file = ""; -my $use_fileop = 0; - - -#### MAIN #### - -select STDERR; -$| = 1; -select STDOUT; -$| = 1; - -# Find out if can use Win32::FileOp. -if ($^O eq 'MSWin32') { - BEGIN { $^W = 0 } - $use_fileop = 1 if (eval "require Win32::FileOp"); -} - -# Find out which oinkmaster.pl file to default to. -foreach my $dir (File::Spec->path()) { - my $file = "$dir/oinkmaster"; - if (-f "$file" && (-x "$file" || $^O eq 'MSWin32')) { - $config{oinkmaster} = $file; - last; - } elsif (-f "$file.pl" && (-x "$file" || $^O eq 'MSWin32')) { - $config{oinkmaster} = "$file.pl"; - last; - } -} - -# Find out which oinkmaster config file to default to. -foreach my $file (@oinkmaster_conf) { - if (-e "$file") { - $config{oinkmaster_conf} = $file; - last; - } -} - -# Find out where the GUI config file is (it's not required). -if ($ENV{HOME}) { - $gui_config_file = "$ENV{HOME}/.oinkguirc" -} elsif ($ENV{HOMEDRIVE} && $ENV{HOMEPATH}) { - $gui_config_file = "$ENV{HOMEDRIVE}$ENV{HOMEPATH}\\.oinkguirc"; -} - - -# Create main window. -my $main = MainWindow->new( - -background => "$color{background}", - -title => "$version", -); - - -# Create scrolled frame with output messages. -my $out_frame = $main->Scrolled('ROText', - -setgrid => 'true', - -scrollbars => 'e', - -background => $color{out_frame_bg}, - -foreground => $color{out_frame_fg}, -); - - -my $help_label = $main->Label( - -relief => 'groove', - -background => "$color{label}", -); - -my $balloon = $main->Balloon( - -statusbar => $help_label, -); - - -# Create notebook. -my $notebook = $main->NoteBook( - -ipadx => 6, - -ipady => 6, - -background => $color{notebook_bg}, - -inactivebackground => $color{notebook_inact}, - -backpagecolor => $color{background}, -); - - -# Create tab with required files/dirs. -my $req_tab = $notebook->add("required", - -label => "Required files and directories", - -underline => 0, -); - -$req_tab->configure(-bg => "$color{notebook_inact}"); - - -# Create frame with oinkmaster.pl location. -my $filetypes = [ - ['Oinkmaster script', 'oinkmaster.pl'], - ['All files', '*' ] -]; - -my $oinkscript_frame = - create_fileSelectFrame($req_tab, "oinkmaster.pl", 'EXECFILE', - \$config{oinkmaster}, 'NOEDIT', $filetypes); - -$balloon->attach($oinkscript_frame, -statusmsg => $help{oinkscript}); - - -# Create frame with oinkmaster.conf location. -$filetypes = [ - ['configuration files', '.conf'], - ['All files', '*' ] -]; - -my $oinkconf_frame = - create_fileSelectFrame($req_tab, "oinkmaster.conf", 'ROFILE', - \$config{oinkmaster_conf}, 'EDIT', $filetypes); - -$balloon->attach($oinkconf_frame, -statusmsg => $help{oinkconf}); - - -# Create frame with output directory. -my $outdir_frame = - create_fileSelectFrame($req_tab, "output directory", 'WRDIR', - \$config{outdir}, 'NOEDIT', undef); - -$balloon->attach($outdir_frame, -statusmsg => $help{outdir}); - - - -# Create tab with optional files/dirs. -my $opt_tab = $notebook->add("optional", - -label => "Optional files and directories", - -underline => 0, -); - -$opt_tab->configure(-bg => "$color{notebook_inact}"); - -# Create frame with alternate URL location. -$filetypes = [ - ['compressed tar files', '.tar.gz'] -]; - -my $url_frame = - create_fileSelectFrame($opt_tab, "Alternate URL", 'URL', - \$config{url}, 'NOEDIT', $filetypes); - -$balloon->attach($url_frame, -statusmsg => $help{url}); - - -# Create frame with variable file. -$filetypes = [ - ['Snort configuration files', ['.conf', '.config']], - ['All files', '*' ] -]; - -my $varfile_frame = - create_fileSelectFrame($opt_tab, "Variable file", 'WRFILE', - \$config{varfile}, 'EDIT', $filetypes); - -$balloon->attach($varfile_frame, -statusmsg => $help{varfile}); - - -# Create frame with backup dir location. -my $backupdir_frame = - create_fileSelectFrame($opt_tab, "Backup directory", 'WRDIR', - \$config{backupdir}, 'NOEDIT', undef); - -$balloon->attach($backupdir_frame, -statusmsg => $help{backupdir}); - - -# Create frame with editor location. -$filetypes = [ - ['executable files', ['.exe']], - ['All files', '*' ] -]; - -my $editor_frame = - create_fileSelectFrame($opt_tab, "Editor", 'EXECFILE', - \$config{editor}, 'NOEDIT', $filetypes); - -$balloon->attach($editor_frame, -statusmsg => $help{editor}); - - - -$notebook->pack( - -expand => 'no', - -fill => 'x', - -padx => '5', - -pady => '5', - -side => 'top' -); - - -# Create the frame to the left. -my $left_frame = $main->Frame( - -background => "$color{label}", - -border => '2', -)->pack( - -side => 'left', - -fill => 'y', -); - - -# Create "GUI settings" label. -$left_frame->Label( - -text => "GUI settings:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - - -create_actionbutton($left_frame, "Load saved settings", \&load_config); -create_actionbutton($left_frame, "Save current settings", \&save_config); - - -# Create "options" label at the top of the left frame. -$left_frame->Label( - -text => "Options:", - -background => "$color{label}", -)->pack(-side => 'top', - -fill => 'x', -); - - -# Create checkbuttons in the left frame. -$balloon->attach( - create_checkbutton($left_frame, "Careful mode", \$config{careful}), - -statusmsg => $help{careful} -); - -$balloon->attach( - create_checkbutton($left_frame, "Enable all", \$config{enable_all}), - -statusmsg => $help{enable} -); - -$balloon->attach( - create_checkbutton($left_frame, "Check for removed files", \$config{check_removed}), - -statusmsg => $help{removed} -); - - -# Create "mode" label. -$left_frame->Label( - -text => "Output mode:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - -# Create mode radiobuttons in the left frame. -create_radiobutton($left_frame, "super-quiet", \$config{output_mode}); -create_radiobutton($left_frame, "quiet", \$config{output_mode}); -create_radiobutton($left_frame, "normal", \$config{output_mode}); -create_radiobutton($left_frame, "verbose", \$config{output_mode}); - -# Create "Diff mode" label. -$left_frame->Label( - -text => "Diff mode:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - -create_radiobutton($left_frame, "detailed", \$config{diff_mode}); -create_radiobutton($left_frame, "summarized", \$config{diff_mode}); -create_radiobutton($left_frame, "remove common", \$config{diff_mode}); - - -# Create "activity messages" label. -$main->Label( - -text => "Output messages:", - -width => '130', - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - - - -# Pack output frame. -$out_frame->pack( - -expand => 'yes', - -fill => 'both', -); - - -# Pack help label below output window. -$help_label->pack( - -fill => 'x', -); - - -# Create "actions" label. -$left_frame->Label( - -text => "Actions:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - - -# Create action buttons. - -$balloon->attach( - create_actionbutton($left_frame, "Update rules!", \&update_rules), - -statusmsg => $help{update} -); - -$balloon->attach( - create_actionbutton($left_frame, "Clear output messages", \&clear_messages), - -statusmsg => $help{clear} -); - -$balloon->attach( - create_actionbutton($left_frame, "Save output messages", \&save_messages), - -statusmsg => $help{save} -); - -$balloon->attach( - create_actionbutton($left_frame, "Exit", \&exit), - -statusmsg => $help{exit} -); - - - -# Make the mousewheel scroll the output window. Taken from Mastering Perl/Tk. -if ($^O eq 'MSWin32') { - $out_frame->bind('<MouseWheel>' => - [ sub { $_[0]->yview('scroll', -($_[1] / 120) * 3, 'units')}, - Ev('D') ] - ); -} else { - $out_frame->bind('<4>' => sub { - $_[0]->yview('scroll', -3, 'units') unless $Tk::strictMotif; - }); - - $out_frame->bind('<5>' => sub { - $_[0]->yview('scroll', +3, 'units') unless $Tk::strictMotif; - }); -} - - - -# Now the fun begins. -if ($config{animate}) { - foreach (split(//, "Welcome to $version")) { - logmsg("$_", 'MISC'); - $out_frame->after(5); - } -} else { - logmsg("Welcome to $version", 'MISC'); -} - -logmsg("\n\n", 'MISC'); - -# Load gui settings into %config. -load_config(); - - -# Warn if any required file/directory is not set. -logmsg("No oinkmaster.pl set, please select one above!\n\n", 'ERROR') - if ($config{oinkmaster} !~ /\S/); - -logmsg("No oinkmaster configuration file set, please select one above!\n\n", 'ERROR') - if ($config{oinkmaster_conf} !~ /\S/); - -logmsg("Output directory is not set, please select one above!\n\n", 'ERROR') - if ($config{outdir} !~ /\S/); - - -MainLoop; - - - -#### END #### - - - -sub fileDialog($ $ $ $) -{ - my $var_ref = shift; - my $title = shift; - my $type = shift; - my $filetypes = shift; - my $dirname; - - if ($type eq 'WRDIR') { - if ($use_fileop) { - $dirname = Win32::FileOp::BrowseForFolder("title", CSIDL_DRIVES); - } else { - my $fs = $main->FileSelect(); - $fs->configure(-verify => ['-d', '-w'], -title => $title); - $dirname = $fs->Show; - } - $$var_ref = $dirname if ($dirname); - } elsif ($type eq 'EXECFILE' || $type eq 'ROFILE' || $type eq 'WRFILE' || $type eq 'URL') { - my $filename = $main->getOpenFile(-title => $title, -filetypes => $filetypes); - $$var_ref = $filename if ($filename); - } elsif ($type eq 'SAVEFILE') { - my $filename = $main->getSaveFile(-title => $title, -filetypes => $filetypes); - $$var_ref = $filename if ($filename); - } else { - logmsg("Unknown type ($type)\n", 'ERROR'); - } -} - - - -sub update_file_label_color($ $ $) -{ - my $label = shift; - my $filename = shift; - my $type = shift; - - $filename =~ s/^\s+//; - $filename =~ s/\s+$//; - - unless ($filename) { - $label->configure(-background => $color{file_label_not_ok}); - return (1); - } - - if ($type eq "URL") { - if ($filename =~ /^(?:http|ftp|scp):\/\/.+\.tar\.gz$/) { - $label->configure(-background => $color{file_label_ok}); - } elsif ($filename =~ /^(?:file:\/\/)*(.+\.tar\.gz)$/) { - my $file = $1; - if (-f "$file" && -r "$file") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "ROFILE") { - if (-f "$filename" && -r "$filename") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "EXECFILE") { - if (-f "$filename" && (-x "$filename" || $^O eq 'MSWin32')) { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "WRFILE") { - if (-f "$filename" && -w "$filename") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "WRDIR") { - if (-d "$filename" && -w "$filename") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } else { - print STDERR "incorrect type ($type)\n"; - exit; - } - - return (1); -} - - - -sub create_checkbutton($ $ $) -{ - my $frame = shift; - my $name = shift; - my $var_ref = shift; - - my $button = $frame->Checkbutton( - -text => $name, - -background => $color{button}, - -activebackground => $color{button_active}, - -highlightbackground => $color{button_bg}, - -variable => $var_ref, - -relief => 'raise', - -anchor => 'w', - )->pack( - -fill => 'x', - -side => 'top', - -pady => '1', - ); - - return ($button); -} - - - -sub create_actionbutton($ $ $) -{ - my $frame = shift; - my $name = shift; - my $func_ref = shift; - - my $button = $frame->Button( - -text => $name, - -command => sub { - &$func_ref; - $out_frame->focus; - }, - -background => $color{button}, - -activebackground => $color{button_active}, - -highlightbackground => $color{button_bg}, - )->pack( - -fill => 'x', - ); - - return ($button); -} - - - -sub create_radiobutton($ $ $) -{ - my $frame = shift; - my $name = shift; - my $mode_ref = shift; - - my $button = $frame->Radiobutton( - -text => $name, - -highlightbackground => $color{button_bg}, - -background => $color{button}, - -activebackground => $color{button_active}, - -variable => $mode_ref, - -relief => 'raised', - -anchor => 'w', - -value => $name, - )->pack( - -side => 'top', - -pady => '1', - -fill => 'x', - ); - - return ($button); -} - - - -# Create <label><entry><browsebutton> in given frame. -sub create_fileSelectFrame($ $ $ $ $ $) -{ - my $win = shift; - my $name = shift; - my $type = shift; # FILE|DIR|URL - my $var_ref = shift; - my $edtype = shift; # EDIT|NOEDIT - my $filetypes = shift; - - # Create frame. - my $frame = $win->Frame( - -bg => $color{background}, - )->pack( - -padx => '2', - -pady => '2', - -fill => 'x' - ); - - # Create label. - my $label = $frame->Label( - -text => $name, - -width => '16', - -relief => 'raised', - -background => "$color{file_label_not_ok}", - )->pack( - -side => 'left' - ); - - my $entry; - - if ($type eq 'URL') { - $entry = $frame->BrowseEntry( - -textvariable => $var_ref, - -background => $color{entry_bg}, - -width => '80', - -choices => \@urls, - -validate => 'key', - -validatecommand => sub { update_file_label_color($label, $_[0], $type) }, - )->pack( - -side => 'left', - -expand => 'yes', - -fill => 'x' - ); - } else { - $entry = $frame->Entry( - -textvariable => $var_ref, - -background => $color{entry_bg}, - -width => '80', - -validate => 'key', - -validatecommand => sub { update_file_label_color($label, $_[0], $type) }, - )->pack( - -side => 'left', - -expand => 'yes', - -fill => 'x' - ); - } - - # Create edit-button if file is ediable. - if ($edtype eq 'EDIT') { - my $edit_but = $frame->Button( - -text => "Edit", - -background => "$color{button}", - -command => sub { - unless (-e "$$var_ref") { - logmsg("Select an existing file first!\n\n", 'ERROR'); - return; - } - - if ($config{editor}) { - $main->Busy(-recurse => 1); - logmsg("Launching " . $config{editor} . - ", close it to continue the GUI.\n\n", 'MISC'); - sleep(2); - system($config{editor}, $$var_ref); # MainLoop will be put on hold... - $main->Unbusy; - } else { - logmsg("No editor set\n\n", 'ERROR'); - } - } - )->pack( - -side => 'left', - ); - } - - # Create browse-button. - my $but = $frame->Button( - -text => "browse ...", - -background => $color{button}, - -command => sub { - fileDialog($var_ref, $name, $type, $filetypes); - } - )->pack( - -side => 'left', - ); - - return ($frame); -} - - - -sub logmsg($ $) -{ - my $text = shift; - my $type = shift; - - return unless (defined($text)); - - $out_frame->tag(qw(configure OUTPUT -foreground grey)); - $out_frame->tag(qw(configure ERROR -foreground red)); - $out_frame->tag(qw(configure MISC -foreground white)); - $out_frame->tag(qw(configure EXEC -foreground bisque2)); - - $out_frame->insert('end', "$text", "$type"); - $out_frame->see('end'); - $out_frame->update; -} - - - - -sub execute_oinkmaster(@) -{ - my @cmd = @_; - my @obfuscated_cmd; - - # Obfuscate possible password in url. - foreach my $line (@cmd) { - if ($line =~ /^(\S+:\/\/.+?):.+?@(.+)/) { - push(@obfuscated_cmd, "$1:*password*\@$2"); - } else { - push(@obfuscated_cmd, $line); - } - } - - logmsg("@obfuscated_cmd:\n", 'EXEC'); - - $main->Busy(-recurse => 1); - - if ($^O eq 'MSWin32') { - open(OINK, "@cmd 2>&1|"); - while (<OINK>) { - logmsg($_, 'OUTPUT'); - } - close(OINK); - } else { - if (open(OINK,"-|")) { - while (<OINK>) { - logmsg($_, 'OUTPUT'); - } - } else { - open(STDERR, '>&STDOUT'); - exec(@cmd); - } - close(OINK); - } - - $main->Unbusy; - logmsg("done.\n\n", 'EXEC'); -} - - - -sub clear_messages() -{ - $out_frame->delete('1.0','end'); - $out_frame->update; -} - - - -sub save_messages() -{ - my $text = $out_frame->get('1.0', 'end'); - my $title = 'Save output messages'; - my $filename; - - my $filetypes = [ - ['Log files', ['.log', '.txt']], - ['All files', '*' ] - ]; - - - if (length($text) > 1) { - fileDialog(\$filename, $title, 'SAVEFILE', $filetypes); - if (defined($filename)) { - - unless (open(LOG, ">", "$filename")) { - logmsg("Could not open $filename for writing: $!\n\n", 'ERROR'); - return; - } - - print LOG $text; - close(LOG); - logmsg("Successfully saved output messages to $filename\n\n", 'MISC'); - } - - } else { - logmsg("Nothing to save.\n\n", 'ERROR'); - } -} - - - -sub update_rules() -{ - my @cmd; - - create_cmdline(\@cmd) || return; - clear_messages(); - execute_oinkmaster(@cmd); -} - - - -sub create_cmdline($) -{ - my $cmd_ref = shift; - - my $oinkmaster = $config{oinkmaster}; - my $oinkmaster_conf = $config{oinkmaster_conf}; - my $outdir = $config{outdir}; - my $varfile = $config{varfile}; - my $url = $config{url}; - my $backupdir = $config{backupdir}; - - # Assume file:// if url prefix is missing. - if ($url) { - $url = "file://$url" unless ($url =~ /(?:http|ftp|file|scp):\/\//); - if ($url =~ /.+<oinkcode>.+/) { - logmsg("You must replace <oinkcode> with your real oinkcode, see the FAQ!\n\n", 'ERROR'); - return (0); - } - } - - $oinkmaster = File::Spec->rel2abs($oinkmaster) - if ($oinkmaster); - - $outdir = File::Spec->canonpath("$outdir"); - $backupdir = File::Spec->canonpath("$backupdir"); - - # Clean leading/trailing whitespaces. - foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir, - \$varfile, \$url, \$backupdir) { - $$var_ref =~ s/^\s+//; - $$var_ref =~ s/\s+$//; - } - - unless ($config{oinkmaster} && -f "$config{oinkmaster}" && - (-x "$config{oinkmaster}" || $^O eq 'MSWin32')) { - logmsg("Location of oinkmaster.pl is not set correctly!\n\n", 'ERROR'); - return; - } - - unless ($oinkmaster_conf && -f "$oinkmaster_conf") { - logmsg("Location of configuration file is not set correctlyy!\n\n", 'ERROR'); - return (0); - } - - unless ($outdir && -d "$outdir") { - logmsg("Output directory is not set correctly!\n\n", 'ERROR'); - return (0); - } - - # Add leading/trailing "" if win32. - foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir, - \$varfile, \$url, \$backupdir) { - if ($^O eq 'MSWin32' && $$var_ref) { - $$var_ref = "\"$$var_ref\""; - } - } - - push(@$cmd_ref, - "$config{perl}", "$oinkmaster", - "-C", "$oinkmaster_conf", - "-o", "$outdir"); - - push(@$cmd_ref, "-c") if ($config{careful}); - push(@$cmd_ref, "-e") if ($config{enable_all}); - push(@$cmd_ref, "-r") if ($config{check_removed}); - push(@$cmd_ref, "-q") if ($config{output_mode} eq "quiet"); - push(@$cmd_ref, "-Q") if ($config{output_mode} eq "super-quiet"); - push(@$cmd_ref, "-v") if ($config{output_mode} eq "verbose"); - push(@$cmd_ref, "-m") if ($config{diff_mode} eq "remove common"); - push(@$cmd_ref, "-s") if ($config{diff_mode} eq "summarized"); - push(@$cmd_ref, "-U", "$varfile") if ($varfile); - push(@$cmd_ref, "-b", "$backupdir") if ($backupdir); - - push(@$cmd_ref, "-u", "$url") - if ($url); - - return (1); -} - - - -# Load $config file into %config hash. -sub load_config() -{ - unless (defined($gui_config_file) && $gui_config_file) { - logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR'); - return; - } - - unless (-e "$gui_config_file") { - logmsg("$gui_config_file does not exist, keeping current/default settings\n\n", 'MISC'); - return; - } - - unless (open(RC, "<", "$gui_config_file")) { - logmsg("Could not open $gui_config_file for reading: $!\n\n", 'ERROR'); - return; - } - - while (<RC>) { - next unless (/^(\S+)=(.*)/); - $config{$1} = $2; - } - - close(RC); - logmsg("Successfully loaded GUI settings from $gui_config_file\n\n", 'MISC'); -} - - - -# Save %config into file $config. -sub save_config() -{ - unless (defined($gui_config_file) && $gui_config_file) { - logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR'); - return; - } - - unless (open(RC, ">", "$gui_config_file")) { - logmsg("Could not open $gui_config_file for writing: $!\n\n", 'ERROR'); - return; - } - - print RC "# Automatically created by Oinkgui. ". - "Do not edit directly unless you have to.\n"; - - foreach my $option (sort(keys(%config))) { - print RC "$option=$config{$option}\n"; - } - - close(RC); - logmsg("Successfully saved current GUI settings to $gui_config_file\n\n", 'MISC'); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl b/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl deleted file mode 100644 index f9c4d215..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl +++ /dev/null @@ -1,2754 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: oinkmaster.pl,v 1.406 2006/02/10 13:02:44 andreas_o Exp $ # - -# Copyright (c) 2001-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use 5.006001; - -use strict; -use File::Basename; -use File::Copy; -use File::Path; -use File::Spec; -use Getopt::Long; -use File::Temp qw(tempdir); - -sub show_usage(); -sub parse_cmdline($); -sub read_config($ $); -sub sanity_check(); -sub download_file($ $); -sub unpack_rules_archive($ $ $); -sub join_tmp_rules_dirs($ $ @); -sub process_rules($ $ $ $ $ $); -sub process_rule($ $ $ $ $ $ $ $); -sub setup_rules_hash($ $); -sub get_first_only($ $ $); -sub print_changes($ $); -sub print_changetype($ $ $ $); -sub print_summary_change($ $); -sub make_backup($ $); -sub get_changes($ $ $); -sub update_rules($ @); -sub copy_rules($ $); -sub is_in_path($); -sub get_next_entry($ $ $ $ $ $); -sub get_new_vars($ $ $ $); -sub add_new_vars($ $); -sub write_new_vars($ $); -sub msdos_to_cygwin_path($); -sub parse_mod_expr($ $ $ $); -sub untaint_path($); -sub approve_changes(); -sub parse_singleline_rule($ $ $); -sub join_multilines($); -sub minimize_diff($ $); -sub catch_sigint(); -sub clean_exit($); - - -my $VERSION = 'Oinkmaster v2.0, Copyright (C) 2001-2006 '. - 'Andreas Östling <andreaso@it.su.se>'; -my $OUTFILE = 'snortrules.tar.gz'; -my $RULES_DIR = 'rules'; - -my $PRINT_NEW = 1; -my $PRINT_OLD = 2; -my $PRINT_BOTH = 3; - -my %config = ( - careful => 0, - check_removed => 0, - config_test_mode => 0, - enable_all => 0, - interactive => 0, - make_backup => 0, - minimize_diff => 0, - min_files => 1, - min_rules => 1, - quiet => 0, - summary_output => 0, - super_quiet => 0, - update_vars => 0, - use_external_bins => 1, - verbose => 0, - use_path_checks => 1, - rule_actions => "alert|drop|log|pass|reject|sdrop|activate|dynamic", - tmp_basedir => $ENV{TMP} || $ENV{TMPDIR} || $ENV{TEMPDIR} || '/tmp', -); - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -# sid and msg will then be looked for in parse_singleline_rule(). -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -# sid and msg will then be looked for in parse_singleline_rule(). -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -# Match var line where var name goes into $1. -my $VAR_REGEXP = '^\s*var\s+(\S+)\s+(\S+)'; - -# Allowed characters in misc paths/filenames, including the ones in the tarball. -my $OK_PATH_CHARS = 'a-zA-Z\d\ _\(\)\[\]\.\-+:\\\/~@,='; - -# Default locations for configuration file. -my @DEFAULT_CONFIG_FILES = qw( - /etc/oinkmaster.conf - /usr/local/etc/oinkmaster.conf -); - -my @DEFAULT_DIST_VAR_FILES = qw( - snort.conf -); - -my (%loaded, $tmpdir); - - - -#### MAIN #### - -# No buffering. -select(STDERR); -$| = 1; -select(STDOUT); -$| = 1; - - -my $start_date = scalar(localtime); - -# Assume the required Perl modules are available if we're on Windows. -$config{use_external_bins} = 0 if ($^O eq "MSWin32"); - -# Parse command line arguments and add at least %config{output_dir}. -parse_cmdline(\%config); - -# If no config was specified on command line, look for one in default locations. -if ($#{$config{config_files}} == -1) { - foreach my $config (@DEFAULT_CONFIG_FILES) { - if (-e "$config") { - push(@{${config{config_files}}}, $config); - last; - } - } -} - -# If no dist var file was specified on command line, set to default file(s). -if ($#{$config{dist_var_files}} == -1) { - foreach my $var_file (@DEFAULT_DIST_VAR_FILES) { - push(@{${config{dist_var_files}}}, $var_file); - } -} - -# If config is still not defined, we can't continue. -if ($#{$config{config_files}} == -1) { - clean_exit("configuration file not found in default locations\n". - "(@DEFAULT_CONFIG_FILES)\n". - "Put it there or use the \"-C <file>\" argument."); -} - -read_config($_, \%config) for @{$config{config_files}}; - -# Now substitute "%ACTIONS%" with $config{rule_actions}, which may have -# been modified after reading the config file. -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - -# If we're told not to use external binaries, load the Perl modules now. -unless ($config{use_external_bins}) { - print STDERR "Loading Perl modules.\n" if ($config{verbose}); - - eval { - require IO::Zlib; - require Archive::Tar; - require LWP::UserAgent; - }; - - clean_exit("failed to load required Perl modules:\n\n$@\n". - "Install them or set use_external_bins to 1 ". - "if you want to use external binaries instead.") - if ($@); -} - - -# Do some basic sanity checking and exit if something fails. -# A new PATH will be set. -sanity_check(); - -$SIG{INT} = \&catch_sigint; - -# Create temporary dir. -$tmpdir = tempdir("oinkmaster.XXXXXXXXXX", DIR => File::Spec->rel2abs($config{tmp_basedir})) - or clean_exit("could not create temporary directory in $config{tmp_basedir}: $!"); - -# If we're in config test mode and have come this far, we're done. -if ($config{config_test_mode}) { - print "No fatal errors in configuration.\n"; - clean_exit(""); -} - -umask($config{umask}) if exists($config{umask}); - -# Download and unpack all the rules archives into separate tmp dirs. -my @url_tmpdirs; -foreach my $url (@{$config{url}}) { - my $url_tmpdir = tempdir("url.XXXXXXXXXX", DIR => $tmpdir) - or clean_exit("could not create temporary directory in $tmpdir: $!"); - push(@url_tmpdirs, "$url_tmpdir/$RULES_DIR"); - if ($url =~ /^dir:\/\/(.+)/) { - mkdir("$url_tmpdir/$RULES_DIR") - or clean_exit("Could not create $url_tmpdir/$RULES_DIR"); - copy_rules($1, "$url_tmpdir/$RULES_DIR"); - } else { - download_file($url, "$url_tmpdir/$OUTFILE"); - unpack_rules_archive("$url", "$url_tmpdir/$OUTFILE", $RULES_DIR); - } -} - -# Copy all rules files from the tmp dirs into $RULES_DIR in the tmp directory. -# File matching 'skipfile' a directive will not be copied. -# Filenames (with full path) will be stored as %new_files{filename}. -# Will exit in case of duplicate filenames. -my $num_files = join_tmp_rules_dirs("$tmpdir/$RULES_DIR", \my %new_files, @url_tmpdirs); - -# Make sure we have at least the minimum number of files. -clean_exit("not enough rules files in downloaded rules archive(s).\n". - "Number of rules files is $num_files but minimum is set to $config{min_files}.") - if ($num_files < $config{min_files}); - -# This is to read in possible 'localsid' rules. -my %rh_tmp = setup_rules_hash(\%new_files, $config{output_dir}); - -# Disable/modify/clean downloaded rules. -my $num_rules = process_rules(\@{$config{sid_modify_list}}, - \%{$config{sid_disable_list}}, - \%{$config{sid_enable_list}}, - \%{$config{sid_local_list}}, - \%rh_tmp, - \%new_files); - -# Make sure we have at least the minimum number of rules. -clean_exit("not enough rules in downloaded archive(s).\n". - "Number of rules is $num_rules but minimum is set to $config{min_rules}.") - if ($num_rules < $config{min_rules}); - -# Setup a hash containing the content of all processed rules files. -my %rh = setup_rules_hash(\%new_files, $config{output_dir}); - -# Compare the new rules to the old ones. -my %changes = get_changes(\%rh, \%new_files, $RULES_DIR); - -# Check for variables that exist in dist snort.conf(s) but not in local snort.conf. -get_new_vars(\%changes, \@{$config{dist_var_files}}, $config{varfile}, \@url_tmpdirs) - if ($config{update_vars}); - - -# Find out if something had changed. -my $something_changed = 0; - -$something_changed = 1 - if (keys(%{$changes{modified_files}}) || - keys(%{$changes{added_files}}) || - keys(%{$changes{removed_files}}) || - $#{$changes{new_vars}} > -1); - - -# Update files listed in %changes{modified_files} (copy the new files -# from the temporary directory into our output directory) and add new -# variables to the local snort.conf if requested, unless we're running in -# careful mode. Create backup first if running with -b. -my $printed = 0; -if ($something_changed) { - if ($config{careful}) { - print STDERR "Skipping backup since we are running in careful mode.\n" - if ($config{make_backup} && (!$config{quiet})); - } else { - if ($config{interactive}) { - print_changes(\%changes, \%rh); - $printed = 1; - } - - if (!$config{interactive} || ($config{interactive} && approve_changes)) { - make_backup($config{output_dir}, $config{backup_dir}) - if ($config{make_backup}); - - add_new_vars(\%changes, $config{varfile}) - if ($config{update_vars}); - - update_rules($config{output_dir}, keys(%{$changes{modified_files}})); - } - } -} else { - print STDERR "No files modified - no need to backup old files, skipping.\n" - if ($config{make_backup} && !$config{quiet}); -} - -print "\nOinkmaster is running in careful mode - not updating anything.\n" - if ($something_changed && $config{careful}); - -print_changes(\%changes, \%rh) - if (!$printed && ($something_changed || !$config{quiet})); - - -# Everything worked. Do a clean exit without any error message. -clean_exit(""); - - -# END OF MAIN # - - - -# Show usage information and exit. -sub show_usage() -{ - my $progname = basename($0); - - print STDERR << "RTFM"; - -$VERSION - -Usage: $progname -o <outdir> [options] - -<outdir> is where to put the new files. -This should be the directory where you store your Snort rules. - -Options: --b <dir> Backup your old rules into <dir> before overwriting them --c Careful mode (dry run) - check for changes but do not update anything --C <file> Use this configuration file instead of the default - May be specified multiple times to load multiple files --e Enable all rules that are disabled by default --h Show this usage information --i Interactive mode - you will be asked to approve the changes (if any) --m Minimize diff when printing result by removing common parts in rules --q Quiet mode - no output unless changes were found --Q Super-quiet mode - like -q but even more quiet --r Check for rules files that exist in the output directory - but not in the downloaded rules archive --s Leave out details in rules results, just print SID, msg and filename --S <file> Look for new variables in this file in the downloaded archive instead - of the default (@DEFAULT_DIST_VAR_FILES). Used in conjunction with -U. - May be specified multiple times to search multiple files. --T Config test - just check configuration file(s) for errors/warnings --u <url> Download from this URL instead of URL(s) in the configuration file - (http|https|ftp|file|scp:// ... .tar.gz|.gz, or dir://<dir>) - May be specified multiple times to grab multiple rules archives --U <file> Merge new variables from downloaded snort.conf(s) into <file> --v Verbose mode (debug) --V Show version and exit - -RTFM - exit; -} - - - -# Parse the command line arguments and exit if we don't like them. -sub parse_cmdline($) -{ - my $cfg_ref = shift; - - Getopt::Long::Configure("bundling"); - - my $cmdline_ok = GetOptions( - "b=s" => \$$cfg_ref{backup_dir}, - "c" => \$$cfg_ref{careful}, - "C=s" => \@{$$cfg_ref{config_files}}, - "e" => \$$cfg_ref{enable_all}, - "h" => \&show_usage, - "i" => \$$cfg_ref{interactive}, - "m" => \$$cfg_ref{minimize_diff}, - "o=s" => \$$cfg_ref{output_dir}, - "q" => \$$cfg_ref{quiet}, - "Q" => \$$cfg_ref{super_quiet}, - "r" => \$$cfg_ref{check_removed}, - "s" => \$$cfg_ref{summary_output}, - "S=s" => \@{$$cfg_ref{dist_var_files}}, - "T" => \$$cfg_ref{config_test_mode}, - "u=s" => \@{$$cfg_ref{url}}, - "U=s" => \$$cfg_ref{varfile}, - "v" => \$$cfg_ref{verbose}, - "V" => sub { - print "$VERSION\n"; - exit(0); - } - ); - - - show_usage unless ($cmdline_ok && $#ARGV == -1); - - $$cfg_ref{quiet} = 1 if ($$cfg_ref{super_quiet}); - $$cfg_ref{update_vars} = 1 if ($$cfg_ref{varfile}); - - if ($$cfg_ref{backup_dir}) { - $$cfg_ref{backup_dir} = File::Spec->canonpath($$cfg_ref{backup_dir}); - $$cfg_ref{make_backup} = 1; - } - - # Cannot specify dist var files without specifying var target file. - if (@{$$cfg_ref{dist_var_files}} && !$$cfg_ref{update_vars}) { - clean_exit("You can not specify distribution variable file(s) without ". - "also specifying local file to merge into"); - } - - # -o <dir> is the only required option in normal usage. - if ($$cfg_ref{output_dir}) { - $$cfg_ref{output_dir} = File::Spec->canonpath($$cfg_ref{output_dir}); - } else { - warn("Error: no output directory specified.\n"); - show_usage(); - } - - # Mark that url was set on command line (so we don't override it later). - $$cfg_ref{cmdline_url} = 1 if ($#{$config{url}} > -1); -} - - - -# Read in stuff from the configuration file. -sub read_config($ $) -{ - my $config_file = shift; - my $cfg_ref = shift; - my $linenum = 0; - my $multi; - my %templates; - - $config_file = File::Spec->canonpath(File::Spec->rel2abs($config_file)); - - clean_exit("configuration file \"$config_file\" does not exist.\n") - unless (-e "$config_file"); - - clean_exit("\"$config_file\" is not a file.\n") - unless (-f "$config_file"); - - print STDERR "Loading $config_file\n" - unless ($config{quiet}); - - # Avoid loading the same file multiple times to avoid infinite recursion etc. - if ($^O eq "MSWin32") { - clean_exit("attempt to load \"$config_file\" twice.") - if ($loaded{$config_file}++); - } else { - my ($dev, $ino) = (stat($config_file))[0,1] - or clean_exit("unable to stat $config_file: $!"); - clean_exit("attempt to load \"$config_file\" twice.") - if ($loaded{$dev, $ino}++); - } - - open(CONF, "<", "$config_file") - or clean_exit("could not open configuration file \"$config_file\": $!"); - my @conf = <CONF>; - close(CONF); - - LINE:while ($_ = shift(@conf)) { - $linenum++; - - unless ($multi) { - s/^\s*//; - s/^#.*//; - } - - # Multi-line start/continuation. - if (/\\\s*\n$/) { - s/\\\s*\n$//; - s/^\s*#.*//; - - # Be strict about removing #comments in modifysid/define_template statements, as - # they may contain other '#' chars. - if (defined($multi) && ($multi =~ /^modifysid/i || $multi =~ /^define_template/i)) { - s/#.*// if (/^\s*\d+[,\s\d]+#/); - } else { - s/\s*\#.*// unless (/^modifysid/i || /^define_template/i); - } - - $multi .= $_; - next LINE; - } - - # Last line of multi-line directive. - if (defined($multi)) { - $multi .= $_; - $_ = $multi; - undef($multi); - } - - # Remove traling whitespaces (*after* a possible multi-line is rebuilt). - s/\s*$//; - - # Remove comments unless it's a modifysid/define_template line - # (the "#" may be part of the modifysid expression). - s/\s*\#.*// unless (/^modifysid/i || /^define_template/i); - - # Skip blank lines. - next unless (/\S/); - - # Use a template and make $_ a "modifysid" line. - if (/^use_template\s+(\S+)\s+(\S+[^"]*)\s*(".*")*(?:#.*)*/i) { - my ($template_name, $sid, $args) = ($1, $2, $3); - - if (exists($templates{$template_name})) { - my $template = $templates{$template_name}; # so we don't substitute %ARGx% globally - - # Evaluate each "%ARGx%" in the template to the corresponding value. - if (defined($args)) { - my @args = split(/"\s+"/, $args); - foreach my $i (1 .. @args) { - $args[$i - 1] =~ s/^"//; - $args[$i - 1] =~ s/"$//; - $template =~ s/%ARG$i%/$args[$i - 1]/g; - } - } - - # There should be no %ARGx% stuff left now. - if ($template =~ /%ARG\d%/) { - warn("WARNING: too few arguments for template \"$template_name\"\n"); - $_ = "error"; # so it will be reported as an invalid line later - } - - unless ($_ eq "error") { - $_ = "modifysid $sid $template\n"; - print STDERR "Template \"$template_name\" expanded to: $_" - if ($config{verbose}); - } - - } else { - warn("WARNING: template \"$template_name\" has not been defined\n"); - } - } - - # new template definition. - if (/^define_template\s+(\S+)\s+(".+"\s+\|\s+".*")\s*(?:#.*)*$/i) { - my ($template_name, $template) = ($1, $2); - - if (exists($templates{$template_name})) { - warn("WARNING: line $linenum in $config_file: ". - "template \"$template_name\" already defined, keeping old\n"); - } else { - $templates{$template_name} = $template; - } - - # modifysid <SIDORFILE[,SIDORFILE, ...]> "substthis" | "withthis" - } elsif (/^modifysids*\s+(\S+.*)\s+"(.+)"\s+\|\s+"(.*)"\s*(?:#.*)*$/i) { - my ($sid_list, $subst, $repl) = ($1, $2, $3); - warn("WARNING: line $linenum in $config_file is invalid, ignoring\n") - unless(parse_mod_expr(\@{$$cfg_ref{sid_modify_list}}, - $sid_list, $subst, $repl)); - - # disablesid <SID[,SID, ...]> - } elsif (/^disablesids*\s+(\d.*)/i) { - my $sid_list = $1; - foreach my $sid (split(/\s*,\s*/, $sid_list)) { - if ($sid =~ /^\d+$/) { - $$cfg_ref{sid_disable_list}{$sid}++; - } else { - warn("WARNING: line $linenum in $config_file: ". - "\"$sid\" is not a valid SID, ignoring\n"); - } - } - - # localsid <SID[,SID, ...]> - } elsif (/^localsids*\s+(\d.*)/i) { - my $sid_list = $1; - foreach my $sid (split(/\s*,\s*/, $sid_list)) { - if ($sid =~ /^\d+$/) { - $$cfg_ref{sid_local_list}{$sid}++; - } else { - warn("WARNING: line $linenum in $config_file: ". - "\"$sid\" is not a valid SID, ignoring\n"); - } - } - - # enablesid <SID[,SID, ...]> - } elsif (/^enablesids*\s+(\d.*)/i) { - my $sid_list = $1; - foreach my $sid (split(/\s*,\s*/, $sid_list)) { - if ($sid =~ /^\d+$/) { - $$cfg_ref{sid_enable_list}{$sid}++; - } else { - warn("WARNING: line $linenum in $config_file: ". - "\"$sid\" is not a valid SID, ignoring\n"); - } - } - - # skipfile <file[,file, ...]> - } elsif (/^skipfiles*\s+(.*)/i) { - my $args = $1; - foreach my $file (split(/\s*,\s*/, $args)) { - if ($file =~ /^\S+$/) { - $config{verbose} && print STDERR "Adding file to ignore list: $file.\n"; - $$cfg_ref{file_ignore_list}{$file}++; - } else { - warn("WARNING: line $linenum in $config_file is invalid, ignoring\n"); - } - } - - } elsif (/^url\s*=\s*(.*)/i) { - push(@{$$cfg_ref{url}}, $1) - unless ($$cfg_ref{cmdline_url}); - - } elsif (/^path\s*=\s*(.+)/i) { - $$cfg_ref{path} = $1; - - } elsif (/^update_files\s*=\s*(.+)/i) { - $$cfg_ref{update_files} = $1; - - } elsif (/^rule_actions\s*=\s*(.+)/i) { - $$cfg_ref{rule_actions} = $1; - - } elsif (/^umask\s*=\s*([0-7]{4})$/i) { - $$cfg_ref{umask} = oct($1); - - } elsif (/^min_files\s*=\s*(\d+)/i) { - $$cfg_ref{min_files} = $1; - - } elsif (/^min_rules\s*=\s*(\d+)/i) { - $$cfg_ref{min_rules} = $1; - - } elsif (/^tmpdir\s*=\s*(.+)/i) { - $$cfg_ref{tmp_basedir} = $1; - - } elsif (/^use_external_bins\s*=\s*([01])/i) { - $$cfg_ref{use_external_bins} = $1; - - } elsif (/^scp_key\s*=\s*(.+)/i) { - $$cfg_ref{scp_key} = $1; - - } elsif (/^use_path_checks\s*=\s*([01])/i) { - $$cfg_ref{use_path_checks} = $1; - - } elsif (/^user_agent\s*=\s*(.+)/i) { - $$cfg_ref{user_agent} = $1; - - } elsif (/^include\s+(\S+.*)/i) { - my $include = $1; - read_config($include, $cfg_ref); - } else { - warn("WARNING: line $linenum in $config_file is invalid, ignoring\n"); - } - } -} - - - -# Make a few basic tests to make sure things look ok. -# Will also set a new PATH as defined in the config file. -sub sanity_check() -{ - my @req_params = qw(path update_files); # required parameters in conf - my @req_binaries = qw(gzip tar); # required binaries (unless we use modules) - - # Can't use both quiet mode and verbose mode. - clean_exit("quiet mode and verbose mode at the same time doesn't make sense.") - if ($config{quiet} && $config{verbose}); - - # Can't use multiple output modes. - clean_exit("can't use multiple output modes at the same time.") - if ($config{minimize_diff} && $config{summary_output}); - - # Make sure all required variables are defined in the config file. - foreach my $param (@req_params) { - clean_exit("the required parameter \"$param\" is not defined in the configuration file.") - unless (exists($config{$param})); - } - - # We now know a path was defined in the config, so set it. - # If we're under cygwin and path was specified as msdos style, convert - # it to cygwin style to avoid problems. - if ($^O eq "cygwin" && $config{path} =~ /^[a-zA-Z]:[\/\\]/) { - $ENV{PATH} = ""; - foreach my $path (split(/;/, $config{path})) { - $ENV{PATH} .= "$path:" if (msdos_to_cygwin_path(\$path)); - } - chop($ENV{PATH}); - } else { - $ENV{PATH} = $config{path}; - } - - # Reset environment variables that may cause trouble. - delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - - # Make sure $config{update_files} is a valid regexp. - eval { - "foo" =~ /$config{update_files}/; - }; - - clean_exit("update_files (\"$config{update_files}\") is not a valid regexp: $@") - if ($@); - - # Make sure $config{rule_actions} is a valid regexp. - eval { - "foo" =~ /$config{rule_actions}/; - }; - - clean_exit("rule_actions (\"$config{rule_actions}\") is not a valid regexp: $@") - if ($@); - - # If a variable file (probably local snort.conf) has been specified, - # it must exist. It must also be writable unless we're in careful mode. - if ($config{update_vars}) { - $config{varfile} = untaint_path($config{varfile}); - - clean_exit("variable file \"$config{varfile}\" does not exist.") - unless (-e "$config{varfile}"); - - clean_exit("variable file \"$config{varfile}\" is not a file.") - unless (-f "$config{varfile}"); - - clean_exit("variable file \"$config{varfile}\" is not writable by you.") - if (!$config{careful} && !-w "$config{varfile}"); - - # Make sure dist var files don't contain [back]slashes - # (probably means user confused it with local var file). - my %dist_var_files; - foreach my $dist_var_file (@{${config{dist_var_files}}}) { - clean_exit("variable file \"$dist_var_file\" specified multiple times") - if (exists($dist_var_files{$dist_var_file})); - $dist_var_files{$dist_var_file} = 1; - clean_exit("variable file \"$dist_var_file\" contains slashes or backslashes ". - "but it must be specified as a filename (without path) ". - "that exists in the downloaded rules, e.g. \"snort.conf\"") - if ($dist_var_file =~ /\// || $dist_var_file =~ /\\/); - } - } - - # Make sure all required binaries can be found, unless - # we're used to use Perl modules instead. - # Wget is only required if url is http[s] or ftp. - if ($config{use_external_bins}) { - foreach my $binary (@req_binaries) { - clean_exit("$binary not found in PATH ($ENV{PATH}).") - unless (is_in_path($binary)); - } - } - - # Make sure $url is defined (either by -u <url> or url=... in the conf). - clean_exit("URL not specified. Specify at least one \"url=<url>\" in the \n". - "Oinkmaster configuration file or use the \"-u <url>\" argument") - if ($#{$config{url}} == -1); - - # Make sure all urls look ok, and untaint them. - my @urls = @{$config{url}}; - $#{$config{url}} = -1; - foreach my $url (@urls) { - clean_exit("incorrect URL: \"$url\"") - unless ($url =~ /^((?:https*|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/ - || $url =~ /^(dir:\/\/.+)/); - my $ok_url = $1; - - if ($ok_url =~ /^dir:\/\/(.+)/) { - my $dir = untaint_path($1); - clean_exit("\"$dir\" does not exist or is not a directory") - unless (-d $dir); - - # Simple check if the output dir is specified as url (probably a mistake). - if (File::Spec->canonpath(File::Spec->rel2abs($dir)) - eq File::Spec->canonpath(File::Spec->rel2abs($config{output_dir}))) { - clean_exit("Download directory can not be same as output directory"); - } - } - push(@{$config{url}}, $ok_url); - } - - # Wget must be found if url is http[s]:// or ftp://. - if ($config{use_external_bins}) { - clean_exit("wget not found in PATH ($ENV{PATH}).") - if ($config{'url'} =~ /^(https*|ftp):/ && !is_in_path("wget")); - } - - # scp must be found if scp://... - clean_exit("scp not found in PATH ($ENV{PATH}).") - if ($config{'url'} =~ /^scp:/ && !is_in_path("scp")); - - # ssh key must exist if specified and url is scp://... - clean_exit("ssh key \"$config{scp_key}\" does not exist.") - if ($config{'url'} =~ /^scp:/ && exists($config{scp_key}) - && !-e $config{scp_key}); - - # Untaint output directory string. - $config{output_dir} = untaint_path($config{output_dir}); - - # Make sure the output directory exists and is readable. - clean_exit("the output directory \"$config{output_dir}\" doesn't exist ". - "or isn't readable by you.") - if (!-d "$config{output_dir}" || !-x "$config{output_dir}"); - - # Make sure the output directory is writable unless running in careful mode. - clean_exit("the output directory \"$config{output_dir}\" isn't writable by you.") - if (!$config{careful} && !-w "$config{output_dir}"); - - # Make sure we have read permission on all rules files in the output dir, - # and also write permission unless we're in careful mode. - # This is to avoid bailing out in the middle of an execution if a copy - # fails because of permission problem. - opendir(OUTDIR, "$config{output_dir}") - or clean_exit("could not open directory $config{output_dir}: $!"); - - while ($_ = readdir(OUTDIR)) { - next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_})); - - if (/$config{update_files}/) { - unless (-r "$config{output_dir}/$_") { - closedir(OUTDIR); - clean_exit("no read permission on \"$config{output_dir}/$_\"\n". - "Read permission is required on all rules files ". - "inside the output directory.\n") - } - - if (!$config{careful} && !-w "$config{output_dir}/$_") { - closedir(OUTDIR); - clean_exit("no write permission on \"$config{output_dir}/$_\"\n". - "Write permission is required on all rules files ". - "inside the output directory.\n") - } - } - } - - closedir(OUTDIR); - - # Make sure the backup directory exists and is writable if running with -b. - if ($config{make_backup}) { - $config{backup_dir} = untaint_path($config{backup_dir}); - clean_exit("the backup directory \"$config{backup_dir}\" doesn't exist or ". - "isn't writable by you.") - if (!-d "$config{backup_dir}" || !-w "$config{backup_dir}"); - } - - # Convert tmp_basedir to cygwin style if running cygwin and msdos style was specified. - if ($^O eq "cygwin" && $config{tmp_basedir} =~ /^[a-zA-Z]:[\/\\]/) { - msdos_to_cygwin_path(\$config{tmp_basedir}) - or clean_exit("could not convert temporary dir to cygwin style"); - } - - # Make sure temporary directory exists. - clean_exit("the temporary directory \"$config{tmp_basedir}\" does not ". - "exist or isn't writable by you.") - if (!-d "$config{tmp_basedir}" || !-w "$config{tmp_basedir}"); - - # Also untaint it. - $config{tmp_basedir} = untaint_path($config{tmp_basedir}); - - # Make sure stdin and stdout are ttys if we're running in interactive mode. - clean_exit("you can not run in interactive mode when STDIN/STDOUT is not a TTY.") - if ($config{interactive} && !(-t STDIN && -t STDOUT)); -} - - - -# Download the rules archive. -sub download_file($ $) -{ - my $url = shift; - my $localfile = shift; - my $log = "$tmpdir/wget.log"; - my $ret; - - # If there seems to be a password in the url, replace it with "*password*" - # and use new string when printing the url to screen. - my $obfuscated_url = $url; - $obfuscated_url = "$1:*password*\@$2" - if ($obfuscated_url =~ /^(\S+:\/\/.+?):.+?@(.+)/); - - # Ofbuscate oinkcode as well. - $obfuscated_url = "$1*oinkcode*$2" - if ($obfuscated_url =~ /^(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i); - - my @user_agent_opt; - @user_agent_opt = ("-U", $config{user_agent}) if (exists($config{user_agent})); - - # Use wget if URL starts with "http[s]" or "ftp" and we use external binaries. - if ($config{use_external_bins} && $url =~ /^(?:https*|ftp)/) { - print STDERR "Downloading file from $obfuscated_url... " - unless ($config{quiet}); - - if ($config{verbose}) { - print STDERR "\n"; - my @wget_cmd = ("wget", "-v", "-O", $localfile, $url, @user_agent_opt); - clean_exit("could not download from $obfuscated_url") - if (system(@wget_cmd)); - - } else { - my @wget_cmd = ("wget", "-v", "-o", $log, "-O", $localfile, $url, @user_agent_opt); - if (system(@wget_cmd)) { - my $log_output; - open(LOG, "<", "$log") - or clean_exit("could not open $log for reading: $!"); - # Sanitize oinkcode in wget's log (password is automatically sanitized). - while (<LOG>) { - $_ = "$1*oinkcode*$2" - if (/(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i); - $log_output .= $_; - } - close(LOG); - clean_exit("could not download from $obfuscated_url. ". - "Output from wget follows:\n\n $log_output"); - } - print STDERR "done.\n" unless ($config{quiet}); - } - - # Use LWP if URL starts with "http[s]" or "ftp" and use_external_bins=0. - } elsif (!$config{use_external_bins} && $url =~ /^(?:https*|ftp)/) { - print STDERR "Downloading file from $obfuscated_url... " - unless ($config{quiet}); - - my %lwp_opt; - $lwp_opt{agent} = $config{user_agent} if (exists($config{user_agent})); - - my $ua = LWP::UserAgent->new(%lwp_opt); - $ua->env_proxy; - my $request = HTTP::Request->new(GET => $url); - my $response = $ua->request($request, $localfile); - - clean_exit("could not download from $obfuscated_url: " . $response->status_line) - unless $response->is_success; - - print "done.\n" unless ($config{quiet}); - - # Grab file from local filesystem if file://... - } elsif ($url =~ /^file/) { - $url =~ s/^file:\/\///; - - clean_exit("the file $url does not exist.") - unless (-e "$url"); - - clean_exit("the file $url is empty.") - unless (-s "$url"); - - print STDERR "Copying file from $url... " - unless ($config{quiet}); - - copy("$url", "$localfile") - or clean_exit("unable to copy $url to $localfile: $!"); - - print STDERR "done.\n" - unless ($config{quiet}); - - # Grab file using scp if scp://... - } elsif ($url =~ /^scp/) { - $url =~ s/^scp:\/\///; - - my @cmd; - push(@cmd, "scp"); - push(@cmd, "-i", "$config{scp_key}") if (exists($config{scp_key})); - push(@cmd, "-q") if ($config{quiet}); - push(@cmd, "-v") if ($config{verbose}); - push(@cmd, "$url", "$localfile"); - - print STDERR "Copying file from $url using scp:\n" - unless ($config{quiet}); - - clean_exit("scp returned error when trying to copy $url") - if (system(@cmd)); - - # Unknown download method. - } else { - clean_exit("unknown or unsupported download method\n"); - } - - # Make sure the downloaded file actually exists. - clean_exit("failed to download $url: ". - "local target file $localfile doesn't exist after download.") - unless (-e "$localfile"); - - # Also make sure it's at least non-empty. - clean_exit("failed to download $url: local target file $localfile is empty ". - "after download (perhaps you're out of diskspace or file in url is empty?)") - unless (-s "$localfile"); -} - - - -# Copy all rules files from the tmp dirs (one for each url) -# into a single directory inside the tmp dir, except for files -# matching a 'skipfile' directive'. -# Will exit in case of colliding filenames. -sub join_tmp_rules_dirs($ $ @) -{ - my $rules_dir = shift; - my $new_files_ref = shift; - my @url_tmpdirs = @_; - - my %rules_files; - - clean_exit("failed to create directory \"$rules_dir\": $!") - unless (mkdir($rules_dir)); - - foreach my $url_tmpdir (@url_tmpdirs) { - opendir(URL_TMPDIR, "$url_tmpdir") - or clean_exit("could not open directory \"$url_tmpdir\": $!"); - - while ($_ = readdir(URL_TMPDIR)) { - next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}) || !/$config{update_files}/); - - if (exists($rules_files{$_})) { - closedir(URL_TMPDIR); - clean_exit("a file called \"$_\" exists in multiple rules archives") - } - - # Make sure it's a regular file. - unless (-f "$url_tmpdir/$_" && !-l "$url_tmpdir/$_") { - closedir(URL_TMPDIR); - clean_exit("downloaded \"$_\" is not a regular file.") - } - - $rules_files{$_} = 1; - $$new_files_ref{"$rules_dir/$_"} = 1; - - my $src_file = untaint_path("$url_tmpdir/$_"); - unless (copy("$src_file", "$rules_dir")) { - closedir(URL_TMPDIR); - clean_exit("could not copy \"$src_file\" to \"$rules_dir\": $!"); - } - } - - closedir(URL_TMPDIR); - } - - return (keys(%$new_files_ref)); -} - - - -# Make a few basic sanity checks on the rules archive and then -# uncompress/untar it if everything looked ok. -sub unpack_rules_archive($ $ $) -{ - my $url = shift; # only used when printing warnings/errors - my $archive = shift; - my $rules_dir = shift; - - my ($tar, @tar_content); - - my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir())); - - my $dir = dirname($archive); - chdir("$dir") or clean_exit("$url: could not change directory to \"$dir\": $!"); - - if ($config{use_external_bins}) { - - # Run integrity check on the gzip file. - clean_exit("$url: integrity check on gzip file failed (file transfer failed or ". - "file in URL not in gzip format?).") - if (system("gzip", "-t", "$archive")); - - # Decompress it. - system("gzip", "-d", "$archive") - and clean_exit("$url: unable to uncompress $archive."); - - # Suffix has now changed from .tar.gz|.tgz to .tar. - $archive =~ s/\.gz$//; - - # Make sure the .tar file now exists. - # (Gzip may not return an error if it was not a gzipped file...) - clean_exit("$url: failed to unpack gzip file (file transfer failed or ". - "file in URL not in tar'ed gzip format?).") - unless (-e "$archive"); - - my $stdout_file = "$tmpdir/tar_content.out"; - - open(OLDOUT, ">&STDOUT") or clean_exit("could not dup STDOUT: $!"); - open(STDOUT, ">$stdout_file") or clean_exit("could not redirect STDOUT: $!"); - - my $ret = system("tar", "tf", "$archive"); - - close(STDOUT); - open(STDOUT, ">&OLDOUT") or clean_exit("could not dup STDOUT: $!"); - close(OLDOUT); - - clean_exit("$url: could not list files in tar archive (is it broken?)") - if ($ret); - - open(TAR, "$stdout_file") or clean_exit("failed to open $stdout_file: $!"); - @tar_content = <TAR>; - close(TAR); - - # use_external_bins=0 - } else { - $tar = Archive::Tar->new($archive, 1); - clean_exit("$url: failed to read $archive (file transfer failed or ". - "file in URL not in tar'ed gzip format?).") - unless (defined($tar)); - @tar_content = $tar->list_files(); - } - - # Make sure we could grab some content from the tarball. - clean_exit("$url: could not list files in tar archive (is it broken?)") - if ($#tar_content < 0); - - # For each filename in the archive, do some basic sanity checks. - foreach my $filename (@tar_content) { - chomp($filename); - - # We don't want absolute filename. - clean_exit("$url: rules archive contains absolute filename. ". - "Offending file/line:\n$filename") - if ($filename =~ /^\//); - - # We don't want to have any weird characters anywhere in the filename. - clean_exit("$url: illegal character in filename in tar archive. Allowed are ". - "$OK_PATH_CHARS\nOffending file/line:\n$filename") - if ($config{use_path_checks} && $filename =~ /[^$OK_PATH_CHARS]/); - - # We don't want to unpack any "../../" junk (check is useless now though). - clean_exit("$url: filename in tar archive contains \"..\".\n". - "Offending file/line:\n$filename") - if ($filename =~ /\.\./); - } - - # Looks good. Now we can untar it. - print STDERR "Archive successfully downloaded, unpacking... " - unless ($config{quiet}); - - if ($config{use_external_bins}) { - clean_exit("failed to untar $archive.") - if system("tar", "xf", "$archive"); - } else { - mkdir("$rules_dir") or clean_exit("could not create \"$rules_dir\" directory: $!\n"); - foreach my $file ($tar->list_files) { - next unless ($file =~ /^$rules_dir\/[^\/]+$/); # only ^rules/<file>$ - - my $content = $tar->get_content($file); - - # Symlinks in the archive will make get_content return undef. - clean_exit("could not get content from file \"$file\" in downloaded archive, ". - "make sure it is a regular file\n") - unless (defined($content)); - - open(RULEFILE, ">", "$file") - or clean_exit("could not open \"$file\" for writing: $!\n"); - print RULEFILE $content; - close(RULEFILE); - } - } - - # Make sure that non-empty rules directory existed in archive. - # We permit empty rules directory if min_files is set to 0 though. - clean_exit("$url: no \"$rules_dir\" directory found in tar file.") - unless (-d "$dir/$rules_dir"); - - my $num_files = 0; - opendir(RULESDIR, "$dir/$rules_dir") - or clean_exit("could not open directory \"$dir/$rules_dir\": $!"); - - while ($_ = readdir(RULESDIR)) { - next if (/^\.\.?$/); - $num_files++; - } - - closedir(RULESDIR); - - clean_exit("$url: directory \"$rules_dir\" in unpacked archive is empty") - if ($num_files == 0 && $config{min_files} != 0); - - chdir($old_dir) - or clean_exit("could not change directory back to $old_dir: $!"); - - print STDERR "done.\n" - unless ($config{quiet}); -} - - - -# Open all rules files in the temporary directory and disable/modify all -# rules/lines as requested in oinkmaster.conf, and then write back to the -# same files. Also clean unwanted whitespaces and duplicate sids from them. -sub process_rules($ $ $ $ $ $) -{ - my $modify_sid_ref = shift; - my $disable_sid_ref = shift; - my $enable_sid_ref = shift; - my $local_sid_ref = shift; - my $rh_tmp_ref = shift; - my $newfiles_ref = shift; - my %sids; - - my %stats = ( - disabled => 0, - enabled => 0, - modified => 0, - total => 0, - ); - - warn("WARNING: all rules that are disabled by default will be enabled\n") - if ($config{enable_all} && !$config{quiet}); - - print STDERR "Processing downloaded rules... " - unless ($config{quiet}); - - print STDERR "\n" - if ($config{verbose}); - - # Phase #1 - process all active rules and store in temporary hash. - # In case of dups, we use the one with the highest rev. - foreach my $file (sort(keys(%$newfiles_ref))) { - - open(INFILE, "<", "$file") - or clean_exit("could not open $file for reading: $!"); - my @infile = <INFILE>; - close(INFILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - - # We don't care about non-rules in this phase. - next RULELOOP if (defined($nonrule)); - - # Even if it was a single-line rule, we want a copy in $multi. - $multi = $single unless (defined($multi)); - - my %rule = ( - single => $single, - multi => $multi, - ); - - # modify/disable/enable this rule as requested unless there is a matching - # localsid statement. Possible verbose messages and warnings will be printed. - unless (exists($$local_sid_ref{$sid})) { - process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref, - \%rule, $sid, \%stats, 1, basename($file)); - } - - $stats{total}++; - - $single = $rule{single}; - $multi = $rule{multi}; - - # Only care about active rules in this phase (the rule may have been - # disabled by a disablesid or a modifysid statement above, so we can't - # do this check earlier). - next RULELOOP if ($multi =~ /^#/); - - # Is it a dup? If so, see if this seems to be more recent (higher rev). - if (exists($sids{$sid})) { - warn("\nWARNING: duplicate SID in downloaded archive, SID=$sid, ". - "only keeping rule with highest 'rev'\n") - unless($config{super_quiet}); - - my ($old_rev) = ($sids{$sid}{single} =~ /\brev\s*:\s*(\d+)\s*;/); - my ($new_rev) = ($single =~ /\brev\s*:\s*(\d+)\s*;/); - - # This is so rules with a rev gets higher prio than - # rules without any rev. - $old_rev = -1 unless (defined($old_rev)); - $new_rev = -1 unless (defined($new_rev)); - - # If this rev is higher than the one in the last stored rule with - # this sid, replace rule with this one. This is also done if the - # revs are equal because we assume the rule appearing last in the - # rules file is the more recent rule. - if ($new_rev >= $old_rev) { - $sids{$sid}{single} = $single; - $sids{$sid}{multi} = $multi; - } - - # No dup. - } else { - $sids{$sid}{single} = $single; - $sids{$sid}{multi} = $multi; - } - } - } - - # Phase #2 - read all rules files again, but when writing active rules - # back to the files, use the one stored in the sid hash (which is free of dups). - foreach my $file (sort(keys(%$newfiles_ref))) { - - open(INFILE, "<", "$file") - or clean_exit("could not open $file for reading: $!"); - my @infile = <INFILE>; - close(INFILE); - - # Write back to the same file. - open(OUTFILE, ">", "$file") - or clean_exit("could not open $file for writing: $!"); - - my ($single, $multi, $nonrule, $msg, $sid); - - RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($nonrule)) { - print OUTFILE "$nonrule"; - next RULELOOP; - } - - # Even if it was a single-line rule, we want a copy in $multi. - $multi = $single unless (defined($multi)); - - # If this rule is marked as localized and has not yet been written, - # write the old version to the new rules file. - if (exists($$local_sid_ref{$sid}) && !exists($sids{$sid}{printed})) { - - # Just ignore the rule in the downloaded file if it doesn't - # exist in the same local file. - unless(exists($$rh_tmp_ref{old}{rules}{basename($file)}{$sid})) { - warn("WARNING: SID $sid is marked as local and exists in ". - "downloaded " . basename($file) . " but the SID does not ". - "exist in the local file, ignoring rule\n") - if ($config{verbose}); - - next RULELOOP; - } - - print OUTFILE $$rh_tmp_ref{old}{rules}{basename($file)}{$sid}; - $sids{$sid}{printed} = 1; - - warn("SID $sid is marked as local, keeping your version from ". - basename($file) . ".\n". - "Your version: $$rh_tmp_ref{old}{rules}{basename($file)}{$sid}". - "Downloaded version: $multi\n") - if ($config{verbose}); - - next RULELOOP; - } - - my %rule = ( - single => $single, - multi => $multi, - ); - - # modify/disable/enable this rule. Possible verbose messages and warnings - # will not be printed (again) as this was done in the first phase. - # We send the stats to a dummy var as this was collected on the - # first phase as well. - process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref, - \%rule, $sid, \my %unused_stats, 0, basename($file)); - - $single = $rule{single}; - $multi = $rule{multi}; - - # Disabled rules are printed right back to the file, unless - # there also is an active rule with the same sid. Als o make - # sure we only print the sid once, even though it's disabled. - if ($multi =~ /^#/ && !exists($sids{$sid}) && !exists($sids{$sid}{printed})) { - print OUTFILE $multi; - $sids{$sid}{printed} = 1; - next RULELOOP; - } - - # If this sid has not yet been printed and this is the place where - # the sid with the highest rev was, print the rule to the file. - # (There can be multiple totally different rules with the same sid - # and we don't want to put the wrong rule in the wrong place. - if (!exists($sids{$sid}{printed}) && $single eq $sids{$sid}{single}) { - print OUTFILE $multi; - $sids{$sid}{printed} = 1; - } - } - - close(OUTFILE); - } - - print STDERR "disabled $stats{disabled}, enabled $stats{enabled}, ". - "modified $stats{modified}, total=$stats{total}\n" - unless ($config{quiet}); - - # Print warnings on attempt at enablesid/disablesid/localsid on non-existent - # rule if we're in verbose mode. - if ($config{verbose}) { - foreach my $sid (keys(%$enable_sid_ref)) { - warn("WARNING: attempt to use \"enablesid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - - foreach my $sid (keys(%$disable_sid_ref)) { - warn("WARNING: attempt to use \"disablesid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - - foreach my $sid (keys(%$local_sid_ref)) { - warn("WARNING: attempt to use \"localsid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - } - - # Print warnings on attempt at modifysid'ing non-existent stuff, unless quiet mode. - unless ($config{quiet}) { - my %new_files; - foreach my $file (sort(keys(%$newfiles_ref))) { - $new_files{basename($file)} = 1; - } - - my %mod_tmp; - foreach my $mod_expr (@$modify_sid_ref) { - my ($type, $arg) = ($mod_expr->[2], $mod_expr->[3]); - $mod_tmp{$type}{$arg} = 1; - } - - foreach my $sid (keys(%{$mod_tmp{sid}})) { - warn("WARNING: attempt to use \"modifysid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - - foreach my $file (keys(%{$mod_tmp{file}})) { - warn("WARNING: attempt to use \"modifysid\" on non-existent file $file\n") - unless(exists($new_files{$file})); - } - } - - # Return total number of valid rules. - return ($stats{total}); -} - - - -# Process (modify/enable/disable) a rule as requested. -sub process_rule($ $ $ $ $ $ $ $) -{ - my $modify_sid_ref = shift; - my $disable_sid_ref = shift; - my $enable_sid_ref = shift; - my $rule_ref = shift; - my $sid = shift; - my $stats_ref = shift; - my $print_messages = shift; - my $filename = shift; - - # Just for easier access. - my $single = $$rule_ref{single}; - my $multi = $$rule_ref{multi}; - - # Some rules may be commented out by default. - # Enable them if -e is specified (both single-line and multi-line, - # version, because we don't know which version one we're going to - # use below. - # Enable them if -e is specified. - if ($multi =~ /^#/ && $config{enable_all}) { - $multi =~ s/^#*//; - $multi =~ s/\n#*/\n/g; - $single =~ s/^#*//; - $$stats_ref{enabled}++; - } - - # Modify rule if requested. For disablesid/enablesid we work - # on the multi-line version of the rule (if exists). For - # modifysid that's no good since we don't know where in the - # rule the trailing backslashes and newlines are going to be - # and we don't want them to affect the regexp. - MOD_EXP:foreach my $mod_expr (@$modify_sid_ref) { - my ($subst, $repl, $type, $arg) = - ($mod_expr->[0], $mod_expr->[1], $mod_expr->[2], $mod_expr->[3]); - - my $print_modify_warnings = 0; - $print_modify_warnings = 1 if (!$config{super_quiet} && $print_messages && $type eq "sid"); - - if ($type eq "wildcard" || ($type eq "sid" && $sid eq $arg) || - ($type eq "file" && $filename eq $arg)) { - - if ($single =~ /$subst/si) { - print STDERR "Modifying rule, SID=$sid, filename=$filename, ". - "match type=$type, subst=$subst, ". - "repl=$repl\nBefore: $single" - if ($print_messages && $config{verbose}); - - - # If user specified a backreference but the regexp did not set $1 - don't modify rule. - if (!defined($1) && ($repl =~ /[^\\]\$\d+/ || $repl =~ /[^\\]\$\{\d+\}/ - || $repl =~ /^qq\/\$\d+/ || $repl =~ /^qq\/\$\{\d+\}/)) { - warn("WARNING: SID $sid matches modifysid expression \"$subst\" but ". - "backreference variable \$1 is undefined after match, ". - "keeping original rule\n") - if ($print_modify_warnings); - next MOD_EXP; - } - - # Do the substitution on the single-line version and put it - # back in $multi. - $single =~ s/$subst/$repl/eei; - $multi = $single; - - print STDERR "After: $single\n" - if ($print_messages && $config{verbose}); - - $$stats_ref{modified}++; - } else { - if ($print_modify_warnings) { - warn("WARNING: SID $sid does not match modifysid ". - "expression \"$subst\", keeping original rule\n"); - } - } - } - } - - # Disable rule if requested and it's not already disabled. - if (exists($$disable_sid_ref{$sid}) && $multi !~ /^\s*#/) { - $multi = "#$multi"; - $multi =~ s/\n([^#].+)/\n#$1/g; - $$stats_ref{disabled}++; - } - - # Enable rule if requested and it's not already enabled. - if (exists($$enable_sid_ref{$sid}) && $multi =~ /^\s*#/) { - $multi =~ s/^#+//; - $multi =~ s/\n#+(.+)/\n$1/g; - $$stats_ref{enabled}++; - } - - $$rule_ref{single} = $single; - $$rule_ref{multi} = $multi; -} - - - -# Setup rules hash. -# Format for rules will be: rh{old|new}{rules{filename}{sid} = single-line rule -# Format for non-rules will be: rh{old|new}{other}{filename} = array of lines -# List of added files will be stored as rh{added_files}{filename} -sub setup_rules_hash($ $) -{ - my $new_files_ref = shift; - my $output_dir = shift; - - my (%rh, %old_sids); - - print STDERR "Setting up rules structures... " - unless ($config{quiet}); - - foreach my $file (sort(keys(%$new_files_ref))) { - warn("\nWARNING: downloaded rules file $file is empty\n") - if (!-s "$file" && $config{verbose}); - - open(NEWFILE, "<", "$file") - or clean_exit("could not open $file for reading: $!"); - my @newfile = <NEWFILE>; - close(NEWFILE); - - # From now on we don't care about the path, so remove it. - $file = basename($file); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@newfile, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($single)) { - $rh{new}{rules}{"$file"}{"$sid"} = $single; - } else { - push(@{$rh{new}{other}{"$file"}}, $nonrule); - } - } - - # Also read in old (aka local) file if it exists. - # We do a sid dup check in these files. - if (-f "$output_dir/$file") { - open(OLDFILE, "<", "$output_dir/$file") - or clean_exit("could not open $output_dir/$file for reading: $!"); - my @oldfile = <OLDFILE>; - close(OLDFILE); - - while (get_next_entry(\@oldfile, \$single, \$multi, \$nonrule, undef, \$sid)) { - if (defined($single)) { - warn("\nWARNING: duplicate SID in your local rules, SID ". - "$sid exists multiple times, you may need to fix this manually!\n") - if (exists($old_sids{$sid})); - - $rh{old}{rules}{"$file"}{"$sid"} = $single; - $old_sids{$sid}++; - } else { - push(@{$rh{old}{other}{"$file"}}, $nonrule); - } - } - } else { - $rh{added_files}{"$file"}++; - } - } - - print STDERR "done.\n" - unless ($config{quiet}); - - return (%rh); -} - - - -# Return lines that exist only in first array but not in second one. -sub get_first_only($ $ $) -{ - my $first_only_ref = shift; - my $first_arr_ref = shift; - my $second_arr_ref = shift; - my %arr_hash; - - @arr_hash{@$second_arr_ref} = (); - - foreach my $line (@$first_arr_ref) { - - # Skip blank lines and CVS Id tags. - next unless ($line =~ /\S/); - next if ($line =~ /^\s*#+\s*\$I\S:.+Exp\s*\$/); - - push(@$first_only_ref, $line) - unless(exists($arr_hash{$line})); - } -} - - - -# Backup files in output dir matching $config{update_files} into the backup dir. -sub make_backup($ $) -{ - my $src_dir = shift; # dir with the rules to be backed up - my $dest_dir = shift; # where to put the backup tarball - - my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5]; - - my $date = sprintf("%4d%02d%02d-%02d%02d%02d", - $year + 1900, $mon + 1, $mday, $hour, $min, $sec); - - my $backup_tarball = "rules-backup-$date.tar"; - my $backup_tmp_dir = File::Spec->catdir("$tmpdir", "rules-backup-$date"); - my $dest_file = File::Spec->catfile("$dest_dir", "$backup_tarball.gz"); - - print STDERR "Creating backup of old rules..." - unless ($config{quiet}); - - mkdir("$backup_tmp_dir", 0700) - or clean_exit("could not create temporary backup directory $backup_tmp_dir: $!"); - - # Copy all rules files from the rules dir to the temporary backup dir. - opendir(OLDRULES, "$src_dir") - or clean_exit("could not open directory $src_dir: $!"); - - while ($_ = readdir(OLDRULES)) { - next if (/^\.\.?$/); - if (/$config{update_files}/) { - my $src_file = untaint_path("$src_dir/$_"); - copy("$src_file", "$backup_tmp_dir/") - or warn("WARNING: could not copy $src_file to $backup_tmp_dir/: $!"); - } - } - - closedir(OLDRULES); - - # Also backup the -U <file> (as "variable-file.conf") if specified. - if ($config{update_vars}) { - copy("$config{varfile}", "$backup_tmp_dir/variable-file.conf") - or warn("WARNING: could not copy $config{varfile} to $backup_tmp_dir: $!") - } - - my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir())); - - # Change directory to $tmpdir (so we'll be right below the directory where - # we have our rules to be backed up). - chdir("$tmpdir") or clean_exit("could not change directory to $tmpdir: $!"); - - if ($config{use_external_bins}) { - clean_exit("tar command returned error when archiving backup files.\n") - if (system("tar","cf","$backup_tarball","rules-backup-$date")); - - clean_exit("gzip command returned error when compressing backup file.\n") - if (system("gzip","$backup_tarball")); - - $backup_tarball .= ".gz"; - - } else { - my $tar = Archive::Tar->new; - opendir(RULES, "rules-backup-$date") - or clean_exit("unable to open directory \"rules-backup-$date\": $!"); - - while ($_ = readdir(RULES)) { - next if (/^\.\.?$/); - $tar->add_files("rules-backup-$date/$_"); - } - - closedir(RULES); - - $backup_tarball .= ".gz"; - - # Write tarball. Print stupid error message if it fails as - # we can't use $tar->error or Tar::error on all platforms. - $tar->write("$backup_tarball", 1); - - clean_exit("could not create backup archive: tarball empty after creation\n") - unless (-s "$backup_tarball"); - } - - # Change back to old directory (so it will work with -b <directory> as either - # an absolute or a relative path. - chdir("$old_dir") - or clean_exit("could not change directory back to $old_dir: $!"); - - copy("$tmpdir/$backup_tarball", "$dest_file") - or clean_exit("unable to copy $tmpdir/$backup_tarball to $dest_file/: $!\n"); - - print STDERR " saved as $dest_file.\n" - unless ($config{quiet}); -} - - - -# Print the results. -sub print_changes($ $) -{ - my $ch_ref = shift; - my $rh_ref = shift; - - my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5]; - - my $date = sprintf("%4d%02d%02d %02d:%02d:%02d", - $year + 1900, $mon + 1, $mday, $hour, $min, $sec); - - print "\n[***] Results from Oinkmaster started $date [***]\n"; - - # Print new variables. - if ($config{update_vars}) { - if ($#{$$ch_ref{new_vars}} > -1) { - print "\n[*] New variables: [*]\n"; - foreach my $var (@{$$ch_ref{new_vars}}) { - print " $var"; - } - } else { - print "\n[*] New variables: [*]\n None.\n" - unless ($config{super_quiet}); - } - } - - - # Print rules modifications. - print "\n[*] Rules modifications: [*]\n None.\n" - if (!keys(%{$$ch_ref{rules}}) && !$config{super_quiet}); - - # Print added rules. - if (exists($$ch_ref{rules}{added})) { - print "\n[+++] Added rules: [+++]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{added}}, $rh_ref); - } else { - print_changetype($PRINT_NEW, "Added to", - \%{$$ch_ref{rules}{added}}, $rh_ref); - } - } - - # Print enabled rules. - if (exists($$ch_ref{rules}{ena})) { - print "\n[+++] Enabled rules: [+++]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{ena}}, $rh_ref); - } else { - print_changetype($PRINT_NEW, "Enabled in", - \%{$$ch_ref{rules}{ena}}, $rh_ref); - } - } - - # Print enabled + modified rules. - if (exists($$ch_ref{rules}{ena_mod})) { - print "\n[+++] Enabled and modified rules: [+++]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{ena_mod}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Enabled and modified in", - \%{$$ch_ref{rules}{ena_mod}}, $rh_ref); - } - } - - # Print modified active rules. - if (exists($$ch_ref{rules}{mod_act})) { - print "\n[///] Modified active rules: [///]\n"; - - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{mod_act}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Modified active in", - \%{$$ch_ref{rules}{mod_act}}, $rh_ref); - } - } - - # Print modified inactive rules. - if (exists($$ch_ref{rules}{mod_ina})) { - print "\n[///] Modified inactive rules: [///]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{mod_ina}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Modified inactive in", - \%{$$ch_ref{rules}{mod_ina}}, $rh_ref); - } - } - - # Print disabled + modified rules. - if (exists($$ch_ref{rules}{dis_mod})) { - print "\n[---] Disabled and modified rules: [---]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{dis_mod}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Disabled and modified in", - \%{$$ch_ref{rules}{dis_mod}}, $rh_ref); - } - } - - # Print disabled rules. - if (exists($$ch_ref{rules}{dis})) { - print "\n[---] Disabled rules: [---]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{dis}}, $rh_ref); - } else { - print_changetype($PRINT_NEW, "Disabled in", - \%{$$ch_ref{rules}{dis}}, $rh_ref); - } - } - - # Print removed rules. - if (exists($$ch_ref{rules}{removed})) { - print "\n[---] Removed rules: [---]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{removed}}, $rh_ref); - } else { - print_changetype($PRINT_OLD, "Removed from", - \%{$$ch_ref{rules}{removed}}, $rh_ref); - } - } - - - # Print non-rule modifications. - print "\n[*] Non-rule line modifications: [*]\n None.\n" - if (!keys(%{$$ch_ref{other}}) && !$config{super_quiet}); - - # Print added non-rule lines. - if (exists($$ch_ref{other}{added})) { - print "\n[+++] Added non-rule lines: [+++]\n"; - foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{added}}))) { - my $num = $#{$$ch_ref{other}{added}{$file}} + 1; - print "\n -> Added to $file ($num):\n"; - foreach my $line (@{$$ch_ref{other}{added}{$file}}) { - print " $line"; - } - } - } - - # Print removed non-rule lines. - if (keys(%{$$ch_ref{other}{removed}}) > 0) { - print "\n[---] Removed non-rule lines: [---]\n"; - foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{removed}}))) { - my $num = $#{$$ch_ref{other}{removed}{$file}} + 1; - print "\n -> Removed from $file ($num):\n"; - foreach my $other (@{$$ch_ref{other}{removed}{$file}}) { - print " $other"; - } - } - } - - - # Print list of added files. - if (keys(%{$$ch_ref{added_files}})) { - print "\n[+] Added files (consider updating your snort.conf to include them if needed): [+]\n\n"; - foreach my $added_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{added_files}}))) { - print " -> $added_file\n"; - } - } else { - print "\n[*] Added files: [*]\n None.\n" - unless ($config{super_quiet} || $config{summary_output}); - } - - # Print list of possibly removed files if requested. - if ($config{check_removed}) { - if (keys(%{$$ch_ref{removed_files}})) { - print "\n[-] Files possibly removed from the archive ". - "(consider removing them from your snort.conf if needed): [-]\n\n"; - foreach my $removed_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{removed_files}}))) { - print " -> $removed_file\n"; - } - } else { - print "\n[*] Files possibly removed from the archive: [*]\n None.\n" - unless ($config{super_quiet} || $config{summary_output}); - } - } - - print "\n"; -} - - - -# Helper for print_changes(). -sub print_changetype($ $ $ $) -{ - my $type = shift; # $PRINT_OLD|$PRINT_NEW|$PRINT_BOTH - my $string = shift; # string to print before filename - my $ch_ref = shift; # reference to an entry in the rules changes hash - my $rh_ref = shift; # reference to rules hash - - foreach my $file (sort({uc($a) cmp uc($b)} keys(%$ch_ref))) { - my $num = keys(%{$$ch_ref{$file}}); - print "\n -> $string $file ($num):\n"; - foreach my $sid (keys(%{$$ch_ref{$file}})) { - if ($type == $PRINT_OLD) { - print " $$rh_ref{old}{rules}{$file}{$sid}" - } elsif ($type == $PRINT_NEW) { - print " $$rh_ref{new}{rules}{$file}{$sid}" - } elsif ($type == $PRINT_BOTH) { - - my $old = $$rh_ref{old}{rules}{$file}{$sid}; - my $new = $$rh_ref{new}{rules}{$file}{$sid}; - - if ($config{minimize_diff}) { - my ($old, $new) = minimize_diff($old, $new); - print "\n old SID $sid: $old"; - print " new SID $sid: $new"; - } else { - print "\n old: $old"; - print " new: $new"; - } - } - } - } -} - - - -# Print changes in bmc style, i.e. only sid and msg, no full details. -sub print_summary_change($ $) -{ - my $ch_ref = shift; # reference to an entry in the rules changes hash - my $rh_ref = shift; # reference to rules hash - - my (@sids, %sidmap); - - print "\n"; - - # First get all the sids (may be spread across multiple files. - foreach my $file (keys(%$ch_ref)) { - foreach my $sid (keys(%{$$ch_ref{$file}})) { - push(@sids, $sid); - if (exists($$rh_ref{new}{rules}{$file}{$sid})) { - $sidmap{$sid}{rule} = $$rh_ref{new}{rules}{$file}{$sid}; - } else { - $sidmap{$sid}{rule} = $$rh_ref{old}{rules}{$file}{$sid}; - } - $sidmap{$sid}{file} = $file; - } - } - - # Print rules, sorted by sid. - foreach my $sid (sort {$a <=> $b} (@sids)) { - my @rule = $sidmap{$sid}{rule}; - my $file = $sidmap{$sid}{file}; - get_next_entry(\@rule, undef, undef, undef, \(my $msg), undef); - printf("%8d - %s (%s)\n", $sid, $msg, $file); - } - - print "\n"; -} - - - -# Compare the new rules to the old ones. -sub get_changes($ $ $) -{ - my $rh_ref = shift; - my $new_files_ref = shift; - my $rules_dir = shift; - my %changes; - - print STDERR "Comparing new files to the old ones... " - unless ($config{quiet}); - - # We have the list of added files (without full path) in $rh_ref{added_files} - # but we'd rather want to have it in $changes{added_files} now. - $changes{added_files} = $$rh_ref{added_files}; - - # New files are also regarded as modified since we want to update - # (i.e. add) those as well. Here we want them with full path. - foreach my $file (keys(%{$changes{added_files}})) { - $changes{modified_files}{"$tmpdir/$rules_dir/$file"}++; - } - - # Add list of possibly removed files if requested. - if ($config{check_removed}) { - opendir(OLDRULES, "$config{output_dir}") - or clean_exit("could not open directory $config{output_dir}: $!"); - - while ($_ = readdir(OLDRULES)) { - next if (/^\.\.?$/); - $changes{removed_files}{"$_"} = 1 - if (/$config{update_files}/ && - !exists($config{file_ignore_list}{$_}) && - !-e "$tmpdir/$rules_dir/$_"); - } - - closedir(OLDRULES); - } - - # For each new rules file... - FILELOOP:foreach my $file_w_path (sort(keys(%$new_files_ref))) { - my $file = basename($file_w_path); - - # Skip comparison if it's an added file. - next FILELOOP if (exists($$rh_ref{added_files}{$file})); - - # For each sid in the new file... - foreach my $sid (keys(%{$$rh_ref{new}{rules}{$file}})) { - my $new_rule = $$rh_ref{new}{rules}{$file}{$sid}; - - # Sid also exists in the old file? - if (exists($$rh_ref{old}{rules}{$file}{$sid})) { - my $old_rule = $$rh_ref{old}{rules}{$file}{$sid}; - - # Are they identical? - unless ($new_rule eq $old_rule) { - $changes{modified_files}{$file_w_path}++; - - # Find out in which way the rules are different. - if ("#$old_rule" eq $new_rule) { - $changes{rules}{dis}{$file}{$sid}++; - } elsif ($old_rule eq "#$new_rule") { - $changes{rules}{ena}{$file}{$sid}++; - } elsif ($old_rule =~ /^\s*#/ && $new_rule !~ /^\s*#/) { - $changes{rules}{ena_mod}{$file}{$sid}++; - } elsif ($old_rule !~ /^\s*#/ && $new_rule =~ /^\s*#/) { - $changes{rules}{dis_mod}{$file}{$sid}++; - } elsif ($old_rule =~ /^\s*#/ && $new_rule =~ /^\s*#/) { - $changes{rules}{mod_ina}{$file}{$sid}++; - } else { - $changes{rules}{mod_act}{$file}{$sid}++; - } - - } - } else { # sid not found in old file, i.e. it's added - $changes{modified_files}{$file_w_path}++; - $changes{rules}{added}{$file}{$sid}++; - } - } # foreach sid - - # Check for removed rules, i.e. sids that exist in the old file but - # not in the new one. - foreach my $sid (keys(%{$$rh_ref{old}{rules}{$file}})) { - unless (exists($$rh_ref{new}{rules}{$file}{$sid})) { - $changes{modified_files}{$file_w_path}++; - $changes{rules}{removed}{$file}{$sid}++; - } - } - - # Check for added non-rule lines. - get_first_only(\my @added, - \@{$$rh_ref{new}{other}{$file}}, - \@{$$rh_ref{old}{other}{$file}}); - - if (scalar(@added)) { - @{$changes{other}{added}{$file}} = @added; - $changes{modified_files}{$file_w_path}++; - } - - # Check for removed non-rule lines. - get_first_only(\my @removed, - \@{$$rh_ref{old}{other}{$file}}, - \@{$$rh_ref{new}{other}{$file}}); - - if (scalar(@removed)) { - @{$changes{other}{removed}{$file}} = @removed; - $changes{modified_files}{$file_w_path}++; - } - - } # foreach new file - - print STDERR "done.\n" unless ($config{quiet}); - - return (%changes); -} - - - -# Simply copy the modified rules files to the output directory. -sub update_rules($ @) -{ - my $dst_dir = shift; - my @modified_files = @_; - - print STDERR "Updating local rules files... " - if (!$config{quiet} || $config{interactive}); - - foreach my $file_w_path (@modified_files) { - copy("$file_w_path", "$dst_dir") - or clean_exit("could not copy $file_w_path to $dst_dir: $!"); - } - - print STDERR "done.\n" - if (!$config{quiet} || $config{interactive}); -} - - -# Simply copy rules files from one dir to another. -# Links are not allowed. -sub copy_rules($ $) -{ - my $src_dir = shift; - my $dst_dir = shift; - - print STDERR "Copying rules from $src_dir... " - if (!$config{quiet} || $config{interactive}); - - opendir(SRC_DIR, $src_dir) - or clean_exit("could not open directory $src_dir: $!"); - - my $num_files = 0; - while ($_ = readdir(SRC_DIR)) { - next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}) - || !/$config{update_files}/); - - my $src_file = untaint_path("$src_dir/$_"); - - # Make sure it's a regular file. - unless (-f "$src_file" && !-l "$src_file") { - closedir(SRC_DIR); - clean_exit("\"$src_file\" is not a regular file.") - } - - unless (copy($src_file, $dst_dir)) { - closedir(SRC_DIR); - clean_exit("could not copy \"$src_file\" to \"$dst_dir\"/: $!"); - } - $num_files++; - } - - closedir(SRC_DIR); - - print STDERR "$num_files files copied.\n" - if (!$config{quiet} || $config{interactive}); -} - - - -# Return true if file is in PATH and is executable. -sub is_in_path($) -{ - my $file = shift; - - foreach my $dir (File::Spec->path()) { - if ((-f "$dir/$file" && -x "$dir/$file") - || (-f "$dir/$file.exe" && -x "$dir/$file.exe")) { - print STDERR "Found $file binary in $dir\n" - if ($config{verbose}); - return (1); - } - } - - return (0); -} - - - -# get_next_entry() will parse the array referenced in the first arg -# and return the next entry. The array should contain a rules file, -# and the returned entry will be removed from the array. -# An entry is one of: -# - single-line rule (put in 2nd ref) -# - multi-line rule (put in 3rd ref) -# - non-rule line (put in 4th ref) -# If the entry is a multi-line rule, its single-line version is also -# returned (put in the 2nd ref). -# If it's a rule, the msg string will be put in 4th ref and sid in 5th. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - chomp($line); - $line .= "\n"; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - - # Invalid multi-line rule. - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Check if it's a regular single-line rule. - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - - # Non-rule line. - } else { - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Look for variables that exist in dist var files but not in local var file. -sub get_new_vars($ $ $ $) -{ - my $ch_ref = shift; - my $dist_var_files_ref = shift; - my $local_var_file = shift; - my $url_tmpdirs_ref = shift; - - my %new_vars; - my (%old_vars, %dist_var_files, %found_dist_var_files); - my $confs_found = 0; - - - # Warn in case we can't find a specified dist file. - foreach my $dir (@$url_tmpdirs_ref) { - foreach my $dist_var_file (@$dist_var_files_ref) { - if (-e "$dir/$dist_var_file") { - $found_dist_var_files{$dist_var_file} = 1; - $confs_found++; - } - } - } - - foreach my $dist_var_file (@$dist_var_files_ref) { - unless (exists($found_dist_var_files{$dist_var_file})) { - warn("WARNING: did not find variable file \"$dist_var_file\" in ". - "downloaded archive(s)\n") - unless($config{quiet}); - } - } - - unless ($confs_found) { - unless ($config{quiet}) { - warn("WARNING: no variable files found in downloaded archive(s), ". - "aborting check for new variables\n"); - return; - } - } - - # Read in variable names from old (target) var file. - open(LOCAL_VAR_FILE, "<", "$local_var_file") - or clean_exit("could not open $local_var_file for reading: $!"); - - my @local_var_conf = <LOCAL_VAR_FILE>; - - foreach $_ (join_multilines(\@local_var_conf)) { - $old_vars{lc($1)}++ if (/$VAR_REGEXP/i); - } - - close(LOCAL_VAR_FILE); - - # Read in variables from new file(s). - foreach my $dir (@$url_tmpdirs_ref) { - foreach my $dist_var_file (@$dist_var_files_ref) { - my $conf = "$dir/$dist_var_file"; - if (-e "$conf") { - my $num_new = 0; - print STDERR "Checking downloaded $dist_var_file for new variables... " - unless ($config{quiet}); - - open(DIST_CONF, "<", "$conf") - or clean_exit("could not open $conf for reading: $!"); - my @dist_var_conf = <DIST_CONF>; - close(DIST_CONF); - - foreach $_ (join_multilines(\@dist_var_conf)) { - if (/$VAR_REGEXP/i && !exists($old_vars{lc($1)})) { - my ($varname, $varval) = (lc($1), $2); - if (exists($new_vars{$varname})) { - warn("\nWARNING: new variable \"$varname\" is defined multiple ". - "times in downloaded files\n"); - } - s/^\s*//; - push(@{$$ch_ref{new_vars}}, "$_\n"); - $new_vars{$varname} = $varval; - $num_new++; - } - } - - close(DIST_CONF); - print STDERR "$num_new new found.\n" - unless ($config{quiet}); - } - } - } -} - - - -# Add new variables to local snort.conf. -sub add_new_vars($ $) -{ - my $ch_ref = shift; - my $varfile = shift; - my $tmp_varfile = "$tmpdir/tmp_varfile.conf"; - my $new_content; - - return unless ($#{$changes{new_vars}} > -1); - - print STDERR "Adding new variables to $varfile... " - unless ($config{quiet}); - - open(OLD_LOCAL_CONF, "<", "$varfile") - or clean_exit("could not open $varfile for reading: $!"); - my @old_content = <OLD_LOCAL_CONF>; - close(OLD_LOCAL_CONF); - - open(NEW_LOCAL_CONF, ">", "$tmp_varfile") - or clean_exit("could not open $tmp_varfile for writing: $!"); - - my @old_vars = grep(/$VAR_REGEXP/i, @old_content); - - - # If any vars exist in old file, put new vars right after them. - if ($#old_vars > -1) { - while ($_ = shift(@old_content)) { - print NEW_LOCAL_CONF $_; - last if ($_ eq $old_vars[$#old_vars]); - } - } - - print NEW_LOCAL_CONF @{$changes{new_vars}}; - print NEW_LOCAL_CONF @old_content; - - close(NEW_LOCAL_CONF); - - clean_exit("could not copy $tmp_varfile to $varfile: $!") - unless (copy("$tmp_varfile", "$varfile")); - - print STDERR "done.\n" - unless ($config{quiet}); -} - - - -# Convert msdos style path to cygwin style, e.g. -# c:\foo => /cygdrive/c/foo -sub msdos_to_cygwin_path($) -{ - my $path_ref = shift; - - if ($$path_ref =~ /^([a-zA-Z]):[\/\\](.*)/) { - my ($drive, $dir) = ($1, $2); - $dir =~ s/\\/\//g; - $$path_ref = "/cygdrive/$drive/$dir"; - return (1); - } - - return (0); -} - - - -# Parse and process a modifysid expression. -# Return 1 if valid, or otherwise 0. -sub parse_mod_expr($ $ $ $) -{ - my $mod_list_ref = shift; # where to store valid entries - my $sid_arg_list = shift; # comma-separated list of SIDs/files or wildcard - my $subst = shift; # regexp to look for - my $repl = shift; # regexp to replace it with - - my @tmp_mod_list; - - $sid_arg_list =~ s/\s+$//; - - foreach my $sid_arg (split(/\s*,\s*/, $sid_arg_list)) { - my $type = ""; - - $type = "sid" if ($sid_arg =~ /^\d+$/); - $type = "file" if ($sid_arg =~ /^\S+.*\.\S+$/); - $type = "wildcard" if ($sid_arg eq "*"); - - return (0) unless ($type); - - # Sanity check to make sure user escaped at least all the "$" in $subst. - if ($subst =~ /[^\\]\$./ || $subst =~ /^\$/) { - warn("WARNING: unescaped \$ in expression \"$subst\", all special ". - "characters must be escaped\n"); - return (0); - } - - # Only allow backreference variables. The check should at least catch some user typos. - if (($repl =~ /[^\\]\$(\D.)/ && $1 !~ /{\d/) || $repl =~ /[^\\]\$$/ - || ($repl =~ /^\$(\D.)/ && $1 !~ /{\d/)) { - warn("WARNING: illegal replacement expression \"$repl\": unescaped \$ ". - "that isn't a backreference\n"); - return (0); - } - - # Don't permit unescaped @. - if ($repl =~ /[^\\]\@/ || $repl =~ /^\@/) { - warn("WARNING: illegal replacement expression \"$repl\": unescaped \@\n"); - return (0); - } - - # Make sure the regexp is valid. - my $repl_qq = "qq/$repl/"; - my $dummy = "foo"; - - eval { - $dummy =~ s/$subst/$repl_qq/ee; - }; - - # We should probably check for warnings as well as errors... - if ($@) { - warn("Invalid regexp: $@"); - return (0); - } - - push(@tmp_mod_list, [$subst, $repl_qq, $type, $sid_arg]); - } - - # If we come this far, all sids and the regexp were parsed successfully, so - # append them to real mod list array. - foreach my $mod_entry (@tmp_mod_list) { - push(@$mod_list_ref, $mod_entry); - } - - return (1); -} - - - -# Untaint a path. Die if it contains illegal chars. -sub untaint_path($) -{ - my $path = shift; - my $orig_path = $path; - - return $path unless ($config{use_path_checks}); - - (($path) = $path =~ /^([$OK_PATH_CHARS]+)$/) - or clean_exit("illegal character in path/filename ". - "\"$orig_path\", allowed are $OK_PATH_CHARS\n". - "Fix this or set use_path_checks=0 in oinkmaster.conf ". - "to disable this check completely if it is too strict.\n"); - - return ($path); -} - - - -# Ask user to approve changes. Return 1 for yes, 0 for no. -sub approve_changes() -{ - my $answer = ""; - - while ($answer !~ /^[yn]/i) { - print "Do you approve these changes? [Yn] "; - $answer = <STDIN>; - $answer = "y" unless ($answer =~ /\S/); - } - - return ($answer =~ /^y/i); -} - - - -# Remove common leading and trailing stuff from two rules. -sub minimize_diff($ $) -{ - my $old_rule = shift; - my $new_rule = shift; - - my $original_old = $old_rule; - my $original_new = $new_rule; - - # Additional chars to print next to the diffing part. - my $additional_chars = 20; - - # Remove the rev keyword from the rules, as it often - # makes the whole diff minimizing useless. - $old_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//; - my $old_rev = $1; - - $new_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//; - my $new_rev = $1; - - # If rev was the only thing that changed, we want to restore the rev - # before continuing so we don't remove common stuff from rules that - # are identical. - if ($old_rule eq $new_rule) { - $old_rule = $original_old; - $new_rule = $original_new; - } - - # Temporarily remove possible leading # so it works nicely - # with modified rules that are also being either enabled or disabled. - my $old_is_disabled = 0; - my $new_is_disabled = 0; - - $old_is_disabled = 1 if ($old_rule =~ s/^#//); - $new_is_disabled = 1 if ($new_rule =~ s/^#//); - - # Go forward char by char until they aren't equeal. - # $i will bet set to the index where they diff. - my @old = split(//, $old_rule); - my @new = split(//, $new_rule); - - my $i = 0; - while ($i <= $#old && $i <= $#new && $old[$i] eq $new[$i]) { - $i++; - } - - # Now same thing but backwards. - # $j will bet set to the index where they diff. - @old = reverse(split(//, $old_rule)); - @new = reverse(split(//, $new_rule)); - - my $j = 0; - while ($j <= $#old && $j <= $#new && $old[$j] eq $new[$j]) { - $j++; - } - - # Print some additional chars on either side, if there is room for it. - $i -= $additional_chars; - $i = 0 if ($i < 0); - - $j = -$j + $additional_chars; - $j = 0 if ($j > -1); - - my ($old, $new); - - # Print entire rules (i.e. they can not be shortened). - if (!$i && !$j) { - $old = $old_rule; - $new = $new_rule; - - # Leading and trailing stuff can be removed. - } elsif ($i && $j) { - $old = "..." . substr($old_rule, $i, $j) . "..."; - $new = "..." . substr($new_rule, $i, $j) . "..."; - - # Trailing stuff can be removed. - } elsif (!$i && $j) { - $old = substr($old_rule, $i, $j) . "..."; - $new = substr($new_rule, $i, $j) . "..."; - - # Leading stuff can be removed. - } elsif ($i && !$j) { - $old = "..." . substr($old_rule, $i); - $new = "..." . substr($new_rule, $i); - } - - chomp($old, $new); - $old .= "\n"; - $new .= "\n"; - - # Restore possible leading # now. - $old = "#$old" if ($old_is_disabled); - $new = "#$new" if ($new_is_disabled); - - return ($old, $new); -} - - - -# Check a string and return 1 if it's a valid single-line snort rule. -# Msg string is put in second arg, sid in third (those are the only -# required keywords, besides the leading rule actions). -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$msg_ref); - undef($$sid_ref); - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} - - - -# Merge multiline directives in an array by simply removing traling backslashes. -sub join_multilines($) -{ - my $multiline_conf_ref = shift; - my $joined_conf = ""; - - foreach $_ (@$multiline_conf_ref) { - s/\\\s*\n$//; - $joined_conf .= $_; - } - - return (split/\n/, $joined_conf); -} - - - -# Catch SIGINT. -sub catch_sigint() -{ - $SIG{INT} = 'IGNORE'; - print STDERR "\nInterrupted, cleaning up.\n"; - sleep(1); - clean_exit("interrupted by signal"); -} - - - -# Remove temporary directory and exit. -# If a non-empty string is given as argument, it will be regarded -# as an error message and we will use die() with the message instead -# of just exit(0). -sub clean_exit($) -{ - my $err_msg = shift; - - $SIG{INT} = 'DEFAULT'; - - if (defined($tmpdir) && -d "$tmpdir") { - chdir(File::Spec->rootdir()); - rmtree("$tmpdir", 0, 1); - undef($tmpdir); - } - - if (!defined($err_msg) || $err_msg eq "") { - exit(0); - } else { - chomp($err_msg); - die("\n$0: Error: $err_msg\n\nOink, oink. Exiting...\n"); - } -} - - - -#### EOF #### diff --git a/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl b/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl deleted file mode 100644 index e5f0d39e..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl +++ /dev/null @@ -1,100 +0,0 @@ -#!/usr/bin/perl -w - -#usage: rename perl_expression [files] -my $usage = qq{rename [-v] s/pat/repl/ [filenames...]\t (c)2001 hellweg\@snark.de -rename files read from the commandline or stdin - -License to use, modify and redistribute granted to each and every lifeform on -this planet (as long as credit to hellweg\@snark.de remains). No guarantee that -'rename' does or does not perform the way you want... - -} ; -$verbose = 0 ; -$quiet = 0 ; - -$op=shift || 0 ; -if($op eq "-v") { - $verbose++ ; $quiet = 0 ; - $op=shift || 0 ; -} -if($op eq "-q") { - $quiet++ ; $verbose = 0 ; - $op=shift || 0 ; -} -if($op =~ /^-h/) { - print $usage; exit(0) ; -} - -if(! $op) { - print $usage; exit(-1) ; -} - -if (!@ARGV) { - @ARGV = <STDIN>; -} - -$count=0 ; -my($m, $d, $y, $T) ; -for (@ARGV) { - chomp ; - if(-e $_) { - $was = $_; - if($op =~ /\$[Tdym]/) { - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime((stat($_))[9]); - $m = sprintf("%0.2i", $mon+1); - $d = sprintf("%0.2i", $mday); - $y = $year + 1900 ; - $T = "$y$m$d" ; - } - eval $op; - die $@ if $@; - if(-f $_) { print("! exists already: $was -> $_ \n") unless $quiet ; } - else { - if(rename($was, $_)) { - print("$was -> $_\n") if $verbose ; - $count++; - } else { - if(/\//) { - # maybe we need to create dirs? - my $createRes = createDirs($_) ; - if($createRes) { - print("! fauled to create $createRes for $_\n") - unless $quiet ; - } - else { # try again - if(rename($was, $_)) { - print("$was -> $_\n") if $verbose ; - $count++; - } else { - print("! failed to rename $was -> $_ \n") - unless $quiet ; - } - } - } - else { - print("! failed to rename $was -> $_ \n") unless $quiet ; - } - } - } - } - else { print("! not found: $_ \n") ; } -} -print("renamed $count files\n") if $verbose ; - - -sub createDirs { # return the dir we failed to create or 0 - my $file = shift ; - my @dirs = split /\//, $file ; - pop @dirs ; # don't try to mkdir the file itself - my $current = "" ; - $current = "/" if ($file =~ /^\//) ; - foreach (@dirs) { - $current .= $_ ; - if(! -d $current) { - mkdir $current, 0700 || return $current ; - print "mkdir $current\n" if ($verbose) ; - } - $current .= "/" ; - } - return 0 ; # success -} diff --git a/config/snort-dev/css/sexybuttons.css b/config/snort-dev/css/sexybuttons.css deleted file mode 100644 index c3834b44..00000000 --- a/config/snort-dev/css/sexybuttons.css +++ /dev/null @@ -1,342 +0,0 @@ -/* - * Sexy Buttons - * - * DESCRIPTION: - * Sexy, skinnable HTML/CSS buttons with icons. - * - * PROJECT URL: - * http://code.google.com/p/sexybuttons/ - * - * AUTHOR: - * Richard Davies - * http://www.richarddavies.us - * Richard@richarddavies.us - * - * VERSION: - * 1.1 - * - * LICENSE: - * Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0) - * Creative Commons 3.0 Attribution (http://creativecommons.org/licenses/by/3.0/) - * - * CREDITS: - * Inspired by, derived from, and thanks to: - * http://www.p51labs.com/simply-buttons-v2/ - * http://www.oscaralexander.com/tutorials/how-to-make-sexy-buttons-with-css.html - * http://www.zurb.com/article/266/super-awesome-buttons-with-css3-and-rgba - * http://www.elctech.com/snippets/make-your-buttons-look-super-awesome - * - * USAGE: - * Simply add class="sexybutton [skin]" to a <button> or <a> element and wrap the label text with double <span>s. - * You can optionally add a "silk" icon to the button text by using a third <span> with class to identify the icon. - * - * EXAMPLE: - * <button id="btn1" class="sexybutton" name="btn1" type="submit" value="Submit"> - * <span><span><span class="ok">Submit</span></span></span> - * </button> - */ - - -/* - * Generic styles for all Sexy Buttons - */ - -.sexybutton { - display: inline-block; - margin: 0; - padding: 0; - font: bold 13px "Helvetica Neue", Helvetica, Arial !important; - text-decoration: none !important; - text-shadow: 1px 1px 2px rgba(0,0,0,0.20); - background: none; - border: none; - white-space: nowrap; - cursor: pointer; - user-select: none; - -moz-user-select: none; - - /* Fix extra width padding in IE */ - _width: 0; - overflow: visible; -} - -.sexybutton span { - display: block; /* Prevents :active from working in IE--oh well! */ - height: 24px; - padding-right: 12px; - background-repeat: no-repeat; - background-position: right top; -} - -.sexybutton span span { - padding-right: 0; - padding-left: 12px; - line-height: 24px; - background-position: left top; -} - -.sexybutton span span span { - padding-left: 21px; - background-image: none; - background-repeat: no-repeat; - background-position: left center; - /* IE6 still requires a PNG transparency fix */ - /* _background-image: none; Or just hide icons from the undeserving IE6 */ - /* _padding-left: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton span span span.after { - padding-left: 0px; - padding-right: 21px; - background-position: right center; - /* IE6 still requires a PNG transparency fix */ - /* _padding-right: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton[disabled], -.sexybutton[disabled]:hover, -.sexybutton[disabled]:focus, -.sexybutton[disabled]:active, -.sexybutton.disabled, -.sexybutton.disabled:hover, -.sexybutton.disabled:focus, -.sexybutton.disabled:active { - color: #333 !important; - cursor: inherit; - text-shadow: none; - opacity: 0.33; -} - -.sexybutton:hover span, -.sexybutton:focus span { - background-position: 100% -24px; -} - -.sexybutton:hover span span, -.sexybutton:focus span span { - background-position: 0% -24px; -} - -.sexybutton:active span { - background-position: 100% -48px; -} - -.sexybutton:active span span { - background-position: 0% -48px; -} - -.sexybutton[disabled] span, -.sexybutton.disabled span { - background-position: 100% -72px; -} - -.sexybutton[disabled] span span, -.sexybutton.disabled span span { - background-position: 0% -72px; -} - -.sexybutton:hover span span span, -.sexybutton:focus span span span, -.sexybutton:active span span span, -.sexybutton[disabled] span span span, -.sexybutton.disabled span span span { - background-position: left center; -} - -.sexybutton:hover span span span.after, -.sexybutton:focus span span span.after, -.sexybutton:active span span span.after, -.sexybutton[disabled] span span span.after, -.sexybutton.disabled span span span.after { - background-position: right center; -} - -.sexybutton img { - margin-right: 5px; - vertical-align: text-top; - /* IE6 Hack */ - _margin-top: 4px; - _vertical-align: text-bottom; - /* IE6 still requires a PNG transparency fix */ - /* _display: none; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton img.after { - margin-right: 0; - margin-left: 5px; - /* IE6 still requires a PNG transparency fix */ - /* _margin-left: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton.sexysmalls { font-size:.8em !important; } -.sexybutton.sexymedium { font-size: 15px !important; } -.sexybutton.sexylarge { font-size: 18px !important; } - - -/* - * Button Skins - * - * .PNG background images with alpha transparency are also supplied if you'd rather use them instead of the - * default .GIF images. (Just beware of IE6's lack of support.) - * - * Additional skins can be added below. The images/skins/ButtonTemplate.psd can be used to create new skins. - * Prefix the skin name with "sexy" to avoid any potential conflicts with other class names. - */ - -/* - * Simple Skin Buttons - */ - -.sexybutton.sexysimple { - position: relative; - padding: 5px 10px 5px; - font: inherit; - font-size: .85em !important; - font-style: normal !important; - font-weight: bold !important; - color: #fff !important; - line-height: 1; - background-image: url(/snort/images//awesome-overlay-sprite.png); - background-repeat: repeat-x; - background-position: 0 0; - - /* Special effects */ - text-shadow: 0 -1px 1px rgba(0,0,0,0.25), -2px 0 1px rgba(0,0,0,0.25); - border-radius: 5px; - -moz-border-radius: 5px; - -webkit-border-radius: 5px; - -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5); - -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5); - - /* IE only stuff */ - border-bottom: 1px solid transparent\9; - _background-image: none; - - /* Cross browser inline block hack - http://blog.mozilla.com/webdev/2009/02/20/cross-browser-inline-block/ */ - display: -moz-inline-stack; - display: inline-block; - vertical-align: middle; - *display: inline !important; - position: relative; - - /* Force hasLayout in IE */ - zoom: 1; - - /* Disable text selection (Firefox only)*/ - -moz-user-select: none; -} - -.sexybutton.sexysimple::selection { - background: transparent; -} - -.sexybutton.sexysimple:hover, -.sexybutton.sexysimple:focus { - background-position: 0 -50px; - color: #fff !important; -} - -.sexybutton.sexysimple:active { - background-position: 0 -100px; - -moz-box-shadow: inset 0 1px 2px rgba(0,0,0,0.7); - /* Unfortunately, Safari doesn't support inset yet */ - -webkit-box-shadow: none; - - /* IE only stuff */ - border-bottom: 0\9; - border-top: 1px solid #666\9; -} - -.sexybutton.sexysimple[disabled], -.sexybutton.sexysimple.disabled { - background-position: 0 -150px; - color: #333 !important; - text-shadow: none; -} - -.sexybutton.sexysimple[disabled]:hover, -.sexybutton.sexysimple[disabled]:focus, -.sexybutton.sexysimple[disabled]:active, -.sexybutton.sexysimple.disabled:hover, -.sexybutton.sexysimple.disabled:focus, -.sexybutton.sexysimple.disabled:active { - -moz-box-shadow: 0 1px 2px rgba(0,0,0,0.5); - -webkit-box-shadow: 0 1px 2px rgba(0,0,0,0.5); -} - -.sexybutton.sexysimple span { - height: auto; - padding-left: 24px; - padding-right: 0; - background-position: left center; - background-repeat: no-repeat; - /* IE6 still requires a PNG transparency fix */ - /* _padding-left: 0; Or just hide icons from the undeserving IE6 */ -} - -.sexybutton.sexysimple span.after { - padding-left: 0; - padding-right: 24px; - background-position: right center; - /* IE6 still requires a PNG transparency fix */ - /* _padding-right: 0; Or just hide icons from the undeserving IE6 */ -} - -/* Simple button colors */ -.sexybutton.sexysimple { background-color: #333; } /* Default */ -.sexybutton.sexysimple.sexyblack { background-color: #333; } -.sexybutton.sexysimple.sexyred { background-color: #a90118; } -.sexybutton.sexysimple.sexyorange { background-color: #ff8a00; } -.sexybutton.sexysimple.sexyyellow { background-color: #ffb515; } -.sexybutton.sexysimple.sexygreen { background-color: #59a901; } -.sexybutton.sexysimple.sexyblue { background-color: #015ea9; } -.sexybutton.sexysimple.sexyteal { background-color: #2daebf; } -.sexybutton.sexysimple.sexymagenta { background-color: #a9014b; } -.sexybutton.sexysimple.sexypurple { background-color: #9d01a9; } - -/* Simple button sizes */ -.sexybutton.sexysimple.sexysmall { padding: 4px 7px 5px; font-size: 10px !important; } -.sexybutton.sexysimple.sexysmall:active { padding: 5px 7px 4px; } -.sexybutton.sexysimple { /* default */ } -.sexybutton.sexysimple:active { padding: 6px 10px 4px; } -.sexybutton.sexysimple.sexymedium { /* default */ } -.sexybutton.sexysimple.sexymedium:active { padding: 6px 10px 4px; } -.sexybutton.sexysimple.sexylarge { padding: 8px 14px 8px; font-size: 14px !important; } -.sexybutton.sexysimple.sexylarge:active { padding: 9px 14px 7px; } -.sexybutton.sexysimple.sexyxl { padding: 8px 14px 8px; font-size: 16px !important; } -.sexybutton.sexysimple.sexyxl:active { padding: 9px 14px 7px; } -.sexybutton.sexysimple.sexyxxl { padding: 8px 14px 8px; font-size: 20px !important; } -.sexybutton.sexysimple.sexyxxl:active { padding: 9px 14px 7px; } -.sexybutton.sexysimple.sexyxxxl { padding: 8px 14px 8px; font-size: 26px !important; } -.sexybutton.sexysimple.sexyxxxl:active { padding: 9px 14px 7px; } - -.sexybutton.sexysimple.sexysmall[disabled]:active, -.sexybutton.sexysimple.sexysmall.disabled:active { padding: 4px 7px 5px; } -.sexybutton.sexysimple[disabled]:active, -.sexybutton.sexysimple.disabled:active { padding: 5px 10px 5px; } -.sexybutton.sexysimple.sexymedium[disabled]:active, -.sexybutton.sexysimple.sexymedium.disabled:active { padding: 6px 10px 4px; } -.sexybutton.sexysimple.sexylarge[disabled]:active, -.sexybutton.sexysimple.sexylarge.disabled:active { padding: 8px 14px 8px; } -.sexybutton.sexysimple.sexyxl[disabled]:active, -.sexybutton.sexysimple.sexyxl.disabled:active { padding: 8px 14px 8px; } -.sexybutton.sexysimple.sexyxxl[disabled]:active, -.sexybutton.sexysimple.sexyxxl.disabled:active { padding: 8px 14px 8px; } -.sexybutton.sexysimple.sexyxxxl[disabled]:active, -.sexybutton.sexysimple.sexyxxxl.disabled:active { padding: 8px 14px 8px; } - - -/* - * Icon Definitions - */ - -/* Silk Icons - http://www.famfamfam.com/lab/icons/silk/ */ -/* (Obviously not all Silk icons are defined here. Feel free to define any other icons that you may need.) */ - -.sexybutton span.ok { background-image: url(/snort/images//tick.png) !important; } -.sexybutton span.cancel { background-image: url(/snort/images//cross.png) !important; } -.sexybutton span.add { background-image: url(/snort/images//add.png) !important; } -.sexybutton span.delete { background-image: url(/snort/images//delete.png) !important; } -.sexybutton span.download { background-image: url(/snort/images//arrow_down.png) !important; } -.sexybutton span.pwhitetxt { background-image: url(/snort/images//page_white_text.png) !important; } - diff --git a/config/snort-dev/css/style.css b/config/snort-dev/css/style.css deleted file mode 100644 index b484966c..00000000 --- a/config/snort-dev/css/style.css +++ /dev/null @@ -1,206 +0,0 @@ -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} - -.formpre { -font-family:arial; -font-size: 1.1em; -} - -#download_rules { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -#download_rules_td { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -/* hack fix the hard coded fbegin link */ -#header-left2 { -position: absolute; -background-position: center center; -height: 67px; -width: 147px; -top: -77px; -left: 8px; -float: left; -z-index:999; -} -#header-left2 #status-link2 { - position: relative; - top: 3px; - left: 2px; -} -/* end of fbegin hack */ - -.body2 { -font-family:arial; -font-size:12px; -} - - - - -/* Start of main css Pfsense */ -/* Start of main css Pfsense */ - -@charset "utf-8"; -.textstyle { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - background-color: #666; - color: #CCC; -} -.textstyle p2 a { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - color: #CCC; -} - -.textstyle p { - font-family: Arial, Helvetica, sans-serif; - font-size: 24px; - font-weight: bold; - color: #FFF; - text-decoration: underline; -} -.textstyle p2 { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - color: #CCC; -} - -/* Start of main css for table sort */ -/* Start of main css for table sort */ - -table { - margin: 0; - padding: 0; - border: 0; - font-weight: inherit; - font-style: inherit; - font-size: 9; - font-family: Arial, Helvetica, sans-serif; - vertical-align: baseline; -} - -/* Tables still need 'cellspacing="0"' in the markup. */ -table { border-collapse: separate; border-spacing: 0; } -caption, th, td { text-align: left; font-weight:400; } - -/* Remove possible quote marks (") from <q>, <blockquote>. */ -blockquote:before, blockquote:after, q:before, q:after { content: ""; } -blockquote, q { quotes: "" ""; } - -#container { - width: auto; - margin: 0px; - padding-top: 10px; - padding-bottom: 10px; -} - - - -/************************************************************** - - Sortable Table - v 1.4 - -**************************************************************/ - - - -th { - background-color: #eee; - background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px; - padding: 4px 4px 4px 14px; -} - -.allRow { - background-color: #eee; - padding: 4px; -} - -tr.altRow { - background-color: #fff; -} - -.leftAlign { - text-align: left; -} - -.centerAlign { - text-align: center; -} - -.rightAlign { - text-align: right; -} - -.sortedASC { - background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee; -} - -.sortedDESC { - background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee; -} - -.tableHeaderOver { - cursor: pointer; - color: #354158; -} - - -tr.selected { - background-color: 9999ff; - color: #000000; -} - -tr.over { - background-color: #993333; - color: #fff; - cursor: pointer; -} - -tr.hide { - display: none; -} -/***************************/ - -.mainTableFilter { - position: absolute; - top: 0; - left: -10px; - width: auto; -} - -.tableFilter { - border: 1px solid #ccc; - padding: 2px; - margin: 5px 0 10px 0; -} - -.tableFilter input { - border: 1px solid #ccc; -} - -.tableFilter select { - border: 1px solid #ccc; -} - diff --git a/config/snort-dev/help_and_info.php b/config/snort-dev/help_and_info.php deleted file mode 100644 index af8eb4ae..00000000 --- a/config/snort-dev/help_and_info.php +++ /dev/null @@ -1,247 +0,0 @@ -<?php - -require_once("guiconfig.inc"); - -echo ' - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> -<title>The Snort Package Help Page</title> -<style type="text/css"> -body { - background: #f0f0f0; - margin: 0; - padding: 0; - font: 10px normal Verdana, Arial, Helvetica, sans-serif; - color: #444; -} -h1 {font-size: 3em; margin: 20px 0;} -.container {width: 800px; margin: 10px auto;} -ul.tabs { - margin: 0; - padding: 0; - float: left; - list-style: none; - height: 25px; - border-bottom: 1px solid #999; - border-left: 1px solid #999; - width: 100%; -} -ul.tabs li { - float: left; - margin: 0; - padding: 0; - height: 24px; - line-height: 24px; - border: 1px solid #000000; - border-left: none; - margin-bottom: -1px; - background: #ffffff; - overflow: hidden; - position: relative; -} -ul.tabs li a { - text-decoration: none; - color: #000000; - display: block; - font-size: 1.2em; - padding: 0 20px; - border: 1px solid #fff; - outline: none; -} -ul.tabs li a:hover { - background: #eeeeee; -} - -html ul.tabs li.active, html ul.tabs li.active a:hover { - background: #fff; - border-bottom: 1px solid #fff; - color: #000000; -} -.tab_container { - border: 1px solid #999; - border-top: none; - clear: both; - float: left; - width: 100%; - background: #fff; - -moz-border-radius-bottomright: 5px; - -khtml-border-radius-bottomright: 5px; - -webkit-border-bottom-right-radius: 5px; - -moz-border-radius-bottomleft: 5px; - -khtml-border-radius-bottomleft: 5px; - -webkit-border-bottom-left-radius: 5px; -} -.tab_content { - padding: 20px; - font-size: 1.2em; -} -.tab_content h2 { - font-weight: normal; - padding-bottom: 10px; - border-bottom: 1px dashed #ddd; - font-size: 1.8em; -} -.tab_content h3 a{ - color: #254588; -} -.tab_content img { - float: left; - margin: 0 20px 20px 0; - border: 1px solid #ddd; - padding: 5px; -} -</style> - -<script type="text/javascript" src="./javascript/jquery-1.4.2.min.js"></script> - -<script type="text/javascript"> - -jQuery(document).ready(function() { - - //Default Action - jQuery(".tab_content").hide(); //Hide all content - jQuery("ul.tabs li:first").addClass("active").show(); //Activate first tab - jQuery(".tab_content:first").show(); //Show first tab content - - //On Click Event - jQuery("ul.tabs li").click(function() { - jQuery("ul.tabs li").removeClass("active"); //Remove any "active" class - jQuery(this).addClass("active"); //Add "active" class to selected tab - jQuery(".tab_content").hide(); //Hide all tab content - var activeTab = jQuery(this).find("a").attr("href"); //Find the rel attribute value to identify the active tab + content - jQuery(activeTab).fadeIn(); //Fade in the active content - return false; - }); - -}); - -</script> - -</head> - -<body> - -<div class="container"> - <ul class="tabs"> - <li><a href="#tab1">Home</a></li> - <li><a href="#tab2">Change Log</a></li> - <li><a href="#tab3">Getting Help</a></li> - <li><a href="#tab4">Heros</a></li> - </ul> - <div class="tab_container"> - <div id="tab1" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p> - <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire\'s Snort ® IDS/IPS software. The Snort Package goal is to be - the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for - network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create - software. - </p> - <p> - <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and - can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port - scans, CGI attacks, SMB probes, and much more. - </p> - <p> - <font size="5"><strong>Requirements :</strong></font><br> - Minimum requirement 256 mb ram, 500 MHz CPU.<br> - Recommended 500 mb ram, 1 Ghz CPU.<br> - The more rules you run the more memory you need.<br> - The more interfaces you select the more memory you need.<br><br> - Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM). - </p> - - </div> - - <div id="tab2" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p><font size="5"><strong>Change Log</strong></font><p> - - <p>Changes to this package can be viewed by following <a href="https://github.com/bsdperimeter/pfsense-packages" target="_blank"><font size="2" color="#990000"><strong>packages repository</strong></font></a></p> - </div> - - <div id="tab3" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p><font size="5"><strong>Getting Help</strong></font></p> - -<p> -<font size="2"><strong>Obtaining Support</strong></font><br> - -We provide several means of obtaining support for pfSense. -</p> - -<p> -<font color="#990000" size="4"><strong>Free Options</strong></font><br> -Our free options include our <a href="http://forum.pfsense.org/" target="_blank"><font color="#990000"><strong>forum</strong></font></a>, <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71" target="_blank"><font color="#990000"><strong>mailing list</strong></font></a> , and <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=64&Itemid=72" target="_blank"><font color="#990000"><strong>IRC channel</strong></font></a>. Before using any of these resources, please review the Project Rules below. -</p> - -<p> -<font color="#990000" size="4"><strong>Commercial Support</strong></font><br> - -<a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>Commercial support</strong></font></a> is available from the company founded by the founders of the pfSense project, <a href="http://www.bsdperimeter.com/" target="_blank"><font color="#990000"><strong>BSD Perimeter</strong></font></a>. Phone and email support is available for <a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>support subscribers</strong></font></a> only. -</p> - -<p> -<font color="#990000" size="4"><strong>Project Rules</strong></font><br> -To keep things orderly, and be fair to everyone, we must enforce these rules. -</p> - -<p> -Please do not post support questions to the blog comments. The comments are for discussion of the post, and letting people ask questions there would make a mess of the purpose of those comments. Any support questions will not be moderator approved. -</p> - -<p> -Please do not cross post questions between the forum and mailing list, unless your inquiry has gone unanswered for at least 24 hours. Do not bump your mailing list or forum posts for at least 24 hours. If you have not received a reply after more than 24 hours, you are welcome to bump your thread. -</p> - -<p> -Please do not email individuals, the coreteam address, or private message people on the forum to ask questions. We provide a wide variety of means for obtaining help in a public forum, where it helps others who have the same questions in the future. We don\'t have enough time to answer all the questions our users post in the public forums, much less via email and private messages. Since we cannot possibly reply to everyone\'s email and private messages, to be fair we will not reply to anyone. Individual attention via phone and email support is available for commercial support customers. -</p> - </div> - - <div id="tab4" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p><font size="5"><strong>Heros</strong></font></p> - - <p>Pfsense Snort Package users who have cared enough to donate to this project. I can\'t thank you enough for all your help. With-out your support I would have stoped long time ago.</p> - - <p>If your not on this list PM me and I will add you. If you would like to be removed pm me and I will remove you.</p> - - <p><font size="5"><strong>Names</strong></font></p> - - <p>sandro tavella</p> - <p>João Kemp Filho</p> - <p>Julio Fumoso</p> - <p>Rolland Hart</p> - <p>DiMarco Technology Solutions Inc.</p> - <p>Brett Burley</p> - <p>Tomasz Iskra</p> - <p>Bruno Buchschacher</p> - <p>Marco Pannetto</p> - <p>Christopher Weakland</p> - <p>Antonio Riveros</p> - <p>DigitalJer</p> - <p>Serialdie</p> - <p>Dlawley</p> - <p>Onhel</p> - <p>Jerrygoldsmith</p> - - - </div> - </div> -</div> - -</body> -</html> - -'; - -?> diff --git a/config/snort-dev/images/alert.jpg b/config/snort-dev/images/alert.jpg Binary files differdeleted file mode 100644 index 96c24e35..00000000 --- a/config/snort-dev/images/alert.jpg +++ /dev/null diff --git a/config/snort-dev/images/arrow_down.png b/config/snort-dev/images/arrow_down.png Binary files differdeleted file mode 100644 index 2c4e2793..00000000 --- a/config/snort-dev/images/arrow_down.png +++ /dev/null diff --git a/config/snort-dev/images/awesome-overlay-sprite.png b/config/snort-dev/images/awesome-overlay-sprite.png Binary files differdeleted file mode 100644 index c3af7dd9..00000000 --- a/config/snort-dev/images/awesome-overlay-sprite.png +++ /dev/null diff --git a/config/snort-dev/images/down.gif b/config/snort-dev/images/down.gif Binary files differdeleted file mode 100644 index 2b3c99fc..00000000 --- a/config/snort-dev/images/down.gif +++ /dev/null diff --git a/config/snort-dev/images/down2.gif b/config/snort-dev/images/down2.gif Binary files differdeleted file mode 100644 index 71bf92eb..00000000 --- a/config/snort-dev/images/down2.gif +++ /dev/null diff --git a/config/snort-dev/images/footer.jpg b/config/snort-dev/images/footer.jpg Binary files differdeleted file mode 100644 index 4af05707..00000000 --- a/config/snort-dev/images/footer.jpg +++ /dev/null diff --git a/config/snort-dev/images/footer2.jpg b/config/snort-dev/images/footer2.jpg Binary files differdeleted file mode 100644 index 3332e085..00000000 --- a/config/snort-dev/images/footer2.jpg +++ /dev/null diff --git a/config/snort-dev/images/icon-table-sort-asc.png b/config/snort-dev/images/icon-table-sort-asc.png Binary files differdeleted file mode 100644 index 0c127919..00000000 --- a/config/snort-dev/images/icon-table-sort-asc.png +++ /dev/null diff --git a/config/snort-dev/images/icon-table-sort-desc.png b/config/snort-dev/images/icon-table-sort-desc.png Binary files differdeleted file mode 100644 index 5c52f2d0..00000000 --- a/config/snort-dev/images/icon-table-sort-desc.png +++ /dev/null diff --git a/config/snort-dev/images/icon-table-sort.png b/config/snort-dev/images/icon-table-sort.png Binary files differdeleted file mode 100644 index 3cae604b..00000000 --- a/config/snort-dev/images/icon-table-sort.png +++ /dev/null diff --git a/config/snort-dev/images/icon_excli.png b/config/snort-dev/images/icon_excli.png Binary files differdeleted file mode 100644 index 4b54fa31..00000000 --- a/config/snort-dev/images/icon_excli.png +++ /dev/null diff --git a/config/snort-dev/images/logo.jpg b/config/snort-dev/images/logo.jpg Binary files differdeleted file mode 100644 index fa01d818..00000000 --- a/config/snort-dev/images/logo.jpg +++ /dev/null diff --git a/config/snort-dev/images/logo22.png b/config/snort-dev/images/logo22.png Binary files differdeleted file mode 100644 index 64ed9d75..00000000 --- a/config/snort-dev/images/logo22.png +++ /dev/null diff --git a/config/snort-dev/images/page_white_text.png b/config/snort-dev/images/page_white_text.png Binary files differdeleted file mode 100644 index 813f712f..00000000 --- a/config/snort-dev/images/page_white_text.png +++ /dev/null diff --git a/config/snort-dev/images/up.gif b/config/snort-dev/images/up.gif Binary files differdeleted file mode 100644 index 89596771..00000000 --- a/config/snort-dev/images/up.gif +++ /dev/null diff --git a/config/snort-dev/images/up2.gif b/config/snort-dev/images/up2.gif Binary files differdeleted file mode 100644 index 21c5a254..00000000 --- a/config/snort-dev/images/up2.gif +++ /dev/null diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc deleted file mode 100644 index 3a1df760..00000000 --- a/config/snort-dev/snort.inc +++ /dev/null @@ -1,2706 +0,0 @@ -<?php -/* - snort.inc - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009-2010 Robert Zelaya - Copyright (C) 2011 Ermal Luci - part of pfSense - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("pfsense-utils.inc"); -require_once("config.inc"); -require_once("functions.inc"); - -// Needed on 2.0 because of filter_get_vpns_list() -require_once("filter.inc"); - -/* package version */ -$snort_package_version = 'Snort-dev 2.9.2.3 pkg v. 3.0'; -$snort_rules_file = "snortrules-snapshot-2922.tar.gz"; - -/* Allow additional execution time 0 = no limit. */ -ini_set('max_execution_time', '9999'); -ini_set('max_input_time', '9999'); - -/* define oinkid */ -if ($config['installedpackages']['snortglobal']) - $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -else - $config['installedpackages']['snortglobal'] = array(); - -/* find out if were in 1.2.3-RELEASE */ -if (intval($config['version']) > 6) - $snort_pfsense_basever = 'no'; -else - $snort_pfsense_basever = 'yes'; - -/* find out what arch where in x86 , x64 */ -global $snort_arch; -$snort_arch = 'x86'; -$snort_arch_ck = php_uname("m"); -if ($snort_arch_ck == 'i386') - $snort_arch = 'x86'; -else if ($snort_arch_ck == "amd64") - $snort_arch = 'x64'; -else - $snort_arch = "Unknown"; - -/* tell me my theme */ -$pfsense_theme_is = $config['theme']; - -/* func builds custom white lists */ -function find_whitelist_key($find_wlist_number) { - global $config, $g; - - if (!is_array($config['installedpackages']['snortglobal']['whitelist'])) - $config['installedpackages']['snortglobal']['whitelist'] = array(); - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - return 0; /* XXX */ - - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $w_key => $value) { - if ($value['name'] == $find_wlist_number) - return $w_key; - } -} - -/* func builds custom suppress lists */ -function find_suppress_key($find_slist_number) { - global $config, $g; - - if (!is_array($config['installedpackages']['snortglobal']['suppress'])) - $config['installedpackages']['snortglobal']['suppress'] = array(); - if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - return 0; /* XXX */ - - foreach ($config['installedpackages']['snortglobal']['suppress']['item'] as $s_key => $value) { - if ($value['name'] == $find_slist_number) - return $s_key; - } -} - -function snort_find_interface_ipv6($interface, $flush = false) -{ - global $interface_ipv6_arr_cache; - global $interface_snv6_arr_cache; - global $config; - - $interface = trim($interface); - $interface = get_real_interface($interface); - - if (!does_interface_exist($interface)) - return; - - /* Setup IP cache */ - if (!isset($interface_ipv6_arr_cache[$interface]) or $flush) { - $ifinfo = pfSense_get_interface_addresses($interface); - // FIXME: Add IPv6 support to the pfSense module - exec("/sbin/ifconfig {$interface} inet6", $output); - foreach($output as $line) { - if(preg_match("/inet6/", $line)) { - $parts = explode(" ", $line); - if(preg_match("/fe80::/", $parts[1])) { - $ifinfo['ipaddrv6'] = $parts[1]; - if($parts[2] == "-->") { - $parts[5] = "126"; - $ifinfo['subnetbitsv6'] = $parts[5]; - } else { - $ifinfo['subnetbitsv6'] = $parts[3]; - } - } - } - } - $interface_ipv6_arr_cache[$interface] = $ifinfo['ipaddrv6']; - $interface_snv6_arr_cache[$interface] = $ifinfo['subnetbitsv6']; - } - - return $interface_ipv6_arr_cache[$interface]; -} - -function snort_get_interface_ipv6($interface = "wan") -{ - global $config; - $realif = get_failover_interface($interface); - switch($config['interfaces'][$interface]['ipaddrv6']) { - case "6rd": - case "6to4": - $realif = "stf0"; - break; - } - if (!$realif) { - if (preg_match("/^carp/i", $interface)) - $realif = $interface; - else if (preg_match("/^[a-z0-9]+_vip/i", $interface)) - $realif = $interface; - else - return null; - } - - $curip = snort_find_interface_ipv6($realif); - - if (strstr($curip, '%', TRUE)) { - $curip = strstr($curip, '%', TRUE); - }else if (is_ipaddrv6($curip)){ - $curip = $curip; - } - - if ($curip && is_ipaddrv6($curip) && ($curip != "::")) - return $curip; - else - return null; -} - -/* func builds custom whitelests */ -function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) { - global $config, $g, $snort_pfsense_basever; - - // build an interface array list - $int_array = get_configured_interface_list(); - - /* calculate ipv4 interface subnet information */ - $home_net = ''; - $snort_calc_iface_subnet_list = function($int) use(&$home_net) { - - $subnet = get_interface_ip($int); - $sn = get_interface_subnet($int); - $subnet_v6 = snort_get_interface_ipv6($int); - $sn_v6 = get_interface_subnetv6($int); - - if (is_ipaddr($subnet) && !empty($subnet)) { - $home_net .= "{$subnet}/{$sn},"; - } - - if (is_ipaddr($subnet_v6) && !empty($subnet_v6)) { - $home_net .= "{$subnet_v6}/{$sn_v6},"; - } - - }; - - /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ - $snort_calc_gateway_list = function($int) use (&$home_net) { - - $gw = get_interface_gateway($int); - $sn = get_interface_subnet($int); - $gw_v6 = get_interface_gateway_v6($int); - $sn_v6 = get_interface_subnetv6($int); - - - if(!empty($gw) && is_ipaddr($gw)) { - $home_net .= "{$gw}/{$sn},"; - } - - if(!empty($gw_v6) && is_ipaddr($gw_v6)) { - $home_net .= "{$gw_v6}/{$sn_v6},"; - } - - }; - - // iterate through interface list and write out whitelist items and also compile a home_net list for snort. - foreach ($int_array as $int) { - - if (!empty($int)) { - $snort_calc_iface_subnet_list($int); - - if ($wangw == 'yes') - $snort_calc_gateway_list($int); - - } - - } - - /* - * Add DNS server for WAN interface to whitelist - * - * NOTE: does this get ipv6 ips - */ - $snort_dns_list = function() use(&$home_net) { - - $dns_servers = get_dns_servers(); - foreach ($dns_servers as $dns) { - if(!empty($dns) && is_ipaddr($dns)) { - $home_net .= "{$dns},"; - } - } - - }; - - if($wandns == 'yes') { - $snort_dns_list(); - } - - /* - * iterate all vips and add to whitelist - * NOTE: does this get ipv6 ips - * - */ - $snort_vips_list = function() use(&$home_net, &$config) { - - if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { - foreach($config['virtualip']['vip'] as $vip) - if(!empty($vip['subnet'])) - $home_net .= "{$vip['subnet']},"; - } - - }; - - if($vips == 'yes') { - $snort_vips_list(); - } - - /* - * grab a list of vpns and whitelist if user desires added by nestorfish 954 - * - * NOTE: does this get ipv6 ips - */ - $snort_vpns_list = function() use(&$home_net, &$config) { - $vpns_list = filter_get_vpns_list(); - - if (!empty($vpns_list)) { - // convert spaces to , returns - $vpns_list = str_replace(' ', ",", $vpns_list); - $vpns_list = str_replace(' ', ",", $vpns_list); - - $home_net .= "{$vpns_list},"; - } - - }; - - if ($vpns == 'yes') { - $snort_vpns_list(); - } - - $snort_userwips_list = function() use(&$home_net, &$userwips, &$config) { - - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - - $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address'] . ','; - - }; - - if ($userwips > -1) { - $snort_userwips_list(); - } - - // add loopback iface - $home_net .= '127.0.0.1,'; - $home_net .= '::1,'; - - /* - * makes sure there is no duplicates - * splits $home_net to (ipv6 ip), (ipv6 cidr), (ipv4 ip), (ipv4 cidr) - */ - $snort_clean_home_net = function() use(&$home_net) { - - $home_net = trim($home_net); - $home_net = explode(',', $home_net); - $net_ipv4_cidr = array(); - $net_ipv4 = array(); - $net_ipv6_cidr = array(); - $net_ipv6 = array(); - - // split into 4 arrays - foreach ($home_net as $net_ip) { - - if (preg_match("/\./", $net_ip)) { - if (preg_match("/\//", $net_ip)) { - if (!in_array($net_ip, $net_ipv4_cidr)) - array_push($net_ipv4_cidr, $net_ip); - }else{ - if (!in_array($net_ip, $net_ipv4)) - array_push($net_ipv4, $net_ip); - } - } - - if (preg_match("/:/", $net_ip)) { - if (preg_match("/\//", $net_ip)) { - if (!in_array($net_ip, $net_ipv6_cidr)) - array_push($net_ipv6_cidr, $net_ip); - }else{ - if (!in_array($net_ip, $net_ipv6)) - array_push($net_ipv6, $net_ip); - } - } - } // end foreach - - // TODO: make sure that ips are not in cidr - - $home_net = ''; - foreach ($net_ipv4_cidr as $net_ipv4_cidr_ip) { - if (!empty($net_ipv4_cidr_ip)) - $home_net .= $net_ipv4_cidr_ip . ','; - } - foreach ($net_ipv4 as $net_ipv4_ip) { - if (!empty($net_ipv4_ip)) - $home_net .= $net_ipv4_ip . ','; - } - foreach ($net_ipv6_cidr as $net_ipv6_cidr_ip) { - if (!empty($net_ipv6_cidr_ip)) - $home_net .= $net_ipv6_cidr_ip . ','; - } - foreach ($net_ipv6 as $net_ipv6_ip) { - if (!empty($net_ipv6_ip)) - $home_net .= $net_ipv6_ip . ','; - } - - // remove , if its the last char - if($home_net[strlen($home_net)-1] === ',') { - $home_net = substr_replace($home_net, '', -1); - } - - }; - - $snort_clean_home_net(); - - return $home_net; - -} // end func builds custom whitelests - - -/* checks to see if snort is running yes/no and stop/start */ -function snortRunningChk($type, $snort_uuid, $if_real) { - global $config; - - if ($type === 'snort') { - $snort_pgrep_chk = exec("/bin/pgrep -f 'snort.*R {$snort_uuid}'"); - } - - if ($type === 'barnyard2') { - $snort_pgrep_chk = exec("/bin/pgrep -f 'barnyard2.*{$snort_uuid}_{$if_real}'"); - } - - if (!empty($snort_pgrep_chk)) { - return $snort_pgrep_chk; - } - - return NULL; - -} - -function Running_Stop($snort_uuid, $if_real, $id) { - global $config, $g; - - // if snort.sh crashed this will remove the pid - @unlink("{$g['tmp_path']}/snort.sh.pid"); - - // wait until snort stops - $snort_WaitForStop = function ($type) use (&$snort_uuid, &$if_real) { - - $snort_pgrep_chk = snortRunningChk($type, $snort_uuid, $if_real); - - if (!empty($snort_pgrep_chk)){ - exec("/usr/bin/touch /tmp/snort_{$if_real}{$snort_uuid}.stoplck"); - } - - $i = 0; - while(file_exists("/tmp/snort_{$if_real}{$snort_uuid}.stoplck") || file_exists("/var/log/snort/run/{$type}_{$if_real}{$snort_uuid}.pid")) { - $i++; - exec("/usr/bin/logger -p daemon.info -i -t SnortStop '{$type} Stop count...{$i}'"); - - $snort_pgrep_chk = snortRunningChk($type, $snort_uuid, $if_real); - - if (empty($snort_pgrep_chk)){ - @exec("/bin/rm /tmp/snort_{$if_real}{$snort_uuid}.stoplck"); - } - - sleep(2); - - } - }; - - if (isvalidpid("/var/log/snort/run/snort_{$if_real}{$snort_uuid}.pid")) { - - // send kill cmd - killbypid("/var/log/snort/run/snort_{$if_real}{$snort_uuid}.pid"); - exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}.pid.lck"); - - // wait until snort stops - $snort_WaitForStop('snort'); - - } - - if (isvalidpid("/var/log/snort/run/barnyard2_{$if_real}{$snort_uuid}.pid")) { - - // send kill cmd - killbypid("/var/log/snort/run/barnyard2_{$if_real}{$snort_uuid}.pid"); - exec("/bin/rm /var/log/snort/run/barnyard2_{$snort_uuid}_{$if_real}.pid.lck"); - - // wait until barnyard2 stops - $snort_WaitForStop('barnyard2'); - - } - - // TODO: Add a GUI option that lets the user keep full logs - /* - @exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); - @exec("/bin/rm /var/log/snort/{$snort_uuid}_{$if_real}/snort.u1*"); - @exec("/bin/rm /var/log/snort/{$snort_uuid}_{$if_real}/snort.u2*"); - - @exec("/bin/rm /var/log/snort/run/barnyard2_{$snort_uuid}_{$if_real}*"); - @exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u1*"); - @exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u2*"); - */ - - // Log Iface stop - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); -} - -function Running_Start($snort_uuid, $if_real, $id) { - global $config; - - /* if snort.sh crashed this will remove the pid */ - @unlink("{$g['tmp_path']}/snort.sh.pid"); - - // wait until snort starts - $snort_WaitForStart = function ($type) use (&$snort_uuid, &$if_real) { - - // calls to see if snort or barnyard is running - $snort_pgrep_chk = snortRunningChk($type, $snort_uuid, $if_real); - - if (empty($snort_pgrep_chk)){ - exec("/usr/bin/touch /tmp/snort_{$if_real}{$snort_uuid}.startlck"); - } - - $i = 0; - while(file_exists("/tmp/snort_{$if_real}{$snort_uuid}.startlck") || !file_exists("/var/log/snort/run/{$type}_{$if_real}{$snort_uuid}.pid")) { - - $i++; - exec("/usr/bin/logger -p daemon.info -i -t SnortStart 'Snort Start count...{$i}'"); - - $snort_pgrep_chk = snortRunningChk($type, $snort_uuid, $if_real); - - // stop if snort error is in syslogd - $snort_error_chk = exec("/usr/bin/grep -e 'snort.*{$snort_pgrep_chk}.*FATAL.*ERROR.*' /var/log/system.log"); - if(!empty($snort_error_chk)) { - break; - } - - if (!empty($snort_pgrep_chk)){ - @exec("/bin/rm /tmp/snort_{$if_real}{$snort_uuid}.startlck"); - } - sleep(2); - } - }; - - // only start if iface is on or iface is not running - $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; - $snortRunningChkPreStart = snortRunningChk($id, $snort_uuid, $if_real); - if ($snort_info_chk === 'on' && empty($snortRunningChkPreStart)) { - - // start snort cmd - exec("/usr/local/bin/snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort/{$snort_uuid}_{$if_real} --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); - - // wait until snort starts - $snort_WaitForStart('snort'); - - }else{ - return; - } - - // define snortbarnyardlog_chk - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - if ($snortbarnyardlog_info_chk == 'on') { - - // start barnyard2 cmd - exec("/usr/local/bin/barnyard2 -f \"snort.u2\" --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/{$snort_uuid}_{$if_real} -D -q"); - - // wait until snort starts - $snort_WaitForStart('barnyard2'); - - } - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'"); -} - -function snort_get_friendly_interface($interface) { - - if (function_exists('convert_friendly_interface_to_friendly_descr')) - $iface = convert_friendly_interface_to_friendly_descr($interface); - else { - if (!$interface || ($interface == "wan")) - $iface = "WAN"; - else if(strtolower($interface) == "lan") - $iface = "LAN"; - else if(strtolower($interface) == "pppoe") - $iface = "PPPoE"; - else if(strtolower($interface) == "pptp") - $iface = "PPTP"; - else - $iface = strtoupper($interface); - } - - return $iface; -} - -/* get the real iface name of wan */ -function snort_get_real_interface($interface) { - global $config; - - $lc_interface = strtolower($interface); - if (function_exists('get_real_interface')) - return get_real_interface($lc_interface); - else { - if ($lc_interface == "lan") { - if ($config['inerfaces']['lan']) - return $config['interfaces']['lan']['if']; - return $interface; - } - if ($lc_interface == "wan") - return $config['interfaces']['wan']['if']; - $ifdescrs = array(); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { - $ifname = "opt{$j}"; - if(strtolower($ifname) == $lc_interface) - return $config['interfaces'][$ifname]['if']; - if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface)) - return $config['interfaces'][$ifname]['if']; - } - } - - return $interface; -} - -/* - this code block is for deleteing logs while keeping the newest file, - snort is linked to these files while running, do not take the easy way out - by touch and rm, snort will lose sync and not log. - - this code needs to be watched. - */ - -/* list dir files */ -function snort_file_list($snort_log_dir, $snort_log_file) -{ - $dir = opendir ("$snort_log_dir"); - while (false !== ($file = readdir($dir))) { - if (strpos($file, "$snort_log_file",1) ) - $file_list[] = basename($file); - } - return $file_list; -} - -/* snort dir files */ -function snort_file_sort($snort_file1, $snort_file2) -{ - if ($snort_file1 == $snort_file2) - return 0; - - return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array -} - -/* build files newest first array */ -function snort_build_order($snort_list) -{ - foreach ($snort_list as $value_list) - $list_order[] = $value_list; - - return $list_order; -} - -/* keep the newest remove the rest */ -function snort_remove_files($snort_list_rm, $snort_file_safe) -{ - foreach ($snort_list_rm as $value_list) { - if ($value_list != $snort_file_safe) - @unlink("/var/log/snort/$value_list"); - else - file_put_contents("/var/log/snort/$snort_file_safe", ""); - } -} - -/* - * TODO: - * This is called by snort_alerts.php. - * - * This func needs to be made to only clear one interface rule log - * at a time. - * - */ -function post_delete_logs() -{ - global $config, $g; - - /* do not start config build if rules is empty */ - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - - $snort_log_dir = '/var/log/snort'; - - foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - $snort_uuid = $value['uuid']; - - if ($if_real != '' && $snort_uuid != '') { - if ($value['snortunifiedlog'] == 'on') { - $snort_log_file_u2 = "snort.u2."; - $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2); - if (is_array($snort_list_u2)) { - usort($snort_list_u2, "snort_file_sort"); - $snort_u2_rm_list = snort_build_order($snort_list_u2); - snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]); - } - } else - exec("/bin/rm $snort_log_dir/{$snort_uuid}_{$if_real}/snort.u2*"); - - if ($value['tcpdumplog'] == 'on') { - $snort_log_file_tcpd = "snort.tcpdump."; - $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd); - if (is_array($snort_list_tcpd)) { - usort($snort_list_tcpd, "snort_file_sort"); - $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd); - snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); - } - } else { - exec("/bin/rm $snort_log_dir/{$snort_uuid}_{$if_real}/snort.tcpdump*"); - - if ($value['perform_stat'] == 'on') - @file_put_contents("$snort_log_dirt/{$snort_uuid}_{$if_real}/snort.stats", ""); - } - } - } // end foreach -} - -function snort_postinstall() -{ - global $config, $g, $snort_pfsense_basever, $snort_arch; - - /* snort -> advanced features */ - if (is_array($config['installedpackages']['snortglobal'])) { - $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize']; - $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize']; - $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns']; - } - - /* cleanup default files */ - @rename('/usr/local/etc/snort/snort.conf-sample', '/usr/local/etc/snort/snort.conf'); - @rename('/usr/local/etc/snort/threshold.conf-sample', '/usr/local/etc/snort/threshold.conf'); - @rename('/usr/local/etc/snort/sid-msg.map-sample', '/usr/local/etc/snort/sid-msg.map'); - @rename('/usr/local/etc/snort/unicode.map-sample', '/usr/local/etc/snort/unicode.map'); - @rename('/usr/local/etc/snort/classification.config-sample', '/usr/local/etc/snort/classification.config'); - @rename('/usr/local/etc/snort/generators-sample', '/usr/local/etc/snort/generators'); - @rename('/usr/local/etc/snort/reference.config-sample', '/usr/local/etc/snort/reference.config'); - @rename('/usr/local/etc/snort/gen-msg.map-sample', '/usr/local/etc/snort/gen-msg.map'); - @unlink('/usr/local/etc/snort/sid'); - @unlink('/usr/local/etc/rc.d/snort'); - @unlink('/usr/local/etc/rc.d/bardyard2'); - - /* remove example files */ - if (file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) - exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*'); - - if (file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) - exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); - - /* create a few directories and ensure the sample files are in place */ - if (!is_dir('/usr/local/etc/snort')) - exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules'); - if (!is_dir('/usr/local/etc/snort/whitelist')) - exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); - /* NOTE: the diff between the if check and the exec() extra run is by design */ - if (!is_dir('/var/log/snort')) - exec('/bin/mkdir -p /var/log/snort/run'); - else - exec('/bin/rm -r /var/log/snort/*; /bin/mkdir -p /var/log/snort/run'); - - if (!is_dir('/var/log/snort/barnyard2')) - exec('/bin/mkdir -p /var/log/snort/barnyard2'); - if (!is_dir('/usr/local/lib/snort/dynamicrules/')) - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - if (!file_exists('/var/db/whitelist')) - touch('/var/db/whitelist'); - - /* XXX: These are needed if you run snort as snort user - mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); - mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); - mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); - mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); - mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); - */ - /* important */ - mwexec('/bin/chmod 660 /var/db/whitelist', true); - mwexec('/bin/chmod -R 660 /usr/local/etc/snort/*', true); - mwexec('/bin/chmod -R 660 /tmp/snort*', true); - mwexec('/bin/chmod -R 660 /var/run/snort*', true); - mwexec('/bin/chmod -R 660 /var/snort/run/*', true); - mwexec('/bin/chmod 770 /usr/local/lib/snort', true); - mwexec('/bin/chmod 770 /usr/local/etc/snort', true); - mwexec('/bin/chmod 770 /usr/local/etc/whitelist', true); - mwexec('/bin/chmod 770 /var/log/snort', true); - mwexec('/bin/chmod 770 /var/log/snort/run', true); - mwexec('/bin/chmod 770 /var/log/snort/barnyard2', true); - - /* move files around, make it look clean */ - mwexec('/bin/mkdir -p /usr/local/www/snort/css'); - mwexec('/bin/mkdir -p /usr/local/www/snort/images'); - - chdir ("/usr/local/www/snort/css/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style.css'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/sexybuttons.css'); - chdir("/usr/local/www/snort/images/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-asc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-desc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/arrow_down.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/awesome-overlay-sprite.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo22.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/page_white_text.png'); - - /* remake saved settings */ - if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { - update_status(gettext("Saved settings detected...")); - update_output_window(gettext("Please wait... rebuilding files...")); - sync_snort_package_config(); - update_output_window(gettext("Finnished Rebuilding files...")); - } -} - -function snort_Getdirsize($node) { - if(!is_readable($node)) - return false; - - $blah = exec( "/usr/bin/du -kd $node" ); - return substr( $blah, 0, strpos($blah, 9) ); -} - -/* func for log dir size limit cron */ -function snort_snortloglimit_install_cron($should_install) { - global $config, $g; - - if (!is_array($config['cron']['item'])) - $config['cron']['item'] = array(); - - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) { - $is_installed = true; - break; - } - $x++; - } - - switch($should_install) { - case true: - if(!$is_installed) { - - $cron_item = array(); - $cron_item['minute'] = "*/5"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc"; - $config['cron']['item'][] = $cron_item; - } - break; - case false: - if($is_installed == true) - unset($config['cron']['item'][$x]); - break; - } -} - -/* func for updating cron */ -function snort_rm_blocked_install_cron($should_install) { - global $config, $g; - - if (!is_array($config['cron']['item'])) - $config['cron']['item'] = array(); - - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort2c")) { - $is_installed = true; - break; - } - $x++; - } - - $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; - if ($snort_rm_blocked_info_ck == "1h_b") { - $snort_rm_blocked_min = "*/5"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "3600"; - } - if ($snort_rm_blocked_info_ck == "3h_b") { - $snort_rm_blocked_min = "*/15"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "10800"; - } - if ($snort_rm_blocked_info_ck == "6h_b") { - $snort_rm_blocked_min = "*/30"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "21600"; - } - if ($snort_rm_blocked_info_ck == "12h_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/1"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "43200"; - } - if ($snort_rm_blocked_info_ck == "1d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/2"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "86400"; - } - if ($snort_rm_blocked_info_ck == "4d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/8"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "345600"; - } - if ($snort_rm_blocked_info_ck == "7d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/14"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "604800"; - } - if ($snort_rm_blocked_info_ck == "28d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "0"; - $snort_rm_blocked_mday = "*/2"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "2419200"; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rm_blocked_min"; - $cron_item['hour'] = "$snort_rm_blocked_hr"; - $cron_item['mday'] = "$snort_rm_blocked_mday"; - $cron_item['month'] = "$snort_rm_blocked_month"; - $cron_item['wday'] = "$snort_rm_blocked_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; - $config['cron']['item'][] = $cron_item; - } - break; - case false: - if ($is_installed == true) - unset($config['cron']['item'][$x]); - break; - } -} - -/* func to install snort update */ -function snort_rules_up_install_cron($should_install) { - global $config, $g; - - if(!$config['cron']['item']) - $config['cron']['item'] = array(); - - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } - $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; - if ($snort_rules_up_info_ck == "6h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/6"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "12h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/12"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "1d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/1"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "4d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/4"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "7d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/7"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "28d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/28"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rules_up_min"; - $cron_item['hour'] = "$snort_rules_up_hr"; - $cron_item['mday'] = "$snort_rules_up_mday"; - $cron_item['month'] = "$snort_rules_up_month"; - $cron_item['wday'] = "$snort_rules_up_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log"; - $config['cron']['item'][] = $cron_item; - } - break; - case false: - if($is_installed == true) - unset($config['cron']['item'][$x]); - break; - } -} - -/* Only run when all ifaces needed to sync. Expects filesystem rw */ -function sync_snort_package_config() -{ - global $config, $g; - - /* RedDevil suggested code */ - /* TODO: more testing needs to be done */ - /* may cause voip to fail */ - //exec("/sbin/sysctl net.bpf.bufsize=8388608"); - //exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); - //exec("/sbin/sysctl net.bpf.maxinsns=512"); - //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); - - conf_mount_rw(); - - /* do not start config build if rules is empty */ - if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); - conf_mount_ro(); - return; - } - - foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { - $if_real = snort_get_real_interface($value['interface']); - $snort_uuid = $value['uuid']; - - if ($if_real != '' && $snort_uuid != '') { - - // only build whitelist when needed - if ($value['blockoffenders7'] === 'on') { - create_snort_whitelist($id, $if_real); - } - - // only build threshold when needed - if ($value['suppresslistname'] !== 'default'){ - create_snort_suppress($id, $if_real); - } - - // create snort configuration file - create_snort_conf($id, $if_real, $snort_uuid); - - // if rules exist cp rules to each iface - create_rules_iface($id, $if_real, $snort_uuid); - - // create barnyard2 configuration file - if ($value['barnyard_enable'] == 'on') { - create_barnyard2_conf($id, $if_real, $snort_uuid); - } - } - } - - /* create snort bootup file snort.sh only create once */ - create_snort_sh(); - - /* all new files are for the user snort nologin */ - if (!is_dir("/var/log/snort/{$snort_uuid}_{$if_real}")) - exec("/bin/mkdir -p /var/log/snort/{$snort_uuid}_{$if_real}"); - - if (!is_dir('/var/log/snort/run')) - exec('/bin/mkdir -p /var/log/snort/run'); - - if (!is_dir("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}")) - exec("/bin/mkdir -p /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}"); - - /* XXX: These are needed if snort is run as snort user - mwexec('/usr/sbin/chown -R snort:snort /var/log/snort', true); - mwexec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort', true); - mwexec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort', true); - mwexec('/usr/sbin/chown snort:snort /tmp/snort*', true); - mwexec('/usr/sbin/chown snort:snort /var/db/whitelist', true); - */ - - /* important */ - mwexec('/bin/chmod 770 /var/db/whitelist', true); - mwexec('/bin/chmod 770 /var/run/snort*', true); - mwexec('/bin/chmod 770 /tmp/snort*', true); - mwexec('/bin/chmod -R 770 /var/log/snort', true); - mwexec('/bin/chmod -R 770 /usr/local/lib/snort', true); - mwexec('/bin/chmod -R 770 /usr/local/etc/snort/', true); - - conf_mount_ro(); -} - -/* Start of main config files */ - -/* create threshold file */ -function create_snort_suppress($id, $if_real) { - global $config, $g; - - /* make sure dir is there */ - if (!is_dir('/usr/local/etc/snort/suppress')) - exec('/bin/mkdir -p /usr/local/etc/snort/suppress'); - - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - - if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') { - $whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']); - - /* file name */ - $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; - - /* Message */ - $s_data = '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; - - /* user added arguments */ - $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); - - /* open snort's whitelist for writing */ - @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data); - } -} - -function create_snort_whitelist($id, $if_real) { - global $config, $g; - - /* make sure dir is there */ - if (!is_dir('/usr/local/etc/snort/whitelist')) - exec('/bin/mkdir -p /usr/local/etc/snort/whitelist'); - - if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') { - - $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); - - /* open snort's whitelist for writing */ - @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data); - - } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) { - $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']); - - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - return; - } - - $whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]; - $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'], $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w); - - // convert spaces to carriage returns - $w_data = str_replace(',', "\n", $w_data); - $w_data = str_replace(',,', "\n", $w_data); - - /* open snort's whitelist for writing */ - @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); - } -} - -function create_snort_homenet($id, $if_real) { - global $config, $g; - - if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') - return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); - else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'])) { - $whitelist_key_h = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['homelistname']); - - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - return; - - $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype']; - $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips']; - $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips']; - $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips']; - $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips']; - $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips']; - - return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h); - } -} - -function create_snort_externalnet($id, $if_real) { - global $config, $g; - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'])) { - $whitelist_key_ex = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['externallistname']); - - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - return; - - $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype']; - $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips']; - $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips']; - $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips']; - $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips']; - $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips']; - - return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex); - } -} - -// open snort.sh for writing -function create_snort_sh() -{ - global $config, $g; - - $snortconf =& $config['installedpackages']['snortglobal']['rule']; - - // do not start config build if rules is empty - if (!is_array($snortconf) || empty($snortconf)) { - return; - } - - $i = 0; - foreach ($snortconf as $value) { - $snort_uuid = $value['uuid']; - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - - $snortstart_list .= "{$snort_uuid}_{$if_real}_{$i}" . ','; - - $i++; - - } // end foreach - - // remove , if its the last char - if($snortstart_list[strlen($snortstart_list)-1] === ',') { - $snortstart_list = substr_replace($snortstart_list, '', -1); - } - - -$snort_sh_text = <<<EOD - -#!/bin/sh -######## -# This file was automatically generated -# by the pfSense service handler. -# Code added to protect from double starts on pfSense bootup -######## Begining of Main snort.sh - -rc_start() { - -if [ -f /tmp/snort.sh.pid ]; then - exit; -fi - -/bin/echo "snort.sh run" > /tmp/snort.sh.pid - - -/usr/local/bin/php -f /usr/local/pkg/snort/snort_startstop.php snortstart={$snortstart_list} & - - -/bin/rm /tmp/snort.sh.pid - -} - -rc_stop() { - -if [ -f /tmp/snort.sh.pid ]; then - exit; -fi - -/bin/echo "snort.sh run" > /tmp/snort.sh.pid - - -/usr/local/bin/php -f /usr/local/pkg/snort/snort_startstop.php snortstop={$snortstart_list} & - - -/bin/rm /tmp/snort.sh.pid - -} - -case $1 in - start) - rc_start - ;; - stop) - rc_stop - ;; - restart) - rc_start - ;; -esac - -EOD; - - // write out snort.sh - $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w"); - if(!$bconf) { - log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing."); - return; - } - fwrite($bconf, $snort_sh_text); - fclose($bconf); - @chmod("/usr/local/etc/rc.d/snort.sh", 0755); -} - -/* if rules exist copy to new interfaces */ -function create_rules_iface($id, $if_real, $snort_uuid) -{ - global $config, $g; - - $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"; - $folder_chk = (count(glob("{$if_rule_dir}/rules/*")) === 0) ? 'empty' : 'full'; - - if ($folder_chk == "empty") { - if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); - exec("/bin/cp /usr/local/etc/snort/rules/* {$if_rule_dir}/rules"); - if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) - exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules {$if_rule_dir}/local_{$snort_uuid}_{$if_real}.rules"); - } -} - -/* open barnyard2.conf for writing */ -function create_barnyard2_conf($id, $if_real, $snort_uuid) { - global $config, $g; - - if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) - exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); - - if (!file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/barnyard2.waldo")) { - mwexec("/usr/bin/touch /var/log/snort/{$snort_uuid}_{$if_real}/barnyard2.waldo", true); - /* XXX: This is needed if snort is run as snort user */ - //mwexec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true); - mwexec("/bin/chmod 770 /var/log/snort/{$snort_uuid}_{$if_real}/barnyard2.waldo", true); - } - - $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); - - /* write out barnyard2_conf */ - $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w"); - if(!$bconf) { - log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing."); - return; - } - fwrite($bconf, $barnyard2_conf_text); - fclose($bconf); -} - -/* open barnyard2.conf for writing" */ -function generate_barnyard2_conf($id, $if_real, $snort_uuid) { - global $config, $g; - - /* define snortbarnyardlog */ - /* TODO: add support for the other 5 output plugins */ - - $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; - $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); - /* user add arguments */ - $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru'])); - - $barnyard2_conf_text = <<<EOD - -# barnyard2.conf -# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php -# -# set the appropriate paths to the file(s) your Snort process is using - -config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config -config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map -config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map - -config hostname: $snortbarnyardlog_hostname_info_chk -config interface: {$snort_uuid}_{$if_real} -config decode_data_link -config waldo_file: /var/log/snort/{$snort_uuid}_{$if_real}/barnyard2.waldo - -## START user pass through ## - - {$snortbarnyardlog_config_pass_thru} - -## END user pass through ## - -# Step 2: setup the input plugins -input unified2 - -config logdir: /var/log/snort/{$snort_uuid}_{$if_real} - -# database: log to a variety of databases -# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx - - $snortbarnyardlog_database_info_chk - -EOD; - - return $barnyard2_conf_text; -} - -function create_snort_conf($id, $if_real, $snort_uuid) -{ - global $config, $g; - - if (!empty($if_real)&& !empty($snort_uuid)) { - if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) { - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf"); - } - - $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid); - if (empty($snort_conf_text)) - return; - - /* write out snort.conf */ - $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); - if(!$conf) { - log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); - return -1; - } - fwrite($conf, $snort_conf_text); - fclose($conf); - } -} - -function snort_deinstall() { - global $config, $g; - - /* remove custom sysctl */ - remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); - - /* decrease bpf buffers back to 4096, from 20480 */ - exec('/sbin/sysctl net.bpf.bufsize=4096'); - mwexec('/usr/bin/killall snort', true); - sleep(2); - mwexec('/usr/bin/killall -9 snort', true); - sleep(2); - mwexec('/usr/bin/killall barnyard2', true); - sleep(2); - mwexec('/usr/bin/killall -9 barnyard2', true); - sleep(2); - mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true); - mwexec('/bin/rm -rf /usr/local/etc/snort*; /bin/rm -rf /usr/local/pkg/snort*', true); - mwexec('/bin/rm -r /usr/local/bin/barnyard2', true); - mwexec('/bin/rm -rf /usr/local/www/snort; /bin/rm -rf /var/log/snort; /bin/rm -rf /usr/local/lib/snort', true); - - /* Remove snort cron entries Ugly code needs smoothness*/ - if (!function_exists('snort_deinstall_cron')) { - function snort_deinstall_cron($crontask) { - global $config, $g; - - if(!is_array($config['cron']['item'])) - return; - - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], $crontask)) { - $is_installed = true; - break; - } - $x++; - } - if ($is_installed == true) - unset($config['cron']['item'][$x]); - } - } - - snort_deinstall_cron("snort2c"); - snort_deinstall_cron("snort_check_for_rule_updates.php"); - snort_deinstall_cron("/usr/local/pkg/snort/snort_check_cron_misc.inc"); - configure_cron(); - - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ - /* Keep this as a last step */ - if ($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') - unset($config['installedpackages']['snortglobal']); -} - -function generate_snort_conf($id, $if_real, $snort_uuid) -{ - global $config, $g, $snort_pfsense_basever; - - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - - $snortcfg =& $config['installedpackages']['snortglobal']['rule'][$id]; - - /* custom home nets */ - $home_net = create_snort_homenet($id, $if_real); - - if ($snortcfg['externallistname'] == 'default') - $external_net = '!$HOME_NET'; - else - $external_net = create_snort_externalnet($id, $if_real); - - /* obtain external interface */ - /* XXX: make multi wan friendly */ - $snort_ext_int = $snortcfg['interface']; - - /* user added arguments */ - $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru'])); - - /* create basic files */ - if (!is_dir("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}")) - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - - exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"); - exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config"); - exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config"); - exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map"); - exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map"); - exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf"); - exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); - - if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); - - /* define basic log filename */ - $snortunifiedlogbasic_type = ""; - if ($snortcfg['snortunifiedlogbasic'] == "on") - $snortunifiedlogbasic_type = "output unified: filename snort.u1, limit 128"; - - /* - * - * define cvs log filename - * this should be the default instead of alert_full it is much easier to parse - * - */ - $snortalertcvs_type = ""; - if ($snortcfg['snortalertcvs'] == "on") - $snortalertcvs_type = "output alert_csv: /var/log/snort/{$snort_uuid}_{$if_real}/alert.csv default 128"; - - /* define snortalertlogtype */ - if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast") - $snortalertlogtype_type = "output alert_fast: alert"; - else - $snortalertlogtype_type = "output alert_full: alert"; - - /* define alertsystemlog */ - $alertsystemlog_type = ""; - if ($snortcfg['alertsystemlog'] == "on") - $alertsystemlog_type = "output alert_syslog: log_alert"; - - /* define tcpdumplog */ - $tcpdumplog_type = ""; - if ($snortcfg['tcpdumplog'] == "on") - $tcpdumplog_type = "output log_tcpdump: snort.tcpdump"; - - /* define snortunifiedlog */ - $snortunifiedlog_type = ""; - if ($snortcfg['snortunifiedlog'] == "on") - $snortunifiedlog_type = "output unified2: filename snort.u2, limit 128"; - - /* define spoink */ - $spoink_type = ""; - if ($snortcfg['blockoffenders7'] == "on") { - if ($snortcfg['whitelistname'] == "default") - $spoink_whitelist_name = 'defaultwlist'; - else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}")) - $spoink_whitelist_name = $snortcfg['whitelistname']; - - $pfkill = ""; - if ($snortcfg['blockoffenderskill'] == "on") - $pfkill = "kill"; - - $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; - } - - /* define threshold file */ - $threshold_file_name = ""; - if ($snortcfg['suppresslistname'] != 'default') { - if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}")) - $threshold_file_name = "include /usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}"; - } - - /* define servers and ports snortdefservers */ - /* def DNS_SERVSERS */ - $def_dns_servers_info_chk = $snortcfg['def_dns_servers']; - if ($def_dns_servers_info_chk == "") - $def_dns_servers_type = "\$HOME_NET"; - else - $def_dns_servers_type = "$def_dns_servers_info_chk"; - - /* def DNS_PORTS */ - $def_dns_ports_info_chk = $snortcfg['def_dns_ports']; - if ($def_dns_ports_info_chk == "") - $def_dns_ports_type = "53"; - else - $def_dns_ports_type = "$def_dns_ports_info_chk"; - - /* def SMTP_SERVSERS */ - $def_smtp_servers_info_chk = $snortcfg['def_smtp_servers']; - if ($def_smtp_servers_info_chk == "") - $def_smtp_servers_type = "\$HOME_NET"; - else - $def_smtp_servers_type = "$def_smtp_servers_info_chk"; - - /* def SMTP_PORTS */ - $def_smtp_ports_info_chk = $snortcfg['def_smtp_ports']; - if ($def_smtp_ports_info_chk == "") - $def_smtp_ports_type = "25"; - else - $def_smtp_ports_type = "$def_smtp_ports_info_chk"; - - /* def MAIL_PORTS */ - $def_mail_ports_info_chk = $snortcfg['def_mail_ports']; - if ($def_mail_ports_info_chk == "") - $def_mail_ports_type = "25,143,465,691"; - else - $def_mail_ports_type = "$def_mail_ports_info_chk"; - - /* def HTTP_SERVSERS */ - $def_http_servers_info_chk = $snortcfg['def_http_servers']; - if ($def_http_servers_info_chk == "") - $def_http_servers_type = "\$HOME_NET"; - else - $def_http_servers_type = "$def_http_servers_info_chk"; - - /* def WWW_SERVSERS */ - $def_www_servers_info_chk = $snortcfg['def_www_servers']; - if ($def_www_servers_info_chk == "") - $def_www_servers_type = "\$HOME_NET"; - else - $def_www_servers_type = "$def_www_servers_info_chk"; - - /* def HTTP_PORTS */ - $def_http_ports_info_chk = $snortcfg['def_http_ports']; - if ($def_http_ports_info_chk == "") - $def_http_ports_type = "80"; - else - $def_http_ports_type = "$def_http_ports_info_chk"; - - /* def SQL_SERVSERS */ - $def_sql_servers_info_chk = $snortcfg['def_sql_servers']; - if ($def_sql_servers_info_chk == "") - $def_sql_servers_type = "\$HOME_NET"; - else - $def_sql_servers_type = "$def_sql_servers_info_chk"; - - /* def ORACLE_PORTS */ - $def_oracle_ports_info_chk = $snortcfg['def_oracle_ports']; - if ($def_oracle_ports_info_chk == "") - $def_oracle_ports_type = "1521"; - else - $def_oracle_ports_type = "$def_oracle_ports_info_chk"; - - /* def MSSQL_PORTS */ - $def_mssql_ports_info_chk = $snortcfg['def_mssql_ports']; - if ($def_mssql_ports_info_chk == "") - $def_mssql_ports_type = "1433"; - else - $def_mssql_ports_type = "$def_mssql_ports_info_chk"; - - /* def TELNET_SERVSERS */ - $def_telnet_servers_info_chk = $snortcfg['def_telnet_servers']; - if ($def_telnet_servers_info_chk == "") - $def_telnet_servers_type = "\$HOME_NET"; - else - $def_telnet_servers_type = "$def_telnet_servers_info_chk"; - - /* def TELNET_PORTS */ - $def_telnet_ports_info_chk = $snortcfg['def_telnet_ports']; - if ($def_telnet_ports_info_chk == "") - $def_telnet_ports_type = "23"; - else - $def_telnet_ports_type = "$def_telnet_ports_info_chk"; - - /* def SNMP_SERVSERS */ - $def_snmp_servers_info_chk = $snortcfg['def_snmp_servers']; - if ($def_snmp_servers_info_chk == "") - $def_snmp_servers_type = "\$HOME_NET"; - else - $def_snmp_servers_type = "$def_snmp_servers_info_chk"; - - /* def SNMP_PORTS */ - $def_snmp_ports_info_chk = $snortcfg['def_snmp_ports']; - if ($def_snmp_ports_info_chk == "") - $def_snmp_ports_type = "161"; - else - $def_snmp_ports_type = "$def_snmp_ports_info_chk"; - - /* def FTP_SERVSERS */ - $def_ftp_servers_info_chk = $snortcfg['def_ftp_servers']; - if ($def_ftp_servers_info_chk == "") - $def_ftp_servers_type = "\$HOME_NET"; - else - $def_ftp_servers_type = "$def_ftp_servers_info_chk"; - - /* def FTP_PORTS */ - $def_ftp_ports_info_chk = $snortcfg['def_ftp_ports']; - if ($def_ftp_ports_info_chk == "") - $def_ftp_ports_type = "21"; - else - $def_ftp_ports_type = "$def_ftp_ports_info_chk"; - - /* def SSH_SERVSERS */ - $def_ssh_servers_info_chk = $snortcfg['def_ssh_servers']; - if ($def_ssh_servers_info_chk == "") - $def_ssh_servers_type = "\$HOME_NET"; - else - $def_ssh_servers_type = "$def_ssh_servers_info_chk"; - - /* if user has defined a custom ssh port, use it */ - if(isset($config['system']['ssh']['port'])) - $ssh_port = $config['system']['ssh']['port']; - else - $ssh_port = "22"; - - /* def SSH_PORTS */ - $def_ssh_ports_info_chk = $snortcfg['def_ssh_ports']; - if ($def_ssh_ports_info_chk == "") - $def_ssh_ports_type = "{$ssh_port}"; - else - $def_ssh_ports_type = "$def_ssh_ports_info_chk"; - - /* def POP_SERVSERS */ - $def_pop_servers_info_chk = $snortcfg['def_pop_servers']; - if ($def_pop_servers_info_chk == "") - $def_pop_servers_type = "\$HOME_NET"; - else - $def_pop_servers_type = "$def_pop_servers_info_chk"; - - /* def POP2_PORTS */ - $def_pop2_ports_info_chk = $snortcfg['def_pop2_ports']; - if ($def_pop2_ports_info_chk == "") - $def_pop2_ports_type = "109"; - else - $def_pop2_ports_type = "$def_pop2_ports_info_chk"; - - /* def POP3_PORTS */ - $def_pop3_ports_info_chk = $snortcfg['def_pop3_ports']; - if ($def_pop3_ports_info_chk == "") - $def_pop3_ports_type = "110"; - else - $def_pop3_ports_type = "$def_pop3_ports_info_chk"; - - /* def IMAP_SERVSERS */ - $def_imap_servers_info_chk = $snortcfg['def_imap_servers']; - if ($def_imap_servers_info_chk == "") - $def_imap_servers_type = "\$HOME_NET"; - else - $def_imap_servers_type = "$def_imap_servers_info_chk"; - - /* def IMAP_PORTS */ - $def_imap_ports_info_chk = $snortcfg['def_imap_ports']; - if ($def_imap_ports_info_chk == "") - $def_imap_ports_type = "143"; - else - $def_imap_ports_type = "$def_imap_ports_info_chk"; - - /* def SIP_PROXY_IP */ - $def_sip_proxy_ip_info_chk = $snortcfg['def_sip_proxy_ip']; - if ($def_sip_proxy_ip_info_chk == "") - $def_sip_proxy_ip_type = "\$HOME_NET"; - else - $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk"; - - /* def SIP_PROXY_PORTS */ - $def_sip_proxy_ports_info_chk = $snortcfg['def_sip_proxy_ports']; - if ($def_sip_proxy_ports_info_chk == "") - $def_sip_proxy_ports_type = "5060:5090,16384:32768"; - else - $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk"; - - /* def SIP_SERVERS */ - $def_sip_servers_info_chk = $snortcfg['def_sip_servers']; - if ($def_sip_servers_info_chk == "") - $def_sip_servers_type = "\$HOME_NET"; - else - $def_sip_servers_type = "$def_sip_servers_info_chk"; - - /* def SIP_PORTS */ - $def_sip_ports_info_chk = $snortcfg['def_sip_ports']; - if ($def_sip_ports_info_chk == "") - $def_sip_ports_type = "5060:5090,16384:32768"; - else - $def_sip_ports_type = "$def_sip_ports_info_chk"; - - /* def AUTH_PORTS */ - $def_auth_ports_info_chk = $snortcfg['def_auth_ports']; - if ($def_auth_ports_info_chk == "") - $def_auth_ports_type = "113"; - else - $def_auth_ports_type = "$def_auth_ports_info_chk"; - - /* def FINGER_PORTS */ - $def_finger_ports_info_chk = $snortcfg['def_finger_ports']; - if ($def_finger_ports_info_chk == "") - $def_finger_ports_type = "79"; - else - $def_finger_ports_type = "$def_finger_ports_info_chk"; - - /* def IRC_PORTS */ - $def_irc_ports_info_chk = $snortcfg['def_irc_ports']; - if ($def_irc_ports_info_chk == "") - $def_irc_ports_type = "6665,6666,6667,6668,6669,7000"; - else - $def_irc_ports_type = "$def_irc_ports_info_chk"; - - /* def NNTP_PORTS */ - $def_nntp_ports_info_chk = $snortcfg['def_nntp_ports']; - if ($def_nntp_ports_info_chk == "") - $def_nntp_ports_type = "119"; - else - $def_nntp_ports_type = "$def_nntp_ports_info_chk"; - - /* def RLOGIN_PORTS */ - $def_rlogin_ports_info_chk = $snortcfg['def_rlogin_ports']; - if ($def_rlogin_ports_info_chk == "") - $def_rlogin_ports_type = "513"; - else - $def_rlogin_ports_type = "$def_rlogin_ports_info_chk"; - - /* def RSH_PORTS */ - $def_rsh_ports_info_chk = $snortcfg['def_rsh_ports']; - if ($def_rsh_ports_info_chk == "") - $def_rsh_ports_type = "514"; - else - $def_rsh_ports_type = "$def_rsh_ports_info_chk"; - - /* def SSL_PORTS */ - $def_ssl_ports_info_chk = $snortcfg['def_ssl_ports']; - if ($def_ssl_ports_info_chk == "") - $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995"; - else - $def_ssl_ports_type = "$def_ssl_ports_info_chk"; - - /* if user is on pppoe, we really want to use ng0 interface */ - if ($snort_pfsense_basever == 'yes' && $snort_ext_int == "wan") - $snort_ext_int = get_real_wan_interface(); - - /* set the snort performance model */ - if($snortcfg['performance']) - $snort_performance = $snortcfg['performance']; - else - $snort_performance = "ac-bnfa"; - - - /* generate rule sections to load */ - $selected_rules_sections = ""; - if (!empty($snortcfg['rulesets'])) { - $enabled_rulesets_array = explode('||', $snortcfg['rulesets']); - foreach($enabled_rulesets_array as $enabled_item) - $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; - } - - /* preprocessor code */ - - /* def perform_stat */ - $snort_perform_stat = <<<EOD - -########################## - # -# NEW # -# Performance Statistics # - # -########################## - -preprocessor perfmonitor: time 300 file /var/log/snort/{$snort_uuid}_{$if_real}/snort.stats pktcnt 10000 - -EOD; - - $def_perform_stat_info_chk = $snortcfg['perform_stat']; - if ($def_perform_stat_info_chk == "on") - $def_perform_stat_type = "$snort_perform_stat"; - else - $def_perform_stat_type = ""; - - $def_flow_depth_info_chk = $snortcfg['flow_depth']; - if (empty($def_flow_depth_info_chk)) - $def_flow_depth_type = '0'; - else - $def_flow_depth_type = $snortcfg['flow_depth']; - - /* def http_inspect */ - $snort_http_inspect = <<<EOD - -################# - # -# HTTP Inspect # - # -################# - -preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 - -# TODO: pfsense GUI needed for ports -preprocessor http_inspect_server: server default \ - http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \ - ports { 80 8080 } \ - non_strict \ - non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ - flow_depth {$def_flow_depth_type} \ - apache_whitespace no \ - directory no \ - iis_backslash no \ - u_encode yes \ - extended_response_inspection \ - inspect_gzip \ - normalize_utf \ - unlimited_decompress \ - ascii no \ - chunk_length 500000 \ - bare_byte yes \ - double_decode yes \ - iis_unicode no \ - iis_delimiter no \ - multi_slash no \ - server_flow_depth 0 \ - client_flow_depth 0 \ - post_depth 65495 \ - oversize_dir_length 500 \ - max_header_length 750 \ - max_headers 100 \ - max_spaces 0 \ - small_chunk_length { 10 5 } \ - enable_cookie \ - normalize_javascript \ - utf_8 no \ - webroot no - -EOD; - - $def_http_inspect_info_chk = $snortcfg['http_inspect']; - if ($def_http_inspect_info_chk == "on") - $def_http_inspect_type = "$snort_http_inspect"; - else - $def_http_inspect_type = ""; - - /* def other_preprocs */ - $snort_other_preprocs = <<<EOD - -################## - # -# Other preprocs # - # -################## - -preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 -preprocessor bo - -EOD; - - $def_other_preprocs_info_chk = $snortcfg['other_preprocs']; - if ($def_other_preprocs_info_chk == "on") - $def_other_preprocs_type = "$snort_other_preprocs"; - else - $def_other_preprocs_type = ""; - - /* def ftp_preprocessor */ - $snort_ftp_preprocessor = <<<EOD - -##################### - # -# ftp preprocessor # - # -##################### - -preprocessor ftp_telnet: global \ - inspection_type stateful \ - encrypted_traffic no - -preprocessor ftp_telnet_protocol: telnet \ - normalize \ - ayt_attack_thresh 200 \ - detect_anomalies - -preprocessor ftp_telnet_protocol: \ - ftp server default \ - def_max_param_len 100 \ - # TODO add pfsense GUI - ports { 21 } \ - telnet_cmds yes \ - ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ - ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ - ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ - ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \ - ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ - ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ - ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ - ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ - ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ - ftp_cmds { XSEN XSHA1 XSHA256 } \ - alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ - alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ - alt_max_param_len 256 { CWD RNTO } \ - alt_max_param_len 400 { PORT } \ - alt_max_param_len 512 { SIZE } \ - chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ - chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ - chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ - chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ - chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ - chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ - chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ - chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ - cmd_validity ALLO < int [ char R int ] > \ - cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ - cmd_validity MACB < string > \ - cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity PORT < host_port > \ - cmd_validity PROT < char CSEP > \ - cmd_validity STRU < char FRPO [ string ] > \ - cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > - -preprocessor ftp_telnet_protocol: ftp client default \ - max_resp_len 256 \ - bounce yes \ - telnet_cmds yes - -EOD; - - $def_ftp_preprocessor_info_chk = $snortcfg['ftp_preprocessor']; - if ($def_ftp_preprocessor_info_chk == "on") - $def_ftp_preprocessor_type = "$snort_ftp_preprocessor"; - else - $def_ftp_preprocessor_type = ""; - - /* def smtp_preprocessor */ - $snort_smtp_preprocessor = <<<EOD - -##################### - # -# SMTP preprocessor # - # -##################### - -# TODO add pfsense GUI -preprocessor SMTP: ports { 25 465 691 } \ - inspection_type stateful \ - b64_decode_depth 0 \ - qp_decode_depth 0 \ - bitenc_decode_depth 0 \ - uu_decode_depth 0 \ - log_mailfrom \ - log_rcptto \ - log_filename \ - log_email_hdrs \ - normalize cmds \ - normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ - normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ - normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ - normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ - max_command_line_len 512 \ - max_header_line_len 1000 \ - max_response_line_len 512 \ - alt_max_command_line_len 260 { MAIL } \ - alt_max_command_line_len 300 { RCPT } \ - alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ - alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ - alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ - valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ - valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ - valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ - valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ - xlink2state { enabled } - -EOD; - - $def_smtp_preprocessor_info_chk = $snortcfg['smtp_preprocessor']; - if ($def_smtp_preprocessor_info_chk == "on") - $def_smtp_preprocessor_type = "$snort_smtp_preprocessor"; - else - $def_smtp_preprocessor_type = ""; - - /* def sf_portscan */ - $snort_sf_portscan = <<<EOD - -################ - # -# sf Portscan # - # -################ - -preprocessor sfportscan: scan_type { all } \ - proto { all } \ - memcap { 10000000 } \ - sense_level { medium } \ - ignore_scanners { \$HOME_NET } - -EOD; - - $def_sf_portscan_info_chk = $snortcfg['sf_portscan']; - if ($def_sf_portscan_info_chk == "on") - $def_sf_portscan_type = "$snort_sf_portscan"; - else - $def_sf_portscan_type = ""; - - /* def dce_rpc_2 */ - $snort_dce_rpc_2 = <<<EOD - -############### - # -# NEW # -# DCE/RPC 2 # - # -############### - -preprocessor dcerpc2: memcap 102400, events [smb, co, cl] -preprocessor dcerpc2_server: default, policy WinXP, \ - detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ - autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ - smb_max_chain 3, \ - smb_invalid_shares ["C$", "D$", "ADMIN$"] - -EOD; - - $def_dce_rpc_2_info_chk = $snortcfg['dce_rpc_2']; - if ($def_dce_rpc_2_info_chk == "on") - $def_dce_rpc_2_type = "$snort_dce_rpc_2"; - else - $def_dce_rpc_2_type = ""; - - /* def dns_preprocessor */ - $snort_dns_preprocessor = <<<EOD - -#################### - # -# DNS preprocessor # - # -#################### - -# TODO add pfsense GUI -preprocessor dns: \ - ports { 53 } \ - enable_rdata_overflow - -EOD; - - $def_dns_preprocessor_info_chk = $snortcfg['dns_preprocessor']; - if ($def_dns_preprocessor_info_chk == "on") - $def_dns_preprocessor_type = "$snort_dns_preprocessor"; - else - $def_dns_preprocessor_type = ""; - - /* def SSL_PORTS IGNORE */ - $def_ssl_ports_ignore_info_chk = $snortcfg['def_ssl_ports_ignore']; - if ($def_ssl_ports_ignore_info_chk == "") - $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995"; - else - $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk"; - - /* stream5 queued settings */ - - - $def_max_queued_bytes_info_chk = $snortcfg['max_queued_bytes']; - if ($def_max_queued_bytes_info_chk == '') - $def_max_queued_bytes_type = ''; - else - $def_max_queued_bytes_type = ' max_queued_bytes ' . $snortcfg['max_queued_bytes'] . ','; - - $def_max_queued_segs_info_chk = $snortcfg['max_queued_segs']; - if ($def_max_queued_segs_info_chk == '') - $def_max_queued_segs_type = ''; - else - $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ','; - - /* build snort configuration file */ - $snort_conf_text = <<<EOD - -############################################################################## -# # -# snort configuration file generated by the pfSense package manager system # -# see /usr/local/pkg/snort.inc # -# for snort ver. 2.9.2.3 # -# more information Snort can be found at http://www.snort.org/ # -# # -############################################################################## - -######################### - # -# Define Local Network # - # -######################### - -ipvar HOME_NET [{$home_net}] -ipvar EXTERNAL_NET [{$external_net}] - -################### - # -# Define Servers # - # -################### - -ipvar DNS_SERVERS [{$def_dns_servers_type}] -ipvar SMTP_SERVERS [{$def_smtp_servers_type}] -ipvar HTTP_SERVERS [{$def_http_servers_type}] -ipvar SQL_SERVERS [{$def_sql_servers_type}] -ipvar TELNET_SERVERS [{$def_telnet_servers_type}] -ipvar FTP_SERVERS [{$def_ftp_servers_type}] -ipvar SSH_SERVERS [{$def_ssh_servers_type}] -ipvar SIP_PROXY_IP [{$def_sip_proxy_ip_type}] -ipvar SIP_SERVERS [{$def_sip_servers_type}] -ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] -# def below may have been removed -ipvar POP_SERVERS [{$def_pop_servers_type}] -ipvar IMAP_SERVERS [{$def_imap_servers_type}] -ipvar RPC_SERVERS [\$HOME_NET] -ipvar WWW_SERVERS [{$def_www_servers_type}] -ipvar SNMP_SERVERS [{$def_snmp_servers_type}] - - -######################## - # -# Define Server Ports # - # -######################## - -portvar HTTP_PORTS [{$def_http_ports_type}] -portvar SHELLCODE_PORTS !80 -portvar ORACLE_PORTS [{$def_oracle_ports_type}] -portvar FTP_PORTS [{$def_ftp_ports_type}] -portvar SSH_PORTS [{$def_ssh_ports_type}] -portvar SIP_PORTS [{$def_sip_ports_type}] -### Below ports need new gui ### -portvar FILE_DATA_PORTS [\$HTTP_PORTS,110,143] -portvar GTP_PORTS [2123,2152,3386] -portvar MODBUS_PORTS [502] -portvar DNP3_PORTS [20000] -# These ports may have been removed left here so no custom rules break -portvar AUTH_PORTS [{$def_auth_ports_type}] -portvar DNS_PORTS [{$def_dns_ports_type}] -portvar FINGER_PORTS [{$def_finger_ports_type}] -portvar IMAP_PORTS [{$def_imap_ports_type}] -portvar IRC_PORTS [{$def_irc_ports_type}] -portvar MSSQL_PORTS [{$def_mssql_ports_type}] -portvar NNTP_PORTS [{$def_nntp_ports_type}] -portvar POP2_PORTS [{$def_pop2_ports_type}] -portvar POP3_PORTS [{$def_pop3_ports_type}] -portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779] -portvar RLOGIN_PORTS [{$def_rlogin_ports_type}] -portvar RSH_PORTS [{$def_rsh_ports_type}] -portvar SMB_PORTS [139,445] -portvar SMTP_PORTS [{$def_smtp_ports_type}] -portvar SNMP_PORTS [{$def_snmp_ports_type}] -portvar TELNET_PORTS [{$def_telnet_ports_type}] -portvar MAIL_PORTS [{$def_mail_ports_type}] -portvar SSL_PORTS [{$def_sip_proxy_ports_type}] -portvar SIP_PROXY_PORTS [{$def_sip_ports_type}] - -# These ports may have been removed left here so no custom rules break -# DCERPC NCACN-IP-TCP -portvar DCERPC_NCACN_IP_TCP [139,445] -portvar DCERPC_NCADG_IP_UDP [138,1024:] -portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:] -portvar DCERPC_NCACN_UDP_LONG [135,1024:] -portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:] -portvar DCERPC_NCACN_TCP [2103,2105,2107] -portvar DCERPC_BRIGHTSTORE [6503,6504] - - -##################### - # -# Define Rule Paths # - # -##################### - -var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules -var PREPROC_RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/preproc_rules -var SO_RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/so_rules - -############################################################# -# # -# reputation preprocessor, ALWAYS USE FULL PATHS, BUG 89986 # -# # -############################################################# - -#var WHITE_LIST_PATH ../rules -#var BLACK_LIST_PATH ../rules - -################################ - # -# Configure the snort decoder # - # -################################ - -config checksum_mode: all -config disable_decode_alerts -config disable_tcpopt_experimental_alerts -config disable_tcpopt_obsolete_alerts -config disable_ttcp_alerts -config disable_tcpopt_alerts -config disable_tcpopt_ttcp_alerts -config disable_ipopt_alerts -config disable_decode_drops - -################ The following is for inline mode tunning ################ - -# config enable_decode_oversized_alerts -# config enable_decode_oversized_drops -# config flowbits_size: 64 - -#### make sure I enable gui for this ########## -# config ignore_ports: tcp 21 6667:6671 1356 # -# config ignore_ports: udp 1:17 53 # -############################################### - -# Configure active response for non inline -# config response: eth0 attempts 2 - -# Configure DAQ related options for inline mode -# -# config daq: <type> -# config daq_dir: <dir> -# config daq_mode: <mode> -# config daq_var: <var> -# -# <type> ::= pcap | afpacket | dump | nfq | ipq | ipfw -# <mode> ::= read-file | passive | inline -# <var> ::= arbitrary <name>=<value passed to DAQ -# <dir> ::= path as to where to look for DAQ module so's - -## gui needed for pfsense ## -# config daq: afpacket - -############################################################# - -######################################## -# Configure specific UID and GID -# to run snort as after dropping privs -# -# config set_gid: -# config set_uid: -######################################## - -######################################## -# -# Configure default snaplen. Snort -# defaults to MTU of in use interface -# -# config snaplen: -# -# TODO: gui needed for pfsense -# -######################################## - -################################################################ -# -# Configure default bpf_file to use for filtering what traffic -# reaches snort. options (-F) -# -# config bpf_file: -# -# TODO: gui needed for pfsense -# -############################################################### - -##################################################################### -# -# Configure default log directory for snort to log to. options (-l) -# -# config logdir: -# -##################################################################### - -################################### - # -# Configure the detection engine # -# Use lower memory models # - # -################################### - -# TODO: gui needed for pfsense -# Configure PCRE match limitations -config pcre_match_limit: 3500 -config pcre_match_limit_recursion: 1500 - -############################################################################# -# # -# Configure the detection engine # -# Use lower memory models for pfsense # -# # -# # -# Notes # -# # -# ac, ac-q, ac-bnfa, ac-bnfa-q, lowmem, lowmem-q # -# ac-split shorthand for search-method ac, split-any-any, intel-cpm,ac-nq, # -# ac-bnfa-nq This is the default search method if none is specified. # -# lowmem-nq, ac-std, acs, ac-banded, ac-sparsebands # -# # -############################################################################# - -config detection: search-method {$snort_performance} search-optimize max-pattern-len 20 -config event_queue: max_queue 8 log 3 order_events content_length - -################################################### -# Configure GTP if it is to be used -#################################################### - -# TODO: gui needed for pfsense -# config enable_gtp - -################################################### -# Per packet and rule latency enforcement, README.ppm -################################################### - -# Per Packet latency configuration -#config ppm: max-pkt-time 250, \ -# fastpath-expensive-packets, \ -# pkt-log - -# Per Rule latency configuration -#config ppm: max-rule-time 200, \ -# threshold 3, \ -# suspend-expensive-rules, \ -# suspend-timeout 20, \ -# rule-log alert - -################################################### -# Configure Perf Profiling for debugging, README.PerfProfiling -################################################### - -#config profile_rules: print all, sort avg_ticks -#config profile_preprocs: print all, sort avg_ticks - -################################################### -# Configure protocol aware flushing. README.stream5 -################################################### -config paf_max: 16000 - -################################################## -# Configure dynamic loaded libraries -################################################## - -dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor -dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so -dynamicdetection directory /usr/local/lib/snort/dynamicrules - -################### - # -# Flow and stream # - # -################### - -# TODO: gui needed for pfsense -# GTP Control Channle Preprocessor, README.GTP -# preprocessor gtp: ports { 2123 3386 2152 } - -#################################################### -# Inline packet normalization, README.normalize -# Does nothing in IDS mode -# -# preprocessor normalize_ip4 -# preprocessor normalize_tcp: ips ecn stream -# preprocessor normalize_icmp4 -# preprocessor normalize_ip6 -# preprocessor normalize_icmp6 -#################################################### - -# this tuning ,may need testing -preprocessor frag3_global: max_frags 65536 -preprocessor frag3_engine: policy bsd detect_anomalies - -preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp yes, max_tcp 262144, max_udp 131072, max_active_responses 2, min_response_seconds 5 - -preprocessor stream5_tcp: policy BSD, ports both all, timeout 180, {$def_max_queued_bytes_type}{$def_max_queued_segs_type} -preprocessor stream5_udp: timeout 180 -preprocessor stream5_icmp: - - {$def_perform_stat_type} - - {$def_http_inspect_type} - - {$def_other_preprocs_type} - - {$def_ftp_preprocessor_type} - - {$def_smtp_preprocessor_type} - - {$def_sf_portscan_type} - -######################## - # -# ARP spoof detection. # - # -######################## - -# preprocessor arpspoof -# preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00 - -########################## - # -# SSH anomaly detection # - # -########################## - -preprocessor ssh: server_ports { 22 } \ - autodetect \ - max_client_bytes 19600 \ - max_encrypted_packets 20 \ - max_server_version_len 100 \ - enable_respoverflow enable_ssh1crc32 \ - enable_srvoverflow enable_protomismatch - - - {$def_dce_rpc_2_type} - - {$def_dns_preprocessor_type} - -############################## - # -# NEW # -# Ignore SSL and Encryption # - # -############################## - -preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted - - -########################################################### - # -# SDF sensitive data preprocessor, README.sensitive_data # - # -########################################################### - -# TODO: add pfsense GUI -preprocessor sensitive_data: alert_threshold 20 - -############################################################# - # -# SIP Session Initiation Protocol preprocessor, README.sip # - # -############################################################# - -# TODO: add pfsense GUI -preprocessor sip: max_sessions 40000, \ - ports { 5060 5061 5600 }, \ - methods { invite \ - cancel \ - ack \ - bye \ - register \ - options \ - refer \ - subscribe \ - update \ - join \ - info \ - message \ - notify \ - benotify \ - do \ - qauth \ - sprack \ - publish \ - service \ - unsubscribe \ - prack }, \ - max_uri_len 512, \ - max_call_id_len 80, \ - max_requestName_len 20, \ - max_from_len 256, \ - max_to_len 256, \ - max_via_len 1024, \ - max_contact_len 512, \ - max_content_len 2048 - -################################## - # -# IMAP preprocessor, README.imap # - # -################################## - -# TODO: add pfsense GUI -preprocessor imap: \ - ports { 143 } \ - b64_decode_depth 0 \ - qp_decode_depth 0 \ - bitenc_decode_depth 0 \ - uu_decode_depth 0 - -################################## - # -# POP preprocessor, README.pop # - # -################################## - -# TODO: add pfsense GUI -preprocessor pop: \ - ports { 110 } \ - b64_decode_depth 0 \ - qp_decode_depth 0 \ - bitenc_decode_depth 0 \ - uu_decode_depth 0 - -####################################### - # -# Modbus preprocessor, README.modbus # -# Used for SCADA # - # -####################################### - -# TODO: add pfsense GUI -preprocessor modbus: ports { 502 } - - -############################################### - # -# DNP3 preprocessor, EADME.dnp3 # - # -############################################### - -# TODO: add pfsense GUI -preprocessor dnp3: ports { 20000 } \ - memcap 262144 \ - check_crc - -############################################### - # -# Reputation preprocessor, README.reputation # - # -############################################### - -#preprocessor reputation: \ -# memcap 500, \ -# priority whitelist, \ -# nested_ip inner, \ -# whitelist \$WHITE_LIST_PATH/white_list.rules, \ -# blacklist \$BLACK_LIST_PATH/black_list.rules - - -##################### - # -# Snort Output Logs # - # -##################### - -$snortalertlogtype_type -$alertsystemlog_type -$tcpdumplog_type -$snortunifiedlogbasic_type -$snortunifiedlog_type -$snortalertcvs_type -$spoink_type - -################# - # -# Misc Includes # - # -################# - -include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config -include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -$threshold_file_name - -# Snort user pass through configuration -{$snort_config_pass_thru} - -################### - # -# Rules Selection # - # -################### - - -{$selected_rules_sections} - - -EOD; - - return $snort_conf_text; -} - -/* hide progress bar */ -function hide_progress_bar_status() { - global $snort_filename, $snort_filename_md5, $console_mode; - - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; -} - -/* unhide progress bar */ -function unhide_progress_bar_status() { - global $snort_filename, $snort_filename_md5, $console_mode; - - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>"; -} - -/* update both top and bottom text box during an operation */ -function update_all_status($status) { - global $snort_filename, $snort_filename_md5, $console_mode; - - ob_flush(); - if(!$console_mode) { - update_status($status); - update_output_window($status); - } -} - -######## new - -// returns array that matches pattern, option to replace objects in matches -function snortScanDirFilter($arrayList, $pattmatch, $pattreplace, $pattreplacewith) -{ - foreach ( $arrayList as $val ) - { - if (preg_match($pattmatch, $val, $matches)) { - if ($pattreplace != '') { - $matches2 = preg_replace($pattreplace, $pattreplacewith, $matches[0]); - $filterDirList[] = $matches2; - }else{ - $filterDirList[] = $matches[0]; - } - } - } - return $filterDirList; -} - -?> diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml deleted file mode 100644 index 8f64a5e3..00000000 --- a/config/snort-dev/snort.xml +++ /dev/null @@ -1,209 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfsense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>Snort</name> - <version>2.9.2.3</version> - <title>Services:2.9.2.3 pkg v. 2.2</title> - <include_file>/usr/local/pkg/snort/snort.inc</include_file> - <menu> - <name>Snort</name> - <tooltiptext>Setup snort specific settings</tooltiptext> - <section>Services</section> - <url>/snort/snort_interfaces.php</url> - </menu> - <service> - <name>snort</name> - <rcfile>snort.sh</rcfile> - <executable>snort</executable> - <description>Snort IDS/IPS Daemon</description> - </service> - <tabs> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_check_cron_misc.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_startstop.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_check_for_rule_updates.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/help_and_info.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php</item> - </additional_files_needed> - <fields> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - sync_snort_package_config(); - </custom_php_resync_config_command> - <custom_php_install_command> - snort_postinstall(); - </custom_php_install_command> - <custom_php_deinstall_command> - snort_deinstall(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php deleted file mode 100644 index 3eafcf21..00000000 --- a/config/snort-dev/snort_alerts.php +++ /dev/null @@ -1,587 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_alerts.php - part of pfSense - - Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Modified for the Pfsense snort package v. 1.8+ - Copyright (C) 2009 Robert Zelaya Sr. Developer - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -/* load only javascript that is needed */ -$snort_load_sortabletable = 'yes'; -$snort_load_mootools = 'yes'; - -$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_instance = &$config['installedpackages']['snortglobal']['rule']; -$snort_uuid = $a_instance[0]['uuid']; -$if_real = snort_get_real_interface($a_instance[0]['interface']); - -if ($_POST['instance']) { - $snort_uuid = $a_instance[$_POST]['instance']['uuid']; - $if_real = snort_get_real_interface($a_instance[$_POST]['instance']['interface']); -} - - -if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) { - $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; - $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber']; - $anentries = $pconfig['alertnumber']; -} else { - $anentries = '250'; - $pconfig['alertnumber'] = '250'; - $pconfig['arefresh'] = 'off'; -} - -if ($_POST['save']) -{ - //unset($input_errors); - //$pconfig = $_POST; - - /* input validation */ - if ($_POST['save']) - { - - // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; - // } - - } - - /* no errors */ - if (!$input_errors) { - if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) - $config['installedpackages']['snortglobal']['alertsblocks'] = array(); - $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off'; - $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; - - write_config(); - - header("Location: /snort/snort_alerts.php"); - exit; - } - -} - -if ($_GET['action'] == "clear" || $_POST['clear']) -{ - if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert")) - { - conf_mount_rw(); - @file_put_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert", ""); - post_delete_logs(); - /* XXX: This is needed is snort is run as snort user */ - //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true); - mwexec('/bin/chmod 660 /var/log/snort/*', true); - mwexec('/usr/bin/killall -HUP snort', true); - conf_mount_ro(); - } - header("Location: /snort/snort_alerts.php"); - exit; -} - -if ($_POST['download']) -{ - - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_logs_{$save_date}.tar.gz"; - exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/{$snort_uuid}_{$if_real}"); - - if (file_exists("/tmp/{$file_name}")) { - $file = "/tmp/snort_logs_{$save_date}.tar.gz"; - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); - header("Pragma: private"); // needed for IE - header("Cache-Control: private, must-revalidate"); // needed for IE - header('Content-type: application/force-download'); - header('Content-Transfer-Encoding: Binary'); - header("Content-length: ".filesize($file)); - header("Content-disposition: attachment; filename = {$file_name}"); - readfile("$file"); - exec("/bin/rm /tmp/{$file_name}"); - } - - header("Location: /snort/snort_alerts.php"); - exit; -} - - -/* WARNING: took me forever to figure reg expression, dont lose */ -// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50'; -function get_snort_alert_date($fileline) -{ - /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */ - if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1)) - $alert_date = "$matches1[0]"; - - return $alert_date; -} - -function get_snort_alert_disc($fileline) -{ - /* disc */ - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - $alert_disc = "$matches[2]"; - - return $alert_disc; -} - -function get_snort_alert_class($fileline) -{ - /* class */ - if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2)) - $alert_class = "$matches2[0]"; - - return $alert_class; -} - -function get_snort_alert_priority($fileline) -{ - /* Priority */ - if (preg_match('/Priority:\s\d/', $fileline, $matches3)) - $alert_priority = "$matches3[0]"; - - return $alert_priority; -} - -function get_snort_alert_proto($fileline) -{ - /* Priority */ - if (preg_match('/\{.+\}/', $fileline, $matches3)) - $alert_proto = "$matches3[0]"; - - return $alert_proto; -} - -function get_snort_alert_proto_full($fileline) -{ - /* Protocal full */ - if (preg_match('/.+\sTTL/', $fileline, $matches2)) - $alert_proto_full = "$matches2[0]"; - - return $alert_proto_full; -} - -function get_snort_alert_ip_src($fileline) -{ - /* SRC IP */ - $re1='.*?'; # Non-greedy match on filler - $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - - if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) - $alert_ip_src = $matches4[1][0]; - - return $alert_ip_src; -} - -function get_snort_alert_src_p($fileline) -{ - /* source port */ - if (preg_match('/:\d+\s-/', $fileline, $matches5)) - $alert_src_p = "$matches5[0]"; - - return $alert_src_p; -} - -function get_snort_alert_flow($fileline) -{ - /* source port */ - if (preg_match('/(->|<-)/', $fileline, $matches5)) - $alert_flow = "$matches5[0]"; - - return $alert_flow; -} - -function get_snort_alert_ip_dst($fileline) -{ - /* DST IP */ - $re1dp='.*?'; # Non-greedy match on filler - $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress - $re3dp='.*?'; # Non-greedy match on filler - $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - - if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6)) - $alert_ip_dst = $matches6[1][0]; - - return $alert_ip_dst; -} - -function get_snort_alert_dst_p($fileline) -{ - /* dst port */ - if (preg_match('/:\d+$/', $fileline, $matches7)) - $alert_dst_p = "$matches7[0]"; - - return $alert_dst_p; -} - -function get_snort_alert_dst_p_full($fileline) -{ - /* dst port full */ - if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7)) - $alert_dst_p = "$matches7[0]"; - - return $alert_dst_p; -} - -function get_snort_alert_sid($fileline) -{ - /* SID */ - if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8)) - $alert_sid = "$matches8[0]"; - - return $alert_sid; -} - -$pgtitle = "Services: Snort: Snort Alerts"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php - -include_once("fbegin.inc"); -echo $snort_general_css; - -/* refresh every 60 secs */ -if ($pconfig['arefresh'] == 'on') - echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n"; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td> - <div id="mainarea2"> - <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0"> - <form action="/snort/snort_alerts.php" method="post" id="formalert"> - <tr> - <td width="22%" colspan="0" class="listtopic">Last <?=$anentries;?> Alert Entries.</td> - <td width="78%" class="listtopic">Latest Alert Entries Are Listed First.</td> - </tr> - <tr> - <td width="22%" class="vncell">Instance to inspect</td> - <td width="78%" class="vtable"> - <br/> <select name="instance" id="instance" class="formfld unkown" onChange="document.getElementById('formalert').submit()"> - <?php - foreach ($a_instance as $id => $instance) { - echo "<option value='{$id}'> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n"; - } - ?> - </select><br/> Choose which instance alerts you want to inspect. - </td> - <tr> - <td width="22%" class="vncell">Save or Remove Logs</td> - <td width="78%" class="vtable"> - <input name="download" type="submit" class="formbtn" value="Download"> All - log files will be saved. <a href="/snort/snort_alerts.php?action=clear"> - <input name="delete" type="button" class="formbtn" value="Clear" - onclick="return confirm('Do you really want to remove all instance logs?')"></a> - <span class="red"><strong>Warning:</strong></span> all log files will be deleted. - </td> - </tr> - <tr> - <td width="22%" class="vncell">Auto Refresh and Log View</td> - <td width="78%" class="vtable"> - <input name="save" type="submit" class="formbtn" value="Save"> - Refresh <input name="arefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>> - <strong>Default</strong> is <strong>ON</strong>. - <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"> - Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>. - </td> - </tr> - </form> - </table> - </div> - </td> - </tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"><br> - <div class="tableFilter"> - <form id="tableFilter" - onsubmit="myTable.filter(this.id); return false;">Filter: <select - id="column"> - <option value="1">PRIORITY</option> - <option value="2">PROTO</option> - <option value="3">DESCRIPTION</option> - <option value="4">CLASS</option> - <option value="5">SRC</option> - <option value="6">SRC PORT</option> - <option value="7">FLOW</option> - <option value="8">DST</option> - <option value="9">DST PORT</option> - <option value="10">SID</option> - <option value="11">Date</option> - </select> <input type="text" id="keyword" /> <input type="submit" - value="Submit" /> <input type="reset" value="Clear" /></form> - </div> - <table class="allRow" id="myTable" width="100%" border="2" - cellpadding="1" cellspacing="1"> - <thead> - <th axis="number">#</th> - <th axis="string">PRI</th> - <th axis="string">PROTO</th> - <th axis="string">DESCRIPTION</th> - <th axis="string">CLASS</th> - <th axis="string">SRC</th> - <th axis="string">SPORT</th> - <th axis="string">FLOW</th> - <th axis="string">DST</th> - <th axis="string">DPORT</th> - <th axis="string">SID</th> - <th axis="date">Date</th> - </thead> - <tbody> - <?php - - /* make sure alert file exists */ - if (!file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert")) - exec("/usr/bin/touch /var/log/snort/{$snort_uuid}_{$if_real}/alert"); - - $logent = $anentries; - - /* detect the alert file type */ - if ($snortalertlogt == 'full') - $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert")))); - else - $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert")))); - - - - if (is_array($alerts_array)) { - - $counter = 0; - foreach($alerts_array as $fileline) - { - - if($logent <= $counter) - continue; - - $counter++; - - /* Date */ - $alert_date_str = get_snort_alert_date($fileline); - - if($alert_date_str != '') - { - $alert_date = $alert_date_str; - }else{ - $alert_date = 'empty'; - } - - /* Discription */ - $alert_disc_str = get_snort_alert_disc($fileline); - - if($alert_disc_str != '') - { - $alert_disc = $alert_disc_str; - }else{ - $alert_disc = 'empty'; - } - - /* Classification */ - $alert_class_str = get_snort_alert_class($fileline); - - if($alert_class_str != '') - { - - $alert_class_match = array('[Classification:',']'); - $alert_class = str_replace($alert_class_match, '', "$alert_class_str"); - }else{ - $alert_class = 'Prep'; - } - - /* Priority */ - $alert_priority_str = get_snort_alert_priority($fileline); - - if($alert_priority_str != '') - { - $alert_priority_match = array('Priority: ',']'); - $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str"); - }else{ - $alert_priority = 'empty'; - } - - /* Protocol */ - /* Detect alert file type */ - if ($snortalertlogt == 'full') - { - $alert_proto_str = get_snort_alert_proto_full($fileline); - }else{ - $alert_proto_str = get_snort_alert_proto($fileline); - } - - if($alert_proto_str != '') - { - $alert_proto_match = array(" TTL",'{','}'); - $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str"); - }else{ - $alert_proto = 'empty'; - } - - /* IP SRC */ - $alert_ip_src_str = get_snort_alert_ip_src($fileline); - - if($alert_ip_src_str != '') - { - $alert_ip_src = $alert_ip_src_str; - }else{ - $alert_ip_src = 'empty'; - } - - /* IP SRC Port */ - $alert_src_p_str = get_snort_alert_src_p($fileline); - - if($alert_src_p_str != '') - { - $alert_src_p_match = array(' -',':'); - $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str"); - }else{ - $alert_src_p = 'empty'; - } - - /* Flow */ - $alert_flow_str = get_snort_alert_flow($fileline); - - if($alert_flow_str != '') - { - $alert_flow = $alert_flow_str; - }else{ - $alert_flow = 'empty'; - } - - /* IP Destination */ - $alert_ip_dst_str = get_snort_alert_ip_dst($fileline); - - if($alert_ip_dst_str != '') - { - $alert_ip_dst = $alert_ip_dst_str; - }else{ - $alert_ip_dst = 'empty'; - } - - /* IP DST Port */ - if ($snortalertlogt == 'full') - { - $alert_dst_p_str = get_snort_alert_dst_p_full($fileline); - }else{ - $alert_dst_p_str = get_snort_alert_dst_p($fileline); - } - - if($alert_dst_p_str != '') - { - $alert_dst_p_match = array(':',"\n"," TTL"); - $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str"); - $alert_dst_p_match2 = array('/[A-Z]/'); - $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2"); - }else{ - $alert_dst_p = 'empty'; - } - - /* SID */ - $alert_sid_str = get_snort_alert_sid($fileline); - - if($alert_sid_str != '') - { - $alert_sid_match = array('[',']'); - $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str"); - }else{ - $alert_sid_str = 'empty'; - } - - /* NOTE: using one echo improves performance by 2x */ - if ($alert_disc != 'empty') - { - echo "<tr id=\"{$counter}\"> - <td class=\"centerAlign\">{$counter}</td> - <td class=\"centerAlign\">{$alert_priority}</td> - <td class=\"centerAlign\">{$alert_proto}</td> - <td>{$alert_disc}</td> - <td class=\"centerAlign\">{$alert_class}</td> - <td>{$alert_ip_src}</td> - <td class=\"centerAlign\">{$alert_src_p}</td> - <td class=\"centerAlign\">{$alert_flow}</td> - <td>{$alert_ip_dst}</td> - <td class=\"centerAlign\">{$alert_dst_p}</td> - <td class=\"centerAlign\">{$alert_sid}</td> - <td>{$alert_date}</td> - </tr>\n"; - } - - // <script type="text/javascript"> - // var myTable = {}; - // window.addEvent('domready', function(){ - // myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}}); - // }); - // </script> - - } - } - - ?> - </tbody> - </table> - </td> -</table> - -</div> - -<?php -include("fend.inc"); - -echo $snort_custom_rnd_box; - -?> -</body> -</html> diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php deleted file mode 100644 index b647c007..00000000 --- a/config/snort-dev/snort_barnyard.php +++ /dev/null @@ -1,269 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* - -TODO: Nov 12 09 -Clean this code up its ugly -Important add error checking - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - -$pconfig = array(); -if (isset($id) && $a_nat[$id]) { - /* old options */ - $pconfig = $a_nat[$id]; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); -} - -if (isset($_GET['dup'])) - unset($id); - -$if_real = snort_get_real_interface($pconfig['interface']); -$snort_uuid = $pconfig['uuid']; - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - -if ($_POST) { - - /* XXX: Mising error reporting?! - * check for overlaps - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; - if ($natent['interface'] != $_POST['interface']) - continue; - } - */ - - /* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - /* repost the options already in conf */ - $natent = $pconfig; - - $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off'; - $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; - $natent['barnconfigpassthru'] = $_POST['barnconfigpassthru'] ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru']; - if ($_POST['barnyard_enable'] == "on") - $natent['snortunifiedlog'] = 'on'; - else - $natent['snortunifiedlog'] = 'off'; - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - sync_snort_package_config(); - - /* after click go to this page */ - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: snort_barnyard.php?id=$id"); - exit; - } -} - -$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit"; -include_once("head.inc"); - -?> -<body - link="#0000CC" vlink="#0000CC" alink="#0000CC"> - - -<?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php -echo "{$snort_general_css}\n"; -?> - -<div class="body2"> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<script language="JavaScript"> -<!-- - -function enable_change(enable_change) { - endis = !(document.iform.barnyard_enable.checked || enable_change); - // make shure a default answer is called if this is envoked. - endis2 = (document.iform.barnyard_enable); - - document.iform.barnyard_mysql.disabled = endis; - document.iform.barnconfigpassthru.disabled = endis; -} -//--> -</script> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<form action="snort_barnyard.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"><?php - - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">General Barnyard2 - Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Enable</td> - <td width="78%" class="vtable"> - <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"> - <strong>Enable Barnyard2 </strong><br> - This will enable barnyard2 for this interface. You will also have to set the database credentials.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Mysql Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td> - <td width="78%" class="vtable"><input name="barnyard_mysql" - type="text" class="formfld" id="barnyard_mysql" size="100" - value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br> - <span class="vexpl">Example: output database: alert, mysql, - dbname=snort user=snort host=localhost password=xyz<br> - Example: output database: log, mysql, dbname=snort user=snort - host=localhost password=xyz</span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Advanced Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration - pass through</td> - <td width="78%" class="vtable"><textarea name="barnconfigpassthru" - cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> - <br> - Arguments here will be automatically inserted into the running - barnyard2 configuration.</td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input name="id" type="hidden" value="<?=$id;?>"> </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings befor you click start. </td> - </tr> - </table> - -</table> -</form> - -</div> - -<script language="JavaScript"> -<!-- -enable_change(false); -//--> -</script> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php deleted file mode 100644 index 932e0983..00000000 --- a/config/snort-dev/snort_blocked.php +++ /dev/null @@ -1,426 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_blocked.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Modified for the Pfsense snort package v. 1.8+ - Copyright (C) 2009 Robert Zelaya Sr. Developer - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) - $config['installedpackages']['snortglobal']['alertsblocks'] = array(); - -$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']; -$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber']; - -if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0') -{ - $bnentries = '500'; -}else{ - $bnentries = $pconfig['blertnumber']; -} - -if($_POST['todelete'] or $_GET['todelete']) { - if($_POST['todelete']) - $ip = $_POST['todelete']; - if($_GET['todelete']) - $ip = $_GET['todelete']; - exec("/sbin/pfctl -t snort2c -T delete {$ip}"); -} - -if ($_POST['remove']) { - exec("/sbin/pfctl -t snort2c -T flush"); - sleep(1); - header("Location: /snort/snort_blocked.php"); - exit; - -} - -/* TODO: build a file with block ip and disc */ -if ($_POST['download']) -{ - - ob_start(); //important or other posts will fail - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_blocked_{$save_date}.tar.gz"; - exec('/bin/mkdir /tmp/snort_blocked'); - exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf'); - - $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); - - if ($blocked_ips_array_save[0] != '') { - /* build the list */ - file_put_contents("/tmp/snort_blocked/snort_block.pf", ""); - foreach($blocked_ips_array_save as $counter => $fileline3) - file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline3}\n", FILE_APPEND); - } - - exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); - - if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) { - $file = "/tmp/snort_blocked_{$save_date}.tar.gz"; - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); - header("Pragma: private"); // needed for IE - header("Cache-Control: private, must-revalidate"); // needed for IE - header('Content-type: application/force-download'); - header('Content-Transfer-Encoding: Binary'); - header("Content-length: ".filesize($file)); - header("Content-disposition: attachment; filename = {$file_name}"); - readfile("$file"); - exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz"); - exec("/bin/rm /tmp/snort_block.pf"); - exec("/bin/rm /tmp/snort_blocked/snort_block.pf"); - od_end_clean(); //importanr or other post will fail - } else - echo 'Error no saved file.'; - -} - -if ($_POST['save']) -{ - - /* input validation */ - if ($_POST['save']) - { - - - } - - /* no errors */ - if (!$input_errors) - { - $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; - $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; - - write_config(); - - header("Location: /snort/snort_blocked.php"); - - } - -} - -/* build filter funcs */ -function get_snort_alert_ip_src($fileline) -{ - /* SRC IP */ - $re1='.*?'; # Non-greedy match on filler - $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - - if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) - $alert_ip_src = $matches4[1][0]; - - return $alert_ip_src; -} - -function get_snort_alert_disc($fileline) -{ - /* disc */ - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - $alert_disc = "$matches[2]"; - - return $alert_disc; -} - -/* build sec filters */ -function get_snort_block_ip($fileline) -{ - /* ip */ - if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches)) - $alert_block_ip = "$matches[0]"; - - return $alert_block_ip; -} - -function get_snort_block_disc($fileline) -{ - /* disc */ - if (preg_match("/\]\s\[.+\]$/", $fileline, $matches)) - $alert_block_disc = "$matches[0]"; - - return $alert_block_disc; -} - -/* tell the user what settings they have */ -$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; -if ($blockedtab_msg_chk == "1h_b") { - $blocked_msg = "hour"; -} -if ($blockedtab_msg_chk == "3h_b") { - $blocked_msg = "3 hours"; -} -if ($blockedtab_msg_chk == "6h_b") { - $blocked_msg = "6 hours"; -} -if ($blockedtab_msg_chk == "12h_b") { - $blocked_msg = "12 hours"; -} -if ($blockedtab_msg_chk == "1d_b") { - $blocked_msg = "day"; -} -if ($blockedtab_msg_chk == "4d_b") { - $blocked_msg = "4 days"; -} -if ($blockedtab_msg_chk == "7d_b") { - $blocked_msg = "7 days"; -} -if ($blockedtab_msg_chk == "28d_b") { - $blocked_msg = "28 days"; -} - -if ($blockedtab_msg_chk != "never_b") -{ - $blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>."; -}else{ - $blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts."; -} - -$pgtitle = "Services: Snort Blocked Hosts"; -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php - -include_once("fbegin.inc"); -echo $snort_general_css; - -/* refresh every 60 secs */ -if ($pconfig['brefresh'] == 'on') - echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n"; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php if ($savemsg) print_info_box($savemsg); ?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td> - <div id="mainarea2"> - - <table id="maintable" class="tabcont" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr> - <td width="22%" colspan="0" class="listtopic">Last <?=$bnentries;?> - Blocked.</td> - <td width="78%" class="listtopic">This page lists hosts that have - been blocked by Snort. <?=$blocked_msg_txt;?></td> - </tr> - <tr> - <td width="22%" class="vncell">Save or Remove Hosts</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_blocked.php" method="post"><input - name="download" type="submit" class="formbtn" value="Download"> All - blocked hosts will be saved. <input name="remove" type="submit" - class="formbtn" value="Clear"> <span class="red"><strong>Warning:</strong></span> - all hosts will be removed.</form> - </td> - </tr> - <tr> - <td width="22%" class="vncell">Auto Refresh and Log View</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_blocked.php" method="post"><input - name="save" type="submit" class="formbtn" value="Save"> Refresh <input - name="brefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>> - <strong>Default</strong> is <strong>ON</strong>. <input - name="blertnumber" type="text" class="formfld" id="blertnumber" - size="5" value="<?=htmlspecialchars($bnentries);?>"> Enter the - number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>. - </form> - </td> - </tr> - </table> - </div> - <br> - </td> - </tr> - - <table class="tabcont" width="100%" border="0" cellspacing="0" - cellpadding="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Remove</td> - <td class="listhdrr">#</td> - <td class="listhdrr">IP</td> - <td class="listhdrr">Alert Description</td> - </tr> - <?php - - /* set the arrays */ - exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); - $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); - foreach (glob("/var/log/snort/alert_*") as $alert) { - $alerts_array = array_reverse(explode("\n\n", file_get_contents("{$alert}"))); - - $logent = $bnentries; - - if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') - { - - /* build the list and compare blocks to alerts */ - $counter = 0; - foreach($alerts_array as $fileline) - { - - $counter++; - - $alert_ip_src = get_snort_alert_ip_src($fileline); - $alert_ip_disc = get_snort_alert_disc($fileline); - $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); - - if (in_array("$alert_ip_src", $blocked_ips_array)) - $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; - } - - foreach($blocked_ips_array as $alert_block_ip) - { - - if (!in_array($alert_block_ip, $alert_ip_src_array)) - { - $input[] = "[$alert_block_ip] " . "[N\A]\n"; - } - } - - /* reduce double occurrences */ - $result = array_unique($input); - - /* buil final list, preg_match, buld html */ - $counter2 = 0; - - foreach($result as $fileline2) - { - if($logent <= $counter2) - continue; - - $counter2++; - - $alert_block_ip_str = get_snort_block_ip($fileline2); - - if($alert_block_ip_str != '') - { - $alert_block_ip_match = array('[',']'); - $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str"); - }else{ - $alert_block_ip = 'empty'; - } - - $alert_block_disc_str = get_snort_block_disc($fileline2); - - if($alert_block_disc_str != '') - { - $alert_block_disc_match = array('] [',']'); - $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str"); - }else{ - $alert_block_disc = 'empty'; - } - - /* use one echo to do the magic*/ - echo "<tr> - <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> - <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> - <td> {$counter2}</td> - <td> {$alert_block_ip}</td> - <td> {$alert_block_disc}</td> - </tr>\n"; - - } - - }else{ - - /* if alerts file is empty and blocked table is not empty */ - $counter2 = 0; - - foreach($blocked_ips_array as $alert_block_ip) - { - if($logent <= $counter2) - continue; - - $counter2++; - - $alert_block_disc = 'N/A'; - - /* use one echo to do the magic*/ - echo "<tr> - <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> - <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> - <td> {$counter2}</td> - <td> {$alert_block_ip}</td> - <td> {$alert_block_disc}</td> - </tr>\n"; - } - } - } - - echo '</table>' . "\n"; - - if (empty($blocked_ips_array[0])) - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>"; - else - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>"; - - ?> - </td> - </tr> - </table> - </td> - </tr> - </table> - </div> - - <?php - - include("fend.inc"); - -echo $snort_custom_rnd_box; - -?> - -</body> -</html> diff --git a/config/snort-dev/snort_check_cron_misc.inc b/config/snort-dev/snort_check_cron_misc.inc deleted file mode 100644 index 28d454b0..00000000 --- a/config/snort-dev/snort_check_cron_misc.inc +++ /dev/null @@ -1,76 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_chk_log_dir_size.php - part of pfSense - - Modified for the Pfsense snort package v. 1.8+ - Copyright (C) 2009-2010 Robert Zelaya Developer - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("/usr/local/pkg/snort/snort.inc"); - -// 'B' => 1, -// 'KB' => 1024, -// 'MB' => 1024 * 1024, -// 'GB' => 1024 * 1024 * 1024, -// 'TB' => 1024 * 1024 * 1024 * 1024, -// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024, - - -/* chk if snort log dir is full if so clear it */ -$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit']; -$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize']; - -if ($g['booting']==true) - return; - -if ($snortloglimit == 'off') - return; - -$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\''); - -$snortlogAlertsizeKB = snort_Getdirsize('/var/log/snort/alert'); -$snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70); -$snortloglimitsizeKB = round($snortloglimitsize * 1024); - -/* do I need HUP kill ? */ -if (snort_Getdirsize('/var/log/snort/') >= $snortloglimitsizeKB ) { - - conf_mount_rw(); - if(file_exists('/var/log/snort/alert')) { - if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) { - exec('/bin/echo "" > /var/log/snort/alert'); - } - post_delete_logs(); - /* XXX: This is needed if snort is run as snort user */ - //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true); - mwexec('/bin/chmod 660 /var/log/snort/*', true); - } - conf_mount_ro(); - -} - -?> diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php deleted file mode 100644 index 41995e9d..00000000 --- a/config/snort-dev/snort_check_for_rule_updates.php +++ /dev/null @@ -1,690 +0,0 @@ -<?php -/* - snort_check_for_rule_updates.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* Setup enviroment */ - -/* TODO: review if include files are needed */ -require_once("functions.inc"); -require_once("service-utils.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -$pkg_interface = "console"; - -$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; -$snortdir = "/usr/local/etc/snort"; -$snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "{$snort_rules_file}.md5"; -$snort_filename = "{$snort_rules_file}"; -$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5"; -$emergingthreats_filename = "emerging.rules.tar.gz"; -$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; -$pfsense_rules_filename = "pfsense_rules.tar.gz"; - -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; - -$up_date_time = date('l jS \of F Y h:i:s A'); -echo "\n"; -echo "#########################\n"; -echo "$up_date_time\n"; -echo "#########################\n"; -echo "\n\n"; - -/* define checks */ -$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - -if ($snortdownload == 'off' && $emergingthreats != 'on') - $snort_emrging_info = 'stop'; - -if ($oinkid == "" && $snortdownload != 'off') - $snort_oinkid_info = 'stop'; - -/* check if main rule directory is empty */ -$if_mrule_dir = "/usr/local/etc/snort/rules"; -$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - -if (file_exists('/var/run/snort.conf.dirty')) - $snort_dirty_d = 'stop'; - -/* Start of code */ -conf_mount_rw(); - -if (!is_dir('/usr/local/etc/snort/tmp')) - exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); - -$snort_md5_check_ok = 'off'; -$emerg_md5_check_ok = 'off'; -$pfsense_md5_check_ok = 'off'; - -/* Set user agent to Mozilla */ -ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","150M"); - -/* mark the time update started */ -$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); - -/* send current buffer */ -ob_flush(); - -/* send current buffer */ -ob_flush(); - -/* remove old $tmpfname files */ -if (is_dir("{$tmpfname}")) { - update_status(gettext("Removing old tmp files...")); - exec("/bin/rm -r {$tmpfname}"); - apc_clear_cache(); -} - -/* Make shure snortdir exits */ -exec("/bin/mkdir -p {$snortdir}"); -exec("/bin/mkdir -p {$snortdir}/rules"); -exec("/bin/mkdir -p {$snortdir}/signatures"); -exec("/bin/mkdir -p {$tmpfname}"); -exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/"); - -/* send current buffer */ -ob_flush(); - -$pfsensedownload = 'on'; - -/* download md5 sig from snort.org */ -if ($snortdownload == 'on') -{ - if (file_exists("{$tmpfname}/{$snort_filename_md5}") && - filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { - update_status(gettext("snort.org md5 temp file exists...")); - } else { - update_status(gettext("Downloading snort.org md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - - //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); - $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); - @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image); - update_status(gettext("Done downloading snort.org md5")); - } -} - -/* download md5 sig from emergingthreats.net */ -if ($emergingthreats == 'on') -{ - update_status(gettext("Downloading emergingthreats md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5'); - @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); - update_status(gettext("Done downloading emergingthreats md5")); -} - -/* download md5 sig from pfsense.org */ -if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - update_status(gettext("pfsense md5 temp file exists...")); -} else { - update_status(gettext("Downloading pfsense md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); - @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image); - update_status(gettext("Done downloading pfsense md5.")); -} - -/* If md5 file is empty wait 15min exit */ -if ($snortdownload == 'on') -{ - if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) - { - update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); - update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); - $snortdownload = 'off'; - } -} - -/* If pfsense md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); - update_output_window(gettext("Rules are released to support Pfsense packages.")); - $pfsensedownload = 'off'; -} - -/* Check if were up to date snort.org */ -if ($snortdownload == 'on') -{ - if (file_exists("{$snortdir}/{$snort_filename_md5}")) - { - $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); - $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($md5_check_new == $md5_check_old) - { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now, check update.")); - $snort_md5_check_ok = 'on'; - } else { - update_status(gettext("Your rules are not up to date...")); - $snort_md5_check_ok = 'off'; - } - } -} - -/* Check if were up to date emergingthreats.net */ -if ($emergingthreats == 'on') -{ - if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}")) - { - $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($emerg_md5_check_new == $emerg_md5_check_old) - { - $emerg_md5_check_ok = 'on'; - } else - $emerg_md5_check_ok = 'off'; - } -} - -/* Check if were up to date pfsense.org */ -if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) -{ - $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($pfsense_md5_check_new == $pfsense_md5_check_old) - { - $pfsense_md5_check_ok = 'on'; - } else - $pfsense_md5_check_ok = 'off'; -} - -if ($snortdownload == 'on') { - if ($snort_md5_check_ok == 'on') - { - update_status(gettext("Your snort.org rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - $snortdownload = 'off'; - } -} -if ($emergingthreats == 'on') { - if ($emerg_md5_check_ok == 'on') - { - update_status(gettext("Your Emergingthreats rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - $emergingthreats = 'off'; - } -} - -/* download snortrules file */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - if (300000 > filesize("{$tmpfname}/$snort_filename")){ - update_status(gettext("Error with the snort rules download...")); - update_output_window(gettext("Snort rules file downloaded failed...")); - $snortdownload = 'off'; - } - } - } -} - -/* download emergingthreats rules file */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext('Emergingthreats tar file exists...')); - }else{ - update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}"); - update_status(gettext('Done downloading Emergingthreats rules file.')); - } - } -} - -/* download pfsense rules file */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - } -} - -/* Compair md5 sig to file sig */ - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk == on) { -//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md5 == $file_md5_ondisk) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); -// update_output_window(gettext("Error md5 Mismatch...")); -// return; -// } -//} - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk != on) { -//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; -//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md55 == $file_md5_ondisk2) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...Not P")); -// update_output_window(gettext("Error md5 Mismatch...")); -// return; -// } -//} - -/* Untar snort rules file individually to help people with low system specs */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - - if ($pfsense_stable == 'yes') - $freebsd_version_so = 'FreeBSD-7-2'; - else - $freebsd_version_so = 'FreeBSD-8-1'; - - update_status(gettext("Extracting Snort.org rules...")); - update_output_window(gettext("May take a while...")); - /* extract snort.org rules and add prefix to all snort.org files*/ - exec("/bin/rm -r {$snortdir}/rules"); - sleep(2); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - chdir ("/usr/local/etc/snort/rules"); - sleep(2); - exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); - - /* extract so rules */ - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - if($snort_arch == 'x86'){ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/"); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); - } else if ($snort_arch == 'x64') { - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/"); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); - } - /* extract so rules none bin and rename */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . - " so_rules/chat.rules/" . - " so_rules/dos.rules/" . - " so_rules/exploit.rules/" . - " so_rules/icmp.rules/" . - " so_rules/imap.rules/" . - " so_rules/misc.rules/" . - " so_rules/multimedia.rules/" . - " so_rules/netbios.rules/" . - " so_rules/nntp.rules/" . - " so_rules/p2p.rules/" . - " so_rules/smtp.rules/" . - " so_rules/sql.rules/" . - " so_rules/web-activex.rules/" . - " so_rules/web-client.rules/" . - " so_rules/web-iis.rules/" . - " so_rules/web-misc.rules/"); - - exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - } - - /* extract base etc files */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - - update_status(gettext("Done extracting Snort.org Rules.")); - }else{ - update_status(gettext("Error extracting Snort.org Rules...")); - update_output_window(gettext("Error Line 755")); - $snortdownload = 'off'; - } -} - -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats == 'on') -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } -} - -/* Untar Pfsense rules to tmp */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Extracting Pfsense rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } -} - -/* Untar snort signatures */ -if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') { - update_status(gettext("Extracting Signatures...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - update_status(gettext("Done extracting Signatures.")); - } - } -} - -/* Copy md5 sig to snort dir */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/$snort_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); - }else{ - update_status(gettext("The md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $snortdownload = 'off'; - } - } -} - -/* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) - { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); - }else{ - update_status(gettext("The emergingthreats md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $emergingthreats = 'off'; - } - } -} - -/* Copy Pfsense md5 sig to snort dir */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - update_status(gettext("Copying Pfsense md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); - } else { - update_status(gettext("The Pfsense md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $pfsensedownload = 'off'; - } -} - -/* Copy signatures dir to snort dir */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') - { - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') - { - if (file_exists("{$snortdir}/doc/signatures")) { - update_status(gettext("Copying signatures...")); - update_output_window(gettext("May take a while...")); - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - update_status(gettext("Done copying signatures.")); - }else{ - update_status(gettext("Directory signatures exist...")); - update_output_window(gettext("Error copying signature...")); - $snortdownload = 'off'; - } - } - } -} - -/* double make shure cleanup emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { - apc_clear_cache(); - @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); -} - -if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); -} - -/* make shure default rules are in the right format */ -exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - -/* create a msg-map for snort */ -update_status(gettext("Updating Alert Messages...")); -update_output_window(gettext("Please Wait...")); -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); - - -////////////////// -/* open oinkmaster_conf for writing" function */ -function oinkmaster_conf($id, $if_real, $iface_uuid) -{ - global $config, $g, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - - @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf"); - - /* enable disable setting will carry over with updates */ - /* TODO carry signature changes with the updates */ - if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { - - $selected_sid_on_section = ""; - $selected_sid_off_sections = ""; - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { - $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']); - $enabled_sid_on_array = split('\|\|', $enabled_sid_on); - foreach($enabled_sid_on_array as $enabled_item_on) - $selected_sid_on_sections .= "$enabled_item_on\n"; - } - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']); - $enabled_sid_off_array = split('\|\|', $enabled_sid_off); - foreach($enabled_sid_off_array as $enabled_item_off) - $selected_sid_off_sections .= "$enabled_item_off\n"; - } - - if (!empty($selected_sid_off_sections) || !empty($selected_sid_on_section)) { - $snort_sid_text = <<<EOD - -########################################### -# # -# this is auto generated on snort updates # -# # -########################################### - -path = /bin:/usr/bin:/usr/local/bin - -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - -url = dir:///usr/local/etc/snort/rules - -$selected_sid_on_sections - -$selected_sid_off_sections - -EOD; - - /* open snort's oinkmaster.conf for writing */ - @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text); - } - } -} - -/* Run oinkmaster to snort_wan and cp configs */ -/* If oinkmaster is not needed cp rules normally */ -/* TODO add per interface settings here */ -function oinkmaster_run($id, $if_real, $iface_uuid) -{ - global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - - if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { - if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - update_status(gettext("Your first set of rules are being copied...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - } else { - update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); - - } - } -} - -/* Start the proccess for every interface rule */ -/* TODO: try to make the code smother */ -if (is_array($config['installedpackages']['snortglobal']['rule'])) -{ - foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - $iface_uuid = $value['uuid']; - - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf($id, $if_real, $iface_uuid); - - /* run oinkmaster for each interface rule */ - oinkmaster_run($id, $if_real, $iface_uuid); - } -} - -////////////// - -/* mark the time update finnished */ -$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); - -/* remove old $tmpfname files */ -if (is_dir('/usr/local/etc/snort/tmp')) { - update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); - sleep(2); - exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); -} - -/* XXX: These are needed if snort is run as snort user -mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); -mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); -mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); -*/ -/* make all dirs snorts */ -mwexec("/bin/chmod -R 755 /var/log/snort", true); -mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); -mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); - -if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off') - update_output_window(gettext("Finished...")); -else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on') - update_output_window(gettext("Finished...")); -else { - /* You are Not Up to date, always stop snort when updating rules for low end machines */; - update_status(gettext("You are NOT up to date...")); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); - update_status(gettext("The Rules update finished...")); - update_output_window(gettext("Snort has restarted with your new set of rules...")); - exec("/bin/rm /tmp/snort_download_halt.pid"); -} - -update_status(gettext("The Rules update finished...")); -conf_mount_ro(); - -?> diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php deleted file mode 100644 index 497f0a79..00000000 --- a/config/snort-dev/snort_define_servers.php +++ /dev/null @@ -1,541 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_define_servers.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* - -TODO: Nov 12 09 -Clean this code up its ugly -Important add error checking - -*/ - -//require_once("globals.inc"); -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$pconfig = array(); -if (isset($id) && $a_nat[$id]) { - $pconfig = $a_nat[$id]; - - /* old options */ - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers']; - $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; -} - -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); -$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - -if ($_POST) { - - $natent = array(); - $natent = $pconfig; - - /* if no errors write to conf */ - if (!$input_errors) { - /* post new options */ - if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } - if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } - if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; } - if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; } - if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; } - if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } - if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; } - if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; } - if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; } - if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } - if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; } - if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; } - if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; } - if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } - if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; } - if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; } - if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; } - if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } - if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; } - if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; } - if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; } - if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } - if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; } - if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } - if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } - if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } - if ($_POST['def_sip_servers'] != "") { $natent['def_sip_servers'] = $_POST['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; } - if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } - if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } - if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } - if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } - if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } - if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; } - if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; } - if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; } - - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - sync_snort_package_config(); - - /* after click go to this page */ - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: snort_define_servers.php?id=$id"); - exit; - } -} - -$pgtitle = "Snort: Interface $id$if_real Define Servers"; -include_once("head.inc"); - -?> -<body - link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - -echo "{$snort_general_css}\n"; -?> - -<form action="snort_define_servers.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"><?php - - /* Display Alert message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), true, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> - Please save your settings before you click start.<br> - Please make sure there are <strong>no spaces</strong> in your - definitions. </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Define Servers</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td> - <td width="78%" class="vtable"><input name="def_dns_servers" - type="text" class="formfld" id="def_dns_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td> - <td width="78%" class="vtable"><input name="def_dns_ports" - type="text" class="formfld" id="def_dns_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 53.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_smtp_servers" - type="text" class="formfld" id="def_smtp_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td> - <td width="78%" class="vtable"><input name="def_smtp_ports" - type="text" class="formfld" id="def_smtp_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 25.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td> - <td width="78%" class="vtable"><input name="def_mail_ports" - type="text" class="formfld" id="def_mail_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 25,143,465,691.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_http_servers" - type="text" class="formfld" id="def_http_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td> - <td width="78%" class="vtable"><input name="def_www_servers" - type="text" class="formfld" id="def_www_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td> - <td width="78%" class="vtable"><input name="def_http_ports" - type="text" class="formfld" id="def_http_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 80.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td> - <td width="78%" class="vtable"><input name="def_sql_servers" - type="text" class="formfld" id="def_sql_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td> - <td width="78%" class="vtable"><input name="def_oracle_ports" - type="text" class="formfld" id="def_oracle_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 1521.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td> - <td width="78%" class="vtable"><input name="def_mssql_ports" - type="text" class="formfld" id="def_mssql_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 1433.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td> - <td width="78%" class="vtable"><input name="def_telnet_servers" - type="text" class="formfld" id="def_telnet_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td> - <td width="78%" class="vtable"><input name="def_telnet_ports" - type="text" class="formfld" id="def_telnet_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 23.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_snmp_servers" - type="text" class="formfld" id="def_snmp_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td> - <td width="78%" class="vtable"><input name="def_snmp_ports" - type="text" class="formfld" id="def_snmp_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 161.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_ftp_servers" - type="text" class="formfld" id="def_ftp_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td> - <td width="78%" class="vtable"><input name="def_ftp_ports" - type="text" class="formfld" id="def_ftp_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 21.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td> - <td width="78%" class="vtable"><input name="def_ssh_servers" - type="text" class="formfld" id="def_ssh_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td> - <td width="78%" class="vtable"><input name="def_ssh_ports" - type="text" class="formfld" id="def_ssh_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is the firewall's SSH port.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_pop_servers" - type="text" class="formfld" id="def_pop_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td> - <td width="78%" class="vtable"><input name="def_pop2_ports" - type="text" class="formfld" id="def_pop2_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 109.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td> - <td width="78%" class="vtable"><input name="def_pop3_ports" - type="text" class="formfld" id="def_pop3_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 110.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_imap_servers" - type="text" class="formfld" id="def_imap_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td> - <td width="78%" class="vtable"><input name="def_imap_ports" - type="text" class="formfld" id="def_imap_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 143.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td> - <td width="78%" class="vtable"><input name="def_sip_proxy_ip" - type="text" class="formfld" id="def_sip_proxy_ip" size="40" - value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td> - <td width="78%" class="vtable"><input name="def_sip_proxy_ports" - type="text" class="formfld" id="def_sip_proxy_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td> - <td width="78%" class="vtable"><input name="def_sip_servers" - type="text" class="formfld" id="def_sip_servers" size="40" - value="<?=htmlspecialchars($pconfig['def_sip_servers']);?>"> <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td> - <td width="78%" class="vtable"><input name="def_sip_ports" - type="text" class="formfld" id="def_sip_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td> - <td width="78%" class="vtable"><input name="def_auth_ports" - type="text" class="formfld" id="def_auth_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 113.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td> - <td width="78%" class="vtable"><input name="def_finger_ports" - type="text" class="formfld" id="def_finger_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 79.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td> - <td width="78%" class="vtable"><input name="def_irc_ports" - type="text" class="formfld" id="def_irc_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td> - <td width="78%" class="vtable"><input name="def_nntp_ports" - type="text" class="formfld" id="def_nntp_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 119.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td> - <td width="78%" class="vtable"><input name="def_rlogin_ports" - type="text" class="formfld" id="def_rlogin_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 513.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td> - <td width="78%" class="vtable"><input name="def_rsh_ports" - type="text" class="formfld" id="def_rsh_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 514.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td> - <td width="78%" class="vtable"><input name="def_ssl_ports" - type="text" class="formfld" id="def_ssl_ports" size="40" - value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input name="id" type="hidden" value="<?=$id;?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - -</table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php deleted file mode 100644 index 521a7b0f..00000000 --- a/config/snort-dev/snort_download_rules.php +++ /dev/null @@ -1,776 +0,0 @@ -<?php -/* - snort_download_rules.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -/* Setup enviroment */ -require_once("guiconfig.inc"); -require_once("functions.inc"); -require_once("service-utils.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if ($_GET['return']) { - header("Location: /snort/snort_download_updates.php"); - exit; -} - -$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up"; -$snortdir = "/usr/local/etc/snort"; -$snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "{$snort_rules_file}.md5"; -$snort_filename = "{$snort_rules_file}"; -$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5"; -$emergingthreats_filename = "emerging.rules.tar.gz"; -$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; -$pfsense_rules_filename = "pfsense_rules.tar.gz"; - -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; - -/* define checks */ -$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - -if ($snortdownload == 'off' && $emergingthreats != 'on') - $snort_emrging_info = 'stop'; - -if ($oinkid == "" && $snortdownload != 'off') - $snort_oinkid_info = 'stop'; - -/* check if main rule directory is empty */ -$if_mrule_dir = "/usr/local/etc/snort/rules"; -$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - -if (file_exists('/var/run/snort.conf.dirty')) - $snort_dirty_d = 'stop'; - -$pgtitle = "Services: Snort: Update Rules"; - -include("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<form action="/snort/snort_download_updates.php" method="GET"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td ><!-- progress bar --> - <table id="progholder" width='320' - style='border-collapse: collapse; border: 1px solid #000000;' - cellpadding='2' cellspacing='2'> - <tr> - <td><img border='0' - src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' - width='280' height='23' name='progressbar' id='progressbar' - alt='' /> - </td> - </tr> - </table> - <br /> - <!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard"> - <?=gettext("Initializing...");?> - </textarea> - <!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard"> - </textarea> - </td> - </tr> - </table> - </div> - </td> -</tr> -<tr><td><input type="submit" Value="Return"></td></tr> -</table> -</form> -<?php include("fend.inc");?> -</body> -</html> - -<?php -/* Start of code */ -conf_mount_rw(); - -if (!is_dir('/usr/local/etc/snort/tmp')) - exec('/bin/mkdir -p /usr/local/etc/snort/tmp'); - -$snort_md5_check_ok = 'off'; -$emerg_md5_check_ok = 'off'; -$pfsense_md5_check_ok = 'off'; - -/* Set user agent to Mozilla */ -ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","150M"); - -/* mark the time update started */ -$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); - -/* send current buffer */ -ob_flush(); - -/* hide progress bar */ -hide_progress_bar_status(); - -/* send current buffer */ -ob_flush(); - -/* remove old $tmpfname files */ -if (is_dir("{$tmpfname}")) { - update_status(gettext("Removing old tmp files...")); - exec("/bin/rm -r {$tmpfname}"); - apc_clear_cache(); -} - -/* Make shure snortdir exits */ -exec("/bin/mkdir -p {$snortdir}"); -exec("/bin/mkdir -p {$snortdir}/rules"); -exec("/bin/mkdir -p {$snortdir}/signatures"); -exec("/bin/mkdir -p {$tmpfname}"); -exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/"); - -/* send current buffer */ -ob_flush(); - -/* unhide progress bar and lets end this party */ -unhide_progress_bar_status(); - -$pfsensedownload = 'on'; - -/* download md5 sig from snort.org */ -if ($snortdownload == 'on') -{ - if (file_exists("{$tmpfname}/{$snort_filename_md5}") && - filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { - update_status(gettext("snort.org md5 temp file exists...")); - } else { - update_status(gettext("Downloading snort.org md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - - //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); - $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); - @file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image); - update_status(gettext("Done downloading snort.org md5")); - } -} - -/* download md5 sig from emergingthreats.net */ -if ($emergingthreats == 'on') -{ - update_status(gettext("Downloading emergingthreats md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5'); - @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); - update_status(gettext("Done downloading emergingthreats md5")); -} - -/* download md5 sig from pfsense.org */ -if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - update_status(gettext("pfsense md5 temp file exists...")); -} else { - update_status(gettext("Downloading pfsense md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); - @file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image); - update_status(gettext("Done downloading pfsense md5.")); -} - -/* If md5 file is empty wait 15min exit */ -if ($snortdownload == 'on') -{ - if (0 == filesize("{$tmpfname}/{$snort_filename_md5}")) - { - update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); - update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); - hide_progress_bar_status(); - $snortdownload = 'off'; - } -} - -/* If pfsense md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); - update_output_window(gettext("Rules are released to support Pfsense packages.")); - hide_progress_bar_status(); - $pfsensedownload = 'off'; -} - -/* Check if were up to date snort.org */ -if ($snortdownload == 'on') -{ - if (file_exists("{$snortdir}/{$snort_filename_md5}")) - { - $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); - $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($md5_check_new == $md5_check_old) - { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now, check update.")); - hide_progress_bar_status(); - $snort_md5_check_ok = 'on'; - } else { - update_status(gettext("Your rules are not up to date...")); - $snort_md5_check_ok = 'off'; - } - } -} - -/* Check if were up to date emergingthreats.net */ -if ($emergingthreats == 'on') -{ - if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}")) - { - $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); - $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($emerg_md5_check_new == $emerg_md5_check_old) - { - hide_progress_bar_status(); - $emerg_md5_check_ok = 'on'; - } else - $emerg_md5_check_ok = 'off'; - } -} - -/* Check if were up to date pfsense.org */ -if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) -{ - $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - if ($pfsense_md5_check_new == $pfsense_md5_check_old) - { - hide_progress_bar_status(); - $pfsense_md5_check_ok = 'on'; - } else - $pfsense_md5_check_ok = 'off'; -} - -if ($snortdownload == 'on') { - if ($snort_md5_check_ok == 'on') - { - update_status(gettext("Your snort.org rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - $snortdownload = 'off'; - } -} -if ($emergingthreats == 'on') { - if ($emerg_md5_check_ok == 'on') - { - update_status(gettext("Your Emergingthreats rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - $emergingthreats = 'off'; - } -} - -/* download snortrules file */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - update_status(gettext("Error with the snort rules download...")); - - update_output_window(gettext("Snort rules file downloaded failed...")); - $snortdownload = 'off'; - } - } - } -} - -/* download emergingthreats rules file */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext('Emergingthreats tar file exists...')); - }else{ - update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}"); - update_status(gettext('Done downloading Emergingthreats rules file.')); - } - } -} - -/* download pfsense rules file */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - } -} - -/* Compair md5 sig to file sig */ - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk == on) { -//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md5 == $file_md5_ondisk) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); -// update_output_window(gettext("Error md5 Mismatch...")); -// return; -// } -//} - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk != on) { -//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; -//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md55 == $file_md5_ondisk2) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...Not P")); -// update_output_window(gettext("Error md5 Mismatch...")); -// return; -// } -//} - -/* Untar snort rules file individually to help people with low system specs */ -if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - - // find out if were in 1.2.3-RELEASE - $pfsense_ver_chk = exec('/bin/cat /etc/version'); - if ($pfsense_ver_chk === '1.2.3-RELEASE') { - $pfsense_stable = 'yes'; - }else{ - $pfsense_stable = 'no'; - } - - // get the system arch - $snort_arch_ck = exec('/usr/bin/uname -m'); - if ($snort_arch_ck === 'i386') { - $snort_arch = 'i386'; - }else{ - $snort_arch = 'x86-64'; // amd64 - } - - if ($pfsense_stable === 'yes') { - $freebsd_version_so = 'FreeBSD-7-3'; - }else{ - $freebsd_version_so = 'FreeBSD-8-1'; - } - - update_status(gettext("Extracting Snort.org rules...")); - update_output_window(gettext("May take a while...")); - /* extract snort.org rules and add prefix to all snort.org files*/ - exec("/bin/rm -r {$snortdir}/rules"); - sleep(2); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - chdir ("/usr/local/etc/snort/rules"); - sleep(2); - - $snort_dirList = scandir("{$snortdir}/rules"); // Waning: only in php 5 - $snortrules_filterList = snortscandirfilter($snort_dirList, '/.*\.rules/', '/\.rules/', ''); - - if (!empty($snortrules_filterList)) { - foreach ($snortrules_filterList as $snort_rule_move) - { - exec("/bin/mv -f {$snortdir}/rules/{$snort_rule_move}.rules {$snortdir}/rules/snort_{$snort_rule_move}.rules"); - } - } - - /* extract so_rules */ - - // list so_rules and exclude dir - exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list); - - $so_rulesPattr = array('/\//', '/\.rules/'); - $so_rulesPattw = array('', ''); - - // build list of so_rules - $so_rules_filterList = snortscandirfilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw); - - if (!empty($so_rules_filterList)) { - // cp rule to so tmp dir - foreach ($so_rules_filterList as $so_rule) - { - - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/{$so_rule}.rules"); - - } - // mv and rename so rules - foreach ($so_rules_filterList as $so_rule_move) - { - exec("/bin/mv -f {$snortdir}/so_rules/{$so_rule_move}.rules {$snortdir}/rules/snort_{$so_rule_move}.so.rules"); - } - } - - /* extract preproc_rules */ - - // list so_rules and exclude dir - exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} preproc_rules", $preproc_rules_list); - - $preproc_rules_filterList = snortscandirfilter($preproc_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw); - - if (!empty($preproc_rules_filterList)) { - // cp rule to so tmp dir - foreach ($preproc_rules_filterList as $preproc_rule) - { - - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} preproc_rules/{$preproc_rule}.rules"); - - } - // mv and rename preproc_rules - foreach ($preproc_rules_filterList as $preproc_rule_move) - { - exec("/bin/mv -f {$snortdir}/preproc_rules/{$preproc_rule_move}.rules {$snortdir}/rules/snort_{$preproc_rule_move}.preproc.rules"); - } - } - - /* extract base etc files */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - - update_status(gettext("Done extracting Snort.org Rules.")); - }else{ - update_status(gettext("Error extracting Snort.org Rules...")); - update_output_window(gettext("Error Line 755")); - $snortdownload = 'off'; - } -} - -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats == 'on') -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } -} - -/* Untar Pfsense rules to tmp */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Extracting Pfsense rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } -} - -/* Untar snort signatures */ -if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') { - update_status(gettext("Extracting Signatures...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - update_status(gettext("Done extracting Signatures.")); - } - } -} - -/* Copy md5 sig to snort dir */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/$snort_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); - }else{ - update_status(gettext("The md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $snortdownload = 'off'; - } - } -} - -/* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != 'on') - { - if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) - { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); - }else{ - update_status(gettext("The emergingthreats md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $emergingthreats = 'off'; - } - } -} - -/* Copy Pfsense md5 sig to snort dir */ -if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') { - if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - update_status(gettext("Copying Pfsense md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); - } else { - update_status(gettext("The Pfsense md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - $pfsensedownload = 'off'; - } -} - -/* Copy signatures dir to snort dir */ -if ($snortdownload == 'on') -{ - if ($snort_md5_check_ok != 'on') - { - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') - { - if (file_exists("{$snortdir}/doc/signatures")) { - update_status(gettext("Copying signatures...")); - update_output_window(gettext("May take a while...")); - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - update_status(gettext("Done copying signatures.")); - }else{ - update_status(gettext("Directory signatures exist...")); - update_output_window(gettext("Error copying signature...")); - $snortdownload = 'off'; - } - } - } -} - -/* double make shure cleanup emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { - apc_clear_cache(); - @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); - @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); -} - -if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); -} - -/* make shure default rules are in the right format */ -exec("/usr/bin/sed -i '' 's/^[ \t]*//' /usr/local/etc/snort/rules/*.rules"); // remove white spaces from begining of line -exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules"); - -/* create a msg-map for snort */ -update_status(gettext("Updating Alert Messages...")); -update_output_window(gettext("Please Wait...")); -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); - - -////////////////// - -/* open oinkmaster_conf for writing" function */ -function oinkmaster_conf($id, $if_real, $iface_uuid) -{ - global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - - @unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf"); - - /* enable disable setting will carry over with updates */ - /* TODO carry signature changes with the updates */ - if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { - - $selected_sid_on_sections = ""; - $selected_sid_off_sections = ""; - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { - $enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']); - $enabled_sid_on_array = split('\|\|', $enabled_sid_on); - foreach($enabled_sid_on_array as $enabled_item_on) - $selected_sid_on_sections .= "$enabled_item_on\n"; - } - - if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - $enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']); - $enabled_sid_off_array = split('\|\|', $enabled_sid_off); - foreach($enabled_sid_off_array as $enabled_item_off) - $selected_sid_off_sections .= "$enabled_item_off\n"; - } - - if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) { - $snort_sid_text = <<<EOD - -########################################### -# # -# this is auto generated on snort updates # -# # -########################################### - -path = /bin:/usr/bin:/usr/local/bin - -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - -url = dir:///usr/local/etc/snort/rules - -$selected_sid_on_sections - -$selected_sid_off_sections - -EOD; - - /* open snort's oinkmaster.conf for writing */ - @file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text); - } - } -} - -/* Run oinkmaster to snort_wan and cp configs */ -/* If oinkmaster is not needed cp rules normally */ -/* TODO add per interface settings here */ -function oinkmaster_run($id, $if_real, $iface_uuid) -{ - global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - - if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') { - if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - update_status(gettext("Your first set of rules are being copied...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - } else { - update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); - } - } -} - -/* Start the proccess for every interface rule */ -/* TODO: try to make the code smother */ -if (is_array($config['installedpackages']['snortglobal']['rule'])) -{ - foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - $iface_uuid = $value['uuid']; - - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf($id, $if_real, $iface_uuid); - - /* run oinkmaster for each interface rule */ - oinkmaster_run($id, $if_real, $iface_uuid); - } -} - -////////////// - -/* mark the time update finnished */ -$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); - -/* remove old $tmpfname files */ -if (is_dir('/usr/local/etc/snort/tmp')) { - update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); - sleep(2); - exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); -} - -/* XXX: These are needed if snort is run as snort user -mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true); -mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true); -mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true); -*/ -/* make all dirs snorts */ -mwexec("/bin/chmod -R 755 /var/log/snort", true); -mwexec("/bin/chmod -R 755 /usr/local/etc/snort", true); -mwexec("/bin/chmod -R 755 /usr/local/lib/snort", true); - -/* hide progress bar and lets end this party */ -hide_progress_bar_status(); - -if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off') - update_output_window(gettext("Finished...")); -else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on') - update_output_window(gettext("Finished...")); -else { - /* You are Not Up to date, always stop snort when updating rules for low end machines */; - update_status(gettext("You are NOT up to date...")); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); - update_status(gettext("The Rules update finished...")); - update_output_window(gettext("Snort has restarted with your new set of rules...")); - exec("/bin/rm /tmp/snort_download_halt.pid"); -} - -update_status(gettext("The Rules update finished...")); -conf_mount_ro(); - -?> diff --git a/config/snort-dev/snort_download_updates.php b/config/snort-dev/snort_download_updates.php deleted file mode 100644 index e902cd64..00000000 --- a/config/snort-dev/snort_download_updates.php +++ /dev/null @@ -1,322 +0,0 @@ -<?php -/* - snort_download_updates.php - part of pfSense - Copyright (C) 2004 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - part of m0n0wall as reboot.php (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -/* load only javascript that is needed */ -$snort_load_jquery = 'yes'; -$snort_load_jquery_colorbox = 'yes'; - - -/* quick md5s chk */ -$snort_org_sig_chk_local = 'N/A'; -if (file_exists("/usr/local/etc/snort/{$snort_rules_file}.md5")) - $snort_org_sig_chk_local = exec("/bin/cat /usr/local/etc/snort/{$snort_rules_file}.md5"); - -$emergingt_net_sig_chk_local = 'N/A'; -if(file_exists('/usr/local/etc/snort/emerging.rules.tar.gz.md5')) - $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/emerging.rules.tar.gz.md5'); - -$pfsense_org_sig_chk_local = 'N/A'; -if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5')) - $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5'); - -/* define checks */ -$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - -if ($snortdownload != 'on' && $emergingthreats != 'on') - $snort_emrging_info = 'stop'; - -if ($oinkid == '' && $snortdownload != 'off') - $snort_oinkid_info = 'stop'; - -if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop') - $error_stop = 'true'; - -/* check if main rule directory is empty */ -$if_mrule_dir = "/usr/local/etc/snort/rules"; -$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - -/* check for logfile */ -$update_logfile_chk = 'no'; -if (file_exists('/usr/local/etc/snort/snort_update.log')) - $update_logfile_chk = 'yes'; - -header("snort_help_info.php"); -header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); -header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); -header( "Cache-Control: no-cache, must-revalidate" ); -header( "Pragma: no-cache" ); - - -$pgtitle = "Services: Snort: Updates"; -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php -echo "{$snort_general_css}\n"; -echo "$snort_interfaces_css\n"; -?> - -<?php include("fbegin.inc"); ?> - -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td> - <div id="mainarea3"> - <table id="maintable4" class="tabcont" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr> - <td><!-- grey line --> - <table height="12px" width="725px" border="0" cellpadding="5px" - cellspacing="0"> - <tr> - <td style='background-color: #eeeeee'> - <div height="12px" width="725px" style='background-color: #dddddd'> - </div> - </td> - </tr> - </table> - - <br> - - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style="background-color: #eeeeee"> - <div height="32" width="725px" style="background-color: #eeeeee"> - - <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br> - <br> - <p style="text-align: left; margin-left: 225px;"><font - color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font - size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br> - <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font - size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br> - <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font - size="1px" color="#000000"> <? echo $pfsense_org_sig_chk_local; ?></font><br> - </p> - - </div> - </td> - </tr> - </table> - - <br> - - <!-- grey line --> - <table height="12px" width="725px" border="0" cellpadding="5px" - cellspacing="0"> - <tr> - <td style='background-color: #eeeeee'> - <div height="12px" width="725px" style='background-color: #eeeeee'> - </div> - </td> - </tr> - </table> - - <br> - - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - - <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br> - <br> - - <?php - - if ($error_stop == 'true') { - echo ' - - <button class="sexybutton disabled" disabled="disabled"><span class="download">Update Rules </span></button><br/> - <p style="text-align:left; margin-left:150px;"> - <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> No rule types have been selected for download. "Global Settings Tab"</font><br>'; - - if ($mfolder_chk == 'empty') { - - echo ' - <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font>' ."\n"; - } - - echo '</p>' . "\n"; - - }else{ - - echo ' - - <a href="/snort/snort_download_rules.php"><button class="sexybutton disabled"><span class="download">Update Rules </span></button></a><br/>' . "\n"; - - if ($mfolder_chk == 'empty') { - - echo ' - <p style="text-align:left; margin-left:150px;"> - <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font> - </p>'; - } - - } - - ?> <br> - - </div> - </td> - </tr> - </table> - - <br> - - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - - <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br> - <br> - - <?php - - if ($update_logfile_chk == 'yes') { - echo ' - <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; - }else{ - echo ' - <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n"; - } - - ?> <br> - <br> - - </div> - </td> - </tr> - </table> - - <br> - - <table height="12px" width="725px" border="0" cellpadding="5px" - cellspacing="0"> - <tr> - <td style='background-color: #eeeeee'> - <div height="12px" width="725px" style='background-color: #eeeeee'> - </div> - </td> - </tr> - </table> - - <br> - - <table id="download_rules" height="32px" width="725px" border="0" - cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - - <img style='vertical-align: middle' - src="/snort/images/icon_excli.png" width="40" height="32"> <font - color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px' - color='#000000'> Snort.org and Emergingthreats.net - will go down from time to time. Please be patient.</font></div> - </td> - </tr> - </table> - - <br> - - <table height="12px" width="725px" border="0" cellpadding="5px" - cellspacing="0"> - <tr> - <td style='background-color: #eeeeee'> - <div height="12px" width="725px" style='background-color: #eeeeee'> - </div> - </td> - </tr> - </table> - - </td> - </tr> - </table> - </div> - - - - - - <br> - </td> - </tr> -</table> -<!-- end of final table --></div> - -<?php include("fend.inc"); ?> - -<?php echo "$snort_custom_rnd_box\n"; ?> - -</body> -</html> diff --git a/config/snort-dev/snort_gui.inc b/config/snort-dev/snort_gui.inc deleted file mode 100644 index d2fd4e30..00000000 --- a/config/snort-dev/snort_gui.inc +++ /dev/null @@ -1,203 +0,0 @@ -<?php -/* $Id$ */ -/* - snort.inc - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2006 Robert Zelaya - part of pfSense - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -include_once("/usr/local/pkg/snort/snort.inc"); - -function print_info_box_np2($msg) { - global $config, $g; - - echo "<table height=\"32\" width=\"100%\">\n"; - echo " <tr>\n"; - echo " <td>\n"; - echo " <div style='background-color:#990000' id='redbox'>\n"; - echo " <table width='100%'><tr><td width='8%'>\n"; - echo " <img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n"; - echo " </td>\n"; - echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n"; - echo " </td>"; - if(stristr($msg, "apply") == true) { - echo " <td>"; - echo " <input name=\"apply\" type=\"submit\" class=\"formbtn\" id=\"apply\" value=\"Apply changes\">\n"; - echo " </td>"; - } - echo " </tr></table>\n"; - echo " </div>\n"; - echo " </td>\n"; - echo "</table>\n"; - echo "<script type=\"text/javascript\">\n"; - echo "NiftyCheck();\n"; - echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\");\n"; - echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n"; - echo "</script>\n"; - echo "\n<br>\n"; - - -} - - -/* makes boxes round */ -/* load at bottom */ - -$snort_custom_rnd_box = ' -<script type="text/javascript"> -<!-- - - NiftyCheck(); - Rounded("div#mainarea2","bl br tr","#FFF","#dddddd","smooth"); - Rounded("div#mainarea3","bl br tr","#FFF","#dddddd","smooth"); - Rounded("div#mainarea4","all","#FFF","#dddddd","smooth"); - Rounded("div#mainarea5","all","#eeeeee","#dddddd","smooth"); - -//--> -</script>' . "\n"; - -/* general css code */ -$snort_general_css = ' - -<style type="text/css"> - -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; - height:90%; - -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} - -.formpre { -font-family:arial; -font-size: 1.1em; -} - -#download_rules { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -#download_rules_td { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center -} - -body2 { -font-family:arial; -font-size:12px; -} - -.tabcont { -background-color: #dddddd; -padding-right: 12px; -padding-left: 12px; -padding-top: 12px; -padding-bottom: 12px; -} - -.tabcont2 { -background-color: #eeeeee; -padding-right: 12px; -padding-left: 12px; -padding-top: 12px; -padding-bottom: 12px; -} - -.vncell2 { - background-color: #eeeeee; - padding-right: 20px; - padding-left: 8px; - border-bottom: 1px solid #999999; -} - -/* global tab, white lil box */ -.vncell3 { - width: 50px; - background-color: #eeeeee; - padding-right: 2px; - padding-left: 2px; - border-bottom-width: 1px; - border-bottom-style: solid; - border-bottom-color: #999999; -} - -.vncellreq2 { -background-color: #eeeeee; -padding-right: 20px; -padding-left: 8px; -font-weight: bold; -border-bottom-width: 1px; -border-bottom-style: solid; -border-bottom-color: #999999; -} - -</style> ' . "\n"; - - -/* general css code for snort_interface.php */ -$snort_interfaces_css = ' - -<style type="text/css"> - -.listbg2 { - border-right: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #090; - color: #000; - padding-right: 16px; - padding-left: 6px; - padding-top: 4px; - padding-bottom: 4px; -} - -.listbg3 { - border-right: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #777777; - color: #000; - padding-right: 16px; - padding-left: 6px; - padding-top: 4px; - padding-bottom: 4px; -} - -</style>' . "\n"; - -?> diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php deleted file mode 100644 index 5ee7a176..00000000 --- a/config/snort-dev/snort_interfaces.php +++ /dev/null @@ -1,448 +0,0 @@ -<?php -/* $Id$ */ -/* - -originally part of m0n0wall (http://m0n0.ch/wall) -Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. -Copyright (C) 2008-2009 Robert Zelaya. -Copyright (C) 2011 Ermal Luci -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. -*/ - -//$nocsrf = true; -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; -$id_gen = count($config['installedpackages']['snortglobal']['rule']); - -if (isset($_POST['del_x'])) { - /* delete selected rules */ - if (is_array($_POST['rule'])) { - conf_mount_rw(); - foreach ($_POST['rule'] as $rulei) { - - /* convert fake interfaces to real */ - $if_real = snort_get_real_interface($a_nat[$rulei]['interface']); - $snort_uuid = $a_nat[$rulei]['uuid']; - - Running_Stop($snort_uuid,$if_real, $rulei); - - /* delete iface rule dirs */ - if (file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) { - exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - } - if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}")) { - exec("/bin/rm -r /var/log/snort/{$snort_uuid}_{$if_real}"); - } - if (file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}")) { - exec("/bin/rm -r /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}"); - } - - unset($a_nat[$rulei]); - } - conf_mount_ro(); - - write_config(); - sleep(2); - - /* if there are no ifaces do not create snort.sh */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - create_snort_sh(); - else { - conf_mount_rw(); - exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); - conf_mount_ro(); - } - - sync_snort_package_config(); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces.php"); - exit; - } - -} - - -/* start/stop snort */ -if ($_GET['act'] == 'toggle' && is_numeric($id)) { - - $if_real = snort_get_real_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); - - sync_snort_package_config(); - - $snort_pgrep_chk_toggle = snortRunningChk('snort', $snort_uuid, $if_real); - - if (!empty($snort_pgrep_chk_toggle)) { - Running_Stop($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - - } else { - Running_Start($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - } - sleep(4); // So the GUI reports correctly - header("Location: /snort/snort_interfaces.php"); - exit; -} - - -$pgtitle = "Services: $snort_package_version"; -include_once("head.inc"); - -?> -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php -echo "{$snort_general_css}\n"; -echo "$snort_interfaces_css\n"; - -include_once("fbegin.inc"); -if ($pfsense_stable == 'yes') - echo '<p class="pgtitle">' . $pgtitle . '</p>'; -?> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php - /* Display Alert message */ - if ($input_errors) - print_input_errors($input_errors); // TODO: add checks - - if ($savemsg) - print_info_box2($savemsg); - - //if (file_exists($d_snortconfdirty_path)) { - if ($d_snortconfdirty_path_ls != '') { - echo '<p>'; - - if($savemsg) - print_info_box_np2("{$savemsg}"); - else { - print_info_box_np2(' - The Snort configuration has changed for one or more interfaces.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td> - <div id="mainarea2"> - <table class="tabcont" width="100%" border="0" cellpadding="0" - cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="list"> </td> - <td width="1%" class="list"> </td> - <td width="10%" class="listhdrr">If</td> - <td width="10%" class="listhdrr">Snort</td> - <td width="10%" class="listhdrr">Performance</td> - <td width="10%" class="listhdrr">Block</td> - <td width="10%" class="listhdrr">Barnyard2</td> - <td width="50%" class="listhdr">Description</td> - <td width="3%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> - <tr valign="top" id="fr<?=$nnats;?>"> - <?php - - /* convert fake interfaces to real and check if iface is up */ - /* There has to be a smarter way to do this */ - $if_real = snort_get_real_interface($natent['interface']); - $snort_uuid = $natent['uuid']; - - $snort_pgrep_chk = snortRunningChk('snort', $snort_uuid, $if_real); - - if (empty($snort_pgrep_chk)) { - $iconfn = 'pass'; - $class_color_up = 'listbg'; - }else{ - $class_color_up = 'listbg2'; - $iconfn = 'block'; - } - - ?> - <td class="listt"> - <a href="?act=toggle&id=<?=$i;?>"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" - width="13" height="13" border="0" - title="click to toggle start/stop snort"></a> - <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td> - <td class="listt" align="center"></td> - <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - echo snort_get_friendly_interface($natent['interface']); - ?></td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable']; - if ($check_snort_info == "on") - { - $check_snort = enabled; - } else { - $check_snort = disabled; - } - ?> <?=strtoupper($check_snort);?></td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance']; - if ($check_performance_info != "") { - $check_performance = $check_performance_info; - }else{ - $check_performance = "lowmem"; - } - ?> <?=strtoupper($check_performance);?></td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7']; - if ($check_blockoffenders_info == "on") - { - $check_blockoffenders = enabled; - } else { - $check_blockoffenders = disabled; - } - ?> <?=strtoupper($check_blockoffenders);?></td> - <?php - - $snort_pgrep_chkb = snortRunningChk('barnyard2', $snort_uuid, $if_real); - - if (!empty($snort_pgrep_chkb)) { - $class_color_upb = 'listbg2'; - }else{ - $class_color_upb = 'listbg'; - } - - ?> - <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)" - id="frd<?=$nnats;?>" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable']; - if ($check_snortbarnyardlog_info == "on") - { - $check_snortbarnyardlog = strtoupper(enabled); - }else{ - $check_snortbarnyardlog = strtoupper(disabled); - } - ?> <?php echo "$check_snortbarnyardlog";?></td> - <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" - ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?> - </td> - <td valign="middle" class="list" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="edit rule"></a></td> - </tr> - </table> - - </tr> - <?php $i++; $nnats++; endforeach; ?> - <tr> - <td class="list" colspan="8"></td> - <td class="list" valign="middle" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><?php if ($nnats == 0): ?><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" - width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input - name="del" type="image" - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" title="delete selected mappings" - onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td> - </tr> - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> - -<br> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <div id="mainarea4"> - <table class="tabcont" width="100%" border="0" cellpadding="0" - cellspacing="0"> - <tr id="frheader"> - <td width="100%"><span class="red"><strong>Note:</strong></span> <br> - This is the <strong>Snort Menu</strong> where you can see an over - view of all your interface settings. <br> - Please edit the <strong>Global Settings</strong> tab before adding - an interface. <br> - <br> - <span class="red"><strong>Warning:</strong></span> <br> - <strong>New settings will not take effect until interface restart.</strong> - <br> - <br> - <strong>Click</strong> on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="Add Icon"> icon to add a - interface.<strong> Click</strong> - on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" - width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> - snort and barnyard2. <br> - <strong>Click</strong> on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="Edit Icon"> icon to edit a - interface and settings.<strong> Click</strong> - on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" - width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> - snort and barnyard2. <br> - <strong> Click</strong> on the <img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="Delete Icon"> icon to - delete a interface and settings.</td> - </tr> - </table> - </div> - - </tr> - </td> -</table> - - <?php - if ($pkg['tabs'] <> "") { - echo "</td></tr></table>"; - } - ?></form> -</div> - -<br> -<br> -<br> - -<style type="text/css"> -#footer2 { - position: relative; - background-color: transparent; - background-image: url("./images/logo22.png"); - background-repeat: no-repeat; - background-attachment: scroll; - background-position: 0% 0%; - top: 10px; - left: 0px; - width: 770px; - height: 60px; - color: #000000; - text-align: center; - font-size: 0.8em; - padding-top: 40px; - margin-bottom: -35px; - clear: both; -} -</style> - -<div id="footer2">SNORT registered � by Sourcefire, Inc, Barnyard2 -registered � by securixlive.com, Orion registered � by Robert Zelaya, -Emergingthreats registered � by emergingthreats.net, Mysql registered � -by Mysql.com</div> -<!-- Footer DIV --> - - <?php - - include("fend.inc"); - - echo $snort_custom_rnd_box; - - ?> - - - -</body> -</html> diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php deleted file mode 100644 index aee7bee1..00000000 --- a/config/snort-dev/snort_interfaces_edit.php +++ /dev/null @@ -1,755 +0,0 @@ -<?php -/* - snort_interfaces_edit.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); - -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - - -/* always have a limit of (65535) numbers only or snort will not start do to id limits */ -/* TODO: When inline gets added make the uuid the port number lisstening */ -$pconfig = array(); - -/* gen uuid for each iface !inportant */ -if (empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); - $snort_uuid = 0; - while ($snort_uuid > 65535 || $snort_uuid == 0) { - $snort_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $snort_uuid; - } -} else { - $snort_uuid = $a_nat[$id]['uuid']; - $pconfig['uuid'] = $snort_uuid; -} - -if (isset($id) && $a_nat[$id]) { - - /* old options */ - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; - $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers']; - $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['descr'] = $a_nat[$id]['descr']; - $pconfig['performance'] = $a_nat[$id]['performance']; - $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['blockoffenderskill'] = $a_nat[$id]['blockoffenderskill']; - $pconfig['blockoffendersip'] = $a_nat[$id]['blockoffendersip']; - $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; - $pconfig['homelistname'] = $a_nat[$id]['homelistname']; - $pconfig['externallistname'] = $a_nat[$id]['externallistname']; - $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; - $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; - $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['snortalertcvs'] = $a_nat[$id]['snortalertcvs']; - $pconfig['snortunifiedlogbasic'] = $a_nat[$id]['snortunifiedlogbasic']; - $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']); - $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; - $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - - - if (!$pconfig['interface']) - $pconfig['interface'] = "wan"; - } else - $pconfig['interface'] = "wan"; - -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); - -if (isset($_GET['dup'])) - unset($id); - - /* alert file */ - $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - - if ($_POST["Submit"]) { - - if ($_POST['descr'] == '' && $pconfig['descr'] == '') { - $input_errors[] = "Please enter a description for your reference."; - } - - if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - - $result_lan = $value['interface']; - $if_real = snort_get_real_interface($result_lan); - - if ($_POST['interface'] == $result_lan) - $input_errors[] = "Interface $result_lan is in use. Please select another interface."; - } - } - - /* XXX: Void code - * check for overlaps - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; - if ($natent['interface'] != $_POST['interface']) - continue; - } - */ - - /* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - - /* write to conf for 1st time or rewrite the answer */ - if ($_POST['interface']) - $natent['interface'] = $_POST['interface']; - - /* if post write to conf or rewite the answer */ - $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; - $natent['uuid'] = $pconfig['uuid']; - $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; - $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; - /* if post = on use on off or rewrite the conf */ - if ($_POST['blockoffenders7'] == "on") - $natent['blockoffenders7'] = 'on'; - else - $natent['blockoffenders7'] = 'off'; - if ($_POST['blockoffenderskill'] == "on") - $natent['blockoffenderskill'] = 'on'; - if ($_POST['blockoffendersip']) - $natent['blockoffendersip'] = $_POST['blockoffendersip']; - - $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname']; - $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname']; - $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; - $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname']; - $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; - if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } - if ($_POST['enable']) { $natent['enable'] = 'on'; } else unset($natent['enable']); - if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; } - if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; } - if ($_POST['snortalertcvs'] == "on") { $natent['snortalertcvs'] = 'on'; }else{ $natent['snortalertcvs'] = 'off'; } - if ($_POST['snortunifiedlogbasic'] == "on") { $natent['snortunifiedlogbasic'] = 'on'; }else{ $natent['snortunifiedlogbasic'] = 'off'; } - $natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; - /* if optiion = 0 then the old descr way will not work */ - - /* rewrite the options that are not in post */ - /* make shure values are set befor repost or conf.xml will be broken */ - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } - if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_servers'] != "") { $natent['def_sip_servers'] = $pconfig['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; } - if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - - - $if_real = snort_get_real_interface($natent['interface']); - - if (isset($id) && $a_nat[$id]) { - if ($natent['interface'] != $a_nat[$id]['interface']) - Running_Stop($snort_uuid, $if_real, $id); - $a_nat[$id] = $natent; - } else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - sync_snort_package_config(); - sleep(1); - - /* if snort.sh crashed this will remove the pid */ - exec('/bin/rm /tmp/snort.sh.pid'); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces.php"); - - exit; - } - } - - if ($_POST["Submit2"]) { - - sync_snort_package_config(); - sleep(1); - - Running_Start($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - exit; - } - -$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php - include("fbegin.inc"); - echo "{$snort_general_css}\n"; -?> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content</strong></div> -</noscript> -<script language="JavaScript"> -<!-- - -function enable_blockoffenders() { - var endis = !(document.iform.blockoffenders7.checked); - document.iform.blockoffenderskill.disabled=endis; - document.iform.blockoffendersip.disabled=endis; -} - -function enable_change(enable_change) { - endis = !(document.iform.enable.checked || enable_change); - // make shure a default answer is called if this is envoked. - endis2 = (document.iform.enable); - document.iform.performance.disabled = endis; - document.iform.blockoffenders7.disabled = endis; - document.iform.alertsystemlog.disabled = endis; - document.iform.externallistname.disabled = endis; - document.iform.homelistname.disabled = endis; - document.iform.suppresslistname.disabled = endis; - document.iform.tcpdumplog.disabled = endis; - document.iform.snortunifiedlog.disabled = endis; - document.iform.snortalertcvs.disabled = endis; - document.iform.snortunifiedlogbasic.disabled = endis; - document.iform.configpassthru.disabled = endis; -} -//--> -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<form method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - echo '<p>'; - - if($savemsg) - print_info_box_np2("{$savemsg}"); - else { - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td class="tabnavtbl"> - <?php - if ($a_nat[$id]['interface'] != '') { - /* get the interface name */ - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_array = split(',', $if_list); - if($if_array) { - foreach($if_array as $iface2) { - /* build a list of user specified interfaces -gtm */ - $if2 = snort_get_real_interface($iface2); - if ($if2) - array_push($snortInterfaces, $if2); - } - - if (count($snortInterfaces) < 1) - log_error("Snort will not start. You must select an interface for it to listen on."); - } - - } - ?> - </td> - </tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Enable</td> - <td width="22%" valign="top" class="vtable"> <?php - // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> - // care with spaces - if ($pconfig['enable'] == "on") - $checked = checked; - - $onclick_enable = "onClick=\"enable_change(false)\">"; - - echo " - <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable - Enable or Disable</td>\n\n"; - ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Interface</td> - <td width="78%" class="vtable"> - <select name="interface" class="formfld"> - <?php - if (function_exists('get_configured_interface_with_descr')) - $interfaces = get_configured_interface_with_descr(); - else { - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" - <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Description</td> - <td width="78%" class="vtable"><input name="descr" type="text" - class="formfld" id="descr" size="40" - value="<?=htmlspecialchars($pconfig['descr']);?>"> <br> - <span class="vexpl">You may enter a description here for your - reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Memory Performance</td> - <td width="78%" class="vtable"><select name="performance" - class="formfld" id="performance"> - <?php - $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); - foreach ($interfaces2 as $iface2 => $ifacename2): ?> - <option value="<?=$iface2;?>" - <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename2);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Lowmem and ac-bnfa are recommended for low end - systems, Ac: high memory, best performance, ac-std: moderate - memory,high performance, acs: small memory, moderateperformance, - ac-banded: small memory,moderate performance, ac-sparsebands: small - memory, high performance.<br> - </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the networks - snort should inspect and whitelist.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Home net</td> - <td width="78%" class="vtable"><select name="homelistname" - class="formfld" id="homelistname"> - <?php - echo "<option value='default' >default</option>"; - /* find whitelist names and filter by type */ - if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { - if ($value['snortlisttype'] == 'netlist') { - $ilistname = $value['name']; - if ($ilistname == $pconfig['homelistname']) - echo "<option value='$ilistname' selected>"; - else - echo "<option value='$ilistname'>"; - echo htmlspecialchars($ilistname) . '</option>'; - } - } - } - ?> - </select><br> - <span class="vexpl">Choose the home net you will like this rule to - use. </span> <br/><span class="red">Note:</span> Default home - net adds only local networks.<br> - <span class="red">Hint:</span> Most users add a list of - friendly ips that the firewall cant see.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">External net</td> - <td width="78%" class="vtable"><select name="externallistname" - class="formfld" id="externallistname"> - <?php - echo "<option value='default' >default</option>"; - /* find whitelist names and filter by type */ - if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { - if ($value['snortlisttype'] == 'netlist') { - $ilistname = $value['name']; - if ($ilistname == $pconfig['externallistname']) - echo "<option value='$ilistname' selected>"; - else - echo "<option value='$ilistname'>"; - echo htmlspecialchars($ilistname) . '</option>'; - } - } - } - ?> - </select><br/> - <span class="vexpl">Choose the external net you will like this rule - to use. </span> <br/><span class="red">Note:</span> Default - external net, networks that are not home net.<br> - <span class="red">Hint:</span> Most users should leave this - setting at default.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Block offenders</td> - <td width="78%" class="vtable"> - <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on" - <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> - onClick="enable_blockoffenders()"><br> - Checking this option will automatically block hosts that generate a - Snort alert.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Kill states</td> - <td width="78%" class="vtable"> - <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>> - <br/>Should firewall states be killed for the blocked ip - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Which ip to block</td> - <td width="78%" class="vtable"> - <select name="blockoffendersip" class="formfld" id="blockoffendersip"> - <?php - foreach (array("src", "dst", "both") as $btype) { - if ($btype == $pconfig['blockoffendersip']) - echo "<option value='{$btype}' selected>"; - else - echo "<option value='{$btype}'>"; - echo htmlspecialchars($btype) . '</option>'; - } - ?> - </select> - <br/> Which ip extracted from the packet you want to block - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Whitelist</td> - <td width="78%" class="vtable"> - <select name="whitelistname" class="formfld" id="whitelistname"> - <?php - /* find whitelist names and filter by type, make sure to track by uuid */ - echo "<option value='default' >default</option>\n"; - if (is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { - foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $value) { - if ($value['snortlisttype'] == 'whitelist') { - if ($value['name'] == $pconfig['whitelistname']) - echo "<option value='{$value['name']}' selected>"; - else - echo "<option value='{$value['name']}'>"; - echo htmlspecialchars($value['name']) . '</option>'; - } - } - } - ?> - </select><br> - <span class="vexpl">Choose the whitelist you will like this rule to - use. </span> <br/><span class="red">Note:</span> Default - whitelist adds only local networks.<br/> - <span class="red">Note:</span> This option will only be used when block offenders is on. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Suppression and - filtering</td> - <td width="78%" class="vtable"> - <select name="suppresslistname" class="formfld" id="suppresslistname"> - <?php - echo "<option value='default' >default</option>\n"; - if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { - $slist_select = $config['installedpackages']['snortglobal']['suppress']['item']; - foreach ($slist_select as $value) { - $ilistname = $value['name']; - if ($ilistname == $pconfig['suppresslistname']) - echo "<option value='$ilistname' selected>"; - else - echo "<option value='$ilistname'>"; - echo htmlspecialchars($ilistname) . '</option>'; - } - } - ?> - </select><br> - <span class="vexpl">Choose the suppression or filtering file you - will like this rule to use. </span> <br/><span class="red">Note:</span> Default - option disables suppression and filtering.</td> - </tr> - - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the types of - logs snort should create.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Send alerts to main - System logs</td> - <td width="78%" class="vtable"><input name="alertsystemlog" - type="checkbox" value="on" - <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Snort will send Alerts to the firewall's system logs.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td> - <td width="78%" class="vtable"><input name="tcpdumplog" - type="checkbox" value="on" - <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Snort will log packets to a tcpdump-formatted file. The file then - can be analyzed by an application such as Wireshark which - understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> - File may become large.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log Alerts to a snort unified file</td> - <td width="78%" class="vtable"> - <input name="snortunifiedlogbasic" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlogbasic'] == "on") echo "checked"; ?> onClick="enable_change(false)"> - <br> - Snort will log Alerts to a file in the UNIFIED format. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log Alerts to a snort - unified2 file</td> - <td width="78%" class="vtable"><input name="snortunifiedlog" - type="checkbox" value="on" - <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Snort will log Alerts to a file in the UNIFIED2 format. This is a - requirement for barnyard2.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log Alerts to a snort cvs file</td> - <td width="78%" class="vtable"> - <input name="snortalertcvs" type="checkbox" value="on" <?php if ($pconfig['snortalertcvs'] == "on") echo "checked"; ?> onClick="enable_change(false)"> - <br> - Snort will log Alerts to a file in the CVS format. - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Arguments here will - be automatically inserted into the snort configuration.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration - pass through</td> - <td width="78%" class="vtable"><textarea wrap="off" - name="configpassthru" cols="75" rows="12" id="configpassthru" - class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> - </td> - </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - -</table> -</form> - -<script language="JavaScript"> -<!-- -enable_change(false); -enable_blockoffenders(); -//--> -</script> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php deleted file mode 100644 index a267f561..00000000 --- a/config/snort-dev/snort_interfaces_global.php +++ /dev/null @@ -1,437 +0,0 @@ -<?php -/* - snort_interfaces_global.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Copyright (C) 2008-2009 Robert Zelaya - Modified for the Pfsense snort package. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -$d_snort_global_dirty_path = '/var/run/snort_global.dirty'; - -/* make things short */ -$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; -$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; -$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; -$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; -$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; -$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; -$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; -$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; -$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; - -/* if no errors move foward */ -if (!$input_errors) { - - if ($_POST["Submit"]) { - - $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload']; - $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; - $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; - $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; - if ($_POST['snortloglimitsize']) { - $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit']; - $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize']; - } else { - $config['installedpackages']['snortglobal']['snortloglimit'] = 'on'; - - /* code will set limit to 21% of slice that is unused */ - $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024); - $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize; - } - $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; - $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; - $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; - - $retval = 0; - - $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit']; - snort_snortloglimit_install_cron($snort_snortloglimit_info_ck == 'ok' ? true : false); - - /* set the snort block hosts time IMPORTANT */ - $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; - if ($snort_rm_blocked_info_ck == "never_b") - $snort_rm_blocked_false = false; - else - $snort_rm_blocked_false = true; - - snort_rm_blocked_install_cron($snort_rm_blocked_false); - - /* set the snort rules update time */ - $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; - if ($snort_rules_up_info_ck == "never_up") - $snort_rules_up_false = false; - else - $snort_rules_up_false = true; - - snort_rules_up_install_cron($snort_rules_up_false); - - configure_cron(); - write_config(); - - /* create whitelist and homenet file then sync files */ - sync_snort_package_config(); - - /* forces page to reload new settings */ - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces_global.php"); - exit; - } -} - - -if ($_POST["Reset"]) { - - function snort_deinstall_settings() { - global $config, $g, $id, $if_real; - - exec("/usr/usr/bin/killall snort"); - sleep(2); - exec("/usr/usr/bin/killall -9 snort"); - sleep(2); - exec("/usr/usr/bin/killall barnyard2"); - sleep(2); - exec("/usr/usr/bin/killall -9 barnyard2"); - sleep(2); - - /* Remove snort cron entries Ugly code needs smoothness*/ - if (!function_exists('snort_deinstall_cron')) { - function snort_deinstall_cron($cronmatch) { - global $config, $g; - - - if(!$config['cron']['item']) - return; - - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], $cronmatch)) { - $is_installed = true; - break; - } - $x++; - } - if($is_installed == true) - unset($config['cron']['item'][$x]); - - configure_cron(); - } - } - - snort_deinstall_cron("snort2c"); - snort_deinstall_cron("snort_check_for_rule_updates.php"); - - - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ - /* Keep this as a last step */ - unset($config['installedpackages']['snortglobal']); - - /* remove all snort iface dir */ - exec('rm -r /usr/local/etc/snort/snort_*'); - exec('rm /var/log/snort/*'); - } - - snort_deinstall_settings(); - write_config(); /* XXX */ - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces_global.php"); - exit; -} - -$pgtitle = 'Services: Snort: Global Settings'; -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php -echo "{$snort_general_css}\n"; -echo "$snort_interfaces_css\n"; - -include_once("fbegin.inc"); - -if($pfsense_stable == 'yes') - echo '<p class="pgtitle">' . $pgtitle . '</p>'; -?> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php - /* Display Alert message, under form tag or no refresh */ - if ($input_errors) - print_input_errors($input_errors); // TODO: add checks - - if (!$input_errors) { - if (file_exists($d_snort_global_dirty_path)) { - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), true, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td class="tabcont"> - <table id="maintable2" width="100%" border="0" cellpadding="6" - cellspacing="0"> - <tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Please Choose The - Type Of Rules You Wish To Download</td> - </tr> - <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" - id="snortdownload" value="off" onClick="enable_change(false)" - <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>> - Do <strong>NOT</strong> Install</td> - </tr> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" - id="snortdownload" value="on" onClick="enable_change(false)" - <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install - Basic Rules or Premium rules <br> - <a - href="https://www.snort.org/signup" target="_blank">Sign Up for a - Basic Rule Account</a><br> - <a - href="http://www.snort.org/vrt/buy-a-subscription" - target="_blank">Sign Up for Sourcefire VRT Certified Premium - Rules. This Is Highly Recommended</a></td> - </tr> - <tr> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td> - </tr> - <tr> - <td class="vncell2" valign="top">Code</td> - <td class="vtable"><input name="oinkmastercode" type="text" - class="formfld" id="oinkmastercode" size="52" - value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br> - Obtain a snort.org Oinkmaster code and paste here.</td> - - </table> - - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong> - rules</td> - <td width="78%" class="vtable"><input name="emergingthreats" - type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Emerging Threats is an open source community that produces fastest - moving and diverse Snort Rules.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Update rules - automatically</td> - <td width="78%" class="vtable"><select name="autorulesupdate7" - class="formfld" id="autorulesupdate7"> - <?php - $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the update times for rules.<br> - Hint: in most cases, every 12 hours is a good choice.</span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - - <tr> - <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> - <td width="22%" valign="top" class="vncell2">Log Directory Size - Limit<br> - <br> - <br> - <br> - <br> - <br> - <span class="red"><strong>Note</span>:</strong><br> - Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" - id="snortloglimit" value="on" onClick="enable_change(false)" - <?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>> - <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td> - </tr> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" - id="snortloglimit" value="off" onClick="enable_change(false)" - <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong> - directory size limit<br> - <br> - <span class="red"><strong>Warning</span>:</strong> Nanobsd - should use no more than 10MB of space.</td> - </tr> - <tr> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vncell3">Size in <strong>MB</strong></td> - <td class="vtable"><input name="snortloglimitsize" type="text" - class="formfld" id="snortloglimitsize" size="7" - value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>"> - Default is <strong>20%</strong> of available space.</td> - - </table> - - </tr> - - <tr> - <td width="22%" valign="top" class="vncell2">Remove blocked hosts - every</td> - <td width="78%" class="vtable"><select name="rm_blocked" - class="formfld" id="rm_blocked"> - <?php - $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the amount of time you would like - hosts to be blocked for.<br> - Hint: in most cases, 1 hour is a good choice.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Alerts file description - type</td> - <td width="78%" class="vtable"><select name="snortalertlogtype" - class="formfld" id="snortalertlogtype"> - <?php - $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" - <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?></option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please choose the type of Alert logging you will - like see in your alert file.<br> - Hint: Best pratice is to chose full logging.</span> <span - class="red"><strong>WARNING:</strong></span> <strong>On - change, alert file will be cleared.</strong></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Keep snort settings - after deinstall</td> - <td width="78%" class="vtable"><input name="forcekeepsettings" - id="forcekeepsettings" type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Settings will not be removed during deinstall.</td> - </tr> - <tr> - <td width="22%" valign="top"><input name="Reset" type="submit" - class="formbtn" value="Reset" - onclick="return confirm('Do you really want to delete all global and interface settings?')"><span - class="red"><strong> WARNING:</strong><br> - This will reset all global and interface settings.</span></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" - value="Save" onClick="enable_change(true)"> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br> - </strong></span> Changing any settings on this page will affect all - interfaces. Please, double check if your oink code is correct and - the type of snort.org account you hold.</span></td> - </tr> - </table> - </td> - </tr> -</table> -</form> - -</div> - - <?php include("fend.inc"); ?> - - <?php echo "$snort_custom_rnd_box\n"; ?> - -</body> -</html> diff --git a/config/snort-dev/snort_interfaces_suppress.php b/config/snort-dev/snort_interfaces_suppress.php deleted file mode 100644 index 4eeed42d..00000000 --- a/config/snort-dev/snort_interfaces_suppress.php +++ /dev/null @@ -1,171 +0,0 @@ -<?php -/* $Id$ */ -/* - Copyright (C) 2004 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['suppress'])) - $config['installedpackages']['snortglobal']['suppress'] = array(); -if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - $config['installedpackages']['snortglobal']['suppress']['item'] = array(); -$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; -$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']); - -$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty'; - -if ($_GET['act'] == "del") { - if ($a_suppress[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - - unset($a_suppress[$_GET['id']]); - write_config(); - filter_configure(); - header("Location: /snort/snort_interfaces_suppress.php"); - exit; - } -} - -$pgtitle = "Services: Snort: Suppression"; -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php -include_once("fbegin.inc"); -echo $snort_general_css; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_suppresslistdirty_path)): ?> -<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> -<?php endif; ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td class="tabcont"> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - - <tr> - <td width="30%" class="listhdrr">File Name</td> - <td width="70%" class="listhdr">Description</td> - - <td width="10%" class="list"></td> - </tr> - <?php $i = 0; foreach ($a_suppress as $list): ?> - <tr> - <td class="listlr" - ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?></td> - <td class="listbg" - ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> - </td> - - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a - href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="edit whitelist"></a></td> - <td><a - href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" - onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="delete whitelist"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a - href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -<br> -<table class="tabcont" width="100%" border="0" cellpadding="0" - cellspacing="0"> - <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <p><span class="vexpl">Here you can create event filtering and - suppression for your snort package rules.<br> - Please note that you must restart a running rule so that changes can - take effect.</span></p></td> -</table> - -</form> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_interfaces_suppress_edit.php b/config/snort-dev/snort_interfaces_suppress_edit.php deleted file mode 100644 index 7303349f..00000000 --- a/config/snort-dev/snort_interfaces_suppress_edit.php +++ /dev/null @@ -1,295 +0,0 @@ -<?php -/* $Id$ */ -/* - firewall_aliases_edit.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['suppress'])) - $config['installedpackages']['snortglobal']['suppress'] = array(); -if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - $config['installedpackages']['snortglobal']['suppress']['item'] = array(); -$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (!is_numeric($id)) - $id = 0; // XXX: safety belt - - -/* gen uuid for each iface */ -if (is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) { - if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); - $suppress_uuid = 0; - while ($suppress_uuid > 65535 || $suppress_uuid == 0) { - $suppress_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $suppress_uuid; - } - } else if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') { - $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid']; - } -} - -$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty'; - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name) { - if (!is_string($name)) - return false; - - if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) - return true; - - return false; -} - -if (isset($id) && $a_suppress[$id]) { - - /* old settings */ - $pconfig['name'] = $a_suppress[$id]['name']; - $pconfig['uuid'] = $a_suppress[$id]['uuid']; - $pconfig['descr'] = $a_suppress[$id]['descr']; - $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); -} - -if ($_POST['submit']) { - - unset($input_errors); - $pconfig = $_POST; - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - - $x = is_validwhitelistname($_POST['name']); - if (!isset($x)) { - $input_errors[] = "Reserved word used for whitelist file name."; - } else { - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; - } - - - /* check for name conflicts */ - foreach ($a_suppress as $s_list) { - if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list)) - continue; - - if ($s_list['name'] == $_POST['name']) { - $input_errors[] = "A whitelist file name with this name already exists."; - break; - } - } - - - if (!$input_errors) { - $s_list = array(); - $s_list['name'] = $_POST['name']; - $s_list['uuid'] = $suppress_uuid; - $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); - - if (isset($id) && $a_suppress[$id]) - $a_suppress[$id] = $s_list; - else - $a_suppress[] = $s_list; - - write_config(); - - sync_snort_package_config(); - - header("Location: /snort/snort_interfaces_suppress.php"); - exit; - } - -} - -$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -echo $snort_general_css; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php if ($input_errors) print_input_errors($input_errors); ?> -<div id="inputerrors"></div> - -<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" - method="post" name="iform" id="iform"><?php - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snort_suppress_dirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global - Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li class="newtabmenu_active"><a - href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> - </ul> - </div> - - </td> - </tr> - - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and - description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"><input name="name" type="text" id="name" - size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> - <span class="vexpl"> The list name may only consist of the - characters a-z, A-Z and 0-9. <span class="red">Note: </span> No - Spaces. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"><input name="descr" type="text" - id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> - <span class="vexpl"> You may enter a description here for your - reference (not parsed). </span></td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <table height="32" width="100%"> - <tr> - <td> - <div style='background-color: #E0E0E0' id='redbox'> - <table width='100%'> - <tr> - <td width='8%'> <img - style='vertical-align: middle' - src="/snort/images/icon_excli.png" width="40" height="32"></td> - <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font> - <font size="2" color='#000000'> The threshold keyword - is deprecated as of version 2.8.5. Use the event_filter keyword - instead.</font></td> - </tr> - </table> - </div> - </td> - </tr> - <script type="text/javascript"> - NiftyCheck(); - Rounded("div#redbox","all","#FFF","#E0E0E0","smooth"); - Rounded("td#blackbox","all","#FFF","#000000","smooth"); - </script> - <tr> - <td colspan="2" valign="top" class="listtopic">Apply suppression or - filters to rules. Valid keywords are 'suppress', 'event_filter' and - 'rate_filter'.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="vncell"><b>Example 1;</b> - suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> - <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, - track by_src, count 1, seconds 60<br> - <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, - count 100, seconds 1, new_action log, timeout 10</td> - </tr> - <tr> - <td width="100%" class="vtable"><textarea wrap="off" - name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" - class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> - </td> - </tr> - <tr> - <td width="78%"><input id="submit" name="submit" type="submit" - class="formbtn" value="Save" /> <input id="cancelbutton" - name="cancelbutton" type="button" class="formbtn" value="Cancel" - onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> - </td> - </tr> - </table> - </table> - </td> - </tr> -</table> -</form> - -</div> - - <?php include("fend.inc"); ?> - -</body> -</html> diff --git a/config/snort-dev/snort_interfaces_whitelist.php b/config/snort-dev/snort_interfaces_whitelist.php deleted file mode 100644 index 2dc2d491..00000000 --- a/config/snort-dev/snort_interfaces_whitelist.php +++ /dev/null @@ -1,189 +0,0 @@ -<?php -/* $Id$ */ -/* - firewall_aliases.php - Copyright (C) 2004 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) -$config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - -//aliases_sort(); << what ? -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) { - $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); -}else{ - $id_gen = '0'; -} - -$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty'; - -if ($_GET['act'] == "del") { - if ($a_whitelist[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - - unset($a_whitelist[$_GET['id']]); - write_config(); - filter_configure(); - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; - } -} - -$pgtitle = "Services: Snort: Whitelist"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include_once("fbegin.inc"); -echo $snort_general_css; -?> - -<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_whitelistdirty_path)): ?> -<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> -<?php endif; ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td class="tabcont"> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - - <tr> - <td width="20%" class="listhdrr">File Name</td> - <td width="40%" class="listhdrr">Values</td> - <td width="40%" class="listhdr">Description</td> - <td width="10%" class="list"></td> - </tr> - <?php $i = 0; foreach ($a_whitelist as $list): ?> - <tr> - <td class="listlr" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?></td> - <td class="listr" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?php - $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); - echo $addresses; - if(count($addresses) < 10) { - echo " "; - } else { - echo "..."; - } - ?></td> - <td class="listbg" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a - href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="edit whitelist"></a></td> - <td><a - href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" - onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="delete whitelist"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a - href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -<br> -<table class="tabcont" width="100%" border="0" cellpadding="0" - cellspacing="0"> - <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <p><span class="vexpl">Here you can create whitelist files for your - snort package rules.<br> - Please add all the ips or networks you want to protect against snort - block decisions.<br> - Remember that the default whitelist only includes local networks.<br> - Be careful, it is very easy to get locked out of you system.</span></p></td> -</table> - -</form> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php deleted file mode 100644 index ef930eb9..00000000 --- a/config/snort-dev/snort_interfaces_whitelist_edit.php +++ /dev/null @@ -1,494 +0,0 @@ -<?php -/* $Id$ */ -/* - firewall_aliases_edit.php - Copyright (C) 2004 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; -} - -/* gen uuid for each iface !inportant */ -if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') { - $whitelist_uuid = 0; - while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { - $whitelist_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $whitelist_uuid; - } -} else if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; -} - -$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name, $type) { - if (!is_string($name)) - return false; - - if ($type === 'name' && !preg_match("/[^a-zA-Z0-9\_]/", $name)) - return true; - - if ($type === 'ip' && !preg_match("/[^a-zA-Z0-9\:\,\.\/]/", $name)) - return true; - - if ($type === 'detail' && !preg_match("/[^a-zA-Z0-9\:\,\.\+\s\-\']/", $name)) - return true; - - return false; -} - -if (isset($id) && $a_whitelist[$id]) { - - /* old settings */ - $pconfig = array(); - $pconfig['name'] = $a_whitelist[$id]['name']; - $pconfig['uuid'] = $a_whitelist[$id]['uuid']; - $pconfig['detail'] = $a_whitelist[$id]['detail']; - $pconfig['addressuuid'] = $a_whitelist[$id]['addressuuid']; - $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; - $pconfig['address'] = $a_whitelist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); - $pconfig['wanips'] = $a_whitelist[$id]['wanips']; - $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; - $pconfig['vips'] = $a_whitelist[$id]['vips']; - $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; - $addresses = explode(' ', $pconfig['address']); - $address = explode(" ", $addresses[0]); -} - -if ($_POST['submit']) { - - conf_mount_rw(); - - unset($input_errors); - $pconfig = $_POST; - - //input validation - $reqdfields = explode(" ", "name"); // post name required - $reqdfieldsn = explode(",", "Name"); // error msg name - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - - - if (is_validwhitelistname($_POST['name'], 'name') == false) - $input_errors[] = "Whitelist name may only consist of the characters a-z, A-Z and 0-9. Note: No Spaces."; - - if (is_validwhitelistname($_POST['descr'], 'detail') == false) - $input_errors[] = "Whitelist description name may only consist of the characters [a-z, A-Z 0-9 + , :]. Note: No Spaces."; - - // check for name conflicts - foreach ($a_whitelist as $w_list) { - if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) - continue; - - if ($w_list['name'] == $_POST['name']) { - $input_errors[] = "A whitelist file name with this name already exists."; - break; - } - } - - // build string lists - if (!empty($pconfig[addresses])) { - $countArray = count($pconfig[addresses]); - $i = 0; - - foreach ($pconfig[addresses] as $address) { - - $i++; - - if (is_validwhitelistname($address[address], 'ip') == false) { - $input_errors[] = "List of IPs may only consist of the characters [. : 0-9]. Note: No Spaces."; - } - - if (is_validwhitelistname($address[detail], 'detail') == false) { - $input_errors[] = "List of IP descriptions may only consist of the characters [a-z, A-Z 0-9 + , : ' -]."; - } - - if (!empty($address[address]) && !empty($address[uuid])) { - - $final_address_ip .= $address[address]; - - $final_address_uuid .= $address[uuid]; - - if (empty($address[detail])) { - $final_address_details .= "Entry added " . date('r'); - }else{ - $final_address_details .= $address[detail]; - } - - if($i < $countArray){ - $final_address_ip .= ','; - $final_address_details .= '||'; - $final_address_uuid .= '||'; - } - } - } - } - - $w_list = array(); - // post user input - $w_list['name'] = $_POST['name']; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['uuid'] = $whitelist_uuid; - $w_list['snortlisttype'] = $_POST['snortlisttype']; - $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; - $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; - $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; - $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; - $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - - $w_list['addressuuid'] = $final_address_uuid; - $w_list['address'] = $final_address_ip; - $w_list['detail'] = $final_address_details; - - if (empty($final_address_ip) && $w_list['wanips'] === 'no' && $w_list['wangateips'] === 'no' && $w_list['wandnsips'] === 'no' && $w_list['vips'] === 'no' && $w_list['vpnips'] === 'no') - $input_errors[] = "You must add a \"auto generated ip\" or a \"custom ip\"! "; - - if (!$input_errors) { - if (isset($id) && $a_whitelist[$id]) - $a_whitelist[$id] = $w_list; - else - $a_whitelist[] = $w_list; - - write_config(); - - // create whitelist and homenet file then sync files - sync_snort_package_config(); - - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; - } else { - - $pconfig['wanips'] = $a_whitelist[$id]['wanips']; - $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; - $pconfig['vips'] = $a_whitelist[$id]['vips']; - $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; - - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $pconfig['address'] = $final_address_ip; - $pconfig['detail'] = $final_address_details; - $pconfig['addressuuid'] = $final_address_uuid; - - $input_errors[] = 'Press Cancel to reset.'; - } - -} - -$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" > - -<?php -include("fbegin.inc"); -echo $snort_general_css; -?> - -<?php - /* Display Alert message */ - if ($input_errors) - print_input_errors($input_errors); // TODO: add checks - - if ($savemsg) - print_info_box($savemsg); - -?> -<div id="inputerrors"></div> - -<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform"> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); - display_top_tabs($tab_array); -?> - </td> -</tr> - <tr> - <td class="tabcont"> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and - description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"><input name="name" type="text" id="name" - size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> - <span class="vexpl"> The list name may only consist of the - characters a-z, A-Z and 0-9. <span class="red">Note: </span> No - Spaces. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"><input name="descr" type="text" - id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> - <span class="vexpl"> You may enter a description here for your - reference (not parsed). </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">List Type</td> - <td width="78%" class="vtable"> - - <div - style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" - id="itemhelp"><strong>WHITELIST:</strong> This - list specifies addresses that Snort Package should not block.<br> - <br> - <strong>NETLIST:</strong> This list is for defining - addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div> - - <select name="snortlisttype" class="formfld" id="snortlisttype"> - <?php - $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" - <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?></option> - <?php endforeach; ?> - </select> <span class="vexpl"> Choose the type of - list you will like see in your <span class="red">Interface Edit Tab</span>. - </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add auto generated - ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">WAN IPs</td> - <td width="78%" class="vtable"><input name="wanips" type="checkbox" - id="wanips" size="40" value="yes" - <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add WAN IPs to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan Gateways</td> - <td width="78%" class="vtable"><input name="wangateips" - type="checkbox" id="wangateips" size="40" value="yes" - <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add WAN Gateways to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan DNS servers</td> - <td width="78%" class="vtable"><input name="wandnsips" - type="checkbox" id="wandnsips" size="40" value="yes" - <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add WAN DNS servers to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td> - <td width="78%" class="vtable"><input name="vips" type="checkbox" - id="vips" size="40" value="yes" - <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">VPNs</td> - <td width="78%" class="vtable"><input name="vpnips" type="checkbox" - id="vpnips" size="40" value="yes" - <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> Add VPN Addresses to the list. </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add your own custom - ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2"> - <div id="addressnetworkport">IP or CIDR items</div> - </td> - <td width="78%" class="vtable"> - <table id="maintable"> - <tbody> - <tr> - <td colspan="4"> - <div - style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" - id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY - IPs not CIDRs</strong>. Example: 192.168.4.1<br> - <br> - For <strong>NETLIST's</strong> you may enter <strong>IPs and - CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div> - </td> - </tr> - <tr> - <td> - <div id="onecolumn">IP or CIDR</div> - </td> - <td> - <div id="threecolumn">Add a Description or leave blank and a date - will be added.</div> - </td> - </tr> - - <?php - /* cleanup code */ - $counter = 0; - if (!empty($pconfig['address'])): - - $addressArray = explode(',', $pconfig['address']); - $detailArray = explode('||', $pconfig['detail']); - $RowUUIDArray = explode('||', $pconfig['addressuuid']); - - foreach($addressArray as $address): - if (!empty($address)): - $detail = $detailArray[$counter]; - $rowaddressuuid= $RowUUIDArray[$counter]; - ?> - <tr id="<?=$rowaddressuuid?>"> - <td><input autocomplete="off" name="addresses[<?=$rowaddressuuid;?>][address]" class="formfld unknown" size="30" value="<?=$address;?>" type="text"></td> - <td><input autocomplete="off" name="addresses[<?=$rowaddressuuid;?>][detail]" class="formfld unknown" size="50" value="<?=$detail;?>" type="text"></td> - <td><img id="<?=$rowaddressuuid;?>" class="icon_x removeRow" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" alt="" title="remove entry" border="0"></td> - <td><input name="addresses[<?=$rowaddressuuid;?>][uuid]" value="<?=$rowaddressuuid;?>" type="hidden"></td> - </tr> - - <?php - $counter++; - endif; - endforeach; - endif; - ?> - </tbody> - </table> - <img id="addNewRow" class="icon_x" border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> - <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> - <input name="id" type="hidden" value="<?=$id;?>" /> - </td> - </tr> - </table> - </td> - </tr> -</table> -</form> - -<script type="text/javascript"> - - -/*! Needs to be watched not my code <- IMPORTANT -* JavaScript UUID Generator, v0.0.1 -* -* Copyright (c) 2009 Massimo Lombardo. -* Dual licensed under the MIT and the GNU GPL licenses. -*/ - -function genUUID() { - var uuid = (function () { - var i, - c = "89ab", - u = []; - for (i = 0; i < 36; i += 1) { - u[i] = (Math.random() * 16 | 0).toString(16); - } - u[8] = u[13] = u[18] = u[23] = ""; - u[14] = "4"; - u[19] = c.charAt(Math.random() * 4 | 0); - return u.join(""); - })(); - return { - toString: function () { - return uuid; - }, - valueOf: function () { - return uuid; - } - } -}; - - - jQuery(".icon_x").live('mouseover', function() { - jQuery(this).css('cursor', 'pointer'); - }); - - - jQuery('#addNewRow').live("click", function(){ - - var addRowCount = genUUID(); - - jQuery('#maintable > tbody').append( - "\n" + '<tr id="' + addRowCount + '">' + "\n" + - '<td><input autocomplete="off" name="addresses[' + addRowCount + '][address]" class="formfld unknown" size="30" value="" type="text"></td>' + "\n" + - '<td><input autocomplete="off" name="addresses[' + addRowCount + '][detail]" class="formfld unknown" size="50" value="" type="text"></td>' + "\n" + - '<td><img id="' + addRowCount + '" class="icon_x removeRow" border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" alt="" title="remove entry" /></td>' + "\n" + - '<td><input name="addresses[' + addRowCount + '][uuid]" type="hidden" value="' + addRowCount + '" /></td>' + "\n" + - '</tr>' + "\n" - ); - }); - - - jQuery(".removeRow").live('click', function(){ - jQuery("#" + this.id).remove(); - }); - -</script> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php deleted file mode 100644 index 7f89d433..00000000 --- a/config/snort-dev/snort_preprocessors.php +++ /dev/null @@ -1,391 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_preprocessors.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -$pconfig = array(); -if (isset($id) && $a_nat[$id]) { - $pconfig = $a_nat[$id]; - - /* new options */ - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; - $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; -} - -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); -$snort_uuid = $pconfig['uuid']; - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - -if ($_POST) { - - $natent = array(); - $natent = $pconfig; - - /* if no errors write to conf */ - if (!$input_errors) { - /* post new options */ - $natent['perform_stat'] = $_POST['perform_stat']; - if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } - if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } - if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; } - if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; } - - $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off'; - $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off'; - $natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off'; - $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off'; - $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off'; - $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off'; - $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off'; - $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off'; - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - $if_real = snort_get_real_interface($pconfig['interface']); - sync_snort_package_config(); - - /* after click go to this page */ - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: snort_preprocessors.php?id=$id"); - exit; - } -} - -$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow"; -include_once("head.inc"); - -?> -<body - link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php -echo "{$snort_general_css}\n"; -?> - -<div class="body2"> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - - -<form action="snort_preprocessors.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"><?php - - /* Display Alert message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <?php - /* display error code if there is no id */ - if($id == "") - { - echo " - <style type=\"text/css\"> - .noid { - position:absolute; - top:10px; - left:0px; - width:94%; - background:#FCE9C0; - background-position: 15px; - border-top:2px solid #DBAC48; - border-bottom:2px solid #DBAC48; - padding: 15px 10px 85% 50px; - } - </style> - <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/{$g['theme']}/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; - - } - ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note: - </strong></span><br> - Rules may be dependent on preprocessors!<br> - Defaults will be used when there is no user input.<br></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Performance - Statistics</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"><input name="perform_stat" - type="checkbox" value="on" - <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> - onClick="enable_change(false)"> Performance Statistics for this - interface.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"><input name="http_inspect" - type="checkbox" value="on" - <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> - onClick="enable_change(false)"> Use HTTP Inspect to - Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> - </tr> - <tr> - <td valign="top" class="vncell2">HTTP server flow depth</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="flow_depth" type="text" class="formfld" - id="flow_depth" size="5" - value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> - to <strong>1460</strong> (<strong>-1</strong> disables HTTP - inspect, <strong>0</strong> enables all HTTP inspect)</td> - </tr> - </table> - Amount of HTTP server response payload to inspect. Snort's - performance may increase by adjusting this value.<br> - Setting this value too low may cause false negatives. Values above 0 - are specified in bytes. Default value is <strong>0</strong><br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td> - </tr> - <tr> - <td valign="top" class="vncell2">Max Queued Bytes</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="max_queued_bytes" type="text" class="formfld" - id="max_queued_bytes" size="5" - value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>"> - Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> - ( default value is <strong>1048576</strong>, <strong>0</strong> - means Maximum )</td> - </tr> - </table> - The number of bytes to be queued for reassembly for TCP sessions in - memory. Default value is <strong>1048576</strong><br> - </td> - </tr> - <tr> - <td valign="top" class="vncell2">Max Queued Segs</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="max_queued_segs" type="text" class="formfld" - id="max_queued_segs" size="5" - value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>"> - Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> - ( default value is <strong>2621</strong>, <strong>0</strong> means - Maximum )</td> - </tr> - </table> - The number of segments to be queued for reassembly for TCP sessions - in memory. Default value is <strong>2621</strong><br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">General Preprocessor - Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - RPC Decode and Back Orifice detector</td> - <td width="78%" class="vtable"><input name="other_preprocs" - type="checkbox" value="on" - <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Normalize/Decode RPC traffic and detects Back Orifice traffic on the - network.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - FTP and Telnet Normalizer</td> - <td width="78%" class="vtable"><input name="ftp_preprocessor" - type="checkbox" value="on" - <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - SMTP Normalizer</td> - <td width="78%" class="vtable"><input name="smtp_preprocessor" - type="checkbox" value="on" - <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - Portscan Detection</td> - <td width="78%" class="vtable"><input name="sf_portscan" - type="checkbox" value="on" - <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - Detects various types of portscans and portsweeps.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - DCE/RPC2 Detection</td> - <td width="78%" class="vtable"><input name="dce_rpc_2" - type="checkbox" value="on" - <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC - traffic.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br> - DNS Detection</td> - <td width="78%" class="vtable"><input name="dns_preprocessor" - type="checkbox" value="on" - <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - The DNS preprocessor decodes DNS Response traffic and detects some - vulnerabilities.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td> - <td width="78%" class="vtable"><input name="def_ssl_ports_ignore" - type="text" class="formfld" id="def_ssl_ports_ignore" size="40" - value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br> - <span class="vexpl"> Encrypted traffic should be ignored by Snort - for both performance reasons and to reduce false positives.<br> - Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please - use spaces and not commas.</strong></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input name="id" type="hidden" value="<?=$id;?>"></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click Start. </td> - </tr> - </table> - -</table> -</form> - -</div> - - <?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php deleted file mode 100644 index 871eb39e..00000000 --- a/config/snort-dev/snort_rules.php +++ /dev/null @@ -1,458 +0,0 @@ -<?php -/* - snort_rules.php - Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2008, 2009 Robert Zelaya - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (isset($id) && $a_nat[$id]) { - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; -} - -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); -$iface_uuid = $a_nat[$id]['uuid']; - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"); - -$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); -if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); - if ($isrulesfolderempty == "") { - include_once("head.inc"); - include_once("fbegin.inc"); - - echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - - if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - - echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n - # The rules directory is empty.\n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n - </table>\n - \n - </form>\n - \n - <p>\n\n"; - - echo "Please click on the Update Rules tab to install your selected rule sets."; - include("fend.inc"); - - echo "</body>"; - echo "</html>"; - - exit(0); - } else { - /* Make sure that we have the rules */ - mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); - } -} - -function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; -} - -function write_rule_file($content_changed, $received_file) -{ - @file_put_contents($received_file, implode("\n", $content_changed)); -} - -function load_rule_file($incoming_file) -{ - //read file into string, and get filesize - $contents = @file_get_contents($incoming_file); - - //split the contents of the string file into an array using the delimiter - return explode("\n", $contents); -} - -$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; -//$ruledir = "/usr/local/etc/snort/rules/"; -$dh = opendir($ruledir); -while (false !== ($filename = readdir($dh))) -{ - //only populate this array if its a rule file - $isrulefile = strstr($filename, ".rules"); - if ($isrulefile !== false) - $files[] = basename($filename); -} -sort($files); - -if ($_GET['openruleset']) - $rulefile = $_GET['openruleset']; -else - $rulefile = $ruledir.$files[0]; - -//Load the rule file -$splitcontents = load_rule_file($rulefile); - -if ($_GET['act'] == "toggle" && $_GET['ids']) { - - $lineid= $_GET['ids']; - - //copy rule contents from array into string - $tempstring = $splitcontents[$lineid]; - - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); - - $findme = "# alert"; //find string for disabled alerts - $disabled = strstr($tempstring, $findme); - - //if find alert is false, then rule is disabled - if ($disabled !== false) { - //rule has been enabled - $tempstring = substr($tempstring, 2); - } else - $tempstring = "# ". $tempstring; - - //copy string into array for writing - $splitcontents[$lineid] = $tempstring; - - //write the new .rules file - write_rule_file($splitcontents, $rulefile); - - //write disable/enable sid to config.xml - $sid = get_middle($tempstring, 'sid:', ';', 0); - if (is_numeric($sid)) { - // rule_sid_on registers - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); - if ($disabled === false) - $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; - else - $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; - } - - write_config(); - - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}"); - exit; -} - -$currentruleset = basename($rulefile); - -$ifname = strtoupper($pconfig['interface']); - -require_once("guiconfig.inc"); -include_once("head.inc"); - -$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - -echo "{$snort_general_css}\n"; -?> -<form action="snort_rules.php" method="post" name="iform" id="iform"> - -<script language="javascript" type="text/javascript"> -function go() -{ - var box = document.iform.selectbox; - destination = box.options[box.selectedIndex].value; - if (destination) - location.href = destination; -} -function popup(url) -{ - params = 'width='+screen.width; - params += ', height='+screen.height; - params += ', top=0, left=0' - params += ', fullscreen=yes'; - - newwin=window.open(url,'windowname4', params); - if (window.focus) {newwin.focus()} - return false; -} -</script> - -<table style="table-layout:fixed;" width="99%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> -<tr> - <td> - <div id="mainarea2"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listt" colspan="8"> - <br>Category: - <select id="selectbox" name="selectbox" class="formfld" onChange="go()"> - <?php - foreach ($files as $value) { - echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' "; - if ($value === $currentruleset) - echo "selected"; - echo ">{$value}</option>\n"; - } - ?> - </select> - </td> - </tr> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="5%" class="listhdr">SID</td> - <td width="6%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> - <td width="10%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> - <td width="10%" class="listhdrr">Port</td> - <td width="32%" class="listhdrr">Message</td> - </tr> - <?php - foreach ( $splitcontents as $counter => $value ) - { - $disabled = "False"; - $comments = "False"; - $findme = "# alert"; //find string for disabled alerts - $disabled_pos = strstr($value, $findme); - - $counter2 = 1; - $sid = get_middle($value, 'sid:', ';', 0); - //check to see if the sid is numberical - if (!is_numeric($sid)) - continue; - - //if find alert is false, then rule is disabled - if ($disabled_pos !== false){ - $counter2 = $counter2+1; - $textss = "<span class=\"gray\">"; - $textse = "</span>"; - $iconb = "icon_block_d.gif"; - - $ischecked = ""; - } else { - $textss = $textse = ""; - $iconb = "icon_block.gif"; - - $ischecked = "checked"; - } - - $rule_content = explode(' ', $value); - - $protocol = $rule_content[$counter2];//protocol location - $counter2++; - $source = substr($rule_content[$counter2], 0, 20) . "...";//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - if (strstr($value, 'msg: "')) - $message = get_middle($value, 'msg: "', '";', 0); - else if (strstr($value, 'msg:"')) - $message = get_middle($value, 'msg:"', '";', 0); - - echo "<tr><td class=\"listt\"> $textss\n"; - ?> - <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img - src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" - width="10" height="10" border="0" - title="click to toggle enabled/disabled status"></a> - <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> - <!-- TODO: add checkbox and save so that that disabling is nicer --> - <?php - echo "$textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $sid - $textse - </td> - <td width='6%' class=\"listlr\"> - $textss - $protocol"; - echo "$textse - </td> - <td width='20%' class=\"listlr\"> - $textss - $source - $textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $source_port - $textse - </td> - <td width='20%' class=\"listlr\"> - $textss - $destination - $textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $destination_port - $textse - </td> - <td width='30%' class=\"listbg\"><font color=\"white\"> - $textss - $message - $textse - </td>"; - ?> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="javascript: void(0)" - onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - title="edit rule" width="17" height="17" border="0"></a></td> - <!-- Codes by Quackit.com --> - </tr> - </table> - </td> - <?php - } - ?> - - </table> - </td> - </tr> - <tr> - <td class="listlr"> - <?php echo " <strong><span class='red'>There are {$counter} rules in this category. <br/><br/></span></strong>"; ?> - </td> - </tr> - <tr> - <td> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" - width="11" height="11"></td> - <td>Rule Enabled</td> - </tr> - <tr> - <td><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" - width="11" height="11"></td> - <td nowrap>Rule Disabled</td> - </tr> - <tr> - <!-- TODO: add save and cancel for checkbox options --> - <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> - </tr> - <tr> - <td colspan="10"> - <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>--> - </td> - </tr> - </table> - </td> - </tr> - </table> - </td> -</tr> -</table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_rules_edit.php b/config/snort-dev/snort_rules_edit.php deleted file mode 100644 index 330630f4..00000000 --- a/config/snort-dev/snort_rules_edit.php +++ /dev/null @@ -1,188 +0,0 @@ -<?php -/* - snort_rules_edit.php - Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Adapted for FreeNAS by Volker Theile (votdev@gmx.de) - Copyright (C) 2006-2009 Volker Theile - - Adapted for Pfsense Snort package by Robert Zelaya - Copyright (C) 2008-2009 Robert Zelaya - - Using dp.SyntaxHighlighter for syntax highlighting - http://www.dreamprojections.com/SyntaxHighlighter - Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -$ids = $_GET['ids']; -if (isset($_POST['ids'])) - $ids = $_POST['ids']; - -if (isset($id) && $a_nat[$id]) { - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; -} - -//get rule id -$lineid = $_GET['ids']; -if (isset($_POST['ids'])) - $lineid = $_POST['ids']; - -$file = $_GET['openruleset']; -if (isset($_POST['openruleset'])) - $file = $_POST['openruleset']; - -//read file into string, and get filesize also chk for empty files -$contents = ''; -if (filesize($file) > 0 ) - $contents = file_get_contents($file); - -//delimiter for each new rule is a new line -$delimiter = "\n"; - -//split the contents of the string file into an array using the delimiter -$splitcontents = explode($delimiter, $contents); -$findme = "# alert"; //find string for disabled alerts -$highlight = "yes"; -if (strstr($splitcontents[$lineid], $findme)) - $highlight = "no"; -if ($highlight == "no") - $splitcontents[$lineid] = substr($splitcontents[$lineid], 2); - -if (!function_exists('get_middle')) { - function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; - } -} - -if ($_POST) { - if ($_POST['save']) { - - //copy string into file array for writing - if ($_POST['highlight'] == "yes") - $splitcontents[$lineid] = $_POST['code']; - else - $splitcontents[$lineid] = "# " . $_POST['code']; - - //write disable/enable sid to config.xml - $sid = get_middle($splitcontents[$lineid], 'sid:', ';', 0); - if (is_numeric($sid)) { - // rule_sid_on registers - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); - if ($_POST['highlight'] == "yes") - $a_nat[$id]['rule_sid_on'] = "||enablesid $sid" . $a_nat[$id]['rule_sid_on']; - else - $a_nat[$id]['rule_sid_off'] = "||disablesid $sid" . $a_nat[$id]['rule_sid_off']; - } - - //write the new .rules file - @file_put_contents($file, implode($delimiter, $splitcontents)); - - write_config(); - - echo "<script> opener.window.location.reload(); window.close(); </script>"; - exit; - } -} - -$pgtitle = array(gettext("Advanced"), gettext("File Editor")); - -?> - -<?php include("head.inc");?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<form action="snort_rules_edit.php" method="post"> - <?php if ($savemsg) print_info_box($savemsg); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr> - <td class="tabcont"> - - - <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> - <tr> - <td> - <input name="save" type="submit" class="formbtn" id="save" value="save" /> - <input type='hidden' name='id' value='<?=$id;?>' /> - <input type='hidden' name='ids' value='<?=$ids;?>' /> - <input type='hidden' name='openruleset' value='<?=$file;?>' /> - <input type="button" class="formbtn" value="Cancel" onclick="window.close()"> - <hr noshade="noshade" /> - Disable original rule :<br/> - - <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> /> - <label for="highlighting_enabled"><?=gettext("Enabled");?> </label> - <input id="highlighting_disabled" name="highlight2" type="radio" value="no" <?php if($highlight == "no") echo " checked=\"checked\""; ?> /> - <label for="highlighting_disabled"> <?=gettext("Disabled");?></label> - </td> - </tr> - <tr> - <td valign="top" class="label"> - <textarea wrap="off" style="width: 98%; margin: 7px;" - class="<?php echo $language; ?>:showcolumns" rows="3" - cols="66" name="code"><?=$splitcontents[$lineid];?></textarea> - </div> - </td> - </tr> - <tr> - <td valign="top" class="label"> - <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea disabled - wrap="off" style="width: 98%; margin: 7px;" - class="<?php echo $language; ?>:showcolumns" rows="33" - cols="66" name="code2"><?=$contents;?></textarea> - </div> - </td> - </tr> - </table> - </td> -</tr> -</table> -</form> -<?php include("fend.inc");?> -</body> -</html> diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php deleted file mode 100644 index 313daea2..00000000 --- a/config/snort-dev/snort_rulesets.php +++ /dev/null @@ -1,313 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -global $g; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; -} - -if (isset($id) && $a_nat[$id]) { - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - - /* convert fake interfaces to real */ - $if_real = snort_get_real_interface($pconfig['interface']); - - $iface_uuid = $a_nat[$id]['uuid']; -} - -$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories"; - - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); -if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); - if ($isrulesfolderempty == "") { - include_once("head.inc"); - include("fbegin.inc"); - - echo "<p class=\"pgtitle\">"; - if($pfsense_stable == 'yes'){echo $pgtitle;} - echo "</p>\n"; - - echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - - echo " - <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr><td>\n"; - - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - echo " - </td></tr> - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n - # The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n - </table>\n - \n - </form>\n - \n - <p>\n\n"; - - echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty"; - include("fend.inc"); - - echo "</body>"; - echo "</html>"; - - exit(0); - } else { - /* Make sure that we have the rules */ - mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); - } -} - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty"; -if ($_POST["Submit"]) { - $enabled_items = ""; - $isfirst = true; - if (is_array($_POST['toenable'])) - $enabled_items = implode("||", $_POST['toenable']); - else - $enabled_items = $_POST['toenable']; - $a_nat[$id]['rulesets'] = $enabled_items; - - write_config(); - sync_snort_package_config(); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /snort/snort_rulesets.php?id=$id"); - exit; -} - -$enabled_rulesets = $a_nat[$id]['rulesets']; -if($enabled_rulesets) - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); - -include_once("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> - -<?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php -echo "{$snort_general_css}\n"; -?> - -<div class="body2"> - -<noscript> -<div class="alert" ALIGN=CENTER><img - src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong>Please -enable JavaScript to view this content -</CENTER></div> -</noscript> - -<?php - -echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; - -?> <?php - -/* Display message */ - -if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks -} - -if ($savemsg) { - print_info_box2($savemsg); -} - -if (file_exists($d_snortconfdirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } -} - -?> - -<table width="99%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> -</td></tr> - <tr> - <td> - <div id="mainarea2"> - <table id="maintable" class="tabcont" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Enabled</td> - <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on 64 bit architectures.';}?></td> - <!-- <td class="listhdrr">Description</td> --> - </tr> - <?php - $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; - $dh = opendir($dir); - while (false !== ($filename = readdir($dh))) { - $files[] = basename($filename); - } - sort($files); - foreach($files as $file) { - if(!stristr($file, ".rules")) - continue; - echo "<tr>\n"; - echo "<td align=\"center\" valign=\"top\">"; - if(is_array($enabled_rulesets_array)) - if(in_array($file, $enabled_rulesets_array)) { - $CHECKED = " checked=\"checked\""; - } else { - $CHECKED = ""; - } - else - $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; - echo "</td>\n"; - echo "<td>\n"; - echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; - echo "</td>\n</tr>\n\n"; - //echo "<td>"; - //echo "description"; - //echo "</td>"; - } - - ?> - </table> - </td> - </tr> - <tr> - <td> </td> - </tr> - <tr> - <td>Check the rulesets that you would like Snort to load at startup.</td> - </tr> - <tr> - <td> </td> - </tr> - <tr> - <td><input value="Save" type="submit" name="Submit" id="Submit" /></td> - </tr> - </table> - </div> - </td> - </tr> -</table> - -</form> - -<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.</p> - -</div> - -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - -</body> -</html> diff --git a/config/snort-dev/snort_startstop.php b/config/snort-dev/snort_startstop.php deleted file mode 100644 index c006ced9..00000000 --- a/config/snort-dev/snort_startstop.php +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/local/bin/php -f - -<?php -/* - snort_startstop.php - Copyright (C) 2009-2010 Robert Zelaya - part of pfSense - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - - -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/etc/inc/config.inc"); - -if (empty($argv) || file_exists("/tmp/snort_startstop.php.pid")) { - exit(); -} - -if (!empty($_GET[snortstart]) && !empty($_GET[snortstop]) || empty($_GET[snortstart]) && empty($_GET[snortstop]) ) { - exit(); -} - - // make shure there are no dup starts - exec("/bin/echo 'Starting snort_startstop.php' > /tmp/snort_startstop.php.pid"); - - // wait until boot is done - $snort_bootupWait = function() use(&$_GET, &$g) { - $i = 0; - exec("/bin/echo {$i} > /tmp/snort_testing.sh.pid"); - while(isset($g['booting']) || file_exists("{$g['varrun_path']}/booting")) { - $i++; - exec("/usr/bin/logger -p daemon.info -i -t SnortBoot 'Snort Boot count...{$i}'"); - exec("/bin/echo {$i} > /tmp/snort_testing.sh.pid"); // remove when finnished testing - sleep(2); - } - }; - $snort_bootupWait(); - - - $snort_bootupCleanStartStop = function($type) use(&$_GET, &$g) { - - $snortstartArray = explode(',', $_GET[$type]); - - foreach($snortstartArray as $iface_pre) { - - if (!empty($iface_pre)) { - $iface = explode('_', $iface_pre); - - if( !empty($iface[0]) && !empty($iface[1]) && is_numeric($iface[2]) ) { - - if($type === 'snortstart') { Running_Start($iface[0], $iface[1], $iface[2]); } - - if($type === 'snortstop') { Running_Stop($iface[0], $iface[1], $iface[2]); } - - } - } - } - }; - - - if (!empty($_GET[snortstart])) { - $snort_bootupCleanStartStop('snortstart'); - } - if (!empty($_GET[snortstop])) { - $snort_bootupCleanStartStop('snortstop'); - } - - // important - @exec("/bin/rm /tmp/snort_startstop.php.pid"); - exit(); - -?> diff --git a/config/snort-dev/snortsam-package-code/css/new_tab_menu.css b/config/snort-dev/snortsam-package-code/css/new_tab_menu.css deleted file mode 100644 index 1592be9f..00000000 --- a/config/snort-dev/snortsam-package-code/css/new_tab_menu.css +++ /dev/null @@ -1,110 +0,0 @@ -/* - new_tab_menu.css - part of pfSense - Copyright (C) 2010-2011 Robert Zelaya - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - - Replace your old tab menu with the following code. To add a second tab menu line just cut and paste again. - The following code is dependent on new_tab_menu.css and images/new_tab_menu.png. - - <tr> - <td> - <?php - $tab_array_indent = 0; // move to the line in px - $tab_array_space = 1; // space betwen lines in px - $tab_array_char_limit = 82; // number or chr before the drop down box - $tab_array = array(); - $tab_array[] = array(gettext("Admin Access"), true, "system_advanced_admin.php"); - $tab_array[] = array(gettext("Firewall / NAT"), false, "system_advanced_firewall.php"); - $tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php"); - $tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php"); - $tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php"); - $tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php"); - display_top_tabs($tab_array); - ?> - </td> - </tr> - -*/ - - -.spannewtab { - font-size: 0.9em; -} - -.newtabmenu ul, li{ - border:0; - margin:0; padding:0; - list-style:none; -} - -.newtabmenu li{float:left; margin-right:2px; text-align: center;} -.newtabmenu a:link, .newtabmenu a:visited{ - background:url(/snort/images/new_tab_menu.png) right 45px; - color:#ffffff; /* noactive font */ - display:block; - /* fix for IE6 */ - display: inline-block; - /* END */ - font-weight:bold; - font-size:.9em; - height:20px; - line-height:20px; - text-decoration:none; -} -.newtabmenu a span{ - background:url(/snort/images/new_tab_menu.png) left 45px; - display:block; - /* fix for IE6 */ - display: inline-block; - /* END */ - height:20px; - margin-right:7px; - padding-left:7px; -} -.newtabmenu a:hover{ - background:url(/snort/images/new_tab_menu.png) right 23px; - display:block; - /* fix for IE6 */ - display: inline-block; - /* END */ - color:#ffffff; /* hover over font */ -} -.newtabmenu a:hover span{ - background:url(/snort/images/new_tab_menu.png) left 23px; - display:block; - /* fix for IE6 */ - display: inline-block; - /* END */ -} - -/* -------------------------------- */ -/* ACTIVE ELEMENTS */ -.newtabmenu_active a:link, .newtabmenu_active a:visited, .newtabmenu_active a:visited, .newtabmenu_active a:hover{ - color:#000000; /* active font */ - background:url(/snort/images/new_tab_menu.png) right 0 no-repeat; -} -.newtabmenu_active a span, .newtabmenu_active a:hover span{ - background:url(/snort/images/new_tab_menu.png) left 0 no-repeat; -} diff --git a/config/snort-dev/snortsam-package-code/css/style_snort2.css b/config/snort-dev/snortsam-package-code/css/style_snort2.css deleted file mode 100644 index 16b2e327..00000000 --- a/config/snort-dev/snortsam-package-code/css/style_snort2.css +++ /dev/null @@ -1,571 +0,0 @@ -@charset "utf-8"; - - -/* ips tab css */ - -#infotext_ips { - - vertical-align: middle; - -} - -.nextClickList { - margin-bottom: 5px; -} - -.nextClickListColorEven { - padding-top: 2px; - padding-bottom: 2px; - padding-left: 10px; - padding-right: 10px; - background-color: #ffffff; - font-size: 11px; - border-bottom-color: #999999; - border-bottom-width: 1px; - border-bottom-style: solid; - border-right-color: #999999; - border-right-width: 1px; - border-right-style: solid; -} - -.nextClickListColorOdd { - padding-top: 2px; - padding-bottom: 2px; - padding-left: 10px; - padding-right: 10px; - background-color: #eeeeee; - font-size: 11px; - border-bottom-color: #999999; - border-bottom-width: 1px; - border-bottom-style: solid; - border-right-color: #999999; - border-right-width: 1px; - border-right-style: solid; -} - - -#right { - - position: relative; - top: -10px; - left: 0px; - width: 800px; - margin-top: 0px; - margin-left: 0px; - margin-right: 5px; - padding-top: 20px; - padding-left: 0px; - padding-right: 0px; - padding-bottom: 90px; - min-height: 400px; - -} - -.odd_ruleset2 { - text-align: center; - background-color: #ffffff; - border-left: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - padding-right: 2px; - padding-left: 2px; - padding-top: 4px; - padding-bottom: 4px; -} - -.even_ruleset2 { - text-align: center; - background-color: #eeeeee; - border-left: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - padding-right: 2px; - padding-left: 2px; - padding-top: 4px; - padding-bottom: 4px; -} - -.odd_ruleset { - - background-color: #ffffff; - border-left: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 14px; - padding-right: 2px; - padding-left: 20px; - padding-top: 2px; - padding-bottom: 2px; - -} - -.even_ruleset { - - background-color: #eeeeee; - border-left: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 14px; - padding-right: 2px; - padding-left: 20px; - padding-top: 2px; - padding-bottom: 2px; - -} - -.rulesetbkg { - background-color: #eeeeee; - padding-right: 0px; - padding-left: 0px; - border-bottom: 1px solid #999999; - font-size: 15px; -} - - -.hiddendownloadlink { - visibility:hidden; -} - -#loadingWaiting, #loadingRuleEditGUI, #loadingRuleUpadteGUI{ - display:none; - position:fixed; - left:0; - top:0; - width:100%; - height:100%; - background-image:url("/snort/images/transparentbg.png"); - z-index: 9998; - color: #ffffff; -} - -.loadingWaitingMessage{ - - text-align: center; - margin-top:40px; - -} - -.snortModal { - width:500px; - height:300px; - position:absolute; - z-index:999; - background-color:#000; -} - -.snortModalTop { - width:500px; - height:25px; - background-image:url( '/snort/images/top_modal_bar_lil.jpg' ); - background-repeat:repeat-x; - margin-bottom:1px; -} - -.snortModalTitle { - text-align: center; -} - -.snortModalTopClose { - width:9px; - height:9px; - float:right; - margin-right:10px; - margin-top:8px; -} - -.snortModalUpdate { - width: 700px; - height: 200px; - z-index:999; - background-color:#000000; -} - -.snortModalTopUpdate { - width: 700px; - height: 25px; - background-image:url( '/snort/images/top_modal_bar_lil.jpg' ); - background-repeat:repeat-x; - margin-bottom:1px; -} - -.snortModalTitleUpdate { - position:absolute; - left: 50px; - width: 600px; - margin-top: 0px; - margin-bottom: 0px; -} - -.snortModalTitleUpdateMsg1 { - top: 50px; - font-weight: bold; - font-size: 24px; -} - -.snortModalTitleUpdateBar { - top: 90px; -} - -.snortModalTitleUpdateMsg2 { - top: 145px; -} - -.listhdrr2 { - background-color: #BBBBBB; - padding-right: 1px; - padding-left: 1px; - font-weight: bold; - border-right: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - padding-top: 5px; - padding-bottom: 5px; -} - -.listtopic2 { - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #eeeeee; - padding-right: 16px; - padding-left: 6px; - color: #000000; - font-weight: bold; - padding-top: 5px; - padding-bottom: 5px; -} - -.listtopic3 { - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #eeeeee; - padding-right: 6px; - padding-left: 16px; - color: #000000; - font-weight: bold; -} - -#footer2 { - background-color: transparent; - background-image: url("/snort/images/logo22.png"); - width: 720px; - height: 60px; - text-align: center; - font-size: 0.8em; -} - -.alert { - position:absolute; - top:10px; - left:-25px; - width:100%; - height:90%; - z-index:999; - background:#FCE9C0; - background-position: 15px; - border-top:2px solid #DBAC48; - border-bottom:2px solid #DBAC48; - padding: 15px 10px 85% 50px; -} - -.formpre { - font-family:arial; - font-size: 1.1em; -} - -#download_rules { - font-family: arial; - font-size: 13px; - font-weight: bold; - text-align: center; -} - -#download_rules_td { - font-family: arial; - font-size: 13px; - font-weight: bold; - text-align: center; -} - -/* hack fix the hard coded fbegin link */ -#header-left2 { - position: absolute; - background-position: center center; - height: 67px; - width: 147px; - top: -77px; - left: 8px; - float: left; - z-index:999; -} -#header-left2 #status-link2 { - position: relative; - top: 3px; - left: 2px; -} -/* end of fbegin hack */ - -.body2 { - font-family:arial; - font-size:12px; -} - -.tabcont { - background-color: #dddddd; - padding-right: 12px; - padding-left: 12px; - padding-top: 12px; - padding-bottom: 12px; -} - -.tabcont2 { - background-color: #eeeeee; - padding-right: 12px; - padding-left: 12px; - padding-top: 12px; - padding-bottom: 12px; -} - -.vncell2 { - background-color: #eeeeee; - padding-right: 5px; - padding-left: 5px; - border-bottom: 1px solid #999999; - font-size: 11px; -} - -.vncelltextbox { - background-color: #eeeeee; - padding-top: 8px; - padding-bottom: 8px; - padding-right: 8px; - padding-left: 8px; - border-bottom-width: 1px; - border-bottom-style: solid; - border-bottom-color: #999999; - font-size: 11px; -} - -/* global tab, white lil box */ -.vncell3 { - width: 50px; - background-color: #eeeeee; - padding-right: 2px; - padding-left: 2px; - border-bottom-width: 1px; - border-bottom-style: solid; - border-bottom-color: #999999; - font-size: 11px; -} - -.vncellreq2 { -background-color: #eeeeee; -padding-right: 20px; -padding-left: 8px; -font-weight: bold; -border-bottom-width: 1px; -border-bottom-style: solid; -border-bottom-color: #999999; -font-size: 11px; -} - -/* Start of main css Pfsense */ -/* Start of main css Pfsense */ - -.textstyle { - font-family: "Arial", "Helvetica", "sans-serif"; - font-size: 12px; - font-style: normal; - background-color: #666; - color: #CCC; -} -.textstyle p2 a { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - color: #CCC; -} - -.textstyle p { - font-family: Arial, Helvetica, sans-serif; - font-size: 24px; - font-weight: bold; - color: #FFF; - text-decoration: underline; -} -.textstyle p2 { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - color: #CCC; -} - -/* Start of main css for table sort */ -/* Start of main css for table sort */ - -table { - margin: 0; - padding: 0; - border: 0; - font-weight: inherit; - font-style: inherit; - font-family: Arial, Helvetica, sans-serif; - vertical-align: baseline; -} - -/* Tables still need 'cellspacing="0"' in the markup. */ -table { border-collapse: separate; border-spacing: 0; } -caption, th, td { text-align: left; font-weight:400; } - -/* Remove possible quote marks (") from <q>, <blockquote>. */ -blockquote:before, blockquote:after, q:before, q:after { content: ""; } -blockquote, q { quotes: "" ""; } - -#container { - width: auto; - margin: 0px; - padding-top: 10px; - padding-bottom: 10px; -} - - - -/************************************************************** - - Sortable Table - v 1.4 - -**************************************************************/ - - - -th { - background-color: #eee; - background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px; - padding: 4px 4px 4px 14px; -} - -.allRow { - background-color: #eee; - padding: 4px; -} - -tr.altRow { - background-color: #fff; -} - -.leftAlign { - text-align: left; -} - -.centerAlign { - text-align: center; -} - -.rightAlign { - text-align: right; -} - -.sortedASC { - background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee; -} - -.sortedDESC { - background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee; -} - -.tableHeaderOver { - cursor: pointer; - color: #354158; -} - - -tr.selected { - background-color: #9999ff; - color: #000000; -} - -tr.over { - background-color: #993333; - color: #fff; - cursor: pointer; -} - -tr.hide { - display: none; -} -/***************************/ - -.mainTableFilter { - position: absolute; - top: 0; - left: -10px; - width: auto; -} - -.tableFilter { - border: 1px solid #ccc; - padding: 2px; - margin: 5px 0 10px 0; -} - -.tableFilter input { - border: 1px solid #ccc; -} - -.tableFilter select { - border: 1px solid #ccc; -} - -.listbg2 { - border-right: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #090; - color: #000; - padding-right: 16px; - padding-left: 6px; - padding-top: 4px; - padding-bottom: 4px; -} - -.listbg3 { - border-right: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #777777; - color: #000; - padding-right: 16px; - padding-left: 6px; - padding-top: 4px; - padding-bottom: 4px; -} - -#tdbggrey { - -background-color: #ddd; - -} - -.formfld2 -{ -padding-left: 8px; -font-size: small; -} - -/*********Input Highlight*****************/ - -.formfld2 { - outline:none; - transition: all 0.25s ease-in-out; - -webkit-transition: all 0.25s ease-in-out; - -moz-transition: all 0.25s ease-in-out; - border-radius:1px; - -webkit-border-radius:1px; - -moz-border-radius:1px; - border:1px solid rgba(0,0,0, 0.2); -} - -.formfld2:focus { - box-shadow: 0 0 2px rgba(156, 156, 156, 1); - -webkit-box-shadow: 0 0 2px rgba(156, 156, 156, 1); - -moz-box-shadow: 0 0 2px rgba(156, 156, 156, 1); - border:1px solid rgba(156,156,156, 0.8); -} - diff --git a/config/snort-dev/snortsam-package-code/images/alert.jpg b/config/snort-dev/snortsam-package-code/images/alert.jpg Binary files differdeleted file mode 100644 index 96c24e35..00000000 --- a/config/snort-dev/snortsam-package-code/images/alert.jpg +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/arrow_down.png b/config/snort-dev/snortsam-package-code/images/arrow_down.png Binary files differdeleted file mode 100644 index 2c4e2793..00000000 --- a/config/snort-dev/snortsam-package-code/images/arrow_down.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/awesome-overlay-sprite.png b/config/snort-dev/snortsam-package-code/images/awesome-overlay-sprite.png Binary files differdeleted file mode 100644 index c3af7dd9..00000000 --- a/config/snort-dev/snortsam-package-code/images/awesome-overlay-sprite.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/close_9x9.gif b/config/snort-dev/snortsam-package-code/images/close_9x9.gif Binary files differdeleted file mode 100644 index 326f5fa5..00000000 --- a/config/snort-dev/snortsam-package-code/images/close_9x9.gif +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/controls.png b/config/snort-dev/snortsam-package-code/images/controls.png Binary files differdeleted file mode 100644 index e1e97982..00000000 --- a/config/snort-dev/snortsam-package-code/images/controls.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/down.gif b/config/snort-dev/snortsam-package-code/images/down.gif Binary files differdeleted file mode 100644 index 2b3c99fc..00000000 --- a/config/snort-dev/snortsam-package-code/images/down.gif +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/down2.gif b/config/snort-dev/snortsam-package-code/images/down2.gif Binary files differdeleted file mode 100644 index 71bf92eb..00000000 --- a/config/snort-dev/snortsam-package-code/images/down2.gif +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/footer.jpg b/config/snort-dev/snortsam-package-code/images/footer.jpg Binary files differdeleted file mode 100644 index 4af05707..00000000 --- a/config/snort-dev/snortsam-package-code/images/footer.jpg +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/footer2.jpg b/config/snort-dev/snortsam-package-code/images/footer2.jpg Binary files differdeleted file mode 100644 index 3332e085..00000000 --- a/config/snort-dev/snortsam-package-code/images/footer2.jpg +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/icon-table-sort-asc.png b/config/snort-dev/snortsam-package-code/images/icon-table-sort-asc.png Binary files differdeleted file mode 100644 index 0c127919..00000000 --- a/config/snort-dev/snortsam-package-code/images/icon-table-sort-asc.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/icon-table-sort-desc.png b/config/snort-dev/snortsam-package-code/images/icon-table-sort-desc.png Binary files differdeleted file mode 100644 index 5c52f2d0..00000000 --- a/config/snort-dev/snortsam-package-code/images/icon-table-sort-desc.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/icon-table-sort.png b/config/snort-dev/snortsam-package-code/images/icon-table-sort.png Binary files differdeleted file mode 100644 index 3cae604b..00000000 --- a/config/snort-dev/snortsam-package-code/images/icon-table-sort.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/icon_excli.png b/config/snort-dev/snortsam-package-code/images/icon_excli.png Binary files differdeleted file mode 100644 index 4b54fa31..00000000 --- a/config/snort-dev/snortsam-package-code/images/icon_excli.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/loading.gif b/config/snort-dev/snortsam-package-code/images/loading.gif Binary files differdeleted file mode 100644 index cbc00f09..00000000 --- a/config/snort-dev/snortsam-package-code/images/loading.gif +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/logo.jpg b/config/snort-dev/snortsam-package-code/images/logo.jpg Binary files differdeleted file mode 100644 index fa01d818..00000000 --- a/config/snort-dev/snortsam-package-code/images/logo.jpg +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/logo22.png b/config/snort-dev/snortsam-package-code/images/logo22.png Binary files differdeleted file mode 100644 index 64ed9d75..00000000 --- a/config/snort-dev/snortsam-package-code/images/logo22.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/new_tab_menu.png b/config/snort-dev/snortsam-package-code/images/new_tab_menu.png Binary files differdeleted file mode 100644 index f0e4cbeb..00000000 --- a/config/snort-dev/snortsam-package-code/images/new_tab_menu.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/page_white_text.png b/config/snort-dev/snortsam-package-code/images/page_white_text.png Binary files differdeleted file mode 100644 index 813f712f..00000000 --- a/config/snort-dev/snortsam-package-code/images/page_white_text.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/progress_bar2.gif b/config/snort-dev/snortsam-package-code/images/progress_bar2.gif Binary files differdeleted file mode 100644 index 81766a93..00000000 --- a/config/snort-dev/snortsam-package-code/images/progress_bar2.gif +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/progressbar.gif b/config/snort-dev/snortsam-package-code/images/progressbar.gif Binary files differdeleted file mode 100644 index 6d167f5b..00000000 --- a/config/snort-dev/snortsam-package-code/images/progressbar.gif +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/top_modal_bar_lil.jpg b/config/snort-dev/snortsam-package-code/images/top_modal_bar_lil.jpg Binary files differdeleted file mode 100644 index f0049de8..00000000 --- a/config/snort-dev/snortsam-package-code/images/top_modal_bar_lil.jpg +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/transparent.gif b/config/snort-dev/snortsam-package-code/images/transparent.gif Binary files differdeleted file mode 100644 index e7ccd741..00000000 --- a/config/snort-dev/snortsam-package-code/images/transparent.gif +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/transparentbg.png b/config/snort-dev/snortsam-package-code/images/transparentbg.png Binary files differdeleted file mode 100644 index 86918930..00000000 --- a/config/snort-dev/snortsam-package-code/images/transparentbg.png +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/up.gif b/config/snort-dev/snortsam-package-code/images/up.gif Binary files differdeleted file mode 100644 index 89596771..00000000 --- a/config/snort-dev/snortsam-package-code/images/up.gif +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/images/up2.gif b/config/snort-dev/snortsam-package-code/images/up2.gif Binary files differdeleted file mode 100644 index 21c5a254..00000000 --- a/config/snort-dev/snortsam-package-code/images/up2.gif +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/javascript/jquery-1.6.2.min.js b/config/snort-dev/snortsam-package-code/javascript/jquery-1.6.2.min.js deleted file mode 100644 index 48590ecb..00000000 --- a/config/snort-dev/snortsam-package-code/javascript/jquery-1.6.2.min.js +++ /dev/null @@ -1,18 +0,0 @@ -/*! - * jQuery JavaScript Library v1.6.2 - * http://jquery.com/ - * - * Copyright 2011, John Resig - * Dual licensed under the MIT or GPL Version 2 licenses. - * http://jquery.org/license - * - * Includes Sizzle.js - * http://sizzlejs.com/ - * Copyright 2011, The Dojo Foundation - * Released under the MIT, BSD, and GPL Licenses. - * - * Date: Thu Jun 30 14:16:56 2011 -0400 - */ -(function(a,b){function cv(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cs(a){if(!cg[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cr(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cq(){cn=b}function cp(){setTimeout(cq,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g++){if(g===1)for(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l+" "+k,n=e[m]||e["* "+k];if(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1]+" "+k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from "+m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}return c}function bZ(a,c,d){var e=a.contents,f=a.dataTypes,g=a.responseFields,h,i,j,k;for(i in g)i in d&&(c[g[i]]=d[i]);while(f[0]==="*")f.shift(),h===b&&(h=a.mimeType||c.getResponseHeader("content-type"));if(h)for(i in e)if(e[i]&&e[i].test(h)){f.unshift(i);break}if(f[0]in d)j=f[0];else{for(i in d){if(!f[0]||a.converters[i+" "+f[0]]){j=i;break}k||(k=i)}j=j||k}if(j){j!==f[0]&&f.unshift(j);return d[j]}}function bY(a,b,c,d){if(f.isArray(b))f.each(b,function(b,e){c||bC.test(a)?d(a,e):bY(a+"["+(typeof e=="object"||f.isArray(e)?b:"")+"]",e,c,d)});else if(!c&&b!=null&&typeof b=="object")for(var e in b)bY(a+"["+e+"]",b[e],c,d);else d(a,b)}function bX(a,c,d,e,f,g){f=f||c.dataTypes[0],g=g||{},g[f]=!0;var h=a[f],i=0,j=h?h.length:0,k=a===bR,l;for(;i<j&&(k||!l);i++)l=h[i](c,d,e),typeof l=="string"&&(!k||g[l]?l=b:(c.dataTypes.unshift(l),l=bX(a,c,d,e,l,g)));(k||!l)&&!g["*"]&&(l=bX(a,c,d,e,"*",g));return l}function bW(a){return function(b,c){typeof b!="string"&&(c=b,b="*");if(f.isFunction(c)){var d=b.toLowerCase().split(bN),e=0,g=d.length,h,i,j;for(;e<g;e++)h=d[e],j=/^\+/.test(h),j&&(h=h.substr(1)||"*"),i=a[h]=a[h]||[],i[j?"unshift":"push"](c)}}}function bA(a,b,c){var d=b==="width"?a.offsetWidth:a.offsetHeight,e=b==="width"?bv:bw;if(d>0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bx(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bm(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(be,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bl(a){f.nodeName(a,"input")?bk(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bk)}function bk(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bj(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bi(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bh(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i<j;i++)f.event.add(b,h+(g[h][i].namespace?".":"")+g[h][i].namespace,g[h][i],g[h][i].data)}}}}function bg(a,b){return f.nodeName(a,"table")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function W(a,b,c){b=b||0;if(f.isFunction(b))return f.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return f.grep(a,function(a,d){return a===b===c});if(typeof b=="string"){var d=f.grep(a,function(a){return a.nodeType===1});if(R.test(b))return f.filter(b,d,!c);b=f.filter(b,d)}return f.grep(a,function(a,d){return f.inArray(a,b)>=0===c})}function V(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function N(a,b){return(a&&a!=="*"?a+".":"")+b.replace(z,"`").replace(A,"&")}function M(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;i<s.length;i++)g=s[i],g.origType.replace(x,"")===a.type?q.push(g.selector):s.splice(i--,1);e=f(a.target).closest(q,a.currentTarget);for(j=0,k=e.length;j<k;j++){m=e[j];for(i=0;i<s.length;i++){g=s[i];if(m.selector===g.selector&&(!n||n.test(g.namespace))&&!m.elem.disabled){h=m.elem,d=null;if(g.preType==="mouseenter"||g.preType==="mouseleave")a.type=g.preType,d=f(a.relatedTarget).closest(g.selector)[0],d&&f.contains(h,d)&&(d=h);(!d||d!==h)&&p.push({elem:h,handleObj:g,level:m.level})}}}for(j=0,k=p.length;j<k;j++){e=p[j];if(c&&e.level>c)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function K(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function E(){return!0}function D(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"$1-$2").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function J(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(J,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z])/ig,x=function(a,b){return b.toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.2",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j<k;j++)if((a=arguments[j])!=null)for(c in a){d=i[c],f=a[c];if(i===f)continue;l&&f&&(e.isPlainObject(f)||(g=e.isArray(f)))?(g?(g=!1,h=d&&e.isArray(d)?d:[]):h=d&&e.isPlainObject(d)?d:{},i[c]=e.extend(l,h,f)):f!==b&&(i[c]=f)}return i},e.extend({noConflict:function(b){a.$===e&&(a.$=g),b&&a.jQuery===e&&(a.jQuery=f);return e},isReady:!1,readyWait:1,holdReady:function(a){a?e.readyWait++:e.ready(!0)},ready:function(a){if(a===!0&&!--e.readyWait||a!==!0&&!e.isReady){if(!c.body)return setTimeout(e.ready,1);e.isReady=!0;if(a!==!0&&--e.readyWait>0)return;A.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!A){A=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1;var c;for(c in a);return c===b||D.call(a,c)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(b,c,d){a.DOMParser?(d=new DOMParser,c=d.parseFromString(b,"text/xml")):(c=new ActiveXObject("Microsoft.XMLDOM"),c.async="false",c.loadXML(b)),d=c.documentElement,(!d||!d.nodeName||d.nodeName==="parsererror")&&e.error("Invalid XML: "+b);return c},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g<h;)if(c.apply(a[g++],d)===!1)break}else if(i){for(f in a)if(c.call(a[f],f,a[f])===!1)break}else for(;g<h;)if(c.call(a[g],g,a[g++])===!1)break;return a},trim:G?function(a){return a==null?"":G.call(a)}:function(a){return a==null?"":(a+"").replace(k,"").replace(l,"")},makeArray:function(a,b){var c=b||[];if(a!=null){var d=e.type(a);a.length==null||d==="string"||d==="function"||d==="regexp"||e.isWindow(a)?E.call(c,a):e.merge(c,a)}return c},inArray:function(a,b){if(H)return H.call(b,a);for(var c=0,d=b.length;c<d;c++)if(b[c]===a)return c;return-1},merge:function(a,c){var d=a.length,e=0;if(typeof c.length=="number")for(var f=c.length;e<f;e++)a[d++]=c[e];else while(c[e]!==b)a[d++]=c[e++];a.length=d;return a},grep:function(a,b,c){var d=[],e;c=!!c;for(var f=0,g=a.length;f<g;f++)e=!!b(a[f],f),c!==e&&d.push(a[f]);return d},map:function(a,c,d){var f,g,h=[],i=0,j=a.length,k=a instanceof e||j!==b&&typeof j=="number"&&(j>0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i<j;i++)f=c(a[i],i,d),f!=null&&(h[h.length]=f);else for(g in a)f=c(a[g],g,d),f!=null&&(h[h.length]=f);return h.concat.apply([],h)},guid:1,proxy:function(a,c){if(typeof c=="string"){var d=a[c];c=a,a=d}if(!e.isFunction(a))return b;var f=F.call(arguments,2),g=function(){return a.apply(c,f.concat(F.call(arguments)))};g.guid=a.guid=a.guid||g.guid||e.guid++;return g},access:function(a,c,d,f,g,h){var i=a.length;if(typeof c=="object"){for(var j in c)e.access(a,j,c[j],f,g,d);return a}if(d!==b){f=!h&&f&&e.isFunction(d);for(var k=0;k<i;k++)g(a[k],c,f?d.call(a[k],k,g(a[k],c)):d,h);return a}return i?g(a[0],c):b},now:function(){return(new Date).getTime()},uaMatch:function(a){a=a.toLowerCase();var b=s.exec(a)||t.exec(a)||u.exec(a)||a.indexOf("compatible")<0&&v.exec(a)||[];return{browser:b[1]||"",version:b[2]||"0"}},sub:function(){function a(b,c){return new a.fn.init(b,c)}e.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.constructor=a,a.sub=this.sub,a.fn.init=function(d,f){f&&f instanceof e&&!(f instanceof a)&&(f=a(f));return e.fn.init.call(this,d,f,b)},a.fn.init.prototype=a.fn;var b=a(c);return a},browser:{}}),e.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(a,b){I["[object "+b+"]"]=b.toLowerCase()}),z=e.uaMatch(y),z.browser&&(e.browser[z.browser]=!0,e.browser.version=z.version),e.browser.webkit&&(e.browser.safari=!0),j.test(" ")&&(k=/^[\s\xA0]+/,l=/[\s\xA0]+$/),h=e(c),c.addEventListener?B=function(){c.removeEventListener("DOMContentLoaded",B,!1),e.ready()}:c.attachEvent&&(B=function(){c.readyState==="complete"&&(c.detachEvent("onreadystatechange",B),e.ready())});return e}(),g="done fail isResolved isRejected promise then always pipe".split(" "),h=[].slice;f.extend({_Deferred:function(){var a=[],b,c,d,e={done:function(){if(!d){var c=arguments,g,h,i,j,k;b&&(k=b,b=0);for(g=0,h=c.length;g<h;g++)i=c[g],j=f.type(i),j==="array"?e.done.apply(e,i):j==="function"&&a.push(i);k&&e.resolveWith(k[0],k[1])}return this},resolveWith:function(e,f){if(!d&&!b&&!c){f=f||[],c=1;try{while(a[0])a.shift().apply(e,f)}finally{b=[e,f],c=0}}return this},resolve:function(){e.resolveWith(this,arguments);return this},isResolved:function(){return!!c||!!b},cancel:function(){d=1,a=[];return this}};return e},Deferred:function(a){var b=f._Deferred(),c=f._Deferred(),d;f.extend(b,{then:function(a,c){b.done(a).fail(c);return this},always:function(){return b.done.apply(b,arguments).fail.apply(this,arguments)},fail:c.done,rejectWith:c.resolveWith,reject:c.resolve,isRejected:c.isResolved,pipe:function(a,c){return f.Deferred(function(d){f.each({done:[a,"resolve"],fail:[c,"reject"]},function(a,c){var e=c[0],g=c[1],h;f.isFunction(e)?b[a](function(){h=e.apply(this,arguments),h&&f.isFunction(h.promise)?h.promise().then(d.resolve,d.reject):d[g](h)}):b[a](d[g])})}).promise()},promise:function(a){if(a==null){if(d)return d;d=a={}}var c=g.length;while(c--)a[g[c]]=b[g[c]];return a}}),b.done(c.cancel).fail(b.cancel),delete b.cancel,a&&a.call(b,b);return b},when:function(a){function i(a){return function(c){b[a]=arguments.length>1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c<d;c++)b[c]&&f.isFunction(b[c].promise)?b[c].promise().then(i(c),g.reject):--e;e||g.resolveWith(g,b)}else g!==a&&g.resolveWith(g,d?[a]:[]);return g.promise()}}),f.support=function(){var a=c.createElement("div"),b=c.documentElement,d,e,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u;a.setAttribute("className","t"),a.innerHTML=" <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0},m&&f.extend(p,{position:"absolute",left:-1e3,top:-1e3});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="<div style='width:4px;'></div>",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="<table><tr><td style='padding:0;border:0;display:none'></td><td>t</td></tr></table>",q=a.getElementsByTagName("td"),u=q[0].offsetHeight===0,q[0].style.display="",q[1].style.display="none",k.reliableHiddenOffsets=u&&q[0].offsetHeight===0,a.innerHTML="",c.defaultView&&c.defaultView.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",a.appendChild(j),k.reliableMarginRight=(parseInt((c.defaultView.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0),o.innerHTML="",n.removeChild(o);if(a.attachEvent)for(t in{submit:1,change:1,focusin:1})s="on"+t,u=s in a,u||(a.setAttribute(s,"return;"),u=typeof a[s]=="function"),k[t+"Bubbles"]=u;o=l=g=h=m=j=a=i=null;return k}(),f.boxModel=f.support.boxModel;var i=/^(?:\{.*\}|\[.*\])$/,j=/([a-z])([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!l(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g=f.expando,h=typeof c=="string",i,j=a.nodeType,k=j?f.cache:a,l=j?a[f.expando]:a[f.expando]&&f.expando;if((!l||e&&l&&!k[l][g])&&h&&d===b)return;l||(j?a[f.expando]=l=++f.uuid:l=f.expando),k[l]||(k[l]={},j||(k[l].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?k[l][g]=f.extend(k[l][g],c):k[l]=f.extend(k[l],c);i=k[l],e&&(i[g]||(i[g]={}),i=i[g]),d!==b&&(i[f.camelCase(c)]=d);if(c==="events"&&!i[c])return i[g]&&i[g].events;return h?i[f.camelCase(c)]||i[c]:i}},removeData:function(b,c,d){if(!!f.acceptData(b)){var e=f.expando,g=b.nodeType,h=g?f.cache:b,i=g?b[f.expando]:f.expando;if(!h[i])return;if(c){var j=d?h[i][e]:h[i];if(j){delete j[c];if(!l(j))return}}if(d){delete h[i][e];if(!l(h[i]))return}var k=h[i][e];f.support.deleteExpando||h!=a?delete h[i]:h[i]=null,k?(h[i]={},g||(h[i].toJSON=f.noop),h[i][e]=k):g&&(f.support.deleteExpando?delete b[f.expando]:b.removeAttribute?b.removeAttribute(f.expando):b[f.expando]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute("classid")===b}return!0}}),f.fn.extend({data:function(a,c){var d=null;if(typeof a=="undefined"){if(this.length){d=f.data(this[0]);if(this[0].nodeType===1){var e=this[0].attributes,g;for(var h=0,i=e.length;h<i;h++)g=e[h].name,g.indexOf("data-")===0&&(g=f.camelCase(g.substring(5)),k(this[0],g,d[g]))}}return d}if(typeof a=="object")return this.each(function(){f.data(this,a)});var j=a.split(".");j[1]=j[1]?"."+j[1]:"";if(c===b){d=this.triggerHandler("getData"+j[1]+"!",[j[0]]),d===b&&this.length&&(d=f.data(this[0],a),d=k(this[0],a,d));return d===b&&j[1]?this.data(j[0]):d}return this.each(function(){var b=f(this),d=[j[0],c];b.triggerHandler("setData"+j[1]+"!",d),f.data(this,a,c),b.triggerHandler("changeData"+j[1]+"!",d)})},removeData:function(a){return this.each(function(){f.removeData(this,a)})}}),f.extend({_mark:function(a,c){a&&(c=(c||"fx")+"mark",f.data(a,c,(f.data(a,c,b,!0)||0)+1,!0))},_unmark:function(a,c,d){a!==!0&&(d=c,c=a,a=!1);if(c){d=d||"fx";var e=d+"mark",g=a?0:(f.data(c,e,b,!0)||1)-1;g?f.data(c,e,g,!0):(f.removeData(c,e,!0),m(c,d,"mark"))}},queue:function(a,c,d){if(a){c=(c||"fx")+"queue";var e=f.data(a,c,b,!0);d&&(!e||f.isArray(d)?e=f.data(a,c,f.makeArray(d),!0):e.push(d));return e||[]}},dequeue:function(a,b){b=b||"fx";var c=f.queue(a,b),d=c.shift(),e;d==="inprogress"&&(d=c.shift()),d&&(b==="fx"&&c.unshift("inprogress"),d.call(a,function(){f.dequeue(a,b)})),c.length||(f.removeData(a,b+"queue",!0),m(a,b,"queue"))}}),f.fn.extend({queue:function(a,c){typeof a!="string"&&(c=a,a="fx");if(c===b)return f.queue(this[0],a);return this.each(function(){var b=f.queue(this,a,c);a==="fx"&&b[0]!=="inprogress"&&f.dequeue(this,a)})},dequeue:function(a){return this.each(function(){f.dequeue(this,a)})},delay:function(a,b){a=f.fx?f.fx.speeds[a]||a:a,b=b||"fx";return this.queue(b,function(){var c=this;setTimeout(function(){f.dequeue(c,b)},a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,c){function m(){--h||d.resolveWith(e,[e])}typeof a!="string"&&(c=a,a=b),a=a||"fx";var d=f.Deferred(),e=this,g=e.length,h=1,i=a+"defer",j=a+"queue",k=a+"mark",l;while(g--)if(l=f.data(e[g],i,b,!0)||(f.data(e[g],j,b,!0)||f.data(e[g],k,b,!0))&&f.data(e[g],i,f._Deferred(),!0))h++,l.done(m);m();return d.promise()}});var n=/[\n\t\r]/g,o=/\s+/,p=/\r/g,q=/^(?:button|input)$/i,r=/^(?:button|input|object|select|textarea)$/i,s=/^a(?:rea)?$/i,t=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,u=/\:|^on/,v,w;f.fn.extend({attr:function(a,b){return f.access(this,a,b,!0,f.attr)},removeAttr:function(a){return this.each(function(){f.removeAttr(this,a)})},prop:function(a,b){return f.access(this,a,b,!0,f.prop)},removeProp:function(a){a=f.propFix[a]||a;return this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,g,h,i;if(f.isFunction(a))return this.each(function(b){f(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(o);for(c=0,d=this.length;c<d;c++){e=this[c];if(e.nodeType===1)if(!e.className&&b.length===1)e.className=a;else{g=" "+e.className+" ";for(h=0,i=b.length;h<i;h++)~g.indexOf(" "+b[h]+" ")||(g+=b[h]+" ");e.className=f.trim(g)}}}return this},removeClass:function(a){var c,d,e,g,h,i,j;if(f.isFunction(a))return this.each(function(b){f(this).removeClass(a.call(this,b,this.className))});if(a&&typeof a=="string"||a===b){c=(a||"").split(o);for(d=0,e=this.length;d<e;d++){g=this[d];if(g.nodeType===1&&g.className)if(a){h=(" "+g.className+" ").replace(n," ");for(i=0,j=c.length;i<j;i++)h=h.replace(" "+c[i]+" "," ");g.className=f.trim(h)}else g.className=""}}return this},toggleClass:function(a,b){var c=typeof a,d=typeof b=="boolean";if(f.isFunction(a))return this.each(function(c){f(this).toggleClass(a.call(this,c,this.className,b),b)});return this.each(function(){if(c==="string"){var e,g=0,h=f(this),i=b,j=a.split(o);while(e=j[g++])i=d?i:!h.hasClass(e),h[i?"addClass":"removeClass"](e)}else if(c==="undefined"||c==="boolean")this.className&&f._data(this,"__className__",this.className),this.className=this.className||a===!1?"":f._data(this,"__className__")||""})},hasClass:function(a){var b=" "+a+" ";for(var c=0,d=this.length;c<d;c++)if((" "+this[c].className+" ").replace(n," ").indexOf(b)>-1)return!0;return!1},val:function(a){var c,d,e=this[0];if(!arguments.length){if(e){c=f.valHooks[e.nodeName.toLowerCase()]||f.valHooks[e.type];if(c&&"get"in c&&(d=c.get(e,"value"))!==b)return d;d=e.value;return typeof d=="string"?d.replace(p,""):d==null?"":d}return b}var g=f.isFunction(a);return this.each(function(d){var e=f(this),h;if(this.nodeType===1){g?h=a.call(this,d,e.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c=a.selectedIndex,d=[],e=a.options,g=a.type==="select-one";if(c<0)return null;for(var h=g?c:0,i=g?c+1:e.length;h<i;h++){var j=e[h];if(j.selected&&(f.support.optDisabled?!j.disabled:j.getAttribute("disabled")===null)&&(!j.parentNode.disabled||!f.nodeName(j.parentNode,"optgroup"))){b=f(j).val();if(g)return b;d.push(b)}}if(g&&!d.length&&e.length)return f(e[c]).val();return d},set:function(a,b){var c=f.makeArray(b);f(a).find("option").each(function(){this.selected=f.inArray(f(this).val(),c)>=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attrFix:{tabindex:"tabIndex"},attr:function(a,c,d,e){var g=a.nodeType;if(!a||g===3||g===8||g===2)return b;if(e&&c in f.attrFn)return f(a)[c](d);if(!("getAttribute"in a))return f.prop(a,c,d);var h,i,j=g!==1||!f.isXMLDoc(a);j&&(c=f.attrFix[c]||c,i=f.attrHooks[c],i||(t.test(c)?i=w:v&&c!=="className"&&(f.nodeName(a,"form")||u.test(c))&&(i=v)));if(d!==b){if(d===null){f.removeAttr(a,c);return b}if(i&&"set"in i&&j&&(h=i.set(a,d,c))!==b)return h;a.setAttribute(c,""+d);return d}if(i&&"get"in i&&j&&(h=i.get(a,c))!==null)return h;h=a.getAttribute(c);return h===null?b:h},removeAttr:function(a,b){var c;a.nodeType===1&&(b=f.attrFix[b]||b,f.support.getSetAttribute?a.removeAttribute(b):(f.attr(a,b,""),a.removeAttributeNode(a.getAttributeNode(b))),t.test(b)&&(c=f.propFix[b]||b)in a&&(a[c]=!1))},attrHooks:{type:{set:function(a,b){if(q.test(a.nodeName)&&a.parentNode)f.error("type property can't be changed");else if(!f.support.radioValue&&b==="radio"&&f.nodeName(a,"input")){var c=a.value;a.setAttribute("type",b),c&&(a.value=c);return b}}},tabIndex:{get:function(a){var c=a.getAttributeNode("tabIndex");return c&&c.specified?parseInt(c.value,10):r.test(a.nodeName)||s.test(a.nodeName)&&a.href?0:b}},value:{get:function(a,b){if(v&&f.nodeName(a,"button"))return v.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(v&&f.nodeName(a,"button"))return v.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e=a.nodeType;if(!a||e===3||e===8||e===2)return b;var g,h,i=e!==1||!f.isXMLDoc(a);i&&(c=f.propFix[c]||c,h=f.propHooks[c]);return d!==b?h&&"set"in h&&(g=h.set(a,d,c))!==b?g:a[c]=d:h&&"get"in h&&(g=h.get(a,c))!==b?g:a[c]},propHooks:{}}),w={get:function(a,c){return f.prop(a,c)?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},f.support.getSetAttribute||(f.attrFix=f.propFix,v=f.attrHooks.name=f.attrHooks.title=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&d.nodeValue!==""?d.nodeValue:b},set:function(a,b,c){var d=a.getAttributeNode(c);if(d){d.nodeValue=b;return b}}},f.each(["width","height"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===""){a.setAttribute(b,"auto");return c}}})})),f.support.hrefNormalized||f.each(["href","src","width","height"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}})),f.support.checkOn||f.each(["radio","checkbox"],function(){f.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),f.each(["radio","checkbox"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var x=/\.(.*)$/,y=/^(?:textarea|input|select)$/i,z=/\./g,A=/ /g,B=/[^\w\s.|`]/g,C=function(a){return a.replace(B,"\\$&")};f.event={add:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){if(d===!1)d=D;else if(!d)return;var g,h;d.handler&&(g=d,d=g.handler),d.guid||(d.guid=f.guid++);var i=f._data(a);if(!i)return;var j=i.events,k=i.handle;j||(i.events=j={}),k||(i.handle=k=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.handle.apply(k.elem,arguments):b}),k.elem=a,c=c.split(" ");var l,m=0,n;while(l=c[m++]){h=g?f.extend({},g):{handler:d,data:e},l.indexOf(".")>-1?(n=l.split("."),l=n.shift(),h.namespace=n.slice(0).sort().join(".")):(n=[],h.namespace=""),h.type=l,h.guid||(h.guid=d.guid);var o=j[l],p=f.event.special[l]||{};if(!o){o=j[l]=[];if(!p.setup||p.setup.call(a,e,n,k)===!1)a.addEventListener?a.addEventListener(l,k,!1):a.attachEvent&&a.attachEvent("on"+l,k)}p.add&&(p.add.call(a,h),h.handler.guid||(h.handler.guid=d.guid)),o.push(h),f.event.global[l]=!0}a=null}},global:{},remove:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){d===!1&&(d=D);var g,h,i,j,k=0,l,m,n,o,p,q,r,s=f.hasData(a)&&f._data(a),t=s&&s.events;if(!s||!t)return;c&&c.type&&(d=c.handler,c=c.type);if(!c||typeof c=="string"&&c.charAt(0)==="."){c=c||"";for(h in t)f.event.remove(a,h+c);return}c=c.split(" ");while(h=c[k++]){r=h,q=null,l=h.indexOf(".")<0,m=[],l||(m=h.split("."),h=m.shift(),n=new RegExp("(^|\\.)"+f.map(m.slice(0).sort(),C).join("\\.(?:.*\\.)?")+"(\\.|$)")),p=t[h];if(!p)continue;if(!d){for(j=0;j<p.length;j++){q=p[j];if(l||n.test(q.namespace))f.event.remove(a,r,q.handler,j),p.splice(j--,1)}continue}o=f.event.special[h]||{};for(j=e||0;j<p.length;j++){q=p[j];if(d.guid===q.guid){if(l||n.test(q.namespace))e==null&&p.splice(j--,1),o.remove&&o.remove.call(a,q);if(e!=null)break}}if(p.length===0||e!=null&&p.length===1)(!o.teardown||o.teardown.call(a,m)===!1)&&f.removeEvent(a,h,s.handle),g=null,delete t[h]}if(f.isEmptyObject(t)){var u=s.handle;u&&(u.elem=null),delete s.events,delete s.handle,f.isEmptyObject(s)&&f.removeData(a,b,!0)}}},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,e,g){var h=c.type||c,i=[],j;h.indexOf("!")>=0&&(h=h.slice(0,-1),j=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i. -shift(),i.sort());if(!!e&&!f.event.customEvent[h]||!!f.event.global[h]){c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.exclusive=j,c.namespace=i.join("."),c.namespace_re=new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)");if(g||!e)c.preventDefault(),c.stopPropagation();if(!e){f.each(f.cache,function(){var a=f.expando,b=this[a];b&&b.events&&b.events[h]&&f.event.trigger(c,d,b.handle.elem)});return}if(e.nodeType===3||e.nodeType===8)return;c.result=b,c.target=e,d=d!=null?f.makeArray(d):[],d.unshift(c);var k=e,l=h.indexOf(":")<0?"on"+h:"";do{var m=f._data(k,"handle");c.currentTarget=k,m&&m.apply(k,d),l&&f.acceptData(k)&&k[l]&&k[l].apply(k,d)===!1&&(c.result=!1,c.preventDefault()),k=k.parentNode||k.ownerDocument||k===c.target.ownerDocument&&a}while(k&&!c.isPropagationStopped());if(!c.isDefaultPrevented()){var n,o=f.event.special[h]||{};if((!o._default||o._default.call(e.ownerDocument,c)===!1)&&(h!=="click"||!f.nodeName(e,"a"))&&f.acceptData(e)){try{l&&e[h]&&(n=e[l],n&&(e[l]=null),f.event.triggered=h,e[h]())}catch(p){}n&&(e[l]=n),f.event.triggered=b}}return c.result}},handle:function(c){c=f.event.fix(c||a.event);var d=((f._data(this,"events")||{})[c.type]||[]).slice(0),e=!c.exclusive&&!c.namespace,g=Array.prototype.slice.call(arguments,0);g[0]=c,c.currentTarget=this;for(var h=0,i=d.length;h<i;h++){var j=d[h];if(e||c.namespace_re.test(j.namespace)){c.handler=j.handler,c.data=j.data,c.handleObj=j;var k=j.handler.apply(this,g);k!==b&&(c.result=k,k===!1&&(c.preventDefault(),c.stopPropagation()));if(c.isImmediatePropagationStopped())break}}return c.result},props:"altKey attrChange attrName bubbles button cancelable charCode clientX clientY ctrlKey currentTarget data detail eventPhase fromElement handler keyCode layerX layerY metaKey newValue offsetX offsetY pageX pageY prevValue relatedNode relatedTarget screenX screenY shiftKey srcElement target toElement view wheelDelta which".split(" "),fix:function(a){if(a[f.expando])return a;var d=a;a=f.Event(d);for(var e=this.props.length,g;e;)g=this.props[--e],a[g]=d[g];a.target||(a.target=a.srcElement||c),a.target.nodeType===3&&(a.target=a.target.parentNode),!a.relatedTarget&&a.fromElement&&(a.relatedTarget=a.fromElement===a.target?a.toElement:a.fromElement);if(a.pageX==null&&a.clientX!=null){var h=a.target.ownerDocument||c,i=h.documentElement,j=h.body;a.pageX=a.clientX+(i&&i.scrollLeft||j&&j.scrollLeft||0)-(i&&i.clientLeft||j&&j.clientLeft||0),a.pageY=a.clientY+(i&&i.scrollTop||j&&j.scrollTop||0)-(i&&i.clientTop||j&&j.clientTop||0)}a.which==null&&(a.charCode!=null||a.keyCode!=null)&&(a.which=a.charCode!=null?a.charCode:a.keyCode),!a.metaKey&&a.ctrlKey&&(a.metaKey=a.ctrlKey),!a.which&&a.button!==b&&(a.which=a.button&1?1:a.button&2?3:a.button&4?2:0);return a},guid:1e8,proxy:f.proxy,special:{ready:{setup:f.bindReady,teardown:f.noop},live:{add:function(a){f.event.add(this,N(a.origType,a.selector),f.extend({},a,{handler:M,guid:a.handler.guid}))},remove:function(a){f.event.remove(this,N(a.origType,a.selector),a)}},beforeunload:{setup:function(a,b,c){f.isWindow(this)&&(this.onbeforeunload=c)},teardown:function(a,b){this.onbeforeunload===b&&(this.onbeforeunload=null)}}}},f.removeEvent=c.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c,!1)}:function(a,b,c){a.detachEvent&&a.detachEvent("on"+b,c)},f.Event=function(a,b){if(!this.preventDefault)return new f.Event(a,b);a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||a.returnValue===!1||a.getPreventDefault&&a.getPreventDefault()?E:D):this.type=a,b&&f.extend(this,b),this.timeStamp=f.now(),this[f.expando]=!0},f.Event.prototype={preventDefault:function(){this.isDefaultPrevented=E;var a=this.originalEvent;!a||(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){this.isPropagationStopped=E;var a=this.originalEvent;!a||(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=E,this.stopPropagation()},isDefaultPrevented:D,isPropagationStopped:D,isImmediatePropagationStopped:D};var F=function(a){var b=a.relatedTarget,c=!1,d=a.type;a.type=a.data,b!==this&&(b&&(c=f.contains(this,b)),c||(f.event.handle.apply(this,arguments),a.type=d))},G=function(a){a.type=a.data,f.event.handle.apply(this,arguments)};f.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(a,b){f.event.special[a]={setup:function(c){f.event.add(this,b,c&&c.selector?G:F,a)},teardown:function(a){f.event.remove(this,b,a&&a.selector?G:F)}}}),f.support.submitBubbles||(f.event.special.submit={setup:function(a,b){if(!f.nodeName(this,"form"))f.event.add(this,"click.specialSubmit",function(a){var b=a.target,c=b.type;(c==="submit"||c==="image")&&f(b).closest("form").length&&K("submit",this,arguments)}),f.event.add(this,"keypress.specialSubmit",function(a){var b=a.target,c=b.type;(c==="text"||c==="password")&&f(b).closest("form").length&&a.keyCode===13&&K("submit",this,arguments)});else return!1},teardown:function(a){f.event.remove(this,".specialSubmit")}});if(!f.support.changeBubbles){var H,I=function(a){var b=a.type,c=a.value;b==="radio"||b==="checkbox"?c=a.checked:b==="select-multiple"?c=a.selectedIndex>-1?f.map(a.options,function(a){return a.selected}).join("-"):"":f.nodeName(a,"select")&&(c=a.selectedIndex);return c},J=function(c){var d=c.target,e,g;if(!!y.test(d.nodeName)&&!d.readOnly){e=f._data(d,"_change_data"),g=I(d),(c.type!=="focusout"||d.type!=="radio")&&f._data(d,"_change_data",g);if(e===b||g===e)return;if(e!=null||g)c.type="change",c.liveFired=b,f.event.trigger(c,arguments[1],d)}};f.event.special.change={filters:{focusout:J,beforedeactivate:J,click:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(c==="radio"||c==="checkbox"||f.nodeName(b,"select"))&&J.call(this,a)},keydown:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(a.keyCode===13&&!f.nodeName(b,"textarea")||a.keyCode===32&&(c==="checkbox"||c==="radio")||c==="select-multiple")&&J.call(this,a)},beforeactivate:function(a){var b=a.target;f._data(b,"_change_data",I(b))}},setup:function(a,b){if(this.type==="file")return!1;for(var c in H)f.event.add(this,c+".specialChange",H[c]);return y.test(this.nodeName)},teardown:function(a){f.event.remove(this,".specialChange");return y.test(this.nodeName)}},H=f.event.special.change.filters,H.focus=H.beforeactivate}f.support.focusinBubbles||f.each({focus:"focusin",blur:"focusout"},function(a,b){function e(a){var c=f.event.fix(a);c.type=b,c.originalEvent={},f.event.trigger(c,null,c.target),c.isDefaultPrevented()&&a.preventDefault()}var d=0;f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.each(["bind","one"],function(a,c){f.fn[c]=function(a,d,e){var g;if(typeof a=="object"){for(var h in a)this[c](h,d,a[h],e);return this}if(arguments.length===2||d===!1)e=d,d=b;c==="one"?(g=function(a){f(this).unbind(a,g);return e.apply(this,arguments)},g.guid=e.guid||f.guid++):g=e;if(a==="unload"&&c!=="one")this.one(a,d,e);else for(var i=0,j=this.length;i<j;i++)f.event.add(this[i],a,g,d);return this}}),f.fn.extend({unbind:function(a,b){if(typeof a=="object"&&!a.preventDefault)for(var c in a)this.unbind(c,a[c]);else for(var d=0,e=this.length;d<e;d++)f.event.remove(this[d],a,b);return this},delegate:function(a,b,c,d){return this.live(b,c,d,a)},undelegate:function(a,b,c){return arguments.length===0?this.unbind("live"):this.die(b,null,c,a)},trigger:function(a,b){return this.each(function(){f.event.trigger(a,b,this)})},triggerHandler:function(a,b){if(this[0])return f.event.trigger(a,b,this[0],!0)},toggle:function(a){var b=arguments,c=a.guid||f.guid++,d=0,e=function(c){var e=(f.data(this,"lastToggle"+a.guid)||0)%d;f.data(this,"lastToggle"+a.guid,e+1),c.preventDefault();return b[e].apply(this,arguments)||!1};e.guid=c;while(d<b.length)b[d++].guid=c;return this.click(e)},hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}});var L={focus:"focusin",blur:"focusout",mouseenter:"mouseover",mouseleave:"mouseout"};f.each(["live","die"],function(a,c){f.fn[c]=function(a,d,e,g){var h,i=0,j,k,l,m=g||this.selector,n=g?this:f(this.context);if(typeof a=="object"&&!a.preventDefault){for(var o in a)n[c](o,d,a[o],m);return this}if(c==="die"&&!a&&g&&g.charAt(0)==="."){n.unbind(g);return this}if(d===!1||f.isFunction(d))e=d||D,d=b;a=(a||"").split(" ");while((h=a[i++])!=null){j=x.exec(h),k="",j&&(k=j[0],h=h.replace(x,""));if(h==="hover"){a.push("mouseenter"+k,"mouseleave"+k);continue}l=h,L[h]?(a.push(L[h]+k),h=h+k):h=(L[h]||h)+k;if(c==="live")for(var p=0,q=n.length;p<q;p++)f.event.add(n[p],"live."+N(h,m),{data:d,selector:m,handler:e,origType:h,origHandler:e,preType:l});else n.unbind("live."+N(h,m),e)}return this}}),f.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error".split(" "),function(a,b){f.fn[b]=function(a,c){c==null&&(c=a,a=null);return arguments.length>0?this.bind(b,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0)}),function(){function u(a,b,c,d,e,f){for(var g=0,h=d.length;g<h;g++){var i=d[g];if(i){var j=!1;i=i[a];while(i){if(i.sizcache===c){j=d[i.sizset];break}if(i.nodeType===1){f||(i.sizcache=c,i.sizset=g);if(typeof b!="string"){if(i===b){j=!0;break}}else if(k.filter(b,[i]).length>0){j=i;break}}i=i[a]}d[g]=j}}}function t(a,b,c,d,e,f){for(var g=0,h=d.length;g<h;g++){var i=d[g];if(i){var j=!1;i=i[a];while(i){if(i.sizcache===c){j=d[i.sizset];break}i.nodeType===1&&!f&&(i.sizcache=c,i.sizset=g);if(i.nodeName.toLowerCase()===b){j=i;break}i=i[a]}d[g]=j}}}var a=/((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d=0,e=Object.prototype.toString,g=!1,h=!0,i=/\\/g,j=/\W/;[0,0].sort(function(){h=!1;return 0});var k=function(b,d,f,g){f=f||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return f;var i,j,n,o,q,r,s,t,u=!0,w=k.isXML(d),x=[],y=b;do{a.exec(""),i=a.exec(y);if(i){y=i[3],x.push(i[1]);if(i[2]){o=i[3];break}}}while(i);if(x.length>1&&m.exec(b))if(x.length===2&&l.relative[x[0]])j=v(x[0]+x[1],d);else{j=l.relative[x[0]]?[d]:k(x.shift(),d);while(x.length)b=x.shift(),l.relative[b]&&(b+=x.shift()),j=v(b,j)}else{!g&&x.length>1&&d.nodeType===9&&!w&&l.match.ID.test(x[0])&&!l.match.ID.test(x[x.length-1])&&(q=k.find(x.shift(),d,w),d=q.expr?k.filter(q.expr,q.set)[0]:q.set[0]);if(d){q=g?{expr:x.pop(),set:p(g)}:k.find(x.pop(),x.length===1&&(x[0]==="~"||x[0]==="+")&&d.parentNode?d.parentNode:d,w),j=q.expr?k.filter(q.expr,q.set):q.set,x.length>0?n=p(j):u=!1;while(x.length)r=x.pop(),s=r,l.relative[r]?s=x.pop():r="",s==null&&(s=d),l.relative[r](n,s,w)}else n=x=[]}n||(n=j),n||k.error(r||b);if(e.call(n)==="[object Array]")if(!u)f.push.apply(f,n);else if(d&&d.nodeType===1)for(t=0;n[t]!=null;t++)n[t]&&(n[t]===!0||n[t].nodeType===1&&k.contains(d,n[t]))&&f.push(j[t]);else for(t=0;n[t]!=null;t++)n[t]&&n[t].nodeType===1&&f.push(j[t]);else p(n,f);o&&(k(o,h,f,g),k.uniqueSort(f));return f};k.uniqueSort=function(a){if(r){g=h,a.sort(r);if(g)for(var b=1;b<a.length;b++)a[b]===a[b-1]&&a.splice(b--,1)}return a},k.matches=function(a,b){return k(a,null,null,b)},k.matchesSelector=function(a,b){return k(b,null,null,[a]).length>0},k.find=function(a,b,c){var d;if(!a)return[];for(var e=0,f=l.order.length;e<f;e++){var g,h=l.order[e];if(g=l.leftMatch[h].exec(a)){var j=g[1];g.splice(1,1);if(j.substr(j.length-1)!=="\\"){g[1]=(g[1]||"").replace(i,""),d=l.find[h](g,b,c);if(d!=null){a=a.replace(l.match[h],"");break}}}}d||(d=typeof b.getElementsByTagName!="undefined"?b.getElementsByTagName("*"):[]);return{set:d,expr:a}},k.filter=function(a,c,d,e){var f,g,h=a,i=[],j=c,m=c&&c[0]&&k.isXML(c[0]);while(a&&c.length){for(var n in l.filter)if((f=l.leftMatch[n].exec(a))!=null&&f[2]){var o,p,q=l.filter[n],r=f[1];g=!1,f.splice(1,1);if(r.substr(r.length-1)==="\\")continue;j===i&&(i=[]);if(l.preFilter[n]){f=l.preFilter[n](f,j,d,i,e,m);if(!f)g=o=!0;else if(f===!0)continue}if(f)for(var s=0;(p=j[s])!=null;s++)if(p){o=q(p,f,s,j);var t=e^!!o;d&&o!=null?t?g=!0:j[s]=!1:t&&(i.push(p),g=!0)}if(o!==b){d||(j=i),a=a.replace(l.match[n],"");if(!g)return[];break}}if(a===h)if(g==null)k.error(a);else break;h=a}return j},k.error=function(a){throw"Syntax error, unrecognized expression: "+a};var l=k.selectors={order:["ID","NAME","TAG"],match:{ID:/#((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,CLASS:/\.((?:[\w\u00c0-\uFFFF\-]|\\.)+)/,NAME:/\[name=['"]*((?:[\w\u00c0-\uFFFF\-]|\\.)+)['"]*\]/,ATTR:/\[\s*((?:[\w\u00c0-\uFFFF\-]|\\.)+)\s*(?:(\S?=)\s*(?:(['"])(.*?)\3|(#?(?:[\w\u00c0-\uFFFF\-]|\\.)*)|)|)\s*\]/,TAG:/^((?:[\w\u00c0-\uFFFF\*\-]|\\.)+)/,CHILD:/:(only|nth|last|first)-child(?:\(\s*(even|odd|(?:[+\-]?\d+|(?:[+\-]?\d*)?n\s*(?:[+\-]\s*\d+)?))\s*\))?/,POS:/:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^\-]|$)/,PSEUDO:/:((?:[\w\u00c0-\uFFFF\-]|\\.)+)(?:\((['"]?)((?:\([^\)]+\)|[^\(\)]*)+)\2\))?/},leftMatch:{},attrMap:{"class":"className","for":"htmlFor"},attrHandle:{href:function(a){return a.getAttribute("href")},type:function(a){return a.getAttribute("type")}},relative:{"+":function(a,b){var c=typeof b=="string",d=c&&!j.test(b),e=c&&!d;d&&(b=b.toLowerCase());for(var f=0,g=a.length,h;f<g;f++)if(h=a[f]){while((h=h.previousSibling)&&h.nodeType!==1);a[f]=e||h&&h.nodeName.toLowerCase()===b?h||!1:h===b}e&&k.filter(b,a,!0)},">":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!j.test(b)){b=b.toLowerCase();for(;e<f;e++){c=a[e];if(c){var g=c.parentNode;a[e]=g.nodeName.toLowerCase()===b?g:!1}}}else{for(;e<f;e++)c=a[e],c&&(a[e]=d?c.parentNode:c.parentNode===b);d&&k.filter(b,a,!0)}},"":function(a,b,c){var e,f=d++,g=u;typeof b=="string"&&!j.test(b)&&(b=b.toLowerCase(),e=b,g=t),g("parentNode",b,f,a,e,c)},"~":function(a,b,c){var e,f=d++,g=u;typeof b=="string"&&!j.test(b)&&(b=b.toLowerCase(),e=b,g=t),g("previousSibling",b,f,a,e,c)}},find:{ID:function(a,b,c){if(typeof b.getElementById!="undefined"&&!c){var d=b.getElementById(a[1]);return d&&d.parentNode?[d]:[]}},NAME:function(a,b){if(typeof b.getElementsByName!="undefined"){var c=[],d=b.getElementsByName(a[1]);for(var e=0,f=d.length;e<f;e++)d[e].getAttribute("name")===a[1]&&c.push(d[e]);return c.length===0?null:c}},TAG:function(a,b){if(typeof b.getElementsByTagName!="undefined")return b.getElementsByTagName(a[1])}},preFilter:{CLASS:function(a,b,c,d,e,f){a=" "+a[1].replace(i,"")+" ";if(f)return a;for(var g=0,h;(h=b[g])!=null;g++)h&&(e^(h.className&&(" "+h.className+" ").replace(/[\t\n\r]/g," ").indexOf(a)>=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(i,"")},TAG:function(a,b){return a[1].replace(i,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||k.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&k.error(a[0]);a[0]=d++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(i,"");!f&&l.attrMap[g]&&(a[1]=l.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(i,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=k(b[3],null,null,c);else{var g=k.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(l.match.POS.test(b[0])||l.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!k(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return b<c[3]-0},gt:function(a,b,c){return b>c[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=l.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||k.getText([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h<i;h++)if(g[h]===a)return!1;return!0}k.error(e)},CHILD:function(a,b){var c=b[1],d=a;switch(c){case"only":case"first":while(d=d.previousSibling)if(d.nodeType===1)return!1;if(c==="first")return!0;d=a;case"last":while(d=d.nextSibling)if(d.nodeType===1)return!1;return!0;case"nth":var e=b[2],f=b[3];if(e===1&&f===0)return!0;var g=b[0],h=a.parentNode;if(h&&(h.sizcache!==g||!a.nodeIndex)){var i=0;for(d=h.firstChild;d;d=d.nextSibling)d.nodeType===1&&(d.nodeIndex=++i);h.sizcache=g}var j=a.nodeIndex-f;return e===0?j===0:j%e===0&&j/e>=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=l.attrHandle[c]?l.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=l.setFilters[e];if(f)return f(a,c,b,d)}}},m=l.match.POS,n=function(a,b){return"\\"+(b-0+1)};for(var o in l.match)l.match[o]=new RegExp(l.match[o].source+/(?![^\[]*\])(?![^\(]*\))/.source),l.leftMatch[o]=new RegExp(/(^(?:.|\r|\n)*?)/.source+l.match[o].source.replace(/\\(\d+)/g,n));var p=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(q){p=function(a,b){var c=0,d=b||[];if(e.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var f=a.length;c<f;c++)d.push(a[c]);else for(;a[c];c++)d.push(a[c]);return d}}var r,s;c.documentElement.compareDocumentPosition?r=function(a,b){if(a===b){g=!0;return 0}if(!a.compareDocumentPosition||!b.compareDocumentPosition)return a.compareDocumentPosition?-1:1;return a.compareDocumentPosition(b)&4?-1:1}:(r=function(a,b){if(a===b){g=!0;return 0}if(a.sourceIndex&&b.sourceIndex)return a.sourceIndex-b.sourceIndex;var c,d,e=[],f=[],h=a.parentNode,i=b.parentNode,j=h;if(h===i)return s(a,b);if(!h)return-1;if(!i)return 1;while(j)e.unshift(j),j=j.parentNode;j=i;while(j)f.unshift(j),j=j.parentNode;c=e.length,d=f.length;for(var k=0;k<c&&k<d;k++)if(e[k]!==f[k])return s(e[k],f[k]);return k===c?s(a,f[k],-1):s(e[k],b,1)},s=function(a,b,c){if(a===b)return c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}),k.getText=function(a){var b="",c;for(var d=0;a[d];d++)c=a[d],c.nodeType===3||c.nodeType===4?b+=c.nodeValue:c.nodeType!==8&&(b+=k.getText(c.childNodes));return b},function(){var a=c.createElement("div"),d="script"+(new Date).getTime(),e=c.documentElement;a.innerHTML="<a name='"+d+"'/>",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(l.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},l.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(l.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="<a href='#'></a>",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(l.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=k,b=c.createElement("div"),d="__sizzle__";b.innerHTML="<p class='TEST'></p>";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){k=function(b,e,f,g){e=e||c;if(!g&&!k.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return p(e.getElementsByTagName(b),f);if(h[2]&&l.find.CLASS&&e.getElementsByClassName)return p(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return p([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return p([],f);if(i.id===h[3])return p([i],f)}try{return p(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var m=e,n=e.getAttribute("id"),o=n||d,q=e.parentNode,r=/^\s*[+~]/.test(b);n?o=o.replace(/'/g,"\\$&"):e.setAttribute("id",o),r&&q&&(e=e.parentNode);try{if(!r||q)return p(e.querySelectorAll("[id='"+o+"'] "+b),f)}catch(s){}finally{n||m.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)k[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}k.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!k.isXML(a))try{if(e||!l.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return k(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="<div class='test e'></div><div class='test'></div>";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;l.order.splice(1,0,"CLASS"),l.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?k.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?k.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:k.contains=function(){return!1},k.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var v=function(a,b){var c,d=[],e="",f=b.nodeType?[b]:b;while(c=l.match.PSEUDO.exec(a))e+=c[0],a=a.replace(l.match.PSEUDO,"");a=l.relative[a]?a+"*":a;for(var g=0,h=f.length;g<h;g++)k(a,f[g],d);return k.filter(e,d)};f.find=k,f.expr=k.selectors,f.expr[":"]=f.expr.filters,f.unique=k.uniqueSort,f.text=k.getText,f.isXMLDoc=k.isXML,f.contains=k.contains}();var O=/Until$/,P=/^(?:parents|prevUntil|prevAll)/,Q=/,/,R=/^.[^:#\[\.,]*$/,S=Array.prototype.slice,T=f.expr.match.POS,U={children:!0,contents:!0,next:!0,prev:!0};f.fn.extend({find:function(a){var b=this,c,d;if(typeof a!="string")return f(a).filter(function(){for(c=0,d=b.length;c<d;c++)if(f.contains(b[c],this))return!0});var e=this.pushStack("","find",a),g,h,i;for(c=0,d=this.length;c<d;c++){g=e.length,f.find(a,this[c],e);if(c>0)for(h=g;h<e.length;h++)for(i=0;i<g;i++)if(e[i]===e[h]){e.splice(h--,1);break}}return e},has:function(a){var b=f(a);return this.filter(function(){for(var a=0,c=b.length;a<c;a++)if(f.contains(this,b[a]))return!0})},not:function(a){return this.pushStack(W(this,a,!1),"not",a)},filter:function(a){return this.pushStack(W(this,a,!0),"filter",a)},is:function(a){return!!a&&(typeof a=="string"?f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h,i,j={},k=1;if(g&&a.length){for(d=0,e=a.length;d<e;d++)i=a[d],j[i]||(j[i]=T.test(i)?f(i,b||this.context):i);while(g&&g.ownerDocument&&g!==b){for(i in j)h=j[i],(h.jquery?h.index(g)>-1:f(g).is(h))&&c.push({selector:i,elem:g,level:k});g=g.parentNode,k++}}return c}var l=T.test(a)||typeof a!="string"?f(a,b||this.context):0;for(d=0,e=this.length;d<e;d++){g=this[d];while(g){if(l?l.index(g)>-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a||typeof a=="string")return f.inArray(this[0],a?f(a):this.parent().children());return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(V(c[0])||V(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c),g=S.call(arguments);O.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!U[a]?f.unique(e):e,(this.length>1||Q.test(d))&&P.test(a)&&(e=e.reverse());return this.pushStack(e,a,g.join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var X=/ jQuery\d+="(?:\d+|null)"/g,Y=/^\s+/,Z=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,$=/<([\w:]+)/,_=/<tbody/i,ba=/<|&#?\w+;/,bb=/<(?:script|object|embed|option|style)/i,bc=/checked\s*(?:[^=]|=\s*.checked.)/i,bd=/\/(java|ecma)script/i,be=/^\s*<!(?:\[CDATA\[|\-\-)/,bf={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]};bf.optgroup=bf.option,bf.tbody=bf.tfoot=bf.colgroup=bf.caption=bf.thead,bf.th=bf.td,f.support.htmlSerialize||(bf._default=[1,"div<div>","</div>"]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){return this.each(function(){f(this).wrapAll(a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f(arguments[0]);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f(arguments[0]).toArray());return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(X,""):null;if(typeof a=="string"&&!bb.test(a)&&(f.support.leadingWhitespace||!Y.test(a))&&!bf[($.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Z,"<$1></$2>");try{for(var c=0,d=this.length;c<d;c++)this[c].nodeType===1&&(f.cleanData(this[c].getElementsByTagName("*")),this[c].innerHTML=a)}catch(e){this.empty().append(a)}}else f.isFunction(a)?this.each(function(b){var c=f(this);c.html(a.call(this,b,c.html()))}):this.empty().append(a);return this},replaceWith:function(a){if(this[0]&&this[0].parentNode){if(f.isFunction(a))return this.each(function(b){var c=f(this),d=c.html();c.replaceWith(a.call(this,b,d))});typeof a!="string"&&(a=f(a).detach());return this.each(function(){var b=this.nextSibling,c=this.parentNode;f(this).remove(),b?f(b).before(a):f(c).append(a)})}return this.length?this.pushStack(f(f.isFunction(a)?a():a),"replaceWith",a):this},detach:function(a){return this.remove(a,!0)},domManip:function(a,c,d){var e,g,h,i,j=a[0],k=[];if(!f.support.checkClone&&arguments.length===3&&typeof j=="string"&&bc.test(j))return this.each(function(){f(this).domManip(a,c,d,!0)});if(f.isFunction(j))return this.each(function(e){var g=f(this);a[0]=j.call(this,e,c?g.html():b),g.domManip(a,c,d)});if(this[0]){i=j&&j.parentNode,f.support.parentNode&&i&&i.nodeType===11&&i.childNodes.length===this.length?e={fragment:i}:e=f.buildFragment(a,this,k),h=e.fragment,h.childNodes.length===1?g=h=h.firstChild:g=h.firstChild;if(g){c=c&&f.nodeName(g,"tr");for(var l=0,m=this.length,n=m-1;l<m;l++)d.call(c?bg(this[l],g):this[l],e.cacheable||m>1&&l<n?f.clone(h,!0,!0):h)}k.length&&f.each(k,bm)}return this}}),f.buildFragment=function(a,b,d){var e,g,h,i;b&&b[0]&&(i=b[0].ownerDocument||b[0]),i.createDocumentFragment||(i=c),a.length===1&&typeof a[0]=="string"&&a[0].length<512&&i===c&&a[0].charAt(0)==="<"&&!bb.test(a[0])&&(f.support.checkClone||!bc.test(a[0]))&&(g=!0,h=f.fragments[a[0]],h&&h!==1&&(e=h)),e||(e=i.createDocumentFragment(),f.clean(a,i,e,d)),g&&(f.fragments[a[0]]=h?e:1);return{fragment:e,cacheable:g}},f.fragments={},f.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){f.fn[a]=function(c){var d=[],e=f(c),g=this.length===1&&this[0].parentNode;if(g&&g.nodeType===11&&g.childNodes.length===1&&e.length===1){e[b](this[0]);return this}for(var h=0,i=e.length;h<i;h++){var j=(h>0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j -)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d=a.cloneNode(!0),e,g,h;if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bi(a,d),e=bj(a),g=bj(d);for(h=0;e[h];++h)bi(e[h],g[h])}if(b){bh(a,d);if(c){e=bj(a),g=bj(d);for(h=0;e[h];++h)bh(e[h],g[h])}}e=g=null;return d},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!ba.test(k))k=b.createTextNode(k);else{k=k.replace(Z,"<$1></$2>");var l=($.exec(k)||["",""])[1].toLowerCase(),m=bf[l]||bf._default,n=m[0],o=b.createElement("div");o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=_.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]==="<table>"&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&Y.test(k)&&o.insertBefore(b.createTextNode(Y.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i<r;i++)bl(k[i]);else bl(k);k.nodeType?h.push(k):h=f.merge(h,k)}if(d){g=function(a){return!a.type||bd.test(a.type)};for(j=0;h[j];j++)if(e&&f.nodeName(h[j],"script")&&(!h[j].type||h[j].type.toLowerCase()==="text/javascript"))e.push(h[j].parentNode?h[j].parentNode.removeChild(h[j]):h[j]);else{if(h[j].nodeType===1){var s=f.grep(h[j].getElementsByTagName("script"),g);h.splice.apply(h,[j+1,0].concat(s))}d.appendChild(h[j])}}return h},cleanData:function(a){var b,c,d=f.cache,e=f.expando,g=f.event.special,h=f.support.deleteExpando;for(var i=0,j;(j=a[i])!=null;i++){if(j.nodeName&&f.noData[j.nodeName.toLowerCase()])continue;c=j[f.expando];if(c){b=d[c]&&d[c][e];if(b&&b.events){for(var k in b.events)g[k]?f.event.remove(j,k):f.removeEvent(j,k,b.handle);b.handle&&(b.handle.elem=null)}h?delete j[f.expando]:j.removeAttribute&&j.removeAttribute(f.expando),delete d[c]}}}});var bn=/alpha\([^)]*\)/i,bo=/opacity=([^)]*)/,bp=/([A-Z]|^ms)/g,bq=/^-?\d+(?:px)?$/i,br=/^-?\d/,bs=/^[+\-]=/,bt=/[^+\-\.\de]+/g,bu={position:"absolute",visibility:"hidden",display:"block"},bv=["Left","Right"],bw=["Top","Bottom"],bx,by,bz;f.fn.css=function(a,c){if(arguments.length===2&&c===b)return this;return f.access(this,a,c,!0,function(a,c,d){return d!==b?f.style(a,c,d):f.css(a,c)})},f.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=bx(a,"opacity","opacity");return c===""?"1":c}return a.style.opacity}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":f.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!!a&&a.nodeType!==3&&a.nodeType!==8&&!!a.style){var g,h,i=f.camelCase(c),j=a.style,k=f.cssHooks[i];c=f.cssProps[i]||i;if(d===b){if(k&&"get"in k&&(g=k.get(a,!1,e))!==b)return g;return j[c]}h=typeof d;if(h==="number"&&isNaN(d)||d==null)return;h==="string"&&bs.test(d)&&(d=+d.replace(bt,"")+parseFloat(f.css(a,c)),h="number"),h==="number"&&!f.cssNumber[i]&&(d+="px");if(!k||!("set"in k)||(d=k.set(a,d))!==b)try{j[c]=d}catch(l){}}},css:function(a,c,d){var e,g;c=f.camelCase(c),g=f.cssHooks[c],c=f.cssProps[c]||c,c==="cssFloat"&&(c="float");if(g&&"get"in g&&(e=g.get(a,!0,d))!==b)return e;if(bx)return bx(a,c)},swap:function(a,b,c){var d={};for(var e in b)d[e]=a.style[e],a.style[e]=b[e];c.call(a);for(e in b)a.style[e]=d[e]}}),f.curCSS=f.css,f.each(["height","width"],function(a,b){f.cssHooks[b]={get:function(a,c,d){var e;if(c){if(a.offsetWidth!==0)return bA(a,b,d);f.swap(a,bu,function(){e=bA(a,b,d)});return e}},set:function(a,b){if(!bq.test(b))return b;b=parseFloat(b);if(b>=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bo.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle;c.zoom=1;var e=f.isNaN(b)?"":"alpha(opacity="+b*100+")",g=d&&d.filter||c.filter||"";c.filter=bn.test(g)?g.replace(bn,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bx(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(by=function(a,c){var d,e,g;c=c.replace(bp,"-$1").toLowerCase();if(!(e=a.ownerDocument.defaultView))return b;if(g=e.getComputedStyle(a,null))d=g.getPropertyValue(c),d===""&&!f.contains(a.ownerDocument.documentElement,a)&&(d=f.style(a,c));return d}),c.documentElement.currentStyle&&(bz=function(a,b){var c,d=a.currentStyle&&a.currentStyle[b],e=a.runtimeStyle&&a.runtimeStyle[b],f=a.style;!bq.test(d)&&br.test(d)&&(c=f.left,e&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":d||0,d=f.pixelLeft+"px",f.left=c,e&&(a.runtimeStyle.left=e));return d===""?"auto":d}),bx=by||bz,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bB=/%20/g,bC=/\[\]$/,bD=/\r?\n/g,bE=/#.*$/,bF=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bG=/^(?:color|date|datetime|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bH=/^(?:about|app|app\-storage|.+\-extension|file|widget):$/,bI=/^(?:GET|HEAD)$/,bJ=/^\/\//,bK=/\?/,bL=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,bM=/^(?:select|textarea)/i,bN=/\s+/,bO=/([?&])_=[^&]*/,bP=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bQ=f.fn.load,bR={},bS={},bT,bU;try{bT=e.href}catch(bV){bT=c.createElement("a"),bT.href="",bT=bT.href}bU=bP.exec(bT.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bQ)return bQ.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("<div>").append(c.replace(bL,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bM.test(this.nodeName)||bG.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bD,"\r\n")}}):{name:b.name,value:c.replace(bD,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.bind(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?f.extend(!0,a,f.ajaxSettings,b):(b=a,a=f.extend(!0,f.ajaxSettings,b));for(var c in{context:1,url:1})c in b?a[c]=b[c]:c in f.ajaxSettings&&(a[c]=f.ajaxSettings[c]);return a},ajaxSettings:{url:bT,isLocal:bH.test(bU[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":"*/*"},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML}},ajaxPrefilter:bW(bR),ajaxTransport:bW(bS),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a?4:0;var o,r,u,w=l?bZ(d,v,l):b,x,y;if(a>=200&&a<300||a===304){if(d.ifModified){if(x=v.getResponseHeader("Last-Modified"))f.lastModified[k]=x;if(y=v.getResponseHeader("Etag"))f.etag[k]=y}if(a===304)c="notmodified",o=!0;else try{r=b$(d,w),c="success",o=!0}catch(z){c="parsererror",u=z}}else{u=c;if(!c||a)c="error",a<0&&(a=0)}v.status=a,v.statusText=c,o?h.resolveWith(e,[r,c,v]):h.rejectWith(e,[v,c,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.resolveWith(e,[v,c]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f._Deferred(),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bF.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.done,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bE,"").replace(bJ,bU[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bN),d.crossDomain==null&&(r=bP.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bU[1]&&r[2]==bU[2]&&(r[3]||(r[1]==="http:"?80:443))==(bU[3]||(bU[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bX(bR,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bI.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bK.test(d.url)?"&":"?")+d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bO,"$1_="+x);d.url=y+(y===d.url?(bK.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", */*; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bX(bS,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){status<2?w(-1,z):f.error(z)}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)bY(g,a[g],c,e);return d.join("&").replace(bB,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var b_=f.now(),ca=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+b_++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ca.test(b.url)||e&&ca.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ca,l),b.url===j&&(e&&(k=k.replace(ca,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cb=a.ActiveXObject?function(){for(var a in cd)cd[a](0,1)}:!1,cc=0,cd;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ce()||cf()}:ce,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cb&&delete cd[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cc,cb&&(cd||(cd={},f(a).unload(cb)),cd[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cg={},ch,ci,cj=/^(?:toggle|show|hide)$/,ck=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cl,cm=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cn,co=a.webkitRequestAnimationFrame||a.mozRequestAnimationFrame||a.oRequestAnimationFrame;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cr("show",3),a,b,c);for(var g=0,h=this.length;g<h;g++)d=this[g],d.style&&(e=d.style.display,!f._data(d,"olddisplay")&&e==="none"&&(e=d.style.display=""),e===""&&f.css(d,"display")==="none"&&f._data(d,"olddisplay",cs(d.nodeName)));for(g=0;g<h;g++){d=this[g];if(d.style){e=d.style.display;if(e===""||e==="none")d.style.display=f._data(d,"olddisplay")||""}}return this},hide:function(a,b,c){if(a||a===0)return this.animate(cr("hide",3),a,b,c);for(var d=0,e=this.length;d<e;d++)if(this[d].style){var g=f.css(this[d],"display");g!=="none"&&!f._data(this[d],"olddisplay")&&f._data(this[d],"olddisplay",g)}for(d=0;d<e;d++)this[d].style&&(this[d].style.display="none");return this},_toggle:f.fn.toggle,toggle:function(a,b,c){var d=typeof a=="boolean";f.isFunction(a)&&f.isFunction(b)?this._toggle.apply(this,arguments):a==null||d?this.each(function(){var b=d?a:f(this).is(":hidden");f(this)[b?"show":"hide"]()}):this.animate(cr("toggle",3),a,b,c);return this},fadeTo:function(a,b,c,d){return this.filter(":hidden").css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=f.speed(b,c,d);if(f.isEmptyObject(a))return this.each(e.complete,[!1]);a=f.extend({},a);return this[e.queue===!1?"each":"queue"](function(){e.queue===!1&&f._mark(this);var b=f.extend({},e),c=this.nodeType===1,d=c&&f(this).is(":hidden"),g,h,i,j,k,l,m,n,o;b.animatedProperties={};for(i in a){g=f.camelCase(i),i!==g&&(a[g]=a[i],delete a[i]),h=a[g],f.isArray(h)?(b.animatedProperties[g]=h[1],h=a[g]=h[0]):b.animatedProperties[g]=b.specialEasing&&b.specialEasing[g]||b.easing||"swing";if(h==="hide"&&d||h==="show"&&!d)return b.complete.call(this);c&&(g==="height"||g==="width")&&(b.overflow=[this.style.overflow,this.style.overflowX,this.style.overflowY],f.css(this,"display")==="inline"&&f.css(this,"float")==="none"&&(f.support.inlineBlockNeedsLayout?(j=cs(this.nodeName),j==="inline"?this.style.display="inline-block":(this.style.display="inline",this.style.zoom=1)):this.style.display="inline-block"))}b.overflow!=null&&(this.style.overflow="hidden");for(i in a)k=new f.fx(this,b,i),h=a[i],cj.test(h)?k[h==="toggle"?d?"show":"hide":h]():(l=ck.exec(h),m=k.cur(),l?(n=parseFloat(l[2]),o=l[3]||(f.cssNumber[i]?"":"px"),o!=="px"&&(f.style(this,i,(n||1)+o),m=(n||1)/k.cur()*m,f.style(this,i,m+o)),l[1]&&(n=(l[1]==="-="?-1:1)*n+m),k.custom(m,n,o)):k.custom(m,h,""));return!0})},stop:function(a,b){a&&this.queue([]),this.each(function(){var a=f.timers,c=a.length;b||f._unmark(!0,this);while(c--)a[c].elem===this&&(b&&a[c](!0),a.splice(c,1))}),b||this.dequeue();return this}}),f.each({slideDown:cr("show",1),slideUp:cr("hide",1),slideToggle:cr("toggle",1),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){f.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),f.extend({speed:function(a,b,c){var d=a&&typeof a=="object"?f.extend({},a):{complete:c||!c&&b||f.isFunction(a)&&a,duration:a,easing:c&&b||b&&!f.isFunction(b)&&b};d.duration=f.fx.off?0:typeof d.duration=="number"?d.duration:d.duration in f.fx.speeds?f.fx.speeds[d.duration]:f.fx.speeds._default,d.old=d.complete,d.complete=function(a){f.isFunction(d.old)&&d.old.call(this),d.queue!==!1?f.dequeue(this):a!==!1&&f._unmark(this)};return d},easing:{linear:function(a,b,c,d){return c+d*a},swing:function(a,b,c,d){return(-Math.cos(a*Math.PI)/2+.5)*d+c}},timers:[],fx:function(a,b,c){this.options=b,this.elem=a,this.prop=c,b.orig=b.orig||{}}}),f.fx.prototype={update:function(){this.options.step&&this.options.step.call(this.elem,this.now,this),(f.fx.step[this.prop]||f.fx.step._default)(this)},cur:function(){if(this.elem[this.prop]!=null&&(!this.elem.style||this.elem.style[this.prop]==null))return this.elem[this.prop];var a,b=f.css(this.elem,this.prop);return isNaN(a=parseFloat(b))?!b||b==="auto"?0:b:a},custom:function(a,b,c){function h(a){return d.step(a)}var d=this,e=f.fx,g;this.startTime=cn||cp(),this.start=a,this.end=b,this.unit=c||this.unit||(f.cssNumber[this.prop]?"":"px"),this.now=this.start,this.pos=this.state=0,h.elem=this.elem,h()&&f.timers.push(h)&&!cl&&(co?(cl=!0,g=function(){cl&&(co(g),e.tick())},co(g)):cl=setInterval(e.tick,e.interval))},show:function(){this.options.orig[this.prop]=f.style(this.elem,this.prop),this.options.show=!0,this.custom(this.prop==="width"||this.prop==="height"?1:0,this.cur()),f(this.elem).show()},hide:function(){this.options.orig[this.prop]=f.style(this.elem,this.prop),this.options.hide=!0,this.custom(this.cur(),0)},step:function(a){var b=cn||cp(),c=!0,d=this.elem,e=this.options,g,h;if(a||b>=e.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),e.animatedProperties[this.prop]=!0;for(g in e.animatedProperties)e.animatedProperties[g]!==!0&&(c=!1);if(c){e.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){d.style["overflow"+b]=e.overflow[a]}),e.hide&&f(d).hide();if(e.hide||e.show)for(var i in e.animatedProperties)f.style(d,i,e.orig[i]);e.complete.call(d)}return!1}e.duration==Infinity?this.now=b:(h=b-this.startTime,this.state=h/e.duration,this.pos=f.easing[e.animatedProperties[this.prop]](this.state,h,0,1,e.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){for(var a=f.timers,b=0;b<a.length;++b)a[b]()||a.splice(b--,1);a.length||f.fx.stop()},interval:13,stop:function(){clearInterval(cl),cl=null},speeds:{slow:600,fast:200,_default:400},step:{opacity:function(a){f.style(a.elem,"opacity",a.now)},_default:function(a){a.elem.style&&a.elem.style[a.prop]!=null?a.elem.style[a.prop]=(a.prop==="width"||a.prop==="height"?Math.max(0,a.now):a.now)+a.unit:a.elem[a.prop]=a.now}}}),f.expr&&f.expr.filters&&(f.expr.filters.animated=function(a){return f.grep(f.timers,function(b){return a===b.elem}).length});var ct=/^t(?:able|d|h)$/i,cu=/^(?:body|html)$/i;"getBoundingClientRect"in c.documentElement?f.fn.offset=function(a){var b=this[0],c;if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);try{c=b.getBoundingClientRect()}catch(d){}var e=b.ownerDocument,g=e.documentElement;if(!c||!f.contains(g,b))return c?{top:c.top,left:c.left}:{top:0,left:0};var h=e.body,i=cv(e),j=g.clientTop||h.clientTop||0,k=g.clientLeft||h.clientLeft||0,l=i.pageYOffset||f.support.boxModel&&g.scrollTop||h.scrollTop,m=i.pageXOffset||f.support.boxModel&&g.scrollLeft||h.scrollLeft,n=c.top+l-j,o=c.left+m-k;return{top:n,left:o}}:f.fn.offset=function(a){var b=this[0];if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);f.offset.initialize();var c,d=b.offsetParent,e=b,g=b.ownerDocument,h=g.documentElement,i=g.body,j=g.defaultView,k=j?j.getComputedStyle(b,null):b.currentStyle,l=b.offsetTop,m=b.offsetLeft;while((b=b.parentNode)&&b!==i&&b!==h){if(f.offset.supportsFixedPosition&&k.position==="fixed")break;c=j?j.getComputedStyle(b,null):b.currentStyle,l-=b.scrollTop,m-=b.scrollLeft,b===d&&(l+=b.offsetTop,m+=b.offsetLeft,f.offset.doesNotAddBorder&&(!f.offset.doesAddBorderForTableAndCells||!ct.test(b.nodeName))&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),e=d,d=b.offsetParent),f.offset.subtractsBorderForOverflowNotVisible&&c.overflow!=="visible"&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),k=c}if(k.position==="relative"||k.position==="static")l+=i.offsetTop,m+=i.offsetLeft;f.offset.supportsFixedPosition&&k.position==="fixed"&&(l+=Math.max(h.scrollTop,i.scrollTop),m+=Math.max(h.scrollLeft,i.scrollLeft));return{top:l,left:m}},f.offset={initialize:function(){var a=c.body,b=c.createElement("div"),d,e,g,h,i=parseFloat(f.css(a,"marginTop"))||0,j="<div style='position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;'><div></div></div><table style='position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;' cellpadding='0' cellspacing='0'><tr><td></td></tr></table>";f.extend(b.style,{position:"absolute",top:0,left:0,margin:0,border:0,width:"1px",height:"1px",visibility:"hidden"}),b.innerHTML=j,a.insertBefore(b,a.firstChild),d=b.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,this.doesNotAddBorder=e.offsetTop!==5,this.doesAddBorderForTableAndCells=h.offsetTop===5,e.style.position="fixed",e.style.top="20px",this.supportsFixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",this.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,this.doesNotIncludeMarginInBodyOffset=a.offsetTop!==i,a.removeChild(b),f.offset.initialize=f.noop},bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.offset.initialize(),f.offset.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,"marginTop"))||0,c+=parseFloat(f.css(a,"marginLeft"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,"position");d==="static"&&(a.style.position="relative");var e=f(a),g=e.offset(),h=f.css(a,"top"),i=f.css(a,"left"),j=(d==="absolute"||d==="fixed")&&f.inArray("auto",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cu.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cu.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cv(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cv(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a&&a.style?parseFloat(f.css(a,d,"padding")):null},f.fn["outer"+c]=function(a){var b=this[0];return b&&b.style?parseFloat(f.css(b,d,a?"margin":"border")):null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c];return e.document.compatMode==="CSS1Compat"&&g||e.document.body["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var h=f.css(e,d),i=parseFloat(h);return f.isNaN(i)?h:i}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f})(window);
\ No newline at end of file diff --git a/config/snort-dev/snortsam-package-code/javascript/jquery.form.js b/config/snort-dev/snortsam-package-code/javascript/jquery.form.js deleted file mode 100644 index 2b853df4..00000000 --- a/config/snort-dev/snortsam-package-code/javascript/jquery.form.js +++ /dev/null @@ -1,785 +0,0 @@ -/*! - * jQuery Form Plugin - * version: 2.49 (18-OCT-2010) - * @requires jQuery v1.3.2 or later - * - * Examples and documentation at: http://malsup.com/jquery/form/ - * Dual licensed under the MIT and GPL licenses: - * http://www.opensource.org/licenses/mit-license.php - * http://www.gnu.org/licenses/gpl.html - */ -;(function($) { - -/* - Usage Note: - ----------- - Do not use both ajaxSubmit and ajaxForm on the same form. These - functions are intended to be exclusive. Use ajaxSubmit if you want - to bind your own submit handler to the form. For example, - - $(document).ready(function() { - $('#myForm').bind('submit', function(e) { - e.preventDefault(); // <-- important - $(this).ajaxSubmit({ - target: '#output' - }); - }); - }); - - Use ajaxForm when you want the plugin to manage all the event binding - for you. For example, - - $(document).ready(function() { - $('#myForm').ajaxForm({ - target: '#output' - }); - }); - - When using ajaxForm, the ajaxSubmit function will be invoked for you - at the appropriate time. -*/ - -/** - * ajaxSubmit() provides a mechanism for immediately submitting - * an HTML form using AJAX. - */ -$.fn.ajaxSubmit = function(options) { - // fast fail if nothing selected (http://dev.jquery.com/ticket/2752) - if (!this.length) { - log('ajaxSubmit: skipping submit process - no element selected'); - return this; - } - - if (typeof options == 'function') { - options = { success: options }; - } - - var url = $.trim(this.attr('action')); - if (url) { - // clean url (don't include hash vaue) - url = (url.match(/^([^#]+)/)||[])[1]; - } - url = url || window.location.href || ''; - - options = $.extend(true, { - url: url, - type: this.attr('method') || 'GET', - iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank' - }, options); - - // hook for manipulating the form data before it is extracted; - // convenient for use with rich editors like tinyMCE or FCKEditor - var veto = {}; - this.trigger('form-pre-serialize', [this, options, veto]); - if (veto.veto) { - log('ajaxSubmit: submit vetoed via form-pre-serialize trigger'); - return this; - } - - // provide opportunity to alter form data before it is serialized - if (options.beforeSerialize && options.beforeSerialize(this, options) === false) { - log('ajaxSubmit: submit aborted via beforeSerialize callback'); - return this; - } - - var n,v,a = this.formToArray(options.semantic); - if (options.data) { - options.extraData = options.data; - for (n in options.data) { - if(options.data[n] instanceof Array) { - for (var k in options.data[n]) { - a.push( { name: n, value: options.data[n][k] } ); - } - } - else { - v = options.data[n]; - v = $.isFunction(v) ? v() : v; // if value is fn, invoke it - a.push( { name: n, value: v } ); - } - } - } - - // give pre-submit callback an opportunity to abort the submit - if (options.beforeSubmit && options.beforeSubmit(a, this, options) === false) { - log('ajaxSubmit: submit aborted via beforeSubmit callback'); - return this; - } - - // fire vetoable 'validate' event - this.trigger('form-submit-validate', [a, this, options, veto]); - if (veto.veto) { - log('ajaxSubmit: submit vetoed via form-submit-validate trigger'); - return this; - } - - var q = $.param(a); - - if (options.type.toUpperCase() == 'GET') { - options.url += (options.url.indexOf('?') >= 0 ? '&' : '?') + q; - options.data = null; // data is null for 'get' - } - else { - options.data = q; // data is the query string for 'post' - } - - var $form = this, callbacks = []; - if (options.resetForm) { - callbacks.push(function() { $form.resetForm(); }); - } - if (options.clearForm) { - callbacks.push(function() { $form.clearForm(); }); - } - - // perform a load on the target only if dataType is not provided - if (!options.dataType && options.target) { - var oldSuccess = options.success || function(){}; - callbacks.push(function(data) { - var fn = options.replaceTarget ? 'replaceWith' : 'html'; - $(options.target)[fn](data).each(oldSuccess, arguments); - }); - } - else if (options.success) { - callbacks.push(options.success); - } - - options.success = function(data, status, xhr) { // jQuery 1.4+ passes xhr as 3rd arg - var context = options.context || options; // jQuery 1.4+ supports scope context - for (var i=0, max=callbacks.length; i < max; i++) { - callbacks[i].apply(context, [data, status, xhr || $form, $form]); - } - }; - - // are there files to upload? - var fileInputs = $('input:file', this).length > 0; - var mp = 'multipart/form-data'; - var multipart = ($form.attr('enctype') == mp || $form.attr('encoding') == mp); - - // options.iframe allows user to force iframe mode - // 06-NOV-09: now defaulting to iframe mode if file input is detected - if (options.iframe !== false && (fileInputs || options.iframe || multipart)) { - // hack to fix Safari hang (thanks to Tim Molendijk for this) - // see: http://groups.google.com/group/jquery-dev/browse_thread/thread/36395b7ab510dd5d - if (options.closeKeepAlive) { - $.get(options.closeKeepAlive, fileUpload); - } - else { - fileUpload(); - } - } - else { - $.ajax(options); - } - - // fire 'notify' event - this.trigger('form-submit-notify', [this, options]); - return this; - - - // private function for handling file uploads (hat tip to YAHOO!) - function fileUpload() { - var form = $form[0]; - - if ($(':input[name=submit],:input[id=submit]', form).length) { - // if there is an input with a name or id of 'submit' then we won't be - // able to invoke the submit fn on the form (at least not x-browser) - alert('Error: Form elements must not have name or id of "submit".'); - return; - } - - var s = $.extend(true, {}, $.ajaxSettings, options); - s.context = s.context || s; - var id = 'jqFormIO' + (new Date().getTime()), fn = '_'+id; - window[fn] = function() { - var f = $io.data('form-plugin-onload'); - if (f) { - f(); - window[fn] = undefined; - try { delete window[fn]; } catch(e){} - } - } - var $io = $('<iframe id="' + id + '" name="' + id + '" src="'+ s.iframeSrc +'" onload="window[\'_\'+this.id]()" />'); - var io = $io[0]; - - $io.css({ position: 'absolute', top: '-1000px', left: '-1000px' }); - - var xhr = { // mock object - aborted: 0, - responseText: null, - responseXML: null, - status: 0, - statusText: 'n/a', - getAllResponseHeaders: function() {}, - getResponseHeader: function() {}, - setRequestHeader: function() {}, - abort: function() { - this.aborted = 1; - $io.attr('src', s.iframeSrc); // abort op in progress - } - }; - - var g = s.global; - // trigger ajax global events so that activity/block indicators work like normal - if (g && ! $.active++) { - $.event.trigger("ajaxStart"); - } - if (g) { - $.event.trigger("ajaxSend", [xhr, s]); - } - - if (s.beforeSend && s.beforeSend.call(s.context, xhr, s) === false) { - if (s.global) { - $.active--; - } - return; - } - if (xhr.aborted) { - return; - } - - var cbInvoked = false; - var timedOut = 0; - - // add submitting element to data if we know it - var sub = form.clk; - if (sub) { - var n = sub.name; - if (n && !sub.disabled) { - s.extraData = s.extraData || {}; - s.extraData[n] = sub.value; - if (sub.type == "image") { - s.extraData[n+'.x'] = form.clk_x; - s.extraData[n+'.y'] = form.clk_y; - } - } - } - - // take a breath so that pending repaints get some cpu time before the upload starts - function doSubmit() { - // make sure form attrs are set - var t = $form.attr('target'), a = $form.attr('action'); - - // update form attrs in IE friendly way - form.setAttribute('target',id); - if (form.getAttribute('method') != 'POST') { - form.setAttribute('method', 'POST'); - } - if (form.getAttribute('action') != s.url) { - form.setAttribute('action', s.url); - } - - // ie borks in some cases when setting encoding - if (! s.skipEncodingOverride) { - $form.attr({ - encoding: 'multipart/form-data', - enctype: 'multipart/form-data' - }); - } - - // support timout - if (s.timeout) { - setTimeout(function() { timedOut = true; cb(); }, s.timeout); - } - - // add "extra" data to form if provided in options - var extraInputs = []; - try { - if (s.extraData) { - for (var n in s.extraData) { - extraInputs.push( - $('<input type="hidden" name="'+n+'" value="'+s.extraData[n]+'" />') - .appendTo(form)[0]); - } - } - - // add iframe to doc and submit the form - $io.appendTo('body'); - $io.data('form-plugin-onload', cb); - form.submit(); - } - finally { - // reset attrs and remove "extra" input elements - form.setAttribute('action',a); - if(t) { - form.setAttribute('target', t); - } else { - $form.removeAttr('target'); - } - $(extraInputs).remove(); - } - } - - if (s.forceSync) { - doSubmit(); - } - else { - setTimeout(doSubmit, 10); // this lets dom updates render - } - - var data, doc, domCheckCount = 50; - - function cb() { - if (cbInvoked) { - return; - } - - $io.removeData('form-plugin-onload'); - - var ok = true; - try { - if (timedOut) { - throw 'timeout'; - } - // extract the server response from the iframe - doc = io.contentWindow ? io.contentWindow.document : io.contentDocument ? io.contentDocument : io.document; - - var isXml = s.dataType == 'xml' || doc.XMLDocument || $.isXMLDoc(doc); - log('isXml='+isXml); - if (!isXml && window.opera && (doc.body == null || doc.body.innerHTML == '')) { - if (--domCheckCount) { - // in some browsers (Opera) the iframe DOM is not always traversable when - // the onload callback fires, so we loop a bit to accommodate - log('requeing onLoad callback, DOM not available'); - setTimeout(cb, 250); - return; - } - // let this fall through because server response could be an empty document - //log('Could not access iframe DOM after mutiple tries.'); - //throw 'DOMException: not available'; - } - - //log('response detected'); - cbInvoked = true; - xhr.responseText = doc.documentElement ? doc.documentElement.innerHTML : null; - xhr.responseXML = doc.XMLDocument ? doc.XMLDocument : doc; - xhr.getResponseHeader = function(header){ - var headers = {'content-type': s.dataType}; - return headers[header]; - }; - - var scr = /(json|script)/.test(s.dataType); - if (scr || s.textarea) { - // see if user embedded response in textarea - var ta = doc.getElementsByTagName('textarea')[0]; - if (ta) { - xhr.responseText = ta.value; - } - else if (scr) { - // account for browsers injecting pre around json response - var pre = doc.getElementsByTagName('pre')[0]; - var b = doc.getElementsByTagName('body')[0]; - if (pre) { - xhr.responseText = pre.innerHTML; - } - else if (b) { - xhr.responseText = b.innerHTML; - } - } - } - else if (s.dataType == 'xml' && !xhr.responseXML && xhr.responseText != null) { - xhr.responseXML = toXml(xhr.responseText); - } - data = $.httpData(xhr, s.dataType); - } - catch(e){ - log('error caught:',e); - ok = false; - xhr.error = e; - $.handleError(s, xhr, 'error', e); - } - - // ordering of these callbacks/triggers is odd, but that's how $.ajax does it - if (ok) { - s.success.call(s.context, data, 'success', xhr); - if (g) { - $.event.trigger("ajaxSuccess", [xhr, s]); - } - } - if (g) { - $.event.trigger("ajaxComplete", [xhr, s]); - } - if (g && ! --$.active) { - $.event.trigger("ajaxStop"); - } - if (s.complete) { - s.complete.call(s.context, xhr, ok ? 'success' : 'error'); - } - - // clean up - setTimeout(function() { - $io.removeData('form-plugin-onload'); - $io.remove(); - xhr.responseXML = null; - }, 100); - } - - function toXml(s, doc) { - if (window.ActiveXObject) { - doc = new ActiveXObject('Microsoft.XMLDOM'); - doc.async = 'false'; - doc.loadXML(s); - } - else { - doc = (new DOMParser()).parseFromString(s, 'text/xml'); - } - return (doc && doc.documentElement && doc.documentElement.tagName != 'parsererror') ? doc : null; - } - } -}; - -/** - * ajaxForm() provides a mechanism for fully automating form submission. - * - * The advantages of using this method instead of ajaxSubmit() are: - * - * 1: This method will include coordinates for <input type="image" /> elements (if the element - * is used to submit the form). - * 2. This method will include the submit element's name/value data (for the element that was - * used to submit the form). - * 3. This method binds the submit() method to the form for you. - * - * The options argument for ajaxForm works exactly as it does for ajaxSubmit. ajaxForm merely - * passes the options argument along after properly binding events for submit elements and - * the form itself. - */ -$.fn.ajaxForm = function(options) { - // in jQuery 1.3+ we can fix mistakes with the ready state - if (this.length === 0) { - var o = { s: this.selector, c: this.context }; - if (!$.isReady && o.s) { - log('DOM not ready, queuing ajaxForm'); - $(function() { - $(o.s,o.c).ajaxForm(options); - }); - return this; - } - // is your DOM ready? http://docs.jquery.com/Tutorials:Introducing_$(document).ready() - log('terminating; zero elements found by selector' + ($.isReady ? '' : ' (DOM not ready)')); - return this; - } - - return this.ajaxFormUnbind().bind('submit.form-plugin', function(e) { - if (!e.isDefaultPrevented()) { // if event has been canceled, don't proceed - e.preventDefault(); - $(this).ajaxSubmit(options); - } - }).bind('click.form-plugin', function(e) { - var target = e.target; - var $el = $(target); - if (!($el.is(":submit,input:image"))) { - // is this a child element of the submit el? (ex: a span within a button) - var t = $el.closest(':submit'); - if (t.length == 0) { - return; - } - target = t[0]; - } - var form = this; - form.clk = target; - if (target.type == 'image') { - if (e.offsetX != undefined) { - form.clk_x = e.offsetX; - form.clk_y = e.offsetY; - } else if (typeof $.fn.offset == 'function') { // try to use dimensions plugin - var offset = $el.offset(); - form.clk_x = e.pageX - offset.left; - form.clk_y = e.pageY - offset.top; - } else { - form.clk_x = e.pageX - target.offsetLeft; - form.clk_y = e.pageY - target.offsetTop; - } - } - // clear form vars - setTimeout(function() { form.clk = form.clk_x = form.clk_y = null; }, 100); - }); -}; - -// ajaxFormUnbind unbinds the event handlers that were bound by ajaxForm -$.fn.ajaxFormUnbind = function() { - return this.unbind('submit.form-plugin click.form-plugin'); -}; - -/** - * formToArray() gathers form element data into an array of objects that can - * be passed to any of the following ajax functions: $.get, $.post, or load. - * Each object in the array has both a 'name' and 'value' property. An example of - * an array for a simple login form might be: - * - * [ { name: 'username', value: 'jresig' }, { name: 'password', value: 'secret' } ] - * - * It is this array that is passed to pre-submit callback functions provided to the - * ajaxSubmit() and ajaxForm() methods. - */ -$.fn.formToArray = function(semantic) { - var a = []; - if (this.length === 0) { - return a; - } - - var form = this[0]; - var els = semantic ? form.getElementsByTagName('*') : form.elements; - if (!els) { - return a; - } - - var i,j,n,v,el,max,jmax; - for(i=0, max=els.length; i < max; i++) { - el = els[i]; - n = el.name; - if (!n) { - continue; - } - - if (semantic && form.clk && el.type == "image") { - // handle image inputs on the fly when semantic == true - if(!el.disabled && form.clk == el) { - a.push({name: n, value: $(el).val()}); - a.push({name: n+'.x', value: form.clk_x}, {name: n+'.y', value: form.clk_y}); - } - continue; - } - - v = $.fieldValue(el, true); - if (v && v.constructor == Array) { - for(j=0, jmax=v.length; j < jmax; j++) { - a.push({name: n, value: v[j]}); - } - } - else if (v !== null && typeof v != 'undefined') { - a.push({name: n, value: v}); - } - } - - if (!semantic && form.clk) { - // input type=='image' are not found in elements array! handle it here - var $input = $(form.clk), input = $input[0]; - n = input.name; - if (n && !input.disabled && input.type == 'image') { - a.push({name: n, value: $input.val()}); - a.push({name: n+'.x', value: form.clk_x}, {name: n+'.y', value: form.clk_y}); - } - } - return a; -}; - -/** - * Serializes form data into a 'submittable' string. This method will return a string - * in the format: name1=value1&name2=value2 - */ -$.fn.formSerialize = function(semantic) { - //hand off to jQuery.param for proper encoding - return $.param(this.formToArray(semantic)); -}; - -/** - * Serializes all field elements in the jQuery object into a query string. - * This method will return a string in the format: name1=value1&name2=value2 - */ -$.fn.fieldSerialize = function(successful) { - var a = []; - this.each(function() { - var n = this.name; - if (!n) { - return; - } - var v = $.fieldValue(this, successful); - if (v && v.constructor == Array) { - for (var i=0,max=v.length; i < max; i++) { - a.push({name: n, value: v[i]}); - } - } - else if (v !== null && typeof v != 'undefined') { - a.push({name: this.name, value: v}); - } - }); - //hand off to jQuery.param for proper encoding - return $.param(a); -}; - -/** - * Returns the value(s) of the element in the matched set. For example, consider the following form: - * - * <form><fieldset> - * <input name="A" type="text" /> - * <input name="A" type="text" /> - * <input name="B" type="checkbox" value="B1" /> - * <input name="B" type="checkbox" value="B2"/> - * <input name="C" type="radio" value="C1" /> - * <input name="C" type="radio" value="C2" /> - * </fieldset></form> - * - * var v = $(':text').fieldValue(); - * // if no values are entered into the text inputs - * v == ['',''] - * // if values entered into the text inputs are 'foo' and 'bar' - * v == ['foo','bar'] - * - * var v = $(':checkbox').fieldValue(); - * // if neither checkbox is checked - * v === undefined - * // if both checkboxes are checked - * v == ['B1', 'B2'] - * - * var v = $(':radio').fieldValue(); - * // if neither radio is checked - * v === undefined - * // if first radio is checked - * v == ['C1'] - * - * The successful argument controls whether or not the field element must be 'successful' - * (per http://www.w3.org/TR/html4/interact/forms.html#successful-controls). - * The default value of the successful argument is true. If this value is false the value(s) - * for each element is returned. - * - * Note: This method *always* returns an array. If no valid value can be determined the - * array will be empty, otherwise it will contain one or more values. - */ -$.fn.fieldValue = function(successful) { - for (var val=[], i=0, max=this.length; i < max; i++) { - var el = this[i]; - var v = $.fieldValue(el, successful); - if (v === null || typeof v == 'undefined' || (v.constructor == Array && !v.length)) { - continue; - } - v.constructor == Array ? $.merge(val, v) : val.push(v); - } - return val; -}; - -/** - * Returns the value of the field element. - */ -$.fieldValue = function(el, successful) { - var n = el.name, t = el.type, tag = el.tagName.toLowerCase(); - if (successful === undefined) { - successful = true; - } - - if (successful && (!n || el.disabled || t == 'reset' || t == 'button' || - (t == 'checkbox' || t == 'radio') && !el.checked || - (t == 'submit' || t == 'image') && el.form && el.form.clk != el || - tag == 'select' && el.selectedIndex == -1)) { - return null; - } - - if (tag == 'select') { - var index = el.selectedIndex; - if (index < 0) { - return null; - } - var a = [], ops = el.options; - var one = (t == 'select-one'); - var max = (one ? index+1 : ops.length); - for(var i=(one ? index : 0); i < max; i++) { - var op = ops[i]; - if (op.selected) { - var v = op.value; - if (!v) { // extra pain for IE... - v = (op.attributes && op.attributes['value'] && !(op.attributes['value'].specified)) ? op.text : op.value; - } - if (one) { - return v; - } - a.push(v); - } - } - return a; - } - return $(el).val(); -}; - -/** - * Clears the form data. Takes the following actions on the form's input fields: - * - input text fields will have their 'value' property set to the empty string - * - select elements will have their 'selectedIndex' property set to -1 - * - checkbox and radio inputs will have their 'checked' property set to false - * - inputs of type submit, button, reset, and hidden will *not* be effected - * - button elements will *not* be effected - */ -$.fn.clearForm = function() { - return this.each(function() { - $('input,select,textarea', this).clearFields(); - }); -}; - -/** - * Clears the selected form elements. - */ -$.fn.clearFields = $.fn.clearInputs = function() { - return this.each(function() { - var t = this.type, tag = this.tagName.toLowerCase(); - if (t == 'text' || t == 'password' || tag == 'textarea') { - this.value = ''; - } - else if (t == 'checkbox' || t == 'radio') { - this.checked = false; - } - else if (tag == 'select') { - this.selectedIndex = -1; - } - }); -}; - -/** - * Resets the form data. Causes all form elements to be reset to their original value. - */ -$.fn.resetForm = function() { - return this.each(function() { - // guard against an input with the name of 'reset' - // note that IE reports the reset function as an 'object' - if (typeof this.reset == 'function' || (typeof this.reset == 'object' && !this.reset.nodeType)) { - this.reset(); - } - }); -}; - -/** - * Enables or disables any matching elements. - */ -$.fn.enable = function(b) { - if (b === undefined) { - b = true; - } - return this.each(function() { - this.disabled = !b; - }); -}; - -/** - * Checks/unchecks any matching checkboxes or radio buttons and - * selects/deselects and matching option elements. - */ -$.fn.selected = function(select) { - if (select === undefined) { - select = true; - } - return this.each(function() { - var t = this.type; - if (t == 'checkbox' || t == 'radio') { - this.checked = select; - } - else if (this.tagName.toLowerCase() == 'option') { - var $sel = $(this).parent('select'); - if (select && $sel[0] && $sel[0].type == 'select-one') { - // deselect all other options - $sel.find('option').selected(false); - } - this.selected = select; - } - }); -}; - -// helper fn for console logging -// set $.fn.ajaxSubmit.debug to true to enable debug logging -function log() { - if ($.fn.ajaxSubmit.debug) { - var msg = '[jquery.form] ' + Array.prototype.join.call(arguments,''); - if (window.console && window.console.log) { - window.console.log(msg); - } - else if (window.opera && window.opera.postError) { - window.opera.postError(msg); - } - } -}; - -})(jQuery); diff --git a/config/snort-dev/snortsam-package-code/javascript/jquery.progressbar.min.js b/config/snort-dev/snortsam-package-code/javascript/jquery.progressbar.min.js deleted file mode 100644 index e85e1120..00000000 --- a/config/snort-dev/snortsam-package-code/javascript/jquery.progressbar.min.js +++ /dev/null @@ -1,20 +0,0 @@ - -(function($){$.extend({progressBar:new function(){this.defaults={steps:20,stepDuration:20,max:100,showText:true,textFormat:'percentage',width:120,height:12,callback:null,boxImage:'/snort/images/progressbar.gif',barImage:{0:'images/progressbg_red.gif',30:'images/progressbg_orange.gif',70:'images/progressbg_green.gif'},running_value:0,value:0,image:null};this.construct=function(arg1,arg2){var argvalue=null;var argconfig=null;if(arg1!=null){if(!isNaN(arg1)){argvalue=arg1;if(arg2!=null){argconfig=arg2;}}else{argconfig=arg1;}} -return this.each(function(child){var pb=this;var config=this.config;if(argvalue!=null&&this.bar!=null&&this.config!=null){this.config.value=parseInt(argvalue) -if(argconfig!=null) -pb.config=$.extend(this.config,argconfig);config=pb.config;}else{var $this=$(this);var config=$.extend({},$.progressBar.defaults,argconfig);config.id=$this.attr('id')?$this.attr('id'):Math.ceil(Math.random()*100000);if(argvalue==null) -argvalue=$this.html().replace("%","") -config.value=parseInt(argvalue);config.running_value=0;config.image=getBarImage(config);var numeric=['steps','stepDuration','max','width','height','running_value','value'];for(var i=0;i<numeric.length;i++) -config[numeric[i]]=parseInt(config[numeric[i]]);$this.html("");var bar=document.createElement('img');var text=document.createElement('span');var $bar=$(bar);var $text=$(text);pb.bar=$bar;$bar.attr('id',config.id+"_pbImage");$text.attr('id',config.id+"_pbText");$text.html(getText(config));$bar.attr('title',getText(config));$bar.attr('alt',getText(config));$bar.attr('src',config.boxImage);$bar.attr('width',config.width);$bar.css("width",config.width+"px");$bar.css("height",config.height+"px");$bar.css("background-image","url("+config.image+")");$bar.css("background-position",((config.width*-1))+'px 50%');$bar.css("padding","0");$bar.css("margin","0");$this.append($bar);$this.append($text);} -function getPercentage(config){return config.running_value*100/config.max;} -function getBarImage(config){var image=config.barImage;if(typeof(config.barImage)=='object'){for(var i in config.barImage){if(config.running_value>=parseInt(i)){image=config.barImage[i];}else{break;}}} -return image;} -function getText(config){if(config.showText){if(config.textFormat=='percentage'){return" "+Math.round(config.running_value)+"%";}else if(config.textFormat=='fraction'){return" "+config.running_value+'/'+config.max;}}} -config.increment=Math.round((config.value-config.running_value)/config.steps);if(config.increment<0) -config.increment*=-1;if(config.increment<1) -config.increment=1;var t=setInterval(function(){var pixels=config.width/100;if(config.running_value>config.value){if(config.running_value-config.increment<config.value){config.running_value=config.value;}else{config.running_value-=config.increment;}} -else if(config.running_value<config.value){if(config.running_value+config.increment>config.value){config.running_value=config.value;}else{config.running_value+=config.increment;}} -if(config.running_value==config.value) -clearInterval(t);var $bar=$("#"+config.id+"_pbImage");var $text=$("#"+config.id+"_pbText");var image=getBarImage(config);if(image!=config.image){$bar.css("background-image","url("+image+")");config.image=image;} -$bar.css("background-position",(((config.width*-1))+(getPercentage(config)*pixels))+'px 50%');$bar.attr('title',getText(config));$text.html(getText(config));if(config.callback!=null&&typeof(config.callback)=='function') -config.callback(config);pb.config=config;},config.stepDuration);});};}});$.fn.extend({progressBar:$.progressBar.construct});})(jQuery);
\ No newline at end of file diff --git a/config/snort-dev/snortsam-package-code/javascript/snort_globalsend.js b/config/snort-dev/snortsam-package-code/javascript/snort_globalsend.js deleted file mode 100644 index dc92efba..00000000 --- a/config/snort-dev/snortsam-package-code/javascript/snort_globalsend.js +++ /dev/null @@ -1,442 +0,0 @@ -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -jQuery.noConflict(); - -//prepare the form when the DOM is ready -jQuery(document).ready(function() { - - jQuery(".icon_click").live('mouseover', function() { - jQuery(this).css('cursor', 'pointer'); - }); - - //-------------------START Misc------------------------------------------- - - - /*! Needs to be watched not my code <- IMPORTANT - * JavaScript UUID Generator, v0.0.1 - * - * Copyright (c) 2009 Massimo Lombardo. - * Dual licensed under the MIT and the GNU GPL licenses. - */ - - function genUUID() { - var uuid = (function () { - var i, - c = "89ab", - u = []; - for (i = 0; i < 36; i += 1) { - u[i] = (Math.random() * 16 | 0).toString(16); - } - u[8] = u[13] = u[18] = u[23] = ""; - u[14] = "4"; - u[19] = c.charAt(Math.random() * 4 | 0); - return u.join(""); - })(); - return { - toString: function () { - return uuid; - }, - valueOf: function () { - return uuid; - } - }; - } - - //-------------------START Misc GLOBAL WINDOW------------------------------------------- - // NOTE: try not to add to manny of thses - - /* - * Gives you even true or false on even numbers - */ - window.isEven = function(someNumber) { - - return (someNumber%2 == 0) ? true : false; - - }; - - /* - * Loop through object with timeout. - * NOTE: IE9 still has issues. Example : deleted rules (6000+ sigs). - * Break up heavy javascript intensive processing into smaller parts. Used to stop "browser Stop responding" warnings. - */ - - /* - function processLoop( actionFunc, numTimes, numWait, doneFunc ) { - var i = 0; - var f = function () { - if (i < numTimes) { - actionFunc( i++ ); // closure on i - setTimeout( f, numWait ); - } - else if (doneFunc) { - doneFunc(); - } - }; - f(); - } - */ - - window.incrementallyProcess = function(workerCallback, data, chunkSize, timeout, completionCallback) { - var i = 0; - (function() { - var remainingDataLength = (data.length - i); - var currentChunkSize = (remainingDataLength >= chunkSize) ? chunkSize : remainingDataLength; - if(i < data.length) { - while(currentChunkSize--) { - workerCallback(i++); - } - setTimeout(arguments.callee, timeout); - } else if(completionCallback) { - completionCallback(); - } - })(); - }; - - // Please wait code - window.hideLoading = function(thisLocation){ - jQuery(thisLocation).hide(); - }; - - // Please wait code - window.showLoading = function(thisLocation){ - jQuery(thisLocation).show(); - }; - - // this was cp from stackoverflow dot com help question - // used to center snort modals - jQuery.fn.centerModal = function () { - this.css("position","absolute"); - this.css("top", 70 + "px"); - this.css("left", ((jQuery(window).width() - this.outerWidth()) / 2) + jQuery(window).scrollLeft() + "px"); - return this; - }; - - - - //--------------------------- START select all code --------------------------- - - jQuery('#select_all').live('click', function(){ - checkAll(jQuery('.domecheck')); - }); - - jQuery('#deselect_all').live('click', function(){ - uncheckAll(jQuery('.domecheck')); - }); - - function checkAll(field){ - for (i = 0; i < field.length; i++){ - field[i].checked = true; - } - } - - function uncheckAll(field){ - for (i = 0; i < field.length; i++){ - field[i].checked = false; - } - } - - - // -------------------------- START cancel form code ------------------------------------------- - //jQuery('#cancel').click(function() { - jQuery('#cancel').live('click', function(){ - - location.reload(); - - }); - - -// ------------------------------- START add row element ------------------------------------------ - - jQuery(".icon_plus").live('click', function() { - - var NewRow_UUID = genUUID(); - var rowNumCount = jQuery("#address").length; - - if (rowNumCount > 0){ - // stop empty - var prevAddressAll_ck = jQuery('tr[id^=maintable_]'); - var prevAddress_ck = prevAddressAll_ck[prevAddressAll_ck.length-1].id; - var prevAddressEmpty_ck = jQuery.trim(jQuery('#' + prevAddress_ck + ' #address').val()); - - if (prevAddressEmpty_ck === ''){ - return false; - } - } - jQuery('#listloopblock').append( - "\n" + '<tr id="maintable_' + NewRow_UUID + '" ' + 'data-options=\'{"pagetable":"SnortWhitelist", "pagedb":"snortDB", "DoPOST":"false"}\' >' + - '<td>' + - '<input class="formfld2" name="list[' + NewRow_UUID + '][ip]" type="text" id="address" size="30" value="" />' + - '</td>' + - '<td>' + - '<input class="formfld2" name="list[' + NewRow_UUID + '][description]" type="text" id="detail" size="50" value="" />' + - '</td>' + - '<td>' + - '<img id="icon_x_' + NewRow_UUID + '" class="icon_click icon_x" src="/themes/nervecenter/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" >' + - '</td>' + - '<input name="list[' + NewRow_UUID + '][uuid]" value="EmptyUUID" type="hidden">' + - '</tr>' + "\n" - ); - - }); - - -// ------------------------------- START remove row element --------------------------------------- - - - // removes row and deletes db entries - function removeRow(){ - jQuery("#maintable_" + window.RemoveRow_UUID).remove(); - } - - jQuery(".icon_x").live('click', function(){ - - var elem = getBaseElement(this.id); // this.id gets id of .icon_x - - // window.RemoveRow_UUID = jQuery("#rowlist_" + elem.index).data("options").rowuuid; - window.RemoveRow_UUID = elem.index; - window.RemoveRow_Table = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagetable; - window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb; - window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST; - - // snort_interfaces_whitelist - if (window.RemoveRow_POST === 'true'){ - if(confirm('Do you really want to delete this list? (e.g. snort rules will fall back to the default list)!')) { - - jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); - - setTimeout(removeRow, 600); - jQuery(this).ajaxSubmit(optionsRMlist); // call POST - return false; - } - } - - // remove element NO post - if (window.RemoveRow_POST === 'false'){ - - jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); - - setTimeout(removeRow, 600); - - return false; - - } - - }); - - // resets db entries - function removeRow(){ - jQuery("#maintable_" + window.RemoveRow_UUID).remove(); - } - - jQuery(".icon_r").live('click', function(){ - - var elem = getBaseElement(this.id); // this.id gets id of .icon_x - - // window.RemoveRow_UUID = jQuery("#rowlist_" + elem.index).data("options").rowuuid; - window.RemoveRow_UUID = elem.index; - window.RemoveRow_Table = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagetable; - window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb; - window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST; - - // snort_interfaces_whitelist - if (window.RemoveRow_POST === 'true'){ - if(confirm('Do you really want to reset this list ? (e.g. DB will reset, all saved settings will be lost!)')) { - - jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); - jQuery("#maintable_" + window.RemoveRow_UUID).fadeIn("fast"); - - jQuery(this).ajaxSubmit(optionsRSTlist); // call POST - return false; - } - } - - }); - - - function RMlistDBDelCall(){ - return RemoveRow_DB; - } - - function RMlistTableDelCall(){ - return RemoveRow_Table; - } - - function RMlistUuidDelCall(){ - return RemoveRow_UUID; - } - - // pre-submit callback - function showRequestRMlist(formData, jqForm, optionsWhitelist) { - - var queryString = jQuery.param(formData); - - // call false to prevent form reload - return true; - } - - // post-submit callback if snort_json_post.php returns true or false - function showResponseRMlist(data){ - - } - - function getBaseElement(elem){ - elem = elem + ""; - var len = elem.length; - var lPos = elem.lastIndexOf("_") * 1; - var baseElem = elem.substr(0, lPos); - var index = elem.substr(lPos+1, len); - - return {"base": baseElem, "index": index}; - - } - - - // declare variable for whitelist delete - var optionsRMlist = { - beforeSubmit: showRequestRMlist, - dataType: 'json', - success: showResponseRMlist, - type: 'POST', - data: { RMlistDelRow: '1', RMlistDB: RMlistDBDelCall, RMlistTable: RMlistTableDelCall, RMlistUuid: RMlistUuidDelCall }, - url: './snort_json_post.php' - }; - - // declare variable for DB reset - var optionsRSTlist = { - beforeSubmit: showRequestRMlist, - dataType: 'json', - success: showResponseRMlist, - type: 'POST', - data: { RSTlistRow: '1', RSTlistDB: RMlistDBDelCall, RSTlistTable: RMlistTableDelCall, RSTlistUuid: RMlistUuidDelCall }, - url: './snort_json_post.php' - }; - - - // STOP remove row element - -// ------------------- START iform Submit/RETURN code --------------------------------------------- - - /* general form */ - //jQuery('#iform').submit(function() { - jQuery('#iform, #iform2, #iform3').live('submit', function(){ - - jQuery(this).ajaxSubmit(options); - - return false; - }); - - // pre-submit callback - function showRequest(formData, jqForm, options) { - - var queryString = jQuery.param(formData); - - // call to please wait - showLoading('#loadingWaiting'); - jQuery('.snortModal').centerModal(); - - //alert('About to submit: \n\n' + queryString); - - // call false to prevent the form - return true; - } - - - - function downloadsnortlogs(data){ - jQuery('.hiddendownloadlink').append('<iframe width="1" height="1" frameborder="0" src="/snort/snort_json_get.php?snortlogdownload=1&snortlogfilename=' + data.downloadfilename + '" ></iframe>'); - - var appendElem = jQuery('<br> <span>success...<span>'); - appendElem.appendTo('.loadingWaitingMessage'); - setTimeout(hideLoading('#loadingWaiting'), 3000); - } - - // After Save Calls display - var appendElem = jQuery('<br> <span>success...<span>'); - function finnish(){ - // hold msg for a min - setTimeout(function(){ - hideLoading('#loadingWaiting'); - appendElem.remove(); - updatestarted = 1; - }, 1200 ); - } - - function showResponse(data, responseText, statusText, xhr, $form){ - - // START of fill call to user - if (responseText === 'success') { - - // snort logs download success - if (data.downloadfilename !== '' && data.snortdownload === 'success'){ - downloadsnortlogs(data); - } - - // succsess display - if (data.snortgeneralsettings === 'success' || data.snortdelete === 'success' || data.snortreset === 'success'){ - // sucsses msg - appendElem.appendTo('.loadingWaitingMessage'); - - // Clean up Waiting code - finnish(); - - if (data.snortMiscTabCall === 'true'){ - jQuery.fn.miscTabCall(); // call tab misc functions - } - - if (data.snortreset) {location.reload();} // hard refresh - - } - - // END of fill call to user - }else{ - // On FAIL get some info back - //alert('responseText: \n' + data.responseText + 'FAIL'); - } - } - // END iform code - - // declare variable for iform - var options = { - beforeSubmit: showRequest, - dataType: 'json', - success: showResponse, - type: 'POST', - url: './snort_json_post.php' - }; - -}); // end of document ready - diff --git a/config/snort-dev/snortsam-package-code/patches/SnortSam/TODAO.txt b/config/snort-dev/snortsam-package-code/patches/SnortSam/TODAO.txt deleted file mode 100644 index 3abf0303..00000000 --- a/config/snort-dev/snortsam-package-code/patches/SnortSam/TODAO.txt +++ /dev/null @@ -1 +0,0 @@ -Patch current snort 2.9
\ No newline at end of file diff --git a/config/snort-dev/snortsam-package-code/patches/SnortSam/snortsam-2.8.6.1.diff b/config/snort-dev/snortsam-package-code/patches/SnortSam/snortsam-2.8.6.1.diff deleted file mode 100644 index 983165e1..00000000 --- a/config/snort-dev/snortsam-package-code/patches/SnortSam/snortsam-2.8.6.1.diff +++ /dev/null @@ -1,3021 +0,0 @@ -Index: snort-2.8.6.1/src/twofish.c -=================================================================== ---- snort-2.8.6.1/src/twofish.c (Revision 0) -+++ snort-2.8.6.1/src/twofish.c (Revision 3) -@@ -0,0 +1,971 @@ -+/* $Id: twofish.c,v 2.1 2008/12/15 20:36:05 fknobbe Exp $ -+ * -+ * -+ * Copyright (C) 1997-2000 The Cryptix Foundation Limited. -+ * Copyright (C) 2000 Farm9. -+ * Copyright (C) 2001 Frank Knobbe. -+ * All rights reserved. -+ * -+ * For Cryptix code: -+ * Use, modification, copying and distribution of this software is subject -+ * the terms and conditions of the Cryptix General Licence. You should have -+ * received a copy of the Cryptix General Licence along with this library; -+ * if not, you can download a copy from http://www.cryptix.org/ . -+ * -+ * For Farm9: -+ * --- jojo@farm9.com, August 2000, converted from Java to C++, added CBC mode and -+ * ciphertext stealing technique, added AsciiTwofish class for easy encryption -+ * decryption of text strings -+ * -+ * Frank Knobbe <frank@knobbe.us>: -+ * --- April 2001, converted from C++ to C, prefixed global variables -+ * with TwoFish, substituted some defines, changed functions to make use of -+ * variables supplied in a struct, modified and added routines for modular calls. -+ * Cleaned up the code so that defines are used instead of fixed 16's and 32's. -+ * Created two general purpose crypt routines for one block and multiple block -+ * encryption using Joh's CBC code. -+ * Added crypt routines that use a header (with a magic and data length). -+ * (Basically a major rewrite). -+ * -+ * Note: Routines labeled _TwoFish are private and should not be used -+ * (or with extreme caution). -+ * -+ */ -+ -+#ifndef __TWOFISH_LIBRARY_SOURCE__ -+#define __TWOFISH_LIBRARY_SOURCE__ -+ -+#include <string.h> -+#include <stdlib.h> -+#include <time.h> -+#include <ctype.h> -+#include <sys/types.h> -+ -+#ifdef WIN32 -+ -+#ifndef u_long -+typedef unsigned long u_long; -+#endif -+#ifndef u_int32_t -+typedef unsigned long u_int32_t; -+#endif -+#ifndef u_word -+typedef unsigned short u_word; -+#endif -+#ifndef u_int16_t -+typedef unsigned short u_int16_t; -+#endif -+#ifndef u_char -+typedef unsigned char u_char; -+#endif -+#ifndef u_int8_t -+typedef unsigned char u_int8_t; -+#endif -+ -+#endif /* WIN32 */ -+ -+#include "twofish.h" -+ -+ -+bool TwoFish_srand=TRUE; /* if TRUE, first call of TwoFishInit will seed rand(); */ -+ /* of TwoFishInit */ -+ -+/* Fixed 8x8 permutation S-boxes */ -+static const u_int8_t TwoFish_P[2][256] = -+{ -+ { /* p0 */ -+ 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, -+ 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, -+ 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, -+ 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, -+ 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, -+ 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, -+ 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, -+ 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, -+ 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, -+ 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, -+ 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, -+ 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, -+ 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, -+ 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, -+ 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, -+ 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, -+ 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, -+ 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, -+ 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, -+ 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, -+ 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, -+ 0x4A, 0x5E, 0xC1, 0xE0 -+ }, -+ { /* p1 */ -+ 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, -+ 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, -+ 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, -+ 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, -+ 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, -+ 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, -+ 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, -+ 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, -+ 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, -+ 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, -+ 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, -+ 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, -+ 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, -+ 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, -+ 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, -+ 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, -+ 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, -+ 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, -+ 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, -+ 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, -+ 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, -+ 0x55, 0x09, 0xBE, 0x91 -+ } -+}; -+ -+static bool TwoFish_MDSready=FALSE; -+static u_int32_t TwoFish_MDS[4][256]; /* TwoFish_MDS matrix */ -+ -+ -+#define TwoFish_LFSR1(x) (((x)>>1)^(((x)&0x01)?TwoFish_MDS_GF_FDBK/2:0)) -+#define TwoFish_LFSR2(x) (((x)>>2)^(((x)&0x02)?TwoFish_MDS_GF_FDBK/2:0)^(((x)&0x01)?TwoFish_MDS_GF_FDBK/4:0)) -+ -+#define TwoFish_Mx_1(x) ((u_int32_t)(x)) /* force result to dword so << will work */ -+#define TwoFish_Mx_X(x) ((u_int32_t)((x)^TwoFish_LFSR2(x))) /* 5B */ -+#define TwoFish_Mx_Y(x) ((u_int32_t)((x)^TwoFish_LFSR1(x)^TwoFish_LFSR2(x))) /* EF */ -+#define TwoFish_RS_rem(x) { u_int8_t b=(u_int8_t)(x>>24); u_int32_t g2=((b<<1)^((b&0x80)?TwoFish_RS_GF_FDBK:0))&0xFF; u_int32_t g3=((b>>1)&0x7F)^((b&1)?TwoFish_RS_GF_FDBK>>1:0)^g2; x=(x<<8)^(g3<<24)^(g2<<16)^(g3<<8)^b; } -+ -+/*#define TwoFish__b(x,N) (((u_int8_t *)&x)[((N)&3)^TwoFish_ADDR_XOR])*/ /* pick bytes out of a dword */ -+ -+#define TwoFish_b0(x) TwoFish__b(x,0) /* extract LSB of u_int32_t */ -+#define TwoFish_b1(x) TwoFish__b(x,1) -+#define TwoFish_b2(x) TwoFish__b(x,2) -+#define TwoFish_b3(x) TwoFish__b(x,3) /* extract MSB of u_int32_t */ -+ -+u_int8_t TwoFish__b(u_int32_t x,int n) -+{ n&=3; -+ while(n-->0) -+ x>>=8; -+ return (u_int8_t)x; -+} -+ -+ -+/* TwoFish Initialization -+ * -+ * This routine generates a global data structure for use with TwoFish, -+ * initializes important values (such as subkeys, sBoxes), generates subkeys -+ * and precomputes the MDS matrix if not already done. -+ * -+ * Input: User supplied password (will be appended by default password of 'SnortHas2FishEncryptionRoutines!') -+ * -+ * Output: Pointer to TWOFISH structure. This data structure contains key dependent data. -+ * This pointer is used with all other crypt functions. -+ */ -+ -+TWOFISH *TwoFishInit(char *userkey) -+{ TWOFISH *tfdata; -+ int i,x,m; -+ char tkey[TwoFish_KEY_LENGTH+40]; -+ -+ tfdata=malloc(sizeof(TWOFISH)); /* allocate the TwoFish structure */ -+ if(tfdata!=NULL) -+ { if(*userkey) -+ { strncpy(tkey,userkey,TwoFish_KEY_LENGTH); /* use first 32 chars of user supplied password */ -+ tkey[TwoFish_KEY_LENGTH]=0; /* make sure it wasn't more */ -+ } -+ else -+ strcpy(tkey,TwoFish_DEFAULT_PW); /* if no key defined, use default password */ -+ for(i=0,x=0,m=strlen(tkey);i<TwoFish_KEY_LENGTH;i++) /* copy into data structure */ -+ { tfdata->key[i]=tkey[x++]; /* fill the whole keyspace with repeating key. */ -+ if(x==m) -+ x=0; -+ } -+ -+ if(!TwoFish_MDSready) -+ _TwoFish_PrecomputeMDSmatrix(); /* "Wake Up, Neo" */ -+ _TwoFish_MakeSubKeys(tfdata); /* generate subkeys */ -+ _TwoFish_ResetCBC(tfdata); /* reset the CBC */ -+ tfdata->output=NULL; /* nothing to output yet */ -+ tfdata->dontflush=FALSE; /* reset decrypt skip block flag */ -+ if(TwoFish_srand) -+ { TwoFish_srand=FALSE; -+ srand(time(NULL)); -+ } -+ } -+ return tfdata; /* return the data pointer */ -+} -+ -+ -+void TwoFishDestroy(TWOFISH *tfdata) -+{ if(tfdata!=NULL) -+ free(tfdata); -+} -+ -+ -+/* en/decryption with CBC mode */ -+unsigned long _TwoFish_CryptRawCBC(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata) -+{ unsigned long rl; -+ -+ rl=len; /* remember how much data to crypt. */ -+ while(len>TwoFish_BLOCK_SIZE) /* and now we process block by block. */ -+ { _TwoFish_BlockCrypt(in,out,TwoFish_BLOCK_SIZE,decrypt,tfdata); /* de/encrypt it. */ -+ in+=TwoFish_BLOCK_SIZE; /* adjust pointers. */ -+ out+=TwoFish_BLOCK_SIZE; -+ len-=TwoFish_BLOCK_SIZE; -+ } -+ if(len>0) /* if we have less than a block left... */ -+ _TwoFish_BlockCrypt(in,out,len,decrypt,tfdata); /* ...then we de/encrypt that too. */ -+ if(tfdata->qBlockDefined && !tfdata->dontflush) /* in case len was exactly one block... */ -+ _TwoFish_FlushOutput(tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE,tfdata); /* ...we need to write the... */ -+ /* ...remaining bytes of the buffer */ -+ return rl; -+} -+ -+/* en/decryption on one block only */ -+unsigned long _TwoFish_CryptRaw16(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata) -+{ /* qBlockPlain already zero'ed through ResetCBC */ -+ memcpy(tfdata->qBlockPlain,in,len); /* toss the data into it. */ -+ _TwoFish_BlockCrypt16(tfdata->qBlockPlain,tfdata->qBlockCrypt,decrypt,tfdata); /* encrypt just that block without CBC. */ -+ memcpy(out,tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE); /* and return what we got */ -+ return TwoFish_BLOCK_SIZE; -+} -+ -+/* en/decryption without reset of CBC and output assignment */ -+unsigned long _TwoFish_CryptRaw(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata) -+{ -+ if(in!=NULL && out!=NULL && len>0 && tfdata!=NULL) /* if we have valid data, then... */ -+ { if(len>TwoFish_BLOCK_SIZE) /* ...check if we have more than one block. */ -+ return _TwoFish_CryptRawCBC(in,out,len,decrypt,tfdata); /* if so, use the CBC routines... */ -+ else -+ return _TwoFish_CryptRaw16(in,out,len,decrypt,tfdata); /* ...otherwise just do one block. */ -+ } -+ return 0; -+} -+ -+ -+/* TwoFish Raw Encryption -+ * -+ * Does not use header, but does use CBC (if more than one block has to be encrypted). -+ * -+ * Input: Pointer to the buffer of the plaintext to be encrypted. -+ * Pointer to the buffer receiving the ciphertext. -+ * The length of the plaintext buffer. -+ * The TwoFish structure. -+ * -+ * Output: The amount of bytes encrypted if successful, otherwise 0. -+ */ -+ -+unsigned long TwoFishEncryptRaw(char *in, -+ char *out, -+ unsigned long len, -+ TWOFISH *tfdata) -+{ _TwoFish_ResetCBC(tfdata); /* reset CBC flag. */ -+ tfdata->output=out; /* output straight into output buffer. */ -+ return _TwoFish_CryptRaw(in,out,len,FALSE,tfdata); /* and go for it. */ -+} -+ -+/* TwoFish Raw Decryption -+ * -+ * Does not use header, but does use CBC (if more than one block has to be decrypted). -+ * -+ * Input: Pointer to the buffer of the ciphertext to be decrypted. -+ * Pointer to the buffer receiving the plaintext. -+ * The length of the ciphertext buffer (at least one cipher block). -+ * The TwoFish structure. -+ * -+ * Output: The amount of bytes decrypted if successful, otherwise 0. -+ */ -+ -+unsigned long TwoFishDecryptRaw(char *in, -+ char *out, -+ unsigned long len, -+ TWOFISH *tfdata) -+{ _TwoFish_ResetCBC(tfdata); /* reset CBC flag. */ -+ tfdata->output=out; /* output straight into output buffer. */ -+ return _TwoFish_CryptRaw(in,out,len,TRUE,tfdata); /* and go for it. */ -+} -+ -+/* TwoFish Free -+ * -+ * Free's the allocated buffer. -+ * -+ * Input: Pointer to the TwoFish structure -+ * -+ * Output: (none) -+ */ -+ -+void TwoFishFree(TWOFISH *tfdata) -+{ if(tfdata->output!=NULL) /* if a valid buffer is present... */ -+ { free(tfdata->output); /* ...then we free it for you... */ -+ tfdata->output=NULL; /* ...and mark as such. */ -+ } -+} -+ -+/* TwoFish Set Output -+ * -+ * If you want to allocate the output buffer yourself, -+ * then you can set it with this function. -+ * -+ * Input: Pointer to your output buffer -+ * Pointer to the TwoFish structure -+ * -+ * Output: (none) -+ */ -+ -+void TwoFishSetOutput(char *outp,TWOFISH *tfdata) -+{ tfdata->output=outp; /* (do we really need a function for this?) */ -+} -+ -+/* TwoFish Alloc -+ * -+ * Allocates enough memory for the output buffer that would be required -+ * -+ * Input: Length of the plaintext. -+ * Boolean flag for BinHex Output. -+ * Pointer to the TwoFish structure. -+ * -+ * Output: Returns a pointer to the memory allocated. -+ */ -+ -+void *TwoFishAlloc(unsigned long len,bool binhex,bool decrypt,TWOFISH *tfdata) -+{ -+/* TwoFishFree(tfdata); */ /* (don't for now) discard whatever was allocated earlier. */ -+ if(decrypt) /* if decrypting... */ -+ { if(binhex) /* ...and input is binhex encoded... */ -+ len/=2; /* ...use half as much for output. */ -+ len-=TwoFish_BLOCK_SIZE; /* Also, subtract the size of the header. */ -+ } -+ else -+ { len+=TwoFish_BLOCK_SIZE; /* the size is just increased by the header... */ -+ if(binhex) -+ len*=2; /* ...and doubled if output is to be binhexed. */ -+ } -+ tfdata->output=malloc(len+TwoFish_BLOCK_SIZE);/* grab some memory...plus some extra (it's running over somewhere, crashes without extra padding) */ -+ -+ return tfdata->output; /* ...and return to caller. */ -+} -+ -+/* bin2hex and hex2bin conversion */ -+void _TwoFish_BinHex(u_int8_t *buf,unsigned long len,bool bintohex) -+{ u_int8_t *pi,*po,c; -+ -+ if(bintohex) -+ { for(pi=buf+len-1,po=buf+(2*len)-1;len>0;pi--,po--,len--) /* let's start from the end of the bin block. */ -+ { c=*pi; /* grab value. */ -+ c&=15; /* use lower 4 bits. */ -+ if(c>9) /* convert to ascii. */ -+ c+=('a'-10); -+ else -+ c+='0'; -+ *po--=c; /* set the lower nibble. */ -+ c=*pi; /* grab value again. */ -+ c>>=4; /* right shift 4 bits. */ -+ c&=15; /* make sure we only have 4 bits. */ -+ if(c>9) /* convert to ascii. */ -+ c+=('a'-10); -+ else -+ c+='0'; -+ *po=c; /* set the higher nibble. */ -+ } /* and keep going. */ -+ } -+ else -+ { for(pi=buf,po=buf;len>0;pi++,po++,len-=2) /* let's start from the beginning of the hex block. */ -+ { c=tolower(*pi++)-'0'; /* grab higher nibble. */ -+ if(c>9) /* convert to value. */ -+ c-=('0'-9); -+ *po=c<<4; /* left shit 4 bits. */ -+ c=tolower(*pi)-'0'; /* grab lower nibble. */ -+ if(c>9) /* convert to value. */ -+ c-=('0'-9); -+ *po|=c; /* and add to value. */ -+ } -+ } -+} -+ -+ -+/* TwoFish Encryption -+ * -+ * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc, -+ * this routine will alloc the memory. In addition, it will include a small 'header' -+ * containing the magic and some salt. That way the decrypt routine can check if the -+ * packet got decrypted successfully, and return 0 instead of garbage. -+ * -+ * Input: Pointer to the buffer of the plaintext to be encrypted. -+ * Pointer to the pointer to the buffer receiving the ciphertext. -+ * The pointer either points to user allocated output buffer space, or to NULL, in which case -+ * this routine will set the pointer to the buffer allocated through the struct. -+ * The length of the plaintext buffer. -+ * Can be -1 if the input is a null terminated string, in which case we'll count for you. -+ * Boolean flag for BinHex Output (if used, output will be twice as large as input). -+ * Note: BinHex conversion overwrites (converts) input buffer! -+ * The TwoFish structure. -+ * -+ * Output: The amount of bytes encrypted if successful, otherwise 0. -+ */ -+ -+unsigned long TwoFishEncrypt(char *in, -+ char **out, -+ signed long len, -+ bool binhex, -+ TWOFISH *tfdata) -+{ unsigned long ilen,olen; -+ -+ -+ if(len== -1) /* if we got -1 for len, we'll assume IN is a... */ -+ ilen=strlen(in); /* ...\0 terminated string and figure len out ourselves... */ -+ else -+ ilen=len; /* ...otherwise we trust you supply a correct length. */ -+ -+ if(in!=NULL && out!=NULL && ilen>0 && tfdata!=NULL) /* if we got usable stuff, we'll do it. */ -+ { if(*out==NULL) /* if OUT points to a NULL pointer... */ -+ *out=TwoFishAlloc(ilen,binhex,FALSE,tfdata); /* ...we'll (re-)allocate buffer space. */ -+ if(*out!=NULL) -+ { tfdata->output=*out; /* set output buffer. */ -+ tfdata->header.salt=rand()*65536+rand(); /* toss in some salt. */ -+ tfdata->header.length[0]= (u_int8_t)(ilen); -+ tfdata->header.length[1]= (u_int8_t)(ilen>>8); -+ tfdata->header.length[2]= (u_int8_t)(ilen>>16); -+ tfdata->header.length[3]= (u_int8_t)(ilen>>24); -+ memcpy(tfdata->header.magic,TwoFish_MAGIC,TwoFish_MAGIC_LEN); /* set the magic. */ -+ olen=TwoFish_BLOCK_SIZE; /* set output counter. */ -+ _TwoFish_ResetCBC(tfdata); /* reset the CBC flag */ -+ _TwoFish_BlockCrypt((u_int8_t *)&(tfdata->header),*out,olen,FALSE,tfdata); /* encrypt first block (without flush on 16 byte boundary). */ -+ olen+=_TwoFish_CryptRawCBC(in,*out+TwoFish_BLOCK_SIZE,ilen,FALSE,tfdata); /* and encrypt the rest (we do not reset the CBC flag). */ -+ if(binhex) /* if binhex... */ -+ { _TwoFish_BinHex(*out,olen,TRUE); /* ...convert output to binhex... */ -+ olen*=2; /* ...and size twice as large. */ -+ } -+ tfdata->output=*out; -+ return olen; -+ } -+ } -+ return 0; -+} -+ -+/* TwoFish Decryption -+ * -+ * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc, -+ * this routine will alloc the memory. In addition, it will check the small 'header' -+ * containing the magic. If magic does not match we return 0. Otherwise we return the -+ * amount of bytes decrypted (should be the same as the length in the header). -+ * -+ * Input: Pointer to the buffer of the ciphertext to be decrypted. -+ * Pointer to the pointer to the buffer receiving the plaintext. -+ * The pointer either points to user allocated output buffer space, or to NULL, in which case -+ * this routine will set the pointer to the buffer allocated through the struct. -+ * The length of the ciphertext buffer. -+ * Can be -1 if the input is a null terminated binhex string, in which case we'll count for you. -+ * Boolean flag for BinHex Input (if used, plaintext will be half as large as input). -+ * Note: BinHex conversion overwrites (converts) input buffer! -+ * The TwoFish structure. -+ * -+ * Output: The amount of bytes decrypted if successful, otherwise 0. -+ */ -+ -+unsigned long TwoFishDecrypt(char *in, -+ char **out, -+ signed long len, -+ bool binhex, -+ TWOFISH *tfdata) -+{ unsigned long ilen,elen,olen; -+ const u_int8_t cmagic[TwoFish_MAGIC_LEN]=TwoFish_MAGIC; -+ u_int8_t *tbuf; -+ -+ -+ -+ if(len== -1) /* if we got -1 for len, we'll assume IN is... */ -+ ilen=strlen(in); /* ...\0 terminated binhex and figure len out ourselves... */ -+ else -+ ilen=len; /* ...otherwise we trust you supply a correct length. */ -+ -+ if(in!=NULL && out!=NULL && ilen>0 && tfdata!=NULL) /* if we got usable stuff, we'll do it. */ -+ { if(*out==NULL) /* if OUT points to a NULL pointer... */ -+ *out=TwoFishAlloc(ilen,binhex,TRUE,tfdata); /* ...we'll (re-)allocate buffer space. */ -+ if(*out!=NULL) -+ { if(binhex) /* if binhex... */ -+ { _TwoFish_BinHex(in,ilen,FALSE); /* ...convert input to values... */ -+ ilen/=2; /* ...and size half as much. */ -+ } -+ _TwoFish_ResetCBC(tfdata); /* reset the CBC flag. */ -+ -+ tbuf=(u_int8_t *)malloc(ilen+TwoFish_BLOCK_SIZE); /* get memory for data and header. */ -+ if(tbuf==NULL) -+ return 0; -+ tfdata->output=tbuf; /* set output to temp buffer. */ -+ -+ olen=_TwoFish_CryptRawCBC(in,tbuf,ilen,TRUE,tfdata)-TwoFish_BLOCK_SIZE; /* decrypt the whole thing. */ -+ memcpy(&(tfdata->header),tbuf,TwoFish_BLOCK_SIZE); /* copy first block into header. */ -+ tfdata->output=*out; -+ for(elen=0;elen<TwoFish_MAGIC_LEN;elen++) /* compare magic. */ -+ if(tfdata->header.magic[elen]!=cmagic[elen]) -+ break; -+ if(elen==TwoFish_MAGIC_LEN) /* if magic matches then... */ -+ { elen=(tfdata->header.length[0]) | -+ (tfdata->header.length[1])<<8 | -+ (tfdata->header.length[2])<<16 | -+ (tfdata->header.length[3])<<24; /* .. we know how much to expect. */ -+ if(elen>olen) /* adjust if necessary. */ -+ elen=olen; -+ memcpy(*out,tbuf+TwoFish_BLOCK_SIZE,elen); /* copy data into intended output. */ -+ free(tbuf); -+ return elen; -+ } -+ free(tbuf); -+ } -+ } -+ return 0; -+} -+ -+void _TwoFish_PrecomputeMDSmatrix(void) /* precompute the TwoFish_MDS matrix */ -+{ u_int32_t m1[2]; -+ u_int32_t mX[2]; -+ u_int32_t mY[2]; -+ u_int32_t i, j; -+ -+ for (i = 0; i < 256; i++) -+ { j = TwoFish_P[0][i] & 0xFF; /* compute all the matrix elements */ -+ m1[0] = j; -+ mX[0] = TwoFish_Mx_X( j ) & 0xFF; -+ mY[0] = TwoFish_Mx_Y( j ) & 0xFF; -+ -+ j = TwoFish_P[1][i] & 0xFF; -+ m1[1] = j; -+ mX[1] = TwoFish_Mx_X( j ) & 0xFF; -+ mY[1] = TwoFish_Mx_Y( j ) & 0xFF; -+ -+ TwoFish_MDS[0][i] = m1[TwoFish_P_00] | /* fill matrix w/ above elements */ -+ mX[TwoFish_P_00] << 8 | -+ mY[TwoFish_P_00] << 16 | -+ mY[TwoFish_P_00] << 24; -+ TwoFish_MDS[1][i] = mY[TwoFish_P_10] | -+ mY[TwoFish_P_10] << 8 | -+ mX[TwoFish_P_10] << 16 | -+ m1[TwoFish_P_10] << 24; -+ TwoFish_MDS[2][i] = mX[TwoFish_P_20] | -+ mY[TwoFish_P_20] << 8 | -+ m1[TwoFish_P_20] << 16 | -+ mY[TwoFish_P_20] << 24; -+ TwoFish_MDS[3][i] = mX[TwoFish_P_30] | -+ m1[TwoFish_P_30] << 8 | -+ mY[TwoFish_P_30] << 16 | -+ mX[TwoFish_P_30] << 24; -+ } -+ TwoFish_MDSready=TRUE; -+} -+ -+ -+void _TwoFish_MakeSubKeys(TWOFISH *tfdata) /* Expand a user-supplied key material into a session key. */ -+{ u_int32_t k64Cnt = TwoFish_KEY_LENGTH / 8; -+ u_int32_t k32e[4]; /* even 32-bit entities */ -+ u_int32_t k32o[4]; /* odd 32-bit entities */ -+ u_int32_t sBoxKey[4]; -+ u_int32_t offset,i,j; -+ u_int32_t A, B, q=0; -+ u_int32_t k0,k1,k2,k3; -+ u_int32_t b0,b1,b2,b3; -+ -+ /* split user key material into even and odd 32-bit entities and */ -+ /* compute S-box keys using (12, 8) Reed-Solomon code over GF(256) */ -+ -+ -+ for (offset=0,i=0,j=k64Cnt-1;i<4 && offset<TwoFish_KEY_LENGTH;i++,j--) -+ { k32e[i] = tfdata->key[offset++]; -+ k32e[i]|= tfdata->key[offset++]<<8; -+ k32e[i]|= tfdata->key[offset++]<<16; -+ k32e[i]|= tfdata->key[offset++]<<24; -+ k32o[i] = tfdata->key[offset++]; -+ k32o[i]|= tfdata->key[offset++]<<8; -+ k32o[i]|= tfdata->key[offset++]<<16; -+ k32o[i]|= tfdata->key[offset++]<<24; -+ sBoxKey[j] = _TwoFish_RS_MDS_Encode( k32e[i], k32o[i] ); /* reverse order */ -+ } -+ -+ /* compute the round decryption subkeys for PHT. these same subkeys */ -+ /* will be used in encryption but will be applied in reverse order. */ -+ i=0; -+ while(i < TwoFish_TOTAL_SUBKEYS) -+ { A = _TwoFish_F32( k64Cnt, q, k32e ); /* A uses even key entities */ -+ q += TwoFish_SK_BUMP; -+ -+ B = _TwoFish_F32( k64Cnt, q, k32o ); /* B uses odd key entities */ -+ q += TwoFish_SK_BUMP; -+ -+ B = B << 8 | B >> 24; -+ -+ A += B; -+ tfdata->subKeys[i++] = A; /* combine with a PHT */ -+ -+ A += B; -+ tfdata->subKeys[i++] = A << TwoFish_SK_ROTL | A >> (32-TwoFish_SK_ROTL); -+ } -+ -+ /* fully expand the table for speed */ -+ k0 = sBoxKey[0]; -+ k1 = sBoxKey[1]; -+ k2 = sBoxKey[2]; -+ k3 = sBoxKey[3]; -+ -+ for (i = 0; i < 256; i++) -+ { b0 = b1 = b2 = b3 = i; -+ switch (k64Cnt & 3) -+ { case 1: /* 64-bit keys */ -+ tfdata->sBox[ 2*i ] = TwoFish_MDS[0][(TwoFish_P[TwoFish_P_01][b0]) ^ TwoFish_b0(k0)]; -+ tfdata->sBox[ 2*i+1] = TwoFish_MDS[1][(TwoFish_P[TwoFish_P_11][b1]) ^ TwoFish_b1(k0)]; -+ tfdata->sBox[0x200+2*i ] = TwoFish_MDS[2][(TwoFish_P[TwoFish_P_21][b2]) ^ TwoFish_b2(k0)]; -+ tfdata->sBox[0x200+2*i+1] = TwoFish_MDS[3][(TwoFish_P[TwoFish_P_31][b3]) ^ TwoFish_b3(k0)]; -+ break; -+ case 0: /* 256-bit keys (same as 4) */ -+ b0 = (TwoFish_P[TwoFish_P_04][b0]) ^ TwoFish_b0(k3); -+ b1 = (TwoFish_P[TwoFish_P_14][b1]) ^ TwoFish_b1(k3); -+ b2 = (TwoFish_P[TwoFish_P_24][b2]) ^ TwoFish_b2(k3); -+ b3 = (TwoFish_P[TwoFish_P_34][b3]) ^ TwoFish_b3(k3); -+ case 3: /* 192-bit keys */ -+ b0 = (TwoFish_P[TwoFish_P_03][b0]) ^ TwoFish_b0(k2); -+ b1 = (TwoFish_P[TwoFish_P_13][b1]) ^ TwoFish_b1(k2); -+ b2 = (TwoFish_P[TwoFish_P_23][b2]) ^ TwoFish_b2(k2); -+ b3 = (TwoFish_P[TwoFish_P_33][b3]) ^ TwoFish_b3(k2); -+ case 2: /* 128-bit keys */ -+ tfdata->sBox[ 2*i ]= -+ TwoFish_MDS[0][(TwoFish_P[TwoFish_P_01][(TwoFish_P[TwoFish_P_02][b0]) ^ -+ TwoFish_b0(k1)]) ^ TwoFish_b0(k0)]; -+ -+ tfdata->sBox[ 2*i+1]= -+ TwoFish_MDS[1][(TwoFish_P[TwoFish_P_11][(TwoFish_P[TwoFish_P_12][b1]) ^ -+ TwoFish_b1(k1)]) ^ TwoFish_b1(k0)]; -+ -+ tfdata->sBox[0x200+2*i ]= -+ TwoFish_MDS[2][(TwoFish_P[TwoFish_P_21][(TwoFish_P[TwoFish_P_22][b2]) ^ -+ TwoFish_b2(k1)]) ^ TwoFish_b2(k0)]; -+ -+ tfdata->sBox[0x200+2*i+1]= -+ TwoFish_MDS[3][(TwoFish_P[TwoFish_P_31][(TwoFish_P[TwoFish_P_32][b3]) ^ -+ TwoFish_b3(k1)]) ^ TwoFish_b3(k0)]; -+ } -+ } -+} -+ -+ -+/** -+ * Encrypt or decrypt exactly one block of plaintext in CBC mode. -+ * Use "ciphertext stealing" technique described on pg. 196 -+ * of "Applied Cryptography" to encrypt the final partial -+ * (i.e. <16 byte) block if necessary. -+ * -+ * jojo: the "ciphertext stealing" requires we read ahead and have -+ * special handling for the last two blocks. Because of this, the -+ * output from the TwoFish algorithm is handled internally here. -+ * It would be better to have a higher level handle this as well as -+ * CBC mode. Unfortunately, I've mixed the two together, which is -+ * pretty crappy... The Java version separates these out correctly. -+ * -+ * fknobbe: I have reduced the CBC mode to work on memory buffer only. -+ * Higher routines should use an intermediate buffer and handle -+ * their output seperately (mainly so the data can be flushed -+ * in one chunk, not seperate 16 byte blocks...) -+ * -+ * @param in The plaintext. -+ * @param out The ciphertext -+ * @param size how much to encrypt -+ * @param tfdata: Pointer to the global data structure containing session keys. -+ * @return none -+ */ -+void _TwoFish_BlockCrypt(u_int8_t *in,u_int8_t *out,unsigned long size,int decrypt,TWOFISH *tfdata) -+{ u_int8_t PnMinusOne[TwoFish_BLOCK_SIZE]; -+ u_int8_t CnMinusOne[TwoFish_BLOCK_SIZE]; -+ u_int8_t CBCplusCprime[TwoFish_BLOCK_SIZE]; -+ u_int8_t Pn[TwoFish_BLOCK_SIZE]; -+ u_int8_t *p,*pout; -+ unsigned long i; -+ -+ /* here is where we implement CBC mode and cipher block stealing */ -+ if(size==TwoFish_BLOCK_SIZE) -+ { /* if we are encrypting, CBC means we XOR the plain text block with the */ -+ /* previous cipher text block before encrypting */ -+ if(!decrypt && tfdata->qBlockDefined) -+ { for(p=in,i=0;i<TwoFish_BLOCK_SIZE;i++,p++) -+ Pn[i]=*p ^ tfdata->qBlockCrypt[i]; /* FK: I'm copying the xor'ed input into Pn... */ -+ } -+ else -+ memcpy(Pn,in,TwoFish_BLOCK_SIZE); /* FK: same here. we work of Pn all the time. */ -+ -+ /* TwoFish block level encryption or decryption */ -+ _TwoFish_BlockCrypt16(Pn,out,decrypt,tfdata); -+ -+ /* if we are decrypting, CBC means we XOR the result of the decryption */ -+ /* with the previous cipher text block to get the resulting plain text */ -+ if(decrypt && tfdata->qBlockDefined) -+ { for (p=out,i=0;i<TwoFish_BLOCK_SIZE;i++,p++) -+ *p^=tfdata->qBlockPlain[i]; -+ } -+ -+ /* save the input and output blocks, since CBC needs these for XOR */ -+ /* operations */ -+ _TwoFish_qBlockPush(Pn,out,tfdata); -+ } -+ else -+ { /* cipher block stealing, we are at Pn, */ -+ /* but since Cn-1 must now be replaced with CnC' */ -+ /* we pop it off, and recalculate Cn-1 */ -+ -+ if(decrypt) -+ { /* We are on an odd block, and had to do cipher block stealing, */ -+ /* so the PnMinusOne has to be derived differently. */ -+ -+ /* First we decrypt it into CBC and C' */ -+ _TwoFish_qBlockPop(CnMinusOne,PnMinusOne,tfdata); -+ _TwoFish_BlockCrypt16(CnMinusOne,CBCplusCprime,decrypt,tfdata); -+ -+ /* we then xor the first few bytes with the "in" bytes (Cn) */ -+ /* to recover Pn, which we put in out */ -+ for(p=in,pout=out,i=0;i<size;i++,p++,pout++) -+ *pout=*p ^ CBCplusCprime[i]; -+ -+ /* We now recover the original CnMinusOne, which consists of */ -+ /* the first "size" bytes of "in" data, followed by the */ -+ /* "Cprime" portion of CBCplusCprime */ -+ for(p=in,i=0;i<size;i++,p++) -+ CnMinusOne[i]=*p; -+ for(;i<TwoFish_BLOCK_SIZE;i++) -+ CnMinusOne[i]=CBCplusCprime[i]; -+ -+ /* we now decrypt CnMinusOne to get PnMinusOne xored with Cn-2 */ -+ _TwoFish_BlockCrypt16(CnMinusOne,PnMinusOne,decrypt,tfdata); -+ -+ for(i=0;i<TwoFish_BLOCK_SIZE;i++) -+ PnMinusOne[i]=PnMinusOne[i] ^ tfdata->prevCipher[i]; -+ -+ /* So at this point, out has PnMinusOne */ -+ _TwoFish_qBlockPush(CnMinusOne,PnMinusOne,tfdata); -+ _TwoFish_FlushOutput(tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE,tfdata); -+ _TwoFish_FlushOutput(out,size,tfdata); -+ } -+ else -+ { _TwoFish_qBlockPop(PnMinusOne,CnMinusOne,tfdata); -+ memset(Pn,0,TwoFish_BLOCK_SIZE); -+ memcpy(Pn,in,size); -+ for(i=0;i<TwoFish_BLOCK_SIZE;i++) -+ Pn[i]^=CnMinusOne[i]; -+ _TwoFish_BlockCrypt16(Pn,out,decrypt,tfdata); -+ _TwoFish_qBlockPush(Pn,out,tfdata); /* now we officially have Cn-1 */ -+ _TwoFish_FlushOutput(tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE,tfdata); -+ _TwoFish_FlushOutput(CnMinusOne,size,tfdata); /* old Cn-1 becomes new partial Cn */ -+ } -+ tfdata->qBlockDefined=FALSE; -+ } -+} -+ -+void _TwoFish_qBlockPush(u_int8_t *p,u_int8_t *c,TWOFISH *tfdata) -+{ if(tfdata->qBlockDefined) -+ _TwoFish_FlushOutput(tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE,tfdata); -+ memcpy(tfdata->prevCipher,tfdata->qBlockPlain,TwoFish_BLOCK_SIZE); -+ memcpy(tfdata->qBlockPlain,p,TwoFish_BLOCK_SIZE); -+ memcpy(tfdata->qBlockCrypt,c,TwoFish_BLOCK_SIZE); -+ tfdata->qBlockDefined=TRUE; -+} -+ -+void _TwoFish_qBlockPop(u_int8_t *p,u_int8_t *c,TWOFISH *tfdata) -+{ memcpy(p,tfdata->qBlockPlain,TwoFish_BLOCK_SIZE ); -+ memcpy(c,tfdata->qBlockCrypt,TwoFish_BLOCK_SIZE ); -+ tfdata->qBlockDefined=FALSE; -+} -+ -+/* Reset's the CBC flag and zero's PrevCipher (through qBlockPlain) (important) */ -+void _TwoFish_ResetCBC(TWOFISH *tfdata) -+{ tfdata->qBlockDefined=FALSE; -+ memset(tfdata->qBlockPlain,0,TwoFish_BLOCK_SIZE); -+} -+ -+void _TwoFish_FlushOutput(u_int8_t *b,unsigned long len,TWOFISH *tfdata) -+{ unsigned long i; -+ -+ for(i=0;i<len && !tfdata->dontflush;i++) -+ *tfdata->output++ = *b++; -+ tfdata->dontflush=FALSE; -+} -+ -+void _TwoFish_BlockCrypt16(u_int8_t *in,u_int8_t *out,bool decrypt,TWOFISH *tfdata) -+{ u_int32_t x0,x1,x2,x3; -+ u_int32_t k,t0,t1,R; -+ -+ -+ x0=*in++; -+ x0|=(*in++ << 8 ); -+ x0|=(*in++ << 16); -+ x0|=(*in++ << 24); -+ x1=*in++; -+ x1|=(*in++ << 8 ); -+ x1|=(*in++ << 16); -+ x1|=(*in++ << 24); -+ x2=*in++; -+ x2|=(*in++ << 8 ); -+ x2|=(*in++ << 16); -+ x2|=(*in++ << 24); -+ x3=*in++; -+ x3|=(*in++ << 8 ); -+ x3|=(*in++ << 16); -+ x3|=(*in++ << 24); -+ -+ if(decrypt) -+ { x0 ^= tfdata->subKeys[4]; /* swap input and output whitening keys when decrypting */ -+ x1 ^= tfdata->subKeys[5]; -+ x2 ^= tfdata->subKeys[6]; -+ x3 ^= tfdata->subKeys[7]; -+ -+ k = 7+(TwoFish_ROUNDS*2); -+ for (R = 0; R < TwoFish_ROUNDS; R += 2) -+ { t0 = _TwoFish_Fe320( tfdata->sBox, x0); -+ t1 = _TwoFish_Fe323( tfdata->sBox, x1); -+ x3 ^= t0 + (t1<<1) + tfdata->subKeys[k--]; -+ x3 = x3 >> 1 | x3 << 31; -+ x2 = x2 << 1 | x2 >> 31; -+ x2 ^= t0 + t1 + tfdata->subKeys[k--]; -+ -+ t0 = _TwoFish_Fe320( tfdata->sBox, x2); -+ t1 = _TwoFish_Fe323( tfdata->sBox, x3); -+ x1 ^= t0 + (t1<<1) + tfdata->subKeys[k--]; -+ x1 = x1 >> 1 | x1 << 31; -+ x0 = x0 << 1 | x0 >> 31; -+ x0 ^= t0 + t1 + tfdata->subKeys[k--]; -+ } -+ -+ x2 ^= tfdata->subKeys[0]; -+ x3 ^= tfdata->subKeys[1]; -+ x0 ^= tfdata->subKeys[2]; -+ x1 ^= tfdata->subKeys[3]; -+ } -+ else -+ { x0 ^= tfdata->subKeys[0]; -+ x1 ^= tfdata->subKeys[1]; -+ x2 ^= tfdata->subKeys[2]; -+ x3 ^= tfdata->subKeys[3]; -+ -+ k = 8; -+ for (R = 0; R < TwoFish_ROUNDS; R += 2) -+ { t0 = _TwoFish_Fe320( tfdata->sBox, x0); -+ t1 = _TwoFish_Fe323( tfdata->sBox, x1); -+ x2 ^= t0 + t1 + tfdata->subKeys[k++]; -+ x2 = x2 >> 1 | x2 << 31; -+ x3 = x3 << 1 | x3 >> 31; -+ x3 ^= t0 + (t1<<1) + tfdata->subKeys[k++]; -+ -+ t0 = _TwoFish_Fe320( tfdata->sBox, x2); -+ t1 = _TwoFish_Fe323( tfdata->sBox, x3); -+ x0 ^= t0 + t1 + tfdata->subKeys[k++]; -+ x0 = x0 >> 1 | x0 << 31; -+ x1 = x1 << 1 | x1 >> 31; -+ x1 ^= t0 + (t1<<1) + tfdata->subKeys[k++]; -+ } -+ -+ x2 ^= tfdata->subKeys[4]; -+ x3 ^= tfdata->subKeys[5]; -+ x0 ^= tfdata->subKeys[6]; -+ x1 ^= tfdata->subKeys[7]; -+ } -+ -+ *out++ = (u_int8_t)(x2 ); -+ *out++ = (u_int8_t)(x2 >> 8); -+ *out++ = (u_int8_t)(x2 >> 16); -+ *out++ = (u_int8_t)(x2 >> 24); -+ -+ *out++ = (u_int8_t)(x3 ); -+ *out++ = (u_int8_t)(x3 >> 8); -+ *out++ = (u_int8_t)(x3 >> 16); -+ *out++ = (u_int8_t)(x3 >> 24); -+ -+ *out++ = (u_int8_t)(x0 ); -+ *out++ = (u_int8_t)(x0 >> 8); -+ *out++ = (u_int8_t)(x0 >> 16); -+ *out++ = (u_int8_t)(x0 >> 24); -+ -+ *out++ = (u_int8_t)(x1 ); -+ *out++ = (u_int8_t)(x1 >> 8); -+ *out++ = (u_int8_t)(x1 >> 16); -+ *out++ = (u_int8_t)(x1 >> 24); -+} -+ -+/** -+ * Use (12, 8) Reed-Solomon code over GF(256) to produce a key S-box -+ * 32-bit entity from two key material 32-bit entities. -+ * -+ * @param k0 1st 32-bit entity. -+ * @param k1 2nd 32-bit entity. -+ * @return Remainder polynomial generated using RS code -+ */ -+u_int32_t _TwoFish_RS_MDS_Encode(u_int32_t k0,u_int32_t k1) -+{ u_int32_t i,r; -+ -+ for(r=k1,i=0;i<4;i++) /* shift 1 byte at a time */ -+ TwoFish_RS_rem(r); -+ r ^= k0; -+ for(i=0;i<4;i++) -+ TwoFish_RS_rem(r); -+ -+ return r; -+} -+ -+u_int32_t _TwoFish_F32(u_int32_t k64Cnt,u_int32_t x,u_int32_t *k32) -+{ u_int8_t b0,b1,b2,b3; -+ u_int32_t k0,k1,k2,k3,result = 0; -+ -+ b0=TwoFish_b0(x); -+ b1=TwoFish_b1(x); -+ b2=TwoFish_b2(x); -+ b3=TwoFish_b3(x); -+ k0=k32[0]; -+ k1=k32[1]; -+ k2=k32[2]; -+ k3=k32[3]; -+ -+ switch (k64Cnt & 3) -+ { case 1: /* 64-bit keys */ -+ result = -+ TwoFish_MDS[0][(TwoFish_P[TwoFish_P_01][b0] & 0xFF) ^ TwoFish_b0(k0)] ^ -+ TwoFish_MDS[1][(TwoFish_P[TwoFish_P_11][b1] & 0xFF) ^ TwoFish_b1(k0)] ^ -+ TwoFish_MDS[2][(TwoFish_P[TwoFish_P_21][b2] & 0xFF) ^ TwoFish_b2(k0)] ^ -+ TwoFish_MDS[3][(TwoFish_P[TwoFish_P_31][b3] & 0xFF) ^ TwoFish_b3(k0)]; -+ break; -+ case 0: /* 256-bit keys (same as 4) */ -+ b0 = (TwoFish_P[TwoFish_P_04][b0] & 0xFF) ^ TwoFish_b0(k3); -+ b1 = (TwoFish_P[TwoFish_P_14][b1] & 0xFF) ^ TwoFish_b1(k3); -+ b2 = (TwoFish_P[TwoFish_P_24][b2] & 0xFF) ^ TwoFish_b2(k3); -+ b3 = (TwoFish_P[TwoFish_P_34][b3] & 0xFF) ^ TwoFish_b3(k3); -+ -+ case 3: /* 192-bit keys */ -+ b0 = (TwoFish_P[TwoFish_P_03][b0] & 0xFF) ^ TwoFish_b0(k2); -+ b1 = (TwoFish_P[TwoFish_P_13][b1] & 0xFF) ^ TwoFish_b1(k2); -+ b2 = (TwoFish_P[TwoFish_P_23][b2] & 0xFF) ^ TwoFish_b2(k2); -+ b3 = (TwoFish_P[TwoFish_P_33][b3] & 0xFF) ^ TwoFish_b3(k2); -+ case 2: /* 128-bit keys (optimize for this case) */ -+ result = -+ TwoFish_MDS[0][(TwoFish_P[TwoFish_P_01][(TwoFish_P[TwoFish_P_02][b0] & 0xFF) ^ TwoFish_b0(k1)] & 0xFF) ^ TwoFish_b0(k0)] ^ -+ TwoFish_MDS[1][(TwoFish_P[TwoFish_P_11][(TwoFish_P[TwoFish_P_12][b1] & 0xFF) ^ TwoFish_b1(k1)] & 0xFF) ^ TwoFish_b1(k0)] ^ -+ TwoFish_MDS[2][(TwoFish_P[TwoFish_P_21][(TwoFish_P[TwoFish_P_22][b2] & 0xFF) ^ TwoFish_b2(k1)] & 0xFF) ^ TwoFish_b2(k0)] ^ -+ TwoFish_MDS[3][(TwoFish_P[TwoFish_P_31][(TwoFish_P[TwoFish_P_32][b3] & 0xFF) ^ TwoFish_b3(k1)] & 0xFF) ^ TwoFish_b3(k0)]; -+ break; -+ } -+ return result; -+} -+ -+u_int32_t _TwoFish_Fe320(u_int32_t *lsBox,u_int32_t x) -+{ return lsBox[ TwoFish_b0(x)<<1 ]^ -+ lsBox[ ((TwoFish_b1(x)<<1)|1)]^ -+ lsBox[0x200+ (TwoFish_b2(x)<<1) ]^ -+ lsBox[0x200+((TwoFish_b3(x)<<1)|1)]; -+} -+ -+u_int32_t _TwoFish_Fe323(u_int32_t *lsBox,u_int32_t x) -+{ return lsBox[ (TwoFish_b3(x)<<1) ]^ -+ lsBox[ ((TwoFish_b0(x)<<1)|1)]^ -+ lsBox[0x200+ (TwoFish_b1(x)<<1) ]^ -+ lsBox[0x200+((TwoFish_b2(x)<<1)|1)]; -+} -+ -+u_int32_t _TwoFish_Fe32(u_int32_t *lsBox,u_int32_t x,u_int32_t R) -+{ return lsBox[ 2*TwoFish__b(x,R ) ]^ -+ lsBox[ 2*TwoFish__b(x,R+1)+1]^ -+ lsBox[0x200+2*TwoFish__b(x,R+2) ]^ -+ lsBox[0x200+2*TwoFish__b(x,R+3)+1]; -+} -+ -+ -+#endif - -Index: snort-2.8.6.1/src/twofish.h -=================================================================== ---- snort-2.8.6.1/src/twofish.h (Revision 0) -+++ snort-2.8.6.1/src/twofish.h (Revision 3) -@@ -0,0 +1,276 @@ -+/* $Id: twofish.h,v 2.1 2008/12/15 20:36:05 fknobbe Exp $ -+ * -+ * -+ * Copyright (C) 1997-2000 The Cryptix Foundation Limited. -+ * Copyright (C) 2000 Farm9. -+ * Copyright (C) 2001 Frank Knobbe. -+ * All rights reserved. -+ * -+ * For Cryptix code: -+ * Use, modification, copying and distribution of this software is subject -+ * the terms and conditions of the Cryptix General Licence. You should have -+ * received a copy of the Cryptix General Licence along with this library; -+ * if not, you can download a copy from http://www.cryptix.org/ . -+ * -+ * For Farm9: -+ * --- jojo@farm9.com, August 2000, converted from Java to C++, added CBC mode and -+ * ciphertext stealing technique, added AsciiTwofish class for easy encryption -+ * decryption of text strings -+ * -+ * Frank Knobbe <frank@knobbe.us>: -+ * --- April 2001, converted from C++ to C, prefixed global variables -+ * with TwoFish, substituted some defines, changed functions to make use of -+ * variables supplied in a struct, modified and added routines for modular calls. -+ * Cleaned up the code so that defines are used instead of fixed 16's and 32's. -+ * Created two general purpose crypt routines for one block and multiple block -+ * encryption using Joh's CBC code. -+ * Added crypt routines that use a header (with a magic and data length). -+ * (Basically a major rewrite). -+ * -+ * Note: Routines labeled _TwoFish are private and should not be used -+ * (or with extreme caution). -+ * -+ */ -+ -+#ifndef __TWOFISH_LIBRARY_HEADER__ -+#define __TWOFISH_LIBRARY_HEADER__ -+ -+#ifndef FALSE -+#define FALSE 0 -+#endif -+#ifndef TRUE -+#define TRUE !FALSE -+#endif -+#ifndef bool -+#define bool int -+#endif -+ -+ -+/* Constants */ -+ -+#define TwoFish_DEFAULT_PW "SnortHas2FishEncryptionRoutines!" /* default password (not more than 32 chars) */ -+#define TwoFish_MAGIC "TwoFish" /* to indentify a successful decryption */ -+ -+enum -+{ TwoFish_KEY_SIZE = 256, /* Valid values: 64, 128, 192, 256 */ -+ /* User 256, other key sizes have not been tested. */ -+ /* (But should work. I substituted as much as */ -+ /* I could with this define.) */ -+ TwoFish_ROUNDS = 16, -+ TwoFish_BLOCK_SIZE = 16, /* bytes in a data-block */ -+ TwoFish_KEY_LENGTH = TwoFish_KEY_SIZE/8, /* 32= 256-bit key */ -+ TwoFish_TOTAL_SUBKEYS = 4+4+2*TwoFish_ROUNDS, -+ TwoFish_MAGIC_LEN = TwoFish_BLOCK_SIZE-8, -+ TwoFish_SK_BUMP = 0x01010101, -+ TwoFish_SK_ROTL = 9, -+ TwoFish_P_00 = 1, -+ TwoFish_P_01 = 0, -+ TwoFish_P_02 = 0, -+ TwoFish_P_03 = TwoFish_P_01 ^ 1, -+ TwoFish_P_04 = 1, -+ TwoFish_P_10 = 0, -+ TwoFish_P_11 = 0, -+ TwoFish_P_12 = 1, -+ TwoFish_P_13 = TwoFish_P_11 ^ 1, -+ TwoFish_P_14 = 0, -+ TwoFish_P_20 = 1, -+ TwoFish_P_21 = 1, -+ TwoFish_P_22 = 0, -+ TwoFish_P_23 = TwoFish_P_21 ^ 1, -+ TwoFish_P_24 = 0, -+ TwoFish_P_30 = 0, -+ TwoFish_P_31 = 1, -+ TwoFish_P_32 = 1, -+ TwoFish_P_33 = TwoFish_P_31 ^ 1, -+ TwoFish_P_34 = 1, -+ TwoFish_GF256_FDBK = 0x169, -+ TwoFish_GF256_FDBK_2 = 0x169 / 2, -+ TwoFish_GF256_FDBK_4 = 0x169 / 4, -+ TwoFish_RS_GF_FDBK = 0x14D, /* field generator */ -+ TwoFish_MDS_GF_FDBK = 0x169 /* primitive polynomial for GF(256) */ -+}; -+ -+ -+/* Global data structure for callers */ -+ -+typedef struct -+{ u_int32_t sBox[4 * 256]; /* Key dependent S-box */ -+ u_int32_t subKeys[TwoFish_TOTAL_SUBKEYS]; /* Subkeys */ -+ u_int8_t key[TwoFish_KEY_LENGTH]; /* Encryption Key */ -+ u_int8_t *output; /* Pointer to output buffer */ -+ u_int8_t qBlockPlain[TwoFish_BLOCK_SIZE]; /* Used by CBC */ -+ u_int8_t qBlockCrypt[TwoFish_BLOCK_SIZE]; -+ u_int8_t prevCipher[TwoFish_BLOCK_SIZE]; -+ struct /* Header for crypt functions. Has to be at least one block long. */ -+ { u_int32_t salt; /* Random salt in first block (will salt the rest through CBC) */ -+ u_int8_t length[4]; /* The amount of data following the header */ -+ u_int8_t magic[TwoFish_MAGIC_LEN]; /* Magic to identify successful decryption */ -+ } header; -+ bool qBlockDefined; -+ bool dontflush; -+} TWOFISH; -+ -+#ifndef __TWOFISH_LIBRARY_SOURCE__ -+ -+extern bool TwoFish_srand; /* if set to TRUE (default), first call of TwoFishInit will seed rand(); */ -+ /* call of TwoFishInit */ -+#endif -+ -+ -+/**** Public Functions ****/ -+ -+/* TwoFish Initialization -+ * -+ * This routine generates a global data structure for use with TwoFish, -+ * initializes important values (such as subkeys, sBoxes), generates subkeys -+ * and precomputes the MDS matrix if not already done. -+ * -+ * Input: User supplied password (will be appended by default password of 'SnortHas2FishEncryptionRoutines!') -+ * -+ * Output: Pointer to TWOFISH structure. This data structure contains key dependent data. -+ * This pointer is used with all other crypt functions. -+ */ -+TWOFISH *TwoFishInit(char *userkey); -+ -+ -+/* TwoFish Destroy -+ * -+ * Nothing else but a free... -+ * -+ * Input: Pointer to the TwoFish structure. -+ * -+ */ -+void TwoFishDestroy(TWOFISH *tfdata); -+ -+ -+/* TwoFish Alloc -+ * -+ * Allocates enough memory for the output buffer as required. -+ * -+ * Input: Length of the plaintext. -+ * Boolean flag for BinHex Output. -+ * Pointer to the TwoFish structure. -+ * -+ * Output: Returns a pointer to the memory allocated. -+ */ -+void *TwoFishAlloc(unsigned long len,bool binhex,bool decrypt,TWOFISH *tfdata); -+ -+ -+/* TwoFish Free -+ * -+ * Free's the allocated buffer. -+ * -+ * Input: Pointer to the TwoFish structure -+ * -+ * Output: (none) -+ */ -+void TwoFishFree(TWOFISH *tfdata); -+ -+ -+/* TwoFish Set Output -+ * -+ * If you want to allocate the output buffer yourself, -+ * then you can set it with this function. -+ * -+ * Input: Pointer to your output buffer -+ * Pointer to the TwoFish structure -+ * -+ * Output: (none) -+ */ -+void TwoFishSetOutput(char *outp,TWOFISH *tfdata); -+ -+ -+/* TwoFish Raw Encryption -+ * -+ * Does not use header, but does use CBC (if more than one block has to be encrypted). -+ * -+ * Input: Pointer to the buffer of the plaintext to be encrypted. -+ * Pointer to the buffer receiving the ciphertext. -+ * The length of the plaintext buffer. -+ * The TwoFish structure. -+ * -+ * Output: The amount of bytes encrypted if successful, otherwise 0. -+ */ -+unsigned long TwoFishEncryptRaw(char *in,char *out,unsigned long len,TWOFISH *tfdata); -+ -+/* TwoFish Raw Decryption -+ * -+ * Does not use header, but does use CBC (if more than one block has to be decrypted). -+ * -+ * Input: Pointer to the buffer of the ciphertext to be decrypted. -+ * Pointer to the buffer receiving the plaintext. -+ * The length of the ciphertext buffer (at least one cipher block). -+ * The TwoFish structure. -+ * -+ * Output: The amount of bytes decrypted if successful, otherwise 0. -+ */ -+unsigned long TwoFishDecryptRaw(char *in,char *out,unsigned long len,TWOFISH *tfdata); -+ -+ -+/* TwoFish Encryption -+ * -+ * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc, -+ * this routine will alloc the memory. In addition, it will include a small 'header' -+ * containing the magic and some salt. That way the decrypt routine can check if the -+ * packet got decrypted successfully, and return 0 instead of garbage. -+ * -+ * Input: Pointer to the buffer of the plaintext to be encrypted. -+ * Pointer to the pointer to the buffer receiving the ciphertext. -+ * The pointer either points to user allocated output buffer space, or to NULL, in which case -+ * this routine will set the pointer to the buffer allocated through the struct. -+ * The length of the plaintext buffer. -+ * Can be -1 if the input is a null terminated string, in which case we'll count for you. -+ * Boolean flag for BinHex Output (if used, output will be twice as large as input). -+ * Note: BinHex conversion overwrites (converts) input buffer! -+ * The TwoFish structure. -+ * -+ * Output: The amount of bytes encrypted if successful, otherwise 0. -+ */ -+unsigned long TwoFishEncrypt(char *in,char **out,signed long len,bool binhex,TWOFISH *tfdata); -+ -+ -+/* TwoFish Decryption -+ * -+ * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc, -+ * this routine will alloc the memory. In addition, it will check the small 'header' -+ * containing the magic. If magic does not match we return 0. Otherwise we return the -+ * amount of bytes decrypted (should be the same as the length in the header). -+ * -+ * Input: Pointer to the buffer of the ciphertext to be decrypted. -+ * Pointer to the pointer to the buffer receiving the plaintext. -+ * The pointer either points to user allocated output buffer space, or to NULL, in which case -+ * this routine will set the pointer to the buffer allocated through the struct. -+ * The length of the ciphertext buffer. -+ * Can be -1 if the input is a null terminated binhex string, in which case we'll count for you. -+ * Boolean flag for BinHex Input (if used, plaintext will be half as large as input). -+ * Note: BinHex conversion overwrites (converts) input buffer! -+ * The TwoFish structure. -+ * -+ * Output: The amount of bytes decrypted if successful, otherwise 0. -+ */ -+unsigned long TwoFishDecrypt(char *in,char **out,signed long len,bool binhex,TWOFISH *tfdata); -+ -+ -+/**** Private Functions ****/ -+ -+u_int8_t TwoFish__b(u_int32_t x,int n); -+void _TwoFish_BinHex(u_int8_t *buf,unsigned long len,bool bintohex); -+unsigned long _TwoFish_CryptRawCBC(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata); -+unsigned long _TwoFish_CryptRaw16(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata); -+unsigned long _TwoFish_CryptRaw(char *in,char *out,unsigned long len,bool decrypt,TWOFISH *tfdata); -+void _TwoFish_PrecomputeMDSmatrix(void); -+void _TwoFish_MakeSubKeys(TWOFISH *tfdata); -+void _TwoFish_qBlockPush(u_int8_t *p,u_int8_t *c,TWOFISH *tfdata); -+void _TwoFish_qBlockPop(u_int8_t *p,u_int8_t *c,TWOFISH *tfdata); -+void _TwoFish_ResetCBC(TWOFISH *tfdata); -+void _TwoFish_FlushOutput(u_int8_t *b,unsigned long len,TWOFISH *tfdata); -+void _TwoFish_BlockCrypt(u_int8_t *in,u_int8_t *out,unsigned long size,int decrypt,TWOFISH *tfdata); -+void _TwoFish_BlockCrypt16(u_int8_t *in,u_int8_t *out,bool decrypt,TWOFISH *tfdata); -+u_int32_t _TwoFish_RS_MDS_Encode(u_int32_t k0,u_int32_t k1); -+u_int32_t _TwoFish_F32(u_int32_t k64Cnt,u_int32_t x,u_int32_t *k32); -+u_int32_t _TwoFish_Fe320(u_int32_t *lsBox,u_int32_t x); -+u_int32_t _TwoFish_Fe323(u_int32_t *lsBox,u_int32_t x); -+u_int32_t _TwoFish_Fe32(u_int32_t *lsBox,u_int32_t x,u_int32_t R); -+ -+ -+#endif - -Index: snort-2.8.6.1/src/plugin_enum.h -=================================================================== ---- snort-2.8.6.1/src/plugin_enum.h (Revision 1) -+++ snort-2.8.6.1/src/plugin_enum.h (Revision 3) -@@ -60,6 +60,7 @@ - PLUGIN_URILEN_CHECK, - PLUGIN_DYNAMIC, - PLUGIN_FLOWBIT, -+ PLUGIN_FWSAM, - PLUGIN_MAX /* sentinel value */ - }; - -Index: snort-2.8.6.1/src/fatal.h -=================================================================== ---- snort-2.8.6.1/src/fatal.h (Revision 0) -+++ snort-2.8.6.1/src/fatal.h (Revision 3) -@@ -0,0 +1,40 @@ -+/* $Id$ */ -+/* -+** Copyright (C) 2002-2008 Sourcefire, Inc. -+** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com> -+** -+** This program is free software; you can redistribute it and/or modify -+** it under the terms of the GNU General Public License Version 2 as -+** published by the Free Software Foundation. You may not use, modify or -+** distribute this program under any other version of the GNU General -+** Public License. -+** -+** This program is distributed in the hope that it will be useful, -+** but WITHOUT ANY WARRANTY; without even the implied warranty of -+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+** GNU General Public License for more details. -+** -+** You should have received a copy of the GNU General Public License -+** along with this program; if not, write to the Free Software -+** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+*/ -+ -+#ifndef __FATAL_H__ -+#define __FATAL_H__ -+ -+ -+/* -+ * in debugging mode print out the filename and the line number where the -+ * failure have occured -+ */ -+ -+ -+#ifdef DEBUG -+ #define FATAL(msg) { printf("%s:%d: ", __FILE__, __LINE__); FatalError( (char *) msg); } -+#else -+ #define FATAL(msg) FatalError( (char *) msg) -+#endif -+ -+ -+ -+#endif /* __FATAL_H__ */ - -Index: snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.c -=================================================================== ---- snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.c (Revision 0) -+++ snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.c (Revision 3) -@@ -0,0 +1,1380 @@ -+/* $id: snortpatchb,v 1.2 2002/10/26 03:32:35 fknobbe Exp $ -+** -+** spo_alert_fwsam.c -+** -+** Copyright (c) 2001-2004 Frank Knobbe <frank@knobbe.us> -+** -+** This program is free software; you can redistribute it and/or modify -+** it under the terms of the GNU General Public License as published by -+** the Free Software Foundation; either version 2 of the License, or -+** (at your option) any later version. -+** -+** This program is distributed in the hope that it will be useful, -+** but WITHOUT ANY WARRANTY; without even the implied warranty of -+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+** GNU General Public License for more details. -+** -+** You should have received a copy of the GNU General Public License -+** along with this program; if not, write to the Free Software -+** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+*/ -+ -+/* -+ * Purpose: -+ * -+ * This module sends alerts to a remote service on a host running SnortSam -+ * (the agent) which will block the intruding IP address on a variety of -+ * host and network firewalls. -+ * -+ * SnortSam also performs checks against a white-list of never-to-be-blocked IP addresses, -+ * can override block durations (for example for known proxies), and can detect attack conditions -+ * where too many blocks are received within a defined interval. If an attack is detected -+ * it will unblock the last x blocks and wait for the attack to end. -+ * -+ * See the SnortSam documentation for more information. -+ * -+ * -+ * Output Plugin Parameters: -+ *************************** -+ * -+ * output alert_fwsam: <SnortSam Station>:<port>/<key> -+ * -+ * <FW Mgmt Station>: The IP address or host name of the host running SnortSam. -+ * <port>: The port the remote SnortSam service listens on (default 898). -+ * <key>: The key used for authentication (encryption really) -+ * of the communication to the remote service. -+ * -+ * Examples: -+ * -+ * output alert_fwsam: snortsambox/idspassword -+ * output alert_fwsam: fw1.domain.tld:898/mykey -+ * output alert_fwsam: 192.168.0.1/borderfw 192.168.1.254/wanfw -+ * -+ * -+ * Rule Options: -+ *************** -+ * -+ * fwsam: who[how],time; -+ * -+ * who: src, source, dst, dest, destination -+ * IP address to be blocked according to snort rule (some rules -+ * are reversed, i.e. homenet -> any [and you want to block any]). -+ * src denotes IP to the left of -> and dst denotes IP to the right -+ * -+ * how: Optional. In, out, src, dest, either, both, this, conn, connection -+ * Tells FW-1 to block packets INcoming from host, OUTgoing to host, -+ * EITHERway, or only THIS connection (IP/Service pair). -+ * See 'fw sam' for more information. May be ignored by other plugins. -+ * -+ * time: Duration of block in seconds. (Accepts 'days', 'months', 'weeks', -+ * 'years', 'minutes', 'seconds', 'hours'. Alternatively, a value of -+ * 0, or the keyword PERManent, INFinite, or ALWAYS, will block the -+ * host permanently. Be careful with this! -+ * Tells FW-1 (and others) how long to inhibit packets from the host. -+ * -+ * Examples: -+ * -+ * fwsam: src[either],15min; -+ * or dst[in], 2 days 4 hours -+ * or src, 1 hour -+ * -+ * (default: src[either],5min) -+ * -+ * -+ * Effect: -+ * -+ * Alerts are sent to the remote SnortSam services on Firewall-1 Management Stations -+ * or other hosts running SnortSam (as required for Cisco Routers and PIX). -+ * The remote services will invoke the SAM configuration via the fw sam -+ * command line, or by sending a packet to the SAM port 18183, or by using the official -+ * OPSEC API calls, or by telnetting into Cisco routers or PIX firewalls. -+ * The communication over the network is encrypted using two-fish. -+ * (Implementation ripped from CryptCat by Farm9 with permission.) -+ * -+ * Future Plans: -+ * -+ * - Custom alert trigger per rule (x alerts in y secs) --> Seems to exist in Snort 1.9 now. -+ * - Enable/Allow tagged fwsam: arguments to provide different values to -+ * different stations. --> Seems to be accomplished with custom rule-types -+ * -+ * -+ * Comments: -+ * -+ * It seem that above wishes can be implemented with todays setup. Feedback concerning -+ * these is greatly appreciated. -+ * -+*/ -+ -+ -+#include "spo_alert_fwsam.h" -+#include "twofish.h" -+/* external globals from rules.c */ -+extern char *file_name; -+extern int file_line; -+extern OptTreeNode *otn_tmp; -+extern char *snort_conf_dir; /* extern PV pv; */ -+ -+ -+/* my globals */ -+ -+FWsamList *FWsamStationList=NULL; /* Global (for all alert-types) list of snortsam stations */ -+FWsamOptions *FWsamOptionField=NULL; -+unsigned long FWsamMaxOptions=0; -+ -+ -+/* -+ * Function: AlertFWsamSetup() -+ * -+ * Purpose: Registers the output plugin keyword and initialization -+ * function into the output plugin list. This is the function that -+ * gets called from InitOutputPlugins() in plugbase.c. -+ * It also registers itself as a plugin in order to parse every rule -+ * and to set the appropiate flags from fwsam: option. -+ * -+ * Arguments: None. -+ * -+ * Returns: void function -+ * -+*/ -+void AlertFWsamSetup(void) -+{ -+ /* link the preprocessor keyword to the init function in -+ the preproc list */ -+ RegisterOutputPlugin("alert_fwsam", OUTPUT_TYPE_FLAG__ALERT, AlertFWsamInit); -+ RegisterRuleOption("fwsam", AlertFWsamOptionInit, NULL, OPT_TYPE_ACTION, NULL); -+ -+#ifdef FWSAMDEBUG /* This allows debugging of fwsam only */ -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamSetup) Output plugin is plugged in...\n"); -+#endif -+} -+ -+ -+/* This function checks if a given snortsam station is already in -+ * a given list. -+*/ -+int FWsamStationExists(FWsamStation *who,FWsamList *list) -+{ -+ while(list) -+ { -+ if(list->station) { -+// if( who->stationip.s_addr==list->station->stationip.s_addr && -+ if(IP_EQUALITY(&who->stationip, &list->station->stationip) && -+ who->stationport==list->station->stationport) -+ return TRUE; -+ } -+ list=list->next; -+ } -+ return FALSE; -+} -+ -+/* -+ * Function: AlertFWsamInit(char *args) -+ * -+ * Purpose: Calls the argument parsing function, performs final setup on data -+ * structs, links the preproc function into the function list. -+ * -+ * Arguments: args => ptr to argument string -+ * -+ * Returns: void function -+ * -+*/ -+void AlertFWsamInit(char *args) -+{ char *ap; -+ unsigned long statip,cnt,again,i; -+ char *stathost,*statport,*statpass; -+ FWsamStation *station; -+ FWsamList *fwsamlist=NULL; /* alert-type dependent list of snortsam stations */ -+ FWsamList *listp,*newlistp; -+ struct hostent *hoste; -+ char buf[1024]=""; -+ FILE *fp; -+ FWsamOptions tempopt; -+ -+#ifdef FWSAMDEBUG -+ unsigned long hostcnt=0; -+ -+ -+ -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) Output plugin initializing...\n"); -+#endif -+ -+ /* pv.alert_plugin_active = 1; */ -+ -+ /* parse the argument list from the rules file */ -+ -+ if(args == NULL) -+ FatalError("ERROR %s (%d) => [Alert_FWsam](AlertFWsamInit) No arguments to alert_fwsam preprocessor!\n", file_name, file_line); -+ -+ if(!FWsamOptionField && !FWsamMaxOptions) -+ { strncpy(buf,snort_conf_dir,sizeof(buf)-1); -+ strncpy(buf+strlen(buf),SID_MAPFILE,sizeof(buf)-strlen(buf)-1); -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamSetup) Using file: %s\n",buf); -+#endif -+ fp=fopen(buf,"rt"); -+ if(!fp) -+ { strncpy(buf,snort_conf_dir,sizeof(buf)-1); -+ strncpy(buf+strlen(buf),SID_ALT_MAPFILE,sizeof(buf)-strlen(buf)-1); -+ fp=fopen(buf,"rt"); -+ } -+ if(fp) /* Check for presence of map file and read those in, sorted. */ -+ { LogMessage("INFO => [Alert_FWsam](AlertFWsamSetup) Using sid-map file: %s\n",buf); -+ -+ while(FWsamReadLine(buf,sizeof(buf),fp)) -+ if(*buf) -+ FWsamMaxOptions++; -+ if(FWsamMaxOptions) -+ { if((FWsamOptionField=(FWsamOptions *)malloc(sizeof(FWsamOptions)*FWsamMaxOptions))==NULL) -+ FatalError("ERROR => [Alert_FWsam](AlertFWsamSetup) malloc failed for OptionField!\n"); -+ fseek(fp,0,SEEK_SET); -+ for(cnt=0;cnt<FWsamMaxOptions;) -+ { FWsamReadLine(buf,sizeof(buf),fp); -+ if(*buf) -+ FWsamParseLine(&(FWsamOptionField[cnt++]),buf); -+ } -+ if(FWsamMaxOptions>1) -+ { for(again=TRUE,cnt=FWsamMaxOptions-1;cnt>=1 && again;cnt--) -+ { for(again=FALSE,i=0;i<cnt;i++) -+ { if(FWsamOptionField[i].sid>FWsamOptionField[i+1].sid) -+ { memcpy(&tempopt,&(FWsamOptionField[i]),sizeof(FWsamOptions)); -+ memcpy(&(FWsamOptionField[i]),&(FWsamOptionField[i+1]),sizeof(FWsamOptions)); -+ memcpy(&(FWsamOptionField[i+1]),&tempopt,sizeof(FWsamOptions)); -+ again=TRUE; -+ } -+ } -+ } -+ } -+ } -+ else -+ FWsamMaxOptions=1; -+ fclose(fp); -+ } -+ else -+ FWsamMaxOptions=1; -+ } -+ -+ -+ ap=args; /* start at the beginning of the argument */ -+ while(*ap && isspace(*ap)) ap++; -+ while(*ap) -+ { stathost=ap; /* first argument should be host */ -+ statport=NULL; -+ statpass=NULL; -+ while(*ap && *ap!=':' && *ap!='/' && !isspace(*ap)) ap++; /* find token */ -+ switch(*ap) -+ { case ':': *ap++=0; /* grab the port */ -+ statport=ap; -+ while(*ap && *ap!='/' && !isspace(*ap)) ap++; -+ if(*ap!='/') -+ break; -+ case '/': *ap++=0; /* grab the key */ -+ statpass=ap; -+ while(*ap && !isspace(*ap)) ap++; -+ default: break; -+ } -+ if(*ap) -+ { *ap++=0; -+ while(isspace(*ap)) ap++; -+ } -+ /* now we have the first host with port and password (key) */ -+ /* next we check for valid/blank password/port */ -+ if(statpass!=NULL) -+ if(!*statpass) -+ statpass=NULL; -+ if(statport!=NULL) -+ if(!*statport) -+ statport=NULL; -+ statip=0; -+ /* now we check if a valid host was specified */ -+ if(inet_addr(stathost)==INADDR_NONE) -+ { hoste=gethostbyname(stathost); -+ if (!hoste) -+ LogMessage("WARNING %s (%d) => [Alert_FWsam](AlertFWsamInit) Unable to resolve host '%s'!\n",file_name,file_line,stathost); -+ else -+ statip=*(unsigned long *)hoste->h_addr; -+ } -+ else -+ { statip=inet_addr(stathost); -+ if(!statip) -+ LogMessage("WARNING %s (%d) => [Alert_FWsam](AlertFWsamInit) Invalid host address '%s'!\n",file_name,file_line,stathost); -+ } -+ if(statip) -+ { /* groovie, a valid host. Let's alloc and assemble the structure for it. */ -+ if((station=(FWsamStation *)malloc(sizeof(FWsamStation)))==NULL) -+ FatalError("ERROR => [Alert_FWsam](AlertFWsamInit) malloc failed for station!\n"); -+ -+// station->stationip.s_addr=statip; /* the IP address */ -+ station->stationip.ip32[0] = statip; /* the IP address */ -+ if(statport!=NULL && atoi(statport)>0) /* if the user specified one */ -+ station->stationport=atoi(statport); /* use users setting */ -+ else -+ station->stationport=FWSAM_DEFAULTPORT; /* set the default port */ -+ -+ if(statpass!=NULL) /* if specified by user */ -+ strncpy(station->stationkey,statpass,TwoFish_KEY_LENGTH); /* use defined key */ -+ else -+ station->stationkey[0]=0; -+ station->stationkey[TwoFish_KEY_LENGTH]=0; /* make sure it's terminated. (damn strncpy...) */ -+ -+ strcpy(station->initialkey,station->stationkey); -+ station->stationfish=TwoFishInit(station->stationkey); -+ -+ station->localsocketaddr.sin_port=htons(0); /* let's use dynamic ports for now */ -+ station->localsocketaddr.sin_addr.s_addr=0; -+ station->localsocketaddr.sin_family=AF_INET; -+ station->stationsocketaddr.sin_port=htons(station->stationport); -+ //station->stationsocketaddr.sin_addr=station->stationip; -+ station->stationsocketaddr.sin_addr.s_addr=station->stationip.ip32[0]; -+ station->stationsocketaddr.sin_family=AF_INET; /* load all socket crap and keep for later */ -+ -+ do -+ station->myseqno=rand(); /* the seqno this host will use */ -+ while(station->myseqno<20 || station->myseqno>65500); -+ station->mykeymod[0]=rand(); -+ station->mykeymod[1]=rand(); -+ station->mykeymod[2]=rand(); -+ station->mykeymod[3]=rand(); -+ station->stationseqno=0; /* peer hasn't answered yet. */ -+ -+ -+ if(!FWsamStationExists(station,FWsamStationList)) /* If we don't have the station already in global list....*/ -+ { if(FWsamCheckIn(station)) /* ...and we can talk to the agent... */ -+ { if((newlistp=(FWsamList *)malloc(sizeof(FWsamList)))==NULL) -+ FatalError("ERROR => [Alert_FWsam](AlertFWsamInit) malloc failed for global newlistp!\n"); -+ newlistp->station=station; -+ newlistp->next=NULL; -+ -+ if(!FWsamStationList) /* ... add it to the global list/ */ -+ FWsamStationList=newlistp; -+ else -+ { listp=FWsamStationList; -+ while(listp->next) -+ listp=listp->next; -+ listp->next=newlistp; -+ } -+ } -+ else -+ { TwoFishDestroy(station->stationfish); /* if not, we trash it. */ -+ free(station); -+ station=NULL; -+ } -+ } -+#ifdef FWSAMDEBUG -+ else -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) Host %s:%i already in global list, skipping CheckIn.\n", sfip_ntoa(&station->stationip),station->stationport); -+#endif -+ -+ if(station) -+ { if(!FWsamStationExists(station,fwsamlist)) /* If we don't have the station already in local list....*/ -+ { if((newlistp=(FWsamList *)malloc(sizeof(FWsamList)))==NULL) -+ FatalError("ERROR => [Alert_FWsam](AlertFWsamInit) malloc failed for local newlistp!\n"); -+ newlistp->station=station; -+ newlistp->next=NULL; -+ -+ if(!fwsamlist) /* ... add it to the local list/ */ -+ fwsamlist=newlistp; -+ else -+ { listp=fwsamlist; -+ while(listp->next) -+ listp=listp->next; -+ listp->next=newlistp; -+ } -+ } -+ -+#ifdef FWSAMDEBUG -+ else -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) Host %s:%i already in local list, skipping.\n",sfip_ntoa(&station->stationip),station->stationport); -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) #%i: Host %s [%s] port %i password %s\n",++hostcnt,stathost,sfip_ntoa(&station->stationip),station->stationport,station->stationkey); -+#endif -+ } -+ -+ } -+ } /* next one */ -+ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamInit) Linking fwsam alert function to call list...\n"); -+#endif -+ -+ /* Set the preprocessor function into the function list */ -+ AddFuncToOutputList(AlertFWsam, OUTPUT_TYPE_FLAG__ALERT, fwsamlist); -+ AddFuncToCleanExitList(AlertFWsamCleanExitFunc, fwsamlist); -+ AddFuncToRestartList(AlertFWsamRestartFunc, fwsamlist); -+} -+ -+ -+/* This routine reads in a str from a file, snips white-spaces -+ * off the front and back, removes comments, and pretties the -+ * string. Returns true or false if a line was read or not. -+*/ -+int FWsamReadLine(char *buf,unsigned long bufsize,FILE *fp) -+{ char *p; -+ -+ if(fgets(buf,bufsize-1,fp)) -+ { buf[bufsize-1]=0; -+ -+#ifdef FWSAMDEBUG_off -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamReadLine) Line: %s\n",buf); -+#endif -+ -+ p=buf; -+ while(isspace(*p)) -+ p++; -+ if(p>buf); -+ strcpy(buf,p); -+ if(*buf) -+ { p=buf+strlen(buf)-1; /* remove leading and trailing spaces */ -+ while(isspace(*p)) -+ *p-- =0; -+ } -+ p=buf; -+ if(*p=='#' || *p==';') -+ *p=0; -+ else -+ p++; -+ while(*p) /* remove inline comments (except escaped #'s and ;'s) */ -+ { if(*p=='#' || *p==';') -+ { if(*(p-1)=='\\') -+ strcpy(p-1,p); -+ else -+ *p=0; -+ } -+ else -+ p++; -+ } -+ return TRUE; -+ } -+ return FALSE; -+} -+ -+ -+/* Parses the duration of the argument, recognizing minutes, hours, etc.. -+*/ -+unsigned long FWsamParseDuration(char *p) -+{ unsigned long dur=0,tdu; -+ char *tok,c1,c2; -+ -+ while(*p) -+ { tok=p; -+ while(*p && isdigit(*p)) -+ p++; -+ if(*p) -+ { c1=tolower(*p); -+ *p=0; -+ p++; -+ if(*p && !isdigit(*p)) -+ { c2=tolower(*p++); -+ while(*p && !isdigit(*p)) -+ p++; -+ } -+ else -+ c2=0; -+ tdu=atol(tok); -+ switch(c1) -+ { case 'm': if(c2=='o') /* month */ -+ tdu*=(60*60*24*30); /* use 30 days */ -+ else -+ tdu*=60; /* minutes */ -+ case 's': break; /* seconds */ -+ case 'h': tdu*=(60*60); /* hours */ -+ break; -+ case 'd': tdu*=(60*60*24); /* days */ -+ break; -+ case 'w': tdu*=(60*60*24*7); /* week */ -+ break; -+ case 'y': tdu*=(60*60*24*365); /* year */ -+ break; -+ } -+ dur+=tdu; -+ } -+ else -+ dur+=atol(tok); -+ } -+ -+ return dur; -+} -+ -+ -+/* This routine parses an option line. It is called by FWsamParseLine, -+ * which parses the sid-block.map file, and also by AlertFWsamOptionInit, -+ * which is called by Snort when processing fwsam: options in rules. -+ * It returns TRUE it there is a possible option problem, otherwise FALSE. -+*/ -+int FWsamParseOption(FWsamOptions *optp,char *ap) -+{ int possprob=FALSE; -+ -+ /* set defaults */ -+ -+ optp->duration=300; /* default of 5 minute block */ -+ optp->how=FWSAM_HOW_INOUT; /* inbound and outbound block */ -+ optp->who=FWSAM_WHO_SRC; /* the source */ -+ optp->loglevel=FWSAM_LOG_LONGALERT; /* the log level default */ -+ /* parse the fwsam keywords */ -+ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWamOptionInit) Parse Options Args: %s\n",ap); -+#endif -+ -+ if(*ap) /* should be dst/src (the WHO) or duration */ -+ { if(isdigit(*ap)) -+ optp->duration=FWsamParseDuration(ap); -+ else -+ { switch(*ap) /* yeah, we're lazy and check only the first character */ -+ { case 'p': ; /* permanent, perm */ -+ case 'f': ; /* forever */ -+ case 'i': optp->duration=0; /* infinite, inf */ -+ break; -+ case 'd': optp->who=FWSAM_WHO_DST; /* destination, dest, dst */ -+ break; -+ case 's': optp->who=FWSAM_WHO_SRC; /* source, src */ -+ break; -+ default: possprob=TRUE; -+ } -+ while(*ap && *ap!=',' && *ap!='[') -+ ap++; -+ if(*ap=='[') -+ { ap++; /* now we have the HOW */ -+ switch(*ap) -+ { case 'i': ; /* in */ -+ case 's': optp->how=FWSAM_HOW_IN; /* source, src */ -+ break; -+ case 'o': ; /* out */ -+ case 'd': optp->how=FWSAM_HOW_OUT; /* destination, dest, dst */ -+ break; -+ case 'b': ; /* both */ -+ case 'e': optp->how=FWSAM_HOW_INOUT; /* either */ -+ break; -+ case 't': ; /* this */ -+ case 'c': optp->how=FWSAM_HOW_THIS; /* connection, conn */ -+ break; -+ default: possprob=TRUE; -+ } -+ while(*ap && *ap!=',') -+ ap++; -+ } -+ if(*ap==',') -+ { ap++; -+ if(isdigit(*ap)) /* and figure out how long to block */ -+ optp->duration=FWsamParseDuration(ap); -+ else if(*ap=='p' || *ap=='f' || *ap=='i') -+ optp->duration=0; -+ else -+ possprob=TRUE; -+ } -+ else if(!*ap) -+ possprob=TRUE; -+ } -+ } -+ else -+ possprob=TRUE; -+ -+ return possprob; -+} -+ -+ -+/* This goes through the lines of sid-block.map and sets the -+ * options for fwsam if the file is being used. -+*/ -+void FWsamParseLine(FWsamOptions *optp,char *buf) -+{ char *ap; -+ -+ ap=buf; /* start at the beginning of the argument */ -+ -+ while(*ap) -+ { if(isspace(*ap)) /* normalize spaces (tabs into space, etc) */ -+ *ap=' '; -+ if(isupper(*ap)) /* and set to lower case */ -+ *ap=tolower(*ap); -+ ap++; -+ } -+ while((ap=strrchr(buf,' '))!=NULL) /* remove spaces */ -+ strcpy(ap,ap+1); -+ -+ ap=buf; -+ if(*ap) -+ { while(*ap && *ap!=':' && *ap!='|') -+ ap++; -+ *ap++ =0; -+ while(*ap && (*ap==':' || *ap=='|')) -+ ap++; -+ -+ optp->sid=(unsigned long)atol(buf); -+ -+ if(FWsamParseOption(optp,ap)) -+ LogMessage("WARNING %s (%d) => [Alert_FWsam](AlertFWamOptionInit) Possible option problem. Using %s[%s],%lu.\n",file_name,file_line,(optp->who==FWSAM_WHO_SRC)?"src":"dst",(optp->how==FWSAM_HOW_IN)?"in":((optp->how==FWSAM_HOW_OUT)?"out":"either"),optp->duration); -+ } -+ else -+ optp->sid=0; -+} -+ -+ -+ -+/* -+ * Function: AlertFWsamOptionInit(char *data, OptTreeNode *otn, int protocol) -+ * -+ * Purpose: Parses each rule and sets the option flags in the tree. -+ * -+ * Arguments: args => ptr to argument string -+ * -+ * Returns: void function -+ * -+*/ -+void AlertFWsamOptionInit(char *args,OptTreeNode *otn,int protocol) -+{ -+ FWsamOptions *optp; -+ char *ap; -+ -+ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWamOptionInit) FWsamOptionInit is parsing...\n"); -+#endif -+ -+ if((optp=(FWsamOptions *)malloc(sizeof(FWsamOptions)))==NULL) -+ FatalError("ERROR => [Alert_FWsam](AlertFWamOptionInit) malloc failed for opt!\n"); -+ -+ -+ ap=args; /* start at the beginning of the argument */ -+ -+ while(*ap) -+ { if(isspace(*ap)) /* normalize spaces (tabs into space, etc) */ -+ *ap=' '; -+ if(isupper(*ap)) /* and set to lower case */ -+ *ap=tolower(*ap); -+ ap++; -+ } -+ while((ap=strrchr(args,' '))!=NULL) /* remove spaces */ -+ strcpy(ap,ap+1); -+ -+ -+ if(FWsamParseOption(optp,args)) -+ LogMessage("WARNING %s (%d) => [Alert_FWsam](AlertFWamOptionInit) Possible option problem. Using %s[%s],%lu.\n",file_name,file_line,(optp->who==FWSAM_WHO_SRC)?"src":"dst",(optp->how==FWSAM_HOW_IN)?"in":((optp->how==FWSAM_HOW_OUT)?"out":"either"),optp->duration); -+ -+ otn->ds_list[PLUGIN_FWSAM]=(FWsamOptions *)optp; -+} -+ -+ -+/* Generates a new encryption key for TwoFish based on seq numbers and a random that -+ * the SnortSam agents send on checkin (in protocol) -+*/ -+void FWsamNewStationKey(FWsamStation *station,FWsamPacket *packet) -+{ -+ //unsigned char newkey[TwoFish_KEY_LENGTH+2]; -+ char newkey[TwoFish_KEY_LENGTH+2]; -+ int i; -+ -+ newkey[0]=packet->snortseqno[0]; /* current snort seq # (which both know) */ -+ newkey[1]=packet->snortseqno[1]; -+ newkey[2]=packet->fwseqno[0]; /* current SnortSam seq # (which both know) */ -+ newkey[3]=packet->fwseqno[1]; -+ newkey[4]=packet->protocol[0]; /* the random SnortSam chose */ -+ newkey[5]=packet->protocol[1]; -+ -+ strncpy(newkey+6,station->stationkey,TwoFish_KEY_LENGTH-6); /* append old key */ -+ newkey[TwoFish_KEY_LENGTH]=0; -+ -+ newkey[0]^=station->mykeymod[0]; /* modify key with key modifiers which were */ -+ newkey[1]^=station->mykeymod[1]; /* exchanged during the check-in handshake. */ -+ newkey[2]^=station->mykeymod[2]; -+ newkey[3]^=station->mykeymod[3]; -+ newkey[4]^=station->fwkeymod[0]; -+ newkey[5]^=station->fwkeymod[1]; -+ newkey[6]^=station->fwkeymod[2]; -+ newkey[7]^=station->fwkeymod[3]; -+ -+ for(i=0;i<=7;i++) -+ if(newkey[i]==0) -+ newkey[i]++; -+ -+ strcpy(station->stationkey,newkey); -+ TwoFishDestroy(station->stationfish); -+ station->stationfish=TwoFishInit(newkey); -+} -+ -+ -+/* This routine will search the option list as defined -+ * by the sid-block.map file and return a pointer -+ * to the matching record. -+*/ -+FWsamOptions *FWsamGetOption(unsigned long sid) -+{ signed long i,step,diff,o,o2; -+ -+#ifdef FWSAM_FANCYFETCH /* Fancy-fetch jumps in decreasing n/2 steps and takes much less lookups */ -+ o=o2= -1; -+ i=step=FWsamMaxOptions>>1; -+ while(i>=0 && i<FWsamMaxOptions && i!=o2) -+ { diff=sid-FWsamOptionField[i].sid; -+ if(!diff) -+ return &(FWsamOptionField[i]); -+ if(step>1) -+ step=step>>1; -+ o2=o; -+ o=i; -+ if(diff>0) -+ i+=step; -+ else -+ i-=step; -+ } -+#else /* This is just a sequential list lookup */ -+ for(i=0;i<FWsamMaxOptions;i++) -+ if(FWsamOptionField[i].sid==sid) -+ return &(FWsamOptionField[i]); -+#endif -+ return NULL; -+} -+ -+ -+/**************************************************************************** -+ * -+ * Function: AlertFWsam(Packet *, char *) -+ * -+ * Purpose: Send the current alert to a remote module on a FW-1 mgmt station -+ * -+ * Arguments: p => pointer to the packet data struct -+ * msg => the message to print in the alert -+ * -+ * Returns: void function -+ * -+ ***************************************************************************/ -+void AlertFWsam(Packet *p, char *msg, void *arg, Event *event) -+{ FWsamOptions *optp; -+ FWsamPacket sampacket; -+ FWsamStation *station=NULL; -+ FWsamList *fwsamlist; -+ SOCKET stationsocket; -+ int i,len,deletestation,stationtry=0; -+ //unsigned char *encbuf,*decbuf; -+ char *encbuf,*decbuf; -+ static unsigned long lastbsip[FWSAM_REPET_BLOCKS],lastbdip[FWSAM_REPET_BLOCKS], -+ lastbduration[FWSAM_REPET_BLOCKS],lastbtime[FWSAM_REPET_BLOCKS]; -+ static unsigned short lastbsp[FWSAM_REPET_BLOCKS],lastbdp[FWSAM_REPET_BLOCKS], -+ lastbproto[FWSAM_REPET_BLOCKS],lastbpointer; -+ static unsigned char lastbmode[FWSAM_REPET_BLOCKS]; -+ static unsigned long btime=0; -+ -+ -+ if(otn_tmp==NULL) -+ { -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] NULL otn_tmp!\n"); -+#endif -+ return; -+ } -+ if(p == NULL) -+ { -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] NULL packet!\n"); -+#endif -+ return; -+ } -+ if(arg == NULL) -+ { -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] NULL arg!\n"); -+#endif -+ return; -+ } -+ -+ /* SnortSam does no IPv6 */ -+ if (!IS_IP4(p)) { -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] not acting on non-IP4 packet!\n"); -+#endif -+ return; -+ } -+ -+ optp=NULL; -+ -+ if(FWsamOptionField) /* If using the file (field present), let's use that */ -+ optp=FWsamGetOption(event->sig_id); -+ -+ if(!optp) /* If file not present, check if an fwsam option was defined on the triggering rule */ -+ optp=otn_tmp->ds_list[PLUGIN_FWSAM]; -+ -+ if(optp) /* if options specified for this rule */ -+ { if(!btime) /* if this is the first time this function is */ -+ { for(i=0;i<FWSAM_REPET_BLOCKS;i++) /* called, reset the time and protocol to 0. */ -+ { lastbproto[i]=0; -+ lastbtime[i]=0; -+ } -+ } -+ -+ fwsamlist=(FWsamList *)arg; -+ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] Alert -> Msg=\"%s\"\n",msg); -+ -+ LogMessage("DEBUG => [Alert_FWsam] Alert -> Option: %s[%s],%lu.\n",(optp->who==FWSAM_WHO_SRC)?"src":"dst",(optp->how==FWSAM_HOW_IN)?"in":((optp->how==FWSAM_HOW_OUT)?"out":"either"),optp->duration); -+#endif -+ -+ len=TRUE; -+ btime=(unsigned long)time(NULL); /* get current time */ -+ /* This is a cheap check to see if the blocking request matches any of the previous requests. */ -+ for(i=0;i<FWSAM_REPET_BLOCKS && len;i++) -+ { if( ((optp->how==FWSAM_HOW_THIS)? /* if blocking mode SERVICE, check for src and dst */ -+ ( lastbsip[i]==p->iph->ip_src.s_addr && lastbdip[i]==p->iph->ip_dst.s_addr &&lastbproto[i]==p->iph->ip_proto && -+ ((p->iph->ip_proto==IPPROTO_TCP || p->iph->ip_proto==IPPROTO_UDP)? /* check port only of TCP or UDP */ -+/* ((optp->who==FWSAM_WHO_SRC)?(lastbsp[i]==p->sp):(lastbdp[i]==p->dp)):TRUE) ): */ -+ lastbdp[i]==p->dp:TRUE) ): -+ ((optp->who==FWSAM_WHO_SRC)?(lastbsip[i]==p->iph->ip_src.s_addr):(lastbdip[i]==p->iph->ip_dst.s_addr))) && /* otherwise if we block source, only compare source. Same for dest. */ -+ lastbduration[i]==optp->duration && -+ (lastbmode[i]&(FWSAM_HOW|FWSAM_WHO))==(optp->how|optp->who) && -+ (btime-lastbtime[i]<((optp->duration>FWSAM_REPET_TIME)?FWSAM_REPET_TIME:optp->duration))) -+ { len=FALSE; /* If so, we don't need to block again. */ -+ } -+ } -+ if(len) -+ { if(++lastbpointer>=FWSAM_REPET_BLOCKS) /* increase repetitive check pointer */ -+ lastbpointer=0; -+ lastbsip[lastbpointer]=p->iph->ip_src.s_addr; /* and note packet details */ -+ lastbdip[lastbpointer]=p->iph->ip_dst.s_addr; -+ lastbduration[lastbpointer]=optp->duration; -+ lastbmode[lastbpointer]=optp->how|optp->who|optp->loglevel; -+ lastbproto[lastbpointer]=p->iph->ip_proto; -+ if(p->iph->ip_proto==IPPROTO_TCP || p->iph->ip_proto==IPPROTO_UDP) -+ { lastbsp[lastbpointer]=p->sp; /* set ports if TCP or UDP */ -+ lastbdp[lastbpointer]=p->dp; -+ } -+ lastbtime[lastbpointer]=btime; -+ -+ -+ while(fwsamlist!=NULL) -+ { station=fwsamlist->station; -+ //if(station->stationip.s_addr) -+ if(station->stationip.ip32[0]) -+ { deletestation=FALSE; -+ stationtry++; /* first try */ -+ /* create a socket for the station */ -+ stationsocket=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP); -+ if(stationsocket==INVALID_SOCKET) -+ FatalError("ERROR => [Alert_FWsam] Funky socket error (socket)!\n"); -+ if(bind(stationsocket,(struct sockaddr *)&(station->localsocketaddr),sizeof(struct sockaddr))) -+ FatalError("ERROR => [Alert_FWsam] Could not bind socket!\n"); -+ -+ /* let's connect to the agent */ -+ if(connect(stationsocket,(struct sockaddr *)&station->stationsocketaddr,sizeof(struct sockaddr))) -+ { -+ LogMessage("WARNING => [Alert_FWsam] Could not send block to host %s. Will try later.\n",sfip_ntoa(&station->stationip)); -+#ifdef WIN32 -+ closesocket(stationsocket); -+#else -+ close(stationsocket); -+#endif -+ stationtry=0; -+ } -+ else -+ { -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] Connected to host %s.\n",sfip_ntoa(&station->stationip)); -+#endif -+ /* now build the packet */ -+ station->myseqno+=station->stationseqno; /* increase my seqno by adding agent seq no */ -+ sampacket.endiancheck=1; /* This is an endian indicator for Snortsam */ -+ sampacket.snortseqno[0]=(char)station->myseqno; -+ sampacket.snortseqno[1]=(char)(station->myseqno>>8); -+ sampacket.fwseqno[0]=(char)station->stationseqno;/* fill station seqno */ -+ sampacket.fwseqno[1]=(char)(station->stationseqno>>8); -+ sampacket.status=FWSAM_STATUS_BLOCK; /* set block mode */ -+ sampacket.version=FWSAM_PACKETVERSION; /* set packet version */ -+ sampacket.duration[0]=(char)optp->duration; /* set duration */ -+ sampacket.duration[1]=(char)(optp->duration>>8); -+ sampacket.duration[2]=(char)(optp->duration>>16); -+ sampacket.duration[3]=(char)(optp->duration>>24); -+ sampacket.fwmode=optp->how|optp->who|optp->loglevel; /* set the mode */ -+ sampacket.dstip[0]=(char)p->iph->ip_dst.s_addr; /* destination IP */ -+ sampacket.dstip[1]=(char)(p->iph->ip_dst.s_addr>>8); -+ sampacket.dstip[2]=(char)(p->iph->ip_dst.s_addr>>16); -+ sampacket.dstip[3]=(char)(p->iph->ip_dst.s_addr>>24); -+ sampacket.srcip[0]=(char)p->iph->ip_src.s_addr; /* source IP */ -+ sampacket.srcip[1]=(char)(p->iph->ip_src.s_addr>>8); -+ sampacket.srcip[2]=(char)(p->iph->ip_src.s_addr>>16); -+ sampacket.srcip[3]=(char)(p->iph->ip_src.s_addr>>24); -+ sampacket.protocol[0]=(char)p->iph->ip_proto; /* protocol */ -+ sampacket.protocol[1]=(char)(p->iph->ip_proto>>8);/* protocol */ -+ -+ if(p->iph->ip_proto==IPPROTO_TCP || p->iph->ip_proto==IPPROTO_UDP) -+ { sampacket.srcport[0]=(char)p->sp; /* set ports */ -+ sampacket.srcport[1]=(char)(p->sp>>8); -+ sampacket.dstport[0]=(char)p->dp; -+ sampacket.dstport[1]=(char)(p->dp>>8); -+ } -+ else -+ sampacket.srcport[0]=sampacket.srcport[1]=sampacket.dstport[0]=sampacket.dstport[1]=0; -+ -+ sampacket.sig_id[0]=(char)event->sig_id; /* set signature ID */ -+ sampacket.sig_id[1]=(char)(event->sig_id>>8); -+ sampacket.sig_id[2]=(char)(event->sig_id>>16); -+ sampacket.sig_id[3]=(char)(event->sig_id>>24); -+ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] Sending BLOCK\n"); -+ LogMessage("DEBUG => [Alert_FWsam] Snort SeqNo: %x\n",station->myseqno); -+ LogMessage("DEBUG => [Alert_FWsam] Mgmt SeqNo : %x\n",station->stationseqno); -+ LogMessage("DEBUG => [Alert_FWsam] Status : %i\n",FWSAM_STATUS_BLOCK); -+ LogMessage("DEBUG => [Alert_FWsam] Mode : %i\n",optp->how|optp->who|optp->loglevel); -+ LogMessage("DEBUG => [Alert_FWsam] Duration : %li\n",optp->duration); -+ LogMessage("DEBUG => [Alert_FWsam] Protocol : %i\n",GET_IPH_PROTO(p)); -+#ifdef SUP_IP6 -+ LogMessage("DEBUG => [Alert_FWsam] Src IP : %s\n",sfip_ntoa(GET_SRC_IP(p))); -+ LogMessage("DEBUG => [Alert_FWsam] Dest IP : %s\n",sfip_ntoa(GET_DST_IP(p))); -+#else -+ LogMessage("DEBUG => [Alert_FWsam] Src IP : %s\n",inet_ntoa(p->iph->ip_src)); -+ LogMessage("DEBUG => [Alert_FWsam] Dest IP : %s\n",inet_ntoa(p->iph->ip_dst)); -+#endif -+ LogMessage("DEBUG => [Alert_FWsam] Src Port : %i\n",p->sp); -+ LogMessage("DEBUG => [Alert_FWsam] Dest Port : %i\n",p->dp); -+ LogMessage("DEBUG => [Alert_FWsam] Sig_ID : %lu\n",event->sig_id); -+ -+#endif -+ -+ encbuf=TwoFishAlloc(sizeof(FWsamPacket),FALSE,FALSE,station->stationfish); /* get the encryption buffer */ -+ len=TwoFishEncrypt((char *)&sampacket,&encbuf,sizeof(FWsamPacket),FALSE,station->stationfish); /* encrypt the packet with current key */ -+ -+ if(send(stationsocket,encbuf,len,0)!=len) /* weird...could not send */ -+ { LogMessage("WARNING => [Alert_FWsam] Could not send to host %s. Will try again later.\n",sfip_ntoa(&station->stationip)); -+#ifdef WIN32 -+ closesocket(stationsocket); -+#else -+ close(stationsocket); -+#endif -+ stationtry=0; -+ } -+ else -+ { i=FWSAM_NETWAIT; -+#ifdef WIN32 -+ ioctlsocket(stationsocket,FIONBIO,&i); /* set non blocking and wait for */ -+#else -+ ioctl(stationsocket,FIONBIO,&i); /* set non blocking and wait for */ -+#endif -+ while(i-- >1) /* the response packet */ -+ { waitms(10); /* wait for response (default maximum 3 secs */ -+ if(recv(stationsocket,encbuf,len,0)==len) -+ i=0; /* if we received packet we set the counter to 0. */ -+ /* by the time we check with if, it's already dec'ed to -1 */ -+ } -+ if(!i) /* id we timed out (i was one, then dec'ed)... */ -+ { LogMessage("WARNING => [Alert_FWsam] Did not receive response from host %s. Will try again later.\n",sfip_ntoa(&station->stationip)); -+#ifdef WIN32 -+ closesocket(stationsocket); -+#else -+ close(stationsocket); -+#endif -+ stationtry=0; -+ } -+ else /* got a packet */ -+ { decbuf=(char *)&sampacket; /* get the pointer to the packet struct */ -+ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try to decrypt the packet with current key */ -+ -+ if(len!=sizeof(FWsamPacket)) /* invalid decryption */ -+ { strcpy(station->stationkey,station->initialkey); /* try the intial key */ -+ TwoFishDestroy(station->stationfish); -+ station->stationfish=TwoFishInit(station->stationkey); /* re-initialize the TwoFish with the intial key */ -+ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try again to decrypt */ -+ LogMessage("INFO => [Alert_FWsam] Had to use initial key!\n"); -+ } -+ if(len==sizeof(FWsamPacket)) /* valid decryption */ -+ { if(sampacket.version==FWSAM_PACKETVERSION)/* master speaks my language */ -+ { if(sampacket.status==FWSAM_STATUS_OK || sampacket.status==FWSAM_STATUS_NEWKEY -+ || sampacket.status==FWSAM_STATUS_RESYNC || sampacket.status==FWSAM_STATUS_HOLD) -+ { station->stationseqno=sampacket.fwseqno[0] | (sampacket.fwseqno[1]<<8); /* get stations seqno */ -+ station->lastcontact=(unsigned long)time(NULL); /* set the last contact time (not used yet) */ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] Received %s\n",sampacket.status==FWSAM_STATUS_OK?"OK": -+ sampacket.status==FWSAM_STATUS_NEWKEY?"NEWKEY": -+ sampacket.status==FWSAM_STATUS_RESYNC?"RESYNC": -+ sampacket.status==FWSAM_STATUS_HOLD?"HOLD":"ERROR"); -+ LogMessage("DEBUG => [Alert_FWsam] Snort SeqNo: %x\n",sampacket.snortseqno[0]|(sampacket.snortseqno[1]<<8)); -+ LogMessage("DEBUG => [Alert_FWsam] Mgmt SeqNo : %x\n",station->stationseqno); -+ LogMessage("DEBUG => [Alert_FWsam] Status : %i\n",sampacket.status); -+ LogMessage("DEBUG => [Alert_FWsam] Version : %i\n",sampacket.version); -+#endif -+ if(sampacket.status==FWSAM_STATUS_HOLD) -+ { i=FWSAM_NETHOLD; /* Stay on hold for a maximum of 60 secs (default) */ -+ while(i-- >1) /* the response packet */ -+ { waitms(10); /* wait for response */ -+ if(recv(stationsocket,encbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,0)==sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE) -+ i=0; /* if we received packet we set the counter to 0. */ -+ } -+ if(!i) /* id we timed out (i was one, then dec'ed)... */ -+ { LogMessage("WARNING => [Alert_FWsam] Did not receive response from host %s. Will try again later.\n",sfip_ntoa(&station->stationip)); -+ stationtry=0; -+ sampacket.status=FWSAM_STATUS_ERROR; -+ } -+ else /* got a packet */ -+ { decbuf=(char *)&sampacket; /* get the pointer to the packet struct */ -+ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try to decrypt the packet with current key */ -+ -+ if(len!=sizeof(FWsamPacket)) /* invalid decryption */ -+ { strcpy(station->stationkey,station->initialkey); /* try the intial key */ -+ TwoFishDestroy(station->stationfish); -+ station->stationfish=TwoFishInit(station->stationkey); /* re-initialize the TwoFish with the intial key */ -+ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try again to decrypt */ -+ LogMessage("INFO => [Alert_FWsam] Had to use initial key again!\n"); -+ } -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] Received %s\n",sampacket.status==FWSAM_STATUS_OK?"OK": -+ sampacket.status==FWSAM_STATUS_NEWKEY?"NEWKEY": -+ sampacket.status==FWSAM_STATUS_RESYNC?"RESYNC": -+ sampacket.status==FWSAM_STATUS_HOLD?"HOLD":"ERROR"); -+ LogMessage("DEBUG => [Alert_FWsam] Snort SeqNo: %x\n",sampacket.snortseqno[0]|(sampacket.snortseqno[1]<<8)); -+ LogMessage("DEBUG => [Alert_FWsam] Mgmt SeqNo : %x\n",station->stationseqno); -+ LogMessage("DEBUG => [Alert_FWsam] Status : %i\n",sampacket.status); -+ LogMessage("DEBUG => [Alert_FWsam] Version : %i\n",sampacket.version); -+#endif -+ if(len!=sizeof(FWsamPacket)) /* invalid decryption */ -+ { ErrorMessage("ERROR => [Alert_FWsam] Password mismatch! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+ deletestation=TRUE; -+ sampacket.status=FWSAM_STATUS_ERROR; -+ } -+ else if(sampacket.version!=FWSAM_PACKETVERSION) /* invalid protocol version */ -+ { ErrorMessage("ERROR => [Alert_FWsam] Protocol version error! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+ deletestation=TRUE; -+ sampacket.status=FWSAM_STATUS_ERROR; -+ } -+ else if(sampacket.status!=FWSAM_STATUS_OK && sampacket.status!=FWSAM_STATUS_NEWKEY && sampacket.status!=FWSAM_STATUS_RESYNC) -+ { ErrorMessage("ERROR => [Alert_FWsam] Funky handshake error! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+ deletestation=TRUE; -+ sampacket.status=FWSAM_STATUS_ERROR; -+ } -+ } -+ } -+ if(sampacket.status==FWSAM_STATUS_RESYNC) /* if station want's to resync... */ -+ { strcpy(station->stationkey,station->initialkey); /* ...we use the intial key... */ -+ memcpy(station->fwkeymod,sampacket.duration,4); /* and note the random key modifier */ -+ } -+ if(sampacket.status==FWSAM_STATUS_NEWKEY || sampacket.status==FWSAM_STATUS_RESYNC) -+ { -+ FWsamNewStationKey(station,&sampacket); /* generate new TwoFish keys */ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] Generated new encryption key...\n"); -+#endif -+ } -+#ifdef WIN32 -+ closesocket(stationsocket); -+#else -+ close(stationsocket); -+#endif -+ stationtry=0; -+ } -+ else if(sampacket.status==FWSAM_STATUS_ERROR) /* if SnortSam reports an error on second try, */ -+ { -+#ifdef WIN32 -+ closesocket(stationsocket); /* something is messed up and ... */ -+#else -+ close(stationsocket); -+#endif -+ if(stationtry>1) /* we ignore that station. */ -+ { deletestation=TRUE; /* flag for deletion */ -+ ErrorMessage("ERROR => [Alert_FWsam] Could not renegotiate key! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+ } -+ else /* if we get an error on the first try, */ -+ { if(!FWsamCheckIn(station)) /* we first try to check in again. */ -+ { deletestation=TRUE; -+ ErrorMessage("ERROR => [Alert_FWsam] Password mismatch! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+ } -+ } -+ } -+ else /* an unknown status means trouble... */ -+ { ErrorMessage("ERROR => [Alert_FWsam] Funky handshake error! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+#ifdef WIN32 -+ closesocket(stationsocket); -+#else -+ close(stationsocket); -+#endif -+ deletestation=TRUE; -+ } -+ } -+ else /* if the SnortSam agent uses a different packet version, we have no choice but to ignore it. */ -+ { ErrorMessage("ERROR => [Alert_FWsam] Protocol version error! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+#ifdef WIN32 -+ closesocket(stationsocket); -+#else -+ close(stationsocket); -+#endif -+ deletestation=TRUE; -+ } -+ } -+ else /* if the intial key failed to decrypt as well, the keys are not configured the same, and we ignore that SnortSam station. */ -+ { ErrorMessage("ERROR => [Alert_FWsam] Password mismatch! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+#ifdef WIN32 -+ closesocket(stationsocket); -+#else -+ close(stationsocket); -+#endif -+ deletestation=TRUE; -+ } -+ } -+ } -+ free(encbuf); /* release of the TwoFishAlloc'ed encryption buffer */ -+ } -+ if(stationtry==0 || deletestation) /* if everything went real well, or real bad... */ -+ { if(deletestation){ /* If it went bad, we remove the station from the list by marking the IP */ -+// station->stationip.s_addr=0; -+ station->stationip.ip32[0]=0; -+ } -+ fwsamlist=fwsamlist->next; -+ } -+ } -+ else -+ fwsamlist=fwsamlist->next; -+ } -+ } -+ else -+ { -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam] Skipping repetitive block.\n"); -+#endif -+ } -+ } -+} -+ -+/* FWsamCheckOut will be called when Snort exists. It de-registeres this snort sensor -+ * from the list of sensor that the SnortSam agent keeps. -+ */ -+void FWsamCheckOut(FWsamStation *station) -+{ FWsamPacket sampacket; -+ SOCKET stationsocket; -+ int i,len; -+ char *encbuf,*decbuf; -+ //unsigned char *encbuf,*decbuf; -+ -+ -+ stationsocket=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP); -+ if(stationsocket==INVALID_SOCKET) -+ FatalError("ERROR => [Alert_FWsam](FWsamCheckOut) Funky socket error (socket)!\n"); -+ if(bind(stationsocket,(struct sockaddr *)&(station->localsocketaddr),sizeof(struct sockaddr))) -+ FatalError("ERROR => [Alert_FWsam](FWsamCheckOut) Could not bind socket!\n"); -+ -+ /* let's connect to the agent */ -+ if(!connect(stationsocket,(struct sockaddr *)&station->stationsocketaddr,sizeof(struct sockaddr))) -+ { LogMessage("INFO => [Alert_FWsam](FWsamCheckOut) Disconnecting from host %s.\n",sfip_ntoa(&station->stationip)); -+ /* now build the packet */ -+ station->myseqno+=station->stationseqno; /* increase my seqno */ -+ sampacket.endiancheck=1; -+ sampacket.snortseqno[0]=(char)station->myseqno; -+ sampacket.snortseqno[1]=(char)(station->myseqno>>8); -+ sampacket.fwseqno[0]=(char)station->stationseqno; /* fill station seqno */ -+ sampacket.fwseqno[1]=(char)(station->stationseqno>>8); -+ sampacket.status=FWSAM_STATUS_CHECKOUT; /* checking out... */ -+ sampacket.version=FWSAM_PACKETVERSION; -+ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckOut) Sending CHECKOUT\n"); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckOut) Snort SeqNo: %x\n",station->myseqno); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckOut) Mgmt SeqNo : %x\n",station->stationseqno); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckOut) Status : %i\n",sampacket.status); -+ -+#endif -+ -+ encbuf=TwoFishAlloc(sizeof(FWsamPacket),FALSE,FALSE,station->stationfish); /* get encryption buffer */ -+ len=TwoFishEncrypt((char *)&sampacket,&encbuf,sizeof(FWsamPacket),FALSE,station->stationfish); /* encrypt packet with current key */ -+ -+ if(send(stationsocket,encbuf,len,0)==len) -+ { i=FWSAM_NETWAIT; -+#ifdef WIN32 -+ ioctlsocket(stationsocket,FIONBIO,&i); /* set non blocking and wait for */ -+#else -+ ioctl(stationsocket,FIONBIO,&i); /* set non blocking and wait for */ -+#endif -+ while(i-- >1) -+ { waitms(10); /* ...wait a maximum of 3 secs for response... */ -+ if(recv(stationsocket,encbuf,len,0)==len) /* ... for the status packet */ -+ i=0; -+ } -+ if(i) /* if we got the packet */ -+ { decbuf=(char *)&sampacket; -+ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); -+ -+ if(len!=sizeof(FWsamPacket)) /* invalid decryption */ -+ { strcpy(station->stationkey,station->initialkey); /* try initial key */ -+ TwoFishDestroy(station->stationfish); /* toss this fish */ -+ station->stationfish=TwoFishInit(station->stationkey); /* re-initialze TwoFish with initial key */ -+ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* and try to decrypt again */ -+ LogMessage("INFO => [Alert_FWsam](FWsamCheckOut) Had to use initial key!\n"); -+ } -+ if(len==sizeof(FWsamPacket)) /* valid decryption */ -+ { if(sampacket.version!=FWSAM_PACKETVERSION) /* but don't really care since we are on the way out */ -+ ErrorMessage("WARNING => [Alert_FWsam](FWsamCheckOut) Protocol version error! What the hell, we're quitting anyway! :)\n"); -+ } -+ else -+ ErrorMessage("WARNING => [Alert_FWsam](FWsamCheckOut) Password mismatch! What the hell, we're quitting anyway! :)\n"); -+ } -+ } -+ free(encbuf); /* release TwoFishAlloc'ed buffer */ -+ } -+ else -+ LogMessage("WARNING => [Alert_FWsam] Could not connect to host %s for CheckOut. What the hell, we're quitting anyway! :)\n",sfip_ntoa(&station->stationip)); -+#ifdef WIN32 -+ closesocket(stationsocket); -+#else -+ close(stationsocket); -+#endif -+} -+ -+ -+/* FWSamFree: Disconnects all FW-1 management stations, -+ * closes sockets, and frees the structures. -+ */ -+void FWsamFree(FWsamList *list) -+{ -+ FWsamList *next; -+ -+ while(list) /* Free pointer list for rule type */ -+ { -+ next=list->next; -+ free(list); -+ list=next; -+ } -+ list=FWsamStationList; -+ -+ while(list) /* Free global pointer list and stations */ -+ { -+ next=list->next; -+ if (list->station) -+ { -+ if(list->station->stationip.ip32[0]) -+ //if(list->station->stationip.s_addr) -+ FWsamCheckOut(list->station); /* Send a Check-Out to SnortSam, */ -+ -+ TwoFishDestroy(list->station->stationfish); /* toss the fish, */ -+ free(list->station); /* free station, */ -+ } -+ free(list); /* free pointer, */ -+ list=next; /* and move to next. */ -+ } -+ FWsamStationList=NULL; -+ if(FWsamOptionField) -+ free(FWsamOptionField); -+} -+ -+void AlertFWsamCleanExitFunc(int signal, void *arg) -+{ FWsamList *fwsamlist; -+ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamCleanExitFunc) Exiting...\n"); -+#endif -+ -+ fwsamlist=(FWsamList *)arg; -+ FWsamFree(fwsamlist); /* Free all elements */ -+} -+ -+void AlertFWsamRestartFunc(int signal, void *arg) -+{ FWsamList *fwsamlist; -+ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](AlertFWsamRestartFunc) Restarting...\n"); -+#endif -+ -+ fwsamlist=(FWsamList *)arg; -+ FWsamFree(fwsamlist); /* Free all elements */ -+} -+ -+/* This routine registers this Snort sensor with SnortSam. -+ * It will also change the encryption key based on some variables. -+ */ -+int FWsamCheckIn(FWsamStation *station) -+{ int i,len,stationok=TRUE; -+ FWsamPacket sampacket; -+ char *encbuf,*decbuf; -+ //unsigned char *encbuf,*decbuf; -+ SOCKET stationsocket; -+ -+ -+ /* create a socket for the station */ -+ stationsocket=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP); -+ if(stationsocket==INVALID_SOCKET) -+ FatalError("ERROR => [Alert_FWsam](FWsamCheckIn) Funky socket error (socket)!\n"); -+ if(bind(stationsocket,(struct sockaddr *)&(station->localsocketaddr),sizeof(struct sockaddr))) -+ FatalError("ERROR => [Alert_FWsam](FWsamCheckIn) Could not bind socket!\n"); -+ -+ i=TRUE; -+ /* let's connect to the agent */ -+ if(connect(stationsocket,(struct sockaddr *)&station->stationsocketaddr,sizeof(struct sockaddr))) -+ LogMessage("WARNING => [Alert_FWsam](FWsamCheckIn) Could not connect to host %s. Will try later.\n",sfip_ntoa(&station->stationip)); -+ else -+ { LogMessage("INFO => [Alert_FWsam](FWsamCheckIn) Connected to host %s.\n",sfip_ntoa(&station->stationip)); -+ /* now build the packet */ -+ sampacket.endiancheck=1; -+ sampacket.snortseqno[0]=(char)station->myseqno; /* fill my sequence number number */ -+ sampacket.snortseqno[1]=(char)(station->myseqno>>8); /* fill my sequence number number */ -+ sampacket.status=FWSAM_STATUS_CHECKIN; /* let's check in */ -+ sampacket.version=FWSAM_PACKETVERSION; /* set the packet version */ -+ memcpy(sampacket.duration,station->mykeymod,4); /* we'll send SnortSam our key modifier in the duration slot */ -+ /* (the checkin packet is just the plain initial key) */ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Sending CheckIn\n"); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Snort SeqNo: %x\n",station->myseqno); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Mode : %i\n",sampacket.status); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Version : %i\n",sampacket.version); -+#endif -+ encbuf=TwoFishAlloc(sizeof(FWsamPacket),FALSE,FALSE,station->stationfish); /* get buffer for encryption */ -+ len=TwoFishEncrypt((char *)&sampacket,&encbuf,sizeof(FWsamPacket),FALSE,station->stationfish); /* encrypt with initial key */ -+ if(send(stationsocket,encbuf,len,0)!=len) /* weird...could not send */ -+ LogMessage("WARNING => [Alert_FWsam](FWsamCheckIn) Could not send to host %s. Will try again later.\n",sfip_ntoa(&station->stationip)); -+ else -+ { i=FWSAM_NETWAIT; -+#ifdef WIN32 -+ ioctlsocket(stationsocket,FIONBIO,&i); /* set non blocking and wait for */ -+#else -+ ioctl(stationsocket,FIONBIO,&i); /* set non blocking and wait for */ -+#endif -+ while(i-- >1) -+ { waitms(10); /* wait a maximum of 3 secs for response */ -+ if(recv(stationsocket,encbuf,len,0)==len) -+ i=0; -+ } -+ if(!i) /* time up? */ -+ LogMessage("WARNING => [Alert_FWsam](FWsamCheckIn) Did not receive response from host %s. Will try again later.\n",sfip_ntoa(&station->stationip)); -+ else -+ { decbuf=(char *)&sampacket; /* got status packet */ -+ len=TwoFishDecrypt(encbuf,&decbuf,sizeof(FWsamPacket)+TwoFish_BLOCK_SIZE,FALSE,station->stationfish); /* try to decrypt with initial key */ -+ if(len==sizeof(FWsamPacket)) /* valid decryption */ -+ { -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Received %s\n",sampacket.status==FWSAM_STATUS_OK?"OK": -+ sampacket.status==FWSAM_STATUS_NEWKEY?"NEWKEY": -+ sampacket.status==FWSAM_STATUS_RESYNC?"RESYNC": -+ sampacket.status==FWSAM_STATUS_HOLD?"HOLD":"ERROR"); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Snort SeqNo: %x\n",sampacket.snortseqno[0]|(sampacket.snortseqno[1]<<8)); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Mgmt SeqNo : %x\n",sampacket.fwseqno[0]|(sampacket.fwseqno[1]<<8)); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Status : %i\n",sampacket.status); -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Version : %i\n",sampacket.version); -+#endif -+ if(sampacket.version==FWSAM_PACKETVERSION) /* master speaks my language */ -+ { if(sampacket.status==FWSAM_STATUS_OK || sampacket.status==FWSAM_STATUS_NEWKEY || sampacket.status==FWSAM_STATUS_RESYNC) -+ { station->stationseqno=sampacket.fwseqno[0]|(sampacket.fwseqno[1]<<8); /* get stations seqno */ -+ station->lastcontact=(unsigned long)time(NULL); -+ -+ if(sampacket.status==FWSAM_STATUS_NEWKEY || sampacket.status==FWSAM_STATUS_RESYNC) /* generate new keys */ -+ { memcpy(station->fwkeymod,sampacket.duration,4); /* note the key modifier */ -+ FWsamNewStationKey(station,&sampacket); /* and generate new TwoFish keys (with key modifiers) */ -+#ifdef FWSAMDEBUG -+ LogMessage("DEBUG => [Alert_FWsam](FWsamCheckIn) Generated new encryption key...\n"); -+#endif -+ } -+ } -+ else /* weird, got a strange status back */ -+ { ErrorMessage("ERROR => [Alert_FWsam](FWsamCheckIn) Funky handshake error! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+ stationok=FALSE; -+ } -+ } -+ else /* packet version does not match */ -+ { ErrorMessage("ERROR =>[Alert_FWsam](FWsamCheckIn) Protocol version error! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+ stationok=FALSE; -+ } -+ } -+ else /* key does not match */ -+ { ErrorMessage("ERROR => [Alert_FWsam](FWsamCheckIn) Password mismatch! Ignoring host %s.\n",sfip_ntoa(&station->stationip)); -+ stationok=FALSE; -+ } -+ } -+ } -+ free(encbuf); /* release TwoFishAlloc'ed buffer */ -+ } -+#ifdef WIN32 -+ closesocket(stationsocket); -+#else -+ close(stationsocket); -+#endif -+ return stationok; -+} -+#undef FWSAMDEBUG -+ - -Index: snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.h -=================================================================== ---- snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.h (Revision 0) -+++ snort-2.8.6.1/src/output-plugins/spo_alert_fwsam.h (Revision 3) -@@ -0,0 +1,216 @@ -+/* $Id: snortpatchb,v 1.5 2005/10/06 08:50:39 fknobbe Exp $ -+** -+** spo_alert_fwsam.h -+** -+** Copyright (c) 2001-2004 Frank Knobbe <frank@knobbe.us> -+** -+** This program is free software; you can redistribute it and/or modify -+** it under the terms of the GNU General Public License as published by -+** the Free Software Foundation; either version 2 of the License, or -+** (at your option) any later version. -+** -+** This program is distributed in the hope that it will be useful, -+** but WITHOUT ANY WARRANTY; without even the implied warranty of -+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+** GNU General Public License for more details. -+** -+** You should have received a copy of the GNU General Public License -+** along with this program; if not, write to the Free Software -+** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+*/ -+ -+/* This file gets included in plugbase.c when it is integrated into the rest -+ * of the program. -+ * -+ * For more info, see the beginning of spo_alert_fwsam.c -+ * -+ */ -+ -+#ifndef __SPO_FWSAM_H__ -+#define __SPO_FWSAM_H__ -+ -+#include "snort.h" -+#include "rules.h" -+#include "plugbase.h" -+#include "plugin_enum.h" -+#include "fatal.h" -+#include "util.h" -+#include "twofish.h" -+ -+#include <stdlib.h> -+#include <stdio.h> -+#include <time.h> -+#include <string.h> -+#include <ctype.h> -+#include <unistd.h> -+ -+ -+/* just some compatibility stuff */ -+#ifdef WIN32 -+#if !defined(_WINSOCKAPI_) && !defined(_WINSOCK2API_) -+#include <winsock.h> -+#endif -+#define waitms(x) Sleep(x) -+ -+#else -+ -+#include <sys/socket.h> -+#include <netinet/in.h> -+#include <arpa/inet.h> -+#include <sys/ioctl.h> -+#include <netdb.h> -+ -+#ifdef SOLARIS -+#include <sys/filio.h> -+#endif -+ -+typedef int SOCKET; -+ -+#ifndef INVALID_SOCKET -+#define INVALID_SOCKET -1 -+#endif -+ -+#define waitms(x) usleep((x)*1000) -+ -+#endif -+ -+#ifndef FALSE -+#define FALSE 0 -+#endif -+#ifndef TRUE -+#define TRUE !FALSE -+#endif -+#ifndef bool -+#define bool int -+#endif -+ -+ -+#if defined(_DEBUG) || defined(DEBUG) -+#ifndef FWSAMDEBUG -+#define FWSAMDEBUG -+#endif -+#else -+#endif -+ -+ -+/* Official Snort PlugIn Number has been moved into plugin_enum.h */ -+ -+ -+/* fixed defines */ -+ -+#define FWSAM_DEFAULTPORT 898 /* Default port if user does not specify one in snort.conf */ -+ /* (Was unused last time I checked...) */ -+#define FWSAM_PACKETVERSION 14 /* version of the packet. Will increase with enhancements. */ -+ -+#define FWSAM_STATUS_CHECKIN 1 /* snort to fw */ -+#define FWSAM_STATUS_CHECKOUT 2 -+#define FWSAM_STATUS_BLOCK 3 -+#define FWSAM_STATUS_UNBLOCK 9 -+ -+#define FWSAM_STATUS_OK 4 /* fw to snort */ -+#define FWSAM_STATUS_ERROR 5 -+#define FWSAM_STATUS_NEWKEY 6 -+#define FWSAM_STATUS_RESYNC 7 -+#define FWSAM_STATUS_HOLD 8 -+ -+#define FWSAM_LOG_NONE 0 -+#define FWSAM_LOG_SHORTLOG 1 -+#define FWSAM_LOG_SHORTALERT 2 -+#define FWSAM_LOG_LONGLOG 3 -+#define FWSAM_LOG_LONGALERT 4 -+#define FWSAM_LOG (FWSAM_LOG_SHORTLOG|FWSAM_LOG_SHORTALERT|FWSAM_LOG_LONGLOG|FWSAM_LOG_LONGALERT) -+#define FWSAM_WHO_DST 8 -+#define FWSAM_WHO_SRC 16 -+#define FWSAM_WHO (FWSAM_WHO_DST|FWSAM_WHO_SRC) -+#define FWSAM_HOW_IN 32 -+#define FWSAM_HOW_OUT 64 -+#define FWSAM_HOW_INOUT (FWSAM_HOW_IN|FWSAM_HOW_OUT) -+#define FWSAM_HOW_THIS 128 -+#define FWSAM_HOW (FWSAM_HOW_IN|FWSAM_HOW_OUT|FWSAM_HOW_THIS) -+ -+ -+/* user adjustable defines */ -+ -+#define FWSAM_REPET_BLOCKS 10 /* Snort remembers this amount of last blocks and... */ -+#define FWSAM_REPET_TIME 20 /* ...checks if they fall within this time. If so,... */ -+ /* ...the blocking request is not send. */ -+ -+#define FWSAM_NETWAIT 300 /* 100th of a second. 3 sec timeout for network connections */ -+#define FWSAM_NETHOLD 6000 /* 100th of a second. 60 sec timeout for holding */ -+ -+#define SID_MAPFILE "sid-block.map" -+#define SID_ALT_MAPFILE "sid-fwsam.map" -+ -+#define FWSAM_FANCYFETCH /* This will invoke a fast sid lookup routine */ -+ -+ -+/* vars */ -+ -+typedef struct _FWsamstation /* structure of a mgmt station */ -+{ unsigned short myseqno; -+ unsigned short stationseqno; -+ unsigned char mykeymod[4]; -+ unsigned char fwkeymod[4]; -+ unsigned short stationport; -+ //struct in_addr stationip; -+ sfip_t stationip; -+ struct sockaddr_in localsocketaddr; -+ struct sockaddr_in stationsocketaddr; -+ TWOFISH *stationfish; -+ char initialkey[TwoFish_KEY_LENGTH+2]; -+ char stationkey[TwoFish_KEY_LENGTH+2]; -+ time_t lastcontact; -+/* time_t sleepstart; */ -+} FWsamStation; -+ -+typedef struct _FWsampacket /* 2 blocks (3rd block is header from TwoFish) */ -+{ unsigned short endiancheck; /* 0 */ -+ unsigned char srcip[4]; /* 2 */ -+ unsigned char dstip[4]; /* 6 */ -+ unsigned char duration[4]; /* 10 */ -+ unsigned char snortseqno[2]; /* 14 */ -+ unsigned char fwseqno[2]; /* 16 */ -+ unsigned char srcport[2]; /* 18 */ -+ unsigned char dstport[2]; /* 20 */ -+ unsigned char protocol[2]; /* 22 */ -+ unsigned char fwmode; /* 24 */ -+ unsigned char version; /* 25 */ -+ unsigned char status; /* 26 */ -+ unsigned char sig_id[4]; /* 27 */ -+ unsigned char fluff; /* 31 */ -+} FWsamPacket; /* 32 bytes in size */ -+ -+typedef struct _FWsamoptions /* snort rule options */ -+{ unsigned long sid; -+ unsigned long duration; -+ unsigned char who; -+ unsigned char how; -+ unsigned char loglevel; -+} FWsamOptions; -+ -+typedef struct _FWsamlistpointer -+{ FWsamStation *station; -+ struct _FWsamlistpointer *next; -+} FWsamList; -+ -+ -+/* functions */ -+void AlertFWsamSetup(void); -+void AlertFWsamInit(char *args); -+void AlertFWsamOptionInit(char *args,OptTreeNode *otn,int protocol); -+void AlertFWsamCleanExitFunc(int signal, void *arg); -+void AlertFWsamRestartFunc(int signal, void *arg); -+void AlertFWsam(Packet *p, char *msg, void *arg, Event *event); -+int FWsamCheckIn(FWsamStation *station); -+void FWsamCheckOut(FWsamStation *station); -+void FWsamNewStationKey(FWsamStation *station,FWsamPacket *packet); -+void FWsamFixPacketEndian(FWsamPacket *p); -+unsigned long FWsamParseDuration(char *p); -+void FWsamFree(FWsamList *fwsamlist); -+int FWsamStationExists(FWsamStation *who,FWsamList *list); -+int FWsamReadLine(char *,unsigned long,FILE *); -+void FWsamParseLine(FWsamOptions *,char *); -+FWsamOptions *FWsamGetOption(unsigned long); -+int FWsamParseOption(FWsamOptions *,char *); -+ -+#endif /* __SPO_FWSAM_H__ */ - -Index: snort-2.8.6.1/src/output-plugins/Makefile.am -=================================================================== ---- snort-2.8.6.1/src/output-plugins/Makefile.am (Revision 1) -+++ snort-2.8.6.1/src/output-plugins/Makefile.am (Revision 3) -@@ -11,6 +11,7 @@ - spo_log_tcpdump.h spo_unified.c spo_unified2.c spo_unified.h spo_unified2.h \ - spo_log_ascii.c spo_log_ascii.h spo_alert_sf_socket.h spo_alert_sf_socket.c \ - spo_alert_prelude.c spo_alert_prelude.h spo_alert_arubaaction.c spo_alert_arubaaction.h \ -+spo_alert_fwsam.c spo_alert_fwsam.h \ - spo_alert_test.c spo_alert_test.h - - INCLUDES = @INCLUDES@ -Index: snort-2.8.6.1/src/plugbase.c -=================================================================== ---- snort-2.8.6.1/src/plugbase.c (Revision 1) -+++ snort-2.8.6.1/src/plugbase.c (Revision 3) -@@ -125,6 +125,7 @@ - #endif - - #include "output-plugins/spo_alert_test.h" -+#include "output-plugins/spo_alert_fwsam.h" - - extern ListHead *head_tmp; - extern PreprocConfigFuncNode *preproc_config_funcs; -@@ -1240,6 +1241,7 @@ - #endif - - AlertTestSetup(); -+ AlertFWsamSetup(); - } - - /**************************************************************************** -Index: snort-2.8.6.1/src/Makefile.am -=================================================================== ---- snort-2.8.6.1/src/Makefile.am (Revision 1) -+++ snort-2.8.6.1/src/Makefile.am (Revision 3) -@@ -52,7 +52,8 @@ - detection_filter.c detection_filter.h \ - rate_filter.c rate_filter.h \ - obfuscation.c obfuscation.h \ --rule_option_types.h -+rule_option_types.h \ -+twofish.c twofish.h - - snort_LDADD = output-plugins/libspo.a \ - detection-plugins/libspd.a \ -Index: snort-2.8.6.1/autojunk.sh -=================================================================== ---- snort-2.8.6.1/autojunk.sh (Revision 0) -+++ snort-2.8.6.1/autojunk.sh (Revision 3) -@@ -0,0 +1,7 @@ -+#!/bin/sh -+# the list of commands that need to run before we do a compile -+libtoolize --automake --copy -+aclocal -I m4 -+autoheader -+automake --add-missing --copy -+autoconf - -Index: snort-2.8.6.1/etc/snort.conf -=================================================================== ---- snort-2.8.6.1/etc/snort.conf (Revision 1) -+++ snort-2.8.6.1/etc/snort.conf (Revision 3) -@@ -277,6 +277,32 @@ - # prelude - # output alert_prelude - -+# snortsam -+# In order to cause Snort to send a blocking request to the SnortSam agent, -+# that agent has to be listed, including the port it listens on, -+# and the encryption key it is using. The statement for that is: -+# -+# output alert_fwsam: {SnortSam Station}:{port}/{password} -+# -+# {SnortSam Station}: IP address or host name of the host where SnortSam is running. -+# {port}: The port the remote SnortSam agent listens on. -+# {password}: The password, or key, used for encryption of the -+# communication to the remote agent. -+# -+# At the very least, the IP address or host name of the host running SnortSam -+# needs to be specified. If the port is omitted, it defaults to TCP port 898. -+# If the password is omitted, it defaults to a preset password. -+# (In which case it needs to be omitted on the SnortSam agent as well) -+# -+# More than one host can be specified, but has to be done on the same line. -+# Just separate them with one or more spaces. -+# -+# Examples: -+# -+# output alert_fwsam: firewall/idspassword -+# output alert_fwsam: fw1.domain.tld:898/mykey -+# output alert_fwsam: 192.168.0.1/borderfw 192.168.1.254/wanfw -+ - # metadata reference data. do not modify these lines - include classification.config - include reference.config diff --git a/config/snort-dev/snortsam-package-code/patches/inlinemode_options_flags.txt b/config/snort-dev/snortsam-package-code/patches/inlinemode_options_flags.txt deleted file mode 100644 index e69de29b..00000000 --- a/config/snort-dev/snortsam-package-code/patches/inlinemode_options_flags.txt +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.am b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.am deleted file mode 100644 index 0879c6e3..00000000 --- a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.am +++ /dev/null @@ -1,17 +0,0 @@ -## $Id -AUTOMAKE_OPTIONS=foreign no-dependencies - -noinst_LIBRARIES = libspo.a - -libspo_a_SOURCES = spo_alert_fast.c spo_alert_fast.h \ -spo_alert_full.c spo_alert_full.h \ -spo_alert_syslog.c spo_alert_syslog.h spo_alert_unixsock.c \ -spo_alert_unixsock.h spo_csv.c spo_csv.h spo_database.c spo_database.h \ -spo_log_null.c spo_log_null.h spo_log_tcpdump.c \ -spo_log_tcpdump.h spo_unified.c spo_unified2.c spo_unified.h spo_unified2.h \ -spo_log_ascii.c spo_log_ascii.h spo_alert_sf_socket.h spo_alert_sf_socket.c \ -spo_alert_prelude.c spo_alert_prelude.h spo_alert_arubaaction.c spo_alert_arubaaction.h \ -spo_alert_test.c spo_alert_test.h \ -spo_pf.h spo_pf.c - -INCLUDES = @INCLUDES@ diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.in b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.in deleted file mode 100644 index 3f06cc31..00000000 --- a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/Makefile.in +++ /dev/null @@ -1,445 +0,0 @@ -# Makefile.in generated by automake 1.9.6 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -top_builddir = ../.. -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -INSTALL = @INSTALL@ -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/output-plugins -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libprelude.m4 \ - $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -LIBRARIES = $(noinst_LIBRARIES) -ARFLAGS = cru -libspo_a_AR = $(AR) $(ARFLAGS) -libspo_a_LIBADD = -am_libspo_a_OBJECTS = spo_alert_fast.$(OBJEXT) \ - spo_alert_full.$(OBJEXT) spo_alert_syslog.$(OBJEXT) \ - spo_alert_unixsock.$(OBJEXT) spo_csv.$(OBJEXT) \ - spo_database.$(OBJEXT) spo_log_null.$(OBJEXT) \ - spo_log_tcpdump.$(OBJEXT) spo_unified.$(OBJEXT) \ - spo_unified2.$(OBJEXT) spo_log_ascii.$(OBJEXT) \ - spo_alert_sf_socket.$(OBJEXT) spo_alert_prelude.$(OBJEXT) \ - spo_alert_arubaaction.$(OBJEXT) spo_alert_test.$(OBJEXT) \ - spo_pf.$(OBJEXT) -libspo_a_OBJECTS = $(am_libspo_a_OBJECTS) -DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) -depcomp = -am__depfiles_maybe = -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -SOURCES = $(libspo_a_SOURCES) -DIST_SOURCES = $(libspo_a_SOURCES) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMDEP_FALSE = @AMDEP_FALSE@ -AMDEP_TRUE = @AMDEP_TRUE@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BUILD_DYNAMIC_EXAMPLES_FALSE = @BUILD_DYNAMIC_EXAMPLES_FALSE@ -BUILD_DYNAMIC_EXAMPLES_TRUE = @BUILD_DYNAMIC_EXAMPLES_TRUE@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ -HAVE_DYNAMIC_PLUGINS_FALSE = @HAVE_DYNAMIC_PLUGINS_FALSE@ -HAVE_DYNAMIC_PLUGINS_TRUE = @HAVE_DYNAMIC_PLUGINS_TRUE@ -HAVE_SUP_IP6_FALSE = @HAVE_SUP_IP6_FALSE@ -HAVE_SUP_IP6_TRUE = @HAVE_SUP_IP6_TRUE@ -HAVE_TARGET_BASED_FALSE = @HAVE_TARGET_BASED_FALSE@ -HAVE_TARGET_BASED_TRUE = @HAVE_TARGET_BASED_TRUE@ -HAVE_ZLIB_FALSE = @HAVE_ZLIB_FALSE@ -HAVE_ZLIB_TRUE = @HAVE_ZLIB_TRUE@ -INCLUDES = @INCLUDES@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LIBOBJS = @LIBOBJS@ -LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ -LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ -LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ -LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ -LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ -LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ -LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ -MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ -MAKEINFO = @MAKEINFO@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -YACC = @YACC@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -ac_ct_RANLIB = @ac_ct_RANLIB@ -ac_ct_STRIP = @ac_ct_STRIP@ -am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ -am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ -am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ -am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -datadir = @datadir@ -exec_prefix = @exec_prefix@ -extra_incl = @extra_incl@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -AUTOMAKE_OPTIONS = foreign no-dependencies -noinst_LIBRARIES = libspo.a -libspo_a_SOURCES = spo_alert_fast.c spo_alert_fast.h \ -spo_alert_full.c spo_alert_full.h \ -spo_alert_syslog.c spo_alert_syslog.h spo_alert_unixsock.c \ -spo_alert_unixsock.h spo_csv.c spo_csv.h spo_database.c spo_database.h \ -spo_log_null.c spo_log_null.h spo_log_tcpdump.c \ -spo_log_tcpdump.h spo_unified.c spo_unified2.c spo_unified.h spo_unified2.h \ -spo_log_ascii.c spo_log_ascii.h spo_alert_sf_socket.h spo_alert_sf_socket.c \ -spo_alert_prelude.c spo_alert_prelude.h spo_alert_arubaaction.c spo_alert_arubaaction.h \ -spo_alert_test.c spo_alert_test.h \ -spo_pf.h spo_pf.c - -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/output-plugins/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign src/output-plugins/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -clean-noinstLIBRARIES: - -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) -libspo.a: $(libspo_a_OBJECTS) $(libspo_a_DEPENDENCIES) - -rm -f libspo.a - $(libspo_a_AR) libspo.a $(libspo_a_OBJECTS) $(libspo_a_LIBADD) - $(RANLIB) libspo.a - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -.c.o: - $(COMPILE) -c $< - -.c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: - $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -distclean-libtool: - -rm -f libtool -uninstall-info-am: - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ - list='$(DISTFILES)'; for file in $$list; do \ - case $$file in \ - $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ - $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ - esac; \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test "$$dir" != "$$file" && test "$$dir" != "."; then \ - dir="/$$dir"; \ - $(mkdir_p) "$(distdir)$$dir"; \ - else \ - dir=''; \ - fi; \ - if test -d $$d/$$file; then \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-libtool distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -info: info-am - -info-am: - -install-data-am: - -install-exec-am: - -install-info: install-info-am - -install-man: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-info-am - -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-exec \ - install-exec-am install-info install-info-am install-man \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am \ - uninstall-info-am - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/plugbase.c b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/plugbase.c deleted file mode 100644 index 31f381a8..00000000 --- a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/plugbase.c +++ /dev/null @@ -1,1544 +0,0 @@ -/* $Id$ */ -/* -** Copyright (C) 2002-2010 Sourcefire, Inc. -** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com> -** -** This program is free software; you can redistribute it and/or modify -** it under the terms of the GNU General Public License Version 2 as -** published by the Free Software Foundation. You may not use, modify or -** distribute this program under any other version of the GNU General -** Public License. -** -** This program is distributed in the hope that it will be useful, -** but WITHOUT ANY WARRANTY; without even the implied warranty of -** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -** GNU General Public License for more details. -** -** You should have received a copy of the GNU General Public License -** along with this program; if not, write to the Free Software -** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include <sys/types.h> -#include <unistd.h> -#include <stdlib.h> -#include <string.h> -#include <assert.h> - -#ifdef HAVE_STRINGS_H -#include <strings.h> -#endif - -#ifndef WIN32 -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#endif /* !WIN32 */ -#include <time.h> -#include <errno.h> - -#include "sf_types.h" -#include "plugbase.h" -#include "spo_plugbase.h" -#include "snort.h" -#include "debug.h" -#include "util.h" -#include "log.h" -#include "detect.h" - -/* built-in preprocessors */ -#include "preprocessors/spp_rpc_decode.h" -#include "preprocessors/spp_bo.h" -#include "preprocessors/spp_stream5.h" -#include "preprocessors/spp_arpspoof.h" -#include "preprocessors/spp_perfmonitor.h" -#include "preprocessors/spp_httpinspect.h" -#include "preprocessors/spp_sfportscan.h" -#include "preprocessors/spp_frag3.h" - -/* built-in detection plugins */ -#include "detection-plugins/sp_pattern_match.h" -#include "detection-plugins/sp_tcp_flag_check.h" -#include "detection-plugins/sp_icmp_type_check.h" -#include "detection-plugins/sp_icmp_code_check.h" -#include "detection-plugins/sp_ttl_check.h" -#include "detection-plugins/sp_ip_id_check.h" -#include "detection-plugins/sp_tcp_ack_check.h" -#include "detection-plugins/sp_tcp_seq_check.h" -#include "detection-plugins/sp_dsize_check.h" -#include "detection-plugins/sp_ipoption_check.h" -#include "detection-plugins/sp_rpc_check.h" -#include "detection-plugins/sp_icmp_id_check.h" -#include "detection-plugins/sp_icmp_seq_check.h" -#include "detection-plugins/sp_session.h" -#include "detection-plugins/sp_ip_tos_check.h" -#include "detection-plugins/sp_ip_fragbits.h" -#include "detection-plugins/sp_tcp_win_check.h" -#include "detection-plugins/sp_ip_same_check.h" -#include "detection-plugins/sp_ip_proto.h" -#include "detection-plugins/sp_ip_same_check.h" -#include "detection-plugins/sp_clientserver.h" -#include "detection-plugins/sp_byte_check.h" -#include "detection-plugins/sp_byte_jump.h" -#include "detection-plugins/sp_isdataat.h" -#include "detection-plugins/sp_pcre.h" -#include "detection-plugins/sp_flowbits.h" -#include "detection-plugins/sp_file_data.h" -#include "detection-plugins/sp_asn1.h" -#ifdef ENABLE_REACT -#include "detection-plugins/sp_react.h" -#endif -#ifdef ENABLE_RESPOND -#include "detection-plugins/sp_respond.h" -#endif -#include "detection-plugins/sp_ftpbounce.h" -#include "detection-plugins/sp_urilen_check.h" -#include "detection-plugins/sp_cvs.h" - -/* built-in output plugins */ -#include "output-plugins/spo_alert_syslog.h" -#include "output-plugins/spo_log_tcpdump.h" -#include "output-plugins/spo_database.h" -#include "output-plugins/spo_alert_fast.h" -#include "output-plugins/spo_alert_full.h" -#include "output-plugins/spo_alert_unixsock.h" -#include "output-plugins/spo_csv.h" -#include "output-plugins/spo_unified.h" -#include "output-plugins/spo_log_null.h" -#include "output-plugins/spo_log_ascii.h" -#include "output-plugins/spo_unified2.h" -#include "output-plugins/spo_pf.h" - -#ifdef ARUBA -#include "output-plugins/spo_alert_arubaaction.h" -#endif - -#ifdef HAVE_LIBPRELUDE -#include "output-plugins/spo_alert_prelude.h" -#endif - -#ifdef LINUX -#include "output-plugins/spo_alert_sf_socket.h" -#endif - -#include "output-plugins/spo_alert_test.h" - -extern ListHead *head_tmp; -extern PreprocConfigFuncNode *preproc_config_funcs; -extern OutputConfigFuncNode *output_config_funcs; -extern RuleOptConfigFuncNode *rule_opt_config_funcs; -extern RuleOptOverrideInitFuncNode *rule_opt_override_init_funcs; -extern RuleOptParseCleanupNode *rule_opt_parse_cleanup_list; -extern PreprocSignalFuncNode *preproc_restart_funcs; -extern PreprocSignalFuncNode *preproc_clean_exit_funcs; -extern PreprocSignalFuncNode *preproc_shutdown_funcs; -extern PreprocSignalFuncNode *preproc_reset_funcs; -extern PreprocSignalFuncNode *preproc_reset_stats_funcs; -extern PreprocStatsFuncNode *preproc_stats_funcs; -extern PluginSignalFuncNode *plugin_shutdown_funcs; -extern PluginSignalFuncNode *plugin_clean_exit_funcs; -extern PluginSignalFuncNode *plugin_restart_funcs; -extern OutputFuncNode *AlertList; -extern OutputFuncNode *LogList; - - -/**************************** Detection Plugin API ****************************/ -/* For translation from enum to char* */ -#ifdef DEBUG -static const char *optTypeMap[OPT_TYPE_MAX] = -{ - "action", - "logging", - "detection" -}; - -#define ENUM2STR(num, map) \ - ((num < sizeof(map)/sizeof(map[0])) ? map[num] : "undefined") -#endif - - -void RegisterRuleOptions(void) -{ - LogMessage("Initializing Plug-ins!\n"); - - SetupPatternMatch(); - SetupTCPFlagCheck(); - SetupIcmpTypeCheck(); - SetupIcmpCodeCheck(); - SetupTtlCheck(); - SetupIpIdCheck(); - SetupTcpAckCheck(); - SetupTcpSeqCheck(); - SetupDsizeCheck(); - SetupIpOptionCheck(); - SetupRpcCheck(); - SetupIcmpIdCheck(); - SetupIcmpSeqCheck(); - SetupSession(); - SetupIpTosCheck(); - SetupFragBits(); - SetupFragOffset(); - SetupTcpWinCheck(); - SetupIpProto(); - SetupIpSameCheck(); - SetupClientServer(); - SetupByteTest(); - SetupByteJump(); - SetupIsDataAt(); - SetupFileData(); - SetupPcre(); - SetupFlowBits(); - SetupAsn1(); -#ifdef ENABLE_REACT - SetupReact(); -#endif -#ifdef ENABLE_RESPOND - SetupRespond(); -#endif - SetupFTPBounce(); - SetupUriLenCheck(); - SetupCvs(); -} - -/**************************************************************************** - * - * Function: RegisterRuleOption(char *, void (*func)(), enum OptionType) - * - * Purpose: Associates a rule option keyword with an option setup/linking - * function. - * - * Arguments: keyword => The option keyword to associate with the option - * handler - * *func => function pointer to the handler - * type => used to determine where keyword is allowed - * - * Returns: void function - * - ***************************************************************************/ -void RegisterRuleOption(char *opt_name, RuleOptConfigFunc config_func, - RuleOptOverrideInitFunc override_init_func, - RuleOptType opt_type, - RuleOptOtnHandler otn_handler) -{ - RuleOptConfigFuncNode *node; - - DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN, "Registering keyword:func => %s/%s:%p\n", - ENUM2STR(opt_type, optTypeMap), opt_name, config_func);); - - node = (RuleOptConfigFuncNode *)SnortAlloc(sizeof(RuleOptConfigFuncNode)); - - if (rule_opt_config_funcs == NULL) - { - rule_opt_config_funcs = node; - } - else - { - RuleOptConfigFuncNode *tmp = rule_opt_config_funcs; - RuleOptConfigFuncNode *last; - - do - { - if (strcasecmp(tmp->keyword, opt_name) == 0) - { - free(node); - FatalError("Duplicate detection plugin keyword: %s.\n", - file_line, opt_name); - } - - last = tmp; - tmp = tmp->next; - - } while (tmp != NULL); - - last->next = node; - } - - node->keyword = SnortStrdup(opt_name); - node->type = opt_type; - node->func = config_func; - node->otn_handler = otn_handler; - - if (override_init_func != NULL) - { - RuleOptOverrideInitFuncNode *node_override = - (RuleOptOverrideInitFuncNode *)SnortAlloc(sizeof(RuleOptOverrideInitFuncNode)); - - if (rule_opt_override_init_funcs == NULL) - { - rule_opt_override_init_funcs = node_override; - } - else - { - RuleOptOverrideInitFuncNode *tmp = rule_opt_override_init_funcs; - RuleOptOverrideInitFuncNode *last; - - do - { - if (strcasecmp(tmp->keyword, opt_name) == 0) - { - free(node_override); - FatalError("RegisterRuleOption: Duplicate detection plugin keyword:" - " (%s) (%s)!\n", tmp->keyword, opt_name); - } - - last = tmp; - tmp = tmp->next; - - } while (tmp != NULL); - - last->next = node_override; - } - - node_override->keyword = SnortStrdup(opt_name); - node_override->type = opt_type; - node_override->func = override_init_func; - node_override->otn_handler = otn_handler; - } -} - -void RegisterOverrideKeyword(char *keyword, char *option, RuleOptOverrideFunc func) -{ - RuleOptOverrideInitFuncNode *node = rule_opt_override_init_funcs; - - while (node != NULL) - { - if (strcasecmp(node->keyword, keyword) == 0) - { - node->func(keyword, option, func); - break; - } - - node = node->next; - } -} - -/**************************************************************************** - * - * Function: DumpPlugIns() - * - * Purpose: Prints the keyword->function list - * - * Arguments: None. - * - * Returns: void function - * - ***************************************************************************/ -void DumpRuleOptions(void) -{ - RuleOptConfigFuncNode *node; - - node = rule_opt_config_funcs; - - LogMessage("-------------------------------------------------\n"); - LogMessage(" Keyword | Plugin Registered @\n"); - LogMessage("-------------------------------------------------\n"); - - while (node != NULL) - { - LogMessage("%-13s: %p\n", node->keyword, node->func); - node = node->next; - } - - LogMessage("-------------------------------------------------\n"); - LogMessage("\n"); -} - - -/**************************************************************************** - * - * Function: AddOptFuncToList(int (*func)(), OptTreeNode *) - * - * Purpose: Links the option detection module to the OTN - * - * Arguments: (*func)() => function pointer to the detection module - * otn => pointer to the current OptTreeNode - * - * Returns: void function - * - ***************************************************************************/ -OptFpList * AddOptFuncToList(RuleOptEvalFunc func, OptTreeNode *otn) -{ - OptFpList *ofp = (OptFpList *)SnortAlloc(sizeof(OptFpList)); - - DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Adding new rule to list\n");); - - /* if there are no nodes on the function list... */ - if (otn->opt_func == NULL) - { - otn->opt_func = ofp; - } - else - { - OptFpList *tmp = otn->opt_func; - - /* walk to the end of the list */ - while (tmp->next != NULL) - tmp = tmp->next; - - tmp->next = ofp; - } - - DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Set OptTestFunc to %p\n", func);); - - ofp->OptTestFunc = func; - - return ofp; -} - -/**************************************************************************** - * - * Function: AddRspFuncToList(int (*func)(), OptTreeNode *) - * - * Purpose: Adds Response function to OTN - * - * Arguments: (*func)() => function pointer to the response module - * otn => pointer to the current OptTreeNode - * - * Returns: void function - * - ***************************************************************************/ -void AddRspFuncToList(ResponseFunc func, OptTreeNode *otn, void *params) -{ - RspFpList *rsp = (RspFpList *)SnortAlloc(sizeof(RspFpList)); - - DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Adding response to list\n");); - - /* if there are no nodes on the function list... */ - if (otn->rsp_func == NULL) - { - otn->rsp_func = rsp; - } - else - { - RspFpList *tmp = otn->rsp_func; - - /* walk to the end of the list */ - while (tmp->next != NULL) - tmp = tmp->next; - - tmp->next = rsp; - } - - DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Set ResponseFunc to %p\n", func);); - - rsp->func = func; - rsp->params = params; -} - -void PostConfigInitPlugins(PluginSignalFuncNode *post_config_funcs) -{ - while (post_config_funcs != NULL) - { - post_config_funcs->func(0, post_config_funcs->arg); - post_config_funcs = post_config_funcs->next; - } -} - -void FreeRuleOptConfigFuncs(RuleOptConfigFuncNode *head) -{ - - while (head != NULL) - { - RuleOptConfigFuncNode *tmp = head; - - head = head->next; - - if (tmp->keyword != NULL) - free(tmp->keyword); - - free(tmp); - } -} - -void FreeRuleOptOverrideInitFuncs(RuleOptOverrideInitFuncNode *head) -{ - - while (head != NULL) - { - RuleOptOverrideInitFuncNode *tmp = head; - - head = head->next; - - if (tmp->keyword != NULL) - free(tmp->keyword); - - free(tmp); - } -} - -void FreePluginSigFuncs(PluginSignalFuncNode *head) -{ - while (head != NULL) - { - PluginSignalFuncNode *tmp = head; - - head = head->next; - - /* don't free sig->arg, that's free'd by the CleanExit/Restart func */ - free(tmp); - } -} - - -/************************** Preprocessor Plugin API ***************************/ -static void AddFuncToPreprocSignalList(PreprocSignalFunc, void *, - PreprocSignalFuncNode **, uint16_t, uint32_t); - - -void RegisterPreprocessors(void) -{ - LogMessage("Initializing Preprocessors!\n"); - - SetupARPspoof(); - SetupFrag3(); - SetupStream5(); - SetupRpcDecode(); - SetupBo(); - SetupHttpInspect(); - SetupPerfMonitor(); - SetupSfPortscan(); -} - -/**************************************************************************** - * - * Function: RegisterPreprocessor(char *, void (*)(char *)) - * - * Purpose: Associates a preprocessor statement with its function. - * - * Arguments: keyword => The option keyword to associate with the - * preprocessor - * *func => function pointer to the handler - * - * Returns: void function - * - ***************************************************************************/ -#ifndef SNORT_RELOAD -void RegisterPreprocessor(char *keyword, PreprocConfigFunc func) -#else -void RegisterPreprocessor(char *keyword, PreprocConfigFunc func, - PreprocReloadFunc rfunc, PreprocReloadSwapFunc sfunc, - PreprocReloadSwapFreeFunc ffunc) -#endif -{ - PreprocConfigFuncNode *node = - (PreprocConfigFuncNode *)SnortAlloc(sizeof(PreprocConfigFuncNode)); - - DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Registering keyword:preproc => %s:%p\n", keyword, func);); - - if (preproc_config_funcs == NULL) - { - preproc_config_funcs = node; - } - else - { - PreprocConfigFuncNode *tmp = preproc_config_funcs; - PreprocConfigFuncNode *last; - - do - { - if (strcasecmp(tmp->keyword, keyword) == 0) - { - free(node); - FatalError("Duplicate preprocessor keyword: %s.\n", keyword); - } - - last = tmp; - tmp = tmp->next; - - } while (tmp != NULL); - - last->next = node; - } - - node->keyword = SnortStrdup(keyword); - node->config_func = func; - -#ifdef SNORT_RELOAD - node->reload_func = rfunc; - node->reload_swap_func = sfunc; - node->reload_swap_free_func = ffunc; -#endif -} - -PreprocConfigFuncNode * GetPreprocConfig(char *keyword) -{ - PreprocConfigFuncNode *head = preproc_config_funcs; - - if (keyword == NULL) - return NULL; - - while (head != NULL) - { - if (strcasecmp(head->keyword, keyword) == 0) - return head; - - head = head->next; - } - - return NULL; -} - -PreprocConfigFunc GetPreprocConfigFunc(char *keyword) -{ - PreprocConfigFuncNode *head = preproc_config_funcs; - - if (keyword == NULL) - return NULL; - - while (head != NULL) - { - if (strcasecmp(head->keyword, keyword) == 0) - return head->config_func; - - head = head->next; - } - - return NULL; -} - -/**************************************************************************** - * - * Function: RegisterPreprocStats(char *keyword, void (*func)(int)) - * - * Purpose: Registers a function for printing preprocessor final stats - * (or other if it has a use for printing final stats) - * - * Arguments: keyword => keyword (preprocessor) whose stats will print - * func => function pointer to the handler - * - * Returns: void function - * - ***************************************************************************/ -void RegisterPreprocStats(char *keyword, PreprocStatsFunc func) -{ - PreprocStatsFuncNode *node; - - DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Registering final stats function: " - "preproc => %s:%p\n", keyword, func);); - - node = (PreprocStatsFuncNode *)SnortAlloc(sizeof(PreprocStatsFuncNode)); - - if (preproc_stats_funcs == NULL) - { - preproc_stats_funcs = node; - } - else - { - PreprocStatsFuncNode *tmp = preproc_stats_funcs; - PreprocStatsFuncNode *last; - - do - { - if (strcasecmp(tmp->keyword, keyword) == 0) - { - free(node); - FatalError("Duplicate preprocessor keyword: %s.\n", keyword); - } - - last = tmp; - tmp = tmp->next; - - } while (tmp != NULL); - - last->next = node; - } - - node->keyword = SnortStrdup(keyword); - node->func = func; -} - -/**************************************************************************** - * - * Function: DumpPreprocessors() - * - * Purpose: Prints the keyword->preprocess list - * - * Arguments: None. - * - * Returns: void function - * - ***************************************************************************/ -void DumpPreprocessors(void) -{ - PreprocConfigFuncNode *node = preproc_config_funcs; - - LogMessage("-------------------------------------------------\n"); - LogMessage(" Keyword | Preprocessor @ \n"); - LogMessage("-------------------------------------------------\n"); - - while (node != NULL) - { - LogMessage("%-13s: %p\n", node->keyword, node->config_func); - node = node->next; - } - - LogMessage("-------------------------------------------------\n\n"); -} - -int IsPreprocEnabled(uint32_t preproc_id) -{ - PreprocEvalFuncNode *node; - SnortConfig *sc = snort_conf_for_parsing; - tSfPolicyId policy_id = getParserPolicy(); - SnortPolicy *p; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config for parsing is NULL.\n", - __FILE__, __LINE__); - } - - p = sc->targeted_policies[policy_id]; - if (p == NULL) - return 0; - - for (node = p->preproc_eval_funcs; node != NULL; node = node->next) - { - if (node->preproc_id == preproc_id) - return 1; - } - - return 0; -} - -PreprocEvalFuncNode * AddFuncToPreprocList(PreprocEvalFunc func, uint16_t priority, - uint32_t preproc_id, uint32_t proto_mask) -{ - PreprocEvalFuncNode *node; - SnortConfig *sc = snort_conf_for_parsing; - tSfPolicyId policy_id = getParserPolicy(); - SnortPolicy *p; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config for parsing is NULL.\n", - __FILE__, __LINE__); - } - - p = sc->targeted_policies[policy_id]; - if (p == NULL) - return NULL; - - DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES, - "Adding preprocessor function ID %d/bit %d/pri %d to list\n", - preproc_id, p->num_preprocs, priority);); - - node = (PreprocEvalFuncNode *)SnortAlloc(sizeof(PreprocEvalFuncNode)); - - if (p->preproc_eval_funcs == NULL) - { - p->preproc_eval_funcs = node; - } - else - { - PreprocEvalFuncNode *tmp = p->preproc_eval_funcs; - PreprocEvalFuncNode *last = NULL; - - do - { - if (tmp->preproc_id == preproc_id) - { - free(node); - FatalError("Preprocessor already registered with ID %d\n", - preproc_id); - } - - /* Insert higher priority preprocessors first. Lower priority - * number means higher priority */ - if (priority < tmp->priority) - break; - - last = tmp; - tmp = tmp->next; - - } while (tmp != NULL); - - /* Priority higher than first item in list */ - if (last == NULL) - { - node->next = tmp; - p->preproc_eval_funcs = node; - } - else - { - node->next = tmp; - last->next = node; - } - } - - node->func = func; - node->priority = priority; - node->preproc_id = preproc_id; - node->preproc_bit = (1 << preproc_id); - node->proto_mask = proto_mask; - - p->num_preprocs++; - p->preproc_proto_mask |= proto_mask; - p->preproc_bit_mask |= node->preproc_bit; - - return node; -} - -void AddFuncToPreprocPostConfigList(PreprocPostConfigFunc func, void *data) -{ - PreprocPostConfigFuncNode *node; - SnortConfig *sc = snort_conf_for_parsing; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config for parsing is NULL.\n", - __FILE__, __LINE__); - } - - node = (PreprocPostConfigFuncNode *)SnortAlloc(sizeof(PreprocPostConfigFuncNode)); - - if (sc->preproc_post_config_funcs == NULL) - { - sc->preproc_post_config_funcs = node; - } - else - { - PreprocPostConfigFuncNode *tmp = sc->preproc_post_config_funcs; - - while (tmp->next != NULL) - tmp = tmp->next; - - tmp->next = node; - } - - node->data = data; - node->func = func; -} - -void PostConfigPreprocessors(SnortConfig *sc) -{ - PreprocPostConfigFuncNode *list; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config is NULL.\n", - __FILE__, __LINE__); - } - - snort_conf_for_parsing = sc; - - list = sc->preproc_post_config_funcs; - - for (; list != NULL; list = list->next) - { - if (list->func != NULL) - list->func(list->data); - } - - snort_conf_for_parsing = NULL; -} - -#ifdef SNORT_RELOAD -void SwapPreprocConfigurations(void) -{ - PreprocConfigFuncNode *node = preproc_config_funcs; - - for (; node != NULL; node = node->next) - { - if (node->reload_swap_func != NULL) - node->swap_free_data = node->reload_swap_func(); - } -} - -void FreeSwappedPreprocConfigurations(void) -{ - PreprocConfigFuncNode *node = preproc_config_funcs; - - for (; node != NULL; node = node->next) - { - if ((node->reload_swap_free_func != NULL) && - (node->swap_free_data != NULL)) - { - node->reload_swap_free_func(node->swap_free_data); - node->swap_free_data = NULL; - } - } -} - -void AddFuncToPreprocReloadVerifyList(PreprocReloadVerifyFunc func) -{ - PreprocReloadVerifyFuncNode *node; - SnortConfig *sc = snort_conf_for_parsing; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config for parsing is NULL.\n", - __FILE__, __LINE__); - } - - node = (PreprocReloadVerifyFuncNode *)SnortAlloc(sizeof(PreprocReloadVerifyFuncNode)); - - if (sc->preproc_reload_verify_funcs == NULL) - { - sc->preproc_reload_verify_funcs = node; - } - else - { - PreprocReloadVerifyFuncNode *tmp = sc->preproc_reload_verify_funcs; - - while (tmp->next != NULL) - tmp = tmp->next; - - tmp->next = node; - } - - node->func = func; -} - -void FreePreprocReloadVerifyFuncList(PreprocReloadVerifyFuncNode *head) -{ - while (head != NULL) - { - PreprocReloadVerifyFuncNode *tmp = head; - - head = head->next; - free(tmp); - } -} -#endif - -void AddFuncToConfigCheckList(PreprocCheckConfigFunc func) -{ - PreprocCheckConfigFuncNode *node; - SnortConfig *sc = snort_conf_for_parsing; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config for parsing is NULL.\n", - __FILE__, __LINE__); - } - - node = (PreprocCheckConfigFuncNode *)SnortAlloc(sizeof(PreprocCheckConfigFuncNode)); - - if (sc->preproc_config_check_funcs == NULL) - { - sc->preproc_config_check_funcs = node; - } - else - { - PreprocCheckConfigFuncNode *tmp = sc->preproc_config_check_funcs; - - while (tmp->next != NULL) - tmp = tmp->next; - - tmp->next = node; - } - - node->func = func; -} - -/* functions to aid in cleaning up after plugins */ -void AddFuncToPreprocRestartList(PreprocSignalFunc func, void *arg, - uint16_t priority, uint32_t preproc_id) -{ - AddFuncToPreprocSignalList(func, arg, &preproc_restart_funcs, priority, preproc_id); -} - -void AddFuncToPreprocCleanExitList(PreprocSignalFunc func, void *arg, - uint16_t priority, uint32_t preproc_id) -{ - AddFuncToPreprocSignalList(func, arg, &preproc_clean_exit_funcs, priority, preproc_id); -} - -void AddFuncToPreprocShutdownList(PreprocSignalFunc func, void *arg, - uint16_t priority, uint32_t preproc_id) -{ - AddFuncToPreprocSignalList(func, arg, &preproc_shutdown_funcs, priority, preproc_id); -} - -void AddFuncToPreprocResetList(PreprocSignalFunc func, void *arg, - uint16_t priority, uint32_t preproc_id) -{ - AddFuncToPreprocSignalList(func, arg, &preproc_reset_funcs, priority, preproc_id); -} - -void AddFuncToPreprocResetStatsList(PreprocSignalFunc func, void *arg, - uint16_t priority, uint32_t preproc_id) -{ - AddFuncToPreprocSignalList(func, arg, &preproc_reset_stats_funcs, priority, preproc_id); -} - -static void AddFuncToPreprocSignalList(PreprocSignalFunc func, void *arg, - PreprocSignalFuncNode **list, - uint16_t priority, uint32_t preproc_id) -{ - PreprocSignalFuncNode *node; - - if (list == NULL) - return; - - node = (PreprocSignalFuncNode *)SnortAlloc(sizeof(PreprocSignalFuncNode)); - - if (*list == NULL) - { - *list = node; - } - else - { - PreprocSignalFuncNode *tmp = *list; - PreprocSignalFuncNode *last = NULL; - - do - { - /* Insert higher priority stuff first. Lower priority - * number means higher priority */ - if (priority < tmp->priority) - break; - - last = tmp; - tmp = tmp->next; - - } while (tmp != NULL); - - /* Priority higher than first item in list */ - if (last == NULL) - { - node->next = tmp; - *list = node; - } - else - { - node->next = tmp; - last->next = node; - } - } - - node->func = func; - node->arg = arg; - node->preproc_id = preproc_id; - node->priority = priority; -} - -void AddFuncToPreprocReassemblyPktList(PreprocReassemblyPktFunc func, uint32_t preproc_id) -{ - PreprocReassemblyPktFuncNode *node; - SnortConfig *sc = snort_conf_for_parsing; - tSfPolicyId policy_id = getParserPolicy(); - SnortPolicy *p; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config for parsing is NULL.\n", - __FILE__, __LINE__); - } - - p = sc->targeted_policies[policy_id]; - if (p == NULL) - return; - - node = (PreprocReassemblyPktFuncNode *)SnortAlloc(sizeof(PreprocReassemblyPktFuncNode)); - - if (p->preproc_reassembly_pkt_funcs == NULL) - { - p->preproc_reassembly_pkt_funcs = node; - } - else - { - PreprocReassemblyPktFuncNode *tmp = p->preproc_reassembly_pkt_funcs; - - /* just insert at front of list */ - p->preproc_reassembly_pkt_funcs = node; - node->next = tmp; - } - - node->func = func; - node->preproc_id = preproc_id; -} - -void FreePreprocConfigFuncs(void) -{ - PreprocConfigFuncNode *head = preproc_config_funcs; - PreprocConfigFuncNode *tmp; - - while (head != NULL) - { - tmp = head->next; - if (head->keyword != NULL) - free(head->keyword); - free(head); - head = tmp; - } -} - -void FreePreprocCheckConfigFuncs(PreprocCheckConfigFuncNode *head) -{ - PreprocCheckConfigFuncNode *tmp; - - while (head != NULL) - { - tmp = head->next; - free(head); - head = tmp; - } -} - -void FreePreprocPostConfigFuncs(PreprocPostConfigFuncNode *head) -{ - PreprocPostConfigFuncNode *tmp; - - while (head != NULL) - { - tmp = head->next; - free(head); - head = tmp; - } -} - -void FreePreprocStatsFuncs(PreprocStatsFuncNode *head) -{ - PreprocStatsFuncNode *tmp; - - while (head != NULL) - { - tmp = head->next; - if (head->keyword != NULL) - free(head->keyword); - free(head); - head = tmp; - } -} - -void FreePreprocEvalFuncs(PreprocEvalFuncNode *head) -{ - PreprocEvalFuncNode *tmp; - - while (head != NULL) - { - tmp = head->next; - //if (head->context) - // free(head->context); - free(head); - head = tmp; - } -} - -void FreePreprocReassemblyPktFuncs(PreprocReassemblyPktFuncNode *head) -{ - PreprocReassemblyPktFuncNode *tmp; - - while (head != NULL) - { - tmp = head->next; - free(head); - head = tmp; - } -} - -void FreePreprocSigFuncs(PreprocSignalFuncNode *head) -{ - PreprocSignalFuncNode *tmp; - - while (head != NULL) - { - tmp = head->next; - /* don't free sig->arg, that's free'd by the CleanExit/Restart func */ - free(head); - head = tmp; - } -} - -void CheckPreprocessorsConfig(SnortConfig *sc) -{ - PreprocCheckConfigFuncNode *idx; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config is NULL.\n", - __FILE__, __LINE__); - } - - snort_conf_for_parsing = sc; - - idx = sc->preproc_config_check_funcs; - - LogMessage("Verifying Preprocessor Configurations!\n"); - - while(idx != NULL) - { - idx->func(); - idx = idx->next; - } - - snort_conf_for_parsing = NULL; -} - -#ifdef SNORT_RELOAD -int VerifyReloadedPreprocessors(SnortConfig *sc) -{ - PreprocReloadVerifyFuncNode *node; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config is NULL.\n", - __FILE__, __LINE__); - } - - snort_conf_for_parsing = sc; - - node = sc->preproc_reload_verify_funcs; - while (node != NULL) - { - if (node->func != NULL) - { - if (node->func() == -1) - return -1; - } - - node = node->next; - } - - snort_conf_for_parsing = NULL; - - return 0; -} -#endif - - -/***************************** Output Plugin API *****************************/ -extern OutputConfigFuncNode *output_config_funcs; - -static void AppendOutputFuncList(OutputFunc, void *, OutputFuncNode **); - -void RegisterOutputPlugins(void) -{ - LogMessage("Initializing Output Plugins!\n"); - - AlertSyslogSetup(); - LogTcpdumpSetup(); - DatabaseSetup(); - AlertFastSetup(); - AlertFullSetup(); - AlertPfSetup(); -#ifndef WIN32 - /* Win32 doesn't support AF_UNIX sockets */ - AlertUnixSockSetup(); -#endif /* !WIN32 */ - AlertCSVSetup(); - LogNullSetup(); - UnifiedSetup(); - Unified2Setup(); - LogAsciiSetup(); - -#ifdef ARUBA - AlertArubaActionSetup(); -#endif - -#ifdef LINUX - /* This uses linux only capabilities */ - AlertSFSocket_Setup(); -#endif - -#ifdef HAVE_LIBPRELUDE - AlertPreludeSetup(); -#endif - - AlertTestSetup(); -} - -/**************************************************************************** - * - * Function: RegisterOutputPlugin(char *, void (*func)(Packet *, u_char *)) - * - * Purpose: Associates an output statement with its function. - * - * Arguments: keyword => The output keyword to associate with the - * output processor - * type => alert or log types - * *func => function pointer to the handler - * - * Returns: void function - * - ***************************************************************************/ -void RegisterOutputPlugin(char *keyword, int type_flags, OutputConfigFunc func) -{ - OutputConfigFuncNode *node = (OutputConfigFuncNode *)SnortAlloc(sizeof(OutputConfigFuncNode)); - - DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Registering keyword:output => %s:%p\n", - keyword, func);); - - if (output_config_funcs == NULL) - { - output_config_funcs = node; - } - else - { - OutputConfigFuncNode *tmp = output_config_funcs; - OutputConfigFuncNode *last; - - do - { - if (strcasecmp(tmp->keyword, keyword) == 0) - { - free(node); - FatalError("Duplicate output keyword: %s\n", keyword); - } - - last = tmp; - tmp = tmp->next; - - } while (tmp != NULL); - - last->next = node; - } - - node->keyword = SnortStrdup(keyword); - node->func = func; - node->output_type_flags = type_flags; -} - -OutputConfigFunc GetOutputConfigFunc(char *keyword) -{ - OutputConfigFuncNode *head = output_config_funcs; - - if (keyword == NULL) - return NULL; - - while (head != NULL) - { - if (strcasecmp(head->keyword, keyword) == 0) - return head->func; - - head = head->next; - } - - return NULL; -} - -int GetOutputTypeFlags(char *keyword) -{ - OutputConfigFuncNode *head = output_config_funcs; - - if (keyword == NULL) - return 0; - - while (head != NULL) - { - if (strcasecmp(head->keyword, keyword) == 0) - return head->output_type_flags; - - head = head->next; - } - - return 0; -} - -void FreeOutputConfigFuncs(void) -{ - OutputConfigFuncNode *head = output_config_funcs; - OutputConfigFuncNode *tmp; - - while (head != NULL) - { - tmp = head->next; - if (head->keyword != NULL) - free(head->keyword); - free(head); - head = tmp; - } -} - -void FreeOutputList(OutputFuncNode *list) -{ - while (list != NULL) - { - OutputFuncNode *tmp = list; - - list = list->next; - free(tmp); - } -} - -/**************************************************************************** - * - * Function: DumpOutputPlugins() - * - * Purpose: Prints the keyword->preprocess list - * - * Arguments: None. - * - * Returns: void function - * - ***************************************************************************/ -void DumpOutputPlugins(void) -{ - OutputConfigFuncNode *idx = output_config_funcs; - - LogMessage("-------------------------------------------------\n"); - LogMessage(" Keyword | Output @ \n"); - LogMessage("-------------------------------------------------\n"); - while(idx != NULL) - { - LogMessage("%-13s: %p\n", idx->keyword, idx->func); - idx = idx->next; - } - LogMessage("-------------------------------------------------\n\n"); -} - -void AddFuncToOutputList(OutputFunc func, OutputType type, void *arg) -{ - switch (type) - { - case OUTPUT_TYPE__ALERT: - if (head_tmp != NULL) - AppendOutputFuncList(func, arg, &head_tmp->AlertList); - else - AppendOutputFuncList(func, arg, &AlertList); - - break; - - case OUTPUT_TYPE__LOG: - if (head_tmp != NULL) - AppendOutputFuncList(func, arg, &head_tmp->LogList); - else - AppendOutputFuncList(func, arg, &LogList); - - break; - - default: - /* just to be error-prone */ - FatalError("Unknown output type: %i. Possible bug, please " - "report.\n", type); - } -} - -void AppendOutputFuncList(OutputFunc func, void *arg, OutputFuncNode **list) -{ - OutputFuncNode *node; - - if (list == NULL) - return; - - node = (OutputFuncNode *)SnortAlloc(sizeof(OutputFuncNode)); - - if (*list == NULL) - { - *list = node; - } - else - { - OutputFuncNode *tmp = *list; - - while (tmp->next != NULL) - tmp = tmp->next; - - tmp->next = node; - } - - node->func = func; - node->arg = arg; -} - - -/************************** Miscellaneous Functions **************************/ - -/* functions to aid in cleaning up after plugins - * Used for both rule options and output. Preprocessors have their own */ -void AddFuncToRestartList(PluginSignalFunc func, void *arg) -{ - AddFuncToSignalList(func, arg, &plugin_restart_funcs); -} - -void AddFuncToCleanExitList(PluginSignalFunc func, void *arg) -{ - AddFuncToSignalList(func, arg, &plugin_clean_exit_funcs); -} - -void AddFuncToShutdownList(PluginSignalFunc func, void *arg) -{ - AddFuncToSignalList(func, arg, &plugin_shutdown_funcs); -} - -void AddFuncToPostConfigList(PluginSignalFunc func, void *arg) -{ - SnortConfig *sc = snort_conf_for_parsing; - - if (sc == NULL) - { - FatalError("%s(%d) Snort config for parsing is NULL.\n", - __FILE__, __LINE__); - } - - AddFuncToSignalList(func, arg, &sc->plugin_post_config_funcs); -} - -void AddFuncToSignalList(PluginSignalFunc func, void *arg, PluginSignalFuncNode **list) -{ - PluginSignalFuncNode *node; - - if (list == NULL) - return; - - node = (PluginSignalFuncNode *)SnortAlloc(sizeof(PluginSignalFuncNode)); - - if (*list == NULL) - { - *list = node; - } - else - { - PluginSignalFuncNode *tmp = *list; - - while (tmp->next != NULL) - tmp = tmp->next; - - tmp->next = node; - } - - node->func = func; - node->arg = arg; -} - -void AddFuncToRuleOptParseCleanupList(RuleOptParseCleanupFunc func) -{ - RuleOptParseCleanupNode *node = - (RuleOptParseCleanupNode *)SnortAlloc(sizeof(RuleOptParseCleanupNode)); - - if (rule_opt_parse_cleanup_list == NULL) - { - rule_opt_parse_cleanup_list = node; - } - else - { - RuleOptParseCleanupNode *tmp = rule_opt_parse_cleanup_list; - - while (tmp->next != NULL) - tmp = tmp->next; - - tmp->next = node; - } - - node->func = func; -} - -void RuleOptParseCleanup(void) -{ - RuleOptParseCleanupNode *list = rule_opt_parse_cleanup_list; - - for (; list != NULL; list = list->next) - { - if (list->func != NULL) - list->func(); - } -} - -void FreeRuleOptParseCleanupList(RuleOptParseCleanupNode *head) -{ - while (head != NULL) - { - RuleOptParseCleanupNode *tmp = head; - - head = head->next; - free(tmp); - } -} - - diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/util.c b/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/util.c deleted file mode 100644 index b2d3b38b..00000000 --- a/config/snort-dev/snortsam-package-code/patches/spoink_patch/2.8.6/util.c +++ /dev/null @@ -1,3233 +0,0 @@ -/* $Id$ */ -/* -** Copyright (C) 2002-2010 Sourcefire, Inc. -** Copyright (C) 2002 Martin Roesch <roesch@sourcefire.com> -** -** This program is free software; you can redistribute it and/or modify -** it under the terms of the GNU General Public License Version 2 as -** published by the Free Software Foundation. You may not use, modify or -** distribute this program under any other version of the GNU General -** Public License. -** -** This program is distributed in the hope that it will be useful, -** but WITHOUT ANY WARRANTY; without even the implied warranty of -** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -** GNU General Public License for more details. -** -** You should have received a copy of the GNU General Public License -** along with this program; if not, write to the Free Software -** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include <sys/types.h> - -#ifndef WIN32 -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <sys/wait.h> -#include <dirent.h> -#include <fnmatch.h> -#endif /* !WIN32 */ - -#include <stdarg.h> -#include <syslog.h> -#include <errno.h> -#include <sys/stat.h> -#include <time.h> -#include <signal.h> -#include <unistd.h> - -#ifndef WIN32 -#include <grp.h> -#include <pwd.h> -#include <netdb.h> -#include <limits.h> -#endif /* !WIN32 */ - -#include <fcntl.h> - -#ifdef HAVE_STRINGS_H -#include <strings.h> -#endif - -#ifdef ZLIB -#include <zlib.h> -#endif - -#include "snort.h" -#include "mstring.h" -#include "debug.h" -#include "util.h" -#include "parser.h" -#include "inline.h" -#include "build.h" -#include "plugbase.h" -#include "sf_types.h" -#include "sflsq.h" -#include "ipv6_port.h" - -#include "pcre.h" - -#include "mpse.h" - -#include "ppm.h" - -#ifdef TARGET_BASED -#include "sftarget_reader.h" -#endif - -#ifdef WIN32 -#include "win32/WIN32-Code/name.h" -#endif - -#include "stream5_common.h" - -#ifdef PATH_MAX -#define PATH_MAX_UTIL PATH_MAX -#else -#define PATH_MAX_UTIL 1024 -#endif /* PATH_MAX */ - -extern Stream5Stats s5stats; -extern int datalink; -extern pcap_t *pcap_handle; -extern PreprocStatsFuncNode *preproc_stats_funcs; - -static PcapPktStats pkt_stats; - -/* - * you may need to adjust this on the systems which don't have standard - * paths defined - */ -#ifndef _PATH_VARRUN -static char _PATH_VARRUN[STD_BUF]; -#endif - - -#ifdef NAME_MAX -#define NAME_MAX_UTIL NAME_MAX -#else -#define NAME_MAX_UTIL 256 -#endif /* NAME_MAX */ - -#define FILE_MAX_UTIL (PATH_MAX_UTIL + NAME_MAX_UTIL) - -/**************************************************************************** - * - * Function: CalcPct(uint64_t, uint64_t) - * - * Purpose: Calculate the percentage of a value compared to a total - * - * Arguments: cnt => the numerator in the equation - * total => the denominator in the calculation - * - * Returns: pct -> the percentage of cnt to value - * - ****************************************************************************/ -double CalcPct(uint64_t cnt, uint64_t total) -{ - double pct = 0.0; - - if (total == 0.0) - { - pct = (double)cnt; - } - else - { - pct = (double)cnt / (double)total; - } - - pct *= 100.0; - - return pct; -} - - -/**************************************************************************** - * - * Function: DisplayBanner() - * - * Purpose: Show valuable proggie info - * - * Arguments: None. - * - * Returns: 0 all the time - * - ****************************************************************************/ -int DisplayBanner(void) -{ - const char * info; - const char * pcre_ver; -#ifdef ZLIB - const char * zlib_ver; -#endif - - info = getenv("HOSTTYPE"); - if( !info ) - { - info=""; - } - - pcre_ver = pcre_version(); -#ifdef ZLIB - zlib_ver = zlib_version; -#endif - - LogMessage("\n"); - LogMessage(" ,,_ -*> Snort! <*-\n"); - LogMessage(" o\" )~ Version %s%s%s (Build %s) %s %s\n", - VERSION, -#ifdef SUP_IP6 - " IPv6", -#else - "", -#endif -#ifdef GRE - " GRE", -#else - "", -#endif - BUILD, -#ifdef GIDS - "inline", -#else - "", -#endif - info); - LogMessage(" '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team\n"); - LogMessage(" Copyright (C) 1998-2010 Sourcefire, Inc., et al.\n"); - LogMessage(" Using PCRE version: %s\n", pcre_ver); -#ifdef ZLIB - LogMessage(" Using ZLIB version: %s\n", zlib_ver); -#endif - LogMessage("\n"); - LogMessage(" ___ Built Date for Snort on Pfsense 2.0 is May 25 2010.\n"); - LogMessage(" ___/ f \\ Orion IPS Output Code Copyright (C) 2009-2010 Robert Zelaya.\n"); - LogMessage("/ p \\___/Sense\n"); - LogMessage("\\___/ \\\n"); - LogMessage(" \\___/ Using Snort.org dynamic plugins and Orion IPS source.\n"); - LogMessage("\n"); - - return 0; -} - - - -/**************************************************************************** - * - * Function: ts_print(register const struct, char *) - * - * Purpose: Generate a time stamp and stuff it in a buffer. This one has - * millisecond precision. Oh yeah, I ripped this code off from - * TCPdump, props to those guys. - * - * Arguments: timeval => clock struct coming out of libpcap - * timebuf => buffer to stuff timestamp into - * - * Returns: void function - * - ****************************************************************************/ -void ts_print(register const struct timeval *tvp, char *timebuf) -{ - register int s; - int localzone; - time_t Time; - struct timeval tv; - struct timezone tz; - struct tm *lt; /* place to stick the adjusted clock data */ - - /* if null was passed, we use current time */ - if(!tvp) - { - /* manual page (for linux) says tz is never used, so.. */ - bzero((char *) &tz, sizeof(tz)); - gettimeofday(&tv, &tz); - tvp = &tv; - } - - localzone = snort_conf->thiszone; - - /* - ** If we're doing UTC, then make sure that the timezone is correct. - */ - if (ScOutputUseUtc()) - localzone = 0; - - s = (tvp->tv_sec + localzone) % 86400; - Time = (tvp->tv_sec + localzone) - s; - - lt = gmtime(&Time); - - if (ScOutputIncludeYear()) - { - (void) SnortSnprintf(timebuf, TIMEBUF_SIZE, - "%02d/%02d/%02d-%02d:%02d:%02d.%06u ", - lt->tm_mon + 1, lt->tm_mday, lt->tm_year - 100, - s / 3600, (s % 3600) / 60, s % 60, - (u_int) tvp->tv_usec); - } - else - { - (void) SnortSnprintf(timebuf, TIMEBUF_SIZE, - "%02d/%02d-%02d:%02d:%02d.%06u ", lt->tm_mon + 1, - lt->tm_mday, s / 3600, (s % 3600) / 60, s % 60, - (u_int) tvp->tv_usec); - } -} - - - -/**************************************************************************** - * - * Function: gmt2local(time_t) - * - * Purpose: Figures out how to adjust the current clock reading based on the - * timezone you're in. Ripped off from TCPdump. - * - * Arguments: time_t => offset from GMT - * - * Returns: offset seconds from GMT - * - ****************************************************************************/ -int gmt2local(time_t t) -{ - register int dt, dir; - register struct tm *gmt, *loc; - struct tm sgmt; - - if(t == 0) - t = time(NULL); - - gmt = &sgmt; - *gmt = *gmtime(&t); - loc = localtime(&t); - - dt = (loc->tm_hour - gmt->tm_hour) * 60 * 60 + - (loc->tm_min - gmt->tm_min) * 60; - - dir = loc->tm_year - gmt->tm_year; - - if(dir == 0) - dir = loc->tm_yday - gmt->tm_yday; - - dt += dir * 24 * 60 * 60; - - return(dt); -} - - - - -/**************************************************************************** - * - * Function: copy_argv(u_char **) - * - * Purpose: Copies a 2D array (like argv) into a flat string. Stolen from - * TCPDump. - * - * Arguments: argv => 2D array to flatten - * - * Returns: Pointer to the flat string - * - ****************************************************************************/ -char *copy_argv(char **argv) -{ - char **p; - u_int len = 0; - char *buf; - char *src, *dst; - //void ftlerr(char *,...); - - p = argv; - if(*p == 0) - return 0; - - while(*p) - len += strlen(*p++) + 1; - - buf = (char *) calloc(1,len); - - if(buf == NULL) - { - FatalError("calloc() failed: %s\n", strerror(errno)); - } - p = argv; - dst = buf; - - while((src = *p++) != NULL) - { - while((*dst++ = *src++) != '\0'); - dst[-1] = ' '; - } - - dst[-1] = '\0'; - - /* Check for an empty string */ - dst = buf; - while (isspace((int)*dst)) - dst++; - - if (strlen(dst) == 0) - { - free(buf); - buf = NULL; - } - - return buf; -} - - -/**************************************************************************** - * - * Function: strip(char *) - * - * Purpose: Strips a data buffer of CR/LF/TABs. Replaces CR/LF's with - * NULL and TABs with spaces. - * - * Arguments: data => ptr to the data buf to be stripped - * - * Returns: void - * - * 3/7/07 - changed to return void - use strlen to get size of string - * - * Note that this function will turn all '\n' and '\r' into null chars - * so, e.g. 'Hello\nWorld\n' => 'Hello\x00World\x00' - * note that the string is now just 'Hello' and the length is shortened - * by more than just an ending '\n' or '\r' - ****************************************************************************/ -void strip(char *data) -{ - int size; - char *end; - char *idx; - - idx = data; - end = data + strlen(data); - size = end - idx; - - while(idx != end) - { - if((*idx == '\n') || - (*idx == '\r')) - { - *idx = 0; - size--; - } - if(*idx == '\t') - { - *idx = ' '; - } - idx++; - } -} - -/* - * Function: ErrorMessage(const char *, ...) - * - * Purpose: Print a message to stderr. - * - * Arguments: format => the formatted error string to print out - * ... => format commands/fillers - * - * Returns: void function - */ -void ErrorMessage(const char *format,...) -{ - char buf[STD_BUF+1]; - va_list ap; - - if (snort_conf == NULL) - return; - - va_start(ap, format); - - if (ScDaemonMode() || ScLogSyslog()) - { - vsnprintf(buf, STD_BUF, format, ap); - buf[STD_BUF] = '\0'; - syslog(LOG_CONS | LOG_DAEMON | LOG_ERR, "%s", buf); - } - else - { - vfprintf(stderr, format, ap); - } - va_end(ap); -} - -/* - * Function: LogMessage(const char *, ...) - * - * Purpose: Print a message to stderr or with logfacility. - * - * Arguments: format => the formatted error string to print out - * ... => format commands/fillers - * - * Returns: void function - */ -void LogMessage(const char *format,...) -{ - char buf[STD_BUF+1]; - va_list ap; - - if (snort_conf == NULL) - return; - - if (ScLogQuiet() && !ScDaemonMode() && !ScLogSyslog()) - return; - - va_start(ap, format); - - if (ScDaemonMode() || ScLogSyslog()) - { - vsnprintf(buf, STD_BUF, format, ap); - buf[STD_BUF] = '\0'; - syslog(LOG_DAEMON | LOG_NOTICE, "%s", buf); - } - else - { - vfprintf(stderr, format, ap); - } - - va_end(ap); -} - -/* - * Function: CreateApplicationEventLogEntry(const char *) - * - * Purpose: Add an entry to the Win32 "Application" EventLog - * - * Arguments: szMessage => the formatted error string to print out - * - * Returns: void function - */ -#if defined(WIN32) && defined(ENABLE_WIN32_SERVICE) -void CreateApplicationEventLogEntry(const char *msg) -{ - HANDLE hEventLog; - char* pEventSourceName = "SnortService"; - - /* prepare to write to Application log on local host - * with Event Source of SnortService - */ - AddEventSource(pEventSourceName); - hEventLog = RegisterEventSource(NULL, pEventSourceName); - if (hEventLog == NULL) - { - /* Could not register the event source. */ - return; - } - - if (!ReportEvent(hEventLog, /* event log handle */ - EVENTLOG_ERROR_TYPE, /* event type */ - 0, /* category zero */ - EVMSG_SIMPLE, /* event identifier */ - NULL, /* no user security identifier */ - 1, /* one substitution string */ - 0, /* no data */ - &msg, /* pointer to array of strings */ - NULL)) /* pointer to data */ - { - /* Could not report the event. */ - } - - DeregisterEventSource(hEventLog); -} -#endif /* WIN32 && ENABLE_WIN32_SERVICE */ - - -/* - * Function: FatalError(const char *, ...) - * - * Purpose: When a fatal error occurs, this function prints the error message - * and cleanly shuts down the program - * - * Arguments: format => the formatted error string to print out - * ... => format commands/fillers - * - * Returns: void function - */ -NORETURN void FatalError(const char *format,...) -{ - char buf[STD_BUF+1]; - va_list ap; - - va_start(ap, format); - vsnprintf(buf, STD_BUF, format, ap); - va_end(ap); - - buf[STD_BUF] = '\0'; - - if ((snort_conf != NULL) && (ScDaemonMode() || ScLogSyslog())) - { - syslog(LOG_CONS | LOG_DAEMON | LOG_ERR, "FATAL ERROR: %s", buf); - } - else - { - fprintf(stderr, "ERROR: %s", buf); - fprintf(stderr,"Fatal Error, Quitting..\n"); -#if defined(WIN32) && defined(ENABLE_WIN32_SERVICE) - CreateApplicationEventLogEntry(buf); -#endif - } - - exit(1); -} - - -/**************************************************************************** - * - * Function: CreatePidFile(char *) - * - * Purpose: Creates a PID file - * - * Arguments: Interface opened. - * - * Returns: void function - * - ****************************************************************************/ -static FILE *pid_lockfile = NULL; -static FILE *pid_file = NULL; -void CreatePidFile(char *intf) -{ - struct stat pt; - int pid = (int) getpid(); -#ifdef WIN32 - char dir[STD_BUF + 1]; -#endif - - if (!ScReadMode()) - { - LogMessage("Checking PID path...\n"); - - if (strlen(snort_conf->pid_path) != 0) - { - if((stat(snort_conf->pid_path, &pt) == -1) || - !S_ISDIR(pt.st_mode) || access(snort_conf->pid_path, W_OK) == -1) - { -#ifndef WIN32 - /* Save this just in case it's reset with LogMessage call */ - int err = errno; - - LogMessage("WARNING: %s is invalid, trying " - "/var/run...\n", snort_conf->pid_path); - if (err) - { - LogMessage("Previous Error, errno=%d, (%s)\n", - err, strerror(err) == NULL ? "Unknown error" : strerror(err)); - } -#endif - memset(snort_conf->pid_path, 0, sizeof(snort_conf->pid_path)); - } - else - { - LogMessage("PID path stat checked out ok, " - "PID path set to %s\n", snort_conf->pid_path); - } - } - - if (strlen(snort_conf->pid_path) == 0) - { -#ifndef _PATH_VARRUN -# ifndef WIN32 - SnortStrncpy(_PATH_VARRUN, "/var/run/", sizeof(_PATH_VARRUN)); -# else - if (GetCurrentDirectory(sizeof(dir) - 1, dir)) - SnortStrncpy(_PATH_VARRUN, dir, sizeof(_PATH_VARRUN)); -# endif /* WIN32 */ -#else - LogMessage("PATH_VARRUN is set to %s on this operating " - "system\n", _PATH_VARRUN); -#endif /* _PATH_VARRUN */ - - stat(_PATH_VARRUN, &pt); - - if(!S_ISDIR(pt.st_mode) || access(_PATH_VARRUN, W_OK) == -1) - { - LogMessage("WARNING: _PATH_VARRUN is invalid, trying " - "/var/log...\n"); - SnortStrncpy(snort_conf->pid_path, "/var/log/", sizeof(snort_conf->pid_path)); - stat(snort_conf->pid_path, &pt); - - if(!S_ISDIR(pt.st_mode) || access(snort_conf->pid_path, W_OK) == -1) - { - LogMessage("WARNING: %s is invalid, logging Snort " - "PID path to log directory (%s)\n", snort_conf->pid_path, - snort_conf->log_dir); - CheckLogDir(); - SnortSnprintf(snort_conf->pid_path, sizeof(snort_conf->pid_path), - "%s/", snort_conf->log_dir); - } - } - else - { - LogMessage("PID path stat checked out ok, " - "PID path set to %s\n", _PATH_VARRUN); - SnortStrncpy(snort_conf->pid_path, _PATH_VARRUN, sizeof(snort_conf->pid_path)); - } - } - } - - if(intf == NULL || strlen(snort_conf->pid_path) == 0) - { - /* snort_conf->pid_path should have some value by now - * so let us just be sane. */ - FatalError("CreatePidFile() failed to lookup interface or pid_path is unknown!\n"); - } - - SnortSnprintf(snort_conf->pid_filename, sizeof(snort_conf->pid_filename), - "%s/snort_%s%s.pid", snort_conf->pid_path, intf, snort_conf->pidfile_suffix); - -#ifndef WIN32 - if (!ScNoLockPidFile()) - { - char pid_lockfilename[STD_BUF+1]; - int lock_fd; - - /* First, lock the PID file */ - SnortSnprintf(pid_lockfilename, STD_BUF, "%s.lck", snort_conf->pid_filename); - pid_lockfile = fopen(pid_lockfilename, "w"); - - if (pid_lockfile) - { - struct flock lock; - lock_fd = fileno(pid_lockfile); - - lock.l_type = F_WRLCK; - lock.l_whence = SEEK_SET; - lock.l_start = 0; - lock.l_len = 0; - - if (fcntl(lock_fd, F_SETLK, &lock) == -1) - { - ClosePidFile(); - FatalError("Failed to Lock PID File \"%s\" for PID \"%d\"\n", snort_conf->pid_filename, pid); - } - } - } -#endif - - /* Okay, were able to lock PID file, now open and write PID */ - pid_file = fopen(snort_conf->pid_filename, "w"); - if(pid_file) - { - LogMessage("Writing PID \"%d\" to file \"%s\"\n", pid, snort_conf->pid_filename); - fprintf(pid_file, "%d\n", pid); - fflush(pid_file); - } - else - { - ErrorMessage("Failed to create pid file %s", snort_conf->pid_filename); - snort_conf->pid_filename[0] = 0; - } -} - -/**************************************************************************** - * - * Function: ClosePidFile(char *) - * - * Purpose: Releases lock on a PID file - * - * Arguments: None - * - * Returns: void function - * - ****************************************************************************/ -void ClosePidFile(void) -{ - if (pid_file) - { - fclose(pid_file); - pid_file = NULL; - } - if (pid_lockfile) - { - fclose(pid_lockfile); - pid_lockfile = NULL; - } -} - -/**************************************************************************** - * - * Function: SetUidGid() - * - * Purpose: Sets safe UserID and GroupID if needed - * - * Arguments: none - * - * Returns: void function - * - ****************************************************************************/ -void SetUidGid(int user_id, int group_id) -{ -#ifndef WIN32 - - if ((group_id != -1) && (getgid() != (gid_t)group_id)) - { - if (!InlineModeSetPrivsAllowed()) - { - ErrorMessage("Cannot set uid and gid when running Snort in " - "inline mode.\n"); - return; - } - - if (setgid(group_id) < 0) - FatalError("Cannot set gid: %d\n", group_id); - - DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Set gid to %d\n", group_id);); - } - - if ((user_id != -1) && (getuid() != (uid_t)user_id)) - { - struct passwd *pw = getpwuid(user_id); - - if (!InlineModeSetPrivsAllowed()) - { - ErrorMessage("Cannot set uid and gid when running Snort in " - "inline mode.\n"); - return; - } - - if (pw != NULL) - { - /* getpwuid and initgroups may use the same static buffers */ - char *username = SnortStrdup(pw->pw_name); - - if ((getuid() == 0) && (initgroups(username, group_id) < 0)) - { - free(username); - FatalError("Can not initgroups(%s,%d)", - username, group_id); - } - - free(username); - } - - /** just to be on a safe side... **/ - endgrent(); - endpwent(); - - if (setuid(user_id) < 0) - FatalError("Can not set uid: %d\n", user_id); - - DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Set uid to %d\n", user_id);); - } -#endif /* WIN32 */ -} - -#ifdef TIMESTATS - -static IntervalStats istats = {0}; -time_t start_time; - -void InitTimeStats(void) -{ - start_time = time(NULL); -} - -void ResetTimeStats(void) -{ - memset(&istats, 0, sizeof(istats)); -} - -/* This function prints out stats based on a configurable time - * interval. It is an indication on how well snort is */ -/* processing packets, including types, drops, etc */ -void DropStatsPerTimeInterval(void) -{ - double per_sec, per_minute, per_hour; - uint64_t recv, drop; - uint64_t total = 0; - uint32_t timestats_interval = ScTimestatsInterval(); - -#ifdef PCAP_CLOSE - if (UpdatePcapPktStats(0) != -1) -#else - if (UpdatePcapPktStats() != -1) -#endif - { - recv = GetPcapPktStatsRecv(); - drop = GetPcapPktStatsDrop(); - - istats.recv = recv - istats.recv_total; - istats.recv_total = recv; - - istats.drop = drop - istats.drop_total; - istats.drop_total = drop; - - /* calculate received packets by type */ - istats.tcp = pc.tcp - istats.tcp_total; - istats.tcp_total = pc.tcp; - - istats.udp = pc.udp - istats.udp_total; - istats.udp_total = pc.udp; - - istats.icmp = pc.icmp - istats.icmp_total; - istats.icmp_total = pc.icmp; - - istats.arp = pc.arp - istats.arp_total; - istats.arp_total = pc.arp; - -#ifdef GRE - istats.ip4ip4 = pc.ip4ip4 - istats.ip4ip4_total; - istats.ip4ip4_total = pc.ip4ip4; - - istats.ip4ip6 = pc.ip4ip6 - istats.ip4ip6_total; - istats.ip4ip6_total = pc.ip4ip6; - - istats.ip6ip4 = pc.ip6ip4 - istats.ip6ip4_total; - istats.ip6ip4_total = pc.ip6ip4; - - istats.ip6ip6 = pc.ip6ip6 - istats.ip6ip6_total; - istats.ip6ip6_total = pc.ip6ip6; - - istats.gre = pc.gre - istats.gre_total; - istats.gre_total = pc.gre; - - istats.gre_ip = pc.gre_ip - istats.gre_ip_total; - istats.gre_ip_total = pc.gre_ip; - - istats.gre_eth = pc.gre_eth - istats.gre_eth_total; - istats.gre_eth_total = pc.gre_eth; - - istats.gre_arp = pc.gre_arp - istats.gre_arp_total; - istats.gre_arp_total = pc.gre_arp; - - istats.gre_ipv6 = pc.gre_ipv6 - istats.gre_ipv6_total; - istats.gre_ipv6_total = pc.gre_ipv6; - - istats.gre_ipx = pc.gre_ipx - istats.gre_ipx_total; - istats.gre_ipx_total = pc.gre_ipx; - - istats.gre_loopback = pc.gre_loopback - istats.gre_loopback_total; - istats.gre_loopback_total = pc.gre_loopback; - - istats.gre_vlan = pc.gre_vlan - istats.gre_vlan_total; - istats.gre_vlan_total = pc.gre_vlan; - - istats.gre_ppp = pc.gre_ppp - istats.gre_ppp_total; - istats.gre_ppp_total = pc.gre_ppp; -#endif - -#ifdef DLT_IEEE802_11 /* if we are tracking wireless, add this to output */ - istats.wifi_mgmt = pc.wifi_mgmt - istats.wifi_mgmt_total; - istats.wifi_mgmt_total = pc.wifi_mgmt; - - istats.wifi_control = pc.wifi_control - istats.wifi_control_total; - istats.wifi_control_total = pc.wifi_control; - - istats.wifi_data = pc.wifi_data - istats.wifi_data_total; - istats.wifi_data_total = pc.wifi_data; -#endif - - istats.ipx = pc.ipx - istats.ipx_total; - istats.ipx_total = pc.ipx; - - istats.eapol = pc.eapol - istats.eapol_total; - istats.eapol_total = pc.eapol; - - istats.ipv6 = pc.ipv6 - istats.ipv6_total; - istats.ipv6_total = pc.ipv6; - - istats.ethloopback = pc.ethloopback - istats.ethloopback_total; - istats.ethloopback_total = pc.ethloopback; - - istats.other = pc.other - istats.other_total; - istats.other_total = pc.other; - - istats.discards = pc.discards - istats.discards_total; - istats.discards_total = pc.discards; - - if (pc.frags > 0) /* do we have any fragmented packets being seen? */ - { - istats.frags = pc.frags - istats.frags_total; - istats.frags_total = pc.frags; - - istats.frag_trackers = pc.frag_trackers - istats.frag_trackers_total; - istats.frag_trackers_total = pc.frag_trackers; - - istats.frag_rebuilt = pc.rebuilt_frags - istats.frag_rebuilt_total; - istats.frag_rebuilt_total = pc.rebuilt_frags; - - istats.frag_element = pc.rebuild_element - istats.frag_element_total; - istats.frag_element_total = pc.rebuild_element; - - istats.frag_incomp = pc.frag_incomp - istats.frag_incomp_total; - istats.frag_incomp_total = pc.frag_incomp; - - istats.frag_timeout = pc.frag_timeout - istats.frag_timeout_total; - istats.frag_timeout_total = pc.frag_timeout; - - istats.frag_mem_faults = pc.frag_mem_faults - istats.frag_mem_faults_total; - istats.frag_mem_faults_total = pc.frag_mem_faults; - } - - if (pc.tcp_stream_pkts > 0) /* do we have TCP stream re-assembly going on? */ - { - istats.tcp_str_packets = pc.tcp_stream_pkts - istats.tcp_str_packets_total; - istats.tcp_str_packets_total = pc.tcp_stream_pkts; - - istats.tcp_str_trackers = pc.tcp_streams - istats.tcp_str_trackers_total; - istats.tcp_str_trackers_total = pc.tcp_streams; - - istats.tcp_str_flushes = pc.rebuilt_tcp - istats.tcp_str_flushes_total; - istats.tcp_str_flushes_total = pc.rebuilt_tcp; - - istats.tcp_str_segs_used = pc.rebuilt_segs - istats.tcp_str_segs_used_total; - istats.tcp_str_segs_used_total = pc.rebuilt_segs; - - istats.tcp_str_segs_queued = pc.queued_segs - istats.tcp_str_segs_queued_total; - istats.tcp_str_segs_queued_total = pc.queued_segs; - - istats.tcp_str_mem_faults = pc.str_mem_faults - istats.tcp_str_mem_faults_total; - istats.tcp_str_mem_faults_total = pc.str_mem_faults; - } - - istats.processed = pc.total_processed - istats.processed_total; - istats.processed_total = pc.total_processed; - total = istats.processed; - - /* prepare packet type per time interval routine */ - LogMessage("================================================" - "===============================\n"); - - LogMessage("\n"); - LogMessage("Statistics Report (last %d seconds)\n", timestats_interval); - LogMessage("\n"); - - per_sec = (double)istats.recv / (double)timestats_interval; - - LogMessage("Packet Wire Totals:\n"); - LogMessage("Packets received: " FMTu64("13") "\n", istats.recv); - - if (timestats_interval >= SECONDS_PER_HOUR) - { - per_hour = (double)(istats.recv * SECONDS_PER_HOUR) / (double)timestats_interval; - LogMessage(" per hour: %13.2f\n", per_hour); - } - if (timestats_interval >= SECONDS_PER_MIN) - { - per_minute = (double)(istats.recv * SECONDS_PER_MIN) / (double)timestats_interval; - LogMessage(" per minute: %13.2f\n", per_minute); - } - LogMessage(" per second: %13.2f\n", per_sec); - LogMessage(" Packets dropped: " FMTu64("13") "\n", istats.drop); - LogMessage("\n"); - LogMessage("Packet Breakdown by Protocol (includes rebuilt packets):\n"); - - LogMessage(" TCP: " FMTu64("10") " (%.3f%%)\n", - istats.tcp, CalcPct(istats.tcp, total)); - LogMessage(" UDP: " FMTu64("10") " (%.3f%%)\n", - istats.udp, CalcPct(istats.udp, total)); - LogMessage(" ICMP: " FMTu64("10") " (%.3f%%)\n", - istats.icmp, CalcPct(istats.icmp, total)); - LogMessage(" ARP: " FMTu64("10") " (%.3f%%)\n", - istats.arp, CalcPct(istats.arp, total)); -#ifndef NO_NON_ETHER_DECODER - LogMessage(" EAPOL: " FMTu64("10") " (%.3f%%)\n", - istats.eapol, CalcPct(istats.eapol, total)); -#endif - LogMessage(" IPv6: " FMTu64("10") " (%.3f%%)\n", - istats.ipv6, CalcPct(istats.ipv6, total)); - LogMessage(" ETHLOOP: " FMTu64("10") " (%.3f%%)\n", - istats.ethloopback, CalcPct(istats.ethloopback, total)); - LogMessage(" IPX: " FMTu64("10") " (%.3f%%)\n", - istats.ipx, CalcPct(istats.ipx, total)); - -#ifdef GRE - LogMessage(" IP4/IP4: " FMTu64("-10") " (%.3f%%)\n", - istats.ip4ip4, CalcPct(istats.ip4ip4, total)); - LogMessage(" IP4/IP6: " FMTu64("-10") " (%.3f%%)\n", - istats.ip4ip6, CalcPct(istats.ip4ip6, total)); - LogMessage(" IP6/IP4: " FMTu64("-10") " (%.3f%%)\n", - istats.ip6ip4, CalcPct(istats.ip6ip4, total)); - LogMessage(" IP6/IP6: " FMTu64("-10") " (%.3f%%)\n", - istats.ip6ip6, CalcPct(istats.ip6ip6, total)); - LogMessage(" GRE: " FMTu64("10") " (%.3f%%)\n", - istats.gre, CalcPct(istats.gre, total)); - LogMessage(" GRE ETH: " FMTu64("-10") " (%.3f%%)\n", - istats.gre_eth, CalcPct(istats.gre_eth, total)); - LogMessage("GRE VLAN: " FMTu64("-10") " (%.3f%%)\n", - istats.gre_vlan, CalcPct(istats.gre_vlan, total)); - LogMessage(" GRE IP: " FMTu64("-10") " (%.3f%%)\n", - istats.gre_ip, CalcPct(istats.gre_ip, total)); - LogMessage("GRE IPv6: " FMTu64("-10") " (%.3f%%)\n", - istats.gre_ipv6, CalcPct(istats.gre_ipv6, total)); - LogMessage("GRE PPTP: " FMTu64("-10") " (%.3f%%)\n", - istats.gre_ppp, CalcPct(istats.gre_ppp, total)); - LogMessage(" GRE ARP: " FMTu64("-10") " (%.3f%%)\n", - istats.gre_arp, CalcPct(istats.gre_arp, total)); - LogMessage(" GRE IPX: " FMTu64("-10") " (%.3f%%)\n", - istats.gre_ipx, CalcPct(istats.gre_ipx, total)); - LogMessage("GRE LOOP: " FMTu64("-10") " (%.3f%%)\n", - istats.gre_loopback, CalcPct(istats.gre_loopback, total)); -#endif - - LogMessage(" FRAG: " FMTu64("10") " (%.3f%%)\n", - istats.frags, CalcPct(istats.frags, total)); - LogMessage(" OTHER: " FMTu64("10") " (%.3f%%)\n", - istats.other, CalcPct(istats.other, total)); - LogMessage(" DISCARD: " FMTu64("10") " (%.3f%%)\n", - istats.discards, CalcPct(istats.discards, total)); - LogMessage(" Total: " FMTu64("10") "\n", total); - - LogMessage("\n"); - - - /* handle case where wireless is enabled... */ - -#ifndef NO_NON_ETHER_DECODER -#ifdef DLT_IEEE802_11 - if (datalink == DLT_IEEE802_11) - { - LogMessage("\n"); - LogMessage("Wireless Stats:\n\n"); - LogMessage("Management Packets: " FMTu64("10") " (%.3f%%)\n", - istats.wifi_mgmt, CalcPct(istats.wifi_mgmt, total)); - LogMessage(" Control Packets: " FMTu64("10") " (%.3f%%)\n", - istats.wifi_control, CalcPct(istats.wifi_control, total)); - LogMessage(" Data Packets: " FMTu64("10") " (%.3f%%)\n", - istats.wifi_data, CalcPct(istats.wifi_data, total)); - LogMessage("\n"); - } - -#endif /* if wireless is enabled... */ -#endif // NO_NON_ETHER_DECODER - - /* handle case where we have snort seeing fragmented packets */ - - if (pc.frags > 0) /* begin if (pc.frags > 0) */ - { - LogMessage("\n"); - LogMessage("Fragmentation Stats:\n\n"); - LogMessage("Fragmented IP Packets: " FMTu64("10") "\n", istats.frags); - LogMessage(" Fragment Trackers: " FMTu64("10") "\n", istats.frag_trackers); - LogMessage(" Rebuilt IP Packets: " FMTu64("10") "\n", istats.frag_rebuilt); - LogMessage(" Frag Elements Used: " FMTu64("10") "\n", istats.frag_element); - LogMessage("Discarded(incomplete): " FMTu64("10") "\n", istats.frag_incomp); - LogMessage(" Discarded(timeout): " FMTu64("10") "\n", istats.frag_timeout); - LogMessage(" Frag2 memory faults: " FMTu64("10") "\n", istats.frag_mem_faults); - LogMessage("\n"); - } /* end if (pc.frags > 0) */ - - /* handle TCP stream re-assy stuff here */ - - if (pc.tcp_stream_pkts > 0) - { - LogMessage("\n"); - LogMessage("TCP Stream Reassembly Stats:\n\n"); - LogMessage(" TCP Packets Used: " FMTu64("10") "\n", istats.tcp_str_packets); - LogMessage(" Stream Trackers: " FMTu64("10") "\n", istats.tcp_str_trackers); - LogMessage(" Stream Flushes: " FMTu64("10") "\n", istats.tcp_str_flushes); - LogMessage(" Stream Segments Used: " FMTu64("10") "\n", istats.tcp_str_segs_used); - LogMessage("Stream Segments Queued: " FMTu64("10") "\n", istats.tcp_str_segs_queued); - LogMessage(" Stream4 Memory Faults: " FMTu64("10") "\n", istats.tcp_str_mem_faults); - LogMessage("\n"); - } - - //mpse_print_qinfo(); - - } /* end if pcap_stats(ps, &ps) */ - - alarm(timestats_interval); /* reset the alarm to go off again */ -} - -/* print out stats on how long snort ran */ -void TimeStats(void) -{ - -/* - * variable definitions for improved statistics handling - * - * end_time = time which snort finished running (unix epoch) - * total_secs = total amount of time snort ran - * int_total_secs = used to eliminate casts from this function (temp. var) - * days = number of days snort ran - * hrs = number of hrs snort ran - * mins = number of minutes snort ran - * secs = number of seconds snort ran - * - * ival = temp. variable for integer/modulus math - * ppd = packets per day processed - * pph = packets per hour processed - * ppm = packets per minute processed - * pps = packets per second processed - * - * hflag = used to flag when hrs = zero, but days > 0 - * mflag = used to flag when min = zero, but hrs > 0 - * - */ - - time_t end_time, total_secs; - uint32_t days = 0, hrs = 0, mins = 0, secs = 0, tmp = 0; - uint64_t pps = 0, ppm = 0, pph = 0, ppd = 0; - uint32_t int_total_secs = 0; - char hflag = 0, mflag = 0; - - - end_time = time(NULL); /* grab epoch for end time value (in seconds) */ - total_secs = end_time - start_time; /* total_secs is how many seconds snort ran for */ - - tmp = (uint32_t)total_secs; - int_total_secs = tmp; /* used for cast elimination */ - - days = tmp / SECONDS_PER_DAY; /* 86400 is number of seconds in a day */ - tmp = tmp % SECONDS_PER_DAY; /* grab remainder to process hours */ - hrs = tmp / SECONDS_PER_HOUR; /* 3600 is number of seconds in a(n) hour */ - tmp = tmp % SECONDS_PER_HOUR; /* grab remainder to process minutes */ - mins = tmp / SECONDS_PER_MIN; /* 60 is number of seconds in a minute */ - secs = tmp % SECONDS_PER_MIN; /* grab remainder to process seconds */ - - if (total_secs) - pps = (pc.total_from_pcap / int_total_secs); - else - pps = pc.total_from_pcap; /* guard against division by zero */ - - /* Use ErrorMessage because this is logged whether - * or not logging quietly */ - ErrorMessage("Snort ran for %u Days %u Hours %u Minutes %u Seconds\n", - days, hrs, mins, secs); - - if (days > 0) - { - ppd = (pc.total_from_pcap / (int_total_secs / SECONDS_PER_DAY)); - ErrorMessage("Snort Analyzed " STDu64 " Packets Per Day\n", ppd); - hflag = 1; - } - - if (hrs > 0 || hflag == 1) - { - pph = (pc.total_from_pcap / (int_total_secs / SECONDS_PER_HOUR)); - ErrorMessage("Snort Analyzed " STDu64 " Packets Per Hour\n", pph); - mflag = 1; - } - - if (mins > 0 || mflag == 1) - { - ppm = (pc.total_from_pcap / (int_total_secs / SECONDS_PER_MIN)); - ErrorMessage("Snort Analyzed " STDu64 " Packets Per Minute\n", ppm); - } - - ErrorMessage("Snort Analyzed " STDu64 " Packets Per Second\n", pps); - ErrorMessage("\n"); -} -#endif /* TIMESTATS */ - - -#ifdef PCAP_CLOSE -int UpdatePcapPktStats(int cacheReturn) -#else -int UpdatePcapPktStats(void) -#endif -{ - struct pcap_stat ps; - uint32_t recv, drop; - static char not_initialized = 1; - -#ifdef PCAP_CLOSE - static int priorReturn = 0; - static int returnWasCached = 0; - - if ( !cacheReturn && returnWasCached ) - { - returnWasCached = 0; - return priorReturn; - } - priorReturn = -1; - returnWasCached = cacheReturn; -#endif - - if (not_initialized) - { - memset(&pkt_stats, 0, sizeof(PcapPktStats)); - not_initialized = 0; - } - - if ((pcap_handle == NULL) || ScReadMode()) - return -1; - - if (pcap_stats(pcap_handle, &ps) == -1) - { - pcap_perror(pcap_handle, "pcap_stats"); - return -1; - } - - recv = (uint32_t)ps.ps_recv; - drop = (uint32_t)ps.ps_drop; - -#ifdef LINUX_LIBPCAP_DOUBLES_STATS - recv /= 2; - drop /= 2; -#endif - -#ifdef LIBPCAP_ACCUMULATES - /* pcap recv wrapped */ - if (recv < pkt_stats.wrap_recv) - pkt_stats.recv += (uint64_t)UINT32_MAX; - - /* pcap drop wrapped */ - if (drop < pkt_stats.wrap_drop) - pkt_stats.drop += (uint64_t)UINT32_MAX; - - pkt_stats.wrap_recv = recv; - pkt_stats.wrap_drop = drop; -#else - pkt_stats.recv += (uint64_t)recv; - pkt_stats.drop += (uint64_t)drop; -#endif /* LIBPCAP_ACCUMULATES */ - -#ifdef PCAP_CLOSE - priorReturn = 0; -#endif - return 0; -} - -uint64_t GetPcapPktStatsRecv(void) -{ - return pkt_stats.recv + (uint64_t)pkt_stats.wrap_recv; -} - -uint64_t GetPcapPktStatsDrop(void) -{ - return pkt_stats.drop + (uint64_t)pkt_stats.wrap_drop; -} - - -#ifdef PCAP_CLOSE -/* exiting should be 0 for if not exiting, 1 if restarting, and 2 if exiting */ -#else -/* exiting should be 0 for if not exiting and 1 if exiting */ -#endif -void DropStats(int exiting) -{ - PreprocStatsFuncNode *idx; - uint64_t total = 0; - uint64_t pkts_recv; - uint64_t pkts_drop; - - total = pc.total_processed; - -#ifdef PPM_MGR - PPM_PRINT_SUMMARY(&snort_conf->ppm_cfg); -#endif - - LogMessage("================================================" - "===============================\n"); - -#ifdef TIMESTATS - TimeStats(); /* how long did snort run? */ -#endif - - if (ScReadMode() -#ifdef GIDS - || ScAdapterInlineMode() -#endif - ) - { - LogMessage("Snort processed " STDu64 " packets.\n", total); - } - else - { -#ifdef PCAP_CLOSE - if (exiting < 2 && (pcap_handle == NULL)) -#else - if (pcap_handle == NULL) -#endif - { - LogMessage("Snort received 0 packets\n"); - } - else - { -#ifdef PCAP_CLOSE - if (UpdatePcapPktStats(0) != -1) -#else - if (UpdatePcapPktStats() != -1) -#endif - { - pkts_recv = GetPcapPktStatsRecv(); - pkts_drop = GetPcapPktStatsDrop(); - - LogMessage("Packet Wire Totals:\n"); - LogMessage(" Received: " FMTu64("12") "\n", pkts_recv); - LogMessage(" Analyzed: " FMTu64("12") " (%.3f%%)\n", pc.total_from_pcap, - CalcPct(pc.total_from_pcap, pkts_recv)); - LogMessage(" Dropped: " FMTu64("12") " (%.3f%%)\n", pkts_drop, - CalcPct(pkts_drop, pkts_recv)); - LogMessage("Outstanding: " FMTu64("12") " (%.3f%%)\n", - pkts_recv - pkts_drop - pc.total_from_pcap, - CalcPct((pkts_recv - pkts_drop - pc.total_from_pcap), pkts_recv)); - } - else - { - LogMessage("Unable to calculate percentages for stats\n"); - LogMessage("Total number of packets Analyzed: " FMTu64("12") "\n", pc.total_from_pcap); - } - } - } - - LogMessage("================================================" - "===============================\n"); - - LogMessage("Breakdown by protocol (includes rebuilt packets):\n"); - - LogMessage(" ETH: " FMTu64("-10") " (%.3f%%)\n", - pc.eth, CalcPct(pc.eth, total)); - LogMessage(" ETHdisc: " FMTu64("-10") " (%.3f%%)\n", - pc.ethdisc, CalcPct(pc.ethdisc, total)); -#ifdef GIDS -#ifndef IPFW - LogMessage(" IPTables: " FMTu64("-10") " (%.3f%%)\n", - pc.iptables, CalcPct(pc.iptables, total)); -#else - LogMessage(" IPFW: " FMTu64("-10") " (%.3f%%)\n", - pc.ipfw, CalcPct(pc.ipfw, total)); -#endif /* IPFW */ -#endif /* GIDS */ - LogMessage(" VLAN: " FMTu64("-10") " (%.3f%%)\n", - pc.vlan, CalcPct(pc.vlan, total)); - - if (pc.nested_vlan != 0) - LogMessage("Nested VLAN: " FMTu64("-10") " (%.3f%%)\n", - pc.nested_vlan, CalcPct(pc.nested_vlan, total)); - - LogMessage(" IPV6: " FMTu64("-10") " (%.3f%%)\n", - pc.ipv6, CalcPct(pc.ipv6, total)); - LogMessage(" IP6 EXT: " FMTu64("-10") " (%.3f%%)\n", - pc.ip6ext, CalcPct(pc.ip6ext, total)); - LogMessage(" IP6opts: " FMTu64("-10") " (%.3f%%)\n", - pc.ipv6opts, CalcPct(pc.ipv6opts, total)); - LogMessage(" IP6disc: " FMTu64("-10") " (%.3f%%)\n", - pc.ipv6disc, CalcPct(pc.ipv6disc, total)); - - LogMessage(" IP4: " FMTu64("-10") " (%.3f%%)\n", - pc.ip, CalcPct(pc.ip, total)); - LogMessage(" IP4disc: " FMTu64("-10") " (%.3f%%)\n", - pc.ipdisc, CalcPct(pc.ipdisc, total)); - - LogMessage(" TCP 6: " FMTu64("-10") " (%.3f%%)\n", - pc.tcp6, CalcPct(pc.tcp6, total)); - LogMessage(" UDP 6: " FMTu64("-10") " (%.3f%%)\n", - pc.udp6, CalcPct(pc.udp6, total)); - LogMessage(" ICMP6: " FMTu64("-10") " (%.3f%%)\n", - pc.icmp6, CalcPct(pc.icmp6, total)); - LogMessage(" ICMP-IP: " FMTu64("-10") " (%.3f%%)\n", - pc.embdip, CalcPct(pc.embdip, total)); - - LogMessage(" TCP: " FMTu64("-10") " (%.3f%%)\n", - pc.tcp, CalcPct(pc.tcp, total)); - LogMessage(" UDP: " FMTu64("-10") " (%.3f%%)\n", - pc.udp, CalcPct(pc.udp, total)); - LogMessage(" ICMP: " FMTu64("-10") " (%.3f%%)\n", - pc.icmp, CalcPct(pc.icmp, total)); - - LogMessage(" TCPdisc: " FMTu64("-10") " (%.3f%%)\n", - pc.tdisc, CalcPct(pc.tdisc, total)); - LogMessage(" UDPdisc: " FMTu64("-10") " (%.3f%%)\n", - pc.udisc, CalcPct(pc.udisc, total)); - LogMessage(" ICMPdis: " FMTu64("-10") " (%.3f%%)\n", - pc.icmpdisc, CalcPct(pc.icmpdisc, total)); - - LogMessage(" FRAG: " FMTu64("-10") " (%.3f%%)\n", - pc.frags, CalcPct(pc.frags, total)); - LogMessage(" FRAG 6: " FMTu64("-10") " (%.3f%%)\n", - pc.frag6, CalcPct(pc.frag6, total)); - - LogMessage(" ARP: " FMTu64("-10") " (%.3f%%)\n", - pc.arp, CalcPct(pc.arp, total)); -#ifndef NO_NON_ETHER_DECODER - LogMessage(" EAPOL: " FMTu64("-10") " (%.3f%%)\n", - pc.eapol, CalcPct(pc.eapol, total)); -#endif - LogMessage(" ETHLOOP: " FMTu64("-10") " (%.3f%%)\n", - pc.ethloopback, CalcPct(pc.ethloopback, total)); - LogMessage(" IPX: " FMTu64("-10") " (%.3f%%)\n", - pc.ipx, CalcPct(pc.ipx, total)); -#ifdef GRE - LogMessage("IPv4/IPv4: " FMTu64("-10") " (%.3f%%)\n", - pc.ip4ip4, CalcPct(pc.ip4ip4, total)); - LogMessage("IPv4/IPv6: " FMTu64("-10") " (%.3f%%)\n", - pc.ip4ip6, CalcPct(pc.ip4ip6, total)); - LogMessage("IPv6/IPv4: " FMTu64("-10") " (%.3f%%)\n", - pc.ip6ip4, CalcPct(pc.ip6ip4, total)); - LogMessage("IPv6/IPv6: " FMTu64("-10") " (%.3f%%)\n", - pc.ip6ip6, CalcPct(pc.ip6ip6, total)); - LogMessage(" GRE: " FMTu64("-10") " (%.3f%%)\n", - pc.gre, CalcPct(pc.gre, total)); - LogMessage(" GRE ETH: " FMTu64("-10") " (%.3f%%)\n", - pc.gre_eth, CalcPct(pc.gre_eth, total)); - LogMessage(" GRE VLAN: " FMTu64("-10") " (%.3f%%)\n", - pc.gre_vlan, CalcPct(pc.gre_vlan, total)); - LogMessage(" GRE IPv4: " FMTu64("-10") " (%.3f%%)\n", - pc.gre_ip, CalcPct(pc.gre_ip, total)); - LogMessage(" GRE IPv6: " FMTu64("-10") " (%.3f%%)\n", - pc.gre_ipv6, CalcPct(pc.gre_ipv6, total)); - LogMessage("GRE IP6 E: " FMTu64("-10") " (%.3f%%)\n", - pc.gre_ipv6ext, CalcPct(pc.gre_ipv6ext, total)); - LogMessage(" GRE PPTP: " FMTu64("-10") " (%.3f%%)\n", - pc.gre_ppp, CalcPct(pc.gre_ppp, total)); - LogMessage(" GRE ARP: " FMTu64("-10") " (%.3f%%)\n", - pc.gre_arp, CalcPct(pc.gre_arp, total)); - LogMessage(" GRE IPX: " FMTu64("-10") " (%.3f%%)\n", - pc.gre_ipx, CalcPct(pc.gre_ipx, total)); - LogMessage(" GRE LOOP: " FMTu64("-10") " (%.3f%%)\n", - pc.gre_loopback, CalcPct(pc.gre_loopback, total)); -#endif /* GRE */ -#ifdef MPLS - LogMessage(" MPLS: " FMTu64("-10") " (%.3f%%)\n", - pc.mpls, CalcPct(pc.mpls, total)); -#endif - LogMessage(" OTHER: " FMTu64("-10") " (%.3f%%)\n", - pc.other, CalcPct(pc.other, total)); - LogMessage(" DISCARD: " FMTu64("-10") " (%.3f%%)\n", - pc.discards, CalcPct(pc.discards, total)); - LogMessage("InvChkSum: " FMTu64("-10") " (%.3f%%)\n", - pc.invalid_checksums, CalcPct(pc.invalid_checksums, total)); - - LogMessage(" S5 G 1: " FMTu64("-10") " (%.3f%%)\n", - pc.s5tcp1, CalcPct(pc.s5tcp1, total)); - LogMessage(" S5 G 2: " FMTu64("-10") " (%.3f%%)\n", - pc.s5tcp2, CalcPct(pc.s5tcp2, total)); - - LogMessage(" Total: " FMTu64("-10") "\n", total); - - LogMessage("================================================" - "===============================\n"); - - LogMessage("Action Stats:\n"); - LogMessage("ALERTS: " STDu64 "\n", pc.alert_pkts); - LogMessage("LOGGED: " STDu64 "\n", pc.log_pkts); - LogMessage("PASSED: " STDu64 "\n", pc.pass_pkts); - -#ifdef TARGET_BASED - if (ScIdsMode() && IsAdaptiveConfigured(getDefaultPolicy(), 0)) - { - LogMessage("================================================" - "===============================\n"); - LogMessage("Attribute Table Stats:\n"); - LogMessage(" Number Entries: %u\n", SFAT_NumberOfHosts()); - LogMessage(" Table Reloaded: " STDu64 "\n", pc.attribute_table_reloads); - } -#endif /* TARGET_BASED */ - - //mpse_print_qinfo(); - -#ifndef NO_NON_ETHER_DECODER -#ifdef DLT_IEEE802_11 - if(datalink == DLT_IEEE802_11) - { - LogMessage("================================================" - "===============================\n"); - LogMessage("Wireless Stats:\n"); - LogMessage("Breakdown by type:\n"); - LogMessage(" Management Packets: " FMTu64("-10") " (%.3f%%)\n", - pc.wifi_mgmt, CalcPct(pc.wifi_mgmt, total)); - LogMessage(" Control Packets: " FMTu64("-10") " (%.3f%%)\n", - pc.wifi_control, CalcPct(pc.wifi_control, total)); - LogMessage(" Data Packets: " FMTu64("-10") " (%.3f%%)\n", - pc.wifi_data, CalcPct(pc.wifi_data, total)); - } -#endif /* DLT_IEEE802_11 */ -#endif // NO_NON_ETHER_DECODER - - for (idx = preproc_stats_funcs; idx != NULL; idx = idx->next) - { - LogMessage("==============================================" - "=================================\n"); - -#ifdef PCAP_CLOSE - idx->func(exiting ? 1 : 0); -#else - idx->func(exiting); -#endif - } - - LogMessage("==============================================" - "=================================\n"); - - return; -} - -/**************************************************************************** - * - * Function: CleanupProtoNames() - * - * Purpose: Frees the protocol names - * - * Arguments: None. - * - * Returns: void function - * - ****************************************************************************/ -void CleanupProtoNames(void) -{ - int i; - - for(i = 0; i < 256; i++) - { - if( protocol_names[i] != NULL ) - { - free( protocol_names[i] ); - protocol_names[i] = NULL; - } - } -} - -/**************************************************************************** - * - * Function: read_infile(char *) - * - * Purpose: Reads the BPF filters in from a file. Ripped from tcpdump. - * - * Arguments: fname => the name of the file containing the BPF filters - * - * Returns: the processed BPF string - * - ****************************************************************************/ -char *read_infile(char *fname) -{ - register int fd, cc; - register char *cp, *cmt; - struct stat buf; - - fd = open(fname, O_RDONLY); - - if(fd < 0) - FatalError("can't open %s: %s\n", fname, pcap_strerror(errno)); - - if(fstat(fd, &buf) < 0) - FatalError("can't stat %s: %s\n", fname, pcap_strerror(errno)); - - cp = (char *)SnortAlloc(((u_int)buf.st_size + 1) * sizeof(char)); - - cc = read(fd, cp, (int) buf.st_size); - - if(cc < 0) - FatalError("read %s: %s\n", fname, pcap_strerror(errno)); - - if(cc != buf.st_size) - FatalError("short read %s (%d != %d)\n", fname, cc, (int) buf.st_size); - - cp[(int) buf.st_size] = '\0'; - - close(fd); - - /* Treat everything upto the end of the line as a space - * so that we can put comments in our BPF filters - */ - - while((cmt = strchr(cp, '#')) != NULL) - { - while (*cmt != '\r' && *cmt != '\n' && *cmt != '\0') - { - *cmt++ = ' '; - } - } - - /** LogMessage("BPF filter file: %s\n", fname); **/ - - return(cp); -} - - - /**************************************************************************** - * - * Function: CheckLogDir() - * - * Purpose: CyberPsychotic sez: basically we only check if logdir exist and - * writable, since it might screw the whole thing in the middle. Any - * other checks could be performed here as well. - * - * Arguments: None. - * - * Returns: void function - * - ****************************************************************************/ -void CheckLogDir(void) -{ - struct stat st; - - if (snort_conf->log_dir == NULL) - return; - - if (stat(snort_conf->log_dir, &st) == -1) - FatalError("Stat check on log dir failed: %s.\n", strerror(errno)); - - if (!S_ISDIR(st.st_mode) || (access(snort_conf->log_dir, W_OK) == -1)) - { - FatalError("Can not get write access to logging directory \"%s\". " - "(directory doesn't exist or permissions are set incorrectly " - "or it is not a directory at all)\n", - snort_conf->log_dir); - } -} - -/* Signal handler for child process signaling the parent - * that is is ready */ -static int parent_wait = 1; -static void SigChildReadyHandler(int signal) -{ -#ifdef DEBUG - LogMessage("Received Signal from Child\n"); -#endif - parent_wait = 0; -} - -/**************************************************************************** - * - * Function: GoDaemon() - * - * Purpose: Puts the program into daemon mode, nice and quiet like.... - * - * Arguments: None. - * - * Returns: void function - * - ****************************************************************************/ -void GoDaemon(void) -{ -#ifndef WIN32 - int exit_val = 0; - pid_t fs; - - LogMessage("Initializing daemon mode\n"); - - if (ScDaemonRestart()) - return; - - /* Don't daemonize if we've already daemonized and - * received a SIGHUP. */ - if(getppid() != 1) - { - /* Register signal handler that parent can trap signal */ - signal(SIGNAL_SNORT_CHILD_READY, SigChildReadyHandler); - if (errno != 0) errno=0; - - /* now fork the child */ - fs = fork(); - - if(fs > 0) - { - /* Parent */ - - /* Don't exit quite yet. Wait for the child - * to signal that is there and created the PID - * file. - */ - while (parent_wait) - { - /* Continue waiting until receiving signal from child */ - int status; - if (waitpid(fs, &status, WNOHANG) == fs) - { - /* If the child is gone, parent should go away, too */ - if (WIFEXITED(status)) - { - LogMessage("Child exited unexpectedly\n"); - exit_val = -1; - break; - } - - if (WIFSIGNALED(status)) - { - LogMessage("Child terminated unexpectedly\n"); - exit_val = -2; - break; - } - } -#ifdef DEBUG - LogMessage("Parent waiting for child...\n"); -#endif - - sleep(1); - } - - LogMessage("Daemon parent exiting\n"); - - exit(exit_val); /* parent */ - } - - if(fs < 0) - { - /* Daemonizing failed... */ - perror("fork"); - exit(1); - } - - /* Child */ - setsid(); - } - - close(0); - close(1); - close(2); - -#ifdef DEBUG - /* redirect stdin/stdout/stderr to a file */ - open("/tmp/snort.debug", O_CREAT | O_RDWR); /* stdin, fd 0 */ - - /* Change ownership to that which we will drop privileges to */ - if ((snort_conf->user_id != -1) || (snort_conf->group_id != -1)) - { - uid_t user_id = getuid(); - gid_t group_id = getgid(); - - if (snort_conf->user_id != -1) - user_id = snort_conf->user_id; - if (snort_conf->group_id != -1) - group_id = snort_conf->group_id; - - chown("/tmp/snort.debug", user_id, group_id); - } -#else - /* redirect stdin/stdout/stderr to /dev/null */ - (void)open("/dev/null", O_RDWR); /* stdin, fd 0 */ -#endif - - dup(0); /* stdout, fd 0 => fd 1 */ - dup(0); /* stderr, fd 0 => fd 2 */ - - SignalWaitingParent(); - -#endif /* ! WIN32 */ -} - -/* Signal the parent that child is ready */ -void SignalWaitingParent(void) -{ -#ifndef WIN32 - pid_t parentpid = getppid(); -#ifdef DEBUG - LogMessage("Signaling parent %d from child %d\n", parentpid, getpid()); -#endif - - if (kill(parentpid, SIGNAL_SNORT_CHILD_READY)) - { - LogMessage("Daemon initialized, failed to signal parent pid: %d, failure: %d, %s\n", parentpid, errno, strerror(errno)); - } - else - { - LogMessage("Daemon initialized, signaled parent pid: %d\n", parentpid); - } -#endif -} - -/* This function has been moved into mstring.c, since that -* is where the allocation actually occurs. It has been -* renamed to mSplitFree(). -* -void FreeToks(char **toks, int num_toks) -{ - if (toks) - { - if (num_toks > 0) - { - do - { - num_toks--; - free(toks[num_toks]); - } while(num_toks); - } - free(toks); - } -} -*/ - - -/* Self preserving memory allocator */ -void *SPAlloc(unsigned long size, struct _SPMemControl *spmc) -{ - void *tmp; - - spmc->mem_usage += size; - - if(spmc->mem_usage > spmc->memcap) - { - spmc->sp_func(spmc); - } - - tmp = (void *) calloc(size, sizeof(char)); - - if(tmp == NULL) - { - FatalError("Unable to allocate memory! (%lu requested, %lu in use)\n", - size, spmc->mem_usage); - } - - return tmp; -} - -/* Guaranteed to be '\0' terminated even if truncation occurs. - * - * returns SNORT_SNPRINTF_SUCCESS if successful - * returns SNORT_SNPRINTF_TRUNCATION on truncation - * returns SNORT_SNPRINTF_ERROR on error - */ -int SnortSnprintf(char *buf, size_t buf_size, const char *format, ...) -{ - va_list ap; - int ret; - - if (buf == NULL || buf_size <= 0 || format == NULL) - return SNORT_SNPRINTF_ERROR; - - /* zero first byte in case an error occurs with - * vsnprintf, so buffer is null terminated with - * zero length */ - buf[0] = '\0'; - buf[buf_size - 1] = '\0'; - - va_start(ap, format); - - ret = vsnprintf(buf, buf_size, format, ap); - - va_end(ap); - - if (ret < 0) - return SNORT_SNPRINTF_ERROR; - - if (buf[buf_size - 1] != '\0' || (size_t)ret >= buf_size) - { - /* result was truncated */ - buf[buf_size - 1] = '\0'; - return SNORT_SNPRINTF_TRUNCATION; - } - - return SNORT_SNPRINTF_SUCCESS; -} - -/* Appends to a given string - * Guaranteed to be '\0' terminated even if truncation occurs. - * - * returns SNORT_SNPRINTF_SUCCESS if successful - * returns SNORT_SNPRINTF_TRUNCATION on truncation - * returns SNORT_SNPRINTF_ERROR on error - */ -int SnortSnprintfAppend(char *buf, size_t buf_size, const char *format, ...) -{ - int str_len; - int ret; - va_list ap; - - if (buf == NULL || buf_size <= 0 || format == NULL) - return SNORT_SNPRINTF_ERROR; - - str_len = SnortStrnlen(buf, buf_size); - - /* since we've already checked buf and buf_size an error - * indicates no null termination, so just start at - * beginning of buffer */ - if (str_len == SNORT_STRNLEN_ERROR) - { - buf[0] = '\0'; - str_len = 0; - } - - buf[buf_size - 1] = '\0'; - - va_start(ap, format); - - ret = vsnprintf(buf + str_len, buf_size - (size_t)str_len, format, ap); - - va_end(ap); - - if (ret < 0) - return SNORT_SNPRINTF_ERROR; - - if (buf[buf_size - 1] != '\0' || (size_t)ret >= buf_size) - { - /* truncation occured */ - buf[buf_size - 1] = '\0'; - return SNORT_SNPRINTF_TRUNCATION; - } - - return SNORT_SNPRINTF_SUCCESS; -} - -/* Guaranteed to be '\0' terminated even if truncation occurs. - * - * Arguments: dst - the string to contain the copy - * src - the string to copy from - * dst_size - the size of the destination buffer - * including the null byte. - * - * returns SNORT_STRNCPY_SUCCESS if successful - * returns SNORT_STRNCPY_TRUNCATION on truncation - * returns SNORT_STRNCPY_ERROR on error - * - * Note: Do not set dst[0] = '\0' on error since it's possible that - * dst and src are the same pointer - it will at least be null - * terminated in any case - */ -int SnortStrncpy(char *dst, const char *src, size_t dst_size) -{ - char *ret = NULL; - - if (dst == NULL || src == NULL || dst_size <= 0) - return SNORT_STRNCPY_ERROR; - - dst[dst_size - 1] = '\0'; - - ret = strncpy(dst, src, dst_size); - - /* Not sure if this ever happens but might as - * well be on the safe side */ - if (ret == NULL) - return SNORT_STRNCPY_ERROR; - - if (dst[dst_size - 1] != '\0') - { - /* result was truncated */ - dst[dst_size - 1] = '\0'; - return SNORT_STRNCPY_TRUNCATION; - } - - return SNORT_STRNCPY_SUCCESS; -} - -char *SnortStrndup(const char *src, size_t dst_size) -{ - char *ret = SnortAlloc(dst_size + 1); - int ret_val; - - ret_val = SnortStrncpy(ret, src, dst_size + 1); - - if(ret_val == SNORT_STRNCPY_ERROR) - { - free(ret); - return NULL; - } - - return ret; -} - -/* Determines whether a buffer is '\0' terminated and returns the - * string length if so - * - * returns the string length if '\0' terminated - * returns SNORT_STRNLEN_ERROR if not '\0' terminated - */ -int SnortStrnlen(const char *buf, int buf_size) -{ - int i = 0; - - if (buf == NULL || buf_size <= 0) - return SNORT_STRNLEN_ERROR; - - for (i = 0; i < buf_size; i++) - { - if (buf[i] == '\0') - break; - } - - if (i == buf_size) - return SNORT_STRNLEN_ERROR; - - return i; -} - -char * SnortStrdup(const char *str) -{ - char *copy = NULL; - - if (!str) - { - FatalError("Unable to duplicate string: NULL!\n"); - } - - copy = strdup(str); - - if (copy == NULL) - { - FatalError("Unable to duplicate string: %s!\n", str); - } - - return copy; -} - -/* - * Find first occurrence of char of accept in s, limited by slen. - * A 'safe' version of strpbrk that won't read past end of buffer s - * in cases that s is not NULL terminated. - * - * This code assumes 'accept' is a static string. - */ -const char *SnortStrnPbrk(const char *s, int slen, const char *accept) -{ - char ch; - const char *s_end; - if (!s || !*s || !accept || slen == 0) - return NULL; - - s_end = s + slen; - while (s < s_end) - { - ch = *s; - if (strchr(accept, ch)) - return s; - s++; - } - return NULL; -} - -/* - * Find first occurrence of searchstr in s, limited by slen. - * A 'safe' version of strstr that won't read past end of buffer s - * in cases that s is not NULL terminated. - */ -const char *SnortStrnStr(const char *s, int slen, const char *searchstr) -{ - char ch, nc; - int len; - if (!s || !*s || !searchstr || slen == 0) - return NULL; - - if ((ch = *searchstr++) != 0) - { - len = strlen(searchstr); - do - { - do - { - if ((nc = *s++) == 0) - { - return NULL; - } - slen--; - if (slen == 0) - return NULL; - } while (nc != ch); - if (slen - len < 0) - return NULL; - } while (memcmp(s, searchstr, len) != 0); - s--; - slen++; - } - return s; -} - -/* - * Find first occurrence of substring in s, ignore case. -*/ -const char *SnortStrcasestr(const char *s, const char *substr) -{ - char ch, nc; - int len; - - if (!s || !*s || !substr) - return NULL; - - if ((ch = *substr++) != 0) - { - ch = tolower((char)ch); - len = strlen(substr); - do - { - do - { - if ((nc = *s++) == 0) - { - return NULL; - } - } while ((char)tolower((uint8_t)nc) != ch); - } while (strncasecmp(s, substr, len) != 0); - s--; - } - return s; -} - -void *SnortAlloc(unsigned long size) -{ - void *tmp; - - tmp = (void *) calloc(size, sizeof(char)); - - if(tmp == NULL) - { - FatalError("Unable to allocate memory! (%lu requested)\n", size); - } - - return tmp; -} - -void * SnortAlloc2(size_t size, const char *format, ...) -{ - void *tmp; - - tmp = (void *)calloc(size, sizeof(char)); - - if(tmp == NULL) - { - va_list ap; - char buf[STD_BUF]; - - buf[STD_BUF - 1] = '\0'; - - va_start(ap, format); - - vsnprintf(buf, STD_BUF - 1, format, ap); - - va_end(ap); - - FatalError("%s", buf); - } - - return tmp; -} - -/** - * Chroot and adjust the snort_conf->log_dir reference - * - * @param directory directory to chroot to - * @param logstore ptr to snort_conf->log_dir which must be dynamically allocated - */ -void SetChroot(char *directory, char **logstore) -{ -#ifdef WIN32 - FatalError("SetChroot() should not be called under Win32!\n"); -#else - char *absdir; - size_t abslen; - char *logdir; - - if(!directory || !logstore) - { - FatalError("Null parameter passed\n"); - } - - logdir = *logstore; - - if(logdir == NULL || *logdir == '\0') - { - FatalError("Null log directory\n"); - } - - DEBUG_WRAP(DebugMessage(DEBUG_INIT,"SetChroot: %s\n", - CurrentWorkingDir());); - - logdir = GetAbsolutePath(logdir); - - DEBUG_WRAP(DebugMessage(DEBUG_INIT, "SetChroot: %s\n", - CurrentWorkingDir())); - - logdir = SnortStrdup(logdir); - - /* We're going to reset logstore, so free it now */ - free(*logstore); - *logstore = NULL; - - /* change to the directory */ - if(chdir(directory) != 0) - { - FatalError("SetChroot: Can not chdir to \"%s\": %s\n", directory, - strerror(errno)); - } - - /* always returns an absolute pathname */ - absdir = CurrentWorkingDir(); - - if(absdir == NULL) - { - FatalError("NULL Chroot found\n"); - } - - abslen = strlen(absdir); - - DEBUG_WRAP(DebugMessage(DEBUG_INIT, "ABS: %s %d\n", absdir, abslen);); - - /* make the chroot call */ - if(chroot(absdir) < 0) - { - FatalError("Can not chroot to \"%s\": absolute: %s: %s\n", - directory, absdir, strerror(errno)); - } - - DEBUG_WRAP(DebugMessage(DEBUG_INIT,"chroot success (%s ->", absdir);); - DEBUG_WRAP(DebugMessage(DEBUG_INIT,"%s)\n ", CurrentWorkingDir());); - - /* change to "/" in the new directory */ - if(chdir("/") < 0) - { - FatalError("Can not chdir to \"/\" after chroot: %s\n", - strerror(errno)); - } - - DEBUG_WRAP(DebugMessage(DEBUG_INIT,"chdir success (%s)\n", - CurrentWorkingDir());); - - - if(strncmp(absdir, logdir, strlen(absdir))) - { - FatalError("Absdir is not a subset of the logdir"); - } - - if(abslen >= strlen(logdir)) - { - *logstore = SnortStrdup("/"); - } - else - { - *logstore = SnortStrdup(logdir + abslen); - } - - DEBUG_WRAP(DebugMessage(DEBUG_INIT,"new logdir from %s to %s\n", - logdir, *logstore)); - - LogMessage("Chroot directory = %s\n", directory); - -#if 0 - /* XXX XXX */ - /* install the I can't do this signal handler */ - signal(SIGHUP, SigCantHupHandler); -#endif -#endif /* !WIN32 */ -} - - -/** - * Return a ptr to the absolute pathname of snort. This memory must - * be copied to another region if you wish to save it for later use. - */ -char *CurrentWorkingDir(void) -{ - static char buf[PATH_MAX_UTIL + 1]; - - if(getcwd((char *) buf, PATH_MAX_UTIL) == NULL) - { - return NULL; - } - - buf[PATH_MAX_UTIL] = '\0'; - - return (char *) buf; -} - -/** - * Given a directory name, return a ptr to a static - */ -char *GetAbsolutePath(char *dir) -{ - char *savedir, *dirp; - static char buf[PATH_MAX_UTIL + 1]; - - if(dir == NULL) - { - return NULL; - } - - savedir = strdup(CurrentWorkingDir()); - - if(savedir == NULL) - { - return NULL; - } - - if(chdir(dir) < 0) - { - LogMessage("Can't change to directory: %s\n", dir); - free(savedir); - return NULL; - } - - dirp = CurrentWorkingDir(); - - if(dirp == NULL) - { - LogMessage("Unable to access current directory\n"); - free(savedir); - return NULL; - } - else - { - strncpy(buf, dirp, PATH_MAX_UTIL); - buf[PATH_MAX_UTIL] = '\0'; - } - - if(chdir(savedir) < 0) - { - LogMessage("Can't change back to directory: %s\n", dir); - free(savedir); - return NULL; - } - - free(savedir); - return (char *) buf; -} - - -#ifndef WIN32 -/* very slow sort - do not use at runtime! */ -SF_LIST * SortDirectory(const char *path) -{ - SF_LIST *dir_entries; - DIR *dir; - struct dirent *direntry; - int ret = 0; - - if (path == NULL) - return NULL; - - dir_entries = sflist_new(); - if (dir_entries == NULL) - { - ErrorMessage("Could not allocate new list for directory entries\n"); - return NULL; - } - - dir = opendir(path); - if (dir == NULL) - { - ErrorMessage("Error opening directory: %s: %s\n", - path, strerror(errno)); - sflist_free_all(dir_entries, free); - return NULL; - } - - /* Reset errno since we'll be checking it unconditionally */ - errno = 0; - - while ((direntry = readdir(dir)) != NULL) - { - char *node_entry_name, *dir_entry_name; - SF_LNODE *node; - - dir_entry_name = SnortStrdup(direntry->d_name); - - for (node = sflist_first_node(dir_entries); - node != NULL; - node = sflist_next_node(dir_entries)) - { - node_entry_name = (char *)node->ndata; - if (strcmp(dir_entry_name, node_entry_name) < 0) - break; - } - - if (node == NULL) - ret = sflist_add_tail(dir_entries, (NODE_DATA)dir_entry_name); - else - ret = sflist_add_before(dir_entries, node, (NODE_DATA)dir_entry_name); - - if (ret == -1) - { - ErrorMessage("Error adding directory entry to list\n"); - sflist_free_all(dir_entries, free); - closedir(dir); - return NULL; - } - } - - if (errno != 0) - { - ErrorMessage("Error reading directory: %s: %s\n", - path, strerror(errno)); - errno = 0; - sflist_free_all(dir_entries, free); - closedir(dir); - return NULL; - } - - closedir(dir); - - return dir_entries; -} - -int GetFilesUnderDir(const char *path, SF_QUEUE *dir_queue, const char *filter) -{ - SF_LIST *dir_entries; - char *direntry; - int ret = 0; - int num_files = 0; - - if ((path == NULL) || (dir_queue == NULL)) - return -1; - - dir_entries = SortDirectory(path); - if (dir_entries == NULL) - { - ErrorMessage("Error sorting entries in directory: %s\n", path); - return -1; - } - - for (direntry = (char *)sflist_first(dir_entries); - direntry != NULL; - direntry = (char *)sflist_next(dir_entries)) - { - char path_buf[PATH_MAX]; - struct stat file_stat; - - /* Don't look at dot files */ - if (strncmp(".", direntry, 1) == 0) - continue; - - ret = SnortSnprintf(path_buf, PATH_MAX, "%s%s%s", - path, path[strlen(path) - 1] == '/' ? "" : "/", direntry); - if (ret == SNORT_SNPRINTF_TRUNCATION) - { - ErrorMessage("Error copying file to buffer: Path too long\n"); - sflist_free_all(dir_entries, free); - return -1; - } - else if (ret != SNORT_SNPRINTF_SUCCESS) - { - ErrorMessage("Error copying file to buffer\n"); - sflist_free_all(dir_entries, free); - return -1; - } - - ret = stat(path_buf, &file_stat); - if (ret == -1) - { - ErrorMessage("Could not stat file: %s: %s\n", - path_buf, strerror(errno)); - sflist_free_all(dir_entries, free); - return -1; - } - - if (file_stat.st_mode & S_IFDIR) - { - ret = GetFilesUnderDir(path_buf, dir_queue, filter); - if (ret == -1) - { - sflist_free_all(dir_entries, free); - return -1; - } - - num_files += ret; - } - else if (file_stat.st_mode & S_IFREG) - { - if ((filter == NULL) || (fnmatch(filter, direntry, 0) == 0)) - { - char *file = SnortStrdup(path_buf); - - ret = sfqueue_add(dir_queue, (NODE_DATA)file); - if (ret == -1) - { - ErrorMessage("Could not append item to list: %s\n", file); - free(file); - sflist_free_all(dir_entries, free); - return -1; - } - - num_files++; - } - } - } - - sflist_free_all(dir_entries, free); - - return num_files; -} -#endif - -/**************************************************************************** - * - * Function: GetUniqueName(char * iface) - * - * Purpose: To return a string that has a high probability of being unique - * for a given sensor. - * - * Arguments: char * iface - The network interface you are sniffing - * - * Returns: A char * -- its a static char * so you should not free it - * - ***************************************************************************/ -char *GetUniqueName(char * iface) -{ - char * rptr; - static char uniq_name[256]; - - if (iface == NULL) LogMessage("Interface is NULL. Name may not be unique for the host\n"); -#ifndef WIN32 - rptr = GetIP(iface); - if(rptr == NULL || !strcmp(rptr, "unknown")) -#endif - { - SnortSnprintf(uniq_name, 255, "%s:%s\n",GetHostname(),iface); - rptr = uniq_name; - } - if (ScLogVerbose()) LogMessage("Node unique name is: %s\n", rptr); - return rptr; -} - -/**************************************************************************** - * - * Function: GetIP(char * iface) - * - * Purpose: To return a string representing the IP address for an interface - * - * Arguments: char * iface - The network interface you want to find an IP - * address for. - * - * Returns: A char * -- make sure you call free on this when you are done - * with it. - * - ***************************************************************************/ -char *GetIP(char * iface) -{ - struct ifreq ifr; - struct sockaddr_in *addr; - int s; -#ifdef SUP_IP6 - sfip_t ret; -#endif - - if(iface) - { - /* Set up a dummy socket just so we can use ioctl to find the - ip address of the interface */ - s = socket(PF_INET, SOCK_DGRAM, 0); - if(s == -1) - { - FatalError("Problem establishing socket to find IP address for interface: %s\n", iface); - } - - SnortStrncpy(ifr.ifr_name, iface, strlen(iface) + 1); - -#ifndef WIN32 - if(ioctl(s, SIOCGIFADDR, &ifr) < 0) return NULL; - else -#endif - { - addr = (struct sockaddr_in *) &ifr.ifr_broadaddr; - } - close(s); - -#ifdef SUP_IP6 -// XXX-IPv6 uses ioctl to populate a sockaddr_in structure ... but what if the interface only has an IPv6 address? - sfip_set_raw(&ret, addr, AF_INET); - return SnortStrdup(sfip_ntoa(&ret)); -#else - return SnortStrdup(inet_ntoa(addr->sin_addr)); -#endif - } - else - { - return "unknown"; - } -} - -/**************************************************************************** - * - * Function: GetHostname() - * - * Purpose: To return a string representing the hostname - * - * Arguments: None - * - * Returns: A static char * representing the hostname. - * - ***************************************************************************/ -char *GetHostname(void) -{ -#ifdef WIN32 - DWORD bufflen = 256; - static char buff[256]; - GetComputerName(buff, &bufflen); - return buff; -#else - char * error = "unknown"; - if(getenv("HOSTNAME")) return getenv("HOSTNAME"); - else if(getenv("HOST")) return getenv("HOST"); - else return error; -#endif -} - -/**************************************************************************** - * - * Function: GetTimestamp(register const struct timeval *tvp, int tz) - * - * Purpose: Get an ISO-8601 formatted timestamp for tvp within the tz - * timezone. - * - * Arguments: tvp is a timeval pointer. tz is a timezone. - * - * Returns: char * -- You must free this char * when you are done with it. - * - ***************************************************************************/ -char *GetTimestamp(register const struct timeval *tvp, int tz) -{ - struct tm *lt; /* localtime */ - char * buf; - int msec; - - buf = (char *)SnortAlloc(SMALLBUFFER * sizeof(char)); - - msec = tvp->tv_usec / 1000; - - if (ScOutputUseUtc()) - { - lt = gmtime((time_t *)&tvp->tv_sec); - SnortSnprintf(buf, SMALLBUFFER, "%04i-%02i-%02i %02i:%02i:%02i.%03i", - 1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday, - lt->tm_hour, lt->tm_min, lt->tm_sec, msec); - } - else - { - lt = localtime((time_t *)&tvp->tv_sec); - SnortSnprintf(buf, SMALLBUFFER, - "%04i-%02i-%02i %02i:%02i:%02i.%03i+%03i", - 1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday, - lt->tm_hour, lt->tm_min, lt->tm_sec, msec, tz); - } - - return buf; -} - -/**************************************************************************** - * - * Function: GetLocalTimezone() - * - * Purpose: Find the offset from GMT for current host - * - * Arguments: none - * - * Returns: int representing the offset from GMT - * - ***************************************************************************/ -int GetLocalTimezone(void) -{ - time_t ut; - struct tm * ltm; - long seconds_away_from_utc; - - time(&ut); - ltm = localtime(&ut); - -#if defined(WIN32) || defined(SOLARIS) || defined(AIX) || defined(HPUX) - /* localtime() sets the global timezone variable, - which is defined in <time.h> */ - seconds_away_from_utc = timezone; -#else - seconds_away_from_utc = ltm->tm_gmtoff; -#endif - - return seconds_away_from_utc/3600; -} - -/**************************************************************************** - * - * Function: GetCurrentTimestamp() - * - * Purpose: Generate an ISO-8601 formatted timestamp for the current time. - * - * Arguments: none - * - * Returns: char * -- You must free this char * when you are done with it. - * - ***************************************************************************/ -char *GetCurrentTimestamp(void) -{ - struct tm *lt; - struct timezone tz; - struct timeval tv; - struct timeval *tvp; - char * buf; - int tzone; - int msec; - - buf = (char *)SnortAlloc(SMALLBUFFER * sizeof(char)); - - bzero((char *)&tz,sizeof(tz)); - gettimeofday(&tv,&tz); - tvp = &tv; - - msec = tvp->tv_usec/1000; - - if (ScOutputUseUtc()) - { - lt = gmtime((time_t *)&tvp->tv_sec); - SnortSnprintf(buf, SMALLBUFFER, "%04i-%02i-%02i %02i:%02i:%02i.%03i", - 1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday, - lt->tm_hour, lt->tm_min, lt->tm_sec, msec); - } - else - { - lt = localtime((time_t *)&tvp->tv_sec); - - tzone = GetLocalTimezone(); - - SnortSnprintf(buf, SMALLBUFFER, - "%04i-%02i-%02i %02i:%02i:%02i.%03i+%03i", - 1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday, - lt->tm_hour, lt->tm_min, lt->tm_sec, msec, tzone); - } - - return buf; -} - -/**************************************************************************** - * Function: base64(char * xdata, int length) - * - * Purpose: Insert data into the database - * - * Arguments: xdata => pointer to data to base64 encode - * length => how much data to encode - * - * Make sure you allocate memory for the output before you pass - * the output pointer into this function. You should allocate - * (1.5 * length) bytes to be safe. - * - * Returns: data base64 encoded as a char * - * - ***************************************************************************/ -char * base64(const u_char * xdata, int length) -{ - int count, cols, bits, c, char_count; - unsigned char alpha[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; /* 64 bytes */ - char * payloadptr; - char * output; - char_count = 0; - bits = 0; - cols = 0; - - output = (char *)SnortAlloc( ((unsigned int) (length * 1.5 + 4)) * sizeof(char) ); - - payloadptr = output; - - for(count = 0; count < length; count++) - { - c = xdata[count]; - - if(c > 255) - { - ErrorMessage("plugbase.c->base64(): encountered char > 255 (decimal %d)\n If you see this error message a char is more than one byte on your machine\n This means your base64 results can not be trusted", c); - } - - bits += c; - char_count++; - - if(char_count == 3) - { - *output = alpha[bits >> 18]; output++; - *output = alpha[(bits >> 12) & 0x3f]; output++; - *output = alpha[(bits >> 6) & 0x3f]; output++; - *output = alpha[bits & 0x3f]; output++; - cols += 4; - if(cols == 72) - { - *output = '\n'; output++; - cols = 0; - } - bits = 0; - char_count = 0; - } - else - { - bits <<= 8; - } - } - - if(char_count != 0) - { - bits <<= 16 - (8 * char_count); - *output = alpha[bits >> 18]; output++; - *output = alpha[(bits >> 12) & 0x3f]; output++; - if(char_count == 1) - { - *output = '='; output++; - *output = '='; output++; - } - else - { - *output = alpha[(bits >> 6) & 0x3f]; - output++; *output = '='; - output++; - } - } - *output = '\0'; - return payloadptr; -} - -/**************************************************************************** - * - * Function: ascii(u_char *xdata, int length) - * - * Purpose: This function takes takes a buffer "xdata" and its length then - * returns a string of only the printable ASCII characters. - * - * Arguments: xdata is the buffer, length is the length of the buffer in - * bytes - * - * Returns: char * -- You must free this char * when you are done with it. - * - ***************************************************************************/ -char *ascii(const u_char *xdata, int length) -{ - char *d_ptr, *ret_val; - int i,count = 0; - int size; - - if(xdata == NULL) - { - return NULL; - } - - for(i=0;i<length;i++) - { - if(xdata[i] == '<') - count+=4; /* < */ - else if(xdata[i] == '&') - count+=5; /* & */ - else if(xdata[i] == '>') /* > */ - count += 4; - } - - size = length + count + 1; - ret_val = (char *) calloc(1,size); - - if(ret_val == NULL) - { - LogMessage("plugbase.c: ascii(): Out of memory, can't log anything!\n"); - return NULL; - } - - d_ptr = ret_val; - - for(i=0;i<length;i++) - { - if((xdata[i] > 0x1F) && (xdata[i] < 0x7F)) - { - if(xdata[i] == '<') - { - SnortStrncpy(d_ptr, "<", size - (d_ptr - ret_val)); - d_ptr+=4; - } - else if(xdata[i] == '&') - { - SnortStrncpy(d_ptr, "&", size - (d_ptr - ret_val)); - d_ptr += 5; - } - else if(xdata[i] == '>') - { - SnortStrncpy(d_ptr, ">", size - (d_ptr - ret_val)); - d_ptr += 4; - } - else - { - *d_ptr++ = xdata[i]; - } - } - else - { - *d_ptr++ = '.'; - } - } - - *d_ptr++ = '\0'; - - return ret_val; -} - -/**************************************************************************** - * - * Function: hex(u_char *xdata, int length) - * - * Purpose: This function takes takes a buffer "xdata" and its length then - * returns a string of hex with no spaces - * - * Arguments: xdata is the buffer, length is the length of the buffer in - * bytes - * - * Returns: char * -- You must free this char * when you are done with it. - * - ***************************************************************************/ -char *hex(const u_char *xdata, int length) -{ - int x; - char *rval = NULL; - char *buf = NULL; - - if (xdata == NULL) - return NULL; - - buf = (char *)calloc((length * 2) + 1, sizeof(char)); - - if (buf != NULL) - { - rval = buf; - - for (x = 0; x < length; x++) - { - SnortSnprintf(buf, 3, "%02X", xdata[x]); - buf += 2; - } - - rval[length * 2] = '\0'; - } - - return rval; -} - - - -char *fasthex(const u_char *xdata, int length) -{ - char conv[] = "0123456789ABCDEF"; - char *retbuf = NULL; - const u_char *index; - const u_char *end; - char *ridx; - - index = xdata; - end = xdata + length; - retbuf = (char *)SnortAlloc(((length * 2) + 1) * sizeof(char)); - ridx = retbuf; - - while(index < end) - { - *ridx++ = conv[((*index & 0xFF)>>4)]; - *ridx++ = conv[((*index & 0xFF)&0x0F)]; - index++; - } - - return retbuf; -} - -/* - * Fatal Integer Parser - * Ascii to Integer conversion with fatal error support - */ -long int xatol(const char *s , const char *etext) -{ - long int val; - char *endptr; - char *default_error = "xatol() error\n"; - - if (etext == NULL) - etext = default_error; - - if (s == NULL) - FatalError("%s: String is NULL\n", etext); - - while (isspace((int)*s)) - s++; - - if (strlen(s) == 0) - FatalError("%s: String is empty\n", etext); - - - /* - * strtoul - errors on win32 : ERANGE (VS 6.0) - * errors on linux : ERANGE, EINVAL - * (for EINVAL, unsupported base which won't happen here) - */ - val = SnortStrtol(s, &endptr, 0); - - if ((errno == ERANGE) || (*endptr != '\0')) - FatalError("%s: Invalid integer input: %s\n", etext, s); - - return val; -} - -/* - * Fatal Integer Parser - * Ascii to Integer conversion with fatal error support - */ -unsigned long int xatou(const char *s , const char *etext) -{ - unsigned long int val; - char *endptr; - char *default_error = "xatou() error\n"; - - if (etext == NULL) - etext = default_error; - - if (s == NULL) - FatalError("%s: String is NULL\n", etext); - - while (isspace((int)*s)) - s++; - - if (strlen(s) == 0) - FatalError("%s: String is empty\n", etext); - - if (*s == '-') - { - FatalError("%s: Invalid unsigned integer - negative sign found, " - "input: %s\n", etext, s); - } - - - /* - * strtoul - errors on win32 : ERANGE (VS 6.0) - * errors on linux : ERANGE, EINVAL - */ - val = SnortStrtoul(s, &endptr, 0); - - if ((errno == ERANGE) || (*endptr != '\0')) - FatalError("%s: Invalid integer input: %s\n", etext, s); - - return val; -} - -unsigned long int xatoup(const char *s , const char *etext) -{ - unsigned long int val = xatou(s, etext); - if ( !val ) - FatalError("%s: must be > 0\n", etext); - return val; -} - -#ifndef SUP_IP6 -char * ObfuscateIpToText(const struct in_addr ip_addr) -#else -char * ObfuscateIpToText(sfip_t *ip) -#endif -{ - static char ip_buf1[INET6_ADDRSTRLEN]; - static char ip_buf2[INET6_ADDRSTRLEN]; - static int buf_num = 0; - int buf_size = INET6_ADDRSTRLEN; - char *ip_buf; -#ifndef SUP_IP6 - uint32_t ip = ip_addr.s_addr; -#endif - - if (buf_num) - ip_buf = ip_buf2; - else - ip_buf = ip_buf1; - - buf_num ^= 1; - ip_buf[0] = 0; - -#ifndef SUP_IP6 - if (ip == 0) - return ip_buf; - - if (snort_conf->obfuscation_net == 0) - { - /* Fully obfuscate - just use 'x' */ - SnortSnprintf(ip_buf, buf_size, "xxx.xxx.xxx.xxx"); - } - else - { - if (snort_conf->homenet != 0) - { - if ((ip & snort_conf->netmask) == snort_conf->homenet) - ip = snort_conf->obfuscation_net | (ip & snort_conf->obfuscation_mask); - } - else - { - ip = snort_conf->obfuscation_net | (ip & snort_conf->obfuscation_mask); - } - - SnortSnprintf(ip_buf, buf_size, "%s", inet_ntoa(*((struct in_addr *)&ip))); - } - -#else - if (ip == NULL) - return ip_buf; - - if (!IS_SET(snort_conf->obfuscation_net)) - { - if (IS_IP6(ip)) - SnortSnprintf(ip_buf, buf_size, "x:x:x:x::x:x:x:x"); - else - SnortSnprintf(ip_buf, buf_size, "xxx.xxx.xxx.xxx"); - } - else - { - sfip_t tmp; - char *tmp_buf; - - IP_COPY_VALUE(tmp, ip); - - if (IS_SET(snort_conf->homenet)) - { - if (sfip_contains(&snort_conf->homenet, &tmp) == SFIP_CONTAINS) - sfip_obfuscate(&snort_conf->obfuscation_net, &tmp); - } - else - { - sfip_obfuscate(&snort_conf->obfuscation_net, &tmp); - } - - tmp_buf = sfip_to_str(&tmp); - SnortSnprintf(ip_buf, buf_size, "%s", tmp_buf); - } -#endif - - return ip_buf; -} - -void PrintPacketData(const uint8_t *data, const uint32_t len) -{ - uint32_t i, j; - uint32_t total_len = 0; - uint8_t hex_buf[16]; - uint8_t char_buf[16]; - char *length_chars = " 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15\n" - "------------------------------------------------------\n"; - - LogMessage("%s", length_chars); - - for (i = 0; i <= len; i++) - { - if ((i%16 == 0) && (i != 0)) - { - LogMessage("%04x ", total_len); - total_len += 16; - - for (j = 0; j < 16; j++) - { - LogMessage("%02x ", hex_buf[j]); - if (j == 7) - LogMessage(" "); - } - - LogMessage(" "); - - for (j = 0; j < 16; j++) - { - LogMessage("%c", char_buf[j]); - if (j == 7) - LogMessage(" "); - } - - LogMessage("\n"); - } - - if (i == len) - break; - - hex_buf[i%16] = data[i]; - - if (isprint((int)data[i])) - char_buf[i%16] = data[i]; - else - char_buf[i%16] = '.'; - } - - if ((i-total_len) > 0) - { - LogMessage("%04x ", total_len); - - for (j = 0; j < i-total_len; j++) - { - LogMessage("%02x ", hex_buf[j]); - if (j == 7) - LogMessage(" "); - } - - if (j < 8) - LogMessage(" "); - LogMessage("%*s", (16-j)*3, ""); - LogMessage(" "); - - for (j = 0; j < i-total_len; j++) - { - LogMessage("%c", char_buf[j]); - if (j == 7) - LogMessage(" "); - } - } - - LogMessage("\n"); -} - diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.c b/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.c deleted file mode 100644 index 121920fc..00000000 --- a/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.c +++ /dev/null @@ -1,462 +0,0 @@ -/* -* -* Copyright (c) 2006 Antonio Benojar <zz.stalker@gmail.com> -* Copyright (c) 2005 Antonio Benojar <zz.stalker@gmail.com> -* -* Copyright (c) 2003, 2004 Armin Wolfermann: -* -* s2c_pf_block and s2c_pf_unblock functions are based -* in Armin's Wolfermann pftabled-1.03 functions. -* -* All rights reserved. -* -* Redistribution and use in source and binary forms, with or without -* modification, are permitted provided that the following conditions -* are met: -* -* 1. Redistributions of source code must retain the above copyright -* notice, this list of conditions and the following disclaimer. -* -* 2. Redistributions in binary form must reproduce the above copyright -* notice, this list of conditions and the following disclaimer in the -* documentation and/or other materials provided with the distribution. -* -* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR -* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - - -/* - TODO - - - num. max ips. - - ipwhitelisting structure - - best ip regex expr -*/ - - -#ifndef LIST_END -#define LIST_END(head) NULL -#endif - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include "event.h" -#include "decode.h" -#include "plugbase.h" -#include "spo_plugbase.h" -#include "debug.h" -#include "parser.h" -#include "util.h" -#include "log.h" -#include "mstring.h" - -#include "snort.h" - -#include "spo_pf.h" - -#ifdef HAVE_STRINGS_H -#include <strings.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <arpa/inet.h> -#include <errno.h> - -#include <sys/types.h> -#include <sys/ioctl.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/queue.h> -#include <ctype.h> -#include <fcntl.h> -#include <net/if.h> -#include <net/pfvar.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <err.h> -#include <unistd.h> -#include <regex.h> - -#define PFDEVICE "/dev/pf" - -typedef struct _SpoAlertPfData { - FILE *wlfile; - char *pftable; - int fd; - struct wlist_head head; -} SpoAlertPfData; - -void AlertPfInit(u_char *); -SpoAlertPfData *ParseAlertPfArgs(char *); -void AlertPf(Packet *, char *, void *, Event *); -void AlertPfCleanExit(int, void *); -void AlertPfRestart(int, void *); - -int s2c_pf_init(void); -int s2c_pf_block(int, char *, char *, int); -int s2c_pf_intbl(int, char *, int); - -int s2c_parse_line(char *, FILE*); -int s2c_parse_load_wl(FILE*, struct wlist_head*, int); -int s2c_parse_search_wl(char *, struct wlist_head); -int s2c_parse_free_wl(struct wlist_head*); -int s2c_parse_ip(char *, char *, int); - - -void AlertPfSetup(void) -{ - RegisterOutputPlugin("alert_pf", OUTPUT_TYPE_FLAG__ALERT, AlertPfInit); - - DEBUG_WRAP(DebugMessage(DEBUG_INIT,"Output plugin: AlertPf is setup...\n");); -} - -void AlertPfInit(u_char *args) -{ - SpoAlertPfData *data; - DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Output: AlertPf Initialized\n");); - - data = ParseAlertPfArgs(args); - - DEBUG_WRAP(DebugMessage(DEBUG_INIT,"Linking AlertPf functions to call lists...\n");); - - AddFuncToOutputList(AlertPf, OUTPUT_TYPE_FLAG__ALERT, data); - AddFuncToCleanExitList(AlertPfCleanExit, data); - AddFuncToRestartList(AlertPfRestart, data); -} - - -void AlertPf(Packet *p, char *msg, void *arg, Event *event) -{ - SpoAlertPfData *data = (SpoAlertPfData *)arg; - char *ip; - int ret; - - DEBUG_WRAP(DebugMessage(DEBUG_LOG, "spoink block'n!!\n");); - - ip = inet_ntoa(p->iph->ip_src); - - if (ip == NULL) - FatalError("AlertPf() => inet_ntoa() = NULL\n", strerror(errno)); - - ret = s2c_parse_search_wl(ip, data->head); - - if (ret == 0) - s2c_pf_block(data->fd, data->pftable, inet_ntoa(p->iph->ip_src), 0); - - return; -} - -SpoAlertPfData *ParseAlertPfArgs(char *args) -{ - char **toks; - int num_toks; - SpoAlertPfData *data; - - int res = 0; - - data = (SpoAlertPfData *)SnortAlloc(sizeof(SpoAlertPfData)); - - if(args == NULL) - FatalError("Unable to load pf args\n", strerror(errno)); - - data->fd = s2c_pf_init(); - - if (data->fd == -1) - FatalError("s2c_pf_init() => no pf device\n"); - - DEBUG_WRAP(DebugMessage(DEBUG_LOG,"ParseAlertPfArgs: %s\n", args);); - - toks = mSplit(args, ",", 2, &num_toks, 0); - - if(num_toks <= 1) - FatalError("snort.conf => You must supply TWO arguments for the pf plugin...\n", strerror(errno)); - - if(strstr(toks[0], "..") != NULL) - FatalError("snort.conf => File definition contains \"..\". Do not do that!\n"); - - data->wlfile = fopen(toks[0], "r"); - - if (data->wlfile == NULL) - FatalError("snort.conf => Unable to open whitelist file\n", strerror(errno)); - - if (toks[1] == NULL) - FatalError("snort.conf => No pf table defined\n", strerror(errno)); - else - data->pftable = toks[1]; - - if (s2c_pf_intbl(data->fd, data->pftable, 0) == 0) - FatalError("pf.conf => Table %s don't exists in packet filter\n", data->pftable, strerror(errno)); - - res = s2c_parse_load_wl(data->wlfile, &data->head, 0); - if (res == -1) - FatalError("snort.conf => Unable to load whitelist\n", strerror(errno)); - - return data; -} - -void AlertPfCleanExit(int signal, void *arg) -{ - SpoAlertPfData *data = (SpoAlertPfData *)arg; - DEBUG_WRAP(DebugMessage(DEBUG_LOG,"AlertPfCleanExit\n");); - - s2c_parse_free_wl(&data->head); - fclose(data->wlfile); - close(data->fd); - - free(data); -} - -void AlertPfRestart(int signal, void *arg) -{ - SpoAlertPfData *data = (SpoAlertPfData *)arg; - DEBUG_WRAP(DebugMessage(DEBUG_LOG,"AlertPfRestart\n");); - - s2c_parse_free_wl(&data->head); - fclose(data->wlfile); - close(data->fd); - - free(data); -} - - -int s2c_pf_init(void) -{ - return(open(PFDEVICE, O_RDWR)); -} - -int s2c_pf_block(int dev, char *tablename, char *ip, int debug) -{ - - struct pfioc_table io; - struct pfr_table table; - struct pfr_addr addr; - struct in_addr *net_addr=NULL; - - memset(&io, 0x00, sizeof(struct pfioc_table)); - memset(&table, 0x00, sizeof(struct pfr_table)); - memset(&addr, 0x00, sizeof(struct pfr_addr)); - - strlcpy(table.pfrt_name, tablename, PF_TABLE_NAME_SIZE); - net_addr=(struct in_addr*)malloc(sizeof(struct in_addr)); - - if (net_addr == NULL ) - FatalError("s2c_pf_block() => malloc()\n", strerror(errno)); - - inet_aton(ip, (struct in_addr *)&net_addr); - memcpy(&addr.pfra_ip4addr.s_addr, &net_addr, sizeof(struct in_addr)); - - addr.pfra_af = AF_INET; - addr.pfra_net = 32; - - io.pfrio_table = table; - io.pfrio_buffer = &addr; - io.pfrio_esize = sizeof(struct pfr_addr); - io.pfrio_size = 1; - - if (ioctl(dev, DIOCRADDADDRS, &io)) - FatalError("s2c_pf_block() => ioctl() DIOCRADDADDRS\n", strerror(errno)); - - return(0); -} - -int s2c_pf_intbl(int dev, char * tablename, int debug) -{ - int i; - struct pfioc_table io; - struct pfr_table *table_aux = NULL; - - memset(&io, 0x00, sizeof(struct pfioc_table)); - - io.pfrio_buffer = table_aux; - io.pfrio_esize = sizeof(struct pfr_table); - io.pfrio_size = 0; - - if(ioctl(dev, DIOCRGETTABLES, &io)) - FatalError("s2c_pf_intbl() => ioctl() DIOCRGETTABLES\n", strerror(errno)); - - table_aux = (struct pfr_table*)malloc(sizeof(struct pfr_table)*io.pfrio_size); - - if (table_aux == NULL) - FatalError("s2c_pf_intbl() => malloc()\n", strerror(errno)); - - io.pfrio_buffer = table_aux; - io.pfrio_esize = sizeof(struct pfr_table); - - if(ioctl(dev, DIOCRGETTABLES, &io)) - FatalError("s2c_pf_intbl() => ioctl() DIOCRGETTABLES\n", strerror(errno)); - - for(i=0; i< io.pfrio_size; i++) { - if (!strcmp(table_aux[i].pfrt_name, tablename)) - return 1; - } - - return 0; - -} - - -int s2c_parse_line(char buf[WLMAX] , FILE* wfile) -{ - static char next_ch = ' '; - int i = 0; - - if (feof(wfile)) { - return (0); - } - do { - next_ch = fgetc(wfile); - if (i < WLMAX) - buf[i++] = next_ch; - } while (!feof(wfile) && !isspace(next_ch)); - if (i >= WLMAX) { - return (-1); - } - - buf[i] = '\0'; - return (1); -} - - -int s2c_parse_load_wl(FILE *wfile, struct wlist_head *head, int debug) -{ - - char cad[WLMAX]; - char ret[WLMAX]; - struct ipwlist *ipw2, *ipw1 = NULL; - struct flock lock; - - if (wfile == NULL) - FatalError("s2c_parse_load_wl() => Unable to open whitelist file\n", strerror(errno)); - - memset(&lock, 0x00, sizeof(struct flock)); - lock.l_type = F_RDLCK; - fcntl(fileno(wfile), F_SETLKW, &lock); - - LIST_INIT(head); - - if (s2c_parse_line(cad, wfile) == 1) { - if (s2c_parse_ip(cad, ret, debug) == 1) { - ipw1 = (struct ipwlist*)malloc(sizeof(struct ipwlist)); - if (ipw1 == NULL) - FatalError("s2c_parse_load_wl() => malloc()\n", strerror(errno)); - inet_aton(ret, &ipw1->waddr); - LIST_INSERT_HEAD(head, ipw1, elem); - - } else { - FatalError("s2c_parse_load_wl() => Invalid data in whitelist file\n", strerror(errno)); - } - } - - while(s2c_parse_line(cad, wfile) == 1) { - if (s2c_parse_ip(cad, ret, debug) == 1) { - ipw2 = (struct ipwlist*)malloc(sizeof(struct ipwlist)); - if (ipw2 == NULL) - FatalError("s2c_parse_load_wl() => malloc()\n", strerror(errno)); - inet_aton(ret, &ipw2->waddr); - LIST_INSERT_AFTER(ipw1, ipw2, elem); - ipw1 = ipw2; - } else { - break; - } - - } - - lock.l_type = F_UNLCK; - fcntl(fileno(wfile), F_SETLKW, &lock); - - return (0); -} - -/* XXX: optimize */ - -int -s2c_parse_search_wl(char *ip, struct wlist_head wl) -{ - struct ipwlist *aux2; - char *ip_aux, ip1[IPMAX], ip2[IPMAX]; - int ret; - - strlcpy(ip1, ip, sizeof(ip1)); - - for(aux2=wl.lh_first; aux2 !=NULL; aux2=aux2->elem.le_next) { - ip_aux = inet_ntoa(aux2->waddr); - strlcpy(ip2, ip_aux, sizeof(ip2)); - ret = strcmp(ip1, ip2); - - if (ret == 0) - return 1; - } - return (0); -} - - -int s2c_parse_free_wl(struct wlist_head *wl) -{ - struct ipwlist *aux, *aux2; - for(aux = LIST_FIRST(wl); aux != LIST_END(wl); aux = aux2) { - aux2 = LIST_NEXT(aux, elem); - LIST_REMOVE(aux, elem); - free(aux); - } - if (LIST_EMPTY(wl)) { - return (1); - } else { - FatalError("s2c_parse_free_wl() => Unable to free whitelist\n", strerror(errno)); - return (0); - } -} - -/* XXX: too much complex ? */ - -int s2c_parse_ip(char *cad, char ret[WLMAX], int debug) -{ - int len; - unsigned int enc=1; - regex_t *expr; - regmatch_t *resultado; - expr = (regex_t*)malloc(sizeof(regex_t)); - - bzero(ret, WLMAX); - - if (expr == NULL) - FatalError("s2c_parse_ip() => malloc()\n", strerror(errno)); - - resultado = (regmatch_t*)malloc(sizeof(regmatch_t)); - - if (resultado == NULL) - FatalError("s2c_parse_ip() => malloc()\n", strerror(errno)); - - if (regcomp(expr, REG_ADDR, REG_EXTENDED) !=0) - FatalError("s2c_parse_ip() => regcomp()\n", strerror(errno)); - - if (regexec(expr, cad, 1, resultado, 0) !=0) - enc=0; - - if (enc !=0) { - len = resultado->rm_eo - resultado->rm_so; - memcpy(ret, cad + resultado->rm_so, len); - ret[len]='\0'; - } - - free(resultado); - regfree(expr); - - if(enc) - return (1); - else { - errno = EINVAL; - return (0); - } -} diff --git a/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.h b/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.h deleted file mode 100644 index af07dacd..00000000 --- a/config/snort-dev/snortsam-package-code/patches/spoink_patch/spo_pf.h +++ /dev/null @@ -1,60 +0,0 @@ -/* -* -* Copyright (c) 2006 Antonio Benojar <zz.stalker@gmail.com> -* Copyright (c) 2005 Antonio Benojar <zz.stalker@gmail.com> -* -* All rights reserved. -* -* Redistribution and use in source and binary forms, with or without -* modification, are permitted provided that the following conditions -* are met: -* -* 1. Redistributions of source code must retain the above copyright -* notice, this list of conditions and the following disclaimer. -* -* 2. Redistributions in binary form must reproduce the above copyright -* notice, this list of conditions and the following disclaimer in the -* documentation and/or other materials provided with the distribution. -* -* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR -* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef __SPO_PF_H__ -#define __SPO_PF_H__ - -#include <sys/queue.h> -#include <sys/types.h> -#include <sys/ioctl.h> -#include <sys/socket.h> -#include <fcntl.h> -#include <net/if.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <stdio.h> - -#define WLMAX 1024 -#define IPMAX 20 -#define REG_ADDR "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}" - - -struct ipwlist { - struct in_addr waddr; - LIST_ENTRY(ipwlist) elem; -}; - -LIST_HEAD(wlist_head, ipwlist); - -void AlertPfSetup(void); - -#endif - - diff --git a/config/snort-dev/snortsam-package-code/snort.xml b/config/snort-dev/snortsam-package-code/snort.xml deleted file mode 100644 index 207fae8b..00000000 --- a/config/snort-dev/snortsam-package-code/snort.xml +++ /dev/null @@ -1,272 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - part of pfSense (http://www.pfsense.com) - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>Orion</name> - <version>2.9.1</version> - <title>Services:2.9.1 pkg v. 2.0</title> - <include_file>/usr/local/pkg/snort/snort_install.inc</include_file> - <menu> - <name>Orion</name> - <tooltiptext>Setup snort specific settings</tooltiptext> - <section>Services</section> - <url>/snort/snort_interfaces.php</url> - </menu> - <service> - <name>snort</name> - <rcfile>snort.sh</rcfile> - <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description> - </service> - <tabs> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snortDB</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snortDBrules</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snortDBtemp</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_build.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_head.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_headbase.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_install.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_new.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_help_info.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_get.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_post.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules_ips.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets_ips.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/make_snortsam_map.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item> - </additional_files_needed> - <fields> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - sync_snort_package(); - </custom_php_resync_config_command> - <custom_php_install_command> - snort_postinstall(); - </custom_php_install_command> - <custom_php_deinstall_command> - snort_deinstall(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/snort-dev/snortsam-package-code/snortDB b/config/snort-dev/snortsam-package-code/snortDB Binary files differdeleted file mode 100644 index c685a368..00000000 --- a/config/snort-dev/snortsam-package-code/snortDB +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/snortDBrules b/config/snort-dev/snortsam-package-code/snortDBrules Binary files differdeleted file mode 100644 index 829a589b..00000000 --- a/config/snort-dev/snortsam-package-code/snortDBrules +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/snortDBtemp b/config/snort-dev/snortsam-package-code/snortDBtemp Binary files differdeleted file mode 100644 index 56ab2842..00000000 --- a/config/snort-dev/snortsam-package-code/snortDBtemp +++ /dev/null diff --git a/config/snort-dev/snortsam-package-code/snort_alerts.php b/config/snort-dev/snortsam-package-code/snort_alerts.php deleted file mode 100644 index 3cb79c5c..00000000 --- a/config/snort-dev/snortsam-package-code/snort_alerts.php +++ /dev/null @@ -1,189 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1'); - -$alertnumber = $generalSettings['alertnumber']; - -$arefresh_on = ($generalSettings['arefresh'] == 'on' ? 'checked' : ''); - - $pgtitle = "Services: Snort: Alerts"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <tr id="maintable" data-options='{"pagetable":"SnortSettings"}'> <!-- db to lookup --> - <td colspan="2" valign="top" class="listtopic" width="21%">Last 255 Alert Entries</td> - <td colspan="2" valign="top" class="listtopic">Latest Alert Entries Are Listed First</td> - </tr> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vncell2" valign="center" width="21%"><span class="vexpl">Save or Remove Logs</span></td> - <td class="vtable" width="40%"> - <form id="iform" > - <input name="snortlogsdownload" type="submit" class="formbtn" value="Download" > - <input type="hidden" name="snortlogsdownload" value="1" /> - <span class="vexpl">Save All Log Files.</span> - </form> - </td> - <td class="vtable"> - <form id="iform2" > - <input name="snortlogsdelete" type="submit" class="formbtn" value="Clear" onclick="return confirm('Do you really want to remove all your logs ? All Snort Logs will be removed !')" > - <input type="hidden" name="snortlogsdelete" value="1" /> - <span class="vexpl red"><strong>Warning:</strong></span><span class="vexpl"> all logs will be deleted.</span> - </form> - </td> - <div class="hiddendownloadlink"></div> - </tr> - <tr> - <td class="vncell2" valign="center"><span class="vexpl">Auto Refresh and Log View</span></td> - <td class="vtable"> - <form id="iform3" > - <input name="save" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - <input name="arefresh" id="arefresh" type="checkbox" value="on" <?=htmlspecialchars($arefresh_on);?> > - <span class="vexpl">Auto Refresh</span> - <span class="vexpl"><strong>Default ON</strong>.</span> - </td> - <td class="vtable"> - <input name="alertnumber" type="text" class="formfld2" id="alertnumber" size="5" value="<?=htmlspecialchars($alertnumber);?>" > - <span class="vexpl">Limit entries to view. <strong>Default 250</strong>.</span> - - <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDB" /> <!-- what db --> - <input type="hidden" name="dbTable" value="SnortSettings" /> <!-- what db table --> - <input type="hidden" name="ifaceTab" value="snort_alerts" /> <!-- what interface tab --> - - </form> - </td> - </tr> - </table> - - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_barnyard.php b/config/snort-dev/snortsam-package-code/snort_barnyard.php deleted file mode 100644 index 1cd2113b..00000000 --- a/config/snort-dev/snortsam-package-code/snort_barnyard.php +++ /dev/null @@ -1,289 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// set page vars - -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; - -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); -} - - -$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - - if (!is_array($a_list)) - { - $a_list = array(); - } - - - - $pgtitle = "Snort: Interface: Barnyard2 Edit"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - -<!-- START page custom script --> -<script language="JavaScript"> - -// start a jQuery sand box -jQuery(document).ready(function() { - - // START disable option for snort_interfaces_edit.php - endis = !(jQuery('input[name=barnyard_enable]:checked').val()); - - disableInputs=new Array( - "barnyard_mysql", - "barnconfigpassthru", - "dce_rpc", - "dns_preprocessor", - "ftp_preprocessor", - "http_inspect", - "other_preprocs", - "perform_stat", - "sf_portscan", - "smtp_preprocessor" - ); - - - jQuery('[name=interface]').attr('disabled', 'true'); - - - if (endis) - { - for (var i = 0; i < disableInputs.length; i++) - { - jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true'); - } - } - - jQuery("input[name=barnyard_enable]").live('click', function() { - - endis = !(jQuery('input[name=barnyard_enable]:checked').val()); - - if (endis) - { - for (var i = 0; i < disableInputs.length; i++) - { - jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true'); - } - }else{ - for (var i = 0; i < disableInputs.length; i++) - { - jQuery('[name=' + disableInputs[i] + ']').removeAttr('disabled'); - } - } - - - }); - // STOP disable option for snort_interfaces_edit.php - - -}); // end of on ready - -</script> - - - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> - <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> - <li><a href="/snort/snort_rulesets_ips.php?uuid=<?=$uuid;?>"><span>Ruleset Ips</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <form id="iform" > - <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDB" /> <!-- what db--> - <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table--> - <input type="hidden" name="ifaceTab" value="snort_barnyard" /> <!-- what interface tab --> - <input name="uuid" type="hidden" value="<?=$uuid; ?>"> - - - <tr> - <td colspan="2" valign="top" class="listtopic">General Barnyard2 Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Enable</td> - <td width="78%" class="vtable"> - <input name="barnyard_enable" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['barnyard_enable'] == 'on' || $a_list['barnyard_enable'] == '' ? 'checked' : '';?> > - <span class="vexpl"><strong>Enable Barnyard2 on this Interface</strong><br> - This will enable barnyard2 for this interface. You will also have to set the database credentials.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Interface</td> - <td width="78%" class="vtable"> - <select name="interface" class="formfld" > - <option value="wan" selected><?=strtoupper($a_list['interface']); ?></option> - </select> - <br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span></span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Mysql Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td> - <td width="78%" class="vtable"> - <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="100" value="<?=$a_list['barnyard_mysql']; ?>"> - <br> - <span class="vexpl">Example: output database: alert, mysql, dbname=snort user=snort host=localhost password=xyz<br> - Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Advanced Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration pass through</td> - <td width="78%" class="vtable"> - <textarea name="barnconfigpassthru" cols="75" rows="12" id="barnconfigpassthru" class="formpre2"><?=$a_list['barnconfigpassthru']; ?></textarea> - <br> - <span class="vexpl">Arguments here will be automatically inserted into the running barnyard2 configuration.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input type="button" class="formbtn" value="Cancel" > - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <span class="vexpl"><span class="red"><strong>Note:</strong></span> - Please save your settings befor you click start.</span> - </td> - </tr> - - - </form> - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_blocked.php b/config/snort-dev/snortsam-package-code/snort_blocked.php deleted file mode 100644 index fdc12480..00000000 --- a/config/snort-dev/snortsam-package-code/snort_blocked.php +++ /dev/null @@ -1,193 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - - -$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1'); - -$blertnumber = $generalSettings['blertnumber']; - -$brefresh_on = ($generalSettings['brefresh'] == 'on' ? 'checked' : ''); - - $pgtitle = "Services: Snort Blocked Hosts"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <tr id="maintable" data-options='{"pagetable":"SnortSettings"}'> <!-- db to lookup --> - <td width="22%" colspan="0" class="listtopic">Last 500 Blocked.</td> - <td class="listtopic">This page lists hosts that have been blocked by Snort. Hosts are removed every <strong>hour</strong>.</td> - </tr> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vncell2" valign="center" width="22%"><span class="vexpl">Save or Remove Hosts</span></td> - <td width="40%" class="vtable"> - <form id="iform" > - <input name="snortblockedlogsdownload" type="submit" class="formbtn" value="Download" > - <input type="hidden" name="snortblockedlogsdownload" value="1" /> - <span class="vexpl">Save All Blocked Hosts</span> - </form> - </td> - <td class="vtable"> - <form id="iform2" > - <input name="remove" type="submit" class="formbtn" value="Clear" onclick="return confirm('Do you really want to remove all blocked hosts ? All Blocked Hosts will be removed !')" > - <input type="hidden" name="snortflushpftable" value="1" /> - <span class="vexpl red"><strong>Warning:</strong></span><span class="vexpl"> all hosts will be removed.</span> - </form> - </td> - - <div class="hiddendownloadlink"> - </div> - - </tr> - <tr> - <td class="vncell2" valign="center"><span class="vexpl">Auto Refresh and Log View</span></td> - <td class="vtable"> - <form id="iform3" > - <input name="save" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - <span class="vexpl">Auto Refresh</span> - <input name="brefresh" id="brefresh" type="checkbox" value="on" <?=$brefresh_on; ?> > - <span class="vexpl"><strong>Default ON</strong>.</span> - </td> - <td class="vtable"> - <input name="blertnumber" type="text" class="formfld2" id="blertnumber" size="5" value="<?=$blertnumber;?>" > - <span class="vexpl">Limit entries to view. <strong>Default 500</strong>.</span> - - <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDB" /> <!-- what db --> - <input type="hidden" name="dbTable" value="SnortSettings" /> <!-- what db table --> - <input type="hidden" name="ifaceTab" value="snort_blocked" /> <!-- what interface tab --> - - </form> - </td> - </tr> - </table> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_build.inc b/config/snort-dev/snortsam-package-code/snort_build.inc deleted file mode 100644 index 2c18d3d3..00000000 --- a/config/snort-dev/snortsam-package-code/snort_build.inc +++ /dev/null @@ -1,1288 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -// unset crsf checks -if(isset($_POST['__csrf_magic'])) { - unset($_POST['__csrf_magic']); -} - - -/* - * Builds sid-block.map for snortsam - * May have to break this down into smaller funcs so that there is no namespace conflick - */ -function buildSnortSamSidBlockMap($rdbuuid) -{ - - - function buildSidMap($rdbuuid) - { - // list rules in the default dir - $filterDirList = array(); - $filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules'); - - // list rules in db that are on in a array - $listOnRules = array(); - $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSetsIps', 'rdbuuid', $rdbuuid); - - // list rules in db that are on in a array - $listGenRules = array(); - $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid); - - // get sigs in db - $listSigRules = array(); - $listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid); - - // clear tmp db - exec('rm /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/*.rules'); - - foreach ($listOnRules as $listRule) - { - if ( $listRule['enable'] === 'on' ) { - exec('cp /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules/' . $listRule['rulesetname'] . ' /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/' . $listRule['rulesetname']); - } - } - - // get list of sids - exec('perl /usr/local/bin/make_snortsam_map.pl /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/', $getEnableSidArray); - - // make sidMapFile lines 1023: src, 15 min - // remember to chech is Gen enable is on - foreach ( getCurrentIpsRuleArray($getEnableSidArray) as $sidLineMap ) - { - - $snortSigIpsExists = snortSearchArray($listSigRules, 'siguuid', $sidLineMap[0]); - - // if sig is in db use its settings else use default settings - if(!empty($snortSigIpsExists['siguuid'])) { - - $getSid = $snortSigIpsExists['siguuid']; - $getEnable = $snortSigIpsExists['enable']; - $getWho = $snortSigIpsExists['who']; - $getTimeamount = $snortSigIpsExists['timeamount']; - $getTimetype = $snortSigIpsExists['timetype']; - - }else{ - - $getSid = $sidLineMap[0]; - $getEnable = $listGenRules[0]['enable']; - $getWho = $listGenRules[0]['who']; - $getTimeamount = $listGenRules[0]['timeamount']; - $getTimetype = $listGenRules[0]['timetype']; - - } - - - if ( $getEnable === 'on' ) { - $newMapFileLine[] = $getSid . ': ' . $getWho . ', ' . $getTimeamount . ' ' . $getTimetype . "\n"; - } - - } // END forech - - return $newMapFileLine; - } // END buildSidMap Func - - write_rule_file(buildSidMap($rdbuuid), '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/sid-block.map'); - -} // END Func buildSnortSidBlockMap - -// -------------------------- START snort.conf ------------------------- - -/* func builds custom whitelests */ -function build_base_whitelist($lanip, $wanip, $wangw, $wandns, $vips, $vpns, $userwhtips, $netlist) { - - // bring in settings from /etc/inc - global $config; - - /* build an interface array list */ - if ($lanip === 'on') { - $int_array = array('lan'); - for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) - { - if(isset($config['interfaces']['opt' . $j]['enable'])) - if(isset($config['interfaces']['opt' . $j]['gateway'])) - $int_array[] = "opt{$j}"; - } - - /* iterate through interface list and write out whitelist items - * and also compile a home_net list for snort. - */ - foreach($int_array as $int) - { - /* calculate interface subnet information */ - $ifcfg = $config['interfaces'][$int]; - $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); - $subnetmask = gen_subnet_mask($ifcfg['subnet']); - if($subnet == "pppoe" or $subnet == "dhcp") { - $subnet = find_interface_ip("ng0"); - if($subnet) { - $home_net .= "{$subnet} "; - } - } else { - if ($subnet) - if($ifcfg['subnet']) - $home_net .= "{$subnet}/{$ifcfg['subnet']} "; - } - } - } - - if($wanip === 'on') { - // add all WAN ips to the whitelist - $wan_if = get_real_wan_interface(); - $ip = find_interface_ip($wan_if); - if($ip) { - $home_net .= "{$ip} "; - } - } - - if($wangw === 'on') { - // Add Gateway on WAN interface to whitelist (For RRD graphs) - $gw = get_interface_gateway('wan'); - if($gw) { - $home_net .= "{$gw} "; - } - } - - if($wandns === 'on') { - // Add DNS server for WAN interface to whitelist - $dns_servers = get_dns_servers(); - foreach($dns_servers as $dns) { - if($dns) { - $home_net .= "{$dns} "; - } - } - } - - // TESTING: NEEDED 06202011 - if($vips === 'on') { - // iterate all vips and add to whitelist - if($config['virtualip']) - foreach($config['virtualip']['vip'] as $vip) - if($vip['subnet']) - $home_net .= $vip['subnet'] . " "; - } - - // TESTING: NEEDED 06202011 - // grab a list of vpns and whitelist if user desires added by nestorfish 954 - if($vpns == 'on') { - // chk what pfsense version were on - if ($pfsense_stable == 'yes') { - $vpns_list = get_vpns_list(); - } - - // chk what pfsense version were on - if ($pfsense_stable == 'no') { - $vpns_list = filter_get_vpns_list(); - } - - if (!empty($vpns_list)) { - $home_net .= "$vpns_list "; - } - } - - // Add homenet, NETLIST - if($userwhtips == 'on') { - - $whitelistArray = snortSql_fetchAllSettings('snortDB', 'SnortWhitelistips', 'filename', $netlist); - - foreach ($whitelistArray as $whiteListIp) - { - $home_net .= $whiteListIp['ip'] . ' '; - } - - } - - // Add loopback to whitelist (ftphelper) - if ($lanip === 'on') { - $home_net .= '127.0.0.1'; - } - - // remove empty spaces - $home_net = trim($home_net); - - // this is for snort.conf - $home_net = str_replace(' ', ',', $home_net); - // by Thrae, helps people with more than one gateway, breaks snort as is - $home_net = str_replace(',,', ',', $home_net); - - if ($lanip !== 'on') { - - $snortHomeNetPieces = explode(',', $home_net); - $home_net = ''; - - $i = 1; - $homeNetPieceCount = count($snortHomeNetPieces); - foreach ($snortHomeNetPieces as $homeNetPiece) - { - if (!empty($homeNetPiece) && $homeNetPieceCount !== $i) { - $home_net .= $homeNetPiece . ','; - }else{ - $home_net .= $homeNetPiece . ''; - } - - $i++; - } - - } - - return $home_net; -} - - - -function create_snort_homenet($snortNet, $getSnortHomeNet) { - - if ($snortNet === 'homenet') { - - $listName = $getSnortHomeNet['homelistname']; - - if ($listName == 'default' || empty($listName)) { - return build_base_whitelist('on','on', 'on', 'on', 'on', 'on', 'off', ''); - }else{ - $getSnortWhitelist = snortSql_fetchAllSettings('snortDB', 'SnortWhitelist', 'filename', $listName); - return build_base_whitelist('on', $getSnortWhitelist[0]['wanips'], $getSnortWhitelist[0]['wangateips'], $getSnortWhitelist[0]['wandnsips'], $getSnortWhitelist[0]['vips'], $getSnortWhitelist[0]['vpnips'], 'on', $listName); - } - } - - if ($snortNet === 'externalnet') { - $listName = $getSnortHomeNet['externallistname']; - return build_base_whitelist('off', 'off', 'off', 'off', 'off', 'off', 'on', $listName); - } - -} - -function generate_snort_conf($uuid) -{ - - // Iface main setings - $ifaceSettingsArray = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - - // custom home nets - // might need to make this same ass homenet - $home_net = '[' . create_snort_homenet('homenet', $ifaceSettingsArray) . ']'; - - if ($ifaceSettingsArray['externallistname'] === 'default'){ - $external_net = '!$HOME_NET'; - }else{ - $external_net = '[' . create_snort_homenet('externalnet', $ifaceSettingsArray) . ']'; - } - - // obtain external interface - // XXX: make multi wan friendly - $snort_ext_int = $ifaceSettingsArray['interface']; - - // user added arguments - $snort_config_pass_thru = str_replace("\r", '', base64_decode($ifaceSettingsArray['configpassthru'])); - - // define basic log filename - $snortunifiedlogbasic_type = "output unified: filename snort_{$ifaceSettingsArray['uuid']}.log, limit 128"; - - // define snortalertlogtype - $snortalertlogtype = $ifaceSettingsArray['snortalertlogtype']; - - if ($snortalertlogtype == 'fast' || $snortalertlogtype == 'full') { - $snortalertlogtype_type = "output alert_{$snortalertlogtype}: alert"; - }else{ - $snortalertlogtype_type = ''; - } - - // define alertsystemlog - $alertsystemlog_info_chk = $ifaceSettingsArray['alertsystemlog']; - if ($alertsystemlog_info_chk == on) { - $alertsystemlog_type = "output alert_syslog: log_alert"; - } - - // define tcpdumplog - $tcpdumplog_info_chk = $ifaceSettingsArray['tcpdumplog']; - if ($tcpdumplog_info_chk == on) { - $tcpdumplog_type = "output log_tcpdump: snort_{$ifaceSettingsArray['uuid']}.tcpdump"; - } - - // define snortunifiedlog - $snortunifiedlog_info_chk = $ifaceSettingsArray['snortunifiedlog']; - if ($snortunifiedlog_info_chk == on) { - $snortunifiedlog_type = "output unified2: filename snort_{$ifaceSettingsArray['uuid']}.u2, limit 128"; - } - - // define snortsam - $snortsam_info_chk = $ifaceSettingsArray['blockoffenders7']; - if ($snortsam_info_chk === 'on') { - $snortsam_type = "output alert_fwsam: 127.0.0.1:786/snortsam1234"; - }else{ - $snortsam_type = ''; - } - - /* define threshold file */ - $threshold_info_chk = $ifaceSettingsArray['suppresslistname']; - if ($threshold_info_chk !== 'default') { - - $threshold_info_chk = "include /usr/local/etc/snort/suppress/{$threshold_info_chk}"; - } - - /* define servers and ports snortdefservers */ - /* def DNS_SERVSERS */ - $def_dns_servers_info_chk = $ifaceSettingsArray['def_dns_servers']; - if (empty($def_dns_servers_info_chk)) { - $def_dns_servers_type = '$HOME_NET'; - }else{ - $def_dns_servers_type = "$def_dns_servers_info_chk"; - } - - /* def DNS_PORTS */ - $def_dns_ports_info_chk = $ifaceSettingsArray['def_dns_ports']; - if (empty($def_dns_ports_info_chk)) { - $def_dns_ports_type = '53'; - }else{ - $def_dns_ports_type = "$def_dns_ports_info_chk"; - } - - /* def SMTP_SERVSERS */ - $def_smtp_servers_info_chk = $ifaceSettingsArray['def_smtp_servers']; - if (empty($def_smtp_servers_info_chk)) { - $def_smtp_servers_type = '$HOME_NET'; - }else{ - $def_smtp_servers_type = $def_smtp_servers_info_chk; - } - - /* def SMTP_PORTS */ - $def_smtp_ports_info_chk = $ifaceSettingsArray['def_smtp_ports']; - if (empty($def_smtp_ports_info_chk)) { - $def_smtp_ports_type = '25'; - }else{ - $def_smtp_ports_type = $def_smtp_ports_info_chk; - } - - /* def MAIL_PORTS */ - $def_mail_ports_info_chk = $ifaceSettingsArray['def_mail_ports']; - if (empty($def_mail_ports_info_chk)) { - $def_mail_ports_type = '25,143,465,691'; - }else{ - $def_mail_ports_type = $def_mail_ports_info_chk; - } - - /* def HTTP_SERVSERS */ - $def_http_servers_info_chk = $ifaceSettingsArray['def_http_servers']; - if (empty($def_http_servers_info_chk)) { - $def_http_servers_type = '$HOME_NET'; - }else{ - $def_http_servers_type = $def_http_servers_info_chk; - } - - /* def WWW_SERVSERS */ - $def_www_servers_info_chk = $ifaceSettingsArray['def_www_servers']; - if (empty($def_www_servers_info_chk)) { - $def_www_servers_type = '$HOME_NET'; - }else{ - $def_www_servers_type = $def_www_servers_info_chk; - } - - /* def HTTP_PORTS */ - $def_http_ports_info_chk = $ifaceSettingsArray['def_http_ports']; - if (empty($def_http_ports_info_chk)) { - $def_http_ports_type = '80'; - }else{ - $def_http_ports_type = $def_http_ports_info_chk; - } - - /* def SQL_SERVSERS */ - $def_sql_servers_info_chk = $ifaceSettingsArray['def_sql_servers']; - if (empty($def_sql_servers_info_chk)) { - $def_sql_servers_type = '$HOME_NET'; - }else{ - $def_sql_servers_type = $def_sql_servers_info_chk; - } - - /* def ORACLE_PORTS */ - $def_oracle_ports_info_chk = $ifaceSettingsArray['def_oracle_ports']; - if (empty($def_oracle_ports_info_chk)) { - $def_oracle_ports_type = '1521'; - }else{ - $def_oracle_ports_type = $def_oracle_ports_info_chk; - } - - /* def MSSQL_PORTS */ - $def_mssql_ports_info_chk = $ifaceSettingsArray['def_mssql_ports']; - if (empty($def_mssql_ports_info_chk)) { - $def_mssql_ports_type = '1433'; - }else{ - $def_mssql_ports_type = $def_mssql_ports_info_chk; - } - - /* def TELNET_SERVSERS */ - $def_telnet_servers_info_chk = $ifaceSettingsArray['def_telnet_servers']; - if (empty($def_telnet_servers_info_chk)) { - $def_telnet_servers_type = '$HOME_NET'; - }else{ - $def_telnet_servers_type = $def_telnet_servers_info_chk; - } - - /* def TELNET_PORTS */ - $def_telnet_ports_info_chk = $ifaceSettingsArray['def_telnet_ports']; - if (empty($def_telnet_ports_info_chk)) { - $def_telnet_ports_type = '23'; - }else{ - $def_telnet_ports_type = $def_telnet_ports_info_chk; - } - - /* def SNMP_SERVSERS */ - $def_snmp_servers_info_chk = $ifaceSettingsArray['def_snmp_servers']; - if (empty($def_snmp_servers_info_chk)) { - $def_snmp_servers_type = '$HOME_NET'; - }else{ - $def_snmp_servers_type = $def_snmp_servers_info_chk; - } - - /* def SNMP_PORTS */ - $def_snmp_ports_info_chk = $ifaceSettingsArray['def_snmp_ports']; - if (empty($def_snmp_ports_info_chk)) { - $def_snmp_ports_type = '161'; - }else{ - $def_snmp_ports_type = $def_snmp_ports_info_chk; - } - - /* def FTP_SERVSERS */ - $def_ftp_servers_info_chk = $ifaceSettingsArray['def_ftp_servers']; - if (empty($def_ftp_servers_info_chk)) { - $def_ftp_servers_type = '$HOME_NET'; - }else{ - $def_ftp_servers_type = $def_ftp_servers_info_chk; - } - - /* def FTP_PORTS */ - $def_ftp_ports_info_chk = $ifaceSettingsArray['def_ftp_ports']; - if (empty($def_ftp_ports_info_chk)) { - $def_ftp_ports_type = '21'; - }else{ - $def_ftp_ports_type = $def_ftp_ports_info_chk; - } - - /* def SSH_SERVSERS */ - $def_ssh_servers_info_chk = $ifaceSettingsArray['def_ssh_servers']; - if (empty($def_ssh_servers_info_chk)) { - $def_ssh_servers_type = '$HOME_NET'; - }else{ - $def_ssh_servers_type = $def_ssh_servers_info_chk; - } - - /* if user has defined a custom ssh port, use it */ - if($config['system']['ssh']['port']) { - $ssh_port = $config['system']['ssh']['port']; - }else{ - $ssh_port = '22'; - } - - /* def SSH_PORTS */ - $def_ssh_ports_info_chk = $ifaceSettingsArray['def_ssh_ports']; - if (empty($def_ssh_ports_info_chk)) { - $def_ssh_ports_type = $ssh_port; - }else{ - $def_ssh_ports_type = $def_ssh_ports_info_chk; - } - - /* def POP_SERVSERS */ - $def_pop_servers_info_chk = $ifaceSettingsArray['def_pop_servers']; - if (empty($def_pop_servers_info_chk)) { - $def_pop_servers_type = '$HOME_NET'; - }else{ - $def_pop_servers_type = $def_pop_servers_info_chk; - } - - /* def POP2_PORTS */ - $def_pop2_ports_info_chk = $ifaceSettingsArray['def_pop2_ports']; - if (empty($def_pop2_ports_info_chk)) { - $def_pop2_ports_type = '109'; - }else{ - $def_pop2_ports_type = $def_pop2_ports_info_chk; - } - - /* def POP3_PORTS */ - $def_pop3_ports_info_chk = $ifaceSettingsArray['def_pop3_ports']; - if (empty($def_pop3_ports_info_chk)) { - $def_pop3_ports_type = '110'; - }else{ - $def_pop3_ports_type = $def_pop3_ports_info_chk; - } - - /* def IMAP_SERVSERS */ - $def_imap_servers_info_chk = $ifaceSettingsArray['def_imap_servers']; - if (empty($def_imap_servers_info_chk)) { - $def_imap_servers_type = '$HOME_NET'; - }else{ - $def_imap_servers_type = $def_imap_servers_info_chk; - } - - /* def IMAP_PORTS */ - $def_imap_ports_info_chk = $ifaceSettingsArray['def_imap_ports']; - if (empty($def_imap_ports_info_chk)) { - $def_imap_ports_type = '143'; - }else{ - $def_imap_ports_type = $def_imap_ports_info_chk; - } - /* def SIP_PROXY_IP */ - $def_sip_proxy_ip_info_chk = $ifaceSettingsArray['def_sip_proxy_ip']; - if (empty($def_sip_proxy_ip_info_chk)) { - $def_sip_proxy_ip_type = '$HOME_NET'; - }else{ - $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk"; - } - - /* def SIP_PROXY_PORTS */ - $def_sip_proxy_ports_info_chk = $ifaceSettingsArray['def_sip_proxy_ports']; - if (empty($def_sip_proxy_ports_info_chk)) { - $def_sip_proxy_ports_type = '5060:5090,16384:32768'; - }else{ - $def_sip_proxy_ports_type = $def_sip_proxy_ports_info_chk; - } - - /* def AUTH_PORTS */ - $def_auth_ports_info_chk = $ifaceSettingsArray['def_auth_ports']; - if (empty($def_auth_ports_info_chk)) { - $def_auth_ports_type = '113'; - }else{ - $def_auth_ports_type = $def_auth_ports_info_chk; - } - - /* def FINGER_PORTS */ - $def_finger_ports_info_chk = $ifaceSettingsArray['def_finger_ports']; - if (empty($def_finger_ports_info_chk)) { - $def_finger_ports_type = "79"; - }else{ - $def_finger_ports_type = $def_finger_ports_info_chk; - } - - /* def IRC_PORTS */ - $def_irc_ports_info_chk = $ifaceSettingsArray['def_irc_ports']; - if (empty($def_irc_ports_info_chk)) { - $def_irc_ports_type = '6665,6666,6667,6668,6669,7000'; - }else{ - $def_irc_ports_type = $def_irc_ports_info_chk; - } - - /* def NNTP_PORTS */ - $def_nntp_ports_info_chk = $ifaceSettingsArray['def_nntp_ports']; - if (empty($def_nntp_ports_info_chk)) { - $def_nntp_ports_type = '119'; - }else{ - $def_nntp_ports_type = $def_nntp_ports_info_chk; - } - - /* def RLOGIN_PORTS */ - $def_rlogin_ports_info_chk = $ifaceSettingsArray['def_rlogin_ports']; - if (empty($def_rlogin_ports_info_chk)) { - $def_rlogin_ports_type = '513'; - }else{ - $def_rlogin_ports_type = $def_rlogin_ports_info_chk; - } - - /* def RSH_PORTS */ - $def_rsh_ports_info_chk = $ifaceSettingsArray['def_rsh_ports']; - if (empty($def_rsh_ports_info_chk)) { - $def_rsh_ports_type = '514'; - }else{ - $def_rsh_ports_type = $def_rsh_ports_info_chk; - } - - /* def SSL_PORTS */ - $def_ssl_ports_info_chk = $ifaceSettingsArray['def_ssl_ports']; - if (empty($def_ssl_ports_info_chk)) { - $def_ssl_ports_type = '443,465,563,636,989,990,992,993,994,995'; - }else{ - $def_ssl_ports_type = $def_ssl_ports_info_chk; - } - - /* should we install a automatic update crontab entry? - $automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7']; - - // if user is on pppoe, we really want to use ng0 interface - if(isset($config['interfaces'][$snort_ext_int]['ipaddr']) && ($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe")) - $snort_ext_int = "ng0"; - - // set the snort performance model */ - if($ifaceSettingsArray['performance']) { - $snort_performance = $ifaceSettingsArray['performance']; - }else{ - $snort_performance = "ac-bnfa"; - } - - // list rules in db that are on in a array - $listEnabled_rulesets = array(); - $listEnabled_rulesets = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'rdbuuid', $ifaceSettingsArray['ruledbname']); - - $listCurntDirRules = array(); - $listCurntDirRules = snortScanDirFilter("/usr/local/etc/snort/sn_{$uuid}/rules", '\.rules'); - if(!empty($listEnabled_rulesets)) { - foreach($listEnabled_rulesets as $enabled_item) - { - if ($enabled_item['enable'] !== 'off' && in_array($enabled_item['rulesetname'], $listCurntDirRules)) { - $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item['rulesetname']}\n"; - } - } - } - - - ///////////////////////////// - - /* preprocessor code */ - - /* def perform_stat */ - - - $def_perform_stat_info_chk = $ifaceSettingsArray['perform_stat']; - if ($def_perform_stat_info_chk === 'on') { - $def_perform_stat_type = "preprocessor perfmonitor: time 300 file /var/log/snort/sn_{$ifaceSettingsArray['uuid']}.stats pktcnt 10000"; - }else{ - $def_perform_stat_type = ''; - } - - $def_flow_depth_info_chk = $ifaceSettingsArray['flow_depth']; - if (empty($def_flow_depth_info_chk)) { - $def_flow_depth_type = '0'; - }else{ - $def_flow_depth_type = $ifaceSettingsArray['flow_depth']; - } - - /* def http_inspect */ - $snort_http_inspect = <<<EOD -################# - # -# HTTP Inspect # - # -################# - -preprocessor http_inspect: global iis_unicode_map unicode.map 1252 - -preprocessor http_inspect_server: server default \ - ports { 80 8080 } \ - non_strict \ - non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ - flow_depth {$def_flow_depth_type} \ - apache_whitespace no \ - directory no \ - iis_backslash no \ - u_encode yes \ - ascii no \ - chunk_length 500000 \ - bare_byte yes \ - double_decode yes \ - iis_unicode no \ - iis_delimiter no \ - multi_slash no - -EOD; - - $def_http_inspect_info_chk = $ifaceSettingsArray['http_inspect']; - if ($def_http_inspect_info_chk === 'on') { - $def_http_inspect_type = $snort_http_inspect; - }else{ - $def_http_inspect_type = ''; - } - - - /* def other_preprocs */ - $snort_other_preprocs = <<<EOD -################## - # -# Other preprocs # - # -################## - -preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 -preprocessor bo - -EOD; - - $def_other_preprocs_info_chk = $ifaceSettingsArray['other_preprocs']; - if ($def_other_preprocs_info_chk === 'on') { - $def_other_preprocs_type = $snort_other_preprocs; - }else{ - $def_other_preprocs_type = ''; - } - - /* def ftp_preprocessor */ - $snort_ftp_preprocessor = <<<EOD -##################### - # -# ftp preprocessor # - # -##################### - -preprocessor ftp_telnet: global \ -inspection_type stateless - -preprocessor ftp_telnet_protocol: telnet \ - normalize \ - ayt_attack_thresh 200 - -preprocessor ftp_telnet_protocol: \ - ftp server default \ - def_max_param_len 100 \ - ports { 21 } \ - ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \ - ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \ - ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \ - ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \ - ftp_cmds { FEAT CEL CMD MACB } \ - ftp_cmds { MDTM REST SIZE MLST MLSD } \ - ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \ - alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \ - alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \ - alt_max_param_len 256 { RNTO CWD } \ - alt_max_param_len 400 { PORT } \ - alt_max_param_len 512 { SIZE } \ - chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \ - chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \ - chk_str_fmt { LIST NLST SITE SYST STAT HELP } \ - chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \ - chk_str_fmt { FEAT CEL CMD } \ - chk_str_fmt { MDTM REST SIZE MLST MLSD } \ - chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity STRU < char FRP > \ - cmd_validity ALLO < int [ char R int ] > \ - cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \ - cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - cmd_validity PORT < host_port > - -preprocessor ftp_telnet_protocol: ftp client default \ - max_resp_len 256 \ - bounce yes \ - telnet_cmds yes - -EOD; - - $def_ftp_preprocessor_info_chk = $ifaceSettingsArray['ftp_preprocessor']; - if ($def_ftp_preprocessor_info_chk === 'on') { - $def_ftp_preprocessor_type = $snort_ftp_preprocessor; - }else{ - $def_ftp_preprocessor_type = ""; - } - - /* def smtp_preprocessor */ - $snort_smtp_preprocessor = <<<EOD -##################### - # -# SMTP preprocessor # - # -##################### - -preprocessor SMTP: \ - ports { 25 465 691 } \ - inspection_type stateful \ - normalize cmds \ - valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \ -CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \ -PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - max_header_line_len 1000 \ - max_response_line_len 512 \ - alt_max_command_line_len 260 { MAIL } \ - alt_max_command_line_len 300 { RCPT } \ - alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ - alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ - alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \ - alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \ - alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - xlink2state { enable } - -EOD; - - $def_smtp_preprocessor_info_chk = $ifaceSettingsArray['smtp_preprocessor']; - if ($def_smtp_preprocessor_info_chk === 'on') { - $def_smtp_preprocessor_type = $snort_smtp_preprocessor; - }else{ - $def_smtp_preprocessor_type = ''; - } - - /* def sf_portscan */ - $snort_sf_portscan = <<<EOD -################ - # -# sf Portscan # - # -################ - -preprocessor sfportscan: scan_type { all } \ - proto { all } \ - memcap { 10000000 } \ - sense_level { medium } \ - ignore_scanners { \$HOME_NET } - -EOD; - - $def_sf_portscan_info_chk = $ifaceSettingsArray['sf_portscan']; - if ($def_sf_portscan_info_chk === 'on') { - $def_sf_portscan_type = $snort_sf_portscan; - }else{ - $def_sf_portscan_type = ''; - } - - /* def dce_rpc_2 */ - $snort_dce_rpc_2 = <<<EOD -############### - # -# NEW # -# DCE/RPC 2 # - # -############### - -preprocessor dcerpc2: memcap 102400, events [smb, co, cl] -preprocessor dcerpc2_server: default, policy WinXP, \ - detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ - autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ - smb_max_chain 3 - -EOD; - - $def_dce_rpc_2_info_chk = $ifaceSettingsArray['dce_rpc_2']; - if ($def_dce_rpc_2_info_chk === 'on') { - $def_dce_rpc_2_type = $snort_dce_rpc_2; - }else{ - $def_dce_rpc_2_type = ''; - } - - /* def dns_preprocessor */ - $snort_dns_preprocessor = <<<EOD -#################### - # -# DNS preprocessor # - # -#################### - -preprocessor dns: \ - ports { 53 } \ - enable_rdata_overflow - -EOD; - - $def_dns_preprocessor_info_chk = $ifaceSettingsArray['dns_preprocessor']; - if ($def_dns_preprocessor_info_chk === 'on') { - $def_dns_preprocessor_type = $snort_dns_preprocessor; - }else{ - $def_dns_preprocessor_type = ''; - } - - /* def SSL_PORTS IGNORE */ - $def_ssl_ports_ignore_info_chk = $ifaceSettingsArray['def_ssl_ports_ignore']; - if (empty($def_ssl_ports_ignore_info_chk)) { - $def_ssl_ports_ignore_type = 'preprocessor ssl: ports { 443 465 563 636 989 990 992 993 994 995 }, trustservers, noinspect_encrypted'; - }else{ - $def_ssl_ports_ignore_type = "preprocessor ssl: ports { {$def_ssl_ports_ignore_info_chk} }, trustservers, noinspect_encrypted"; - } - - /* stream5 queued settings */ - - - $def_max_queued_bytes_info_chk = $ifaceSettingsArray['max_queued_bytes']; - if (empty($def_max_queued_bytes_info_chk)) { - $def_max_queued_bytes_type = ''; - }else{ - $def_max_queued_bytes_type = ' max_queued_bytes ' . $ifaceSettingsArray['max_queued_bytes'] . ','; - } - - $def_max_queued_segs_info_chk = $ifaceSettingsArray['max_queued_segs']; - if (empty($def_max_queued_segs_info_chk)) { - $def_max_queued_segs_type = ''; - }else{ - $def_max_queued_segs_type = ' max_queued_segs ' . $ifaceSettingsArray['max_queued_segs'] . ','; - } - - - /* build snort configuration file */ - /* TODO; feed back from pfsense users to reduce false positives */ - $snort_conf_text = <<<EOD - -# snort configuration file -# generated by the pfSense -# package manager system -# see /usr/local/pkg/snort.inc -# for more information -# snort.conf -# Snort can be found at http://www.snort.org/ -# -# Copyright (C) 2009-2010 Robert Zelaya -# part of pfSense -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -######################### - # -# Define Local Network # - # -######################### - -var HOME_NET {$home_net} -var EXTERNAL_NET {$external_net} - -################### - # -# Define Servers # - # -################### - -var DNS_SERVERS [{$def_dns_servers_type}] -var SMTP_SERVERS [{$def_smtp_servers_type}] -var HTTP_SERVERS [{$def_http_servers_type}] -var SQL_SERVERS [{$def_sql_servers_type}] -var TELNET_SERVERS [{$def_telnet_servers_type}] -var SNMP_SERVERS [{$def_snmp_servers_type}] -var FTP_SERVERS [{$def_ftp_servers_type}] -var SSH_SERVERS [{$def_ssh_servers_type}] -var POP_SERVERS [{$def_pop_servers_type}] -var IMAP_SERVERS [{$def_imap_servers_type}] -var RPC_SERVERS \$HOME_NET -var WWW_SERVERS [{$def_www_servers_type}] -var SIP_PROXY_IP [{$def_sip_proxy_ip_type}] -var AIM_SERVERS \ -[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] - -######################## - # -# Define Server Ports # - # -######################## - -portvar HTTP_PORTS [{$def_http_ports_type}] -portvar SHELLCODE_PORTS !80 -portvar ORACLE_PORTS [{$def_oracle_ports_type}] -portvar AUTH_PORTS [{$def_auth_ports_type}] -portvar DNS_PORTS [{$def_dns_ports_type}] -portvar FINGER_PORTS [{$def_finger_ports_type}] -portvar FTP_PORTS [{$def_ftp_ports_type}] -portvar IMAP_PORTS [{$def_imap_ports_type}] -portvar IRC_PORTS [{$def_irc_ports_type}] -portvar MSSQL_PORTS [{$def_mssql_ports_type}] -portvar NNTP_PORTS [{$def_nntp_ports_type}] -portvar POP2_PORTS [{$def_pop2_ports_type}] -portvar POP3_PORTS [{$def_pop3_ports_type}] -portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779] -portvar RLOGIN_PORTS [{$def_rlogin_ports_type}] -portvar RSH_PORTS [{$def_rsh_ports_type}] -portvar SMB_PORTS [139,445] -portvar SMTP_PORTS [{$def_smtp_ports_type}] -portvar SNMP_PORTS [{$def_snmp_ports_type}] -portvar SSH_PORTS [{$def_ssh_ports_type}] -portvar TELNET_PORTS [{$def_telnet_ports_type}] -portvar MAIL_PORTS [{$def_mail_ports_type}] -portvar SSL_PORTS [{$def_ssl_ports_type}] -portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}] - -# DCERPC NCACN-IP-TCP -portvar DCERPC_NCACN_IP_TCP [139,445] -portvar DCERPC_NCADG_IP_UDP [138,1024:] -portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:] -portvar DCERPC_NCACN_UDP_LONG [135,1024:] -portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:] -portvar DCERPC_NCACN_TCP [2103,2105,2107] -portvar DCERPC_BRIGHTSTORE [6503,6504] - -##################### - # -# Define Rule Paths # - # -##################### - -var RULE_PATH /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/rules -# var PREPROC_RULE_PATH ./preproc_rules - -################################ - # -# Configure the snort decoder # - # -################################ - -config checksum_mode: all -config disable_decode_alerts -config disable_tcpopt_experimental_alerts -config disable_tcpopt_obsolete_alerts -config disable_ttcp_alerts -config disable_tcpopt_alerts -config disable_ipopt_alerts -config disable_decode_drops - -################################### - # -# Configure the detection engine # -# Use lower memory models # - # -################################### - -config detection: search-method {$snort_performance} max_queue_events 5 -config event_queue: max_queue 8 log 3 order_events content_length - -#Configure dynamic loaded libraries -dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/ -dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so -dynamicdetection directory /usr/local/lib/snort/dynamicrules/ - -################### - # -# Flow and stream # - # -################### - -preprocessor frag3_global: max_frags 8192 -preprocessor frag3_engine: policy bsd detect_anomalies - -preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ -track_udp yes, track_icmp yes -preprocessor stream5_tcp: policy BSD, ports both all,{$def_max_queued_bytes_type}{$def_max_queued_segs_type} use_static_footprint_sizes -preprocessor stream5_udp: -preprocessor stream5_icmp: - -########################## - # -# NEW # -# Performance Statistics # - # -########################## - -{$def_perform_stat_type} - -{$def_http_inspect_type} - -{$def_other_preprocs_type} - -{$def_ftp_preprocessor_type} - -{$def_smtp_preprocessor_type} - -{$def_sf_portscan_type} - -############################ - # -# OLD # -# preprocessor dcerpc: \ # -# autodetect \ # -# max_frag_size 3000 \ # -# memcap 100000 # - # -############################ - -{$def_dce_rpc_2_type} - -{$def_dns_preprocessor_type} - -############################## - # -# NEW # -# Ignore SSL and Encryption # - # -############################## - -{$def_ssl_ports_ignore_type} - -##################### - # -# Snort Output Logs # - # -##################### - -$snortunifiedlogbasic_type -$snortalertlogtype_type -$alertsystemlog_type -$tcpdumplog_type -$snortmysqllog_info_chk -$snortunifiedlog_type -$snortsam_type - -################# - # -# Misc Includes # - # -################# - -include /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/reference.config -include /usr/local/etc/snort/sn_{$ifaceSettingsArray['uuid']}/classification.config -$threshold_file_name - -# Snort user pass through configuration -{$snort_config_pass_thru} - -################### - # -# Rules Selection # - # -################### - -{$selected_rules_sections} - -EOD; - - return $snort_conf_text; -} - - -function create_snort_conf($uuid) -{ - // write out snort.conf - - if (!file_exists("/usr/local/etc/snort/sn_{$uuid}/snort.conf")) { - exec("/usr/bin/touch /usr/local/etc/snort/sn_{$uuid}/snort.conf"); - } - - $snort_conf_text = generate_snort_conf($uuid); - - conf_mount_rw(); - $conf = fopen("/usr/local/etc/snort/sn_{$uuid}/snort.conf", "w"); - if(!$conf) { - log_error("Could not open /usr/local/etc/snort/sn_{$uuid}/snort.conf for writing."); - exit; - } - - fwrite($conf, $snort_conf_text); - fclose($conf); - conf_mount_ro(); - -} - -// create threshold.conf -function generate_threshold_conf($uuid) { - - global $config; - - // Iface main setings - $ifaceSettingsArray = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - - $getSnortSuppresslist = snortSql_fetchAllSettings('snortDB', 'SnortSuppress', 'filename', $ifaceSettingsArray['suppresslistname']); - - if ($ifaceSettingsArray['suppresslistname'] === 'default') { - $getSnortSuppressPass = ''; - }else{ - $getSnortSuppressPass = base64_decode($getSnortSuppresslist[0]['suppresspassthru']); - } - - - $snort_threshold_text = <<<EOD - -# snort threshold file -# generated by the pfSense -# package manager system -# see /usr/local/pkg/snort_build.inc -# for more information -# threshold.conf -# Snort can be found at http://www.snort.org/ -# -# Copyright (C) 2009-2011 Robert Zelaya -# part of pfSense -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - - -{$getSnortSuppressPass} - -EOD; - -return $snort_threshold_text; - -} - -function create_threshold_conf($uuid) -{ - // make sure file is there - if (!file_exists("/usr/local/etc/snort/sn_{$uuid}/threshold.conf")) { - exec("/usr/bin/touch /usr/local/etc/snort/sn_{$uuid}/threshold.conf"); - } - - $threshold_conf_text = generate_threshold_conf($uuid); - - $conf = fopen("/usr/local/etc/snort/sn_{$uuid}/threshold.conf", "w"); - if(!$conf) { - log_error("Could not open /usr/local/etc/snort/sn_{$uuid}/threshold.conf for writing."); - exit; - } - - fwrite($conf, $threshold_conf_text); - fclose($conf); - -} - -function build_snort_settings($uuid) { - - // create snort.conf - create_snort_conf($uuid); - // create threshold.conf - create_threshold_conf($uuid); - -} - -// -------------------------- END snort.conf ------------------------- - -?> diff --git a/config/snort-dev/snortsam-package-code/snort_define_servers.php b/config/snort-dev/snortsam-package-code/snort_define_servers.php deleted file mode 100644 index 05e7709e..00000000 --- a/config/snort-dev/snortsam-package-code/snort_define_servers.php +++ /dev/null @@ -1,450 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// set page vars - -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; - -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); -} - - -$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - - - $pgtitle = "Snort: Interface Define Servers:"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> - <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> - <li><a href="/snort/snort_rulesets_ips.php?uuid=<?=$uuid;?>"><span>Ruleset Ips</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <form id="iform" > - <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDB" /> <!-- what db--> - <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table--> - <input type="hidden" name="ifaceTab" value="snort_define_servers" /> <!-- what interface tab --> - <input name="uuid" type="hidden" value="<?=$uuid; ?>"> - - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"> - <span class="red"><strong>Note:</strong></span><br> - Please save your settings before you click start.<br> - Please make sure there are <strong>no spaces</strong> in your definitions. - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Define Servers</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_dns_servers" type="text" class="formfld" id="def_dns_servers" size="40" value="<?=$a_list['def_dns_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_dns_ports" type="text" class="formfld" id="def_dns_ports" size="40" value="<?=$a_list['def_dns_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_smtp_servers" type="text" class="formfld" id="def_smtp_servers" size="40" value="<?=$a_list['def_smtp_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_smtp_ports" type="text" class="formfld" id="def_smtp_ports" size="40" value="<?=$a_list['def_smtp_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td> - <td width="78%" class="vtable"> - <input name="def_mail_ports" type="text" class="formfld" id="def_mail_ports" size="40" value="<?=$a_list['def_mail_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_http_servers" type="text" class="formfld" id="def_http_servers" size="40" value="<?=$a_list['def_http_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_www_servers" type="text" class="formfld" id="def_www_servers" size="40" value="<?=$a_list['def_www_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_http_ports" type="text" class="formfld" id="def_http_ports" size="40" value="<?=$a_list['def_http_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_sql_servers" type="text" class="formfld" id="def_sql_servers" size="40" value="<?=$a_list['def_sql_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_oracle_ports" type="text" class="formfld" id="def_oracle_ports" size="40" value="<?=$a_list['def_oracle_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_mssql_ports" type="text" class="formfld" id="def_mssql_ports" size="40" value="<?=$a_list['def_mssql_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_telnet_servers" type="text" class="formfld" id="def_telnet_servers" size="40" value="<?=$a_list['def_telnet_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_telnet_ports" type="text" class="formfld" id="def_telnet_ports" size="40" value="<?=$a_list['def_telnet_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_snmp_servers" type="text" class="formfld" id="def_snmp_servers" size="40" value="<?=$a_list['def_snmp_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_snmp_ports" type="text" class="formfld" id="def_snmp_ports" size="40" value="<?=$a_list['def_snmp_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_ftp_servers" type="text" class="formfld" id="def_ftp_servers" size="40" value="<?=$a_list['def_ftp_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_ftp_ports" type="text" class="formfld" id="def_ftp_ports" size="40" value="<?=$a_list['def_ftp_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_ssh_servers" type="text" class="formfld" id="def_ssh_servers" size="40" value="<?=$a_list['def_ssh_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_ssh_ports" type="text" class="formfld" id="def_ssh_ports" size="40" value="<?=$a_list['def_ssh_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_pop_servers" type="text" class="formfld" id="def_pop_servers" size="40" value="<?=$a_list['def_pop_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_pop2_ports" type="text" class="formfld" id="def_pop2_ports" size="40" value="<?=$a_list['def_pop2_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_pop3_ports" type="text" class="formfld" id="def_pop3_ports" size="40" value="<?=$a_list['def_pop3_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_imap_servers" type="text" class="formfld" id="def_imap_servers" size="40" value="<?=$a_list['def_imap_servers']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_imap_ports" type="text" class="formfld" id="def_imap_ports" size="40" value="<?=$a_list['def_imap_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td> - <td width="78%" class="vtable"> - <input name="def_sip_proxy_ip" type="text" class="formfld" id="def_sip_proxy_ip" size="40" value="<?=$a_list['def_sip_proxy_ip']; ?>"> - <br> - <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_sip_proxy_ports" type="text" class="formfld" id="def_sip_proxy_ports" size="40" value="<?=$a_list['def_sip_proxy_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" value="<?=$a_list['def_auth_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_finger_ports" type="text" class="formfld" id="def_finger_ports" size="40" value="<?=$a_list['def_finger_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_irc_ports" type="text" class="formfld" id="def_irc_ports" size="40" value="<?=$a_list['def_irc_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_nntp_ports" type="text" class="formfld" id="def_nntp_ports" size="40" value="<?=$a_list['def_nntp_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_rlogin_ports" type="text" class="formfld" id="def_rlogin_ports" size="40" value="<?=$a_list['def_rlogin_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_rsh_ports" type="text" class="formfld" id="def_rsh_ports" size="40" value="<?=$a_list['def_rsh_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_ssl_ports" type="text" class="formfld" id="def_ssl_ports" size="40" value="<?=$a_list['def_ssl_ports']; ?>"> - <br> - <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start.</span> - </td> - </tr> - - - - - </form> - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_download_rules.inc b/config/snort-dev/snortsam-package-code/snort_download_rules.inc deleted file mode 100644 index 8953a65c..00000000 --- a/config/snort-dev/snortsam-package-code/snort_download_rules.inc +++ /dev/null @@ -1,1036 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -/* - * WARNING: THIS FILE SHOULD NEVER BE IN WWWW DIR - * - */ - - -// create and cp to tmp db dir -if (!file_exists('/var/snort/')) { - exec('/bin/mkdir -p /var/snort/'); -} - -if (file_exists('/usr/local/pkg/snort/snortDBtemp')) { - exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp'); -} - - -// fetch db Settings NONE Json -function snortSql_fetchAllSettings2($dbname, $table, $type, $id_uuid) -{ - - if ($dbname == '' || $table == '' || $type == '') { - return false; - } - - if ($dbname === 'snortDB' || $dbname === 'snortDBrules') { - $db = sqlite_open("/usr/local/pkg/snort/$dbname"); - } - - if ($dbname === 'snortDBtemp') { - $db = sqlite_open("/var/snort/$dbname"); - } - - if ($type === 'All') { - - $result = sqlite_query($db, - "SELECT * FROM {$table} where id > 0; - "); - - }else{ - - $result = sqlite_query($db, - "SELECT * FROM {$table} where {$type} = '{$id_uuid}'; - "); - } - - if ($type == 'rdbuuid' || $type == 'All') { - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - }else{ - $chktable = sqlite_fetch_array($result, SQLITE_ASSOC); - } - - sqlite_close($db); - - return $chktable; - - -} // end func - -function snortSql_updateRuleSetList($type, $value, $file_size, $downloaded, $filename) -{ - - $dbname = 'snortDBtemp'; - $table = 'SnortDownloads'; - $addDate = date(U); - - // do let user pick the DB path - $db = sqlite_open("/var/snort/{$dbname}"); - - if ($type === 'percent2'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET date = '{$addDate}', percent = '{$value}', filesize = '{$file_size}', downloaded = '{$downloaded}' where filename = '{$filename}'; - "); - } - - - if ($type === 'percent'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET date = '{$addDate}', percent = '{$value}' where filename = '{$filename}'; - "); - } - - if ($type === 'msg1'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '1'; - "); - } - - if ($type === 'msg2'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE SnortDownloadsMsg SET date = '{$addDate}', msg = '{$value}' where id = '2'; - "); - } - - /* - * INPORTANT: - * Register worker to prevent loops and ghost process - * Needs to be watched, - */ - - if ($type === 'working'){ - - $getmypid = getmypid(); - $getmyfilename = $_SERVER['SCRIPT_NAME']; - - $resultChk = sqlite_query($db, - "SELECT * FROM RegisterWorker WHERE uuid = 'jdjEf!773&h3bhFd6A'; - "); - - $resultChkFinal = sqlite_fetch_all($resultChk, SQLITE_ASSOC); - - if (!empty($resultChkFinal)) { - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE RegisterWorker SET date = '{$addDate}', processid = '{$getmypid}', filename = '{$getmyfilename}', working = '{$value}' where uuid = 'jdjEf!773&h3bhFd6A'; - "); - }else{ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO RegisterWorker (date, processid, filename, working, uuid) VALUES ('{$addDate}', '{$getmypid}', '{$getmyfilename}', '{$value}', 'jdjEf!773&h3bhFd6A'); - "); - } - } - - - if ($type === 'snortWait'){ - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET waittime = '{$addDate}' where filename = '{$filename}'; - "); - } - - if (sqlite_changes($db) < 1){ - sqlite_close($db); - return 'Error in query'; - } - - sqlite_close($db); - - -} - -// reapply rule settings -function reapplyRuleSettings_run($sidRule_array) -{ - - $sid_array = snortSql_fetchAllSettings2('snortDBrules', 'SnortruleSigs', 'rdbuuid', $sidRule_array); - - if (!empty($sid_array)) { - foreach ($sid_array as $sid) - { - if (!empty($sid['enable']) && !empty($sid['signatureid']) && !empty($sid['rdbuuid']) && !empty($sid['signaturefilename'])) { - if ($sid['enable'] === 'on') { - exec('/usr/bin/sed -i \'\' \'s/^# \(.*sid:' . "{$sid['signatureid']}" . ';.*\)/\1/\' /usr/local/etc/snort/snortDBrules/DB/' . "{$sid['rdbuuid']}" . '/rules/' . "{$sid['signaturefilename']}"); - } - - if ($sid['enable'] === 'off') { - exec('/usr/bin/sed -i \'\' \'s/^\(alert.*sid:' . "{$sid['signatureid']}" . ';.*\)/# \1/\' /usr/local/etc/snort/snortDBrules/DB/' . "{$sid['rdbuuid']}" . '/rules/' . "{$sid['signaturefilename']}"); - } - } - } - } - - // NOTES: DO NOT REMOVE BELOW COMMENTS - // returns file pathe of the sid - // $testing = exec("grep -ri 'sid: \?1225; ' /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules | tail -n1 | awk -F: '{print $1}'"); - // see if sid is enabled - // $testing2 = exec("sed -n '/^alert.*sid:1225;.*/p' /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules"); - // enable a sid - // sed -i '' "s/^# \(.*sid:1225;.*\)/\1/" /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules - // disable a sid - // sed -i '' "s/^\(alert.*sid:1225;.*\)/# \1/" /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules - // grep "^alert.*sid:.*;" rules/emerging-worm.rules | grep -oh "\w*sid:[0-9][^*;]\w*" | awk -F: '{print $2}' - // sed -n '/^320 || .*/{p;q;}' rules/ ../etc/sid-msg.map | awk -F '|' '{print $3}' | sed -e 's/^[ \t]*//' - - -} - -function snortCmpareMD5($type, $path1, $path2, $filename_md5) -{ - update_output_window2('ms2', 'Checking ' . $filename_md5 . ' MD5...'); - - if (file_exists("{$path1}/{$filename_md5}")){ - - if ($type == 'string'){ - $md5_check_new = @file_get_contents("{$path1}/{$filename_md5}"); - $md5_check_old = @file_get_contents("{$path2}/{$filename_md5}"); - if ($md5_check_new !== $md5_check_old){ - update_output_window2('ms2', "$filename_md5 MD5s do not match..."); - return false; - } - } - - if ($type == 'md5'){ - //md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}' - $md5_check_new2 = exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'"); - $md5_check_old2 = exec("/sbin/md5 {$path2}/{$filename_md5} | /usr/bin/awk '{print $4}'"); - if ($md5_check_new != $md5_check_old){ - update_output_window2('ms2', "$filename_md5 MD5s do not match..."); - return false; - } - } - - if ($type == 'md5FileChk') { - //md5 snortrules-snapshot-2905.tar.gz | awk '{print $4}' - $md5_check_new = trim(exec("/sbin/md5 {$path1}/{$filename_md5} | /usr/bin/awk '{print $4}'")); - - $md5_check_old = exec("/bin/cat {$path1}/{$filename_md5}.md5"); - - $md5_check_old2 = trim(preg_replace('/"/', '', $md5_check_old)); - - if ($md5_check_new != $md5_check_old2){ - update_output_window2('ms2', "$filename_md5 MD5s do not match..."); - return false; - } - } - - - - } - - update_output_window2('ms2', "$filename_md5 MD5 File Check Passed..."); - return true; -} - - -/* - * update_output_window: update bottom textarea dynamically. - */ -function update_output_window2($type, $text) -{ - if ($type === 'ms1') { - $msg = 1; - } - - if ($type === 'ms2') { - $msg = 2; - } - - if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on'){ - echo - ' -<script type="text/javascript"> -jQuery("#msg' . $msg . 'Text").remove(); -jQuery("#UpdateMsg' . $msg . '").append(\'<span id="msg' . $msg . 'Text">' . $text . '</span>\'); -</script> - '; - ob_flush(); - apc_clear_cache(); - - }else{ - echo "\n" . $type . ': ' . $text; - } - -} - -// returns array that matches pattern, option to replace objects in matches -function snortScanDirFilter2($arrayList, $pattmatch, $pattreplace, $pattreplacewith) -{ - foreach ( $arrayList as $val ) - { - if (preg_match($pattmatch, $val, $matches)) { - if ($pattreplace != '') { - $matches2 = preg_replace($pattreplace, $pattreplacewith, $matches[0]); - $filterDirList[] = $matches2; - }else{ - $filterDirList[] = $matches[0]; - } - } - } - return $filterDirList; -} - -// set page vars -$generalSettings = snortSql_fetchAllSettings2('snortDB', 'SnortSettings', 'id', '1'); - -// Setup file names and dir -$tmpfname = '/usr/local/etc/snort/snort_download'; -$snortdir = '/usr/local/etc/snort'; -$snortdir_rules = '/usr/local/etc/snort/snortDBrules/snort_rules'; -$emergingdir_rules = '/usr/local/etc/snort/snortDBrules/emerging_rules'; -$pfsensedir_rules = '/usr/local/etc/snort/snortDBrules/pfsense_rules'; -$customdir_rules = '/usr/local/etc/snort/snortDBrules/custom_rules'; -$snort_filename_md5 = 'snortrules-snapshot-2905.tar.gz.md5'; -$snort_filename = 'snortrules-snapshot-2905.tar.gz'; -$emergingthreats_filename_md5 = 'emerging.rules.tar.gz.md5'; -$emergingthreats_filename = 'emerging.rules.tar.gz'; -$pfsense_rules_filename_md5 = 'pfsense_rules.tar.gz.md5'; -$pfsense_rules_filename = 'pfsense_rules.tar.gz'; - -// START of MAIN function -function sendUpdateSnortLogDownload($console) -{ - - if ($console === 'console'){ - $GLOBALS['tmp']['snort']['downloadupdate']['console'] = 'on'; - } - - if ($console !== 'console') { - - echo - ' -<script type="text/javascript"> -jQuery.fn.centerModal = function () { - this.css("position","absolute"); - this.css("top", 70 + "px"); - this.css("left", ((jQuery(window).width() - this.outerWidth()) / 2) + jQuery(window).scrollLeft() + "px"); - return this; -} -jQuery("#loadingRuleUpadteGUI").show(); -jQuery(".snortModalUpdate").centerModal(); -jQuery("#pb4").progressBar(0, { showText: true, barImage: "/snort/images/progress_bar2.gif", width: 560, height: 43} ); -</script> - '; - - } - - - //bring in the global vars - global $generalSettings, $tmpfname, $snortdir, $snortdir_rules, $emergingdir_rules, $pfsensedir_rules, $customdir_rules, $snort_filename_md5, $snort_filename, $emergingthreats_filename_md5, $emergingthreats_filename, $pfsense_rules_filename_md5, $pfsense_rules_filename; - - /* Make shure snortdir exits */ - if (!file_exists("{$snortdir}")) { - exec("/bin/mkdir -p {$snortdir}"); - } - if (!file_exists("{$tmpfname}")) { - exec("/bin/mkdir -p {$tmpfname}"); - } - if (!file_exists("{$snortdir_rules}")) { - exec("/bin/mkdir -p {$snortdir_rules}"); - } - if (!file_exists("{$emergingdir_rules}")) { - exec("/bin/mkdir -p {$emergingdir_rules}"); - } - if (!file_exists("{$pfsensedir_rules}")) { - exec("/bin/mkdir -p {$pfsensedir_rules}"); - } - if (!file_exists("{$customdir_rules}")) { - exec("/bin/mkdir -p {$customdir_rules}"); - } - if (!file_exists("{$snortdir}/signatures")) { - exec("/bin/mkdir -p {$snortdir}/signatures"); - } - if (!file_exists('/usr/local/lib/snort/dynamicrules/')) { - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - } - - - /* Set user agent to Mozilla */ - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - ini_set("memory_limit","150M"); - - - // Get file that does not use redirects, mostly for none snort.org downloads - function snort_file_get_contents($tmpfname, $snort_filename, $snort_UrlGet) - { - if (!file_exists("{$tmpfname}/{$snort_filename}") || filesize("{$tmpfname}/{$snort_filename}") <= 0){ - update_output_window2('ms2', 'Downloading ' . $snort_filename. ' MD5...'); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $file = file_get_contents("$snort_UrlGet/{$snort_filename}"); // use a @ infront of file_get_contents when in production - $f = fopen("{$tmpfname}/{$snort_filename}", 'w'); - fwrite($f, $file); - fclose($f); - update_output_window2('ms2', 'Finnished Downloading ' . $snort_filename. ' MD5...'); - } - } - - function read_header2($ch, $string) { - global $file_size, $fout; - $length = strlen($string); - $regs = ""; - ereg("(Content-Length:) (.*)", $string, $regs); - if($regs[2] <> "") { - $file_size = intval($regs[2]); - } - ob_flush(); - return $length; - } - - function read_body2($ch, $string) { - global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; - global $pkg_interface; - $length = strlen($string); - $downloaded += intval($length); - if($file_size > 0) { - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - } else - $downloadProgress = 0; - if($lastseen <> $downloadProgress and $downloadProgress < 101) { - if($sendto == "status") { - if($pkg_interface == "console") { - if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { - $tostatus = $static_status . $downloadProgress . "%"; - update_status($tostatus); - } - } else { - $tostatus = $static_status . $downloadProgress . "%"; - update_status($tostatus); - } - } else { - if($pkg_interface == "console") { - if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { - $tooutput = $static_output . $downloadProgress . "%"; - update_output_window($tooutput); - } - } else { - $tooutput = $static_output . $downloadProgress . "%"; - update_output_window($tooutput); - } - } - update_progress_bar($downloadProgress); - $lastseen = $downloadProgress; - } - if($fout) - fwrite($fout, $string); - ob_flush(); - return $length; - } - - /* - * update_progress_bar($percent): updates the javascript driven progress bar. - */ - function update_progress_bar2($percent, $file_size, $downloaded) - { - if ($GLOBALS['tmp']['snort']['downloadupdate']['console'] != 'on') { - if (!empty($percent)) { - echo - ' -<script type="text/javascript"> -jQuery("#pb4").progressBar(' . $percent . ', { showText: true, barImage: "/snort/images/progress_bar2.gif", width: 560, height: 43} ); -</script> - '; - } - - }else{ - echo "\n" . 'percent: ' . $percent . ' filesize: ' . $file_size . ' downloaded: ' . $downloaded; - } - } - - - function read_body_firmware($ch, $string) - { - global $fout, $file_size, $downloaded, $counter; - $length = strlen($string); - $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - $counter++; - if($counter > 150) { - update_progress_bar2($downloadProgress, $file_size, $downloaded); - flush(); - $counter = 0; - } - fwrite($fout, $string); - return $length; - } - - function download_file_with_progress_bar2($url_file, $destination, $workingfile, $readbody = 'read_body2') - { - global $ch, $fout, $file_size, $downloaded; - $file_size = 1; - $downloaded = 1; - $destination_file = $destination . '/' . $workingfile; - - /* open destination file */ - $fout = fopen($destination_file, "wb"); - - /* - * Originally by Author: Keyvan Minoukadeh - * Modified by Scott Ullrich to return Content-Length size - */ - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url_file); - curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header2'); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); - curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); - curl_setopt($ch, CURLOPT_TIMEOUT, 0); - - curl_exec($ch); - $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if($fout) - fclose($fout); - curl_close($ch); - return ($http_code == 200) ? true : $http_code; - } - -// ----------------------------------------------------- Begin Code -------------------------------------------- - - - // rm all tmp filea - @exec("/bin/rm -r $tmpfname/*"); - - // Set all downloads to be false, download by default - - $snort_md5_check_ok = false; - $emerg_md5_check_ok = false; - $pfsense_md5_check_ok = false; - - // define checks - $oinkid = $generalSettings['oinkmastercode']; - - $emergingthreatscode = $generalSettings['emergingthreatscode']; - - // dsable downloads if there settings are off - if ($generalSettings['snortdownload'] === 'off') { - $snort_md5_check_ok = true; - } - - if ($generalSettings['emergingthreatsdownload'] == 'off') { - $emerg_md5_check_ok = true; - } - - if ($oinkid == '' && $generalSettings['snortdownload'] === 'on') { - update_output_window2('ms1', 'Snort Error!'); - update_output_window2('ms2', 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'"); - return false; - } - - if ($emergingthreatscode === '' && $generalSettings['snortdownload'] === 'pro') { - update_output_window2('ms1', 'Snort Error!'); - update_output_window2('ms2', 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.'); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an emergingthreat pro id from emergingthreatspro.com and set its value in the Snort settings tab.'"); - return false; - } - - if ($generalSettings['snortdownload'] === 'off' && $generalSettings['emergingthreatsdownload'] === 'off') { // note: basic and pro - update_output_window2('ms1', 'Snort Error!'); - update_output_window2('ms2', 'SnortStartup: No rules have been selected to download.'); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'"); - return false; - } - - /* - * Check MD5s and MARK - * - */ - - update_output_window2('ms1', 'Starting MD5 checks...'); - - // check is we need to wait - update_output_window2('ms2', 'Checking Wait Status for Snort.org...'); - $getSnort_filename_Waittime_chk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', $snort_filename); - - if (date(U) > $getSnort_filename_Waittime_chk['waittime'] + 900) { - update_output_window2('ms2', 'Snort.org Wait Time Status: OK...'); - }else{ - update_output_window2('ms2', 'Snort.org Wait Time Status: Wait 15 min Please...'); - $snort_md5_check_ok = true; - $snort_wait = true; - } - - // check is we need to wait - update_output_window2('ms2', 'Checking Wait Status for Emergingthreats.net...'); - $getEmergingthreats_filename_Waittime_chk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', $emergingthreats_filename); - - if (date(U) > $getEmergingthreats_filename_Waittime_chk['waittime'] + 900) { - update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: OK...'); - }else{ - update_output_window2('ms2', 'Emergingthreats.net Wait Time Status: Wait 15 min Please...'); - $emerg_md5_check_ok = true; - $emerg_wait = true; - } - - // if all rules need wait stop - if ($snort_wait === true && $emerg_wait === true) { - return false; - } - - // download snort.org md5 and compare - if ($snort_md5_check_ok === false) { - - snort_file_get_contents($tmpfname, $snort_filename_md5, 'http://www.snort.org/pub-bin/oinkmaster.cgi/' . $oinkid); - snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename_md5); // finsh percent - - // if snort.org md5 do not match - if(snortCmpareMD5('string', $tmpfname, $snortdir_rules, $snort_filename_md5)) { - $snort_md5_check_ok = true; - } - - } - - // download emergingthreats.net md5 and compare - if ($emerg_md5_check_ok === false) { - - snort_file_get_contents($tmpfname, $emergingthreats_filename_md5, 'http://rules.emergingthreats.net/open/snort-2.9.0'); - snortSql_updateRuleSetList('percent', '100', '', '', $emergingthreats_filename_md5); // finsh percent - - // if emergingthreats.net md5 do not match - if(snortCmpareMD5('string', $tmpfname, $emergingdir_rules, $emergingthreats_filename_md5)) { - $emerg_md5_check_ok = true; - } - - } - - // download pfsense.org md5 and compare - snort_file_get_contents($tmpfname, $pfsense_rules_filename_md5, 'http://www.pfsense.com/packages/config/snort/pfsense_rules'); - snortSql_updateRuleSetList('percent', '100', '', '', $pfsense_rules_filename_md5); // finsh percent - - // if pfsense.org md5 do not match - if(snortCmpareMD5('string', $tmpfname, $pfsensedir_rules, $pfsense_rules_filename_md5)) { - $pfsense_md5_check_ok = true; - } - - /* - * If all rule type is not check clean up. - */ - - /* Make Clean Snort Directory emergingthreats not checked */ - if ($snort_md5_check_ok === false && $emergingthreatsdownload === 'off') { - update_output_window2('ms1', 'Cleaning the emergingthreats Directory...'); - exec("/bin/rm {$snortdir}/emerging_rules/*.rules"); - exec("/bin/rm {$snortdir}/version.txt"); - update_output_window2('ms2', 'Done cleaning emrg direcory.'); - } - - /* Make Clean Snort Directory snort.org not checked */ - if ($emerg_md5_check_ok === false && $snortdownload !== 'on') { - update_output_window2('ms1', 'Cleaning the snort Directory...'); - exec("/bin/rm {$snortdir}/snort_rules/*.rules"); - exec("/bin/rm {$snortdir}/snortrules-snapshot-2905.tar.gz.md5"); - update_output_window2('ms2', 'Done cleaning snort direcory.'); - } - - - /* Check if were up to date exits */ - if ($snort_md5_check_ok === true && $emerg_md5_check_ok === true && $pfsense_md5_check_ok === true) { - update_output_window2('ms1', 'Your rules are up to date...'); - return false; - } - - - /* You are Not Up to date, always stop snort when updating rules for low end machines */; - update_output_window2('ms1', 'You are NOT up to date...'); - update_output_window2('ms2', 'Stopping Snort and Barnyard2 service...'); - $chk_if_snort_up = exec('pgrep -x snort'); - $chk_if_barnyad_up = exec('pgrep -x barnyad2'); - if ($chk_if_snort_up != '') { - exec('/usr/bin/touch /tmp/snort_download_halt.pid'); // IMPORTANT: incase of script crash or error, Mabe use DB - exec('/usr/bin/killall snort'); - if ($chk_if_barnyad_up != ''){ - exec('/usr/bin/killall barnyad2'); - } - sleep(2); - } - - - /* download snortrules file */ - if ($snort_md5_check_ok === false) { - - $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $snort_filename; - update_output_window2('ms1', 'Snort.org: Starting Download...'); - update_output_window2('ms2', 'May take a while...'); - download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware"); - //download_file_with_progress_bar2("http://theseusnetworking.com/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname, $snort_filename, "read_body_firmware"); - update_progress_bar2(100, '', ''); // finsh percent - snortSql_updateRuleSetList('percent', '100', '', '', $snort_filename); // finsh percent, add date time finnished - update_output_window2('ms2', 'Snort.org: Finished Download...'); - - // if md5 does not match then the file is bad or snort.org says wait 15 min - update_output_window2('ms1', 'Snort.org MD5 File Check ...'); - if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $snort_filename)) { - - $snort_filename_wait_ck = exec("/usr/bin/egrep '\bYou must wait 15\b' {$tmpfname}/{$snort_filename}"); - if ($snort_filename_wait_ck != '') { - update_output_window2('ms2', 'Snort.org: You must wait 15 min...'); - } - - // disable snort.org download - $snort_md5_check_ok = true; - $snort_filename_corrupted = true; - - } - } - - /* download emergingthreats file */ - if ($emerg_md5_check_ok === false) { - - $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $emergingthreats_filename; - update_output_window2('ms1', 'Emergingthreats.net: Starting Download...'); - update_output_window2('ms2', 'May take a while...'); - download_file_with_progress_bar2("http://rules.emergingthreats.net/open/snort-2.9.0/{$emergingthreats_filename}", $tmpfname, $emergingthreats_filename, "read_body_firmware"); - update_progress_bar2(100, '', ''); // finsh percent - snortSql_updateRuleSetList('percent', '100', '', '', $emergingthreats_filename); // finsh percent - update_output_window2('ms2', 'Emergingthreats.net: Finished Download...'); - - // if md5 does not match then the file is bad or snort.org says wait 15 min - update_output_window2('ms1', 'Emergingthreats MD5 File Check ...'); - if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $emergingthreats_filename)) { - - // disable snort.org download - $emerg_md5_check_ok = true; - $emerg_filename_corrupted = true; - - } - } - - /* download pfsense rule file */ - if ($pfsense_md5_check_ok === false) { - - $GLOBALS['tmp']['snort']['downloadupdate']['workingfile'] = $pfsense_rules_filename; - update_output_window2('ms1', 'pfSense.org: Starting Download...'); - update_output_window2('ms2', 'May take a while...'); - download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/{$pfsense_rules_filename}", $tmpfname, $pfsense_rules_filename, "read_body_firmware"); - update_progress_bar2(100, '', ''); // finsh percent - snortSql_updateRuleSetList('percent', '100', '', '', $pfsense_rules_filename); // finsh percent - update_output_window2('ms2', 'pfSense.org: Finished Download...'); - - // if md5 does not match then the file is bad or snort.org says wait 15 min - update_output_window2('ms1', 'pfSense.org MD5 File Check ...'); - if (!snortCmpareMD5('md5FileChk', $tmpfname, '', $pfsense_rules_filename)) { - - // disable snort.org download - $pfsense_md5_check_ok = true; - - } - } - - // if both files are corrupted stop - if ($snort_filename_corrupted === true && $emerg_filename_corrupted === true) { - update_output_window2('ms1', 'Snort.org and Emergingthreats.net files are corrupted.'); - update_output_window2('ms2', 'Stoping Script...'); - return false; - } - - /* - * START: Untar Files - */ - - // Untar snort rules file individually to help people with low system specs - if ($snort_md5_check_ok === false && file_exists("{$tmpfname}/{$snort_filename}")) { - - update_output_window2('ms1', 'Extracting Snort.org rules...'); - update_output_window2('ms2', 'May take a while...'); - - function build_SnortRuleDir() - { - global $tmpfname, $snortdir, $snortdir_rules, $snort_filename; - - // find out if were in 1.2.3-RELEASE - $pfsense_ver_chk = exec('/bin/cat /etc/version'); - if ($pfsense_ver_chk === '1.2.3-RELEASE') { - $pfsense_stable = 'yes'; - }else{ - $pfsense_stable = 'no'; - } - - // get the system arch - $snort_arch_ck = exec('/usr/bin/uname -m'); - if ($snort_arch_ck === 'i386') { - $snort_arch = 'i386'; - }else{ - $snort_arch = 'x86-64'; // amd64 - } - - if ($pfsense_stable === 'yes') { - $freebsd_version_so = 'FreeBSD-7-3'; - }else{ - $freebsd_version_so = 'FreeBSD-8-1'; - } - - // extract snort.org rules and add prefix to all snort.org files - @exec("/bin/rm -r {$snortdir_rules}/rules"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} rules/"); - - $snort_dirList = scandir("{$snortdir_rules}/rules"); // Waning: only in php 5 - $snortrules_filterList = snortscandirfilter2($snort_dirList, '/.*\.rules/', '/\.rules/', ''); - - if (!empty($snortrules_filterList)) { - foreach ($snortrules_filterList as $snort_rule_move) - { - exec("/bin/mv -f {$snortdir_rules}/rules/{$snort_rule_move}.rules {$snortdir_rules}/rules/snort_{$snort_rule_move}.rules"); - } - } - - // extract so rules - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/"); - exec("/bin/mv -f {$snortdir_rules}/so_rules/precompiled/$freebsd_version_so/$snort_arch/2.9.0.5/* /usr/local/lib/snort/dynamicrules/"); - - // list so_rules and exclude dir - exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list); - - $so_rulesPattr = array('/\//', '/\.rules/'); - $so_rulesPattw = array('', ''); - - // build list of so rules - $so_rules_filterList = snortscandirfilter2($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw); - - if (!empty($so_rules_filterList)) { - // cp rule to so tmp dir - foreach ($so_rules_filterList as $so_rule) - { - - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir_rules} so_rules/{$so_rule}.rules"); - - } - // mv and rename so rules - foreach ($so_rules_filterList as $so_rule_move) - { - exec("/bin/mv -f {$snortdir_rules}/so_rules/{$so_rule_move}.rules {$snortdir_rules}/rules/snort_{$so_rule_move}.so.rules"); - } - } - - exec("/bin/rm -r {$snortdir_rules}/so_rules"); - - // extract base etc files - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - - } - build_SnortRuleDir(); - // cp md5 to main snort dir - exec("/bin/cp {$tmpfname}/{$snort_filename_md5} {$snortdir_rules}/{$snort_filename_md5}"); - update_output_window2('ms2', 'Done extracting Snort.org Rules.'); - } - - /* Untar emergingthreats rules to tmp */ - if ($emerg_md5_check_ok === false && file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - update_output_window2('ms1', 'Extracting Emergingthreats Rules...'); - update_output_window2('ms2', 'May take a while...'); - @exec("/bin/rm -r {$emergingdir_rules}/rules"); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$emergingdir_rules} rules/"); - exec("/bin/cp {$tmpfname}/{$emergingthreats_filename_md5} {$emergingdir_rules}/{$emergingthreats_filename_md5}"); - update_output_window2('ms2', 'Done extracting Emergingthreats.net Rules.'); - } - } - - /* Untar Pfsense rules to tmp */ - if ($pfsense_md5_check_ok === false && file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_output_window2('ms1', 'Extracting Pfsense rules...'); - update_output_window2('ms1', 'May take a while...'); - @exec("/bin/rm -r {$pfsensedir_rules}/rules"); - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$pfsensedir_rules} rules/"); - exec("/bin/cp {$tmpfname}/{$pfsense_rules_filename_md5} {$pfsensedir_rules}/{$pfsense_rules_filename_md5}"); - update_output_window2('ms2', 'Done extracting pfSense.org Rules.'); - - } - } - - /* double make shure cleanup emerg rules that dont belong */ - if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); - } - - // make sure default rules are in the right format - update_output_window2('ms1', 'Reformatting Rules To One Standard...'); - update_output_window2('ms2', 'Please Wait...'); - exec("/usr/bin/sed -i '' 's/^[ \t]*//' {$snortdir_rules}/rules/*.rules"); // remove white spaces from begining of line - exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' {$snortdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' {$snortdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' {$snortdir_rules}/rules/*.rules"); - - exec("/usr/bin/sed -i '' 's/^[ \t]*//' {$emergingdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' {$emergingdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' {$emergingdir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' {$emergingdir_rules}/rules/*.rules"); - - exec("/usr/bin/sed -i '' 's/^[ \t]*//' {$pfsensedir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' {$pfsensedir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' {$pfsensedir_rules}/rules/*.rules"); - exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' {$pfsensedir_rules}/rules/*.rules"); - update_output_window2('ms2', 'Done...'); - - /* create a msg-map for snort */ - update_output_window2('ms1', 'Updating Alert Sid Messages...'); - update_output_window2('ms2', 'Please Wait...'); - exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$snortdir_rules}/rules > /usr/local/etc/snort/etc/sid-msg.map"); - exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$emergingdir_rules}/rules >> /usr/local/etc/snort/etc/sid-msg.map"); - exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl {$pfsensedir_rules}/rules >> /usr/local/etc/snort/etc/sid-msg.map"); - update_output_window2('ms2', 'Done...'); - - // create default dir - if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/default/rules'); - } - - // cp new rules to default dir - exec('/bin/rm /usr/local/etc/snort/snortDBrules/DB/default/rules/*.rules'); - exec("/bin/cp {$snortdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/default/rules"); - exec("/bin/cp {$emergingdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/default/rules"); - exec("/bin/cp {$pfsensedir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/default/rules"); - - - // reapplay rules from DB cp base rules to dirs - $sidOnOff_array = snortSql_fetchAllSettings2('snortDBrules', 'Snortrules', 'All', ''); - - if (!empty($sidOnOff_array)) { - update_output_window2('ms1', 'Reapplying User Settings...'); - update_output_window2('ms2', 'Please Wait...'); - foreach ($sidOnOff_array as $preSid_Array) - { - if (!file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules")) { - exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules"); - } - - exec("/bin/rm /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules/*.rules"); - exec("/bin/cp {$snortdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules"); - exec("/bin/cp {$emergingdir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules"); - exec("/bin/cp {$pfsensedir_rules}/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$preSid_Array['uuid']}/rules"); - reapplyRuleSettings_run($preSid_Array['uuid']); - update_output_window2('ms2', 'Done...'); - } - } - - // cp snort conf's to Ifaces - $ifaceConfMaps_array = snortSql_fetchAllSettings2('snortDB', 'SnortIfaces', 'All', ''); - - if (!empty($ifaceConfMaps_array)) { - update_output_window2('ms1', 'Reapplying User Settings...'); - update_output_window2('ms2', 'Please Wait...'); - foreach ($ifaceConfMaps_array as $preIfaceConfMaps_array) - { - // create iface dir if missing - if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}")) { - exec("/bin/mkdir -p /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - } - - // create rules dir soft link if setting is default - if ($preIfaceConfMaps_array['ruledbname'] === 'default' || $preIfaceConfMaps_array['ruledbname'] === '') { - if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { - exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/default/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules"); - } - } - - // create rules dir soft link if setting is not default - if ($preIfaceConfMaps_array['ruledbname'] !== 'default' || $preIfaceConfMaps_array['ruledbname'] != '') { - if (!file_exists("/usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules") && file_exists("/usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules")) { - exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$preIfaceConfMaps_array['ruledbname']}/rules /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}/rules"); - } - } - - exec("/bin/cp {$snortdir}/etc/*.config /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - exec("/bin/cp {$snortdir}/etc/*.conf /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - exec("/bin/cp {$snortdir}/etc/*.map /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - exec("/bin/cp {$snortdir}/etc/generators /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - exec("/bin/cp {$snortdir}/etc/sid /usr/local/etc/snort/sn_{$preIfaceConfMaps_array['uuid']}"); - - reapplyRuleSettings_run($preSid_Array['uuid']); - update_output_window2('ms2', 'Done...'); - } - } - - - // remove old $tmpfname files */ - update_output_window2('ms1', 'Removing old files...'); - update_output_window2('ms2', 'Working...'); - if (file_exists('/usr/local/etc/snort/tmp')) { - exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); - exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk"); - apc_clear_cache(); - } - update_output_window2('ms2', 'Done...'); - - // php code to flush out cache some people are reportting missing files this might help - apc_clear_cache(); - exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); - - // make all dirs snorts - exec("/usr/sbin/chown -R snort:snort /var/log/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); - exec("/bin/chmod -R 755 /var/log/snort"); - exec("/bin/chmod -R 755 /usr/local/etc/snort"); - exec("/bin/chmod -R 755 /usr/local/lib/snort"); - - - update_output_window2('ms1', 'Finnished Updateing...'); - update_output_window2('ms2', 'Finnished Updateing...'); - - - // if snort is running hard restart, if snort is not running do nothing - - // TODO: Restart Ifaces - -// ----------------------------------------------------- End Code -------------------------------------------- - -} // -------------------- END Main function ------------ - -//$argv[1] = 'console'; - - //$getWorkerStat = snortSql_fetchAllSettings2('snortDBtemp', 'RegisterWorker', 'uuid', 'jdjEf!773&h3bhFd6A'); - - //if ($getWorkerStat['working'] !== 'on') { - //snortSql_updateRuleSetList2('working', 'on', '', '', ''); // Register Worker on - //sendUpdateSnortLogDownload($argv[1]); // start main function - //snortSql_updateRuleSetList2('working', 'off', '', '', ''); // Register Worker off - //} - - - - - -?>
\ No newline at end of file diff --git a/config/snort-dev/snortsam-package-code/snort_download_updates.php b/config/snort-dev/snortsam-package-code/snort_download_updates.php deleted file mode 100644 index 445671bd..00000000 --- a/config/snort-dev/snortsam-package-code/snort_download_updates.php +++ /dev/null @@ -1,365 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - */ - -// disable csrf for downloads, progressbar did not work because of this -$nocsrf = true; - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort_download_rules.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// set page vars -if (isset($_GET['updatenow'])) { - $updatenow = $_GET['updatenow']; -} - -header("Cache-Control: no-cache, must-revalidate"); -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); - -// get dates of md5s - -$tmpSettingsSnort = 'N/A'; -$tmpSettingsSnortChk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', 'snortrules-snapshot-2905.tar.gz'); -if (!empty($tmpSettingsSnortChk)) { - $tmpSettingsSnort = date('l jS \of F Y h:i:s A', $tmpSettingsSnortChk[date]); -} - -$tmpSettingsEmerging = 'N/A'; -$tmpSettingsEmergingChk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', 'emerging.rules.tar.gz'); -if (!empty($tmpSettingsEmergingChk)) { - $tmpSettingsEmerging = date('l jS \of F Y h:i:s A', $tmpSettingsEmergingChk[date]); -} - -$tmpSettingsPfsense = 'N/A'; -$tmpSettingsPfsenseChk = snortSql_fetchAllSettings2('snortDBtemp', 'SnortDownloads', 'filename', 'pfsense_rules.tar.gz'); -if (!empty($tmpSettingsPfsenseChk)) { - $tmpSettingsPfsense = date('l jS \of F Y h:i:s A', $tmpSettingsPfsenseChk[date]); -} - -// get rule on stats -$generalSettings = snortSql_fetchAllSettings2('snortDB', 'SnortSettings', 'id', '1'); - -$snortMd5CurrentChk = @file_get_contents('/usr/local/etc/snort/snortDBrules/snort_rules/snortrules-snapshot-2905.tar.gz.md5'); - -$snortDownlodChkMark = ''; -if ($generalSettings[snortdownload] === 'on') { - $snortDownlodChkMark = 'checked="checked"'; -} - -$snortMd5Current = 'N/A'; -if (!empty($snortMd5CurrentChk)) { - preg_match('/^\".*\"/', $snortMd5CurrentChk, $snortMd5Current); - if (!empty($snortMd5Current[0])) { - $snortMd5Current = preg_replace('/\"/', '', $snortMd5Current[0]); - } -} - -$emergingMd5CurrentChk = @file_get_contents('/usr/local/etc/snort/snortDBrules/emerging_rules/emerging.rules.tar.gz.md5'); - -$emerginDownlodChkMark = ''; -if ($generalSettings[emergingthreatsdownload] !== 'off') { - $emerginDownlodChkMark = 'checked="checked"'; -} - -$emergingMd5Current = 'N/A'; -if (!empty($emergingMd5CurrentChk)) { - $emergingMd5Current = $emergingMd5CurrentChk; -} - -$pfsenseMd5CurrentChk = @file_get_contents('/usr/local/etc/snort/snortDBrules/pfsense_rules/pfsense_rules.tar.gz.md5'); - -$pfsenseMd5Current = 'N/A'; -if (!empty($pfsenseMd5CurrentChk)) { - preg_match('/^\".*\"/', $pfsenseMd5CurrentChk, $pfsenseMd5Current); - if (!empty($pfsenseMd5Current[0])) { - $pfsenseMd5Current = preg_replace('/\"/', '', $pfsenseMd5Current[0]); - } -} - - $pgtitle = 'Services: Snort: Updates'; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading update msg --> -<div id="loadingRuleUpadteGUI"> - - <div class="snortModalUpdate"> - <div class="snortModalTopUpdate"> - <div class="snortModalTopClose"> - <!-- <a href="javascript:hideLoading('#loadingRuleUpadteGUI');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a> --> - </div> - </div> - <p id="UpdateMsg1" class="snortModalTitleUpdate snortModalTitleUpdateMsg1"> - </p> - <div class="snortModalTitleUpdate snortModalTitleUpdateBar"> - <table width="600px" height="43px" border="0" cellpadding="0" cellspacing="0"> - <tr><td><span class="progressBar" id="pb4"></span></td></tr> - </table> - </div> - <p id="UpdateMsg2" class="snortModalTitleUpdate snortModalTitleUpdateMsg2"> - </p> - </div> - -</div> - - -<?php include("fbegin.inc"); ?> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 790px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li class="newtabmenu_active"><a href="/snort/snort_download_rules.php"><span>Rule Update</span></a></li> - <!-- <li><a href="#"><span>Upload Custom Rules</span></a></li> --> - <!-- <li><a href="#"><span>Gui Update</span></a></li> --> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> - <!-- START MAIN AREA --> - - - <!-- start Interface Satus --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="maintable77" > - <td colspan="2" valign="top" class="listtopic2"> - Rule databases that are ready to be updated. - </td> - <td width="6%" colspan="2" valign="middle" class="listtopic3" > - </td> - </tr> - </table> -<br> - - <!-- start User Interface --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="maintable77" > - <td colspan="2" valign="top" class="listtopic">SIGNATURE RULESET DATABASES:</td> - </tr> - </table> - - - <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> - - <td class="list" ></td> - <td class="list" valign="middle" > - - <tr id="frheader" > - <td width="1%" class="listhdrr2">On</td> - <td width="25%" class="listhdrr2">Signature DB Name</td> - <td width="35%" class="listhdrr2">MD5 Version</td> - <td width="38%" class="listhdrr2">Last Rule DB Date</td> - <td width="1%" class="listhdrr2"> </td> - </tr> - - <!-- START javascript sid loop here --> - <tbody class="rulesetloopblock"> - -<tr id="fr0" valign="top"> -<td class="odd_ruleset2"> -<input class="domecheck" name="filenamcheckbox2[]" value="1292" <?=$snortDownlodChkMark;?> type="checkbox" disabled="disabled" > -</td> -<td class="odd_ruleset2" id="frd0">SNORT.ORG</td> -<td class="odd_ruleset2" id="frd0"><?=$snortMd5Current;?></td> -<td class="listbg" id="frd0"><font color="white"><?=$tmpSettingsSnort;?></font></td> -<td class="odd_ruleset2"> -<img src="/themes/pfsense_ng/images/icons/icon_alias_url_reload.gif" title="edit rule" width="17" border="0" height="17"> -</td> -</tr> - -<tr id="fr0" valign="top"> -<td class="odd_ruleset2"> -<input class="domecheck" name="filenamcheckbox2[]" value="1292" <?=$emerginDownlodChkMark;?> type="checkbox" disabled="disabled" > -</td> -<td class="odd_ruleset2" id="frd0">EMERGINGTHREATS.NET</td> -<td class="odd_ruleset2" id="frd0"><?=$emergingMd5Current;?></td> -<td class="listbg" id="frd0"><font color="white"><?=$tmpSettingsEmerging; ?></font></td> -<td class="odd_ruleset2"> -<img src="/themes/pfsense_ng/images/icons/icon_alias_url_reload.gif" title="edit rule" width="17" border="0" height="17"> -</td> -</tr> - -<tr id="fr0" valign="top"> -<td class="odd_ruleset2"> -<input class="domecheck" name="filenamcheckbox2[]" value="1292" checked="checked" type="checkbox" disabled="disabled" > -</td> -<td class="odd_ruleset2" id="frd0">PFSENSE.ORG</td> -<td class="odd_ruleset2" id="frd0"><?=$pfsenseMd5Current;?></td> -<td class="listbg" id="frd0"><font color="white"><?=$tmpSettingsPfsense;?></font></td> -<td class="odd_ruleset2"> -<img src="/themes/pfsense_ng/images/icons/icon_alias_url_reload.gif" title="edit rule" width="17" border="0" height="17"> -</td> -</tr> - - </tbody> - <!-- STOP javascript sid loop here --> - - </td> - <td class="list" colspan="8"></td> - - </table> - <br> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <input id="openupdatebox" type="submit" class="formbtn" value="Update"> - </td> - </tr> - </table> - <br> - - <!-- stop snortsam --> - - <!-- STOP MAIN AREA --> - </div> - </td> - </tr> -</table> -</div> - -<!-- start info box --> - -<br> - -<div style="width:790px; background-color: #dddddd;" id="mainarea4"> -<div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> -<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr > - <td width="10%" valign="middle" > - <img style="vertical-align: middle;" src="/snort/images/icon_excli.png" width="40" height="32"> - </td> - <td width="90%" valign="middle" > - <span class="red"><strong>Note:</strong></span> - <strong> Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</strong> - </td> - </tr> -</table> -</div> -</div> - - -<script type="text/javascript"> - - -//prepare the form when the DOM is ready -jQuery(document).ready(function() { - - jQuery('.closeupdatebox').live('click', function(){ - var url = '/snort/snort_download_updates.php'; - window.location = url; - }); - - jQuery('#openupdatebox').live('click', function(){ - var url = '/snort/snort_download_updates.php?updatenow=1'; - window.location = url; - }); - -}); // end of document ready - -</script> - -<?php - -if ($updatenow == 1) { - sendUpdateSnortLogDownload(''); // start main function - echo ' - <script type="text/javascript"> - jQuery(\'.snortModalTopClose\').append(\'<img class="icon_click closeupdatebox" src="/snort/images/close_9x9.gif" border="0" height="9" width="9">\'); - </script> - '; -} - -?> - - -<!-- stop info box --> - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_gui.inc b/config/snort-dev/snortsam-package-code/snort_gui.inc deleted file mode 100644 index d0a778ae..00000000 --- a/config/snort-dev/snortsam-package-code/snort_gui.inc +++ /dev/null @@ -1,83 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -//include_once("/usr/local/pkg/snort/snort.inc"); - -function print_info_box_np2($msg) { - global $config, $g; - - echo "<table height=\"32\" width=\"100%\">\n"; - echo " <tr>\n"; - echo " <td>\n"; - echo " <div style='background-color:#990000' id='redbox'>\n"; - echo " <table width='100%'><tr><td width='8%'>\n"; - echo " <img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n"; - echo " </td>\n"; - echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n"; - echo " </td>"; - if(stristr($msg, "apply") == true) { - echo " <td>"; - echo " <input name=\"apply\" type=\"submit\" class=\"formbtn\" id=\"apply\" value=\"Apply changes\">\n"; - echo " </td>"; - } - echo " </tr></table>\n"; - echo " </div>\n"; - echo " </td>\n"; - echo "</table>\n"; - echo "<script type=\"text/javascript\">\n"; - echo "NiftyCheck();\n"; - echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\");\n"; - echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n"; - echo "</script>\n"; - echo "\n<br>\n"; - - -} - -if ($config['version'] >= 6) { - $helplink = '<li><a href="/snort/help_and_info.php"><span>Help</span></a>'; -}else{ - $helplink = ' <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>'; -} - -?> diff --git a/config/snort-dev/snortsam-package-code/snort_head.inc b/config/snort-dev/snortsam-package-code/snort_head.inc deleted file mode 100644 index 2d5aadaa..00000000 --- a/config/snort-dev/snortsam-package-code/snort_head.inc +++ /dev/null @@ -1,148 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -/* - pfSense_MODULE: header -*/ - -/* - * if user has selected a custom template, use it. - * otherwise default to pfsense tempalte - */ -if (($g["disablethemeselection"] === true) && !empty($g["default_theme"]) && (is_dir($g["www_path"].'/themes/'.$g["default_theme"]))) - $g['theme'] = $g["default_theme"]; -elseif($config['theme'] <> "" && (is_dir($g["www_path"].'/themes/'.$config['theme']))) - $g['theme'] = $config['theme']; -else - $g['theme'] = "pfsense"; - -/* - * If this device is an apple ipod/iphone - * switch the theme to one that works with it. - */ -$lowres_ua = array("iPhone","iPod", "iPad", "Android"); -foreach($lowres_ua as $useragent) - if(strstr($_SERVER['HTTP_USER_AGENT'], $useragent)) - $g['theme'] = empty($g['theme_lowres']) ? "pfsense" : $g['theme_lowres']; - -$pagetitle = gentitle( $pgtitle ); - -?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html> -<head> - <title><?php echo($config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pagetitle); ?></title> - <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> - <link rel="apple-touch-icon" href="/themes/<?php echo $g['theme']; ?>/apple-touch-icon.png"/> - - <?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false && - file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?> - <?php echo "<style type=\"text/css\" src=\"/themes/{$g['theme']}/wizard.css\"></style>"; ?> - <?php else: ?> - <link rel="stylesheet" href="/themes/<?php echo $g['theme']; ?>/all.css" media="all" /> - <?php endif; ?> - <link rel="stylesheet" type="text/css" href="/niftycssCode.css"> - <link rel="stylesheet" type="text/css" href="/niftycssprintCode.css" media="print"> - <link rel="stylesheet" type="text/css" href="/themes/<?=$g['theme']?>/new_tab_menu.css" media="all"> - <script type="text/javascript" src="/javascript/niftyjsCode.js"></script> - <script type="text/javascript"> - var theme = "<?php echo $g['theme']; ?>"; - </script> - <?php echo "\t<script type=\"text/javascript\" src=\"/themes/{$g['theme']}/loader.js\"></script>\n"; ?> - -<?php - //<!-- snort custom javascript and css --> - echo "\n"; - include('/usr/local/pkg/snort/snort_headbase.inc'); - echo "\n"; - //<!-- snort custom javascript and css --> -?> - -<?php - if($_GET['enablefirebuglite']) { - echo "\t<script type=\"text/javascript\" src=\"/javascript/pi.js\"></script>\n"; - echo "\t<script type=\"text/javascript\" src=\"/javascript/firebug-lite.js\"></script>\n"; - } - echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/prototype.js\"></script>\n"; - echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/scriptaculous.js\"></script>\n"; - echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/effects.js\"></script>\n"; - echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/dragdrop.js\"></script>\n"; - if(file_exists("{$g['www_path']}/javascript/global.js")) - echo "\t<script type=\"text/javascript\" src=\"/javascript/global.js\"></script>\n"; - /* - * Find all javascript files that need to be included - * for this page ... from the arrays ... :) - * Coded by: Erik Kristensen - */ - - $dir = trim(basename($_SERVER["SCRIPT_FILENAME"], '.php')); - $path = "{$g['www_path']}/javascript/" . $dir . "/"; - if (is_dir($path)) { - if ($dh = opendir($path)) { - while (($file = readdir($dh)) !== false) { - if (is_dir($file)) - continue; - echo "\t<script type=\"text/javascript\" src=\"/javascript/{$dir}/{$file}\"></script>\n"; - } - closedir($dh); - } - } - - -if (!isset($closehead)) - echo "</head>"; - -/* If this page is being remotely managed then do not allow the loading of the contents. */ -if($config['remote_managed_pages']['item']) { - foreach($config['remote_managed_pages']['item'] as $rmp) { - if($rmp == $_SERVER['SCRIPT_NAME']) { - include("fbegin.inc"); - print_info_box_np("This page is currently being managed by a remote machine."); - include("fend.inc"); - exit; - } - } -} - -?> diff --git a/config/snort-dev/snortsam-package-code/snort_headbase.inc b/config/snort-dev/snortsam-package-code/snort_headbase.inc deleted file mode 100644 index 33bbd0ee..00000000 --- a/config/snort-dev/snortsam-package-code/snort_headbase.inc +++ /dev/null @@ -1,73 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ -?> - -<!-- START of Snort Package css and javascript --> - -<link rel="stylesheet" type="text/css" href="./css/style_snort2.css" media="all" /> - -<script type="text/javascript" src="/snort/javascript/jquery-1.6.2.min.js"></script> -<script type="text/javascript" src="/snort/javascript/snort_globalsend.js"></script> -<script type="text/javascript" src="/snort/javascript/jquery.form.js"></script> -<script type="text/javascript" src="/snort/javascript/jquery.progressbar.min.js"></script> - -<!-- STOP of Snort Package css and javascript --> - - -<?php -// this has to be loaded at the bottom -$snort_custom_rnd_box = ' -<script type="text/javascript" > - /* makes boxes round */ - /* load at bottom */ - NiftyCheck(); - Rounded("div#mainarea2","bl br tr","#FFF","#dddddd","smooth"); - Rounded("div#mainarea3","bl br tr","#FFF","#dddddd","smooth"); - Rounded("td#tdbggrey","bl br tr","#FFF","#dddddd","smooth"); - Rounded("td#tdbggrey2","bl br tr","#FFF","#dddddd","smooth"); - Rounded("div#mainarea4","all","#FFF","#dddddd","smooth"); - Rounded("div#mainarea6","all","#FFF","#dddddd","smooth"); - Rounded("div#mainarea5","all","#eeeeee","#dddddd","smooth"); -</script> -'; -?>
\ No newline at end of file diff --git a/config/snort-dev/snortsam-package-code/snort_help_info.php b/config/snort-dev/snortsam-package-code/snort_help_info.php deleted file mode 100644 index 616133ae..00000000 --- a/config/snort-dev/snortsam-package-code/snort_help_info.php +++ /dev/null @@ -1,353 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - - $pgtitle = 'Snort: Help and Info'; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - -<style type="text/css"> - -h1 { -font-size: 3em; -margin: 20px 0; -} - -.container2 { -width: 765px; -margin: 0px auto; -} -ul.tabs { - margin: 0; - padding: 0; - float: left; - list-style: none; - height: 25px; - border-bottom: 1px solid #999; - border-left: 1px solid #999; - width: 100%; -} -ul.tabs li { - float: left; - margin: 0; - padding: 0; - height: 24px; - line-height: 24px; - border: 1px solid #000000; - border-left: none; - margin-bottom: -1px; - background: #ffffff; - overflow: hidden; - position: relative; -} -ul.tabs li a { - text-decoration: none; - color: #000000; - display: block; - font-size: 1.2em; - padding: 0 20px; - border: 1px solid #fff; - outline: none; -} -ul.tabs li a:hover { - background: #eeeeee; -} - -html ul.tabs li.active, html ul.tabs li.active a:hover { - background: #fff; - border-bottom: 1px solid #fff; - color: #000000; -} -.tab_container { - border: 1px solid #999; - border-top: none; - clear: both; - float: left; - width: 100%; - background: #fff; - -moz-border-radius-bottomright: 5px; - -khtml-border-radius-bottomright: 5px; - -webkit-border-bottom-right-radius: 5px; - -moz-border-radius-bottomleft: 5px; - -khtml-border-radius-bottomleft: 5px; - -webkit-border-bottom-left-radius: 5px; -} -.tab_content { - padding: 0px 20px; - font-size: 1.2em; -} -.tab_content h2 { - font-weight: normal; - padding-bottom: 10px; - border-bottom: 1px dashed #ddd; - font-size: 1.8em; -} -.tab_content h3 a{ - color: #254588; -} -.tab_content img { - position:relative; - left:-19px; - margin: 0 0px 0px 0; - border: 1px solid #ddd; - padding: 5px; -} -</style> - -<script type="text/javascript"> - -jQuery(document).ready(function() { - - //Default Action - jQuery(".tab_content").hide(); //Hide all content - jQuery("ul.tabs li:first").addClass("active").show(); //Activate first tab - jQuery(".tab_content:first").show(); //Show first tab content - - //On Click Event - jQuery("ul.tabs li").click(function() { - jQuery("ul.tabs li").removeClass("active"); //Remove any "active" class - jQuery(this).addClass("active"); //Add "active" class to selected tab - jQuery(".tab_content").hide(); //Hide all tab content - var activeTab = jQuery(this).find("a").attr("href"); //Find the rel attribute value to identify the active tab + content - jQuery(activeTab).fadeIn(); //Fade in the active content - return false; - }); - -}); - -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> - -<noscript> -<div class="alert" ALIGN=CENTER><img src="../themes/<?php echo $g['theme']; ?>/images/icons/icon_alert.gif" /><strong> Please enable JavaScript to view this content</strong></div> -</noscript> - -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <div class="container2"> - <ul class="tabs"> - <li><a href="#tab1">Home</a></li> - <li><a href="#tab2">Change Log</a></li> - <li><a href="#tab3">Getting Help</a></li> - <li><a href="#tab4">Heros</a></li> - - </ul> - <div class="tab_container"> - <div id="tab1" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p> - <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire's Snort ® IDS/IPS software. The Snort Package goal is to be - the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for - network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create - software. - </p> - <p> - - <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and - can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port - scans, CGI attacks, SMB probes, and much more. - </p> - <p> - <font size="5"><strong>Requirements :</strong></font><br> - Minimum requirement 256 mb ram, 500 MHz CPU.<br> - Recommended 500 mb ram, 1 Ghz CPU.<br> - The more rules you run the more memory you need.<br> - - The more interfaces you select the more memory you need.<br><br> - Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM). - </p> - - </div> - - <div id="tab2" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p><font size="5"><strong>Change Log</strong></font></p> - - <p>Changes to this package can be viewed by following <a href="https://github.com/bsdperimeter/pfsense-packages/commits/master" target="_blank"><font size="2" color="#990000"><strong>pfSense packages repository</strong></font></a></p> - - </div> - - <div id="tab3" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - <p><font size="5"><strong>Getting Help</strong></font></p> - -<p> -<font size="2"><strong>Obtaining Support</strong></font><br> - -We provide several means of obtaining support for pfSense. -</p> - -<p> -<font color="#990000" size="4"><strong>Free Options</strong></font><br> -Our free options include our <a href="http://forum.pfsense.org/" target="_blank"><font color="#990000"><strong>forum</strong></font></a>, <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71" target="_blank"><font color="#990000"><strong>mailing list</strong></font></a> , and <a href="http://www.pfsense.org/index.php?option=com_content&task=view&id=64&Itemid=72" target="_blank"><font color="#990000"><strong>IRC channel</strong></font></a>. Before using any of these resources, please review the Project Rules below. -</p> - -<p> -<font color="#990000" size="4"><strong>Commercial Support</strong></font><br> - -<a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>Commercial support</strong></font></a> is available from the company founded by the founders of the pfSense project, <a href="http://www.bsdperimeter.com/" target="_blank"><font color="#990000"><strong>BSD Perimeter</strong></font></a>. Phone and email support is available for <a href="https://portal.pfsense.org/index.php/support-subscription" target="_blank"><font color="#990000"><strong>support subscribers</strong></font></a> only. -</p> - -<p> -<font color="#990000" size="4"><strong>Project Rules</strong></font><br> -To keep things orderly, and be fair to everyone, we must enforce these rules. -</p> - -<p> -Please do not post support questions to the blog comments. The comments are for discussion of the post, and letting people ask questions there would make a mess of the purpose of those comments. Any support questions will not be moderator approved. -</p> - -<p> -Please do not cross post questions between the forum and mailing list, unless your inquiry has gone unanswered for at least 24 hours. Do not bump your mailing list or forum posts for at least 24 hours. If you have not received a reply after more than 24 hours, you are welcome to bump your thread. -</p> - -<p> -Please do not email individuals, the coreteam address, or private message people on the forum to ask questions. We provide a wide variety of means for obtaining help in a public forum, where it helps others who have the same questions in the future. We don't have enough time to answer all the questions our users post in the public forums, much less via email and private messages. Since we cannot possibly reply to everyone's email and private messages, to be fair we will not reply to anyone. Individual attention via phone and email support is available for commercial support customers. -</p> - </div> - - <div id="tab4" class="tab_content"> - <h2><a href="#"> <img src="./images/logo.jpg" width="750px" height="76" ALT="Snort Package" /></a></h2> - - - <p><font size="5"><strong>Heros</strong></font></p> - - <p>Pfsense Snort Package users who have cared enough to donate to this project. I can't thank you enough for all your help. With-out your support I would have stoped long time ago.</p> - - <p>If your not on this list PM me and I will add you. If you would like to be removed pm me and I will remove you.</p> - - <p><font size="5"><strong>Names</strong></font></p> - - <p>sandro tavella</p> - <p>João Kemp Filho</p> - - <p>Julio Fumoso</p> - <p>Rolland Hart</p> - <p>DiMarco Technology Solutions Inc.</p> - <p>Brett Burley</p> - <p>Tomasz Iskra</p> - <p>Bruno Buchschacher</p> - - <p>Marco Pannetto</p> - <p>Christopher Weakland</p> - <p>Antonio Riveros</p> - <p>DigitalJer</p> - <p>Serialdie</p> - <p>Dlawley</p> - - <p>Onhel</p> - <p>Jerrygoldsmith</p> - - - </div> - </div> -</div> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> - -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_install.inc b/config/snort-dev/snortsam-package-code/snort_install.inc deleted file mode 100644 index b227b347..00000000 --- a/config/snort-dev/snortsam-package-code/snort_install.inc +++ /dev/null @@ -1,429 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -// unset crsf checks -if(isset($_POST['__csrf_magic'])) { - unset($_POST['__csrf_magic']); -} - -require_once("pfsense-utils.inc"); -require_once("config.inc"); -require_once("functions.inc"); - -/* Allow additional execution time 0 = no limit. */ -ini_set('max_execution_time', '9999'); -ini_set('max_input_time', '9999'); - -function snort_postinstall() -{ - global $config; - conf_mount_rw(); - - /* find out if were in 1.2.3-RELEASE */ - $pfsense_ver_chk = exec('/bin/cat /etc/version'); - if ($pfsense_ver_chk == '1.2.3-RELEASE') { - $pfsense_stable = 'yes'; - }else{ - $pfsense_stable = 'no'; - } - - /* find out what arch where in x86 , x64 */ - $snort_arch_ck = ''; - exec('/usr/bin/uname -m', $snort_arch_ck); - if($snort_arch_ck[0] == 'i386') { - $snort_arch = 'x86'; - }else{ - $snort_arch = 'x64'; - } - - /* snort -> advanced features */ - //$bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize']; - //$bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize']; - //$bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns']; - - // create a few directories and ensure the sample files are in place - if(!file_exists('/usr/local/etc/snort')) { - exec('/bin/mkdir -p /usr/local/etc/snort'); - } - - if(!file_exists('/usr/local/etc/snort/whitelist')) { - exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); - } - - if(!file_exists('/var/log/snort/run')) { - exec('/bin/mkdir -p /var/log/snort/run'); - } - - if(!file_exists('/var/log/snort/barnyard2')) { - exec('/bin/mkdir -p /var/log/snort/barnyard2/'); - } - - if(!file_exists('/usr/local/lib/snort/dynamicrules/')) { - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - } - - // for snort2c, remove when snortsam is working - if(!file_exists('/var/db/whitelist')) { - touch('/var/db/whitelist'); - } - - if (!file_exists('/usr/local/etc/snort/etc')) { - exec('/bin/mkdir -p /usr/local/etc/snort/etc'); - } - - if (!file_exists('/usr/local/etc/snort/signatures')) { - exec('/bin/mkdir -p /usr/local/etc/snort/signatures'); - } - - if (!file_exists('/usr/local/etc/snort/snort_download')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snort_download'); - } - - if (!file_exists('/usr/local/etc/snort/snortDBrules/DB')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB'); - } - - if (!file_exists('/usr/local/etc/snort/snortDBrules/custom_rules/rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules/rules'); - } - - if (!file_exists('/usr/local/etc/snort/snortDBrules/emerging_rules/rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules/rules'); - } - - if (!file_exists('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules/rules'); - } - - if (!file_exists('/usr/local/etc/snort/snortDBrules/snort_rules/rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules/rules'); - } - - if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/default/rules'); - exec('/usr/bin/touch /usr/local/etc/snort/snortDBrules/DB/default/rules/local.rules'); - } - - // create and cp to tmp db dir - if (!file_exists('/var/snort/')) { - exec('/bin/mkdir -p /var/snort/'); - } - - if (file_exists('/usr/local/pkg/snort/snortDBtemp')) { - exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp'); - } - - // cleanup default files - if(file_exists('/usr/local/etc/snort/snort.conf-sample')) { - exec('/bin/rm /usr/local/etc/snort/classification.config-sample'); - exec('/bin/mv /usr/local/etc/snort/classification.config /usr/local/etc/snort/etc/classification.config'); - exec('/bin/rm /usr/local/etc/snort/gen-msg.map-sample'); - exec('/bin/mv /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/etc/gen-msg.map'); - exec('/bin/rm /usr/local/etc/snort/reference.config-sample'); - exec('/bin/mv /usr/local/etc/snort/reference.config /usr/local/etc/snort/etc/reference.config'); - exec('/bin/rm /usr/local/etc/snort/sid-msg.map-sample'); - exec('/bin/mv /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/etc/sid-msg.map'); - exec('/bin/rm /usr/local/etc/snort/snort.conf-sample'); - exec('/bin/mv /usr/local/etc/snort/snort.conf /usr/local/etc/snort/etc/snort.conf'); - exec('/bin/rm /usr/local/etc/snort/threshold.conf-sample'); - exec('/bin/mv /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/etc/threshold.conf'); - exec('/bin/rm /usr/local/etc/snort/unicode.map-sample'); - exec('/bin/mv /usr/local/etc/snort/unicode.map /usr/local/etc/snort/etc/unicode.map'); - exec('/bin/rm /usr/local/etc/snort/generators-sample'); - exec('/bin/mv /usr/local/etc/snort/generators /usr/local/etc/snort/etc/generators'); - exec('/bin/rm /usr/local/etc/snort/sid'); - exec('/bin/rm /usr/local/etc/rc.d/snort'); - exec('/bin/rm /usr/local/etc/rc.d/bardyard2'); - } - - // remove example files - if(file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) { - exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*'); - } - - if(file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) { - exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); - } - - - // add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0 - exec('/usr/sbin/pw groupadd snort -g 920'); - exec('/usr/sbin/pw useradd snort -u 920 -c "Snort User" -d /nonexistent -g snort -s /sbin/nologin'); - - // if users have old log files delete them */ - if(!file_exists('/var/log/snort/alert')) { - touch('/var/log/snort/alert'); - }else{ - exec('/bin/rm -rf /var/log/snort/*'); - touch('/var/log/snort/alert'); - } - - // rm barnyard2 important */ - if(!file_exists('/usr/local/bin/barnyard2')) { - exec('/bin/rm /usr/local/bin/barnyard2'); - } - - /* important */ - exec('/usr/sbin/chown -R snort:snort /var/log/snort'); - exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort'); - exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort'); - exec('/usr/sbin/chown -R snort:snort /var/snort'); - exec('/usr/sbin/chown snort:snort /tmp/snort*'); - exec('/usr/sbin/chown snort:snort /var/db/whitelist'); - exec('/bin/chmod 660 /var/log/snort/alert'); - exec('/bin/chmod 660 /var/db/whitelist'); - exec('/bin/chmod -R 660 /usr/local/etc/snort/*'); - exec('/bin/chmod -R 660 /tmp/snort*'); - exec('/bin/chmod -R 660 /var/run/snort*'); - exec('/bin/chmod -R 660 /var/snort/run/*'); - exec('/bin/chmod 770 /usr/local/lib/snort'); - exec('/bin/chmod 770 /usr/local/etc/snort'); - exec('/bin/chmod 770 /usr/local/etc/whitelist'); - exec('/bin/chmod 770 /var/log/snort'); - exec('/bin/chmod 770 /var/log/snort/run'); - exec('/bin/chmod 770 /var/log/snort/barnyard2'); - - /* move files around, make it look clean */ - exec('/bin/mkdir -p /usr/local/www/snort/css'); - exec('/bin/mkdir -p /usr/local/www/snort/images'); - exec('/bin/mkdir -p /usr/local/www/snort/javascript'); - - chdir ("/usr/local/www/snort/css/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style_snort2.css'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/new_tab_menu.css'); - chdir ("/usr/local/www/snort/images/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/arrow_down.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/awesome-overlay-sprite.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/controls.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer2.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-asc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-desc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/loading.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo22.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/page_white_text.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparent.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparentbg.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/close_9x9.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/new_tab_menu.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progress_bar2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progressbar.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/top_modal_bar_lil.jpg'); - chdir ("/usr/local/www/snort/javascript/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.6.2.min.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.form.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/snort_globalsend.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.progressbar.min.js'); - - /* back to default */ - chdir ('/root/'); - - // make sure snort-old is deinstalled - // remove when snort-old is removed - unset($config['installedpackages']['snort']); - unset($config['installedpackages']['snortdefservers']); - unset($config['installedpackages']['snortwhitelist']); - unset($config['installedpackages']['snortthreshold']); - unset($config['installedpackages']['snortadvanced']); - write_config(); - conf_mount_rw(); - - // remake saved settings - // TODO: make sre this works in final release - /* - if($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { - update_status(gettext("Saved settings detected...")); - update_output_window(gettext("Please wait... rebuilding files...")); - sync_snort_package_empty(); - update_output_window(gettext("Finnished Rebuilding files...")); - } - */ - - conf_mount_ro(); - -} // END of Post Install - -function snort_deinstall() -{ - - global $config, $g; - conf_mount_rw(); - - // remove custom sysctl // - remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); - - // decrease bpf buffers back to 4096, from 20480 - exec('/sbin/sysctl net.bpf.bufsize=4096'); - - exec('/usr/usr/bin/killall snort'); - sleep(2); - exec('/usr/usr/bin/killall -9 snort'); - sleep(2); - exec('/usr/usr/bin/killall barnyard2'); - sleep(2); - exec('/usr/usr/bin/killall -9 barnyard2'); - sleep(2); - - exec('/usr/sbin/pw userdel snort'); - exec('/usr/sbin/pw groupdel snort'); - exec('rm -rf /usr/local/etc/snort*'); - exec('rm -rf /usr/local/pkg/snort*'); - exec('rm -rf /usr/local/pkg/pf/snort*'); - - exec("cd /var/db/pkg && pkg_delete `ls | grep snort`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep perl-threaded`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client-5.1.50_1`"); - exec('rm -r /usr/local/bin/barnyard2'); - - // TODO: figure out how to detect pfsense packages that use the same freebsd pkckages and not deinstall - //exec("cd /var/db/pkg && pkg_delete `ls | grep perl`"); - //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`"); - //exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); // Never remove pcre or pfsense will break - - // Remove snort cron entries Ugly code needs smoothness - // TODO: redo code because its a mess - function snort_rm_blocked_deinstall_cron($should_install) - { - global $config, $g; - conf_mount_rw(); - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) - { - if (strstr($item['command'], "snort2c")) - { - $is_installed = true; - break; - } - - $x++; - - } - if($is_installed == true) - { - if($x > 0) - { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - - configure_cron(); - - } - conf_mount_ro(); - - } - - function snort_rules_up_deinstall_cron($should_install) - { - global $config, $g; - conf_mount_rw(); - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - } - } - - snort_rm_blocked_deinstall_cron(""); - snort_rules_up_deinstall_cron(""); - - - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ - /* Keep this as a last step */ - if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') { - unset($config['installedpackages']['snortglobal']); - } - write_config(); - conf_mount_rw(); - - exec('rm -rf /usr/local/www/snort'); - exec('rm -rf /usr/local/lib/snort/'); - exec('rm -rf /var/log/snort/'); - exec('rm -rf /usr/local/pkg/snort'); - exec('rm -rf /var/snort'); - - conf_mount_ro(); - -} - -// make sure this func on writes to files and does not start snort */ -function sync_snort_package() -{ - global $config, $g; - conf_mount_rw(); - - - - conf_mount_ro(); -} - -?> diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces.php b/config/snort-dev/snortsam-package-code/snort_interfaces.php deleted file mode 100644 index beb50f83..00000000 --- a/config/snort-dev/snortsam-package-code/snort_interfaces.php +++ /dev/null @@ -1,415 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -$new_ruleUUID = genAlphaNumMixFast(7, 8); - -$a_interfaces = snortSql_fetchAllInterfaceRules('SnortIfaces', 'snortDB'); - - - $pgtitle = "Services: Snort 2.9.0.5 pkg v. 2.0"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<form id="iform" > - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <div style="width:750px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> - <!-- START MAIN AREA --> - - <!-- start snortsam --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="maintable77" > - <td colspan="2" valign="top" class="listtopic">SnortSam Status</td> - </tr> - </table> - - <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> - - <td class="list" colspan="8"></td> - <td class="list" valign="middle" nowrap> - - <tr id="frheader" > - <td width="3%" class="list"> </td> - <td width="10%" class="listhdrr2">SnortSam</td> - <td width="10%" class="listhdrr">Role</td> - <td width="10%" class="listhdrr">Port</td> - <td width="10%" class="listhdrr">Pass</td> - <td width="10%" class="listhdrr">Log</td> - <td width="50%" class="listhdr">Description</td> - <td width="5%" class="list"> </td> - <td width="5%" class="list"> </td> - - - <tr valign="top" id="fr0"> - <td class="listt"> - <a href="?act=toggle&id=0"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="click to toggle start/stop snortsam"></a> - </td> - <td class="listbg" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">DISABLED</td> - <td class="listr" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">MASTER</td> - <td class="listr" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">3526</td> - <td class="listr" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">ENABLED</td> - <td class="listr" id="frd0" ondblclick="document.location='snort_interfaces_edit.php?id=0';">DISABLED</td> - <td class="listbg3" ondblclick="document.location='snort_interfaces_edit.php?id=0';"><font color="#ffffff">Mster IPs </td> - <td></td> - <td> - <a href="snort_interfaces_edit.php?id=0"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a> - </td> - - </tr> - </tr> - </td> - <td class="list" colspan="8"></td> - </table> - <!-- stop snortsam --> -<br> - <!-- start Interface Satus --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="maintable77" > - <td colspan="2" valign="top" class="listtopic2">Interface Status</td> - <td width="6%" colspan="2" valign="middle" class="listtopic3" > - <a href="snort_interfaces_edit.php?uuid=<?=$new_ruleUUID;?>"> - <img style="padding-left:3px;" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add rule"> - </a> - </td> - </tr> - </table> -<br> - <!-- start User Interface --> - <?php - foreach ($a_interfaces as $list) - { - // make caps - $list['interface'] = strtoupper($list['interface']); - $list['performance'] = strtoupper($list['performance']); - - // rename for GUI iface - $ifaceStat = ($list['enable'] == 'on' ? 'ENABLED' : 'DISABLED'); - $blockStat = ($list['blockoffenders7'] == 'on' ? 'ENABLED' : 'DISABLED'); - $logStat = ($list['snortunifiedlog'] == 'on' ? 'ENABLED' : 'DISABLED'); - $barnyard2Stat = ($list['barnyard_enable'] == 'on' ? 'ENABLED' : 'DISABLED'); - - - echo " - <div id=\"maintable_{$list['uuid']}\" data-options='{\"pagetable\":\"SnortIfaces\", \"pagedb\":\"snortDB\", \"DoPOST\":\"true\"}'> - "; - echo ' - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="maintable77" > - '; - echo " - <td width=\"100%\" colspan=\"2\" valign=\"top\" class=\"listtopic\" >{$list['interface']} Interface Status ({$list['uuid']})</td> - "; - echo ' - </tr> - </table> - - <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> - - <td class="list" colspan="8"></td> - <td class="list" valign="middle" nowrap> - - <tr id="frheader" > - <td width="3%" class="list"> </td> - <td width="11%" class="listhdrr2">Snort</td> - <td width="10%" class="listhdrr">If</td> - <td width="10%" class="listhdrr">Performance</td> - <td width="10%" class="listhdrr">Block</td> - <td width="10%" class="listhdrr">Log</td> - <td width="50%" class="listhdr">Description</td> - <td width="5%" class="list"> </td> - <td width="5%" class="list"> </td> - - <tr valign="top" id="fr0"> - <td class="listt"> - '; - echo " - <a href=\"?act=toggle&id=0\"><img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" width=\"13\" height=\"13\" border=\"0\" title=\"click to toggle start/stop snort\"></a> - - </td> - <td class=\"listbg\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$ifaceStat}</td> - <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$list['interface']}</td> - <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$list['performance']}</td> - <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$blockStat}</td> - <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\">{$logStat}</td> - <td class=\"listbg3\" ondblclick=\"document.location='snort_interfaces_edit.php?uuid={$list['uuid']}';\"><font color=\"#ffffff\">{$list['descr']}</td> - <td></td> - <td> - <a href=\"snort_interfaces_edit.php?uuid={$list['uuid']}\"><img src=\"/themes/{$g['theme']}/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"edit rule\"></a> - "; - echo ' - </td> - - </tr> - </tr> - </td> - <td class="list" colspan="8"></td> - </table> - <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> - - <td class="list" colspan="8"></td> - <td class="list" valign="middle" nowrap> - - <tr id="frheader" > - <td width="3%" class="list"> </td> - <td width="10%" class="listhdrr2">Barnyard2</td> - <td width="10%" class="listhdrr">If</td> - <td width="10%" class="listhdrr">Sensor</td> - <td width="10%" class="listhdrr">Type</td> - <td width="10%" class="listhdrr">Log</td> - <td width="50%" class="listhdr">Description</td> - <td width="5%" class="list"> </td> - <td width="5%" class="list"> </td> - - - <tr valign="top" id="fr0"> - <td class="listt"> - '; - echo " - <a href=\"?act=toggle&id=0\"><img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" width=\"13\" height=\"13\" border=\"0\" title=\"click to toggle start/stop barnyard2\"></a> - </td> - <td class=\"listbg\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">{$barnyard2Stat}</td> - <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">{$list['interface']}</td> - <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">{$list['uuid']}_{$list['interface']}</td> - <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">unified2</td> - <td class=\"listr\" id=\"frd0\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\">{$barnyard2Stat}</td> - <td class=\"listbg3\" ondblclick=\"document.location='snort_interfaces_edit.php?id=0';\"><font color=\"#ffffff\">Mster IPs </td> - <td></td> - <td> - <img id=\"icon_x_{$list['uuid']}\" class=\"icon_click icon_x\" src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"delete rule\"> - "; - echo ' - </td> - - </tr> - </tr> - </td> - <td class="list" colspan="8"></td> - </table> - <br> - </div>'; - } // end of foreach main - ?> - <!-- stop User Interface --> - - <!-- stop Interface Sat --> - - <!-- STOP MAIN AREA --> - </div> - </td> - </tr> -</table> -</form> -</div> - -<!-- start info box --> - -<br> - -<div style="background-color: #dddddd;" id="mainarea4"> -<div style="width:750px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> -<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> </td> - </tr> - <tr > - <td width="100%"> - <span class="red"><strong>Note:</strong></span> <br> - This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings. - Please edit the <strong>Global Settings</strong> tab before adding an interface. - <br> - <br> - <span class="red"><strong>Warning:</strong></span> - <br> - <strong>New settings will not take effect until interface restart.</strong> - <br> - <br> - <table> - <tr> - <td> - <strong>Click</strong> on the - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> - icon to add a interface. - </td> - <td> - <strong>Click</strong> on the - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> - icon to <strong>start</strong> snort or barnyard2. - </td> - </tr> - <tr> - <td> - <strong>Click</strong> on the - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a - interface and settings. - </td> - <td> - <strong>Click</strong> on the - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> - icon to <strong>stop</strong> snort or barnyard2. - </td> - </tr> - <tr> - <td> - <strong> Click</strong> on the - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> - icon to delete a interface and settings. - </td> - </tr> - <tr> - <td> </td> - </tr> - </table> - </td> - </tr> -</table> -</div> -</div> - -<!-- stop info box --> - -<!-- start snort footer --> - -<br> - -<div style="background-color: #dddddd;" id="mainarea6"> -<div style="width:750px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> -<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> </td> - </tr> - <tr > - <td width="100%"> - <div id="footer2"> - <table> - <tr> - <td style="padding-top: 40px;"> - SNORT registered ® by Sourcefire, Inc, Barnyard2 registered ® by securixlive.com, Orion registered ® by Robert Zelaya, - Emergingthreats registered ® by emergingthreats.net, Mysql registered ® by Mysql.com - </td> - </tr> - </table> - </div> - </td> - </tr> - <tr> - <td> </td> - </tr> -</table> -</div> -</div> - -<!-- stop snort footer --> - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_edit.php b/config/snort-dev/snortsam-package-code/snort_interfaces_edit.php deleted file mode 100644 index ade5ade8..00000000 --- a/config/snort-dev/snortsam-package-code/snort_interfaces_edit.php +++ /dev/null @@ -1,536 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// set page vars - -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; - -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); -} - - - -$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - -$a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); - -if (!is_array($a_list)) { - $a_list = array(); -} - -$a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips'); - -if (!is_array($a_whitelist)) { - $a_whitelist = array(); -} - -$a_suppresslist = snortSql_fetchAllWhitelistTypes('SnortSuppress', ''); - -if (!is_array($a_suppresslist)) { - $a_suppresslist = array(); -} - - - $pgtitle = "Services: Snort: Interface Edit:"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - -<!-- START page custom script --> -<script language="JavaScript"> - -// start a jQuery sand box -jQuery(document).ready(function() { - - // misc call after a good save - jQuery.fn.miscTabCall = function () { - jQuery('.hide_newtabmenu').show(); - jQuery('#interface').attr("disabled", true); - }; - - // START disable option for snort_interfaces_edit.php - endis = !(jQuery('input[name=enable]:checked').val()); - - disableInputs=new Array( - "descr", - "performance", - "blockoffenders7", - "alertsystemlog", - "externallistname", - "homelistname", - "suppresslistname", - "tcpdumplog", - "snortunifiedlog", - "configpassthru" - ); - <?php - - if ($a_list['interface'] != '') { - echo ' - jQuery(\'[name=interface]\').attr(\'disabled\', \'true\'); - '; - } - - // disable tabs if nothing in database - if ($a_list['uuid'] == '') { - echo ' - jQuery(\'.hide_newtabmenu\').hide(); - '; - } - - ?> - - if (endis) { - for (var i = 0; i < disableInputs.length; i++) - { - jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true'); - } - } - - jQuery("input[name=enable]").live('click', function() { - - endis = !(jQuery('input[name=enable]:checked').val()); - - if (endis) { - for (var i = 0; i < disableInputs.length; i++) - { - jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true'); - } - }else{ - for (var i = 0; i < disableInputs.length; i++) - { - jQuery('[name=' + disableInputs[i] + ']').removeAttr('disabled'); - } - } - - - }); - // STOP disable option for snort_interfaces_edit.php - - -}); // end of on ready - -</script> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 790px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_rulesets_ips.php?uuid=<?=$uuid;?>"><span>Ruleset Ips</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> - </ul> - </div> - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <form id="iform" name="iform" > - <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDB" /> <!-- what db--> - <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table--> - <input type="hidden" name="ifaceTab" value="snort_interfaces_edit" /> <!-- what interface tab --> - <input name="uuid" type="hidden" value="<?=$uuid; ?>" > - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Interface</td> - <td width="22%" valign="top" class="vtable"> - - <input name="enable" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['enable'] == 'on' || $a_list['enable'] == '' ? 'checked' : '';?> "> - <span class="vexpl">Enable or Disable</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Interface</td> - <td width="78%" class="vtable"> - <select id="interface" name="interface" class="formfld"> - - <?php - /* add group interfaces */ - /* needs to be watched, dont know if new interfces will work */ - if (is_array($config['ifgroups']['ifgroupentry'])) - foreach($config['ifgroups']['ifgroupentry'] as $ifgen) - if (have_ruleint_access($ifgen['ifname'])) - $interfaces[$ifgen['ifname']] = $ifgen['ifname']; - $ifdescs = get_configured_interface_with_descr(); - foreach ($ifdescs as $ifent => $ifdesc) - if(have_ruleint_access($ifent)) - $interfaces[$ifent] = $ifdesc; - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) - $interfaces['l2tp'] = "L2TP VPN"; - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) - $interfaces['pptp'] = "PPTP VPN"; - - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; - /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - if(have_ruleint_access("enc0")) - $interfaces["enc0"] = "IPsec"; - /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) - $interfaces["openvpn"] = "OpenVPN"; - $selected_interfaces = explode(",", $pconfig['interface']); - foreach ($interfaces as $iface => $ifacename) - { - echo "\n" . "<option value=\"$iface\""; - if ($a_list['interface'] == strtolower($ifacename)){echo " selected ";} - echo '>' . $ifacename . '</option>' . "\r"; - } - ?> - </select> - <br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=$a_list['descr']?>"> - <br> - <span class="vexpl">You may enter a description here for your reference (not parsed).</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Memory Performance</td> - <td width="78%" class="vtable"> - <select name="performance" class="formfld" id="performance"> - - <?php - $memoryPerfList = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'aclowmem-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); - snortDropDownList($memoryPerfList, $a_list['performance']); - ?> - - </select> - <br> - <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate - memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.</span> - <br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the rule DB snort should use.</td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell2">Rule DB</td> - <td width="78%" class="vtable"> - <select name="ruledbname" class="formfld" id="ruledbname"> - - <?php - // find ruleDB names and value by uuid - $selected = ''; - if ($a_list['ruledbname'] == 'default') { - $selected = 'selected'; - } - echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r"; - foreach ($a_rules as $value) - { - $selected = ''; - if ($value['uuid'] == $a_list['ruledbname']) { - $selected = 'selected'; - } - - echo "\n" . '<option value="' . $value['uuid'] . '" ' . $selected . ' >' . strtoupper($value['ruledbname']) . '</option>' . "\r"; - } - ?> - - </select> - <br> - <span class="vexpl">Choose the rule database to use. <span class="red">Note:</span> Cahnges to this database are global. - <br> - <span class="red">WARNING:</span> Never change this when snort is running.</span> - </td> - </tr> - - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the networks snort should inspect and whitelist.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Home net</td> - <td width="78%" class="vtable"> - <select name="homelistname" class="formfld" id="homelistname"> - - <?php - /* find homelist names and filter by type */ - $selected = ''; - if ($a_list['homelistname'] == 'default'){$selected = 'selected';} - echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r"; - foreach ($a_whitelist as $value) - { - $selected = ''; - if ($value['filename'] == $a_list['homelistname']){$selected = 'selected';}; - if ($value['snortlisttype'] == 'netlist') // filter - { - - echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r"; - - } - } - ?> - - </select> - <br> - <span class="vexpl">Choose the home net you will like this rule to use. <span class="red">Note:</span> Default homenet adds only local networks. - <br> - <span class="red">Hint:</span> Most users add a list offriendly ips that the firewall cant see.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">External net</td> - <td width="78%" class="vtable"> - <select name="externallistname" class="formfld" id="externallistname"> - - <?php - /* find externallist names and filter by type */ - $selected = ''; - if ($a_list['externallistname'] == 'default'){$selected = 'selected';} - echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r"; - foreach ($a_whitelist as $value) - { - $selected = ''; - if ($value['filename'] == $a_list['externallistname']){$selected = 'selected';} - if ($value['snortlisttype'] == 'netlist') // filter - { - - echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r"; - - } - } - ?> - - </select> - <br> - <span class="vexpl">Choose the external net you will like this rule to use. <span class="red">Note:</span> Default external net, networks that are not home net. - <br> - <span class="red">Hint:</span> Most users should leave this setting at default.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Block offenders</td> - <td width="78%" class="vtable"> - <input name="blockoffenders7" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['blockoffenders7'] == 'on' ? 'checked' : '';?> > - <br> - <span class="vexpl">Checking this option will automatically block hosts that generate a Snort alerts with SnortSam.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Suppression and filtering</td> - <td width="78%" class="vtable"> - <select name="suppresslistname" class="formfld" id="suppresslistname"> - - <?php - /* find suppresslist names and filter by type */ - $selected = ''; - if ($a_list['suppresslistname'] == 'default'){$selected = 'selected';} - - echo "\n" . '<option value="default" ' . $selected . ' >DEFAULT</option>' . "\r"; - - foreach ($a_suppresslist as $value) - { - $selected = ''; - if ($value['filename'] == $a_list['suppresslistname']){$selected = 'selected';} - - echo "\n" . '<option value="' . $value['filename'] . '" ' . $selected . ' >' . strtoupper($value['filename']) . '</option>' . "\r"; - } - ?> - - </select> - <br> - <span class="vexpl">Choose the suppression or filtering file you will like this rule to use. <span class="red"> - Note:</span> Default option disables suppression and filtering.</span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the types of logs snort should create.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Type of Unified Logging</td> - <td width="78%" class="vtable"> - <select name="snortalertlogtype" class="formfld" id="snortalertlogtype"> - - <?php - $snortalertlogtypePerfList = array('full' => 'FULL', 'fast' => 'FAST', 'disable' => 'DISABLE'); - snortDropDownList($snortalertlogtypePerfList, $a_list['snortalertlogtype']); - ?> - - </select> - <br> - <span class="vexpl">Snort will log Alerts to a file in the UNIFIED format. Full is a requirement for the snort wigdet.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Send alerts to mainSystem logs</td> - <td width="78%" class="vtable"> - <input name="alertsystemlog" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['alertsystemlog'] == 'on' ? 'checked' : '';?> > - <br> - <span class="vexpl">Snort will send Alerts to the Pfsense system logs.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td> - <td width="78%" class="vtable"> - <input name="tcpdumplog" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['tcpdumplog'] == 'on' ? 'checked' : '';?> > - <br> - <span class="vexpl">Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which understands pcap file formats. - <span class="red"><strong>WARNING:</strong></span> File may become large.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log Alerts to a snort unified2 file</td> - <td width="78%" class="vtable"> - <input name="snortunifiedlog" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['snortunifiedlog'] == 'on' ? 'checked' : '';?> > - <br> - <span class="vexpl">Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Arguments here will be automatically inserted into the snort configuration.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration pass through</td> - <td width="78%" class="vtable"> - <textarea wrap="off" name="configpassthru" cols="75" rows="12" id="configpassthru" class="formpre2"><?=base64_decode($a_list['configpassthru']); ?></textarea> - </td> - </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input name="Submit2" type="submit" class="formbtn" value="Start"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <span class="vexpl"><span class="red"><strong>Note:</strong></span> - Please save your settings before you click start.</span> - </td> - </tr> - </table> - </form> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_global.php b/config/snort-dev/snortsam-package-code/snort_interfaces_global.php deleted file mode 100644 index fd9d27d4..00000000 --- a/config/snort-dev/snortsam-package-code/snort_interfaces_global.php +++ /dev/null @@ -1,367 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// set page vars - -$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1'); - -$snortdownload_off = ($generalSettings['snortdownload'] == 'off' ? 'checked' : ''); -$snortdownload_on = ($generalSettings['snortdownload'] == 'on' ? 'checked' : ''); -$oinkmastercode = $generalSettings['oinkmastercode']; - -$emergingthreatsdownload_off = ($generalSettings['emergingthreatsdownload'] == 'off' ? 'checked' : ''); -$emergingthreatsdownload_basic = ($generalSettings['emergingthreatsdownload'] == 'basic' ? 'checked' : ''); -$emergingthreatsdownload_pro = ($generalSettings['emergingthreatsdownload'] == 'pro' ? 'checked' : ''); -$emergingthreatscode = $generalSettings['emergingthreatscode']; - -$updaterules = $generalSettings['updaterules']; - -$rm_blocked = $generalSettings['rm_blocked']; - -$snortloglimit_off = ($generalSettings['snortloglimit'] == 'off' ? 'checked' : ''); -$snortloglimit_on = ($generalSettings['snortloglimit'] == 'on' ? 'checked' : ''); - -$snortloglimitsize = $generalSettings['snortloglimitsize']; - -$snortalertlogtype = $generalSettings['snortalertlogtype']; - -$forcekeepsettings_on = ($generalSettings['forcekeepsettings'] == 'on' ? 'checked' : ''); - -$snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); - - - $pgtitle = "Services: Snort: Global Settings"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <form id="iform" > - <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDB" /> <!-- what db --> - <input type="hidden" name="dbTable" value="SnortSettings" /> <!-- what db table --> - <input type="hidden" name="ifaceTab" value="snort_interfaces_global" /> <!-- what interface tab --> - - <tr id="maintable" data-options='{"pagetable":"SnortSettings"}'> <!-- db to lookup --> - <td colspan="2" valign="top" class="listtopic">Please Choose The Type Of Rules You Wish To Download</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"> - <input name="snortdownload" type="radio" id="snortdownloadoff" value="off" <?=$snortdownload_off;?> > - <span class="vexpl">Do <strong>NOT</strong> Install</span> - </td> - </tr> - <tr> - <td colspan="2"> - <input name="snortdownload" type="radio" id="snortdownloadon" value="on" <?=$snortdownload_on;?> > - <span class="vexpl">Install Basic Rules or Premium rules</span> <br> - </td> - </tr> - </table> - <table STYLE="padding-top: 5px"> - <tr> - <td colspan="2"> - <a class="vncell2" href="https://www.snort.org/signup" target="_blank" alt="Basic rules are free but 30 days old."> - Sign Up for a Basic Rule Account - </a><br><br> - <a class="vncell2" href="http://www.snort.org/vrt/buy-a-subscription" target="_blank" alt="Premium users receive rules 30 days faster than basic users."> - Sign Up for Sourcefire VRT Certified Premium Rules. This Is Highly Recommended - </a> - </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top"><span class="vexpl">Oinkmaster code</span></td> - </tr> - <tr> - <td class="vncell2" valign="top"><span class="vexpl">Code</span></td> - <td class="vtable"> - <input name="oinkmastercode" type="text"class="formfld2" id="oinkmastercode" size="52" value="<?=$oinkmastercode;?>" > <br> - <span class="vexpl">Obtain a snort.org Oinkmaster code and paste here.</span> - </td> - </table> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell2">Install Emergingthreats rules</td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"> - <input name="emergingthreatsdownload" type="radio" id="emergingthreatsdownloadoff" value="off" <?=$emergingthreatsdownload_off;?> > - <span class="vexpl">Do <strong>NOT</strong> Install</span> - </td> - </tr> - <tr> - <td colspan="2"> - <input name="emergingthreatsdownload" type="radio" id="emergingthreatsdownloadon" value="basic" <?=$emergingthreatsdownload_basic;?> > - <span class="vexpl">Install <b>Basic</b> Rules: No need to register</span> <br> - </td> - </tr> - <tr> - <td colspan="2"> - <input name="emergingthreatsdownload" type="radio" id="emergingthreatsprodownloadon" value="pro" <?=$emergingthreatsdownload_pro;?> > - <span class="vexpl">Install <b>Pro</b> rules: You need to register</span> <br> - </td> - </tr> - </table> - <table STYLE="padding-top: 5px"> - <tr> - <td colspan="2"> - <a class="vncell2" href="http://www.emergingthreatspro.com" target="_blank" alt="Premium users receive rules 30 days faster than basic users."> - Sign Up for Emerging Threats Pro Certified Premium Rules. This Is Highly Recommended - </a> - </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top"><span class="vexpl">Pro rules code</span></td> - </tr> - <tr> - <td class="vncell2" valign="top"><span class="vexpl">Code</span></td> - <td class="vtable"> - <input name="emergingthreatscode" type="text"class="formfld2" id="emergingthreatscode" size="52" value="<?=$emergingthreatscode;?>" > <br> - <span class="vexpl">Obtain a emergingthreatspro.com Pro rules code and paste here.</span> - </td> - </table> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell2"><span>Update rules automatically</span></td> - <td width="78%" class="vtable"> - <select name="updaterules" class="formfld2" id="updaterules"> - <?php - $updateDaysList = array('never' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); - snortDropDownList($updateDaysList, $updaterules); - ?> - </select><br> - <span class="vexpl"> - Please select the update times for rules.<br> Hint: in most cases, every 12 hours is a good choice. - </span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><span>General Settings</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"><span>Log Directory SizeLimit</span><br> - <br><br><br><br><br> - <span class="red"><strong>Note:</strong><br>Available space is <strong><?=$snortlogCurrentDSKsize; ?>MB</strong></span> - </td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"> - <input name="snortloglimit" type="radio" id="snortloglimiton" value="on" <?=$snortloglimit_on;?> > - <span class="vexpl"><strong>Enable</strong> directory size limit (Default)</span> - </td> - </tr> - <tr> - <td colspan="2"> - <input name="snortloglimit" type="radio" id="snortloglimitoff" value="off" <?=$snortloglimit_off ?> > - <span class="vexpl"><strong>Disable </strong>directory size limit</span><br><br> - <span class="vexpl red"><strong>Warning:</strong> Pfsense Nanobsd should use no more than 10MB of space.</span> - </td> - </tr> - <tr> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vncell3"><span>Size in <strong>MB</strong></span></td> - <td class="vtable"> - <input name="snortloglimitsize" type="text" class="formfld2" id="snortloglimitsize" size="7" value="<?=$snortloglimitsize;?>"> - <span class="vexpl">Default is <strong>20%</strong> of available space.</span> - </td> - </table> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"><span>Remove blocked hosts every</span></td> - <td width="78%" class="vtable"> - <select name="rm_blocked" class="formfld2" id="rm_blocked"> - <?php - $BlockTimeReset = array('never' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); - snortDropDownList($BlockTimeReset, $rm_blocked); - ?> - </select><br> - <span class="vexpl">Please select the amount of time you would likehosts to be blocked for.<br>Hint: in most cases, 1 hour is a good choice.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"><span>Alerts file descriptiontype</span></td> - <td width="78%" class="vtable"> - <select name="snortalertlogtype" class="formfld2" id="snortalertlogtype"> - <?php - // TODO: make this option a check box with all log types - $alertLogTypeList = array('full' => 'FULL', 'fast' => 'SHORT'); - snortDropDownList($alertLogTypeList, $snortalertlogtype) - ?> - </select><br> - <span class="vexpl">Please choose the type of Alert logging you will like see in your alert file.<br> Hint: Best pratice is to chose full logging.</span> - <span class="red"><strong>WARNING:</strong></span> <strong>On change, alert file will be cleared.</strong> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"><span>Keep snort settings after deinstall</span></td> - <td width="22%" class="vtable"> - <input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="on" <?=$forcekeepsettings_on;?> > - <span class="vexpl">Settings will not be removed during deinstall.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"><span>Save Settings</span></td> - <td width="30%" class="vtable"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> - </form> - <form id="iform2" > - <tr> - <td width="22%" valign="top" class="vncell2"> - <input name="Reset" type="submit" class="formbtn" value="Reset" onclick="return confirm('Do you really want to remove all your settings ? All Snort Settings will be reset !')" > - <input type="hidden" name="reset_snortgeneralsettings" value="1" /> - <span class="vexpl red"><strong> WARNING:</strong><br> This will reset all global and interface settings.</span> - </td> - <td class="vtable"> - <span class="vexpl red"><strong>Note:</strong></span><br> - <span class="vexpl">Changing any settings on this page will affect all interfaces. Please, double check if your oink code is correct and the type of snort.org account you hold.</span> - </td> - </tr> - </form> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_rules.php b/config/snort-dev/snortsam-package-code/snort_interfaces_rules.php deleted file mode 100644 index 12f9cec0..00000000 --- a/config/snort-dev/snortsam-package-code/snort_interfaces_rules.php +++ /dev/null @@ -1,289 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -$a_rules = array(); -$a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); - - if (!is_array($a_rules)) { - $a_rules = array(); - } - - if ($a_rules == 'Error') { - echo 'Error'; - exit(0); - } - - // list rules in db that are on in a array - $listOnRules = array(); - $listOnRules = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'All', ''); - - $listUsedRules = array(); - foreach ($listOnRules as $listOnRule) - { - - $listUsedRules[] = $listOnRule['ruledbname']; - - } - unset($listOnRules); - - $pgtitle = "Services: Snort: Rules"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0px" cellpadding="10px" cellspacing="0px"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0px" cellpadding="0px" cellspacing="0px"> - <!-- START MAIN AREA --> - - <table width="100%"> - <tr > <!-- db to lookup --> - <td width="25%" class="listhdrr">File Name</td> - <td width="60%" class="listhdr">Description</td> - </tr> - </table> - - <table width="100%"> - - - - <table width="100%" > - - - <tr id="maintable_default" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' > - <td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">Default</td> - <td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'"> - <font color="#FFFFFF">Default rule database </font> - </td> - - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="2"> - <?php - /* - * TODO: Must add snort process id to the rest disable block - * Example: only disable reset when snort is running and database is selected - */ - if (in_array('default', $listUsedRules)) { - $resetObjectDf = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >'; - }else{ - $resetObjectDf = '<img id="icon_r_default" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >'; - } - - ?> - <tr> - <td valign="middle"> - <a href="snort_interfaces_rules_edit.php?rdbuuid=default"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a> - </td> - <td> - <?=$resetObjectDf; ?> - </td> - <td> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" > - </td> - </td> - </tr> - </table> - </td> - </tr> - - <?php foreach ($a_rules as $list): ?> - - <?php - /* - * TODO: Must add snort process id to the rest disable block - * Example: only disable reset when snort is running and database is selected - */ - if (in_array($list['uuid'], $listUsedRules)) { - $deleteObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" >'; - }else{ - $deleteObject = '<img id="icon_x_' . $list['uuid'] . '" class="icon_click icon_x" src="/themes/' . $g['theme'] . '/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete database" >'; - } - - if (in_array($list['uuid'], $listUsedRules)) { - $resetObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >'; - }else{ - $resetObject = '<img id="icon_r_' . $list['uuid'] . '" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >'; - } - - ?> - - <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' > - <td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"><?=$list['ruledbname'];?></td> - <td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?> </font> - </td> - - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="2"> - <tr> - <td valign="middle"> - <a href="snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a> - </td> - <td> - <?=$resetObject; ?> - </td> - <td> - <?=$deleteObject; ?> - </td> - </tr> - </table> - </td> - - </tr> - <?php $i++; endforeach; ?> - - </table> - - <table width="100%"> - <tr> - <td class="list" width="97%" valign="middle" width="17"> </td> - <td width="3%" ></td> - <td class="list" valign="middle"><a href="snort_interfaces_rules_edit.php?rdbuuid=<?=genAlphaNumMixFast(11, 12);?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new database"></a></td> - </tr> - </table > - - </table> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - - </table> - </td> - </tr> -</table> - -<!-- 2nd box note --> -<br> -<div id=mainarea4> -<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"> - <span class="vexpl"> - <span class="red"><strong>Note:</strong></span> - <p><span class="vexpl"> - Here you can create rule databases that can be used on multiple interfaces.<br><br> - - Please note that you must restart a running rule so that changes can take effect.<br><br> - - You may only delete rule databases that are not asigned to an interface.<br> - </span></p> - </td> -</table> -</div> - -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_rules_edit.php b/config/snort-dev/snortsam-package-code/snort_interfaces_rules_edit.php deleted file mode 100644 index be6467bc..00000000 --- a/config/snort-dev/snortsam-package-code/snort_interfaces_rules_edit.php +++ /dev/null @@ -1,282 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -if (isset($_GET['rdbuuid'])) { - $rdbuuid = $_GET['rdbuuid']; -}else{ - $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - $rdbuuid = $ruledbname_pre1['ruledbname']; -} - -if ($rdbuuid !== 'default') { - - $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid); - - // $a_list returns empty use defaults - if ($a_list == '') { - - $a_list = array( - 'id' => '', - 'date' => date(U), - 'uuid' => $rdbuuid, - 'ruledbname' => '', - 'description' => '' - - ); - - } - -} - -if ($rdbuuid === 'default') { - - // $a_list returns empty use defaults - if ($a_list == '') { - - $a_list = array( - 'id' => '1', - 'date' => date(U), - 'uuid' => $rdbuuid, - 'ruledbname' => 'default', - 'description' => 'Default database' - - ); - - } - -} - -if ( !empty($a_list['id']) ) { - $disabled = 'disabled="disabled"'; -}else{ - $disabled = ''; -} - -if ( $rdbuuid === 'default' ) { - $disabled_ckbox = 'disabled="disabled"'; -}else{ - $disabled_ckbox = ''; -} - - - $pgtitle = 'Services: Snort: Rules: Edit: ' . $rdbuuid; - include('/usr/local/pkg/snort/snort_head.inc'); - -?> - -<!-- START page custom script --> -<script language="JavaScript"> - -// start a jQuery sand box -jQuery(document).ready(function() { - - // misc call after a good save - jQuery.fn.miscTabCall = function () { - jQuery('.hide_newtabmenu').show(); - jQuery('#ruledbname').attr("disabled", true); - }; - - <?php - // disable tabs if nothing in database - if ($a_list['id'] == '') { - echo ' - jQuery(\'.hide_newtabmenu\').hide(); - '; - } - ?> - - -}); // end of on ready - -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - </td> - </tr> - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=<?=$rdbuuid;?>"><span>Rules DB Edit</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_rulesets.php?rdbuuid=<?=$rdbuuid;?>"><span>Categories</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_rules.php?rdbuuid=<?=$rdbuuid;?>"><span>Rules</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_rulesets_ips.php?rdbuuid=<?=$rdbuuid;?>"><span>Ruleset Ips</span></a></li> - </ul> - </div> - </td> - </tr> - - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <!-- table point --> - <form id="iform"> - <input name="snortSaveSettings" type="hidden" value="1" /> - <input name="ifaceTab" type="hidden" value="snort_interfaces_rules_edit" /> - <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db --> - <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table --> - <input name="date" type="hidden" value="<?=$a_list['date'];?>" /> - <input name="uuid" type="hidden" value="<?=$a_list['uuid'];?>" /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and description of the rule DB</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"> - <input class="formfld2" name="ruledbname" type="text" id="ruledbname" size="40" value="<?=$a_list['ruledbname'] ?>" <?=$disabled?> /> <br /> - <span class="vexpl"> The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"> - <input class="formfld2" name="description" type="text" id="description" size="40" value="<?=$a_list['description'] ?>" <?=$disabled_ckbox?> /> <br /> - <span class="vexpl"> You may enter a description here for your reference (not parsed). </span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"> - Examples: - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="vncell2"> - <span class="red"><b>NOTE: </b></span>Rule DB will not be active until snort sensor restart. <br> - </td> - </tr> - </table> - <tr> - <?php - if ($rdbuuid !== 'default') { - echo ' - <td style="padding-left: 10px;"> - <input name="Submit" type="submit" class="formbtn" value="Save" > - <input id="cancel" type="button" class="formbtn" value="Cancel" > - </td> - '; - } - ?> - </tr> -</form> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_suppress.php b/config/snort-dev/snortsam-package-code/snort_interfaces_suppress.php deleted file mode 100644 index 977dcf2d..00000000 --- a/config/snort-dev/snortsam-package-code/snort_interfaces_suppress.php +++ /dev/null @@ -1,211 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - - -$a_suppress = snortSql_fetchAllWhitelistTypes('SnortSuppress', ''); - - if (!is_array($a_suppress)) - { - $a_suppress = array(); - } - - - if ($a_suppress == 'Error') - { - echo 'Error'; - exit(0); - } - - $pgtitle = "Services: Snort: Suppression"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <tr> <!-- db to lookup --> - <td width="30%" class="listhdrr">File Name</td> - <td width="70%" class="listhdr">Description</td> - <td width="10%" class="list"></td> - </tr> - <?php foreach ($a_suppress as $list): ?> - <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"SnortSuppress", "pagedb":"snortDB", "DoPOST":"true"}' > - <td class="listlr" ondblclick="document.location='snort_interfaces_suppress_edit.php?uuid=<?=$list['uuid'];?>'"><?=$list['filename'];?></td> - <td class="listbg" ondblclick="document.location='snort_interfaces_suppress_edit.php?uuid=<?=$list['uuid'];?>'"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?> - </td> - <td></td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"> - <a href="snort_interfaces_suppress_edit.php?uuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit suppress list"></a> - </td> - <td> - <img id="icon_x_<?=$list['uuid'];?>" class="icon_click icon_x" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" > - </a> - </td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a href="snort_interfaces_suppress_edit.php?uuid=<?=genAlphaNumMixFast(28, 28);?> "><img src="/themes/nervecenter/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> - </tr> - </table> - </td> - </tr> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - - </table> - </td> - </tr> -</table> - -<!-- 2nd box note --> -<br> -<div id=mainarea4> -<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"> - <span class="vexpl"> - <span class="red"><strong>Note:</strong></span> - <p><span class="vexpl"> - Here you can create event filtering and suppression for your snort package rules.<br> - Please note that you must restart a running rule so that changes can take effect.<br> - </span></p> - </td> -</table> -</div> - -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_suppress_edit.php b/config/snort-dev/snortsam-package-code/snort_interfaces_suppress_edit.php deleted file mode 100644 index e9f23254..00000000 --- a/config/snort-dev/snortsam-package-code/snort_interfaces_suppress_edit.php +++ /dev/null @@ -1,231 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// set page vars - -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; - -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); -} - -$a_list = snortSql_fetchAllSettings('snortDB', 'SnortSuppress', 'uuid', $uuid); - - -// $a_list returns empty use defaults -if ($a_list == '') -{ - - $a_list = array( - 'id' => '', - 'date' => date(U), - 'uuid' => $uuid, - 'filename' => '', - 'description' => '', - 'suppresspassthru' => '' - - ); - -} - - - - - $pgtitle = 'Services: Snort: Suppression: Edit'; - include('/usr/local/pkg/snort/snort_head.inc'); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<form id="iform"> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <!-- table point --> - <input name="snortSaveSuppresslist" type="hidden" value="1" /> - <input name="ifaceTab" type="hidden" value="snort_interfaces_suppress_edit" /> - <input type="hidden" name="dbName" value="snortDB" /> <!-- what db --> - <input type="hidden" name="dbTable" value="SnortSuppress" /> <!-- what db table --> - <input name="date" type="hidden" value="<?=$a_list['date'];?>" /> - <input name="uuid" type="hidden" value="<?=$a_list['uuid'];?>" /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name anddescription of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"> - <input class="formfld2" name="filename" type="text" id="filename" size="40" value="<?=$a_list['filename'] ?>" /> <br /> - <span class="vexpl"> The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"> - <input class="formfld2" name="description" type="text" id="description" size="40" value="<?=$a_list['description'] ?>" /> <br /> - <span class="vexpl"> You may enter a description here for your reference (not parsed). </span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"> - Examples: - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="vncell2"> - <b>Example 1;</b> suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> - <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit,track by_src, count 1, seconds 60<br> - <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10 - </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"> - Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'. - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="vncelltextbox"> - <textarea wrap="off" name="suppresspassthru" cols="101" rows="28" id="suppresspassthru" class="formfld2"><?=base64_decode($a_list['suppresspassthru']); ?></textarea> - </td> - </tr> - </table> - <tr> - <td style="padding-left: 160px;"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> - </form> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist.php b/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist.php deleted file mode 100644 index 3167b65f..00000000 --- a/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist.php +++ /dev/null @@ -1,241 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - - -$a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips'); - - if (!is_array($a_whitelist)) - { - $a_whitelist = array(); - } - - if ($a_whitelist == 'Error') - { - echo 'Error'; - exit(0); - } - - $pgtitle = "Services: Snort: Whitelist"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <tr> <!-- db to lookup --> - <td width="20%" class="listhdrr">File Name</td> - <td width="45%" class="listhdrr">Values</td> - <td width="35%" class="listhdr">Description</td> - <td width="10%" class="list"></td> - </tr> - <?php foreach ($a_whitelist as $list): ?> - <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"SnortWhitelist", "pagedb":"snortDB", "DoPOST":"true"}' > - <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>'"><?=$list['filename'];?></td> - <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>'"> - <?php - $a = 0; - $countList = count($list['list']); - foreach ($list['list'] as $value) - { - - $a++; - - if ($a != $countList || $countList == 1) - { - echo $value['ip']; - } - - if ($a > 0 && $a != $countList) - { - echo ',' . ' '; - }else{ - echo ' '; - } - - } // end foreach - - if ($a > 3) - { - echo '...'; - } - ?> - </td> - <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>'"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"> - <a href="snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit whitelist"></a> - </td> - <td> - <img id="icon_x_<?=$list['uuid'];?>" class="icon_click icon_x" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" > - </a> - </td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?uuid=<?=genAlphaNumMixFast(28, 28);?> "><img src="/themes/nervecenter/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> - </tr> - </table> - </td> - </tr> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - - </table> - </td> - </tr> -</table> - -<!-- 2nd box note --> -<br> -<div id=mainarea4> -<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"> - <span class="vexpl"> - <span class="red"><strong>Note:</strong></span> - <p><span class="vexpl"> - Here you can create whitelist files for your snort package rules.<br> - Please add all the ips or networks you want to protect against snort block decisions.<br> - Remember that the default whitelist only includes local networks.<br> - Be careful, it is very easy to get locked out of you system. - </span></p> - </td> -</table> -</div> - -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist_edit.php b/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist_edit.php deleted file mode 100644 index dbdbb649..00000000 --- a/config/snort-dev/snortsam-package-code/snort_interfaces_whitelist_edit.php +++ /dev/null @@ -1,341 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once('guiconfig.inc'); -require_once('/usr/local/pkg/snort/snort_new.inc'); -require_once('/usr/local/pkg/snort/snort_gui.inc'); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -//$GLOBALS['csrf']['rewrite-js'] = false; - -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; - -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); -} - -$a_list = snortSql_fetchAllSettings('snortDB', 'SnortWhitelist', 'uuid', $uuid); - -// $a_list returns empty use defaults -if ($a_list == '') -{ - - $a_list = array( - 'id' => '', - 'date' => date(U), - 'uuid' => $uuid, - 'filename' => '', - 'snortlisttype' => 'whitelist', - 'description' => '', - 'wanips' => 'on', - 'wangateips' => 'on', - 'wandnsips' => 'on', - 'vips' => 'on', - 'vpnips' => 'on' - ); - -} - -$listFilename = $a_list['filename']; - -$a_list['list'] = snortSql_fetchAllSettingsList('SnortWhitelistips', $listFilename); - -$wanips_chk = $a_list['wanips']; -$wanips_on = ($wanips_chk == 'on' ? 'checked' : ''); - -$wangateips_chk = $a_list['wangateips']; -$wangateips_on = ($wangateips_chk == 'on' ? 'checked' : ''); - -$wandnsips_chk = $a_list['wandnsips']; -$wandnsips_on = ($wandnsips_chk == 'on' ? 'checked' : ''); - -$vips_chk = $a_list['vips']; -$vips_on = ($vips_chk == 'on' ? 'checked' : ''); - -$vpnips_chk = $a_list['vpnips']; -$vpnips_on = ($vpnips_chk == 'on' ? 'checked' : ''); - - - - $pgtitle = "Services: Snort: Whitelist Edit"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<form id="iform"> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <!-- table point --> - <input name="snortSaveWhitelist" type="hidden" value="1" /> - <input name="ifaceTab" type="hidden" value="snort_interfaces_whitelist_edit" /> - <input type="hidden" name="dbName" value="snortDB" /> <!-- what db --> - <input type="hidden" name="dbTable" value="SnortWhitelist" /> <!-- what db table --> - <input name="date" type="hidden" value="<?=$a_list['date'];?>" /> - <input name="uuid" type="hidden" value="<?=$a_list['uuid'];?>" /> - - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td> - - </tr> - <tr id="filename" data-options='{"filename":"<?=$listFilename; ?>"}' > - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"> - <input class="formfld2" name="filename" type="text" id="name" size="40" value="<?=$listFilename; ?>" /> <br /> - <span class="vexpl"> The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"> - <input class="formfld2" name="description" type="text" id="descr" size="40" value="<?=$a_list['description']; ?>" /> <br /> - <span class="vexpl"> You may enter a description here for your reference (not parsed). </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">List Type</td> - <td width="78%" class="vtable"> - <div style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"id="itemhelp"> - <strong>WHITELIST:</strong> This list specifies addresses that Snort Package should not block.<br><br> - <strong>NETLIST:</strong> This list is for defining addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file. - </div> - <select name="snortlisttype" class="formfld2" id="snortlisttype"> - <?php - $updateDaysList = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); - snortDropDownList($updateDaysList, $a_list['snortlisttype']); - ?> - </select> - <span class="vexpl"> Choose the type of list you will like see in your <span class="red">Interface Edit Tab</span>.</span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add auto generated ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">WAN IPs</td> - <td width="78%" class="vtable"> - <input name="wanips" type="checkbox" id="wanips" size="40" value="on" <?=$wanips_on; ?> /> - <span class="vexpl"> Add WAN IPs to the list. </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan Gateways</td> - <td width="78%" class="vtable"> - <input name="wangateips" type="checkbox" id="wangateips" size="40" value="on" <?=$wangateips_on; ?> /> - <span class="vexpl"> Add WAN Gateways to the list. </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan DNS servers</td> - <td width="78%" class="vtable"> - <input name="wandnsips" type="checkbox" id="wandnsips" size="40" value="on" <?=$wandnsips_on; ?> /> - <span class="vexpl"> Add WAN DNS servers to the list. </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td> - <td width="78%" class="vtable"> - <input name="vips" type="checkbox" id="vips" size="40" value="on" <?=$vips_on; ?> /> - <span class="vexpl"> Add Virtual IP Addresses to the list. </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">VPNs</td> - <td width="78%" class="vtable"> - <input name="vpnips" type="checkbox" id="vpnips" size="40" value="on" <?=$vpnips_on; ?> /> - <span class="vexpl"> Add VPN Addresses to the list. </span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add your own custom ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2"> - <div id="addressnetworkport">IP or CIDR items</div> - </td> - <td width="78%" class="vtable"> - <table > - <tbody class="insertrow"> - <tr> - <td colspan="4"> - <div style="width:550px; padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"id="itemhelp"> - For <strong>WHITELIST's</strong> enter <strong>ONLY IPs not CIDRs</strong>. Example: 192.168.4.1<br><br> - For <strong>NETLIST's</strong> you may enter <strong>IPs and CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24 - </div> - </td> - </tr> - <tr> - <td> - <div id="onecolumn" style="width:175px;"><span class="vexpl">IP or CIDR</span></div> - </td> - <td> - <div id="threecolumn"><span class="vexpl">Add a Description or leave blank and a date will be added.</span></div> - </td> - </tr> - </tbody> - <!-- Start of js loop --> - <tbody id="listloopblock" class="insertrow"> - <?php echo "\r"; $i = 0; foreach ($a_list['list'] as $list): ?> - <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"SnortWhitelist", "pagedb":"snortDB", "DoPOST":"false"}' > - <td> - <input class="formfld2" name="list[<?=$i; ?>][ip]" type="text" id="address" size="30" value="<?=$list['ip']; ?>" /> - </td> - <td> - <input class="formfld2" name="list[<?=$i; ?>][description]" type="text" id="detail" size="50" value="<?=$list['description'] ?>" /> - </td> - <td> - <img id="icon_x_<?=$list['uuid'];?>" class="icon_click icon_x" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" > - </td> - <input name="list[<?=$i; ?>][uuid]" type="hidden" value="<?=$list['uuid'];?>" /> - </tr> - <?php echo "\r"; $i++; endforeach; ?> - </tbody> - <!-- End of js loop --> - <tbody> - <tr> - <td> - </td> - <td> - </td> - <td> - <img id="iconplus_<?=$i;?>" class="icon_click icon_plus" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add list" > - </td> - </tr> - </tbody> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> - <input id="cancel" name="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> - </form> - - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_json_get.php b/config/snort-dev/snortsam-package-code/snort_json_get.php deleted file mode 100644 index 92058a75..00000000 --- a/config/snort-dev/snortsam-package-code/snort_json_get.php +++ /dev/null @@ -1,137 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// get json blocls sids -if ($_GET['snortsamjson'] == 1) { - - exec('cat /usr/local/etc/snort/sn_6TPXv7a/rules/dbBlockSplit/splitSidblock_' . $_GET['fileid'] . '.block', $output); - echo $output[0]; - -} - - -// upload created log tar to user -if ($_GET['snortGetUpdate'] == 1) { - - $tmpfname = "/usr/local/etc/snort/snort_download"; - $snort_filename = "snortrules-snapshot-2905.tar.gz"; - - - $snortSessionPath = $_SESSION['tmp']['snort']['snort_download_updates']; - - if (!file_exists("{$tmpfname}/{$snort_filename}")) { - - if ($snortSessionPath['download']['working'] != '1') { - unset($_SESSION['tmp']); - $snortSessionPath['download']['working'] = '1'; - sendUpdateSnortLogDownload(); - } - - } - - $time = time(); - while((time() - $time) < 30) - { - - // query memcache, database, etc. for new data - $data = $datasource->getLatest(); - - // if we have new data return it - if(!empty($data)) { - echo json_encode($data); - ob_flush(); - flush(); - break; - } - - usleep(25000); - } - -} // end main if - - - -// upload created log tar to user -if ($_GET['snortlogdownload'] == 1) { - - sendFileSnortLogDownload(); - -} - - -// send Json sid string -if ($_GET['snortGetSidString'] == 1) { - - // unset - unset($_GET['snortGetSidString']); - - // get the SID string from file - sendSidStringRuleEditGUI(); - -} - - - - - - - - - - - - - - - -?>
\ No newline at end of file diff --git a/config/snort-dev/snortsam-package-code/snort_json_post.php b/config/snort-dev/snortsam-package-code/snort_json_post.php deleted file mode 100644 index 418a90be..00000000 --- a/config/snort-dev/snortsam-package-code/snort_json_post.php +++ /dev/null @@ -1,568 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_build.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// unset crsf checks -if(isset($_POST['__csrf_magic'])) { - unset($_POST['__csrf_magic']); -} - - -function snortJsonReturnCode($returnStatus) -{ - if ($returnStatus == true) { - echo '{"snortgeneralsettings":"success","snortMiscTabCall":"true"}'; - return true; - }else{ - echo '{"snortgeneralsettings":"fail"}'; - return false; - } -} - -// row from db by uuid -if ($_POST['snortSidRuleEdit'] == 1) { - - function snortSidRuleEditFunc() - { - - unset($_POST['snortSidRuleEdit']); - snortSidStringRuleEditGUI(); - - } snortSidRuleEditFunc(); - -} - - -// row from db by uuid -if ($_POST['snortSaveRuleSets'] == 1) { - - if ($_POST['ifaceTab'] == 'snort_rules') { - function snortSaveRuleSetsRulesFunc() - { - // unset POSTs that are markers not in db - unset($_POST['snortSaveRuleSets']); - unset($_POST['ifaceTab']); - - snortJsonReturnCode(snortSql_updateRuleSigList()); - - } snortSaveRuleSetsRulesFunc(); - } - - if ($_POST['ifaceTab'] === 'snort_rules_ips') { - function snortSamRulesSaveFunc() - { - snortJsonReturnCode(snortSql_updateRulesSigsIps()); - buildSnortSamSidBlockMap($_POST['rdbuuid']); // - - } snortSamRulesSaveFunc(); - } - - - if ($_POST['ifaceTab'] == 'snort_rulesets' || $_POST['ifaceTab'] == 'snort_rulesets_ips') { - - function snortSaveRuleSetsRulesetsFunc() - { - // unset POSTs that are markers not in db - unset($_POST['snortSaveRuleSets']); - unset($_POST['ifaceTab']); - - // save to database - snortJsonReturnCode(snortSql_updateRuleSetList()); - - if (!empty($_POST['rdbuuid'])) { - buildSnortSamSidBlockMap($_POST['rdbuuid']); // - } - - // only build if uuid is valid - if (!empty($_POST['uuid'])) { - build_snort_settings($_POST['uuid']); - } - - } snortSaveRuleSetsRulesetsFunc(); - } - - -} // END of rulesSets - -// row from db by uuid -if ( $_POST['RMlistDelRow'] == 1 || $_POST['RSTlistRow'] == 1 ) { - - - function RMlistDelRowFunc() - { - - $rm_row_list = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']); - - // list rules in the default dir - if ($_POST['RMlistTable'] == 'SnortIfaces') { - - $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid']; - - exec('/bin/rm -r ' . $snortRuleDir); - } - - // rm ruledb and files - if ($_POST['RMlistTable'] == 'Snortrules') { - - // remove db tables vals - snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RMlistUuid']); - - // remove dir - $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}"; - exec('/bin/rm -r ' . $snortRuleDir); - } - - if ($_POST['RMlistTable'] == 'SnortWhitelist') { - snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortWhitelistips', 'filename', $rm_row_list['filename']); - } - - snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); - - } if ( $_POST['RMlistDelRow'] == 1 ) { RMlistDelRowFunc(); } - - function RSTlistDelRowFunc() - { - - // rm ruledb and files - if ($_POST['RSTlistTable'] == 'Snortrules') { - - // remove dir - $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}"; - exec('/bin/rm -r ' . $snortRuleDir . '/rules/*.rules'); - - // remove db tables vals - snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RSTlistUuid']); - snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RSTlistUuid']); - snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RSTlistUuid']); - snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RSTlistUuid']); - snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RSTlistUuid']); - - // NOTE: code only works on php5 - $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); - $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); - $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); - - if (!empty($listSnortRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules"); - } - if (!empty($listEmergingRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules"); - } - if (!empty($listPfsenseRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules"); - } - - - } - - } if ( $_POST['RSTlistRow'] == 1 ) { RSTlistDelRowFunc(); } - - -} - - -// general settings save -if ($_POST['snortSaveSettings'] == 1) { - - function snortSaveSettingsFunc() - { - - // Save ruleDB settings - if ($_POST['dbTable'] == 'Snortrules') { - - function saveSnortrules() - { - - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); - - if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) { - - // creat iface dir and ifcae rules dir - exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - - // create at least one file - if (!file_exists("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules")) { - exec("/usr/bin/touch /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules"); - } - - // NOTE: code only works on php5 - $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); - $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); - $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); - - if (!empty($listSnortRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - } - if (!empty($listEmergingRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - } - if (!empty($listPfsenseRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - } - - - } //end of mkdir - - } saveSnortrules(); - - snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); - - } // END if Snortrules - - // Save general settings - if ($_POST['dbTable'] == 'SnortSettings') { - - function saveSnortSettings() - { - - if ($_POST['ifaceTab'] == 'snort_interfaces_global') { - // checkboxes when set to off never get included in POST thus this code - $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); - } - - if ($_POST['ifaceTab'] == 'snort_alerts') { - - if (!isset($_POST['arefresh'])) - $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); - - } - - if ($_POST['ifaceTab'] == 'snort_blocked') { - - if (!isset($_POST['brefresh'])) - $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); - - } - - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); - - } saveSnortSettings(); - - snortJsonReturnCode(snortSql_updateSettings('id', '1')); - - } // END IF SnortSettings - - // Save rule settings on the interface edit tab - if ($_POST['dbTable'] == 'SnortIfaces') { - - function saveSnortIfaces() - { - - // snort interface edit - if ($_POST['ifaceTab'] == 'snort_interfaces_edit') { - - function SnortIfaces_Snort_Interfaces_edit() - { - if (!isset($_POST['enable'])) - $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); - - if (!isset($_POST['blockoffenders7'])) - $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']); - - if (!isset($_POST['alertsystemlog'])) - $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']); - - if (!isset($_POST['tcpdumplog'])) - $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']); - - if (!isset($_POST['snortunifiedlog'])) - $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']); - - // convert textbox to base64 - $_POST['configpassthru'] = base64_encode($_POST['configpassthru']); - - /* - * make dir for the new iface, if iface exists or rule dir has changed redo soft link - * may need to move this as a func to new_snort.inc - */ - $newSnortDir = 'sn_' . $_POST['uuid']; - $pathToSnortDir = '/usr/local/etc/snort'; - - // creat iface dir and ifcae rules dir - if (!is_dir("{$pathToSnortDir}/{$newSnortDir}")) { - createNewIfaceDir($pathToSnortDir, $newSnortDir); - } //end of mkdir - - snortRulesCreateSoftlink(); - - } SnortIfaces_Snort_Interfaces_edit(); - - } // end of snort_interfaces_edit - - // snort preprocessor edit - if ($_POST['ifaceTab'] == 'snort_preprocessors') { - - function SnortIfaces_Snort_PreprocessorsFunc() - { - if (!isset($_POST['dce_rpc_2'])) { - $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']); - } - - if (!isset($_POST['dns_preprocessor'])) { - $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']); - } - - if (!isset($_POST['ftp_preprocessor'])) { - $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']); - } - - if (!isset($_POST['http_inspect'])) { - $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']); - } - - if (!isset($_POST['other_preprocs'])) { - $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']); - } - - if (!isset($_POST['perform_stat'])) { - $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']); - } - - if (!isset($_POST['sf_portscan'])) { - $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']); - } - - if (!isset($_POST['smtp_preprocessor'])) { - $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']); - } - - } SnortIfaces_Snort_PreprocessorsFunc(); - - } - - // snort barnyard edit - if ($_POST['ifaceTab'] == 'snort_barnyard') { - function SnortIfaces_Snort_Barnyard() - { - // make shure iface is lower case - $_POST['interface'] = strtolower($_POST['interface']); - - if (!isset($_POST['barnyard_enable'])) { - $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']); - } - } SnortIfaces_Snort_Barnyard(); - } - - - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); - - snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); - build_snort_settings($_POST['uuid']); - - } saveSnortIfaces(); - - } // END IF SnortIfaces - - } snortSaveSettingsFunc(); - - -} // STOP General Settings Save - -// Suppress settings save -if ($_POST['snortSaveSuppresslist'] == 1) { - - function snortSaveSuppresslistFunc() - { - - // post for supress_edit - if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') { - - // make sure filename is valid - if (!is_validFileName($_POST['filename'])) { - echo 'Error: FileName'; - return false; - } - - // unset POSTs that are markers not in db - unset($_POST['snortSaveSuppresslist']); - unset($_POST['ifaceTab']); - - // convert textbox to base64 - $_POST['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); - - // Write to database - snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); - - } - - } - snortSaveSuppresslistFunc(); - -} - -// Whitelist settings save -if ($_POST['snortSaveWhitelist'] == 1) { - - function snortSaveWhitelistFunc() - { - - if ($_POST['ifaceTab'] == 'snort_interfaces_whitelist_edit') { - - if (!is_validFileName($_POST['filename'])) { - echo 'Error: FileName'; - return false; - } - - $_POST['wanips'] = ($_POST['wanips'] == '' ? off : $_POST['wanips']); - $_POST['wangateips'] = ($_POST['wangateips'] == '' ? off : $_POST['wangateips']); - $_POST['wandnsips'] = ($_POST['wandnsips'] == '' ? off : $_POST['wandnsips']); - $_POST['vips'] = ($_POST['vips'] == '' ? off : $_POST['vips']); - $_POST['vpnips'] = ($_POST['vpnips'] == '' ? off : $_POST['vpnips']); - - } - - // unset POSTs that are markers not in db - unset($_POST['snortSaveWhitelist']); - unset($_POST['ifaceTab']); - - // Split the POST for 2 arraus - $whitelistIPs = $_POST['list']; - unset($_POST['list']); - - - if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) { - snortJsonReturnCode(true); - }else{ - snortJsonReturnCode(false); - } - - } - snortSaveWhitelistFunc(); - -} - -// download code for alerts page -if ($_POST['snortlogsdownload'] == 1) { - - function snortlogsdownloadFunc() - { - conf_mount_rw(); - snort_downloadAllLogs(); - conf_mount_ro(); - } - snortlogsdownloadFunc(); - -} - -// download code for alerts page -if ($_POST['snortblockedlogsdownload'] == 1) { - - function snortblockedlogsdownloadFunc() - { - conf_mount_rw(); - snort_downloadBlockedIPs(); - conf_mount_ro(); - } - snortblockedlogsdownloadFunc(); - -} - - -// code neeed to be worked on when finnished rules code -if ($_POST['snortlogsdelete'] == 1) { - - function snortlogsdeleteFunc() - { - conf_mount_rw(); - snortDeleteLogs(); - conf_mount_ro(); - } - snortlogsdeleteFunc(); -} - -// flushes snort2c table -if ($_POST['snortflushpftable'] == 1) { - - function snortflushpftableFunc() - { - conf_mount_rw(); - snortRemoveBlockedIPs(); - conf_mount_ro(); - } - snortflushpftableFunc(); -} - -// reset db reset_snortgeneralsettings -if ($_POST['reset_snortgeneralsettings'] == 1) { - - function reset_snortgeneralsettingsFunc() - { - conf_mount_rw(); - reset_snortgeneralsettings(); - conf_mount_ro(); - } - reset_snortgeneralsettingsFunc(); - -} - - -?> - - - - - - - - - - diff --git a/config/snort-dev/snortsam-package-code/snort_new.inc b/config/snort-dev/snortsam-package-code/snort_new.inc deleted file mode 100644 index b9fc2322..00000000 --- a/config/snort-dev/snortsam-package-code/snort_new.inc +++ /dev/null @@ -1,1368 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -// unset crsf checks -if(isset($_POST['__csrf_magic'])) { - unset($_POST['__csrf_magic']); -} - -//require_once("pfsense-utils.inc"); -require_once("config.inc"); -require_once("functions.inc"); - -// create and cp to tmp db dir -if (!file_exists('/var/snort/')) { - exec('/bin/mkdir -p /var/snort/'); -} - -if (file_exists('/usr/local/pkg/snort/snortDBtemp')) { - exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp'); -} - -// used in snort_rules_ips.php and create sid block map -function snortSearchArray($array, $key, $value) -{ - $results = array(); - - if (is_array($array)) - { - foreach ($array as $subarray) - { - if ($subarray[$key] == $value) { - $results = $subarray; - } - - } - - } - - return $results; -} - -// used in snort_rules_ips.php and create sid block map -function getCurrentIpsRuleArray($output) -{ - - foreach (array_unique($output) as $line) - { - $newOutput = explode(' # ', $line); - $newLine[] = $newOutput; - } - - return $newLine; -} - -/* -* make dir for the new iface, if iface exists or rule dir has changed redo soft link -*/ -function snortRulesCreateSoftlink() -{ - $newSnortDir = 'sn_' . $_POST['uuid']; - $pathToSnortDir = '/usr/local/etc/snort'; - - // change the rule path - if (is_dir("{$pathToSnortDir}/{$newSnortDir}")) { - - $snortCurrentRuleDbName = snortSql_fetchAllSettings('snortDB', 'snortIfaces', 'uuid', $_POST['uuid']); - - if ($_POST['ruledbname'] !== $snortCurrentRuleDbName['ruledbname'] || !file_exists("{$pathToSnortDir}/{$newSnortDir}/rules")) { - - // NOTE: use full paths or link rm will not work, Freebsd love - exec("/bin/rm {$pathToSnortDir}/{$newSnortDir}/rules"); - exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/{$newSnortDir}/rules"); - - } - - } -} - - -// Wites selected sig to file -function snortSidStringRuleEditGUI() -{ - - $workingFile = '/usr/local/etc/snort/sn_' . $_POST['snortSidRuleIface'] . '/rules/' . $_POST['snortSidRuleFile']; - - $splitcontents = split_rule_file($workingFile); - - if (!empty($splitcontents)) { - $sidLinePosPre = exec('/usr/bin/sed -n /sid:' . $_POST['snortSidNum'] . '\;/= ' . $workingFile); - $sidLinePos = $sidLinePosPre - 1; - - $splitcontents[$sidLinePos] = $_POST['sidstring']; - - - write_rule_file($splitcontents, $workingFile); - - return true; - } - - return false; - -} - -function sendSidStringRuleEditGUI() -{ - - $sidCall = exec('sed -n "/alert.*sid:' . $_GET['sid'] . ';.*/p" /usr/local/etc/snort/sn_' . $_GET['snortIface'] . '/rules/' . $_GET['snortRuleFile']); - $sidCallJsonFilter = escapeJsonString($sidCall); - - echo '{"sidstring":' . '"' . $sidCallJsonFilter . '","sid":' . '"' . $_GET['sid'] . '"}'; - return true; -} - -// create new Ifac dirs and soft links -function createNewIfaceDir($pathToSnortDir, $newSnortDir) { - - exec("/bin/mkdir -p {$pathToSnortDir}/{$newSnortDir}"); - - // create rules dir soft link if setting is default - if ($_POST['ruledbname'] === 'default' || empty($_POST['ruledbname'])) { - if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { - exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/default/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules"); - } - } - - // create rules dir soft link if setting is not default - if ($_POST['ruledbname'] !== 'default' || $_POST['ruledbname'] != '') { - if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists("{$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules")) { - exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules"); - } - } - - // cp new rules - exec("/bin/cp {$pathToSnortDir}/etc/*.config {$pathToSnortDir}/sn_{$_POST['uuid']}"); - exec("/bin/cp {$pathToSnortDir}/etc/*.conf {$pathToSnortDir}/sn_{$_POST['uuid']}"); - exec("/bin/cp {$pathToSnortDir}/etc/*.map {$pathToSnortDir}/sn_{$_POST['uuid']}"); - exec("/bin/cp {$pathToSnortDir}/etc/generators {$pathToSnortDir}/sn_{$_POST['uuid']}"); - exec("/bin/cp {$pathToSnortDir}/etc/sid {$pathToSnortDir}/sn_{$_POST['uuid']}"); -} // end of func - -function escapeJsonString($escapeString) -{ - // NOTE: foward slash has added spaces on each side ie and chrome were giving issues with - $search = array('\\', '\n', '\r', '\u', '\t', '\f', '\b', '/', '"'); - $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', ' \/ ', '\"'); - $encoded_string = str_replace($search, $replace, $escapeString); - - return $encoded_string; - -} - -// limit the length of the given string to $MAX_LENGTH char -function trimLength($s) { - - - $MAX_LENGTH = 13; - $str_to_count = $s; - if (strlen($str_to_count) <= $MAX_LENGTH) { - return $s; - } - - $s2 = substr($str_to_count, 0, $MAX_LENGTH - 3); - $s2 .= "..."; - return $s2; -} - - -// builds base array with sid etc.... -function newFilterRuleSig($baseruleArray) -{ - - function get_middle($source, $beginning, $ending, $init_pos) - { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; - } - - - $i = 0; - $newSigArray[] = array(); - foreach ( $baseruleArray as $value ) - { - if (preg_match('/^# alert/', $value) || preg_match('/^alert/', $value)) { - - // add sid - $newSigArray[$i]['sid'] = get_middle($value, 'sid:', ';', 0); - - // remove whitespaces - $rmWhitespaces = preg_replace('/\s\s+/', ' ', $value); - // remove whitespace betwin # aerrt - $rmAlertWhitespace = preg_replace('/^# alert/', '#alert', $rmWhitespaces); - $splitcontents = explode(' ', $rmAlertWhitespace); - - // enable or disable - if ($splitcontents[0] === '#alert') { - $newSigArray[$i]['enable'] = 'off'; - }else{ - $newSigArray[$i]['enable'] = 'on'; - } - - // proto - $newSigArray[$i]['proto'] = $splitcontents[1]; - - // source - $newSigArray[$i]['src'] = trimLength($splitcontents[2]); - - // source port - $newSigArray[$i]['srcport'] = trimLength($splitcontents[3]); - - // Destination - $newSigArray[$i]['dst'] = trimLength($splitcontents[5]); - - // Destination port - $newSigArray[$i]['dstport'] = trimLength($splitcontents[6]); - - // sig message - $newSigArray[$i]['msg'] = get_middle($value, 'msg:"', '";', 0); - - } - - $i++; - - } - - return $newSigArray; -} - - -function split_rule_file($workingFile) -{ - $filehandle = fopen($workingFile, "r"); - $contents = fread($filehandle, filesize($workingFile)); - - fclose ($filehandle); - - $delimiter = "\n"; - - $splitcontents = explode($delimiter, $contents); - - return $splitcontents; -} - - -// write rule file to disk -function write_rule_file($content_changed, $received_file) -{ - - //read snort file with writing enabled - $filehandle = fopen($received_file, "w"); - - //delimiter for each new rule is a new line - $delimiter = "\n"; - - //implode the array back into a string for writing purposes - $fullfile = implode($delimiter, $content_changed); - - //write data to file - fwrite($filehandle, $fullfile); - - //close file handle - fclose($filehandle); - -} - - -// Save ruleSets settings -function snortSql_updateRuleSigList() -{ - - // selected snort rule file - $workingFile = "/usr/local/etc/snort/snortDBrules/DB/{$_SESSION['snort']['tmp']['snort_rules']['rdbuuid']}/rules/{$_SESSION['snort']['tmp']['snort_rules']['rulefile']}"; - - $splitcontents = split_rule_file($workingFile); - - // open rule file and change enable/disable sids - function read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray) - { - - foreach ($splitcontents as $sigLine) - { - $replaceChars = array('/sid:/', '/;/'); - preg_match('/sid:[0-9]*;/', $sigLine, $matches); - $sidLine = preg_replace($replaceChars, '', $matches[0]); - - - if (empty($sidLine)) { - $tempstring[] = $sigLine; - }else{ - - if (in_array($sidLine, $enableSigsArray)) { - $tempstring[] = str_replace("# alert", "alert", $sigLine); - } - - if (in_array($sidLine, $disableSigsArray)) { - $tempstring[] = str_replace("alert", "# alert", $sigLine); - } - - if (!in_array($sidLine, $enableSigsArray) && !in_array($sidLine, $disableSigsArray)) { - $tempstring[] = $sigLine; - } - } - } - - return $tempstring; - } - - // build user selected enbled and disabled arrays - $enableSigsArray = array(); - $disableSigsArray = array(); - - if (!isset($_POST['filenamcheckbox2'])) { - $_POST['filenamcheckbox2'] = array(); - } - - $newFilterRuleSigArray = newFilterRuleSig($splitcontents); - - foreach ($newFilterRuleSigArray as $sigArray) - { - // enable sig - if(in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'off') { - $enableSigsArray[] = $sigArray['sid']; - } - - // disable sig - if(!in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'on') { - $disableSigsArray[] = $sigArray['sid']; - } - } - - // read rule file change disable/enable then write to file if arrays are not empty - if (!empty($enableSigsArray) || !empty($disableSigsArray)) { - write_rule_file(read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray), $workingFile); - } - - // Insert into the DB for oinkmaster - - function sql_EnableDisabeSid($SigArray, $OnOff) - { - - $dbname = $_SESSION['snort']['tmp']['snort_rules']['dbName']; - $table = $_SESSION['snort']['tmp']['snort_rules']['dbTable']; - $rdbuuid = $_SESSION['snort']['tmp']['snort_rules']['rdbuuid']; - $rulefile = $_SESSION['snort']['tmp']['snort_rules']['rulefile']; - $addDate = date(U); - - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$dbname}"); - - foreach ($SigArray as $mDEanbled) - { - - $resultid = sqlite_query($db, - "SELECT id FROM {$table} WHERE signatureid = '{$mDEanbled}' AND signaturefilename = '{$rulefile}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); - - if (empty($chktable)) { - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$table} (date, rdbuuid, signatureid, signaturefilename, enable) VALUES ('{$addDate}', '{$rdbuuid}', '{$mDEanbled}', '{$rulefile}', '{$OnOff}'); - "); - - }else{ - if ($chktable[0]['enable'] != $OnOff) { - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET date = {$addDate}, enable = '{$OnOff}' WHERE signatureid = '{$mDEanbled}' AND signaturefilename = '{$rulefile}'; - "); - } - - - } - - - } - - sqlite_close($db); - - } // snd of function - - sql_EnableDisabeSid($enableSigsArray, 'on'); - sql_EnableDisabeSid($disableSigsArray, 'off'); - - - return true; - - -} // END Save ruleSets settings - - -// Save rulessigs settings for snort_rules_ips -function snortSql_updateRulesSigsIps() -{ - - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); - - function insertUpdateDB($db) - { - - // get default settings - $listGenRules = array(); - $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']); - - // if $listGenRules empty list defaults - if (empty($listGenRules)) { - $listGenRules[0] = array( - 'id' => 1, - 'rdbuuid' => $_POST['rdbuuid'], - 'enable' => 'on', - 'who' => 'src', - 'timeamount' => 15, - 'timetype' => 'minutes' - ); - } - - $addDate = date(U); - - // checkbox off catch - $listGenRulesEnable = $listGenRules[0]['enable']; - if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) { - - $listGenRulesEnable = 'off'; - } - - // TODO: inprove this foreach so we only interact with db once - foreach ($_POST['snortsam']['db'] as $singleSig) - { - - $resultid = sqlite_query($db, - "SELECT id FROM {$_POST['dbTable']} WHERE siguuid = '{$singleSig['siguuid']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); - - // checkbox off catch - $singleSigEnable = $singleSig['enable']; - if ( empty($singleSig['enable']) ) { - - $singleSigEnable = 'off'; - } - - // only do this if something change from defauts settings, note: timeamount Not equal - $somthingChanged = FALSE; - if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] != $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) { - $somthingChanged = TRUE; - } - - if ( empty($chktable) && $somthingChanged ) { - - $rulesetUuid = genAlphaNumMixFast(11, 14); - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, siguuid, sigfilename, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['siguuid']}', '{$singleSig['sigfilename']}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}'); - "); - - } - - if ( !empty($chktable) && $somthingChanged ) { - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}'; - "); - - } - - } // END foreach - - } insertUpdateDB($db); - - function cleanupDB($db) - { - // clean database of old names and turn rulesets off - $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$_POST['rdbuuid']}/rules/", '\.rules'); - - $resultAllRulesetname = sqlite_query($db, - "SELECT sigfilename FROM {$_POST['dbTable']} WHERE rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC); - - if (!empty($chktable2)) { - foreach ($chktable2 as $value) - { - - if(!in_array($value['sigfilename'], $listDir)) { - $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production - "DELETE FROM {$_POST['dbTable']} WHERE sigfilename = '{$value['sigfilename']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - } - - } - } - } cleanupDB($db); - - sqlite_close($db); - return true; - -} - - - -// Save ruleSets settings -function snortSql_updateRuleSetList() -{ - - function createUpdateRulesetTable() - { - - $addDate = date(U); - - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); - - if (empty($_POST['filenamcheckbox'])) { - $ruleSetfilenames = array(); - } - - // foreach selected rulesets do this - if (!empty($_POST['filenamcheckbox'])) { - foreach ($_POST['filenamcheckbox'] as $ruleSetfilename) - { - - $resultid = sqlite_query($db, - "SELECT id, enable FROM {$_POST['dbTable']} WHERE rulesetname = '{$ruleSetfilename}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); - - if (empty($chktable)) { - - $rulesetUuid = genAlphaNumMixFast(11, 14); - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, rulesetname, enable) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$ruleSetfilename}', 'on'); - "); - - }else{ - if ($chktable[0]['enable'] == 'off') { - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$_POST['dbTable']} SET enable = 'on' WHERE id = '{$chktable[0]['id']}'; - "); - } - } - } - } // end foreach if - - - // clean database of old names and turn rulesets off - $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$_POST['rdbuuid']}/rules/", '\.rules'); - - $resultAllRulesetname = sqlite_query($db, - "SELECT rulesetname FROM {$_POST['dbTable']} WHERE rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC); - - - if (!empty($chktable2)) { - foreach ($chktable2 as $value) - { - - if(!in_array($value['rulesetname'], $listDir)) { - $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production - "DELETE FROM {$_POST['dbTable']} WHERE rulesetname = '{$value['rulesetname']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - } - - if(!in_array($value['rulesetname'], $_POST['filenamcheckbox'])) { - $ruleSetisOff = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$_POST['dbTable']} SET enable = 'off' WHERE rulesetname = '{$value['rulesetname']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - } - } - } - sqlite_close($db); - } // END createUpdateRulesetTable func - createUpdateRulesetTable(); - - // save gen setting only if on ips tab - if ($_POST['dbTable'] === 'SnortruleSetsIps') { - - function createUpdateRulesetGenTable() - { - $table = 'SnortruleGenIps'; - $rulesetUuid = genAlphaNumMixFast(11, 14); - $addDate = date(U); - - // if enable is empty then set to off - if (empty($_POST['snortsam']['db']['gensettings']['enable'])) { - - $_POST['snortsam']['db']['gensettings']['enable'] = 'off'; - } - - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); - - $resultid = sqlite_query($db, - "SELECT id FROM {$table} WHERE rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); - - if (!empty($chktable)) { - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET enable = '{$_POST['snortsam']['db']['gensettings']['enable']}', who = '{$_POST['snortsam']['db']['gensettings']['who']}', timeamount = '{$_POST['snortsam']['db']['gensettings']['timeamount']}', timetype = '{$_POST['snortsam']['db']['gensettings']['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}'; - "); - - }else{ - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$table} (date, uuid, rdbuuid, enable, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$_POST['snortsam']['db']['gensettings']['enable']}', '{$_POST['snortsam']['db']['gensettings']['who']}', '{$_POST['snortsam']['db']['gensettings']['timeamount']}', '{$_POST['snortsam']['db']['gensettings']['timetype']}'); - "); - } - - sqlite_close($db); - } // END createUpdateRulesetGenTable - createUpdateRulesetGenTable(); - - } - return true; - -} // END Save ruleSets settings - - -function snortSql_fetchAllInterfaceRules($table, $dbname) -{ - // do let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$dbname}"); - - $result = sqlite_query($db, - "SELECT * FROM {$table} WHERE id > 0; - "); - - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - - sqlite_close($db); - - return $chktable; - -} - - -// fetch db Settings NONE Json -function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid) -{ - - if (empty($dbname) || empty($table) || empty($type)) { - return false; - } - - $db = sqlite_open("/usr/local/pkg/snort/$dbname"); - - if ($type == 'All') { - - $result = sqlite_query($db, - "SELECT * FROM {$table} WHERE id > 0; - "); - - }else{ - - $result = sqlite_query($db, - "SELECT * FROM {$table} where {$type} = '{$id_uuid}'; - "); - - } - - if ($type == 'id' || $type == 'uuid') { - $chktable = sqlite_fetch_array($result, SQLITE_ASSOC); - } - - if ($type == 'All' || $type == 'ifaceuuid' || $type == 'ruledbname' || $type == 'rdbuuid' || $type == 'filename') { - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - } - - sqlite_close($db); - - return $chktable; - - -} // end func - -// fetch db list settings NONE Json -function snortSql_fetchAllSettingsList($table, $listFilename) -{ - - $db = sqlite_open('/usr/local/pkg/snort/snortDB'); - - $result = sqlite_query($db, - "SELECT * FROM {$table} WHERE filename = \"{$listFilename}\"; - "); - - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - - sqlite_close($db); - - return $chktable; - -} - -// Update settings to database -function snortSql_updateSettings($type, $id_uuid) -{ - $dbname = $_POST['dbName']; - $settings = $_POST; - - // update date on every save - $_POST['date'] = date(U); - - $db = "/usr/local/pkg/snort/$dbname"; - $mydb = sqlite_open("$db"); - $table = $settings['dbTable']; - - // unset POSTs that are markers not in db - unset($settings['dbName']); - unset($settings['dbTable']); - - // START add new row if not set - if ($type == 'uuid') { - - $query_ck = sqlite_query($mydb, // @ supress warnings usonly in production - "SELECT * FROM {$table} WHERE uuid = '{$id_uuid}'; - "); - - $query_ckFinal = sqlite_fetch_all($query_ck, SQLITE_ASSOC); - - if (empty($query_ckFinal)) { - - $query_ck = sqlite_query($mydb, // @ supress warnings usonly in production - "INSERT INTO {$table} (date, uuid) VALUES ('{$settings['date']}', '{$settings['uuid']}'); - "); - - if (sqlite_changes($mydb) < 1) { - sqlite_close($mydb); - return 'Error in query'; - } - - } - - } - - // START add values to row - $kv = array(); - foreach ($settings as $key => $value) - { - $kv[] = $key; - $val[] = $value; - } - - $countKv = count($kv); - - $i = -1; - while ($i < $countKv) - { - - $i++; - - if (!empty($kv[$i])) - { - - if ($type == 'id') - { - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "UPDATE {$table} SET {$kv[$i]} = '{$val[$i]}' WHERE id = '{$id_uuid}'; - "); - } - - if ($type == 'uuid') - { - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "UPDATE {$table} SET {$kv[$i]} = '{$val[$i]}' WHERE uuid = '{$id_uuid}'; - "); - } - - if (sqlite_changes($mydb) < 1) - { - sqlite_close($mydb); - return 'Error in query'; - } - - } - } // end while - - sqlite_close($mydb); - return true; - -} - - -// fetch for snort_interfaces_whitelist.php NONE Json -// use sqlite_fetch_array for single and sqlite_fetch_all for lists -function snortSql_fetchAllWhitelistTypes($table, $table2) -{ - - if (empty($table)) { - return false; - } - - $db = sqlite_open('/usr/local/pkg/snort/snortDB'); - - - $result = sqlite_query($db, - "SELECT * FROM {$table} where id > 0; - "); - - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - - if (empty($chktable)) { - return false; - } - - if ($table2 != '') - { - foreach ($chktable as $value) - { - - $filename2 = $value['filename']; - - $result2 = sqlite_query($db, - "SELECT ip FROM {$table2} WHERE filename = \"{$filename2}\" LIMIT 4; - "); - - $chktable2 = sqlite_fetch_all($result2, SQLITE_ASSOC); - - $final2 = array('id' => $value['id']); - $final2['date'] = $value['date']; - $final2['uuid'] = $value['uuid']; - $final2['filename'] = $value['filename']; - $final2['description'] = $value['description']; - $final2['snortlisttype'] = $value['snortlisttype']; - - - $final2['list'] = $chktable2; - - $final[] = $final2; - - } // end foreach - }else{ - $final = $chktable; - } - sqlite_close($db); - - return $final; - - -} // end func - - -// Save Whitelistips Settings -function snortSql_updateWhitelistIps($newPostListips) -{ - - if(empty($newPostListips)) - { - return true; - } - - $table = $_POST['dbTable']; - $filename = $_POST['filename']; - - $db = '/usr/local/pkg/snort/snortDB'; - $mydb = sqlite_open("$db"); - $tableips = $table . 'ips'; - $date = date(U); - - // remove list array that has nul ip - foreach ($newPostListips as $ipsListEmpty) - { - if (!empty($ipsListEmpty['ip'])) - { - $genList[] = $ipsListEmpty; - } - } - unset($newPostListips); - - // remove everything if nothing is in the post - if (empty($genList)) - { - - $query = sqlite_query($mydb, // @ supress warnings use only in production - "DELETE FROM {$tableips} WHERE filename = '{$filename}'; - "); - - sqlite_close($mydb); - return true; - - } - - // START Remove entries from DB - $resultUuid = sqlite_query($mydb, - "SELECT uuid FROM {$tableips} WHERE filename = '{$filename}'; - "); - - $resultUuidFinal = sqlite_fetch_all($resultUuid, SQLITE_ASSOC); - - if (!empty($genList) && !empty($resultUuidFinal)) - { - - foreach ($resultUuidFinal as $list3) - { - $uuidListDB[] = $list3['uuid']; - } - - foreach ($genList as $list2) - { - $uuidListPOST[] = $list2['uuid']; - } - - // create diff array - $uuidDiff = array_diff($uuidListDB, $uuidListPOST); - - // delet diff list objs - if ($uuidDiff != '') - { - foreach ($uuidDiff as $list4) - { - - // remove everything - $query = sqlite_query($mydb, // @ supress warnings use only in production - "DELETE FROM {$tableips} WHERE uuid = '{$list4}'; - "); - - } // end foreach - } - } - - // START add entries/updates to DB - foreach ($genList as $list) - { - - if ($list['uuid'] == 'EmptyUUID') - { - - $uuid = genAlphaNumMixFast(28, 28); - $list['uuid'] = $uuid; - - $query = sqlite_query($mydb, // @ supress warnings use only in production - "INSERT INTO {$tableips} (date, uuid, filename) VALUES ('{$date}', '{$uuid}', '{$filename}'); - "); - - if (sqlite_changes($mydb) < 1) - { - sqlite_close($mydb); - return 'Error in query'; - } - - foreach ($list as $key => $value) - { - - if ($key != '') - { - - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "UPDATE {$tableips} SET {$key} ='{$value}' WHERE uuid = '{$uuid}'; - "); - - if (sqlite_changes($mydb) < 1) - { - sqlite_close($mydb); - return 'Error in query'; - } - - } - - } // end foreach - - }else{ - - $uuid = $list['uuid']; - - foreach ($list as $key => $value) - { - - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "UPDATE {$tableips} SET {$key} ='{$value}', date = '{$date}' WHERE uuid = '{$uuid}'; - "); - - if (sqlite_changes($mydb) < 1) - { - sqlite_close($mydb); - return 'Error in query'; - } - - } // end foreach - - } // end main if - - } // end Main foreach - - sqlite_close($mydb); - return true; - -} // end of func - -// RMlist Delete -function snortSql_updatelistDelete($databse, $table, $type, $uuid_filename) -{ - - $db = "/usr/local/pkg/snort/{$databse}"; - - $mydb = sqlite_open("$db"); - - if (!empty($type)) { - - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "DELETE FROM {$table} WHERE {$type} = '{$uuid_filename}'; - "); - - if (sqlite_changes($mydb) < 1) { - sqlite_close($mydb); - return 'Error in query'; - } - - } - - sqlite_close($mydb); - return true; - -} // END main func - -// create dropdown list -function snortDropDownList($list, $setting) { - foreach ($list as $iday => $iday2) { - - echo "\n" . "<option value=\"{$iday}\""; if($iday == $setting) echo " selected "; echo '>' . htmlspecialchars($iday2) . '</option>' . "\r"; - - } -} - -// downlod all snort logs -function snort_downloadAllLogs() { - - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_logs_{$save_date}.tar.gz"; - - exec('/bin/rm /tmp/snort_logs_*.gz'); // remove old file - exec('/bin/rm /tmp/snort_blocked_*.gz'); // remove old file - exec('/bin/rm /tmp/snort_block.pf'); // remove old file - exec('/bin/rm -r /tmp/snort_blocked'); // remove old file - exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort"); - - if (file_exists("/tmp/snort_logs_{$save_date}.tar.gz")) { - echo " - { - \"snortdownload\": \"success\", - \"downloadfilename\": \"{$save_date}\" - } - "; - return true; - }else{ - return false; - } -} - -// send log files to browser GET function -function sendFileSnortLogDownload() { - //ob_start(); //importanr or other post will fail - $file_name_date = $_GET['snortlogfilename']; - - $file_name1 = "/tmp/snort_logs_{$file_name_date}.tar.gz"; - $file_name2 = "/tmp/snort_blocked_{$file_name_date}.tar.gz"; - - if (file_exists($file_name1)) { - $file_name = "snort_logs_{$file_name_date}.tar.gz"; - } - - if (file_exists($file_name2)) { - $file_name = "snort_blocked_{$file_name_date}.tar.gz"; - } - - if (empty($file_name)) { - echo 'Error no saved file.'; - return false; - } - - if(file_exists("/tmp/{$file_name}")) - { - $file = "/tmp/{$file_name}"; - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); - header("Pragma: private"); // needed for IE - header("Cache-Control: private, must-revalidate"); // needed for IE - header('Content-type: application/force-download'); - header('Content-Transfer-Encoding: Binary'); - header("Content-length: ".filesize($file)); - header("Content-disposition: attachment; filename = {$file_name}"); - readfile("$file"); - exec("/bin/rm /tmp/{$file_name}"); - //od_end_clean(); //importanr or other post will fail - }else{ - echo 'Error no saved file.'; - return false; - } -} - -// Warning code not finnish untill rule code is DONE ! -// Delete Snort logs -function snortDeleteLogs() { - if(file_exists('/var/log/snort/alert')) - { - exec('/bin/echo "" > /var/log/snort/alert'); - //post_delete_logs(); - exec('/usr/sbin/chown snort:snort /var/log/snort/*'); - exec('/bin/chmod 660 /var/log/snort/*'); - sleep(2); - exec('/usr/bin/killall -HUP snort'); - } - - echo ' - { - "snortdelete": "success" - } - '; - return true; - -} - -// Warning code not finnish untill rule code is DONE ! -// code neeed to be worked on when finnished rules code -function post_delete_logs() -{ - global $config, $g; - - - $snort_log_dir = '/var/log/snort'; - - /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - { - - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id = -1; - foreach ($rule_array as $value) - { - - if (empty($id)) { - $id = 0; - } - - $id += 1; - - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - if ($snort_uuid != '') - { - if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on') - { - $snort_log_file_u2 = "{$snort_uuid}.u2."; - $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2); - if (is_array($snort_list_u2)) { - usort($snort_list_u2, "snort_file_sort"); - $snort_u2_rm_list = snort_build_order($snort_list_u2); - snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]); - } - }else{ - exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.u2*"); - } - - if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on') - { - $snort_log_file_tcpd = "{$snort_uuid}.tcpdump."; - $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd); - if (is_array($snort_list_tcpd)) { - usort($snort_list_tcpd, "snort_file_sort"); - $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd); - snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); - } - }else{ - exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.tcpdump*"); - } - - /* create barnyard2 configuration file */ - //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on') - //create_barnyard2_conf($id, $if_real, $snort_uuid); - - if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on) - { - exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}.stats"); - } - } - } - } -} - -// END General Functions - -// downlod all blocked ips to log -function snort_downloadBlockedIPs() { - - exec('/bin/rm /tmp/snort_logs_*.gz'); // remove old file - exec('/bin/rm /tmp/snort_blocked_*.gz'); // remove old file - exec('/bin/rm /tmp/snort_block.pf'); // remove old file - exec('/bin/rm -r /tmp/snort_blocked'); // remove old file - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_blocked_{$save_date}.tar.gz"; - exec('/bin/mkdir /tmp/snort_blocked'); - exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf'); - - $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); - - if ($blocked_ips_array_save[0] != '') - { - /* build the list */ - $counter = 0; - foreach($blocked_ips_array_save as $fileline3) - { - $counter++; - exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf"); - } - } - - exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); - - if (file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) { - echo " - { - \"snortdownload\": \"success\", - \"downloadfilename\": \"{$save_date}\" - } - "; - return true; - }else{ - return false; - } - -} - -// flush all ips from snort2c table -function snortRemoveBlockedIPs() { - - exec("/sbin/pfctl -t snort2c -T flush"); - - echo ' - { - "snortdelete": "success" - } - '; - return true; - -} - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validFileName($name) { - - if (empty($name)) { - return false; - } - - if (!is_string($name)) { - return false; - } - - if (preg_match("/\s+/", $name)) { - return false; - } - - if (!preg_match("/[^a-zA-Z0-9\-_]/", $name)) { - return true; - } - - return false; -} - -/* gen Alpha Num Mix for uuids or anything random, NEVER USE rand() */ -/* mt_rand/mt_srand is insecure way to gen random nums and strings, when posible use /dev/random or /dev/urandom */ -function genAlphaNumMixFast($min = 14, $max = 28) -{ - - // gen random lenth - mt_srand(crc32(microtime())); - $num = mt_rand($min, $max); - // reseed - mt_srand(); - - // Gen random string - $num = $num > 36 ? 30 : $num; - - $pool = array_merge(range('A', 'Z'), range(0, 9), range('a', 'z')); - - $rand_keys = array_rand($pool, $num); - - $randAlpaNum = ''; - - if (is_array($rand_keys)) { - foreach ($rand_keys as $key) - { - $randAlpaNum .= $pool[$key]; - } - }else{ - $randAlpaNum .= $pool[$rand_keys]; - } - - return str_shuffle($randAlpaNum); - -} - -// scan a dir, build array with filetr -function snortScanDirFilter($path, $filtername) -{ - // list rules in the default dir - $listDir = array(); - $listDir = scandir("{$path}"); - - if (empty($filtername)) { - - return $listDir; - - }else{ - - $pattern = "/{$filtername}/"; - foreach ( $listDir as $val ) - { - if (preg_match($pattern, $val)) { - $filterDirList[] = $val; - } - } - unset($listDir); - } - return $filterDirList; -} - -?> - diff --git a/config/snort-dev/snortsam-package-code/snort_preprocessors.php b/config/snort-dev/snortsam-package-code/snort_preprocessors.php deleted file mode 100644 index d99f7f75..00000000 --- a/config/snort-dev/snortsam-package-code/snort_preprocessors.php +++ /dev/null @@ -1,337 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// set page vars - -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; - -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); -} - - -$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - - $pgtitle = "Snort: Interface Preprocessors and Flow"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> - <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> - <li><a href="/snort/snort_rulesets_ips.php?uuid=<?=$uuid;?>"><span>Ruleset Ips</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <form id="iform" > - <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDB" /> <!-- what db--> - <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table--> - <input type="hidden" name="ifaceTab" value="snort_preprocessors" /> <!-- what interface tab --> - <input name="uuid" type="hidden" value="<?=$a_list['uuid']; ?>"> - - - - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"> - <span class="red"><strong>Note:</strong></span> - <br> - <span class="vexpl">Rules may be dependent on preprocessors!<br> - Defaults will be used when there is no user input.</span><br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Performance Statistics</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"> - <input name="perform_stat" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['perform_stat'] == 'on' || $a_list['perform_stat'] == '' ? 'checked' : '';?> > - <span class="vexpl">Performance Statistics for this interface.</span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"> - <input name="http_inspect" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['http_inspect'] == 'on' || $a_list['http_inspect'] == '' ? 'checked' : '';?> > - <span class="vexpl">Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies.</span> - </td> - </tr> - <tr> - <td valign="top" class="vncell2">HTTP server flow depth</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td> - <input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=$a_list['flow_depth']; ?>"> - <span class="vexpl"><strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</span> - </td> - </tr> - </table> - <span class="vexpl">Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value. - <br> - Setting this value too low may cause false negatives. Values above 0 are specified in bytes. Default value is <strong>0</strong></span> - <br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td> - </tr> - <tr> - <td valign="top" class="vncell2">Max Queued Bytes</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td> - <input name="max_queued_bytes" type="text" class="formfld" id="max_queued_bytes" size="5" value="<?=$a_list['max_queued_bytes']; ?>"> - <span class="vexpl">Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>1048576</strong>, <strong>0</strong>means Maximum )</span> - </td> - </tr> - </table> - <span class="vexpl">The number of bytes to be queued for reassembly for TCP sessions in memory. Default value is <strong>1048576</strong></span> - <br> - </td> - </tr> - <tr> - <td valign="top" class="vncell2">Max Queued Segs</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td> - <input name="max_queued_segs" type="text" class="formfld" id="max_queued_segs" size="5" value="<?=$a_list['max_queued_segs']; ?>" > - <span class="vexpl">Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>2621</strong>, <strong>0</strong> means Maximum )</span> - </td> - </tr> - </table> - <span class="vexpl">The number of segments to be queued for reassembly for TCP sessions in memory. Default value is <strong>2621</strong></span> - <br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">General Preprocessor Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"> - Enable <br> - RPC Decode and Back Orifice detector - </td> - <td width="78%" class="vtable"> - <input name="other_preprocs" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['other_preprocs'] == 'on' || $a_list['other_preprocs'] == '' ? 'checked' : '';?> > - <br> - <span class="vexpl">Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"> - Enable - <br> - FTP and Telnet Normalizer - </td> - <td width="78%" class="vtable"> - <input name="ftp_preprocessor" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['ftp_preprocessor'] == 'on' || $a_list['ftp_preprocessor'] == '' ? 'checked' : '';?> > - <br> - <span class="vexpl">Normalize/Decode FTP and Telnet traffic and protocol anomalies.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"> - Enable - <br> - SMTP Normalizer - </td> - <td width="78%" class="vtable"> - <input name="smtp_preprocessor" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['smtp_preprocessor'] == 'on' || $a_list['smtp_preprocessor'] == '' ? 'checked' : '';?> > - <br> - <span class="vexpl">Normalize/Decode SMTP protocol for enforcement and buffer overflows.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"> - Enable - <br> - Portscan Detection - </td> - <td width="78%" class="vtable"> - <input name="sf_portscan" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['sf_portscan'] == 'on' || $a_list['sf_portscan'] == '' ? 'checked' : '';?> > - <br> - <span class="vexpl">Detects various types of portscans and portsweeps.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"> - Enable - <br> - DCE/RPC2 Detection - </td> - <td width="78%" class="vtable"> - <input name="dce_rpc_2" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['dce_rpc_2'] == 'on' || $a_list['dce_rpc_2'] == '' ? 'checked' : '';?> > - <br> - <span class="vexpl">The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2"> - Enable - <br> - DNS Detection - </td> - <td width="78%" class="vtable"> - <input name="dns_preprocessor" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['dns_preprocessor'] == 'on' || $a_list['dns_preprocessor'] == '' ? 'checked' : '';?> > - <br> - <span class="vexpl">The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td> - <td width="78%" class="vtable"> - <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=$a_list['def_ssl_ports_ignore']; ?>" > - <br> - <span class="vexpl">Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives. - <br> - Default: "443 465 563 636 989 990 992 993 994 995". <strong>Please use spaces and not commas.</strong></span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel" > - </td> - </tr> - - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"> - <span class="vexpl"><span class="red"><strong>Note:</strong></span> Please save your settings before you click Start.</span> - </td> - </tr> - - - </form> - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_rules.php b/config/snort-dev/snortsam-package-code/snort_rules.php deleted file mode 100644 index fd102538..00000000 --- a/config/snort-dev/snortsam-package-code/snort_rules.php +++ /dev/null @@ -1,600 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// set page vars - -if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { - echo 'Error: more than one uuid'; - exit(0); -} - -if (isset($_GET['uuid'])) { - $uuid = $_GET['uuid']; -} - -if (isset($_GET['rdbuuid'])) { - $rdbuuid = $_GET['rdbuuid']; -}else{ - $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - $rdbuuid = $ruledbname_pre1['ruledbname']; -} - -// unset Session tmp on page load -unset($_SESSION['snort']['tmp']); - -// list rules in the default dir -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid); - -$snortRuleDir = '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid; - - // list rules in the default dir - $filterDirList = array(); - $filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '\.rules'); - - // START read rule file - if ($_GET['openruleset']) { - $rulefile = $_GET['openruleset']; - }else{ - $rulefile = $filterDirList[0]; - } - - // path of rule file - $workingFile = $snortRuleDir . '/rules/' . $rulefile; - -function load_rule_file($incoming_file, $splitcontents) -{ - $pattern = '/(^alert |^# alert )/'; - foreach ( $splitcontents as $val ) - { - // remove whitespaces - $rmWhitespaces = preg_replace('/\s\s+/', ' ', $val); - - // filter none alerts - if (preg_match($pattern, $rmWhitespaces)) - { - $splitcontents2[] = $val; - } - - } - unset($splitcontents); - - return $splitcontents2; - -} - - // Load the rule file - // split the contents of the string file into an array using the delimiter - // used by rule gui edit and table build code - if (filesize($workingFile) > 0) { - $splitcontents = split_rule_file($workingFile); - - $splitcontents2 = load_rule_file($workingFile, $splitcontents); - - $countSig = count($splitcontents2); - - if ($countSig > 0) { - $newFilterRuleSigArray = newFilterRuleSig($splitcontents2); - } - } - - /* - * SET GLOBAL ARRAY $_SESSION['snort'] - * Use SESSION instead POST for security because were writing to files. - */ - - $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules'; - $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs'; - $_SESSION['snort']['tmp']['snort_rules']['rdbuuid'] = $rdbuuid; - $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile; - - -// find ./ -name test.txt | xargs grep "^disablesid 127 " - - $pgtitle = "Snort: Category: rule: $rulefile"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<!-- hidden div --> -<div id="loadingRuleEditGUI"> - - <div class="loadingRuleEditGUIDiv"> - <form id="iform2" action=""> - <input type="hidden" name="snortSidRuleEdit" value="1" /> - <input type="hidden" name="snortSidRuleDBuuid" value="<?=$rdbuuid;?>" /> <!-- what to do, save --> - <input type="hidden" name="snortSidRuleFile" value="<?=$rulefile; ?>" /> <!-- what to do, save --> - <input type="hidden" name="snortSidNum" value="" /> <!-- what to do, save --> - <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> - <tr> - <td> - <input name="save" type="submit" class="formbtn" id="save" value="Save" /> - <input type="button" class="formbtn closeRuleEditGUI" value="Close" > - </td> - </tr> - <tr> - <td> - <textarea id="sidstring" name="sidstring" wrap="off" style="width: 98%; margin: 7px;" rows="1" cols="" ></textarea> <!-- SID to EDIT --> - </td> - </tr> - <tr> - <td> - <textarea wrap="off" style="width: 98%; margin: 7px;" rows="<?php if(count($splitcontents) > 24){echo 24;}else{echo count($splitcontents);} ?>" cols="" disabled > - - <?php - - echo "\n"; - - foreach ($splitcontents as $sidLineGui) - - echo $sidLineGui . "\n"; - - - - ?> - </textarea> <!-- Display rule file --> - </td> - </tr> - </table> - <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> - <tr> - <td> - <input name="save" type="submit" class="formbtn" id="save" value="Save" /> - <input type="button" class="formbtn closeRuleEditGUI" value="Close" > - </td> - </tr> - </table> - </form> - </div> - - -</div> - -<?php include("fbegin.inc"); ?> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <?php - if (!empty($uuid)) { - echo ' - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li> - <li><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li> - <li><a href="/snort/snort_rulesets_ips.php?uuid=' . $uuid . '"><span>Ruleset Ips</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li> - </ul> - </div> - </td> - </tr> - '; - }else{ - echo ' - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - </td> - </tr> - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li class="hide_newtabmenu"><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li> - <li class="hide_newtabmenu newtabmenu_active"><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li> - <li><a href="/snort/snort_rulesets_ips.php?rdbuuid=' . $rdbuuid . '"><span>Ruleset Ips</span></a></li> - </ul> - </div> - </td> - </tr> - '; - } - ?> - <tr> - <td id="tdbggrey"> - <div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> - <!-- START MAIN AREA --> - - - <!-- start Interface Satus --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="maintable77" > - <td colspan="2" valign="top" class="listtopic2"> - Category: - <select name="selectbox" class="formfld" > - <?php - if(isset($_GET['uuid'])) { - $urlUuid = "&uuid=$uuid"; - } - - if(isset($_GET['rdbuuid'])) { - $urlUuid = "&rdbuuid=$rdbuuid"; - } - - $i=0; - foreach ($filterDirList as $value) - { - $selectedruleset = ''; - if ($value === $rulefile) { - $selectedruleset = 'selected'; - } - - echo "\n" . '<option value="?&openruleset=' . $ruledir . $value . $urlUuid . '" ' . $selectedruleset . ' >' . $value . '</option>' . "\r"; - - $i++; - - } - ?> - </select> - There are <?=$countSig; ?> rules in this category. - </td> - <td width="6%" colspan="2" valign="middle" class="listtopic3" > - <a href="snort_interfaces_edit.php?uuid=<?=$new_ruleUUID;?>"> - <img style="padding-left:3px;" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add rule"> - </a> - </td> - </tr> - </table> -<br> - - <!-- Save all inputs --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <input id="select_all" type="button" class="formbtn" value="Select All" > - <input id="deselect_all" type="button" class="formbtn" value="Deselect All" > - </td> - </tr> - </table> - -<br> - - <!-- start User Interface --> - - - <form id="iform" action=""> - <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save --> - <input type="hidden" name="ifaceTab" value="snort_rules" /> <!-- what interface tab --> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="maintable77" > - <td colspan="2" valign="top" class="listtopic">Snort Signatures:</td> - </tr> - </table> - - <table id="mainCreateTable" width="100%" border="0" cellpadding="0" cellspacing="0"> - - <tr id="frheader" > - <td class="listhdrr2">On</td> - <td class="listhdrr2">Sid</td> - <td class="listhdrr2">Proto</td> - <td class="listhdrr2">Src</td> - <td class="listhdrr2">Port</td> - <td class="listhdrr2">Dst</td> - <td class="listhdrr2">Port</td> - <td class="listhdrr2">Message</td> - <td class="listhdrr2"> </td> - </tr> - <tr> - <!-- START javascript sid loop here --> - <tbody class="rulesetloopblock"> - - - - </tbody> - <!-- STOP javascript sid loop here --> - </tr> - - </table> - <br> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> - </table> - </form> - <br> - - <!-- stop snortsam --> - - <!-- STOP MAIN AREA --> - </div> - </td> - </tr> -</table> -</form> -</div> - -<!-- start info box --> - -<br> - -<div style="width:790px; background-color: #dddddd;" id="mainarea4"> -<div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> -<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> </td> - </tr> - <tr > - <td width="100%"> - <span class="red"><strong>Note:</strong></span> <br> - This is the <strong>Snort Rule Signature Viewer</strong>. - Please make sure not to add a <strong>whitespace</strong> before <strong>alert</strong> or <strong>#alert</strong>. - <br> - <br> - <span class="red"><strong>Warning:</strong></span> - <br> - <strong>New settings will not take effect until interface restart.</strong> - <br><br> - </td> - </tr> -</table> -</div> -</div> - - -<script type="text/javascript"> - - -//prepare the form when the DOM is ready -jQuery(document).ready(function() { - - // NOTE: needs to be watched - // change url on selected dropdown rule - jQuery('select[name=selectbox]').change(function() { - window.location.replace(jQuery(this).val()); - }); - -<?php - - /* - * NOTE: - * I could have used a php loop to build the table but I wanted to see if off loading to client is faster. - * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see. - * WARNING: - * If Json string is to long browsers start asking to terminate javascript. - * FIX: - * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended. - */ - if (!empty($newFilterRuleSigArray)) - { - $countSigList = count($newFilterRuleSigArray); - - echo "\n"; - - echo 'var snortObjlist = ['; - $i = 0; - foreach ($newFilterRuleSigArray as $val3) - { - - $i++; - - // NOTE: escapeJsonString; foward slash has added spaces on each side, ie and chrome were giving issues with tablw widths - if( $i !== $countSigList ) { - echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},'; - }else{ - echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}'; - } - } - - echo '];' . "\n"; - } - - - - if (!empty($countSig)) { - echo 'var countRowAppend = ' . $countSig . ';' . "\n"; - }else{ - echo 'var countRowAppend = 0;' . "\n"; - } - -?> - -if(typeof escapeHtmlEntities == 'undefined') { - escapeHtmlEntities = function (text) { - return text.replace(/[\u00A0-\u2666<>\&]/g, function(c) { return '&' + - escapeHtmlEntities.entityTable[c.charCodeAt(0)] || '#'+c.charCodeAt(0) + ';'; }); - }; - - // all HTML4 entities as defined here: http://www.w3.org/TR/html4/sgml/entities.html - // added: amp, lt, gt, quot and apos - escapeHtmlEntities.entityTable = { 34 : 'quot', 38 : 'amp', 39 : 'apos', 47 : 'slash', 60 : 'lt', 62 : 'gt', 160 : 'nbsp', 161 : 'iexcl', 162 : 'cent', 163 : 'pound', 164 : 'curren', 165 : 'yen', 166 : 'brvbar', 167 : 'sect', 168 : 'uml', 169 : 'copy', 170 : 'ordf', 171 : 'laquo', 172 : 'not', 173 : 'shy', 174 : 'reg', 175 : 'macr', 176 : 'deg', 177 : 'plusmn', 178 : 'sup2', 179 : 'sup3', 180 : 'acute', 181 : 'micro', 182 : 'para', 183 : 'middot', 184 : 'cedil', 185 : 'sup1', 186 : 'ordm', 187 : 'raquo', 188 : 'frac14', 189 : 'frac12', 190 : 'frac34', 191 : 'iquest', 192 : 'Agrave', 193 : 'Aacute', 194 : 'Acirc', 195 : 'Atilde', 196 : 'Auml', 197 : 'Aring', 198 : 'AElig', 199 : 'Ccedil', 200 : 'Egrave', 201 : 'Eacute', 202 : 'Ecirc', 203 : 'Euml', 204 : 'Igrave', 205 : 'Iacute', 206 : 'Icirc', 207 : 'Iuml', 208 : 'ETH', 209 : 'Ntilde', 210 : 'Ograve', 211 : 'Oacute', 212 : 'Ocirc', 213 : 'Otilde', 214 : 'Ouml', 215 : 'times', 216 : 'Oslash', 217 : 'Ugrave', 218 : 'Uacute', 219 : 'Ucirc', 220 : 'Uuml', 221 : 'Yacute', 222 : 'THORN', 223 : 'szlig', 224 : 'agrave', 225 : 'aacute', 226 : 'acirc', 227 : 'atilde', 228 : 'auml', 229 : 'aring', 230 : 'aelig', 231 : 'ccedil', 232 : 'egrave', 233 : 'eacute', 234 : 'ecirc', 235 : 'euml', 236 : 'igrave', 237 : 'iacute', 238 : 'icirc', 239 : 'iuml', 240 : 'eth', 241 : 'ntilde', 242 : 'ograve', 243 : 'oacute', 244 : 'ocirc', 245 : 'otilde', 246 : 'ouml', 247 : 'divide', 248 : 'oslash', 249 : 'ugrave', 250 : 'uacute', 251 : 'ucirc', 252 : 'uuml', 253 : 'yacute', 254 : 'thorn', 255 : 'yuml', 402 : 'fnof', 913 : 'Alpha', 914 : 'Beta', 915 : 'Gamma', 916 : 'Delta', 917 : 'Epsilon', 918 : 'Zeta', 919 : 'Eta', 920 : 'Theta', 921 : 'Iota', 922 : 'Kappa', 923 : 'Lambda', 924 : 'Mu', 925 : 'Nu', 926 : 'Xi', 927 : 'Omicron', 928 : 'Pi', 929 : 'Rho', 931 : 'Sigma', 932 : 'Tau', 933 : 'Upsilon', 934 : 'Phi', 935 : 'Chi', 936 : 'Psi', 937 : 'Omega', 945 : 'alpha', 946 : 'beta', 947 : 'gamma', 948 : 'delta', 949 : 'epsilon', 950 : 'zeta', 951 : 'eta', 952 : 'theta', 953 : 'iota', 954 : 'kappa', 955 : 'lambda', 956 : 'mu', 957 : 'nu', 958 : 'xi', 959 : 'omicron', 960 : 'pi', 961 : 'rho', 962 : 'sigmaf', 963 : 'sigma', 964 : 'tau', 965 : 'upsilon', 966 : 'phi', 967 : 'chi', 968 : 'psi', 969 : 'omega', 977 : 'thetasym', 978 : 'upsih', 982 : 'piv', 8226 : 'bull', 8230 : 'hellip', 8242 : 'prime', 8243 : 'Prime', 8254 : 'oline', 8260 : 'frasl', 8472 : 'weierp', 8465 : 'image', 8476 : 'real', 8482 : 'trade', 8501 : 'alefsym', 8592 : 'larr', 8593 : 'uarr', 8594 : 'rarr', 8595 : 'darr', 8596 : 'harr', 8629 : 'crarr', 8656 : 'lArr', 8657 : 'uArr', 8658 : 'rArr', 8659 : 'dArr', 8660 : 'hArr', 8704 : 'forall', 8706 : 'part', 8707 : 'exist', 8709 : 'empty', 8711 : 'nabla', 8712 : 'isin', 8713 : 'notin', 8715 : 'ni', 8719 : 'prod', 8721 : 'sum', 8722 : 'minus', 8727 : 'lowast', 8730 : 'radic', 8733 : 'prop', 8734 : 'infin', 8736 : 'ang', 8743 : 'and', 8744 : 'or', 8745 : 'cap', 8746 : 'cup', 8747 : 'int', 8756 : 'there4', 8764 : 'sim', 8773 : 'cong', 8776 : 'asymp', 8800 : 'ne', 8801 : 'equiv', 8804 : 'le', 8805 : 'ge', 8834 : 'sub', 8835 : 'sup', 8836 : 'nsub', 8838 : 'sube', 8839 : 'supe', 8853 : 'oplus', 8855 : 'otimes', 8869 : 'perp', 8901 : 'sdot', 8968 : 'lceil', 8969 : 'rceil', 8970 : 'lfloor', 8971 : 'rfloor', 9001 : 'lang', 9002 : 'rang', 9674 : 'loz', 9824 : 'spades', 9827 : 'clubs', 9829 : 'hearts', 9830 : 'diams', 34 : 'quot', 38 : 'amp', 60 : 'lt', 62 : 'gt', 338 : 'OElig', 339 : 'oelig', 352 : 'Scaron', 353 : 'scaron', 376 : 'Yuml', 710 : 'circ', 732 : 'tilde', 8194 : 'ensp', 8195 : 'emsp', 8201 : 'thinsp', 8204 : 'zwnj', 8205 : 'zwj', 8206 : 'lrm', 8207 : 'rlm', 8211 : 'ndash', 8212 : 'mdash', 8216 : 'lsquo', 8217 : 'rsquo', 8218 : 'sbquo', 8220 : 'ldquo', 8221 : 'rdquo', 8222 : 'bdquo', 8224 : 'dagger', 8225 : 'Dagger', 8240 : 'permil', 8249 : 'lsaquo', 8250 : 'rsaquo', 8364 : 'euro' }; -} - - // if rowcount is not empty do this - if (countRowAppend > 0){ - - // if rowcount is more than 300 - if (countRowAppend > 200){ - // call to please wait - showLoading('#loadingWaiting'); - } - - - // Break up append row adds by chunks of 300 - // NOTE: ie9 is still giving me issues on deleted.rules 6000 sigs. I should break up the json code above into smaller parts. - incrementallyProcess(function (i){ - // loop code goes in here - //console.log('loop: ', i); - - if (isEven(i) === true){ - var rowIsEvenOdd = 'odd_ruleset2'; - }else{ - var rowIsEvenOdd = 'even_ruleset2'; - } - - if (snortObjlist[i].enable === 'on'){ - var rulesetChecked = 'checked'; - }else{ - var rulesetChecked = ''; - } - - jQuery('.rulesetloopblock').append( - - "\n" + '<tr valign="top" id="fr0">' + "\n" + - '<td class="' + rowIsEvenOdd + '">' + "\n" + - '<input class="domecheck" type="checkbox" name="filenamcheckbox2[]" value="' + snortObjlist[i].sid + '" ' + rulesetChecked + ' >' + "\n" + - '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].sid + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].proto + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].src + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].srcport + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dst + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dstport + '</td>' + "\n" + - '<td class="listbg" id="frd0" ><font color="white">' + escapeHtmlEntities(snortObjlist[i].msg) + '</font></td>' + "\n" + - '<td class="' + rowIsEvenOdd+ '">' + "\n" + - '<img id="' + snortObjlist[i].sid + '" class="icon_click showeditrulegui" src="/themes/<?=$g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule">' + "\n" + - '</td>' + "\n" + - '</tr>' + "\n" - - ); - - }, - snortObjlist, // Object to work with the case Json object - 500, // chunk size - 200, // how many secs to wait - function (){ - // things that happen after the processing is done go here - // console.log('done!'); - - // if rowcount is more than 300 - if (countRowAppend > 200){ - // call to please wait - hideLoading('#loadingWaiting'); - } - - }); - } // end of if stopRowAppend - - - // On click show rule edit GUI - jQuery('.showeditrulegui').live('click', function(){ - - // Get sid - jQuery.getJSON('/snort/snort_json_get.php', - { - "snortGetSidString": "1", - "snortIface": "<?=$uuid . '_' . $a_list['interface']; ?>", - "snortRuleFile": "<?=$rulefile; ?>", - "sid": jQuery(this).attr('id') - }, - function(data){ - jQuery("textarea#sidstring").val(data.sidstring); // add string to textarea - jQuery("input[name=snortSidNum]").val(data.sid); // add sid to input - showLoading('#loadingRuleEditGUI'); - }); - }); - - jQuery('.closeRuleEditGUI').live('click', function(){ - hideLoading('#loadingRuleEditGUI'); - }); - - -}); // end of document ready - -</script> - - -<!-- stop info box --> - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_rules_ips.php b/config/snort-dev/snortsam-package-code/snort_rules_ips.php deleted file mode 100644 index d026b566..00000000 --- a/config/snort-dev/snortsam-package-code/snort_rules_ips.php +++ /dev/null @@ -1,471 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -// set page vars - -if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { - echo 'Error: more than one uuid'; - exit(0); -} - -// set page vars -if (isset($_GET['uuid'])) { - $uuid = $_GET['uuid']; -} - -if (isset($_GET['rdbuuid'])) { - $rdbuuid = $_GET['rdbuuid']; -}else{ - $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - $rdbuuid = $ruledbname_pre1['ruledbname']; -} - -if (empty($rdbuuid)) { - echo 'ERROR: Missing RDBUUID'; - exit; -} - -if (isset($_GET['rulefilename'])) { - $rulefilename = $_GET['rulefilename']; -}else{ - echo 'ERROR: Missing rulefilename'; - exit; -} - - - - -// get default settings -$listGenRules = array(); -$listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid); - -// get sigs in db -$listSigRules = array(); -$listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid); - -// if $listGenRules empty list defaults -if (empty($listGenRules)) { - $listGenRules[0] = array( - 'id' => 1, - 'rdbuuid' => $_POST['rdbuuid'], - 'enable' => 'on', - 'who' => 'src', - 'timeamount' => 15, - 'timetype' => 'minutes' - ); -} - - $pgtitle = "Services: Snort: Ruleset Ips:"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<div id="loadingWaiting"> - <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <?php - if (!empty($uuid)) { - echo ' - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li> - <li><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_rulesets_ips.php?uuid=' . $uuid . '"><span>Ruleset Ips</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li> - </ul> - </div> - </td> - </tr> - '; - }else{ - echo ' - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - </td> - </tr> - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li> - <li><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_rulesets_ips.php?rdbuuid=' . $rdbuuid . '"><span>Ruleset Ips</span></a></li> - </ul> - </div> - </td> - </tr> - '; - } - ?> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <table width="100%" border="0" cellpadding="0" cellspacing="0" > - <tr> - <td> - </td> - <td> - <input id="select_all" type="button" class="formbtn" value="Select All" > - <input id="deselect_all" type="button" class="formbtn" value="Deselect All" > - </td> - </tr> - </table> - - <div id="checkboxdo" style="width:100%; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 0px;"> - <form id="iform" action="" > - - <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> - <input type="hidden" name="dbTable" value="SnortruleSigsIps" /> <!-- what db table--> - <input type="hidden" name="ifaceTab" value="snort_rules_ips" /> <!-- what interface tab --> - <input type="hidden" name="rdbuuid" value="<?=$rdbuuid;?>" /> <!-- what interface to save for --> - <input type="hidden" name="uuid" value="<?=$uuid;?>" /> <!-- create snort.conf --> - - <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;"> - <tr> - <td colspan="2" valign="top" class="listtopic">Rule File Ips Settings</td> - </tr> - </table> - - <table class="rulesetloopblock" width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;"> - <tr id="frheader" > - <td width="1%" class="listhdrr2"> On</td> - <td width="1%" class="listhdrr2"> Sid</td> - <td width="1%" class="listhdrr2"> Source</td> - <td width="1%" class="listhdrr2"> Amount</td> - <td width="1%" class="listhdrr2"> Duration</td> - <td width="20%" class="listhdrr2">Message</td> - </tr> - - </table> - <br> - <table> - <tr> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> - </table> - </div> - </form > - - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - -<script type="text/javascript"> - -//prepare the form when the DOM is ready -jQuery(document).ready(function() { - - - -<?php - - /* - * Builds Json long string from a snort rules file - * Options: $rdbuuid, $rulefilename - * Used in Ips Tab - */ - function createSidTmpBlockSpit($rdbuuid, $rulefilename) - { - - function getSidBlockJsonArray($getEnableSid) - { - global $listGenRules, $listSigRules; - - if (!empty($getEnableSid)) { - - $i = 0; - - $countSigList = count($getEnableSid); - foreach ($getEnableSid as $val3) - { - - //$listGenRules $listSigRules - $snortSigIpsExists = snortSearchArray($listSigRules, 'siguuid', trim($val3['0'])); - - // if sig is in db use its settings else use default settings - if(!empty($snortSigIpsExists['siguuid'])) { - - $getSid = $snortSigIpsExists['siguuid']; - $getEnable = $snortSigIpsExists['enable']; - $getWho = $snortSigIpsExists['who']; - $getTimeamount = $snortSigIpsExists['timeamount']; - $getTimetype = $snortSigIpsExists['timetype']; - - }else{ - - $getSid = escapeJsonString(trim($val3['0'])); - $getEnable = $listGenRules[0]['enable']; - $getWho = $listGenRules[0]['who']; - $getTimeamount = $listGenRules[0]['timeamount']; - $getTimetype = $listGenRules[0]['timetype']; - - } - - $i++; - - if ($i == 1) { - $main .= '['; - } - - if ( $i == $countSigList ) { - $main .= '{"sid":"' . $getSid . '","enable":"' . $getEnable . '","who":"' . $getWho . '","timeamount":"' . $getTimeamount . '","timetype":"' . $getTimetype . '","msg":"' . escapeJsonString($val3['1']) . '"}'; - }else{ - $main .= '{"sid":"' . $getSid . '","enable":"' . $getEnable . '","who":"' . $getWho . '","timeamount":"' . $getTimeamount . '","timetype":"' . $getTimetype . '","msg":"' . escapeJsonString($val3['1']) . '"},'; - } - - if ($i == $countSigList) { - $main .= ']'; - } - - } // END foreach - - return $main; - - } // END of jSON build - - return false; - - } - if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit')) { - exec('mkdir /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit'); - } - - exec('rm /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/*.rules'); - exec('cp /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules/' . $rulefilename . ' ' . '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/' . $rulefilename); - - //$getEnableSidArray = ''; - exec('perl /usr/local/bin/make_snortsam_map.pl /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/', $getEnableSidArray); - - return getSidBlockJsonArray(getCurrentIpsRuleArray($getEnableSidArray)); - - } // END of build json rule func - - // Build table from json, anf $_GET - $getJsonRulefile = createSidTmpBlockSpit($rdbuuid, $rulefilename); - - if (!empty($getJsonRulefile)) { - echo 'var getLogJsonRuleFile = ' . $getJsonRulefile . ';'; - } - -?> - -// create option list through js -function createDropdownOptionList(list, opselected) { - - var strOut = ''; - var selectedOptionON = ''; - for (var key in list) { - - if (opselected.toUpperCase() == list[key]) { - selectedOptionON = 'selected="selected"'; - } - - strOut = strOut + '<option value="' + list[key].toLowerCase() + '" ' + selectedOptionON + '>' + list[key] + '</option>' + "\n"; - selectedOptionON = ''; - } - return strOut; -} - -function makeLargeSidTables(snortObjlist) { - - //disable Row Append if row count is less than 0 - var countRowAppend = snortObjlist.length; - - var timeValuePerfList = {"src":"SRC", "dst":"DST", "both":"BOTH"}; - var timeTypePerfList = {"minutes":"MINUTES", "seconds":"SECONDS", "hours":"HOURS", "days":"DAYS", "weeks":"WEEKS", "months":"MONTHS", "ALWAYS":"ALWAYS"}; - - // if rowcount is not empty do this - if (countRowAppend > 0){ - - // Break up append row adds by chunks of 300 - // NOTE: ie9 is still giving me issues on deleted.rules 6000 sigs. I should break up the json code above into smaller parts. - incrementallyProcess(function (i){ - - if (isEven(i) === true){ - var rowIsEvenOdd = 'odd_ruleset2'; - }else{ - var rowIsEvenOdd = 'even_ruleset2'; - } - - if (snortObjlist[i].enable == 'on'){ - var rulesetChecked = 'checked="checked"'; - }else{ - var rulesetChecked = ''; - } - - jQuery('.rulesetloopblock').append( - "\n" + '<tr class="hidemetr" id="ipstable_' + snortObjlist[i].sid + '" valign="top">' + "\n" + - '<td class="' + rowIsEvenOdd + '">' + "\n" + - '<input class="domecheck" id="checkbox_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][enable]" value="on" ' + rulesetChecked + ' type="checkbox">' + "\n" + - '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="sid_' + snortObjlist[i].sid + '" >' + snortObjlist[i].sid + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '">' + "\n" + - '<select class="formfld2" id="who_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][who]">' + "\n" + - createDropdownOptionList(timeValuePerfList, snortObjlist[i].who) + - '</select>' + "\n" + - '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '">' + "\n" + - '<input class="formfld2" id="timeamount_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][timeamount]" type="text" size="7" value="' + snortObjlist[i].timeamount + '">' + "\n" + - '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '">' + "\n" + - '<select class="formfld2" id="timetype_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][timetype]" >' + "\n" + - createDropdownOptionList(timeTypePerfList, snortObjlist[i].timetype) + - '</select>' + "\n" + - '</td>' + "\n" + - '<td class="listbg" id="msg_' + snortObjlist[i].sid + '"><font color="white">' + snortObjlist[i].msg + '</font></td>' + "\n" + - '</tr>' + "\n" + - '<input type="hidden" name="snortsam[db][' + i + '][siguuid]" value="' + snortObjlist[i].sid + '" />' + "\n" + - '<input type="hidden" name="snortsam[db][' + i + '][sigfilename]" value="<?=$rulefilename; ?>" />' + "\n" - ); - - }, - snortObjlist, // Object to work with the case Json object - 300, // chunk size - 25, // how many secs to wait - function (){ - - hideLoading('#loadingWaiting'); - - }); // end incrament - } // end of if stopRowAppend - -}; // END make table func - - - // Build table call - function startTableBuild() { - - showLoading('#loadingWaiting'); - lastTableBuild(); - } - function lastTableBuild() { - - makeLargeSidTables(getLogJsonRuleFile); - - } - - <?php - if (!empty($getJsonRulefile)) { - echo 'startTableBuild();'; - } - ?> - -}); // end of document ready - - - - -</script> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/snortsam-package-code/snort_rulesets.php b/config/snort-dev/snortsam-package-code/snort_rulesets.php deleted file mode 100644 index a2e4f7f3..00000000 --- a/config/snort-dev/snortsam-package-code/snort_rulesets.php +++ /dev/null @@ -1,347 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { - echo 'Error: more than one uuid'; - exit(0); -} - -// set page vars -if (isset($_GET['uuid'])) { - $uuid = $_GET['uuid']; -} - -if (isset($_GET['rdbuuid'])) { - $rdbuuid = $_GET['rdbuuid']; -}else{ - $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - $rdbuuid = $ruledbname_pre1['ruledbname']; -} - -//$a_list = snortSql_fetchAllSettings('snortDBrules', 'SnortIfaces', 'uuid', $uuid); - - // list rules in the default dir - $filterDirList = array(); - $filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules'); - - // list rules in db that are on in a array - $listOnRules = array(); - $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'rdbuuid', $rdbuuid); - - if (!empty($listOnRules)) { - foreach ( $listOnRules as $val2 ) - { - if ($val2['enable'] == 'on') { - $rulesetOn[] = $val2['rulesetname']; - } - } - unset($listOnRules); - } - - $pgtitle = "Snort: Interface Rule Categories"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script type="text/javascript"> - -//prepare the form when the DOM is ready -jQuery(document).ready(function() { - - <?php - /* - * NOTE: I could have used a php loop to build the table but off loading to client is faster - * use jQuery jason parse, make sure its in one line - */ - if (!empty($filterDirList)) { - - $countDirList = count($filterDirList); - - echo "\n"; - - echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [ '; - $i = 0; - foreach ($filterDirList as $val3) - { - - $i++; - - // if list ruleset is in the db ON mark it checked - $rulesetOnChecked = 'off'; - if(!empty($rulesetOn)) - { - if (in_array($val3, $rulesetOn)) - { - $rulesetOnChecked = 'on'; - } - } - - if ( $i !== $countDirList ) - { - echo '{"rule": ' . '"' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '}, '; - }else{ - echo '{"rule": "' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '} '; - } - } - - echo ' ]}\');' . "\n"; - - }else{ - - echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n"; - - } - - - ?> - - // loop through object, dont use .each in jQuery as its slow - if(snortObjlist.ruleSets.length > 0) { - for (var i = 0; i < snortObjlist.ruleSets.length; i++) { - - if (isEven(i) === true) { - var rowIsEvenOdd = 'even_ruleset'; - }else{ - var rowIsEvenOdd = 'odd_ruleset'; - } - - if (snortObjlist.ruleSets[i].enable === 'on') { - var rulesetChecked = 'checked'; - }else{ - var rulesetChecked = ''; - } - - jQuery('.rulesetloopblock').append( - "\n" + '<tr>' + "\n" + - '<td class="' + rowIsEvenOdd + '" align="center" valign="top" width="9%">' + "\n" + - ' <input class="domecheck" name="filenamcheckbox[]" value="' + snortObjlist.ruleSets[i].rule + '" type="checkbox" ' + rulesetChecked + ' >' + "\n" + - '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '">' + "\n" + - ' <a href="/snort/snort_rules.php?openruleset=' + snortObjlist.ruleSets[i].rule + '<?php if(isset($uuid)){echo "&uuid=$uuid";}else{echo "&rdbuuid=$rdbuuid";}?>' + '">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" + - '</td>' + "\n" + - '</tr>' + "\n\n" - ); - }; - } - - -}); // end of document ready - -</script> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0" alt="transgif" ></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <?php - if (!empty($uuid)) { - echo ' - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li> - <li><a href="/snort/snort_rulesets_ips.php?uuid=' . $uuid . '"><span>Ruleset Ips</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li> - </ul> - </div> - </td> - </tr> - '; - }else{ - echo ' - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - </td> - </tr> - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li class="hide_newtabmenu"><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li> - <li class="hide_newtabmenu newtabmenu_active"><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li> - <li><a href="/snort/snort_rulesets_ips.php?rdbuuid=' . $rdbuuid . '"><span>Ruleset Ips</span></a></li> - </ul> - </div> - </td> - </tr> - '; - } - ?> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" > - <!-- START MAIN AREA --> - - - - <table width="100%" border="0" cellpadding="0" cellspacing="0" > - <tr> - <td> - </td> - <td> - <input id="select_all" type="button" class="formbtn" value="Select All" > - <input id="deselect_all" type="button" class="formbtn" value="Deselect All" > - </td> - </tr> - </table> - - <div id="checkboxdo" style="width: 100%; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 0px;"> - <form id="iform" action="" > - <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> - <input type="hidden" name="dbTable" value="SnortruleSets" /> <!-- what db table--> - <input type="hidden" name="ifaceTab" value="snort_rulesets" /> <!-- what interface tab --> - <input type="hidden" name="rdbuuid" value="<?=$rdbuuid;?>" /> <!-- what interface to save for --> - <input type="hidden" name="uuid" value="<?=$uuid;?>" /> <!-- create snort.conf --> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - - <tr > - <td width="5%" class="listtopic">Enabled</td> - <td class="listtopic">Ruleset: Rules that end with "so.rules" are shared object rules.</td> - </tr> - <table class="rulesetbkg" width="100%"> - - <tbody class="rulesetloopblock" > - <!-- javscript loop table build here --> - </tbody> - - </table> - <table class="vncell1" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listtopic" >Check the rulesets that you would like Snort to load at startup.</td> - </tr> - </table> - <tr> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> - <tr> - <td width="78%"> - <span class="vexpl"><span class="red"><strong>Note:</strong></span> - Please save your settings before you click start.</span> - </td> - </tr> - - </table> - </form> - </div> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> - diff --git a/config/snort-dev/snortsam-package-code/snort_rulesets_ips.php b/config/snort-dev/snortsam-package-code/snort_rulesets_ips.php deleted file mode 100644 index abac2b6b..00000000 --- a/config/snort-dev/snortsam-package-code/snort_rulesets_ips.php +++ /dev/null @@ -1,411 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { - echo 'Error: more than one uuid'; - exit(0); -} - -// set page vars -if (isset($_GET['uuid'])) { - $uuid = $_GET['uuid']; -} - -if (isset($_GET['rdbuuid'])) { - $rdbuuid = $_GET['rdbuuid']; -}else{ - $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - $rdbuuid = $ruledbname_pre1['ruledbname']; -} - -//$a_list = snortSql_fetchAllSettings('snortDBrules', 'SnortIfaces', 'uuid', $uuid); - - // list rules in the default dir - $filterDirList = array(); - $filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules'); - - // list rules in db that are on in a array - $listOnRules = array(); - $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSetsIps', 'rdbuuid', $rdbuuid); - - // list rules in db that are on in a array - $listGenRules = array(); - $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid); - - if (!empty($listOnRules)) { - foreach ( $listOnRules as $val2 ) - { - if ($val2['enable'] == 'on') { - $rulesetOn[] = $val2['rulesetname']; - } - } - unset($listOnRules); - } - - $pgtitle = "Services: Snort: Ruleset Ips"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script type="text/javascript"> - -//prepare the form when the DOM is ready -jQuery(document).ready(function() { - - <?php - /* - * NOTE: I could have used a php loop to build the table but off loading to client is faster - * use jQuery jason parse, make sure its in one line - */ - if (!empty($filterDirList)) { - - $countDirList = count($filterDirList); - - echo "\n"; - - echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [ '; - $i = 0; - foreach ($filterDirList as $val3) - { - - $i++; - - // if list ruleset is in the db ON mark it checked - $rulesetOnChecked = 'off'; - if(!empty($rulesetOn)) - { - if (in_array($val3, $rulesetOn)) - { - $rulesetOnChecked = 'on'; - } - } - - if ( $i !== $countDirList ) - { - echo '{"rule": ' . '"' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '}, '; - }else{ - echo '{"rule": "' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '} '; - } - } - - echo ' ]}\');' . "\n"; - - }else{ - // - echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n"; - - } - - ?> - - // loop through object, dont use .each in jQuery as its slow - if(snortObjlist.ruleSets.length > 0) { - for (var i = 0; i < snortObjlist.ruleSets.length; i++) { - - if (isEven(i) === true) { - var rowIsEvenOdd = 'even_ruleset'; - }else{ - var rowIsEvenOdd = 'odd_ruleset'; - } - - if (snortObjlist.ruleSets[i].enable === 'on') { - var rulesetChecked = 'checked'; - }else{ - var rulesetChecked = ''; - } - - jQuery('.rulesetloopblock').append( - "\n" + '<tr>' + "\n" + - '<td class="' + rowIsEvenOdd + '" align="center" valign="top" width="9%">' + "\n" + - ' <input class="domecheck" name="filenamcheckbox[]" value="' + snortObjlist.ruleSets[i].rule + '" type="checkbox" ' + rulesetChecked + ' >' + "\n" + - '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '">' + "\n" + - ' <a href="/snort/snort_rules_ips.php?rulefilename=' + snortObjlist.ruleSets[i].rule + '<?php if(isset($uuid)){echo "&uuid=$uuid";}else{echo "&rdbuuid=$rdbuuid";}?>' + '">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" + - '</td>' + "\n" + - '</tr>' + "\n\n" - ); - }; - } - - -}); // end of document ready - -</script> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<?php include("fbegin.inc"); ?> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0" alt="transgif" ></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <?php - if (!empty($uuid)) { - echo ' - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li> - <li><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_rulesets_ips.php?uuid=' . $uuid . '"><span>Ruleset Ips</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li> - </ul> - </div> - </td> - </tr> - '; - }else{ - echo ' - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> - </td> - </tr> - <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li> - <li><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_rulesets_ips.php?rdbuuid=' . $rdbuuid . '"><span>Ruleset Ips</span></a></li> - </ul> - </div> - </td> - </tr> - '; - } - ?> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" > - <!-- START MAIN AREA --> - - <table width="100%" border="0" cellpadding="0" cellspacing="0" > - <tr> - <td> - </td> - <td> - <input id="select_all" type="button" class="formbtn" value="Select All" > - <input id="deselect_all" type="button" class="formbtn" value="Deselect All" > - </td> - </tr> - </table> - - <div id="checkboxdo" style="width:100%; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 0px;"> - <form id="iform" action="" > - <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> - <input type="hidden" name="dbTable" value="SnortruleSetsIps" /> <!-- what db table--> - <input type="hidden" name="ifaceTab" value="snort_rulesets_ips" /> <!-- what interface tab --> - <input type="hidden" name="rdbuuid" value="<?=$rdbuuid;?>" /> <!-- what interface to save for --> - <input type="hidden" name="uuid" value="<?=$uuid;?>" /> <!-- create snort.conf --> - - <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;"> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - </table> - - <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;"> - <tr> - <td> - <table width="100%" border="0" cellpadding="0" cellspacing="0" > - - <tr class="hidemetr" id="ipstitle_gensettings" valign="top"> - <td class="listhdrr2" width="20%"></td> - <td class="listhdrr2" width="1%"> On</td> - <td class="listhdrr2" width="1%"> Source</td> - <td class="listhdrr2" width="1%"> Amount</td> - <td class="listhdrr2" width="1%"> Duration</td> - </tr> - - <tr class="hidemetr" id="ipstable_gensettings" valign="top"> - <td class="vncell2" id="infotext_ips"><font color="#000000">Default settings for all block rules</font></td> - <td class="odd_ruleset2"> - <?php - $enableGenRuleSidChkBox = ''; - if ( $listGenRules[0]['enable'] === 'on' || empty($listGenRules[0]['enable'])) { - $enableGenRuleSidChkBox = 'checked="checked"'; - } - ?> - <input class="domecheck" id="checkbox_253" name="snortsam[db][gensettings][enable]" value="on" <?=$enableGenRuleSidChkBox; ?> type="checkbox"> - </td> - <td class="odd_ruleset2"> - <select class="formfld2" id="who_gensettings" name="snortsam[db][gensettings][who]"> - <?php - $whoList = array('src' => 'SRC', 'dst' => 'DST', 'both' => 'BOTH'); - snortDropDownList($whoList, $listGenRules[0]['who']); - ?> - </select> - </td> - <td class="odd_ruleset2"> - <?php - if (!empty($listGenRules[0]['timeamount'])) { - $timeamount = $listGenRules[0]['timeamount']; - }else{ - $timeamount = '15'; - } - ?> - <input class="formfld2" id="timeamount_gensettings" name="snortsam[db][gensettings][timeamount]" size="7" value="<?=$timeamount; ?>" type="text"> - </td> - <td class="odd_ruleset2"> - <select class="formfld2" id="timetype_gensettings" name="snortsam[db][gensettings][timetype]"> - <?php - $timeTypeList = array('minutes' => 'MINUTES', 'seconds' => 'SECONDS', 'hours' => 'HOURS', 'days' => 'DAYS', 'weeks' => 'WEEKS', 'months' => 'MONTHS', 'always' => 'ALWAYS'); - snortDropDownList($timeTypeList, $listGenRules[0]['timetype']); - ?> - </select> - </td> - </tr> - </table> - </td> - </tr> - </table> - - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - - <tr > - <td width="5%" class="listtopic">Enabled</td> - <td class="listtopic">Select The Rulesets To Eable IPS On</td> - </tr> - <table class="rulesetbkg" width="100%"> - - <tbody class="rulesetloopblock" > - <!-- javscript loop table build here --> - </tbody> - - </table> - <table class="vncell1" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listtopic" >Check the rulesets that you would like Snort to load at startup.</td> - </tr> - </table> - <tr> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> - <tr> - <td width="78%"> - <span class="vexpl"><span class="red"><strong>Note:</strong></span> - Please save your settings before you click start.</span> - </td> - </tr> - - </table> - </form> - </div> - - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> - diff --git a/config/snort-old/bin/barnyard2 b/config/snort-old/bin/barnyard2 Binary files differdeleted file mode 100644 index b942e87f..00000000 --- a/config/snort-old/bin/barnyard2 +++ /dev/null diff --git a/config/snort-old/bin/oinkmaster_contrib/README.contrib b/config/snort-old/bin/oinkmaster_contrib/README.contrib deleted file mode 100644 index 6923fa26..00000000 --- a/config/snort-old/bin/oinkmaster_contrib/README.contrib +++ /dev/null @@ -1,84 +0,0 @@ -# $Id: README.contrib,v 1.21 2005/10/18 10:41:20 andreas_o Exp $ # - -------------------------------------------------------------------------------- -* oinkgui.pl by Andreas Östling <andreaso@it.su.se> - - A graphical front-end to Oinkmaster written in Perl/Tk. - See README.gui for complete documentation. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* addsid.pl by Andreas Östling <andreaso@it.su.se> - - A script that parses *.rules in all specified directories and adds a - SID to (active) rules that don't have any. (Actually, rev and classtype - are also added if missing, unless you edit addsid.pl and tune this.) The - script first looks for the current highest SID (even in inactive rules) - and starts at the next one, unless this value is below MIN_SID (defined - inside addsid.pl). By default, this value is set to 1000001 since this - is the lowest SID assigned for local usage. Handles multi-line rules. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* create-sidmap.pl by Andreas Östling <andreaso@it.su.se> - - A script that parses all active rules in *.rules in all specified - directories and creates a SID map. (Like Snort's regen-sidmap, but this - one handles multi-line rules.) Result goes to standard output which can - be redirected to a sid-msg.map file. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* makesidex.pl, originally by Jerry Applebaum but later rewritten by - Andreas Östling <andreaso@it.su.se> to handle multi-line rules and - multiple rules directories. - - It reads *.rules in all specified directories, looks for all disabled - rules and prints a "disablesid <sid> # <msg>" line for each disabled rule. - The output can be appended to oinkmaster.conf. - Useful to new Oinkmaster users. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* addmsg.pl by Andreas Östling <andreaso@it.su.se>: - - A script that will parse your oinkmaster.conf for - localsid/enablesid/disablesid lines and add their rule message as a #comment. - If your oinkmaster.conf looks like this before addmsg.pl has been run: - - disablesid 286 - disablesid 287 - disablesid 288 - - It will look something like this afterward: - - disablesid 286 # POP3 EXPLOIT x86 bsd overflow - disablesid 287 # POP3 EXPLOIT x86 bsd overflow - disablesid 288 # POP3 EXPLOIT x86 linux overflow - - addmsg.pl will not touch lines that already has a comment in them. - It's not able to handle SID lists when written like this: - disablesid 1,2,3, ... - But it should handle them if written like this: - disablesid \ - 1, \ - 2, \ - 3 - - The new config file will be printed to standard output, so you - probably want to redirect the output to a file, for example: - - ./addmsg.pl oinkmaster.conf rules/ > oinkmaster.conf.new - - If oinkmaster.conf.new looks ok, simply rename it to oinkmaster.conf. - Do NOT redirect to the same file you read from, as this will destroy - that file. -------------------------------------------------------------------------------- diff --git a/config/snort-old/bin/oinkmaster_contrib/addmsg.pl b/config/snort-old/bin/oinkmaster_contrib/addmsg.pl deleted file mode 100644 index e5866d6f..00000000 --- a/config/snort-old/bin/oinkmaster_contrib/addmsg.pl +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: addmsg.pl,v 1.19 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - - -my $USAGE = << "RTFM"; - -Parse Oinkmaster configuration file and add the rule's "msg" string as a -#comment for each disablesid/enablesid line. - -Usage: $0 <oinkmaster.conf> <rulesdir> [rulesdir2, ...] - -The new config file will be printed to standard output, so you -probably want to redirect the output to a new file (*NOT* the same -file you used as input, because that will destroy the file!). -For example: - -$0 /etc/oinkmaster.conf /etc/rules/ > oinkmaster.conf.new - -If oinkmaster.conf.new looks ok, simply rename it to /etc/oinkmaster.conf. - -RTFM - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - - -my $config = shift || die($USAGE); - -my @rulesdirs = @ARGV; -die($USAGE) unless ($#rulesdirs > -1); - -my $verbose = 1; -my (%sidmsgmap, %config); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - - - -# Read in oinkmaster.conf. -open(CONFIG, "<" , "$config") or die("could not open \"$config\" for reading: $!\n"); -my @config = <CONFIG>; -close(CONFIG); - - -# Read in *.rules in all rulesdirs and create %sidmsgmap ($sidmsgmap{sid} = msg). -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(FILE, "<", "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - $sidmsgmap{$sid} = $msg - if (defined($single)); - } - } -} - - -# Print new oinkmaster.conf. -while ($_ = shift(@config)) { - if (/^\s*(?:disable|enable|local)sid\s+(\d+)\s*$/ || /^\s*(\d+)\s*,\s*\\$/ || /^\s*(\d+)\s*$/) { - my $sid = $1; - my $is_multiline = 0; - chomp; - - if (/\\$/) { - $is_multiline = 1; - s/\\$//; - } - - $_ = sprintf("%-25s", $_); - if (exists($sidmsgmap{$sid})) { - print "$_ # $sidmsgmap{$sid}"; - } else { - print "$_"; - } - print " \\" if ($is_multiline); - print "\n"; - } else { - print; - } -} - - - -# From oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# From oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-old/bin/oinkmaster_contrib/addsid.pl b/config/snort-old/bin/oinkmaster_contrib/addsid.pl deleted file mode 100644 index 64255d22..00000000 --- a/config/snort-old/bin/oinkmaster_contrib/addsid.pl +++ /dev/null @@ -1,382 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: addsid.pl,v 1.30 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); -sub get_next_available_sid(@); - - -# Set this to the default classtype you want to add, if missing. -# Set to 0 or "" if you don't want to add a classtype. -my $CLASSTYPE = "misc-attack"; - -# If ADD_REV is set to 1, "rev: 1;" will be added to rule if it has no rev. -# Set to 0 if you don't want to add it. -my $ADD_REV = 1; - -# Minimum SID to add. Normally, the next available SID will be used, -# unless it's below this value. Only SIDs >= 1000000 are reserved for -# personal use. -my $MIN_SID = 1000001; - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - - -my $USAGE = << "RTFM"; - -Parse *.rules in one or more directories and add "sid:<sid>;" to -active rules that don't have any "sid" entry, starting with the next -available SID after parsing all rules files (but $MIN_SID at minumum). -Also, "rev:1;" is added to rules without a "rev" entry, and -"classtype:misc-attack;" is added to rules without a "classtype" entry -(edit options at the top of $0 if you want to change this). - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - - -# Start in verbose mode. -my $verbose = 1; - -my (%all_sids, %active_sids, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - - -# Find out the next available SID. -my $next_sid = get_next_available_sid(@rulesdirs); - -# Avoid seeing possible warnings about broken rules twice. -$verbose = 0; - -# Add sid/rev/classtype to active rules that don't have any. -foreach my $dir (@rulesdirs) { - opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(OLDFILE, "$dir/$file") - or die("could not open \"$dir/$file\": $!\n"); - my @file = <OLDFILE>; - close(OLDFILE); - - open(NEWFILE, ">", "$dir/$file") - or die("could not open \"$dir/$file\" for writing: $!\n"); - - my ($single, $multi, $nonrule, $msg, $sid); - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - - if (defined($nonrule)) { - print NEWFILE "$nonrule"; - next; - } - - $multi = $single unless (defined($multi)); - - # Don't care about inactive rules. - if ($single =~ /^\s*#/) { - print NEWFILE "$multi"; - next; - } - - my $added; - - # Add SID. - if ($single !~ /sid\s*:\s*\d+\s*;/) { - $added .= "SID $next_sid,"; - $multi =~ s/\)\s*\n/sid:$next_sid;)\n/; - $next_sid++; - } - - # Add revision. - if ($ADD_REV && $single !~ /rev\s*:\s*\d+\s*;/) { - $added .= "rev,"; - $multi =~ s/\)\s*\n/rev:1;)\n/; - } - - # Add classtype. - if ($CLASSTYPE && $single !~ /classtype\s*:\s*.+\s*;/) { - $added .= "classtype $CLASSTYPE,"; - $multi =~ s/\)\s*\n/classtype:$CLASSTYPE;)\n/; - } - - if (defined($added)) { - $added =~ s/,$//; - print "Adding $added to rule \"$msg\"\n" - if (defined($added)); - } - - print NEWFILE "$multi"; - } - - close(NEWFILE); - } - - closedir(RULESDIR); -} - - - -# Read in *.rules in given directory and return highest SID. -sub get_next_available_sid(@) -{ - my @dirs = @_; - - foreach my $dir (@dirs) { - opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n"); - - # Only care about *.rules. - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(OLDFILE, "<$dir/$file") or die("could not open \"$dir/$file\": $!\n"); - my @file = <OLDFILE>; - close(OLDFILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($single) && defined($sid)) { - $all_sids{$sid}++; - - # If this is an active rule add to %active_sids and - # warn if it already exists. - if ($single =~ /^\s*alert/) { - print STDERR "WARNING: duplicate SID: $sid\n" - if (exists($active_sids{$sid})); - $active_sids{$sid}++ - } - } - } - } - } - - # Sort sids and use highest one + 1, unless it's below MIN_SID. - @_ = sort {$a <=> $b} keys(%all_sids); - my $sid = pop(@_); - - if (!defined($sid)) { - $sid = $MIN_SID - } else { - $sid++; - } - - # If it's below MIN_SID, use MIN_SID instead. - $sid = $MIN_SID if ($sid < $MIN_SID); - - return ($sid) -} - - - -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# From oinkmaster.pl except that this version -# has been modified so that the sid is *optional*. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; -# } else { -# return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl b/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl deleted file mode 100644 index 26a9040c..00000000 --- a/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl +++ /dev/null @@ -1,280 +0,0 @@ -#!/usr/local/bin/perl -w - -# $Id: create-sidmap.pl,v 1.21 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - -# Files to ignore. -my %skipfiles = ( - 'deleted.rules' => 1, -); - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -my $USAGE = << "RTFM"; - -Parse active rules in *.rules in one or more directories and create a SID -map. Result is sent to standard output, which can be redirected to a -sid-msg.map file. - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - -my $verbose = 1; - -my (%sidmap, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - - -# Read in all rules from each rules file (*.rules) in each rules dir. -# into %sidmap. -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - next if ($skipfiles{$file}); - - open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($single)) { - - warn("WARNING: duplicate SID: $sid (discarding old)\n") - if (exists($sidmap{$sid})); - - $sidmap{$sid} = "$sid || $msg"; - - # Print all references. Borrowed from Brian Caswell's regen-sidmap script. - my $ref = $single; - while ($ref =~ s/(.*)reference\s*:\s*([^\;]+)(.*)$/$1 $3/) { - $sidmap{$sid} .= " || $2" - } - - $sidmap{$sid} .= "\n"; - } - } - } -} - -# Print results. -foreach my $sid (sort { $a <=> $b } keys(%sidmap)) { - print "$sidmap{$sid}"; -} - - - -# Same as in oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Same as in oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-old/bin/oinkmaster_contrib/makesidex.pl b/config/snort-old/bin/oinkmaster_contrib/makesidex.pl deleted file mode 100644 index 80354735..00000000 --- a/config/snort-old/bin/oinkmaster_contrib/makesidex.pl +++ /dev/null @@ -1,261 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: makesidex.pl,v 1.11 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -my $USAGE = << "RTFM"; - -Parse *.rules in one or more directories and look for all rules that are -disabled (i.e. begin with "#") and print "disablesid <sid> # <msg>" to -standard output for all those rules. This output can be redirected to a -file, which will be understood by Oinkmaster. - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - -my $verbose = 1; - -my (%disabled, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - $single = $multi if (defined($multi)); - $disabled{$sid} = $msg - if (defined($single) && $single =~ /^\s*#/); - } - } -} - -# Print results. -foreach my $sid (sort { $a <=> $b } keys(%disabled)) { - printf("%-25s # %s\n", "disablesid $sid", $disabled{$sid}); -} - - - -# Same as in oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Same as in oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-old/bin/oinkmaster_contrib/oinkgui.pl b/config/snort-old/bin/oinkmaster_contrib/oinkgui.pl deleted file mode 100644 index 4e96f7db..00000000 --- a/config/snort-old/bin/oinkmaster_contrib/oinkgui.pl +++ /dev/null @@ -1,1046 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: oinkgui.pl,v 1.52 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use 5.006001; - -use strict; -use File::Spec; -use Tk; -use Tk::Balloon; -use Tk::BrowseEntry; -use Tk::FileSelect; -use Tk::NoteBook; -use Tk::ROText; - -use constant CSIDL_DRIVES => 17; - -sub update_rules(); -sub clear_messages(); -sub create_cmdline($); -sub fileDialog($ $ $ $); -sub load_config(); -sub save_config(); -sub save_messages(); -sub update_file_label_color($ $ $); -sub create_fileSelectFrame($ $ $ $ $ $); -sub create_checkbutton($ $ $); -sub create_radiobutton($ $ $); -sub create_actionbutton($ $ $); -sub execute_oinkmaster(@); -sub logmsg($ $); - - -my $version = 'Oinkmaster GUI v1.1'; - -my @oinkmaster_conf = qw( - /etc/oinkmaster.conf - /usr/local/etc/oinkmaster.conf -); - -# List of URLs that will show up in the URL BrowseEntry. -my @urls = qw( - http://www.bleedingsnort.com/bleeding.rules.tar.gz - http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz - http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz - http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.3.tar.gz -); - -my %color = ( - background => 'Bisque3', - button => 'Bisque2', - label => 'Bisque1', - notebook_bg => 'Bisque2', - notebook_inact => 'Bisque3', - file_label_ok => '#00e000', - file_label_not_ok => 'red', - out_frame_fg => 'white', - out_frame_bg => 'black', - entry_bg => 'white', - button_active => 'white', - button_bg => 'Bisque4', -); - -my %config = ( - animate => 1, - careful => 0, - enable_all => 0, - check_removed => 0, - output_mode => 'normal', - diff_mode => 'detailed', - perl => $^X, - oinkmaster => "", - oinkmaster_conf => "", - outdir => "", - url => "", - varfile => "", - backupdir => "", - editor => "", -); - -my %help = ( - - # File locations. - oinkscript => 'Location of the executable Oinkmaster script (oinkmaster.pl).', - oinkconf => 'The Oinkmaster configuration file to use.', - outdir => 'Where to put the new rules. This should be the directory where you '. - 'store your current rules.', - - url => 'Alternate location of rules archive to download/copy. '. - 'Leave empty to use the location set in oinkmaster.conf.', - varfile => 'Variables that exist in downloaded snort.conf but not in '. - 'this file will be added to it. Leave empty to skip.', - backupdir => 'Directory to put tarball of old rules before overwriting them. '. - 'Leave empty to skip backup.', - editor => 'Full path to editor to execute when pressing the "edit" button '. - '(wordpad is recommended on Windows). ', - - # Checkbuttons. - careful => 'In careful mode, Oinkmaster will just check for changes, '. - 'not update anything.', - enable => 'Some rules may be commented out by default (for a reason!). '. - 'This option will make Oinkmaster enable those.', - removed => 'Check for rules files that exist in the output directory but not '. - 'in the downloaded rules archive.', - - # Action buttons. - clear => 'Clear current output messages.', - save => 'Save current output messages to file.', - exit => 'Exit the GUI.', - update => 'Execute Oinkmaster to update the rules.', - test => 'Test current Oinkmaster configuration. ' . - 'If there are no fatal errors, you are ready to update the rules.', - version => 'Request version information from Oinkmaster.', -); - - -my $gui_config_file = ""; -my $use_fileop = 0; - - -#### MAIN #### - -select STDERR; -$| = 1; -select STDOUT; -$| = 1; - -# Find out if can use Win32::FileOp. -if ($^O eq 'MSWin32') { - BEGIN { $^W = 0 } - $use_fileop = 1 if (eval "require Win32::FileOp"); -} - -# Find out which oinkmaster.pl file to default to. -foreach my $dir (File::Spec->path()) { - my $file = "$dir/oinkmaster"; - if (-f "$file" && (-x "$file" || $^O eq 'MSWin32')) { - $config{oinkmaster} = $file; - last; - } elsif (-f "$file.pl" && (-x "$file" || $^O eq 'MSWin32')) { - $config{oinkmaster} = "$file.pl"; - last; - } -} - -# Find out which oinkmaster config file to default to. -foreach my $file (@oinkmaster_conf) { - if (-e "$file") { - $config{oinkmaster_conf} = $file; - last; - } -} - -# Find out where the GUI config file is (it's not required). -if ($ENV{HOME}) { - $gui_config_file = "$ENV{HOME}/.oinkguirc" -} elsif ($ENV{HOMEDRIVE} && $ENV{HOMEPATH}) { - $gui_config_file = "$ENV{HOMEDRIVE}$ENV{HOMEPATH}\\.oinkguirc"; -} - - -# Create main window. -my $main = MainWindow->new( - -background => "$color{background}", - -title => "$version", -); - - -# Create scrolled frame with output messages. -my $out_frame = $main->Scrolled('ROText', - -setgrid => 'true', - -scrollbars => 'e', - -background => $color{out_frame_bg}, - -foreground => $color{out_frame_fg}, -); - - -my $help_label = $main->Label( - -relief => 'groove', - -background => "$color{label}", -); - -my $balloon = $main->Balloon( - -statusbar => $help_label, -); - - -# Create notebook. -my $notebook = $main->NoteBook( - -ipadx => 6, - -ipady => 6, - -background => $color{notebook_bg}, - -inactivebackground => $color{notebook_inact}, - -backpagecolor => $color{background}, -); - - -# Create tab with required files/dirs. -my $req_tab = $notebook->add("required", - -label => "Required files and directories", - -underline => 0, -); - -$req_tab->configure(-bg => "$color{notebook_inact}"); - - -# Create frame with oinkmaster.pl location. -my $filetypes = [ - ['Oinkmaster script', 'oinkmaster.pl'], - ['All files', '*' ] -]; - -my $oinkscript_frame = - create_fileSelectFrame($req_tab, "oinkmaster.pl", 'EXECFILE', - \$config{oinkmaster}, 'NOEDIT', $filetypes); - -$balloon->attach($oinkscript_frame, -statusmsg => $help{oinkscript}); - - -# Create frame with oinkmaster.conf location. -$filetypes = [ - ['configuration files', '.conf'], - ['All files', '*' ] -]; - -my $oinkconf_frame = - create_fileSelectFrame($req_tab, "oinkmaster.conf", 'ROFILE', - \$config{oinkmaster_conf}, 'EDIT', $filetypes); - -$balloon->attach($oinkconf_frame, -statusmsg => $help{oinkconf}); - - -# Create frame with output directory. -my $outdir_frame = - create_fileSelectFrame($req_tab, "output directory", 'WRDIR', - \$config{outdir}, 'NOEDIT', undef); - -$balloon->attach($outdir_frame, -statusmsg => $help{outdir}); - - - -# Create tab with optional files/dirs. -my $opt_tab = $notebook->add("optional", - -label => "Optional files and directories", - -underline => 0, -); - -$opt_tab->configure(-bg => "$color{notebook_inact}"); - -# Create frame with alternate URL location. -$filetypes = [ - ['compressed tar files', '.tar.gz'] -]; - -my $url_frame = - create_fileSelectFrame($opt_tab, "Alternate URL", 'URL', - \$config{url}, 'NOEDIT', $filetypes); - -$balloon->attach($url_frame, -statusmsg => $help{url}); - - -# Create frame with variable file. -$filetypes = [ - ['Snort configuration files', ['.conf', '.config']], - ['All files', '*' ] -]; - -my $varfile_frame = - create_fileSelectFrame($opt_tab, "Variable file", 'WRFILE', - \$config{varfile}, 'EDIT', $filetypes); - -$balloon->attach($varfile_frame, -statusmsg => $help{varfile}); - - -# Create frame with backup dir location. -my $backupdir_frame = - create_fileSelectFrame($opt_tab, "Backup directory", 'WRDIR', - \$config{backupdir}, 'NOEDIT', undef); - -$balloon->attach($backupdir_frame, -statusmsg => $help{backupdir}); - - -# Create frame with editor location. -$filetypes = [ - ['executable files', ['.exe']], - ['All files', '*' ] -]; - -my $editor_frame = - create_fileSelectFrame($opt_tab, "Editor", 'EXECFILE', - \$config{editor}, 'NOEDIT', $filetypes); - -$balloon->attach($editor_frame, -statusmsg => $help{editor}); - - - -$notebook->pack( - -expand => 'no', - -fill => 'x', - -padx => '5', - -pady => '5', - -side => 'top' -); - - -# Create the frame to the left. -my $left_frame = $main->Frame( - -background => "$color{label}", - -border => '2', -)->pack( - -side => 'left', - -fill => 'y', -); - - -# Create "GUI settings" label. -$left_frame->Label( - -text => "GUI settings:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - - -create_actionbutton($left_frame, "Load saved settings", \&load_config); -create_actionbutton($left_frame, "Save current settings", \&save_config); - - -# Create "options" label at the top of the left frame. -$left_frame->Label( - -text => "Options:", - -background => "$color{label}", -)->pack(-side => 'top', - -fill => 'x', -); - - -# Create checkbuttons in the left frame. -$balloon->attach( - create_checkbutton($left_frame, "Careful mode", \$config{careful}), - -statusmsg => $help{careful} -); - -$balloon->attach( - create_checkbutton($left_frame, "Enable all", \$config{enable_all}), - -statusmsg => $help{enable} -); - -$balloon->attach( - create_checkbutton($left_frame, "Check for removed files", \$config{check_removed}), - -statusmsg => $help{removed} -); - - -# Create "mode" label. -$left_frame->Label( - -text => "Output mode:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - -# Create mode radiobuttons in the left frame. -create_radiobutton($left_frame, "super-quiet", \$config{output_mode}); -create_radiobutton($left_frame, "quiet", \$config{output_mode}); -create_radiobutton($left_frame, "normal", \$config{output_mode}); -create_radiobutton($left_frame, "verbose", \$config{output_mode}); - -# Create "Diff mode" label. -$left_frame->Label( - -text => "Diff mode:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - -create_radiobutton($left_frame, "detailed", \$config{diff_mode}); -create_radiobutton($left_frame, "summarized", \$config{diff_mode}); -create_radiobutton($left_frame, "remove common", \$config{diff_mode}); - - -# Create "activity messages" label. -$main->Label( - -text => "Output messages:", - -width => '130', - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - - - -# Pack output frame. -$out_frame->pack( - -expand => 'yes', - -fill => 'both', -); - - -# Pack help label below output window. -$help_label->pack( - -fill => 'x', -); - - -# Create "actions" label. -$left_frame->Label( - -text => "Actions:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - - -# Create action buttons. - -$balloon->attach( - create_actionbutton($left_frame, "Update rules!", \&update_rules), - -statusmsg => $help{update} -); - -$balloon->attach( - create_actionbutton($left_frame, "Clear output messages", \&clear_messages), - -statusmsg => $help{clear} -); - -$balloon->attach( - create_actionbutton($left_frame, "Save output messages", \&save_messages), - -statusmsg => $help{save} -); - -$balloon->attach( - create_actionbutton($left_frame, "Exit", \&exit), - -statusmsg => $help{exit} -); - - - -# Make the mousewheel scroll the output window. Taken from Mastering Perl/Tk. -if ($^O eq 'MSWin32') { - $out_frame->bind('<MouseWheel>' => - [ sub { $_[0]->yview('scroll', -($_[1] / 120) * 3, 'units')}, - Ev('D') ] - ); -} else { - $out_frame->bind('<4>' => sub { - $_[0]->yview('scroll', -3, 'units') unless $Tk::strictMotif; - }); - - $out_frame->bind('<5>' => sub { - $_[0]->yview('scroll', +3, 'units') unless $Tk::strictMotif; - }); -} - - - -# Now the fun begins. -if ($config{animate}) { - foreach (split(//, "Welcome to $version")) { - logmsg("$_", 'MISC'); - $out_frame->after(5); - } -} else { - logmsg("Welcome to $version", 'MISC'); -} - -logmsg("\n\n", 'MISC'); - -# Load gui settings into %config. -load_config(); - - -# Warn if any required file/directory is not set. -logmsg("No oinkmaster.pl set, please select one above!\n\n", 'ERROR') - if ($config{oinkmaster} !~ /\S/); - -logmsg("No oinkmaster configuration file set, please select one above!\n\n", 'ERROR') - if ($config{oinkmaster_conf} !~ /\S/); - -logmsg("Output directory is not set, please select one above!\n\n", 'ERROR') - if ($config{outdir} !~ /\S/); - - -MainLoop; - - - -#### END #### - - - -sub fileDialog($ $ $ $) -{ - my $var_ref = shift; - my $title = shift; - my $type = shift; - my $filetypes = shift; - my $dirname; - - if ($type eq 'WRDIR') { - if ($use_fileop) { - $dirname = Win32::FileOp::BrowseForFolder("title", CSIDL_DRIVES); - } else { - my $fs = $main->FileSelect(); - $fs->configure(-verify => ['-d', '-w'], -title => $title); - $dirname = $fs->Show; - } - $$var_ref = $dirname if ($dirname); - } elsif ($type eq 'EXECFILE' || $type eq 'ROFILE' || $type eq 'WRFILE' || $type eq 'URL') { - my $filename = $main->getOpenFile(-title => $title, -filetypes => $filetypes); - $$var_ref = $filename if ($filename); - } elsif ($type eq 'SAVEFILE') { - my $filename = $main->getSaveFile(-title => $title, -filetypes => $filetypes); - $$var_ref = $filename if ($filename); - } else { - logmsg("Unknown type ($type)\n", 'ERROR'); - } -} - - - -sub update_file_label_color($ $ $) -{ - my $label = shift; - my $filename = shift; - my $type = shift; - - $filename =~ s/^\s+//; - $filename =~ s/\s+$//; - - unless ($filename) { - $label->configure(-background => $color{file_label_not_ok}); - return (1); - } - - if ($type eq "URL") { - if ($filename =~ /^(?:http|ftp|scp):\/\/.+\.tar\.gz$/) { - $label->configure(-background => $color{file_label_ok}); - } elsif ($filename =~ /^(?:file:\/\/)*(.+\.tar\.gz)$/) { - my $file = $1; - if (-f "$file" && -r "$file") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "ROFILE") { - if (-f "$filename" && -r "$filename") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "EXECFILE") { - if (-f "$filename" && (-x "$filename" || $^O eq 'MSWin32')) { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "WRFILE") { - if (-f "$filename" && -w "$filename") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "WRDIR") { - if (-d "$filename" && -w "$filename") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } else { - print STDERR "incorrect type ($type)\n"; - exit; - } - - return (1); -} - - - -sub create_checkbutton($ $ $) -{ - my $frame = shift; - my $name = shift; - my $var_ref = shift; - - my $button = $frame->Checkbutton( - -text => $name, - -background => $color{button}, - -activebackground => $color{button_active}, - -highlightbackground => $color{button_bg}, - -variable => $var_ref, - -relief => 'raise', - -anchor => 'w', - )->pack( - -fill => 'x', - -side => 'top', - -pady => '1', - ); - - return ($button); -} - - - -sub create_actionbutton($ $ $) -{ - my $frame = shift; - my $name = shift; - my $func_ref = shift; - - my $button = $frame->Button( - -text => $name, - -command => sub { - &$func_ref; - $out_frame->focus; - }, - -background => $color{button}, - -activebackground => $color{button_active}, - -highlightbackground => $color{button_bg}, - )->pack( - -fill => 'x', - ); - - return ($button); -} - - - -sub create_radiobutton($ $ $) -{ - my $frame = shift; - my $name = shift; - my $mode_ref = shift; - - my $button = $frame->Radiobutton( - -text => $name, - -highlightbackground => $color{button_bg}, - -background => $color{button}, - -activebackground => $color{button_active}, - -variable => $mode_ref, - -relief => 'raised', - -anchor => 'w', - -value => $name, - )->pack( - -side => 'top', - -pady => '1', - -fill => 'x', - ); - - return ($button); -} - - - -# Create <label><entry><browsebutton> in given frame. -sub create_fileSelectFrame($ $ $ $ $ $) -{ - my $win = shift; - my $name = shift; - my $type = shift; # FILE|DIR|URL - my $var_ref = shift; - my $edtype = shift; # EDIT|NOEDIT - my $filetypes = shift; - - # Create frame. - my $frame = $win->Frame( - -bg => $color{background}, - )->pack( - -padx => '2', - -pady => '2', - -fill => 'x' - ); - - # Create label. - my $label = $frame->Label( - -text => $name, - -width => '16', - -relief => 'raised', - -background => "$color{file_label_not_ok}", - )->pack( - -side => 'left' - ); - - my $entry; - - if ($type eq 'URL') { - $entry = $frame->BrowseEntry( - -textvariable => $var_ref, - -background => $color{entry_bg}, - -width => '80', - -choices => \@urls, - -validate => 'key', - -validatecommand => sub { update_file_label_color($label, $_[0], $type) }, - )->pack( - -side => 'left', - -expand => 'yes', - -fill => 'x' - ); - } else { - $entry = $frame->Entry( - -textvariable => $var_ref, - -background => $color{entry_bg}, - -width => '80', - -validate => 'key', - -validatecommand => sub { update_file_label_color($label, $_[0], $type) }, - )->pack( - -side => 'left', - -expand => 'yes', - -fill => 'x' - ); - } - - # Create edit-button if file is ediable. - if ($edtype eq 'EDIT') { - my $edit_but = $frame->Button( - -text => "Edit", - -background => "$color{button}", - -command => sub { - unless (-e "$$var_ref") { - logmsg("Select an existing file first!\n\n", 'ERROR'); - return; - } - - if ($config{editor}) { - $main->Busy(-recurse => 1); - logmsg("Launching " . $config{editor} . - ", close it to continue the GUI.\n\n", 'MISC'); - sleep(2); - system($config{editor}, $$var_ref); # MainLoop will be put on hold... - $main->Unbusy; - } else { - logmsg("No editor set\n\n", 'ERROR'); - } - } - )->pack( - -side => 'left', - ); - } - - # Create browse-button. - my $but = $frame->Button( - -text => "browse ...", - -background => $color{button}, - -command => sub { - fileDialog($var_ref, $name, $type, $filetypes); - } - )->pack( - -side => 'left', - ); - - return ($frame); -} - - - -sub logmsg($ $) -{ - my $text = shift; - my $type = shift; - - return unless (defined($text)); - - $out_frame->tag(qw(configure OUTPUT -foreground grey)); - $out_frame->tag(qw(configure ERROR -foreground red)); - $out_frame->tag(qw(configure MISC -foreground white)); - $out_frame->tag(qw(configure EXEC -foreground bisque2)); - - $out_frame->insert('end', "$text", "$type"); - $out_frame->see('end'); - $out_frame->update; -} - - - - -sub execute_oinkmaster(@) -{ - my @cmd = @_; - my @obfuscated_cmd; - - # Obfuscate possible password in url. - foreach my $line (@cmd) { - if ($line =~ /^(\S+:\/\/.+?):.+?@(.+)/) { - push(@obfuscated_cmd, "$1:*password*\@$2"); - } else { - push(@obfuscated_cmd, $line); - } - } - - logmsg("@obfuscated_cmd:\n", 'EXEC'); - - $main->Busy(-recurse => 1); - - if ($^O eq 'MSWin32') { - open(OINK, "@cmd 2>&1|"); - while (<OINK>) { - logmsg($_, 'OUTPUT'); - } - close(OINK); - } else { - if (open(OINK,"-|")) { - while (<OINK>) { - logmsg($_, 'OUTPUT'); - } - } else { - open(STDERR, '>&STDOUT'); - exec(@cmd); - } - close(OINK); - } - - $main->Unbusy; - logmsg("done.\n\n", 'EXEC'); -} - - - -sub clear_messages() -{ - $out_frame->delete('1.0','end'); - $out_frame->update; -} - - - -sub save_messages() -{ - my $text = $out_frame->get('1.0', 'end'); - my $title = 'Save output messages'; - my $filename; - - my $filetypes = [ - ['Log files', ['.log', '.txt']], - ['All files', '*' ] - ]; - - - if (length($text) > 1) { - fileDialog(\$filename, $title, 'SAVEFILE', $filetypes); - if (defined($filename)) { - - unless (open(LOG, ">", "$filename")) { - logmsg("Could not open $filename for writing: $!\n\n", 'ERROR'); - return; - } - - print LOG $text; - close(LOG); - logmsg("Successfully saved output messages to $filename\n\n", 'MISC'); - } - - } else { - logmsg("Nothing to save.\n\n", 'ERROR'); - } -} - - - -sub update_rules() -{ - my @cmd; - - create_cmdline(\@cmd) || return; - clear_messages(); - execute_oinkmaster(@cmd); -} - - - -sub create_cmdline($) -{ - my $cmd_ref = shift; - - my $oinkmaster = $config{oinkmaster}; - my $oinkmaster_conf = $config{oinkmaster_conf}; - my $outdir = $config{outdir}; - my $varfile = $config{varfile}; - my $url = $config{url}; - my $backupdir = $config{backupdir}; - - # Assume file:// if url prefix is missing. - if ($url) { - $url = "file://$url" unless ($url =~ /(?:http|ftp|file|scp):\/\//); - if ($url =~ /.+<oinkcode>.+/) { - logmsg("You must replace <oinkcode> with your real oinkcode, see the FAQ!\n\n", 'ERROR'); - return (0); - } - } - - $oinkmaster = File::Spec->rel2abs($oinkmaster) - if ($oinkmaster); - - $outdir = File::Spec->canonpath("$outdir"); - $backupdir = File::Spec->canonpath("$backupdir"); - - # Clean leading/trailing whitespaces. - foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir, - \$varfile, \$url, \$backupdir) { - $$var_ref =~ s/^\s+//; - $$var_ref =~ s/\s+$//; - } - - unless ($config{oinkmaster} && -f "$config{oinkmaster}" && - (-x "$config{oinkmaster}" || $^O eq 'MSWin32')) { - logmsg("Location of oinkmaster.pl is not set correctly!\n\n", 'ERROR'); - return; - } - - unless ($oinkmaster_conf && -f "$oinkmaster_conf") { - logmsg("Location of configuration file is not set correctlyy!\n\n", 'ERROR'); - return (0); - } - - unless ($outdir && -d "$outdir") { - logmsg("Output directory is not set correctly!\n\n", 'ERROR'); - return (0); - } - - # Add leading/trailing "" if win32. - foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir, - \$varfile, \$url, \$backupdir) { - if ($^O eq 'MSWin32' && $$var_ref) { - $$var_ref = "\"$$var_ref\""; - } - } - - push(@$cmd_ref, - "$config{perl}", "$oinkmaster", - "-C", "$oinkmaster_conf", - "-o", "$outdir"); - - push(@$cmd_ref, "-c") if ($config{careful}); - push(@$cmd_ref, "-e") if ($config{enable_all}); - push(@$cmd_ref, "-r") if ($config{check_removed}); - push(@$cmd_ref, "-q") if ($config{output_mode} eq "quiet"); - push(@$cmd_ref, "-Q") if ($config{output_mode} eq "super-quiet"); - push(@$cmd_ref, "-v") if ($config{output_mode} eq "verbose"); - push(@$cmd_ref, "-m") if ($config{diff_mode} eq "remove common"); - push(@$cmd_ref, "-s") if ($config{diff_mode} eq "summarized"); - push(@$cmd_ref, "-U", "$varfile") if ($varfile); - push(@$cmd_ref, "-b", "$backupdir") if ($backupdir); - - push(@$cmd_ref, "-u", "$url") - if ($url); - - return (1); -} - - - -# Load $config file into %config hash. -sub load_config() -{ - unless (defined($gui_config_file) && $gui_config_file) { - logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR'); - return; - } - - unless (-e "$gui_config_file") { - logmsg("$gui_config_file does not exist, keeping current/default settings\n\n", 'MISC'); - return; - } - - unless (open(RC, "<", "$gui_config_file")) { - logmsg("Could not open $gui_config_file for reading: $!\n\n", 'ERROR'); - return; - } - - while (<RC>) { - next unless (/^(\S+)=(.*)/); - $config{$1} = $2; - } - - close(RC); - logmsg("Successfully loaded GUI settings from $gui_config_file\n\n", 'MISC'); -} - - - -# Save %config into file $config. -sub save_config() -{ - unless (defined($gui_config_file) && $gui_config_file) { - logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR'); - return; - } - - unless (open(RC, ">", "$gui_config_file")) { - logmsg("Could not open $gui_config_file for writing: $!\n\n", 'ERROR'); - return; - } - - print RC "# Automatically created by Oinkgui. ". - "Do not edit directly unless you have to.\n"; - - foreach my $option (sort(keys(%config))) { - print RC "$option=$config{$option}\n"; - } - - close(RC); - logmsg("Successfully saved current GUI settings to $gui_config_file\n\n", 'MISC'); -} diff --git a/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl b/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl deleted file mode 100644 index f9c4d215..00000000 --- a/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl +++ /dev/null @@ -1,2754 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: oinkmaster.pl,v 1.406 2006/02/10 13:02:44 andreas_o Exp $ # - -# Copyright (c) 2001-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use 5.006001; - -use strict; -use File::Basename; -use File::Copy; -use File::Path; -use File::Spec; -use Getopt::Long; -use File::Temp qw(tempdir); - -sub show_usage(); -sub parse_cmdline($); -sub read_config($ $); -sub sanity_check(); -sub download_file($ $); -sub unpack_rules_archive($ $ $); -sub join_tmp_rules_dirs($ $ @); -sub process_rules($ $ $ $ $ $); -sub process_rule($ $ $ $ $ $ $ $); -sub setup_rules_hash($ $); -sub get_first_only($ $ $); -sub print_changes($ $); -sub print_changetype($ $ $ $); -sub print_summary_change($ $); -sub make_backup($ $); -sub get_changes($ $ $); -sub update_rules($ @); -sub copy_rules($ $); -sub is_in_path($); -sub get_next_entry($ $ $ $ $ $); -sub get_new_vars($ $ $ $); -sub add_new_vars($ $); -sub write_new_vars($ $); -sub msdos_to_cygwin_path($); -sub parse_mod_expr($ $ $ $); -sub untaint_path($); -sub approve_changes(); -sub parse_singleline_rule($ $ $); -sub join_multilines($); -sub minimize_diff($ $); -sub catch_sigint(); -sub clean_exit($); - - -my $VERSION = 'Oinkmaster v2.0, Copyright (C) 2001-2006 '. - 'Andreas Östling <andreaso@it.su.se>'; -my $OUTFILE = 'snortrules.tar.gz'; -my $RULES_DIR = 'rules'; - -my $PRINT_NEW = 1; -my $PRINT_OLD = 2; -my $PRINT_BOTH = 3; - -my %config = ( - careful => 0, - check_removed => 0, - config_test_mode => 0, - enable_all => 0, - interactive => 0, - make_backup => 0, - minimize_diff => 0, - min_files => 1, - min_rules => 1, - quiet => 0, - summary_output => 0, - super_quiet => 0, - update_vars => 0, - use_external_bins => 1, - verbose => 0, - use_path_checks => 1, - rule_actions => "alert|drop|log|pass|reject|sdrop|activate|dynamic", - tmp_basedir => $ENV{TMP} || $ENV{TMPDIR} || $ENV{TEMPDIR} || '/tmp', -); - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -# sid and msg will then be looked for in parse_singleline_rule(). -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -# sid and msg will then be looked for in parse_singleline_rule(). -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -# Match var line where var name goes into $1. -my $VAR_REGEXP = '^\s*var\s+(\S+)\s+(\S+)'; - -# Allowed characters in misc paths/filenames, including the ones in the tarball. -my $OK_PATH_CHARS = 'a-zA-Z\d\ _\(\)\[\]\.\-+:\\\/~@,='; - -# Default locations for configuration file. -my @DEFAULT_CONFIG_FILES = qw( - /etc/oinkmaster.conf - /usr/local/etc/oinkmaster.conf -); - -my @DEFAULT_DIST_VAR_FILES = qw( - snort.conf -); - -my (%loaded, $tmpdir); - - - -#### MAIN #### - -# No buffering. -select(STDERR); -$| = 1; -select(STDOUT); -$| = 1; - - -my $start_date = scalar(localtime); - -# Assume the required Perl modules are available if we're on Windows. -$config{use_external_bins} = 0 if ($^O eq "MSWin32"); - -# Parse command line arguments and add at least %config{output_dir}. -parse_cmdline(\%config); - -# If no config was specified on command line, look for one in default locations. -if ($#{$config{config_files}} == -1) { - foreach my $config (@DEFAULT_CONFIG_FILES) { - if (-e "$config") { - push(@{${config{config_files}}}, $config); - last; - } - } -} - -# If no dist var file was specified on command line, set to default file(s). -if ($#{$config{dist_var_files}} == -1) { - foreach my $var_file (@DEFAULT_DIST_VAR_FILES) { - push(@{${config{dist_var_files}}}, $var_file); - } -} - -# If config is still not defined, we can't continue. -if ($#{$config{config_files}} == -1) { - clean_exit("configuration file not found in default locations\n". - "(@DEFAULT_CONFIG_FILES)\n". - "Put it there or use the \"-C <file>\" argument."); -} - -read_config($_, \%config) for @{$config{config_files}}; - -# Now substitute "%ACTIONS%" with $config{rule_actions}, which may have -# been modified after reading the config file. -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - -# If we're told not to use external binaries, load the Perl modules now. -unless ($config{use_external_bins}) { - print STDERR "Loading Perl modules.\n" if ($config{verbose}); - - eval { - require IO::Zlib; - require Archive::Tar; - require LWP::UserAgent; - }; - - clean_exit("failed to load required Perl modules:\n\n$@\n". - "Install them or set use_external_bins to 1 ". - "if you want to use external binaries instead.") - if ($@); -} - - -# Do some basic sanity checking and exit if something fails. -# A new PATH will be set. -sanity_check(); - -$SIG{INT} = \&catch_sigint; - -# Create temporary dir. -$tmpdir = tempdir("oinkmaster.XXXXXXXXXX", DIR => File::Spec->rel2abs($config{tmp_basedir})) - or clean_exit("could not create temporary directory in $config{tmp_basedir}: $!"); - -# If we're in config test mode and have come this far, we're done. -if ($config{config_test_mode}) { - print "No fatal errors in configuration.\n"; - clean_exit(""); -} - -umask($config{umask}) if exists($config{umask}); - -# Download and unpack all the rules archives into separate tmp dirs. -my @url_tmpdirs; -foreach my $url (@{$config{url}}) { - my $url_tmpdir = tempdir("url.XXXXXXXXXX", DIR => $tmpdir) - or clean_exit("could not create temporary directory in $tmpdir: $!"); - push(@url_tmpdirs, "$url_tmpdir/$RULES_DIR"); - if ($url =~ /^dir:\/\/(.+)/) { - mkdir("$url_tmpdir/$RULES_DIR") - or clean_exit("Could not create $url_tmpdir/$RULES_DIR"); - copy_rules($1, "$url_tmpdir/$RULES_DIR"); - } else { - download_file($url, "$url_tmpdir/$OUTFILE"); - unpack_rules_archive("$url", "$url_tmpdir/$OUTFILE", $RULES_DIR); - } -} - -# Copy all rules files from the tmp dirs into $RULES_DIR in the tmp directory. -# File matching 'skipfile' a directive will not be copied. -# Filenames (with full path) will be stored as %new_files{filename}. -# Will exit in case of duplicate filenames. -my $num_files = join_tmp_rules_dirs("$tmpdir/$RULES_DIR", \my %new_files, @url_tmpdirs); - -# Make sure we have at least the minimum number of files. -clean_exit("not enough rules files in downloaded rules archive(s).\n". - "Number of rules files is $num_files but minimum is set to $config{min_files}.") - if ($num_files < $config{min_files}); - -# This is to read in possible 'localsid' rules. -my %rh_tmp = setup_rules_hash(\%new_files, $config{output_dir}); - -# Disable/modify/clean downloaded rules. -my $num_rules = process_rules(\@{$config{sid_modify_list}}, - \%{$config{sid_disable_list}}, - \%{$config{sid_enable_list}}, - \%{$config{sid_local_list}}, - \%rh_tmp, - \%new_files); - -# Make sure we have at least the minimum number of rules. -clean_exit("not enough rules in downloaded archive(s).\n". - "Number of rules is $num_rules but minimum is set to $config{min_rules}.") - if ($num_rules < $config{min_rules}); - -# Setup a hash containing the content of all processed rules files. -my %rh = setup_rules_hash(\%new_files, $config{output_dir}); - -# Compare the new rules to the old ones. -my %changes = get_changes(\%rh, \%new_files, $RULES_DIR); - -# Check for variables that exist in dist snort.conf(s) but not in local snort.conf. -get_new_vars(\%changes, \@{$config{dist_var_files}}, $config{varfile}, \@url_tmpdirs) - if ($config{update_vars}); - - -# Find out if something had changed. -my $something_changed = 0; - -$something_changed = 1 - if (keys(%{$changes{modified_files}}) || - keys(%{$changes{added_files}}) || - keys(%{$changes{removed_files}}) || - $#{$changes{new_vars}} > -1); - - -# Update files listed in %changes{modified_files} (copy the new files -# from the temporary directory into our output directory) and add new -# variables to the local snort.conf if requested, unless we're running in -# careful mode. Create backup first if running with -b. -my $printed = 0; -if ($something_changed) { - if ($config{careful}) { - print STDERR "Skipping backup since we are running in careful mode.\n" - if ($config{make_backup} && (!$config{quiet})); - } else { - if ($config{interactive}) { - print_changes(\%changes, \%rh); - $printed = 1; - } - - if (!$config{interactive} || ($config{interactive} && approve_changes)) { - make_backup($config{output_dir}, $config{backup_dir}) - if ($config{make_backup}); - - add_new_vars(\%changes, $config{varfile}) - if ($config{update_vars}); - - update_rules($config{output_dir}, keys(%{$changes{modified_files}})); - } - } -} else { - print STDERR "No files modified - no need to backup old files, skipping.\n" - if ($config{make_backup} && !$config{quiet}); -} - -print "\nOinkmaster is running in careful mode - not updating anything.\n" - if ($something_changed && $config{careful}); - -print_changes(\%changes, \%rh) - if (!$printed && ($something_changed || !$config{quiet})); - - -# Everything worked. Do a clean exit without any error message. -clean_exit(""); - - -# END OF MAIN # - - - -# Show usage information and exit. -sub show_usage() -{ - my $progname = basename($0); - - print STDERR << "RTFM"; - -$VERSION - -Usage: $progname -o <outdir> [options] - -<outdir> is where to put the new files. -This should be the directory where you store your Snort rules. - -Options: --b <dir> Backup your old rules into <dir> before overwriting them --c Careful mode (dry run) - check for changes but do not update anything --C <file> Use this configuration file instead of the default - May be specified multiple times to load multiple files --e Enable all rules that are disabled by default --h Show this usage information --i Interactive mode - you will be asked to approve the changes (if any) --m Minimize diff when printing result by removing common parts in rules --q Quiet mode - no output unless changes were found --Q Super-quiet mode - like -q but even more quiet --r Check for rules files that exist in the output directory - but not in the downloaded rules archive --s Leave out details in rules results, just print SID, msg and filename --S <file> Look for new variables in this file in the downloaded archive instead - of the default (@DEFAULT_DIST_VAR_FILES). Used in conjunction with -U. - May be specified multiple times to search multiple files. --T Config test - just check configuration file(s) for errors/warnings --u <url> Download from this URL instead of URL(s) in the configuration file - (http|https|ftp|file|scp:// ... .tar.gz|.gz, or dir://<dir>) - May be specified multiple times to grab multiple rules archives --U <file> Merge new variables from downloaded snort.conf(s) into <file> --v Verbose mode (debug) --V Show version and exit - -RTFM - exit; -} - - - -# Parse the command line arguments and exit if we don't like them. -sub parse_cmdline($) -{ - my $cfg_ref = shift; - - Getopt::Long::Configure("bundling"); - - my $cmdline_ok = GetOptions( - "b=s" => \$$cfg_ref{backup_dir}, - "c" => \$$cfg_ref{careful}, - "C=s" => \@{$$cfg_ref{config_files}}, - "e" => \$$cfg_ref{enable_all}, - "h" => \&show_usage, - "i" => \$$cfg_ref{interactive}, - "m" => \$$cfg_ref{minimize_diff}, - "o=s" => \$$cfg_ref{output_dir}, - "q" => \$$cfg_ref{quiet}, - "Q" => \$$cfg_ref{super_quiet}, - "r" => \$$cfg_ref{check_removed}, - "s" => \$$cfg_ref{summary_output}, - "S=s" => \@{$$cfg_ref{dist_var_files}}, - "T" => \$$cfg_ref{config_test_mode}, - "u=s" => \@{$$cfg_ref{url}}, - "U=s" => \$$cfg_ref{varfile}, - "v" => \$$cfg_ref{verbose}, - "V" => sub { - print "$VERSION\n"; - exit(0); - } - ); - - - show_usage unless ($cmdline_ok && $#ARGV == -1); - - $$cfg_ref{quiet} = 1 if ($$cfg_ref{super_quiet}); - $$cfg_ref{update_vars} = 1 if ($$cfg_ref{varfile}); - - if ($$cfg_ref{backup_dir}) { - $$cfg_ref{backup_dir} = File::Spec->canonpath($$cfg_ref{backup_dir}); - $$cfg_ref{make_backup} = 1; - } - - # Cannot specify dist var files without specifying var target file. - if (@{$$cfg_ref{dist_var_files}} && !$$cfg_ref{update_vars}) { - clean_exit("You can not specify distribution variable file(s) without ". - "also specifying local file to merge into"); - } - - # -o <dir> is the only required option in normal usage. - if ($$cfg_ref{output_dir}) { - $$cfg_ref{output_dir} = File::Spec->canonpath($$cfg_ref{output_dir}); - } else { - warn("Error: no output directory specified.\n"); - show_usage(); - } - - # Mark that url was set on command line (so we don't override it later). - $$cfg_ref{cmdline_url} = 1 if ($#{$config{url}} > -1); -} - - - -# Read in stuff from the configuration file. -sub read_config($ $) -{ - my $config_file = shift; - my $cfg_ref = shift; - my $linenum = 0; - my $multi; - my %templates; - - $config_file = File::Spec->canonpath(File::Spec->rel2abs($config_file)); - - clean_exit("configuration file \"$config_file\" does not exist.\n") - unless (-e "$config_file"); - - clean_exit("\"$config_file\" is not a file.\n") - unless (-f "$config_file"); - - print STDERR "Loading $config_file\n" - unless ($config{quiet}); - - # Avoid loading the same file multiple times to avoid infinite recursion etc. - if ($^O eq "MSWin32") { - clean_exit("attempt to load \"$config_file\" twice.") - if ($loaded{$config_file}++); - } else { - my ($dev, $ino) = (stat($config_file))[0,1] - or clean_exit("unable to stat $config_file: $!"); - clean_exit("attempt to load \"$config_file\" twice.") - if ($loaded{$dev, $ino}++); - } - - open(CONF, "<", "$config_file") - or clean_exit("could not open configuration file \"$config_file\": $!"); - my @conf = <CONF>; - close(CONF); - - LINE:while ($_ = shift(@conf)) { - $linenum++; - - unless ($multi) { - s/^\s*//; - s/^#.*//; - } - - # Multi-line start/continuation. - if (/\\\s*\n$/) { - s/\\\s*\n$//; - s/^\s*#.*//; - - # Be strict about removing #comments in modifysid/define_template statements, as - # they may contain other '#' chars. - if (defined($multi) && ($multi =~ /^modifysid/i || $multi =~ /^define_template/i)) { - s/#.*// if (/^\s*\d+[,\s\d]+#/); - } else { - s/\s*\#.*// unless (/^modifysid/i || /^define_template/i); - } - - $multi .= $_; - next LINE; - } - - # Last line of multi-line directive. - if (defined($multi)) { - $multi .= $_; - $_ = $multi; - undef($multi); - } - - # Remove traling whitespaces (*after* a possible multi-line is rebuilt). - s/\s*$//; - - # Remove comments unless it's a modifysid/define_template line - # (the "#" may be part of the modifysid expression). - s/\s*\#.*// unless (/^modifysid/i || /^define_template/i); - - # Skip blank lines. - next unless (/\S/); - - # Use a template and make $_ a "modifysid" line. - if (/^use_template\s+(\S+)\s+(\S+[^"]*)\s*(".*")*(?:#.*)*/i) { - my ($template_name, $sid, $args) = ($1, $2, $3); - - if (exists($templates{$template_name})) { - my $template = $templates{$template_name}; # so we don't substitute %ARGx% globally - - # Evaluate each "%ARGx%" in the template to the corresponding value. - if (defined($args)) { - my @args = split(/"\s+"/, $args); - foreach my $i (1 .. @args) { - $args[$i - 1] =~ s/^"//; - $args[$i - 1] =~ s/"$//; - $template =~ s/%ARG$i%/$args[$i - 1]/g; - } - } - - # There should be no %ARGx% stuff left now. - if ($template =~ /%ARG\d%/) { - warn("WARNING: too few arguments for template \"$template_name\"\n"); - $_ = "error"; # so it will be reported as an invalid line later - } - - unless ($_ eq "error") { - $_ = "modifysid $sid $template\n"; - print STDERR "Template \"$template_name\" expanded to: $_" - if ($config{verbose}); - } - - } else { - warn("WARNING: template \"$template_name\" has not been defined\n"); - } - } - - # new template definition. - if (/^define_template\s+(\S+)\s+(".+"\s+\|\s+".*")\s*(?:#.*)*$/i) { - my ($template_name, $template) = ($1, $2); - - if (exists($templates{$template_name})) { - warn("WARNING: line $linenum in $config_file: ". - "template \"$template_name\" already defined, keeping old\n"); - } else { - $templates{$template_name} = $template; - } - - # modifysid <SIDORFILE[,SIDORFILE, ...]> "substthis" | "withthis" - } elsif (/^modifysids*\s+(\S+.*)\s+"(.+)"\s+\|\s+"(.*)"\s*(?:#.*)*$/i) { - my ($sid_list, $subst, $repl) = ($1, $2, $3); - warn("WARNING: line $linenum in $config_file is invalid, ignoring\n") - unless(parse_mod_expr(\@{$$cfg_ref{sid_modify_list}}, - $sid_list, $subst, $repl)); - - # disablesid <SID[,SID, ...]> - } elsif (/^disablesids*\s+(\d.*)/i) { - my $sid_list = $1; - foreach my $sid (split(/\s*,\s*/, $sid_list)) { - if ($sid =~ /^\d+$/) { - $$cfg_ref{sid_disable_list}{$sid}++; - } else { - warn("WARNING: line $linenum in $config_file: ". - "\"$sid\" is not a valid SID, ignoring\n"); - } - } - - # localsid <SID[,SID, ...]> - } elsif (/^localsids*\s+(\d.*)/i) { - my $sid_list = $1; - foreach my $sid (split(/\s*,\s*/, $sid_list)) { - if ($sid =~ /^\d+$/) { - $$cfg_ref{sid_local_list}{$sid}++; - } else { - warn("WARNING: line $linenum in $config_file: ". - "\"$sid\" is not a valid SID, ignoring\n"); - } - } - - # enablesid <SID[,SID, ...]> - } elsif (/^enablesids*\s+(\d.*)/i) { - my $sid_list = $1; - foreach my $sid (split(/\s*,\s*/, $sid_list)) { - if ($sid =~ /^\d+$/) { - $$cfg_ref{sid_enable_list}{$sid}++; - } else { - warn("WARNING: line $linenum in $config_file: ". - "\"$sid\" is not a valid SID, ignoring\n"); - } - } - - # skipfile <file[,file, ...]> - } elsif (/^skipfiles*\s+(.*)/i) { - my $args = $1; - foreach my $file (split(/\s*,\s*/, $args)) { - if ($file =~ /^\S+$/) { - $config{verbose} && print STDERR "Adding file to ignore list: $file.\n"; - $$cfg_ref{file_ignore_list}{$file}++; - } else { - warn("WARNING: line $linenum in $config_file is invalid, ignoring\n"); - } - } - - } elsif (/^url\s*=\s*(.*)/i) { - push(@{$$cfg_ref{url}}, $1) - unless ($$cfg_ref{cmdline_url}); - - } elsif (/^path\s*=\s*(.+)/i) { - $$cfg_ref{path} = $1; - - } elsif (/^update_files\s*=\s*(.+)/i) { - $$cfg_ref{update_files} = $1; - - } elsif (/^rule_actions\s*=\s*(.+)/i) { - $$cfg_ref{rule_actions} = $1; - - } elsif (/^umask\s*=\s*([0-7]{4})$/i) { - $$cfg_ref{umask} = oct($1); - - } elsif (/^min_files\s*=\s*(\d+)/i) { - $$cfg_ref{min_files} = $1; - - } elsif (/^min_rules\s*=\s*(\d+)/i) { - $$cfg_ref{min_rules} = $1; - - } elsif (/^tmpdir\s*=\s*(.+)/i) { - $$cfg_ref{tmp_basedir} = $1; - - } elsif (/^use_external_bins\s*=\s*([01])/i) { - $$cfg_ref{use_external_bins} = $1; - - } elsif (/^scp_key\s*=\s*(.+)/i) { - $$cfg_ref{scp_key} = $1; - - } elsif (/^use_path_checks\s*=\s*([01])/i) { - $$cfg_ref{use_path_checks} = $1; - - } elsif (/^user_agent\s*=\s*(.+)/i) { - $$cfg_ref{user_agent} = $1; - - } elsif (/^include\s+(\S+.*)/i) { - my $include = $1; - read_config($include, $cfg_ref); - } else { - warn("WARNING: line $linenum in $config_file is invalid, ignoring\n"); - } - } -} - - - -# Make a few basic tests to make sure things look ok. -# Will also set a new PATH as defined in the config file. -sub sanity_check() -{ - my @req_params = qw(path update_files); # required parameters in conf - my @req_binaries = qw(gzip tar); # required binaries (unless we use modules) - - # Can't use both quiet mode and verbose mode. - clean_exit("quiet mode and verbose mode at the same time doesn't make sense.") - if ($config{quiet} && $config{verbose}); - - # Can't use multiple output modes. - clean_exit("can't use multiple output modes at the same time.") - if ($config{minimize_diff} && $config{summary_output}); - - # Make sure all required variables are defined in the config file. - foreach my $param (@req_params) { - clean_exit("the required parameter \"$param\" is not defined in the configuration file.") - unless (exists($config{$param})); - } - - # We now know a path was defined in the config, so set it. - # If we're under cygwin and path was specified as msdos style, convert - # it to cygwin style to avoid problems. - if ($^O eq "cygwin" && $config{path} =~ /^[a-zA-Z]:[\/\\]/) { - $ENV{PATH} = ""; - foreach my $path (split(/;/, $config{path})) { - $ENV{PATH} .= "$path:" if (msdos_to_cygwin_path(\$path)); - } - chop($ENV{PATH}); - } else { - $ENV{PATH} = $config{path}; - } - - # Reset environment variables that may cause trouble. - delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - - # Make sure $config{update_files} is a valid regexp. - eval { - "foo" =~ /$config{update_files}/; - }; - - clean_exit("update_files (\"$config{update_files}\") is not a valid regexp: $@") - if ($@); - - # Make sure $config{rule_actions} is a valid regexp. - eval { - "foo" =~ /$config{rule_actions}/; - }; - - clean_exit("rule_actions (\"$config{rule_actions}\") is not a valid regexp: $@") - if ($@); - - # If a variable file (probably local snort.conf) has been specified, - # it must exist. It must also be writable unless we're in careful mode. - if ($config{update_vars}) { - $config{varfile} = untaint_path($config{varfile}); - - clean_exit("variable file \"$config{varfile}\" does not exist.") - unless (-e "$config{varfile}"); - - clean_exit("variable file \"$config{varfile}\" is not a file.") - unless (-f "$config{varfile}"); - - clean_exit("variable file \"$config{varfile}\" is not writable by you.") - if (!$config{careful} && !-w "$config{varfile}"); - - # Make sure dist var files don't contain [back]slashes - # (probably means user confused it with local var file). - my %dist_var_files; - foreach my $dist_var_file (@{${config{dist_var_files}}}) { - clean_exit("variable file \"$dist_var_file\" specified multiple times") - if (exists($dist_var_files{$dist_var_file})); - $dist_var_files{$dist_var_file} = 1; - clean_exit("variable file \"$dist_var_file\" contains slashes or backslashes ". - "but it must be specified as a filename (without path) ". - "that exists in the downloaded rules, e.g. \"snort.conf\"") - if ($dist_var_file =~ /\// || $dist_var_file =~ /\\/); - } - } - - # Make sure all required binaries can be found, unless - # we're used to use Perl modules instead. - # Wget is only required if url is http[s] or ftp. - if ($config{use_external_bins}) { - foreach my $binary (@req_binaries) { - clean_exit("$binary not found in PATH ($ENV{PATH}).") - unless (is_in_path($binary)); - } - } - - # Make sure $url is defined (either by -u <url> or url=... in the conf). - clean_exit("URL not specified. Specify at least one \"url=<url>\" in the \n". - "Oinkmaster configuration file or use the \"-u <url>\" argument") - if ($#{$config{url}} == -1); - - # Make sure all urls look ok, and untaint them. - my @urls = @{$config{url}}; - $#{$config{url}} = -1; - foreach my $url (@urls) { - clean_exit("incorrect URL: \"$url\"") - unless ($url =~ /^((?:https*|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/ - || $url =~ /^(dir:\/\/.+)/); - my $ok_url = $1; - - if ($ok_url =~ /^dir:\/\/(.+)/) { - my $dir = untaint_path($1); - clean_exit("\"$dir\" does not exist or is not a directory") - unless (-d $dir); - - # Simple check if the output dir is specified as url (probably a mistake). - if (File::Spec->canonpath(File::Spec->rel2abs($dir)) - eq File::Spec->canonpath(File::Spec->rel2abs($config{output_dir}))) { - clean_exit("Download directory can not be same as output directory"); - } - } - push(@{$config{url}}, $ok_url); - } - - # Wget must be found if url is http[s]:// or ftp://. - if ($config{use_external_bins}) { - clean_exit("wget not found in PATH ($ENV{PATH}).") - if ($config{'url'} =~ /^(https*|ftp):/ && !is_in_path("wget")); - } - - # scp must be found if scp://... - clean_exit("scp not found in PATH ($ENV{PATH}).") - if ($config{'url'} =~ /^scp:/ && !is_in_path("scp")); - - # ssh key must exist if specified and url is scp://... - clean_exit("ssh key \"$config{scp_key}\" does not exist.") - if ($config{'url'} =~ /^scp:/ && exists($config{scp_key}) - && !-e $config{scp_key}); - - # Untaint output directory string. - $config{output_dir} = untaint_path($config{output_dir}); - - # Make sure the output directory exists and is readable. - clean_exit("the output directory \"$config{output_dir}\" doesn't exist ". - "or isn't readable by you.") - if (!-d "$config{output_dir}" || !-x "$config{output_dir}"); - - # Make sure the output directory is writable unless running in careful mode. - clean_exit("the output directory \"$config{output_dir}\" isn't writable by you.") - if (!$config{careful} && !-w "$config{output_dir}"); - - # Make sure we have read permission on all rules files in the output dir, - # and also write permission unless we're in careful mode. - # This is to avoid bailing out in the middle of an execution if a copy - # fails because of permission problem. - opendir(OUTDIR, "$config{output_dir}") - or clean_exit("could not open directory $config{output_dir}: $!"); - - while ($_ = readdir(OUTDIR)) { - next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_})); - - if (/$config{update_files}/) { - unless (-r "$config{output_dir}/$_") { - closedir(OUTDIR); - clean_exit("no read permission on \"$config{output_dir}/$_\"\n". - "Read permission is required on all rules files ". - "inside the output directory.\n") - } - - if (!$config{careful} && !-w "$config{output_dir}/$_") { - closedir(OUTDIR); - clean_exit("no write permission on \"$config{output_dir}/$_\"\n". - "Write permission is required on all rules files ". - "inside the output directory.\n") - } - } - } - - closedir(OUTDIR); - - # Make sure the backup directory exists and is writable if running with -b. - if ($config{make_backup}) { - $config{backup_dir} = untaint_path($config{backup_dir}); - clean_exit("the backup directory \"$config{backup_dir}\" doesn't exist or ". - "isn't writable by you.") - if (!-d "$config{backup_dir}" || !-w "$config{backup_dir}"); - } - - # Convert tmp_basedir to cygwin style if running cygwin and msdos style was specified. - if ($^O eq "cygwin" && $config{tmp_basedir} =~ /^[a-zA-Z]:[\/\\]/) { - msdos_to_cygwin_path(\$config{tmp_basedir}) - or clean_exit("could not convert temporary dir to cygwin style"); - } - - # Make sure temporary directory exists. - clean_exit("the temporary directory \"$config{tmp_basedir}\" does not ". - "exist or isn't writable by you.") - if (!-d "$config{tmp_basedir}" || !-w "$config{tmp_basedir}"); - - # Also untaint it. - $config{tmp_basedir} = untaint_path($config{tmp_basedir}); - - # Make sure stdin and stdout are ttys if we're running in interactive mode. - clean_exit("you can not run in interactive mode when STDIN/STDOUT is not a TTY.") - if ($config{interactive} && !(-t STDIN && -t STDOUT)); -} - - - -# Download the rules archive. -sub download_file($ $) -{ - my $url = shift; - my $localfile = shift; - my $log = "$tmpdir/wget.log"; - my $ret; - - # If there seems to be a password in the url, replace it with "*password*" - # and use new string when printing the url to screen. - my $obfuscated_url = $url; - $obfuscated_url = "$1:*password*\@$2" - if ($obfuscated_url =~ /^(\S+:\/\/.+?):.+?@(.+)/); - - # Ofbuscate oinkcode as well. - $obfuscated_url = "$1*oinkcode*$2" - if ($obfuscated_url =~ /^(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i); - - my @user_agent_opt; - @user_agent_opt = ("-U", $config{user_agent}) if (exists($config{user_agent})); - - # Use wget if URL starts with "http[s]" or "ftp" and we use external binaries. - if ($config{use_external_bins} && $url =~ /^(?:https*|ftp)/) { - print STDERR "Downloading file from $obfuscated_url... " - unless ($config{quiet}); - - if ($config{verbose}) { - print STDERR "\n"; - my @wget_cmd = ("wget", "-v", "-O", $localfile, $url, @user_agent_opt); - clean_exit("could not download from $obfuscated_url") - if (system(@wget_cmd)); - - } else { - my @wget_cmd = ("wget", "-v", "-o", $log, "-O", $localfile, $url, @user_agent_opt); - if (system(@wget_cmd)) { - my $log_output; - open(LOG, "<", "$log") - or clean_exit("could not open $log for reading: $!"); - # Sanitize oinkcode in wget's log (password is automatically sanitized). - while (<LOG>) { - $_ = "$1*oinkcode*$2" - if (/(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i); - $log_output .= $_; - } - close(LOG); - clean_exit("could not download from $obfuscated_url. ". - "Output from wget follows:\n\n $log_output"); - } - print STDERR "done.\n" unless ($config{quiet}); - } - - # Use LWP if URL starts with "http[s]" or "ftp" and use_external_bins=0. - } elsif (!$config{use_external_bins} && $url =~ /^(?:https*|ftp)/) { - print STDERR "Downloading file from $obfuscated_url... " - unless ($config{quiet}); - - my %lwp_opt; - $lwp_opt{agent} = $config{user_agent} if (exists($config{user_agent})); - - my $ua = LWP::UserAgent->new(%lwp_opt); - $ua->env_proxy; - my $request = HTTP::Request->new(GET => $url); - my $response = $ua->request($request, $localfile); - - clean_exit("could not download from $obfuscated_url: " . $response->status_line) - unless $response->is_success; - - print "done.\n" unless ($config{quiet}); - - # Grab file from local filesystem if file://... - } elsif ($url =~ /^file/) { - $url =~ s/^file:\/\///; - - clean_exit("the file $url does not exist.") - unless (-e "$url"); - - clean_exit("the file $url is empty.") - unless (-s "$url"); - - print STDERR "Copying file from $url... " - unless ($config{quiet}); - - copy("$url", "$localfile") - or clean_exit("unable to copy $url to $localfile: $!"); - - print STDERR "done.\n" - unless ($config{quiet}); - - # Grab file using scp if scp://... - } elsif ($url =~ /^scp/) { - $url =~ s/^scp:\/\///; - - my @cmd; - push(@cmd, "scp"); - push(@cmd, "-i", "$config{scp_key}") if (exists($config{scp_key})); - push(@cmd, "-q") if ($config{quiet}); - push(@cmd, "-v") if ($config{verbose}); - push(@cmd, "$url", "$localfile"); - - print STDERR "Copying file from $url using scp:\n" - unless ($config{quiet}); - - clean_exit("scp returned error when trying to copy $url") - if (system(@cmd)); - - # Unknown download method. - } else { - clean_exit("unknown or unsupported download method\n"); - } - - # Make sure the downloaded file actually exists. - clean_exit("failed to download $url: ". - "local target file $localfile doesn't exist after download.") - unless (-e "$localfile"); - - # Also make sure it's at least non-empty. - clean_exit("failed to download $url: local target file $localfile is empty ". - "after download (perhaps you're out of diskspace or file in url is empty?)") - unless (-s "$localfile"); -} - - - -# Copy all rules files from the tmp dirs (one for each url) -# into a single directory inside the tmp dir, except for files -# matching a 'skipfile' directive'. -# Will exit in case of colliding filenames. -sub join_tmp_rules_dirs($ $ @) -{ - my $rules_dir = shift; - my $new_files_ref = shift; - my @url_tmpdirs = @_; - - my %rules_files; - - clean_exit("failed to create directory \"$rules_dir\": $!") - unless (mkdir($rules_dir)); - - foreach my $url_tmpdir (@url_tmpdirs) { - opendir(URL_TMPDIR, "$url_tmpdir") - or clean_exit("could not open directory \"$url_tmpdir\": $!"); - - while ($_ = readdir(URL_TMPDIR)) { - next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}) || !/$config{update_files}/); - - if (exists($rules_files{$_})) { - closedir(URL_TMPDIR); - clean_exit("a file called \"$_\" exists in multiple rules archives") - } - - # Make sure it's a regular file. - unless (-f "$url_tmpdir/$_" && !-l "$url_tmpdir/$_") { - closedir(URL_TMPDIR); - clean_exit("downloaded \"$_\" is not a regular file.") - } - - $rules_files{$_} = 1; - $$new_files_ref{"$rules_dir/$_"} = 1; - - my $src_file = untaint_path("$url_tmpdir/$_"); - unless (copy("$src_file", "$rules_dir")) { - closedir(URL_TMPDIR); - clean_exit("could not copy \"$src_file\" to \"$rules_dir\": $!"); - } - } - - closedir(URL_TMPDIR); - } - - return (keys(%$new_files_ref)); -} - - - -# Make a few basic sanity checks on the rules archive and then -# uncompress/untar it if everything looked ok. -sub unpack_rules_archive($ $ $) -{ - my $url = shift; # only used when printing warnings/errors - my $archive = shift; - my $rules_dir = shift; - - my ($tar, @tar_content); - - my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir())); - - my $dir = dirname($archive); - chdir("$dir") or clean_exit("$url: could not change directory to \"$dir\": $!"); - - if ($config{use_external_bins}) { - - # Run integrity check on the gzip file. - clean_exit("$url: integrity check on gzip file failed (file transfer failed or ". - "file in URL not in gzip format?).") - if (system("gzip", "-t", "$archive")); - - # Decompress it. - system("gzip", "-d", "$archive") - and clean_exit("$url: unable to uncompress $archive."); - - # Suffix has now changed from .tar.gz|.tgz to .tar. - $archive =~ s/\.gz$//; - - # Make sure the .tar file now exists. - # (Gzip may not return an error if it was not a gzipped file...) - clean_exit("$url: failed to unpack gzip file (file transfer failed or ". - "file in URL not in tar'ed gzip format?).") - unless (-e "$archive"); - - my $stdout_file = "$tmpdir/tar_content.out"; - - open(OLDOUT, ">&STDOUT") or clean_exit("could not dup STDOUT: $!"); - open(STDOUT, ">$stdout_file") or clean_exit("could not redirect STDOUT: $!"); - - my $ret = system("tar", "tf", "$archive"); - - close(STDOUT); - open(STDOUT, ">&OLDOUT") or clean_exit("could not dup STDOUT: $!"); - close(OLDOUT); - - clean_exit("$url: could not list files in tar archive (is it broken?)") - if ($ret); - - open(TAR, "$stdout_file") or clean_exit("failed to open $stdout_file: $!"); - @tar_content = <TAR>; - close(TAR); - - # use_external_bins=0 - } else { - $tar = Archive::Tar->new($archive, 1); - clean_exit("$url: failed to read $archive (file transfer failed or ". - "file in URL not in tar'ed gzip format?).") - unless (defined($tar)); - @tar_content = $tar->list_files(); - } - - # Make sure we could grab some content from the tarball. - clean_exit("$url: could not list files in tar archive (is it broken?)") - if ($#tar_content < 0); - - # For each filename in the archive, do some basic sanity checks. - foreach my $filename (@tar_content) { - chomp($filename); - - # We don't want absolute filename. - clean_exit("$url: rules archive contains absolute filename. ". - "Offending file/line:\n$filename") - if ($filename =~ /^\//); - - # We don't want to have any weird characters anywhere in the filename. - clean_exit("$url: illegal character in filename in tar archive. Allowed are ". - "$OK_PATH_CHARS\nOffending file/line:\n$filename") - if ($config{use_path_checks} && $filename =~ /[^$OK_PATH_CHARS]/); - - # We don't want to unpack any "../../" junk (check is useless now though). - clean_exit("$url: filename in tar archive contains \"..\".\n". - "Offending file/line:\n$filename") - if ($filename =~ /\.\./); - } - - # Looks good. Now we can untar it. - print STDERR "Archive successfully downloaded, unpacking... " - unless ($config{quiet}); - - if ($config{use_external_bins}) { - clean_exit("failed to untar $archive.") - if system("tar", "xf", "$archive"); - } else { - mkdir("$rules_dir") or clean_exit("could not create \"$rules_dir\" directory: $!\n"); - foreach my $file ($tar->list_files) { - next unless ($file =~ /^$rules_dir\/[^\/]+$/); # only ^rules/<file>$ - - my $content = $tar->get_content($file); - - # Symlinks in the archive will make get_content return undef. - clean_exit("could not get content from file \"$file\" in downloaded archive, ". - "make sure it is a regular file\n") - unless (defined($content)); - - open(RULEFILE, ">", "$file") - or clean_exit("could not open \"$file\" for writing: $!\n"); - print RULEFILE $content; - close(RULEFILE); - } - } - - # Make sure that non-empty rules directory existed in archive. - # We permit empty rules directory if min_files is set to 0 though. - clean_exit("$url: no \"$rules_dir\" directory found in tar file.") - unless (-d "$dir/$rules_dir"); - - my $num_files = 0; - opendir(RULESDIR, "$dir/$rules_dir") - or clean_exit("could not open directory \"$dir/$rules_dir\": $!"); - - while ($_ = readdir(RULESDIR)) { - next if (/^\.\.?$/); - $num_files++; - } - - closedir(RULESDIR); - - clean_exit("$url: directory \"$rules_dir\" in unpacked archive is empty") - if ($num_files == 0 && $config{min_files} != 0); - - chdir($old_dir) - or clean_exit("could not change directory back to $old_dir: $!"); - - print STDERR "done.\n" - unless ($config{quiet}); -} - - - -# Open all rules files in the temporary directory and disable/modify all -# rules/lines as requested in oinkmaster.conf, and then write back to the -# same files. Also clean unwanted whitespaces and duplicate sids from them. -sub process_rules($ $ $ $ $ $) -{ - my $modify_sid_ref = shift; - my $disable_sid_ref = shift; - my $enable_sid_ref = shift; - my $local_sid_ref = shift; - my $rh_tmp_ref = shift; - my $newfiles_ref = shift; - my %sids; - - my %stats = ( - disabled => 0, - enabled => 0, - modified => 0, - total => 0, - ); - - warn("WARNING: all rules that are disabled by default will be enabled\n") - if ($config{enable_all} && !$config{quiet}); - - print STDERR "Processing downloaded rules... " - unless ($config{quiet}); - - print STDERR "\n" - if ($config{verbose}); - - # Phase #1 - process all active rules and store in temporary hash. - # In case of dups, we use the one with the highest rev. - foreach my $file (sort(keys(%$newfiles_ref))) { - - open(INFILE, "<", "$file") - or clean_exit("could not open $file for reading: $!"); - my @infile = <INFILE>; - close(INFILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - - # We don't care about non-rules in this phase. - next RULELOOP if (defined($nonrule)); - - # Even if it was a single-line rule, we want a copy in $multi. - $multi = $single unless (defined($multi)); - - my %rule = ( - single => $single, - multi => $multi, - ); - - # modify/disable/enable this rule as requested unless there is a matching - # localsid statement. Possible verbose messages and warnings will be printed. - unless (exists($$local_sid_ref{$sid})) { - process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref, - \%rule, $sid, \%stats, 1, basename($file)); - } - - $stats{total}++; - - $single = $rule{single}; - $multi = $rule{multi}; - - # Only care about active rules in this phase (the rule may have been - # disabled by a disablesid or a modifysid statement above, so we can't - # do this check earlier). - next RULELOOP if ($multi =~ /^#/); - - # Is it a dup? If so, see if this seems to be more recent (higher rev). - if (exists($sids{$sid})) { - warn("\nWARNING: duplicate SID in downloaded archive, SID=$sid, ". - "only keeping rule with highest 'rev'\n") - unless($config{super_quiet}); - - my ($old_rev) = ($sids{$sid}{single} =~ /\brev\s*:\s*(\d+)\s*;/); - my ($new_rev) = ($single =~ /\brev\s*:\s*(\d+)\s*;/); - - # This is so rules with a rev gets higher prio than - # rules without any rev. - $old_rev = -1 unless (defined($old_rev)); - $new_rev = -1 unless (defined($new_rev)); - - # If this rev is higher than the one in the last stored rule with - # this sid, replace rule with this one. This is also done if the - # revs are equal because we assume the rule appearing last in the - # rules file is the more recent rule. - if ($new_rev >= $old_rev) { - $sids{$sid}{single} = $single; - $sids{$sid}{multi} = $multi; - } - - # No dup. - } else { - $sids{$sid}{single} = $single; - $sids{$sid}{multi} = $multi; - } - } - } - - # Phase #2 - read all rules files again, but when writing active rules - # back to the files, use the one stored in the sid hash (which is free of dups). - foreach my $file (sort(keys(%$newfiles_ref))) { - - open(INFILE, "<", "$file") - or clean_exit("could not open $file for reading: $!"); - my @infile = <INFILE>; - close(INFILE); - - # Write back to the same file. - open(OUTFILE, ">", "$file") - or clean_exit("could not open $file for writing: $!"); - - my ($single, $multi, $nonrule, $msg, $sid); - - RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($nonrule)) { - print OUTFILE "$nonrule"; - next RULELOOP; - } - - # Even if it was a single-line rule, we want a copy in $multi. - $multi = $single unless (defined($multi)); - - # If this rule is marked as localized and has not yet been written, - # write the old version to the new rules file. - if (exists($$local_sid_ref{$sid}) && !exists($sids{$sid}{printed})) { - - # Just ignore the rule in the downloaded file if it doesn't - # exist in the same local file. - unless(exists($$rh_tmp_ref{old}{rules}{basename($file)}{$sid})) { - warn("WARNING: SID $sid is marked as local and exists in ". - "downloaded " . basename($file) . " but the SID does not ". - "exist in the local file, ignoring rule\n") - if ($config{verbose}); - - next RULELOOP; - } - - print OUTFILE $$rh_tmp_ref{old}{rules}{basename($file)}{$sid}; - $sids{$sid}{printed} = 1; - - warn("SID $sid is marked as local, keeping your version from ". - basename($file) . ".\n". - "Your version: $$rh_tmp_ref{old}{rules}{basename($file)}{$sid}". - "Downloaded version: $multi\n") - if ($config{verbose}); - - next RULELOOP; - } - - my %rule = ( - single => $single, - multi => $multi, - ); - - # modify/disable/enable this rule. Possible verbose messages and warnings - # will not be printed (again) as this was done in the first phase. - # We send the stats to a dummy var as this was collected on the - # first phase as well. - process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref, - \%rule, $sid, \my %unused_stats, 0, basename($file)); - - $single = $rule{single}; - $multi = $rule{multi}; - - # Disabled rules are printed right back to the file, unless - # there also is an active rule with the same sid. Als o make - # sure we only print the sid once, even though it's disabled. - if ($multi =~ /^#/ && !exists($sids{$sid}) && !exists($sids{$sid}{printed})) { - print OUTFILE $multi; - $sids{$sid}{printed} = 1; - next RULELOOP; - } - - # If this sid has not yet been printed and this is the place where - # the sid with the highest rev was, print the rule to the file. - # (There can be multiple totally different rules with the same sid - # and we don't want to put the wrong rule in the wrong place. - if (!exists($sids{$sid}{printed}) && $single eq $sids{$sid}{single}) { - print OUTFILE $multi; - $sids{$sid}{printed} = 1; - } - } - - close(OUTFILE); - } - - print STDERR "disabled $stats{disabled}, enabled $stats{enabled}, ". - "modified $stats{modified}, total=$stats{total}\n" - unless ($config{quiet}); - - # Print warnings on attempt at enablesid/disablesid/localsid on non-existent - # rule if we're in verbose mode. - if ($config{verbose}) { - foreach my $sid (keys(%$enable_sid_ref)) { - warn("WARNING: attempt to use \"enablesid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - - foreach my $sid (keys(%$disable_sid_ref)) { - warn("WARNING: attempt to use \"disablesid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - - foreach my $sid (keys(%$local_sid_ref)) { - warn("WARNING: attempt to use \"localsid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - } - - # Print warnings on attempt at modifysid'ing non-existent stuff, unless quiet mode. - unless ($config{quiet}) { - my %new_files; - foreach my $file (sort(keys(%$newfiles_ref))) { - $new_files{basename($file)} = 1; - } - - my %mod_tmp; - foreach my $mod_expr (@$modify_sid_ref) { - my ($type, $arg) = ($mod_expr->[2], $mod_expr->[3]); - $mod_tmp{$type}{$arg} = 1; - } - - foreach my $sid (keys(%{$mod_tmp{sid}})) { - warn("WARNING: attempt to use \"modifysid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - - foreach my $file (keys(%{$mod_tmp{file}})) { - warn("WARNING: attempt to use \"modifysid\" on non-existent file $file\n") - unless(exists($new_files{$file})); - } - } - - # Return total number of valid rules. - return ($stats{total}); -} - - - -# Process (modify/enable/disable) a rule as requested. -sub process_rule($ $ $ $ $ $ $ $) -{ - my $modify_sid_ref = shift; - my $disable_sid_ref = shift; - my $enable_sid_ref = shift; - my $rule_ref = shift; - my $sid = shift; - my $stats_ref = shift; - my $print_messages = shift; - my $filename = shift; - - # Just for easier access. - my $single = $$rule_ref{single}; - my $multi = $$rule_ref{multi}; - - # Some rules may be commented out by default. - # Enable them if -e is specified (both single-line and multi-line, - # version, because we don't know which version one we're going to - # use below. - # Enable them if -e is specified. - if ($multi =~ /^#/ && $config{enable_all}) { - $multi =~ s/^#*//; - $multi =~ s/\n#*/\n/g; - $single =~ s/^#*//; - $$stats_ref{enabled}++; - } - - # Modify rule if requested. For disablesid/enablesid we work - # on the multi-line version of the rule (if exists). For - # modifysid that's no good since we don't know where in the - # rule the trailing backslashes and newlines are going to be - # and we don't want them to affect the regexp. - MOD_EXP:foreach my $mod_expr (@$modify_sid_ref) { - my ($subst, $repl, $type, $arg) = - ($mod_expr->[0], $mod_expr->[1], $mod_expr->[2], $mod_expr->[3]); - - my $print_modify_warnings = 0; - $print_modify_warnings = 1 if (!$config{super_quiet} && $print_messages && $type eq "sid"); - - if ($type eq "wildcard" || ($type eq "sid" && $sid eq $arg) || - ($type eq "file" && $filename eq $arg)) { - - if ($single =~ /$subst/si) { - print STDERR "Modifying rule, SID=$sid, filename=$filename, ". - "match type=$type, subst=$subst, ". - "repl=$repl\nBefore: $single" - if ($print_messages && $config{verbose}); - - - # If user specified a backreference but the regexp did not set $1 - don't modify rule. - if (!defined($1) && ($repl =~ /[^\\]\$\d+/ || $repl =~ /[^\\]\$\{\d+\}/ - || $repl =~ /^qq\/\$\d+/ || $repl =~ /^qq\/\$\{\d+\}/)) { - warn("WARNING: SID $sid matches modifysid expression \"$subst\" but ". - "backreference variable \$1 is undefined after match, ". - "keeping original rule\n") - if ($print_modify_warnings); - next MOD_EXP; - } - - # Do the substitution on the single-line version and put it - # back in $multi. - $single =~ s/$subst/$repl/eei; - $multi = $single; - - print STDERR "After: $single\n" - if ($print_messages && $config{verbose}); - - $$stats_ref{modified}++; - } else { - if ($print_modify_warnings) { - warn("WARNING: SID $sid does not match modifysid ". - "expression \"$subst\", keeping original rule\n"); - } - } - } - } - - # Disable rule if requested and it's not already disabled. - if (exists($$disable_sid_ref{$sid}) && $multi !~ /^\s*#/) { - $multi = "#$multi"; - $multi =~ s/\n([^#].+)/\n#$1/g; - $$stats_ref{disabled}++; - } - - # Enable rule if requested and it's not already enabled. - if (exists($$enable_sid_ref{$sid}) && $multi =~ /^\s*#/) { - $multi =~ s/^#+//; - $multi =~ s/\n#+(.+)/\n$1/g; - $$stats_ref{enabled}++; - } - - $$rule_ref{single} = $single; - $$rule_ref{multi} = $multi; -} - - - -# Setup rules hash. -# Format for rules will be: rh{old|new}{rules{filename}{sid} = single-line rule -# Format for non-rules will be: rh{old|new}{other}{filename} = array of lines -# List of added files will be stored as rh{added_files}{filename} -sub setup_rules_hash($ $) -{ - my $new_files_ref = shift; - my $output_dir = shift; - - my (%rh, %old_sids); - - print STDERR "Setting up rules structures... " - unless ($config{quiet}); - - foreach my $file (sort(keys(%$new_files_ref))) { - warn("\nWARNING: downloaded rules file $file is empty\n") - if (!-s "$file" && $config{verbose}); - - open(NEWFILE, "<", "$file") - or clean_exit("could not open $file for reading: $!"); - my @newfile = <NEWFILE>; - close(NEWFILE); - - # From now on we don't care about the path, so remove it. - $file = basename($file); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@newfile, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($single)) { - $rh{new}{rules}{"$file"}{"$sid"} = $single; - } else { - push(@{$rh{new}{other}{"$file"}}, $nonrule); - } - } - - # Also read in old (aka local) file if it exists. - # We do a sid dup check in these files. - if (-f "$output_dir/$file") { - open(OLDFILE, "<", "$output_dir/$file") - or clean_exit("could not open $output_dir/$file for reading: $!"); - my @oldfile = <OLDFILE>; - close(OLDFILE); - - while (get_next_entry(\@oldfile, \$single, \$multi, \$nonrule, undef, \$sid)) { - if (defined($single)) { - warn("\nWARNING: duplicate SID in your local rules, SID ". - "$sid exists multiple times, you may need to fix this manually!\n") - if (exists($old_sids{$sid})); - - $rh{old}{rules}{"$file"}{"$sid"} = $single; - $old_sids{$sid}++; - } else { - push(@{$rh{old}{other}{"$file"}}, $nonrule); - } - } - } else { - $rh{added_files}{"$file"}++; - } - } - - print STDERR "done.\n" - unless ($config{quiet}); - - return (%rh); -} - - - -# Return lines that exist only in first array but not in second one. -sub get_first_only($ $ $) -{ - my $first_only_ref = shift; - my $first_arr_ref = shift; - my $second_arr_ref = shift; - my %arr_hash; - - @arr_hash{@$second_arr_ref} = (); - - foreach my $line (@$first_arr_ref) { - - # Skip blank lines and CVS Id tags. - next unless ($line =~ /\S/); - next if ($line =~ /^\s*#+\s*\$I\S:.+Exp\s*\$/); - - push(@$first_only_ref, $line) - unless(exists($arr_hash{$line})); - } -} - - - -# Backup files in output dir matching $config{update_files} into the backup dir. -sub make_backup($ $) -{ - my $src_dir = shift; # dir with the rules to be backed up - my $dest_dir = shift; # where to put the backup tarball - - my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5]; - - my $date = sprintf("%4d%02d%02d-%02d%02d%02d", - $year + 1900, $mon + 1, $mday, $hour, $min, $sec); - - my $backup_tarball = "rules-backup-$date.tar"; - my $backup_tmp_dir = File::Spec->catdir("$tmpdir", "rules-backup-$date"); - my $dest_file = File::Spec->catfile("$dest_dir", "$backup_tarball.gz"); - - print STDERR "Creating backup of old rules..." - unless ($config{quiet}); - - mkdir("$backup_tmp_dir", 0700) - or clean_exit("could not create temporary backup directory $backup_tmp_dir: $!"); - - # Copy all rules files from the rules dir to the temporary backup dir. - opendir(OLDRULES, "$src_dir") - or clean_exit("could not open directory $src_dir: $!"); - - while ($_ = readdir(OLDRULES)) { - next if (/^\.\.?$/); - if (/$config{update_files}/) { - my $src_file = untaint_path("$src_dir/$_"); - copy("$src_file", "$backup_tmp_dir/") - or warn("WARNING: could not copy $src_file to $backup_tmp_dir/: $!"); - } - } - - closedir(OLDRULES); - - # Also backup the -U <file> (as "variable-file.conf") if specified. - if ($config{update_vars}) { - copy("$config{varfile}", "$backup_tmp_dir/variable-file.conf") - or warn("WARNING: could not copy $config{varfile} to $backup_tmp_dir: $!") - } - - my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir())); - - # Change directory to $tmpdir (so we'll be right below the directory where - # we have our rules to be backed up). - chdir("$tmpdir") or clean_exit("could not change directory to $tmpdir: $!"); - - if ($config{use_external_bins}) { - clean_exit("tar command returned error when archiving backup files.\n") - if (system("tar","cf","$backup_tarball","rules-backup-$date")); - - clean_exit("gzip command returned error when compressing backup file.\n") - if (system("gzip","$backup_tarball")); - - $backup_tarball .= ".gz"; - - } else { - my $tar = Archive::Tar->new; - opendir(RULES, "rules-backup-$date") - or clean_exit("unable to open directory \"rules-backup-$date\": $!"); - - while ($_ = readdir(RULES)) { - next if (/^\.\.?$/); - $tar->add_files("rules-backup-$date/$_"); - } - - closedir(RULES); - - $backup_tarball .= ".gz"; - - # Write tarball. Print stupid error message if it fails as - # we can't use $tar->error or Tar::error on all platforms. - $tar->write("$backup_tarball", 1); - - clean_exit("could not create backup archive: tarball empty after creation\n") - unless (-s "$backup_tarball"); - } - - # Change back to old directory (so it will work with -b <directory> as either - # an absolute or a relative path. - chdir("$old_dir") - or clean_exit("could not change directory back to $old_dir: $!"); - - copy("$tmpdir/$backup_tarball", "$dest_file") - or clean_exit("unable to copy $tmpdir/$backup_tarball to $dest_file/: $!\n"); - - print STDERR " saved as $dest_file.\n" - unless ($config{quiet}); -} - - - -# Print the results. -sub print_changes($ $) -{ - my $ch_ref = shift; - my $rh_ref = shift; - - my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5]; - - my $date = sprintf("%4d%02d%02d %02d:%02d:%02d", - $year + 1900, $mon + 1, $mday, $hour, $min, $sec); - - print "\n[***] Results from Oinkmaster started $date [***]\n"; - - # Print new variables. - if ($config{update_vars}) { - if ($#{$$ch_ref{new_vars}} > -1) { - print "\n[*] New variables: [*]\n"; - foreach my $var (@{$$ch_ref{new_vars}}) { - print " $var"; - } - } else { - print "\n[*] New variables: [*]\n None.\n" - unless ($config{super_quiet}); - } - } - - - # Print rules modifications. - print "\n[*] Rules modifications: [*]\n None.\n" - if (!keys(%{$$ch_ref{rules}}) && !$config{super_quiet}); - - # Print added rules. - if (exists($$ch_ref{rules}{added})) { - print "\n[+++] Added rules: [+++]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{added}}, $rh_ref); - } else { - print_changetype($PRINT_NEW, "Added to", - \%{$$ch_ref{rules}{added}}, $rh_ref); - } - } - - # Print enabled rules. - if (exists($$ch_ref{rules}{ena})) { - print "\n[+++] Enabled rules: [+++]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{ena}}, $rh_ref); - } else { - print_changetype($PRINT_NEW, "Enabled in", - \%{$$ch_ref{rules}{ena}}, $rh_ref); - } - } - - # Print enabled + modified rules. - if (exists($$ch_ref{rules}{ena_mod})) { - print "\n[+++] Enabled and modified rules: [+++]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{ena_mod}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Enabled and modified in", - \%{$$ch_ref{rules}{ena_mod}}, $rh_ref); - } - } - - # Print modified active rules. - if (exists($$ch_ref{rules}{mod_act})) { - print "\n[///] Modified active rules: [///]\n"; - - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{mod_act}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Modified active in", - \%{$$ch_ref{rules}{mod_act}}, $rh_ref); - } - } - - # Print modified inactive rules. - if (exists($$ch_ref{rules}{mod_ina})) { - print "\n[///] Modified inactive rules: [///]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{mod_ina}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Modified inactive in", - \%{$$ch_ref{rules}{mod_ina}}, $rh_ref); - } - } - - # Print disabled + modified rules. - if (exists($$ch_ref{rules}{dis_mod})) { - print "\n[---] Disabled and modified rules: [---]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{dis_mod}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Disabled and modified in", - \%{$$ch_ref{rules}{dis_mod}}, $rh_ref); - } - } - - # Print disabled rules. - if (exists($$ch_ref{rules}{dis})) { - print "\n[---] Disabled rules: [---]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{dis}}, $rh_ref); - } else { - print_changetype($PRINT_NEW, "Disabled in", - \%{$$ch_ref{rules}{dis}}, $rh_ref); - } - } - - # Print removed rules. - if (exists($$ch_ref{rules}{removed})) { - print "\n[---] Removed rules: [---]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{removed}}, $rh_ref); - } else { - print_changetype($PRINT_OLD, "Removed from", - \%{$$ch_ref{rules}{removed}}, $rh_ref); - } - } - - - # Print non-rule modifications. - print "\n[*] Non-rule line modifications: [*]\n None.\n" - if (!keys(%{$$ch_ref{other}}) && !$config{super_quiet}); - - # Print added non-rule lines. - if (exists($$ch_ref{other}{added})) { - print "\n[+++] Added non-rule lines: [+++]\n"; - foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{added}}))) { - my $num = $#{$$ch_ref{other}{added}{$file}} + 1; - print "\n -> Added to $file ($num):\n"; - foreach my $line (@{$$ch_ref{other}{added}{$file}}) { - print " $line"; - } - } - } - - # Print removed non-rule lines. - if (keys(%{$$ch_ref{other}{removed}}) > 0) { - print "\n[---] Removed non-rule lines: [---]\n"; - foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{removed}}))) { - my $num = $#{$$ch_ref{other}{removed}{$file}} + 1; - print "\n -> Removed from $file ($num):\n"; - foreach my $other (@{$$ch_ref{other}{removed}{$file}}) { - print " $other"; - } - } - } - - - # Print list of added files. - if (keys(%{$$ch_ref{added_files}})) { - print "\n[+] Added files (consider updating your snort.conf to include them if needed): [+]\n\n"; - foreach my $added_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{added_files}}))) { - print " -> $added_file\n"; - } - } else { - print "\n[*] Added files: [*]\n None.\n" - unless ($config{super_quiet} || $config{summary_output}); - } - - # Print list of possibly removed files if requested. - if ($config{check_removed}) { - if (keys(%{$$ch_ref{removed_files}})) { - print "\n[-] Files possibly removed from the archive ". - "(consider removing them from your snort.conf if needed): [-]\n\n"; - foreach my $removed_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{removed_files}}))) { - print " -> $removed_file\n"; - } - } else { - print "\n[*] Files possibly removed from the archive: [*]\n None.\n" - unless ($config{super_quiet} || $config{summary_output}); - } - } - - print "\n"; -} - - - -# Helper for print_changes(). -sub print_changetype($ $ $ $) -{ - my $type = shift; # $PRINT_OLD|$PRINT_NEW|$PRINT_BOTH - my $string = shift; # string to print before filename - my $ch_ref = shift; # reference to an entry in the rules changes hash - my $rh_ref = shift; # reference to rules hash - - foreach my $file (sort({uc($a) cmp uc($b)} keys(%$ch_ref))) { - my $num = keys(%{$$ch_ref{$file}}); - print "\n -> $string $file ($num):\n"; - foreach my $sid (keys(%{$$ch_ref{$file}})) { - if ($type == $PRINT_OLD) { - print " $$rh_ref{old}{rules}{$file}{$sid}" - } elsif ($type == $PRINT_NEW) { - print " $$rh_ref{new}{rules}{$file}{$sid}" - } elsif ($type == $PRINT_BOTH) { - - my $old = $$rh_ref{old}{rules}{$file}{$sid}; - my $new = $$rh_ref{new}{rules}{$file}{$sid}; - - if ($config{minimize_diff}) { - my ($old, $new) = minimize_diff($old, $new); - print "\n old SID $sid: $old"; - print " new SID $sid: $new"; - } else { - print "\n old: $old"; - print " new: $new"; - } - } - } - } -} - - - -# Print changes in bmc style, i.e. only sid and msg, no full details. -sub print_summary_change($ $) -{ - my $ch_ref = shift; # reference to an entry in the rules changes hash - my $rh_ref = shift; # reference to rules hash - - my (@sids, %sidmap); - - print "\n"; - - # First get all the sids (may be spread across multiple files. - foreach my $file (keys(%$ch_ref)) { - foreach my $sid (keys(%{$$ch_ref{$file}})) { - push(@sids, $sid); - if (exists($$rh_ref{new}{rules}{$file}{$sid})) { - $sidmap{$sid}{rule} = $$rh_ref{new}{rules}{$file}{$sid}; - } else { - $sidmap{$sid}{rule} = $$rh_ref{old}{rules}{$file}{$sid}; - } - $sidmap{$sid}{file} = $file; - } - } - - # Print rules, sorted by sid. - foreach my $sid (sort {$a <=> $b} (@sids)) { - my @rule = $sidmap{$sid}{rule}; - my $file = $sidmap{$sid}{file}; - get_next_entry(\@rule, undef, undef, undef, \(my $msg), undef); - printf("%8d - %s (%s)\n", $sid, $msg, $file); - } - - print "\n"; -} - - - -# Compare the new rules to the old ones. -sub get_changes($ $ $) -{ - my $rh_ref = shift; - my $new_files_ref = shift; - my $rules_dir = shift; - my %changes; - - print STDERR "Comparing new files to the old ones... " - unless ($config{quiet}); - - # We have the list of added files (without full path) in $rh_ref{added_files} - # but we'd rather want to have it in $changes{added_files} now. - $changes{added_files} = $$rh_ref{added_files}; - - # New files are also regarded as modified since we want to update - # (i.e. add) those as well. Here we want them with full path. - foreach my $file (keys(%{$changes{added_files}})) { - $changes{modified_files}{"$tmpdir/$rules_dir/$file"}++; - } - - # Add list of possibly removed files if requested. - if ($config{check_removed}) { - opendir(OLDRULES, "$config{output_dir}") - or clean_exit("could not open directory $config{output_dir}: $!"); - - while ($_ = readdir(OLDRULES)) { - next if (/^\.\.?$/); - $changes{removed_files}{"$_"} = 1 - if (/$config{update_files}/ && - !exists($config{file_ignore_list}{$_}) && - !-e "$tmpdir/$rules_dir/$_"); - } - - closedir(OLDRULES); - } - - # For each new rules file... - FILELOOP:foreach my $file_w_path (sort(keys(%$new_files_ref))) { - my $file = basename($file_w_path); - - # Skip comparison if it's an added file. - next FILELOOP if (exists($$rh_ref{added_files}{$file})); - - # For each sid in the new file... - foreach my $sid (keys(%{$$rh_ref{new}{rules}{$file}})) { - my $new_rule = $$rh_ref{new}{rules}{$file}{$sid}; - - # Sid also exists in the old file? - if (exists($$rh_ref{old}{rules}{$file}{$sid})) { - my $old_rule = $$rh_ref{old}{rules}{$file}{$sid}; - - # Are they identical? - unless ($new_rule eq $old_rule) { - $changes{modified_files}{$file_w_path}++; - - # Find out in which way the rules are different. - if ("#$old_rule" eq $new_rule) { - $changes{rules}{dis}{$file}{$sid}++; - } elsif ($old_rule eq "#$new_rule") { - $changes{rules}{ena}{$file}{$sid}++; - } elsif ($old_rule =~ /^\s*#/ && $new_rule !~ /^\s*#/) { - $changes{rules}{ena_mod}{$file}{$sid}++; - } elsif ($old_rule !~ /^\s*#/ && $new_rule =~ /^\s*#/) { - $changes{rules}{dis_mod}{$file}{$sid}++; - } elsif ($old_rule =~ /^\s*#/ && $new_rule =~ /^\s*#/) { - $changes{rules}{mod_ina}{$file}{$sid}++; - } else { - $changes{rules}{mod_act}{$file}{$sid}++; - } - - } - } else { # sid not found in old file, i.e. it's added - $changes{modified_files}{$file_w_path}++; - $changes{rules}{added}{$file}{$sid}++; - } - } # foreach sid - - # Check for removed rules, i.e. sids that exist in the old file but - # not in the new one. - foreach my $sid (keys(%{$$rh_ref{old}{rules}{$file}})) { - unless (exists($$rh_ref{new}{rules}{$file}{$sid})) { - $changes{modified_files}{$file_w_path}++; - $changes{rules}{removed}{$file}{$sid}++; - } - } - - # Check for added non-rule lines. - get_first_only(\my @added, - \@{$$rh_ref{new}{other}{$file}}, - \@{$$rh_ref{old}{other}{$file}}); - - if (scalar(@added)) { - @{$changes{other}{added}{$file}} = @added; - $changes{modified_files}{$file_w_path}++; - } - - # Check for removed non-rule lines. - get_first_only(\my @removed, - \@{$$rh_ref{old}{other}{$file}}, - \@{$$rh_ref{new}{other}{$file}}); - - if (scalar(@removed)) { - @{$changes{other}{removed}{$file}} = @removed; - $changes{modified_files}{$file_w_path}++; - } - - } # foreach new file - - print STDERR "done.\n" unless ($config{quiet}); - - return (%changes); -} - - - -# Simply copy the modified rules files to the output directory. -sub update_rules($ @) -{ - my $dst_dir = shift; - my @modified_files = @_; - - print STDERR "Updating local rules files... " - if (!$config{quiet} || $config{interactive}); - - foreach my $file_w_path (@modified_files) { - copy("$file_w_path", "$dst_dir") - or clean_exit("could not copy $file_w_path to $dst_dir: $!"); - } - - print STDERR "done.\n" - if (!$config{quiet} || $config{interactive}); -} - - -# Simply copy rules files from one dir to another. -# Links are not allowed. -sub copy_rules($ $) -{ - my $src_dir = shift; - my $dst_dir = shift; - - print STDERR "Copying rules from $src_dir... " - if (!$config{quiet} || $config{interactive}); - - opendir(SRC_DIR, $src_dir) - or clean_exit("could not open directory $src_dir: $!"); - - my $num_files = 0; - while ($_ = readdir(SRC_DIR)) { - next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}) - || !/$config{update_files}/); - - my $src_file = untaint_path("$src_dir/$_"); - - # Make sure it's a regular file. - unless (-f "$src_file" && !-l "$src_file") { - closedir(SRC_DIR); - clean_exit("\"$src_file\" is not a regular file.") - } - - unless (copy($src_file, $dst_dir)) { - closedir(SRC_DIR); - clean_exit("could not copy \"$src_file\" to \"$dst_dir\"/: $!"); - } - $num_files++; - } - - closedir(SRC_DIR); - - print STDERR "$num_files files copied.\n" - if (!$config{quiet} || $config{interactive}); -} - - - -# Return true if file is in PATH and is executable. -sub is_in_path($) -{ - my $file = shift; - - foreach my $dir (File::Spec->path()) { - if ((-f "$dir/$file" && -x "$dir/$file") - || (-f "$dir/$file.exe" && -x "$dir/$file.exe")) { - print STDERR "Found $file binary in $dir\n" - if ($config{verbose}); - return (1); - } - } - - return (0); -} - - - -# get_next_entry() will parse the array referenced in the first arg -# and return the next entry. The array should contain a rules file, -# and the returned entry will be removed from the array. -# An entry is one of: -# - single-line rule (put in 2nd ref) -# - multi-line rule (put in 3rd ref) -# - non-rule line (put in 4th ref) -# If the entry is a multi-line rule, its single-line version is also -# returned (put in the 2nd ref). -# If it's a rule, the msg string will be put in 4th ref and sid in 5th. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - chomp($line); - $line .= "\n"; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - - # Invalid multi-line rule. - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Check if it's a regular single-line rule. - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - - # Non-rule line. - } else { - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Look for variables that exist in dist var files but not in local var file. -sub get_new_vars($ $ $ $) -{ - my $ch_ref = shift; - my $dist_var_files_ref = shift; - my $local_var_file = shift; - my $url_tmpdirs_ref = shift; - - my %new_vars; - my (%old_vars, %dist_var_files, %found_dist_var_files); - my $confs_found = 0; - - - # Warn in case we can't find a specified dist file. - foreach my $dir (@$url_tmpdirs_ref) { - foreach my $dist_var_file (@$dist_var_files_ref) { - if (-e "$dir/$dist_var_file") { - $found_dist_var_files{$dist_var_file} = 1; - $confs_found++; - } - } - } - - foreach my $dist_var_file (@$dist_var_files_ref) { - unless (exists($found_dist_var_files{$dist_var_file})) { - warn("WARNING: did not find variable file \"$dist_var_file\" in ". - "downloaded archive(s)\n") - unless($config{quiet}); - } - } - - unless ($confs_found) { - unless ($config{quiet}) { - warn("WARNING: no variable files found in downloaded archive(s), ". - "aborting check for new variables\n"); - return; - } - } - - # Read in variable names from old (target) var file. - open(LOCAL_VAR_FILE, "<", "$local_var_file") - or clean_exit("could not open $local_var_file for reading: $!"); - - my @local_var_conf = <LOCAL_VAR_FILE>; - - foreach $_ (join_multilines(\@local_var_conf)) { - $old_vars{lc($1)}++ if (/$VAR_REGEXP/i); - } - - close(LOCAL_VAR_FILE); - - # Read in variables from new file(s). - foreach my $dir (@$url_tmpdirs_ref) { - foreach my $dist_var_file (@$dist_var_files_ref) { - my $conf = "$dir/$dist_var_file"; - if (-e "$conf") { - my $num_new = 0; - print STDERR "Checking downloaded $dist_var_file for new variables... " - unless ($config{quiet}); - - open(DIST_CONF, "<", "$conf") - or clean_exit("could not open $conf for reading: $!"); - my @dist_var_conf = <DIST_CONF>; - close(DIST_CONF); - - foreach $_ (join_multilines(\@dist_var_conf)) { - if (/$VAR_REGEXP/i && !exists($old_vars{lc($1)})) { - my ($varname, $varval) = (lc($1), $2); - if (exists($new_vars{$varname})) { - warn("\nWARNING: new variable \"$varname\" is defined multiple ". - "times in downloaded files\n"); - } - s/^\s*//; - push(@{$$ch_ref{new_vars}}, "$_\n"); - $new_vars{$varname} = $varval; - $num_new++; - } - } - - close(DIST_CONF); - print STDERR "$num_new new found.\n" - unless ($config{quiet}); - } - } - } -} - - - -# Add new variables to local snort.conf. -sub add_new_vars($ $) -{ - my $ch_ref = shift; - my $varfile = shift; - my $tmp_varfile = "$tmpdir/tmp_varfile.conf"; - my $new_content; - - return unless ($#{$changes{new_vars}} > -1); - - print STDERR "Adding new variables to $varfile... " - unless ($config{quiet}); - - open(OLD_LOCAL_CONF, "<", "$varfile") - or clean_exit("could not open $varfile for reading: $!"); - my @old_content = <OLD_LOCAL_CONF>; - close(OLD_LOCAL_CONF); - - open(NEW_LOCAL_CONF, ">", "$tmp_varfile") - or clean_exit("could not open $tmp_varfile for writing: $!"); - - my @old_vars = grep(/$VAR_REGEXP/i, @old_content); - - - # If any vars exist in old file, put new vars right after them. - if ($#old_vars > -1) { - while ($_ = shift(@old_content)) { - print NEW_LOCAL_CONF $_; - last if ($_ eq $old_vars[$#old_vars]); - } - } - - print NEW_LOCAL_CONF @{$changes{new_vars}}; - print NEW_LOCAL_CONF @old_content; - - close(NEW_LOCAL_CONF); - - clean_exit("could not copy $tmp_varfile to $varfile: $!") - unless (copy("$tmp_varfile", "$varfile")); - - print STDERR "done.\n" - unless ($config{quiet}); -} - - - -# Convert msdos style path to cygwin style, e.g. -# c:\foo => /cygdrive/c/foo -sub msdos_to_cygwin_path($) -{ - my $path_ref = shift; - - if ($$path_ref =~ /^([a-zA-Z]):[\/\\](.*)/) { - my ($drive, $dir) = ($1, $2); - $dir =~ s/\\/\//g; - $$path_ref = "/cygdrive/$drive/$dir"; - return (1); - } - - return (0); -} - - - -# Parse and process a modifysid expression. -# Return 1 if valid, or otherwise 0. -sub parse_mod_expr($ $ $ $) -{ - my $mod_list_ref = shift; # where to store valid entries - my $sid_arg_list = shift; # comma-separated list of SIDs/files or wildcard - my $subst = shift; # regexp to look for - my $repl = shift; # regexp to replace it with - - my @tmp_mod_list; - - $sid_arg_list =~ s/\s+$//; - - foreach my $sid_arg (split(/\s*,\s*/, $sid_arg_list)) { - my $type = ""; - - $type = "sid" if ($sid_arg =~ /^\d+$/); - $type = "file" if ($sid_arg =~ /^\S+.*\.\S+$/); - $type = "wildcard" if ($sid_arg eq "*"); - - return (0) unless ($type); - - # Sanity check to make sure user escaped at least all the "$" in $subst. - if ($subst =~ /[^\\]\$./ || $subst =~ /^\$/) { - warn("WARNING: unescaped \$ in expression \"$subst\", all special ". - "characters must be escaped\n"); - return (0); - } - - # Only allow backreference variables. The check should at least catch some user typos. - if (($repl =~ /[^\\]\$(\D.)/ && $1 !~ /{\d/) || $repl =~ /[^\\]\$$/ - || ($repl =~ /^\$(\D.)/ && $1 !~ /{\d/)) { - warn("WARNING: illegal replacement expression \"$repl\": unescaped \$ ". - "that isn't a backreference\n"); - return (0); - } - - # Don't permit unescaped @. - if ($repl =~ /[^\\]\@/ || $repl =~ /^\@/) { - warn("WARNING: illegal replacement expression \"$repl\": unescaped \@\n"); - return (0); - } - - # Make sure the regexp is valid. - my $repl_qq = "qq/$repl/"; - my $dummy = "foo"; - - eval { - $dummy =~ s/$subst/$repl_qq/ee; - }; - - # We should probably check for warnings as well as errors... - if ($@) { - warn("Invalid regexp: $@"); - return (0); - } - - push(@tmp_mod_list, [$subst, $repl_qq, $type, $sid_arg]); - } - - # If we come this far, all sids and the regexp were parsed successfully, so - # append them to real mod list array. - foreach my $mod_entry (@tmp_mod_list) { - push(@$mod_list_ref, $mod_entry); - } - - return (1); -} - - - -# Untaint a path. Die if it contains illegal chars. -sub untaint_path($) -{ - my $path = shift; - my $orig_path = $path; - - return $path unless ($config{use_path_checks}); - - (($path) = $path =~ /^([$OK_PATH_CHARS]+)$/) - or clean_exit("illegal character in path/filename ". - "\"$orig_path\", allowed are $OK_PATH_CHARS\n". - "Fix this or set use_path_checks=0 in oinkmaster.conf ". - "to disable this check completely if it is too strict.\n"); - - return ($path); -} - - - -# Ask user to approve changes. Return 1 for yes, 0 for no. -sub approve_changes() -{ - my $answer = ""; - - while ($answer !~ /^[yn]/i) { - print "Do you approve these changes? [Yn] "; - $answer = <STDIN>; - $answer = "y" unless ($answer =~ /\S/); - } - - return ($answer =~ /^y/i); -} - - - -# Remove common leading and trailing stuff from two rules. -sub minimize_diff($ $) -{ - my $old_rule = shift; - my $new_rule = shift; - - my $original_old = $old_rule; - my $original_new = $new_rule; - - # Additional chars to print next to the diffing part. - my $additional_chars = 20; - - # Remove the rev keyword from the rules, as it often - # makes the whole diff minimizing useless. - $old_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//; - my $old_rev = $1; - - $new_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//; - my $new_rev = $1; - - # If rev was the only thing that changed, we want to restore the rev - # before continuing so we don't remove common stuff from rules that - # are identical. - if ($old_rule eq $new_rule) { - $old_rule = $original_old; - $new_rule = $original_new; - } - - # Temporarily remove possible leading # so it works nicely - # with modified rules that are also being either enabled or disabled. - my $old_is_disabled = 0; - my $new_is_disabled = 0; - - $old_is_disabled = 1 if ($old_rule =~ s/^#//); - $new_is_disabled = 1 if ($new_rule =~ s/^#//); - - # Go forward char by char until they aren't equeal. - # $i will bet set to the index where they diff. - my @old = split(//, $old_rule); - my @new = split(//, $new_rule); - - my $i = 0; - while ($i <= $#old && $i <= $#new && $old[$i] eq $new[$i]) { - $i++; - } - - # Now same thing but backwards. - # $j will bet set to the index where they diff. - @old = reverse(split(//, $old_rule)); - @new = reverse(split(//, $new_rule)); - - my $j = 0; - while ($j <= $#old && $j <= $#new && $old[$j] eq $new[$j]) { - $j++; - } - - # Print some additional chars on either side, if there is room for it. - $i -= $additional_chars; - $i = 0 if ($i < 0); - - $j = -$j + $additional_chars; - $j = 0 if ($j > -1); - - my ($old, $new); - - # Print entire rules (i.e. they can not be shortened). - if (!$i && !$j) { - $old = $old_rule; - $new = $new_rule; - - # Leading and trailing stuff can be removed. - } elsif ($i && $j) { - $old = "..." . substr($old_rule, $i, $j) . "..."; - $new = "..." . substr($new_rule, $i, $j) . "..."; - - # Trailing stuff can be removed. - } elsif (!$i && $j) { - $old = substr($old_rule, $i, $j) . "..."; - $new = substr($new_rule, $i, $j) . "..."; - - # Leading stuff can be removed. - } elsif ($i && !$j) { - $old = "..." . substr($old_rule, $i); - $new = "..." . substr($new_rule, $i); - } - - chomp($old, $new); - $old .= "\n"; - $new .= "\n"; - - # Restore possible leading # now. - $old = "#$old" if ($old_is_disabled); - $new = "#$new" if ($new_is_disabled); - - return ($old, $new); -} - - - -# Check a string and return 1 if it's a valid single-line snort rule. -# Msg string is put in second arg, sid in third (those are the only -# required keywords, besides the leading rule actions). -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$msg_ref); - undef($$sid_ref); - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} - - - -# Merge multiline directives in an array by simply removing traling backslashes. -sub join_multilines($) -{ - my $multiline_conf_ref = shift; - my $joined_conf = ""; - - foreach $_ (@$multiline_conf_ref) { - s/\\\s*\n$//; - $joined_conf .= $_; - } - - return (split/\n/, $joined_conf); -} - - - -# Catch SIGINT. -sub catch_sigint() -{ - $SIG{INT} = 'IGNORE'; - print STDERR "\nInterrupted, cleaning up.\n"; - sleep(1); - clean_exit("interrupted by signal"); -} - - - -# Remove temporary directory and exit. -# If a non-empty string is given as argument, it will be regarded -# as an error message and we will use die() with the message instead -# of just exit(0). -sub clean_exit($) -{ - my $err_msg = shift; - - $SIG{INT} = 'DEFAULT'; - - if (defined($tmpdir) && -d "$tmpdir") { - chdir(File::Spec->rootdir()); - rmtree("$tmpdir", 0, 1); - undef($tmpdir); - } - - if (!defined($err_msg) || $err_msg eq "") { - exit(0); - } else { - chomp($err_msg); - die("\n$0: Error: $err_msg\n\nOink, oink. Exiting...\n"); - } -} - - - -#### EOF #### diff --git a/config/snort-old/bin/snort2c b/config/snort-old/bin/snort2c Binary files differdeleted file mode 100755 index fdc91ac8..00000000 --- a/config/snort-old/bin/snort2c +++ /dev/null diff --git a/config/snort-old/pfsense_rules/local.rules b/config/snort-old/pfsense_rules/local.rules deleted file mode 100644 index 83a05f1b..00000000 --- a/config/snort-old/pfsense_rules/local.rules +++ /dev/null @@ -1,7 +0,0 @@ -# ---------------- -# LOCAL RULES -# ---------------- -# This file intentionally does not come with signatures. Put your local -# additions here. Pfsense first install rule. Rule edit tabe fails with out this file. -# -#
\ No newline at end of file diff --git a/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5 b/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5 deleted file mode 100644 index 83d5bdae..00000000 --- a/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5 +++ /dev/null @@ -1 +0,0 @@ -10002
\ No newline at end of file diff --git a/config/snort-old/pfsense_rules/rules/pfsense-voip.rules b/config/snort-old/pfsense_rules/rules/pfsense-voip.rules deleted file mode 100644 index 12f2fdf2..00000000 --- a/config/snort-old/pfsense_rules/rules/pfsense-voip.rules +++ /dev/null @@ -1,10 +0,0 @@ -alert ip any any -> $HOME_NET $SIP_PROXY_PORTS (msg:"OPTIONS SIP scan"; content:"OPTIONS"; depth:7; threshold: type both , track by_src, count 30, seconds 3; sid:5000001; rev:1;) -# Excessive number of SIP 4xx Responses Does not work -#### alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Excessive number of SIP 4xx Responses - possible user or password guessing attack"; pcre:"/^SIP\/2.0 4\d{2}"; threshold: type both, track by_src, count 100, seconds 60; sid:5000002; rev:1;) -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Ghost call attack"; content:"SIP/2.0 180"; depth:11; threshold: type both, track by_src, count 100, seconds 60; sid:5000003; rev:1;) -# Rule for alerting of INVITE flood attack: -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"INVITE message flooding"; content:"INVITE"; depth:6; threshold: type both , track by_src, count 100, seconds 60; sid:5000004; rev:1;) -# Rule for alerting of REGISTER flood attack: -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"REGISTER message flooding"; content:"REGISTER"; depth:8; threshold: type both , track by_src, count 100, seconds 60; sid:5000005; rev:1;) -# Threshold rule for unauthorized responses: -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"INVITE message flooding"; content:"SIP/2.0 401 Unauthorized"; depth:24; threshold: type both, track by_src, count 100, seconds 60; sid:5000006; rev:1;) diff --git a/config/snort-old/snort.inc b/config/snort-old/snort.inc deleted file mode 100755 index 0ed53feb..00000000 --- a/config/snort-old/snort.inc +++ /dev/null @@ -1,1640 +0,0 @@ -<?php -/* $Id$ */ -/* - snort.inc - Copyright (C) 2006 Scott Ullrich - part of pfSense - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("pfsense-utils.inc"); - -// Needed on 2.0 because of get_vpns_list() -require_once("filter.inc"); - -/* Allow additional execution time 0 = no limit. */ -ini_set('max_execution_time', '9999'); -ini_set('max_input_time', '9999'); - -/* define oinkid */ -if($config['installedpackages']['snort']) - $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; - -function sync_package_snort_reinstall() -{ - global $config; - if(!$config['installedpackages']['snort']) - return; - - /* create snort configuration file */ - create_snort_conf(); - - /* start snort service */ - start_service("snort"); -} -function sync_package_snort() -{ - global $config, $g; - conf_mount_rw(); - - mwexec("mkdir -p /var/log/snort/"); - - if(!file_exists("/var/log/snort/alert")) - touch("/var/log/snort/alert"); - - /* snort -> advanced features */ - $bpfbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfbufsize']; - $bpfmaxbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxbufsize']; - $bpfmaxinsns = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxinsns']; - - /* set the snort performance model */ - if($config['installedpackages']['snort']['config'][0]['performance']) - $snort_performance = $config['installedpackages']['snort']['config'][0]['performance']; - else - $snort_performance = "ac-bnfa"; - - /* create a few directories and ensure the sample files are in place */ - exec("/bin/mkdir -p /usr/local/etc/snort"); - exec("/bin/mkdir -p /var/log/snort"); - exec("/bin/mkdir -p /usr/local/etc/snort/rules"); - exec("/bin/rm /usr/local/etc/snort/snort.conf-sample"); - exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample"); - exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample"); - exec("/bin/rm /usr/local/etc/snort/unicode.map-sample"); - exec("/bin/rm /usr/local/etc/snort/classification.config-sample"); - exec("/bin/rm /usr/local/etc/snort/generators-sample"); - exec("/bin/rm /usr/local/etc/snort/reference.config-sample"); - exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample"); - exec("/bin/rm /usr/local/etc/snort/sid"); - exec("/bin/rm -f /usr/local/etc/rc.d/snort"); - - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snort']['config'][0]['iface_array']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - - if($config['interfaces'][$iface]['ipaddr'] == "pppoe") { - $if = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if){ - array_push($snortInterfaces, $if); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } - //print_r($snortInterfaces); - - /* create log directory */ - $start = "/bin/mkdir -p /var/log/snort\n"; - - /* snort advanced features - bpf tuning */ - if($bpfbufsize) - $start .= "sysctl net.bpf.bufsize={$bpfbufsize}\n"; - if($bpfmaxbufsize) - $start .= "sysctl net.bpf.maxbufsize={$bpfmaxbufsize}\n"; - if($bpfmaxinsns) - $start .= "sysctl net.bpf.maxinsns={$bpfmaxinsns}\n"; - - /* go ahead and issue bpf changes */ - if($bpfbufsize) - mwexec_bg("sysctl net.bpf.bufsize={$bpfbufsize}"); - if($bpfmaxbufsize) - mwexec_bg("sysctl net.bpf.maxbufsize={$bpfmaxbufsize}"); - if($bpfmaxinsns) - mwexec_bg("sysctl net.bpf.maxinsns={$bpfmaxinsns}"); - - /* always stop barnyard2 before starting snort -gtm */ - $start .= "/usr/bin/killall barnyard2\n"; - - /* start a snort process for each interface -gtm */ - /* Note the sleep delay. Seems to help getting mult interfaces to start -gtm */ - /* snort start options are; config file, log file, demon, interface, packet flow, alert type, quiet */ - /* TODO; get snort to start under nologin shell */ - foreach($snortInterfaces as $snortIf) - { - $start .= "sleep 4\n"; - $start .= "/usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -q\n"; - /* define snortbarnyardlog_chk */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; - if ($snortbarnyardlog_info_chk == on) - $start .= "\nsleep 4;/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n"; - } - $check_if_snort_runs = "\n\tif [ \"`ls -A /usr/local/etc/snort/rules`\" ] ; then\n\techo \"rules exist\"\n\telse\n\techo \"rules DONT exist\"\n\texit 2\n\tfi \n\n\tif [ \"`pgrep -x snort`\" = \"\" ] ; then\n\t/bin/rm /tmp/snort.sh.pid\n\tfi \n\n\tif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\t/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php &\n\texit 1\n\tfi\n\n"; - $if_snort_pid = "\nif ls /tmp/snort.sh.pid > /dev/null\nthen\n echo \"snort.sh is running\"\n exit 0\nelse\n echo \"snort.sh is not running\"\nfi\n"; - $echo_snort_sh_pid = "\necho \"snort.sh run\" > /tmp/snort.sh.pid\n"; - $echo_snort_sh_startup_log = "\necho \"snort.sh run\" >> /tmp/snort.sh_startup.log\n"; - $del_old_pids = "\nrm -f /var/run/snort_*\n"; - $sample_before = "BEFORE_MEM=`top | grep Wired | awk '{print \$12}'`\n"; - $sample_after = "\n\tAFTER_MEM=`top | grep Wired | awk '{print \$12}'`\n"; - if ($snort_performance == "ac-bnfa") - $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=60\n"; - else - $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=300\n"; - $sleep_before_final .= "while [ \"\$MYSNORTLOG\" = \"\" -a \$WAITSECURE -gt 0 ] ; do\n\tsleep 2\n\tMYSNORTLOG=`/usr/sbin/clog /var/log/system.log | grep snort | tail | grep 'Snort initialization completed successfully'`\n\tWAITSECURE=`expr \$WAITSECURE - 1`\ndone\n"; - $total_used_after = "TOTAL_USAGE=`top | grep snort | grep -v grep | awk '{ print \$6 }'`\n"; - $echo_usage .= $sample_after . "\t" . $total_used_after . "\techo \"Ram free BEFORE starting Snort: \$BEFORE_MEM -- Ram free AFTER starting Snort: \$AFTER_MEM -- Mode " . $snort_performance . " -- Snort memory usage: \$TOTAL_USAGE\" | logger -p daemon.info -i -t SnortStartup\n\n"; - - /* write out rc.d start/stop file */ - write_rcfile(array( - "file" => "snort.sh", - "start" => "{$check_if_snort_runs}{$if_snort_pid}{$echo_snort_sh_pid}{$echo_snort_sh_startup_log}{$del_old_pids}{$sample_before}{$start}{$sleep_before_final}{$echo_usage}", - "stop" => "/usr/bin/killall snort; killall barnyard2" - ) - ); - - /* create snort configuration file */ - create_snort_conf(); - -/* create barnyard2 configuration file */ -$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; -if ($snortbarnyardlog_info_chk == on) - create_barnyard2_conf(); - - /* snort will not start on install untill setting are set */ -if ($config['installedpackages']['snort']['config'][0]['autorulesupdate7'] != "") { - /* start snort service */ - conf_mount_ro(); - start_service("snort"); - } -} - -/* open barnyard2.conf for writing */ -function create_barnyard2_conf() { - global $bconfig, $bg; - /* write out barnyard2_conf */ - conf_mount_rw(); - $barnyard2_conf_text = generate_barnyard2_conf(); - $bconf = fopen("/usr/local/etc/barnyard2.conf", "w"); - if(!$bconf) { - log_error("Could not open /usr/local/etc/barnyard2.conf for writing."); - exit; - } - fwrite($bconf, $barnyard2_conf_text); - fclose($bconf); - conf_mount_ro(); -} -/* open barnyard2.conf for writing" */ -function generate_barnyard2_conf() { - - global $config, $g; - conf_mount_rw(); - -/* define snortbarnyardlog */ -/* TODO add support for the other 5 output plugins */ - -$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_database']; -$snortbarnyardlog_hostname_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_hostname']; -$snortbarnyardlog_interface_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_interface']; - -$barnyard2_conf_text = <<<EOD - -# barnyard2.conf -# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php - -# Copyright (C) 2006 Robert Zelaya -# part of pfSense -# All rights reserved. - -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: - -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. - -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. - -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -# set the appropriate paths to the file(s) your Snort process is using -config reference-map: /usr/local/etc/snort/reference.config -config class-map: /usr/local/etc/snort/classification.config -config gen-msg-map: /usr/local/etc/snort/gen-msg.map -config sid-msg-map: /usr/local/etc/snort/sid-msg.map - -config hostname: $snortbarnyardlog_hostname_info_chk -config interface: $snortbarnyardlog_interface_info_chk - -# Step 2: setup the input plugins -input unified2 - -# database: log to a variety of databases -# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx - -$snortbarnyardlog_database_info_chk - -EOD; - conf_mount_rw(); - return $barnyard2_conf_text; - -} - -function create_snort_conf() { - global $config, $g; - /* write out snort.conf */ - $snort_conf_text = generate_snort_conf(); - conf_mount_rw(); - $conf = fopen("/usr/local/etc/snort/snort.conf", "w"); - if(!$conf) { - log_error("Could not open /usr/local/etc/snort/snort.conf for writing."); - exit; - } - fwrite($conf, $snort_conf_text); - fclose($conf); - conf_mount_ro(); -} - -function snort_deinstall() { - - global $config, $g; - conf_mount_rw(); - - - /* remove custom sysctl */ - remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); - /* decrease bpf buffers back to 4096, from 20480 */ - exec("/sbin/sysctl net.bpf.bufsize=4096"); - exec("/usr/bin/killall snort"); - sleep(5); - exec("/usr/bin/killall -9 snort"); - exec("rm -f /usr/local/etc/rc.d/snort*"); - exec("rm -rf /usr/local/etc/snort*"); - exec("cd /var/db/pkg && pkg_delete `ls | grep snort`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep libdnet`"); - exec("/usr/bin/killall -9 snort"); - exec("/usr/bin/killall snort"); - - /* Remove snort cron entries Ugly code needs smoothness*/ - - function snort_rm_blocked_deinstall_cron($should_install) { - global $config, $g; - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort2c")) { - $is_installed = true; - break; - } - $x++; - } - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - } - configure_cron(); - } - } - - function snort_rules_up_deinstall_cron($should_install) { - global $config, $g; - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - } - configure_cron(); - } - } - -snort_rm_blocked_deinstall_cron(""); -snort_rules_up_deinstall_cron(""); - -/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ -/* Keep this as a last step */ - -unset($config['installedpackages']['snort']); -unset($config['installedpackages']['snortdefservers']); -unset($config['installedpackages']['snortwhitelist']); -unset($config['installedpackages']['snortthreshold']); -unset($config['installedpackages']['snortadvanced']); - - -write_config(); -conf_mount_ro(); - -} - -function generate_snort_conf() { - - global $config, $g; - conf_mount_rw(); - /* obtain external interface */ - /* XXX: make multi wan friendly */ - $snort_ext_int = $config['installedpackages']['snort']['config'][0]['iface_array'][0]; - - $snort_config_pass_thru = $config['installedpackages']['snortadvanced']['config'][0]['configpassthru']; - -/* define snortalertlogtype */ -$snortalertlogtype = $config['installedpackages']['snortadvanced']['config'][0]['snortalertlogtype']; -if ($snortalertlogtype == fast) - $snortalertlogtype_type = "output alert_fast: alert"; -else - $snortalertlogtype_type = "output alert_full: alert"; - -/* define alertsystemlog */ -$alertsystemlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['alertsystemlog']; -if ($alertsystemlog_info_chk == on) - $alertsystemlog_type = "output alert_syslog: log_alert"; - -/* define tcpdumplog */ -$tcpdumplog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['tcpdumplog']; -if ($tcpdumplog_info_chk == on) - $tcpdumplog_type = "output log_tcpdump: snorttcpd.log"; - -/* define snortbarnyardlog_chk */ -$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; -if ($snortbarnyardlog_info_chk == on) - $snortbarnyardlog_type = "barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D"; - -/* define snortunifiedlog */ -$snortunifiedlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortunifiedlog']; -if ($snortunifiedlog_info_chk == on) - $snortunifiedlog_type = "output unified2: filename snort.u2, limit 128"; - -/* define spoink */ -$spoink_info_chk = $config['installedpackages']['snort']['config'][0]['blockoffenders7']; -if ($spoink_info_chk == on) - $spoink_type = "output alert_pf: /var/db/whitelist,snort2c"; - - /* define servers and ports snortdefservers */ - -/* def DNS_SERVSERS */ -$def_dns_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_servers']; -if ($def_dns_servers_info_chk == "") - $def_dns_servers_type = "\$HOME_NET"; -else - $def_dns_servers_type = "$def_dns_servers_info_chk"; - -/* def DNS_PORTS */ -$def_dns_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_ports']; -if ($def_dns_ports_info_chk == "") - $def_dns_ports_type = "53"; -else - $def_dns_ports_type = "$def_dns_ports_info_chk"; - -/* def SMTP_SERVSERS */ -$def_smtp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_servers']; -if ($def_smtp_servers_info_chk == "") - $def_smtp_servers_type = "\$HOME_NET"; -else - $def_smtp_servers_type = "$def_smtp_servers_info_chk"; - -/* def SMTP_PORTS */ -$def_smtp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_ports']; -if ($def_smtp_ports_info_chk == "") - $def_smtp_ports_type = "25"; -else - $def_smtp_ports_type = "$def_smtp_ports_info_chk"; - -/* def MAIL_PORTS */ -$def_mail_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mail_ports']; -if ($def_mail_ports_info_chk == "") - $def_mail_ports_type = "25,143,465,691"; -else - $def_mail_ports_type = "$def_mail_ports_info_chk"; - -/* def HTTP_SERVSERS */ -$def_http_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_servers']; -if ($def_http_servers_info_chk == "") - $def_http_servers_type = "\$HOME_NET"; -else - $def_http_servers_type = "$def_http_servers_info_chk"; - -/* def WWW_SERVSERS */ -$def_www_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_www_servers']; -if ($def_www_servers_info_chk == "") - $def_www_servers_type = "\$HOME_NET"; -else - $def_www_servers_type = "$def_www_servers_info_chk"; - -/* def HTTP_PORTS */ -$def_http_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_ports']; -if ($def_http_ports_info_chk == "") - $def_http_ports_type = "80"; -else - $def_http_ports_type = "$def_http_ports_info_chk"; - -/* def SQL_SERVSERS */ -$def_sql_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sql_servers']; -if ($def_sql_servers_info_chk == "") - $def_sql_servers_type = "\$HOME_NET"; -else - $def_sql_servers_type = "$def_sql_servers_info_chk"; - -/* def ORACLE_PORTS */ -$def_oracle_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_oracle_ports']; -if ($def_oracle_ports_info_chk == "") - $def_oracle_ports_type = "1521"; -else - $def_oracle_ports_type = "$def_oracle_ports_info_chk"; - -/* def MSSQL_PORTS */ -$def_mssql_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mssql_ports']; -if ($def_mssql_ports_info_chk == "") - $def_mssql_ports_type = "1433"; -else - $def_mssql_ports_type = "$def_mssql_ports_info_chk"; - -/* def TELNET_SERVSERS */ -$def_telnet_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_servers']; -if ($def_telnet_servers_info_chk == "") - $def_telnet_servers_type = "\$HOME_NET"; -else - $def_telnet_servers_type = "$def_telnet_servers_info_chk"; - -/* def TELNET_PORTS */ -$def_telnet_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_ports']; -if ($def_telnet_ports_info_chk == "") - $def_telnet_ports_type = "23"; -else - $def_telnet_ports_type = "$def_telnet_ports_info_chk"; - -/* def SNMP_SERVSERS */ -$def_snmp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_servers']; -if ($def_snmp_servers_info_chk == "") - $def_snmp_servers_type = "\$HOME_NET"; -else - $def_snmp_servers_type = "$def_snmp_servers_info_chk"; - -/* def SNMP_PORTS */ -$def_snmp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_ports']; -if ($def_snmp_ports_info_chk == "") - $def_snmp_ports_type = "161"; -else - $def_snmp_ports_type = "$def_snmp_ports_info_chk"; - -/* def FTP_SERVSERS */ -$def_ftp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_servers']; -if ($def_ftp_servers_info_chk == "") - $def_ftp_servers_type = "\$HOME_NET"; -else - $def_ftp_servers_type = "$def_ftp_servers_info_chk"; - -/* def FTP_PORTS */ -$def_ftp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_ports']; -if ($def_ftp_ports_info_chk == "") - $def_ftp_ports_type = "21"; -else - $def_ftp_ports_type = "$def_ftp_ports_info_chk"; - -/* def SSH_SERVSERS */ -$def_ssh_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_servers']; -if ($def_ssh_servers_info_chk == "") - $def_ssh_servers_type = "\$HOME_NET"; -else - $def_ssh_servers_type = "$def_ssh_servers_info_chk"; - -/* if user has defined a custom ssh port, use it */ -if($config['system']['ssh']['port']) - $ssh_port = $config['system']['ssh']['port']; -else - $ssh_port = "22"; - -/* def SSH_PORTS */ -$def_ssh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_ports']; -if ($def_ssh_ports_info_chk == "") - $def_ssh_ports_type = "{$ssh_port}"; -else - $def_ssh_ports_type = "$def_ssh_ports_info_chk"; - -/* def POP_SERVSERS */ -$def_pop_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop_servers']; -if ($def_pop_servers_info_chk == "") - $def_pop_servers_type = "\$HOME_NET"; -else - $def_pop_servers_type = "$def_pop_servers_info_chk"; - -/* def POP2_PORTS */ -$def_pop2_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop2_ports']; -if ($def_pop2_ports_info_chk == "") - $def_pop2_ports_type = "109"; -else - $def_pop2_ports_type = "$def_pop2_ports_info_chk"; - -/* def POP3_PORTS */ -$def_pop3_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop3_ports']; -if ($def_pop3_ports_info_chk == "") - $def_pop3_ports_type = "110"; -else - $def_pop3_ports_type = "$def_pop3_ports_info_chk"; - -/* def IMAP_SERVSERS */ -$def_imap_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_servers']; -if ($def_imap_servers_info_chk == "") - $def_imap_servers_type = "\$HOME_NET"; -else - $def_imap_servers_type = "$def_imap_servers_info_chk"; - -/* def IMAP_PORTS */ -$def_imap_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_ports']; -if ($def_imap_ports_info_chk == "") - $def_imap_ports_type = "143"; -else - $def_imap_ports_type = "$def_imap_ports_info_chk"; - -/* def SIP_PROXY_IP */ -$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ip']; -if ($def_sip_proxy_ip_info_chk == "") - $def_sip_proxy_ip_type = "\$HOME_NET"; -else - $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk"; - -/* def SIP_PROXY_PORTS */ -$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ports']; -if ($def_sip_proxy_ports_info_chk == "") - $def_sip_proxy_ports_type = "5060:5090,16384:32768"; -else - $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk"; - -/* def AUTH_PORTS */ -$def_auth_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_auth_ports']; -if ($def_auth_ports_info_chk == "") - $def_auth_ports_type = "113"; -else - $def_auth_ports_type = "$def_auth_ports_info_chk"; - -/* def FINGER_PORTS */ -$def_finger_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_finger_ports']; -if ($def_finger_ports_info_chk == "") - $def_finger_ports_type = "79"; -else - $def_finger_ports_type = "$def_finger_ports_info_chk"; - -/* def IRC_PORTS */ -$def_irc_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_irc_ports']; -if ($def_irc_ports_info_chk == "") - $def_irc_ports_type = "6665,6666,6667,6668,6669,7000"; -else - $def_irc_ports_type = "$def_irc_ports_info_chk"; - -/* def NNTP_PORTS */ -$def_nntp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_nntp_ports']; -if ($def_nntp_ports_info_chk == "") - $def_nntp_ports_type = "119"; -else - $def_nntp_ports_type = "$def_nntp_ports_info_chk"; - -/* def RLOGIN_PORTS */ -$def_rlogin_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rlogin_ports']; -if ($def_rlogin_ports_info_chk == "") - $def_rlogin_ports_type = "513"; -else - $def_rlogin_ports_type = "$def_rlogin_ports_info_chk"; - -/* def RSH_PORTS */ -$def_rsh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rsh_ports']; -if ($def_rsh_ports_info_chk == "") - $def_rsh_ports_type = "514"; -else - $def_rsh_ports_type = "$def_rsh_ports_info_chk"; - -/* def SSL_PORTS */ -$def_ssl_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssl_ports']; -if ($def_ssl_ports_info_chk == "") - $def_ssl_ports_type = "25,443,465,636,993,995"; -else - $def_ssl_ports_type = "$def_ssl_ports_info_chk"; - - /* add auto update scripts to /etc/crontab */ -// $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php"; -// $filenamea = "/etc/crontab"; -// remove_text_from_file($filenamea, $text_ww); -// add_text_to_file($filenamea, $text_ww); -// exec("killall -HUP cron"); */ - - /* should we install a automatic update crontab entry? */ - $automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate']; - - /* if user is on pppoe, we really want to use ng0 interface */ - if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe") - $snort_ext_int = "ng0"; - - /* set the snort performance model */ - if($config['installedpackages']['snort']['config'][0]['performance']) - $snort_performance = $config['installedpackages']['snort']['config'][0]['performance']; - else - $snort_performance = "ac-bnfa"; - - /* set the snort block hosts time IMPORTANT snort has trouble installing if snort_rm_blocked_info_ck != "" */ - $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked']; - if ($snort_rm_blocked_info_ck == "never_b") - $snort_rm_blocked_false = ""; - else - $snort_rm_blocked_false = "true"; - -if ($snort_rm_blocked_info_ck != "") { -function snort_rm_blocked_install_cron($should_install) { - global $config, $g; - conf_mount_rw(); - if ($g['booting']==true) - return; - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort2c")) { - $is_installed = true; - break; - } - $x++; - } - $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked']; - if ($snort_rm_blocked_info_ck == "1h_b") { - $snort_rm_blocked_min = "*/5"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "3600"; - } - if ($snort_rm_blocked_info_ck == "3h_b") { - $snort_rm_blocked_min = "*/15"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "10800"; - } - if ($snort_rm_blocked_info_ck == "6h_b") { - $snort_rm_blocked_min = "*/30"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "21600"; - } - if ($snort_rm_blocked_info_ck == "12h_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/1"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "43200"; - } - if ($snort_rm_blocked_info_ck == "1d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/2"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "86400"; - } - if ($snort_rm_blocked_info_ck == "4d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/8"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "345600"; - } - if ($snort_rm_blocked_info_ck == "7d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/14"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "604800"; - } - if ($snort_rm_blocked_info_ck == "28d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "0"; - $snort_rm_blocked_mday = "*/2"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "2419200"; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rm_blocked_min"; - $cron_item['hour'] = "$snort_rm_blocked_hr"; - $cron_item['mday'] = "$snort_rm_blocked_mday"; - $cron_item['month'] = "$snort_rm_blocked_month"; - $cron_item['wday'] = "$snort_rm_blocked_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; - $config['cron']['item'][] = $cron_item; - write_config("Installed 15 minute filter reload for Time Based Rules"); - conf_mount_rw(); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - } - break; - } - } - snort_rm_blocked_install_cron(""); - snort_rm_blocked_install_cron($snort_rm_blocked_false); -} - - /* set the snort rules update time */ - $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7']; - if ($snort_rules_up_info_ck == "never_up") - $snort_rules_up_false = ""; - else - $snort_rules_up_false = "true"; - -if ($snort_rules_up_info_ck != "") { -function snort_rules_up_install_cron($should_install) { - global $config, $g; - conf_mount_rw(); - if ($g['booting']==true) - return; - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } - $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7']; - if ($snort_rules_up_info_ck == "6h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/6"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "12h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/12"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "1d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/1"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "4d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/4"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "7d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/7"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "28d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/28"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rules_up_min"; - $cron_item['hour'] = "$snort_rules_up_hr"; - $cron_item['mday'] = "$snort_rules_up_mday"; - $cron_item['month'] = "$snort_rules_up_month"; - $cron_item['wday'] = "$snort_rules_up_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort_check_for_rule_updates.php >> /usr/local/etc/snort_bkup/snort_update.log"; - $config['cron']['item'][] = $cron_item; - write_config("Installed 15 minute filter reload for Time Based Rules"); - conf_mount_rw(); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - } - break; - } - } - snort_rules_up_install_cron(""); - snort_rules_up_install_cron($snort_rules_up_false); -} - /* Be sure we're really rw before writing */ - conf_mount_rw(); - /* open snort2c's whitelist for writing */ - $whitelist = fopen("/var/db/whitelist", "w"); - if(!$whitelist) { - log_error("Could not open /var/db/whitelist for writing."); - return; - } - - /* build an interface array list */ - $int_array = array('lan'); - for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) - if(isset($config['interfaces']['opt' . $j]['enable'])) - if(!$config['interfaces']['opt' . $j]['gateway']) - $int_array[] = "opt{$j}"; - - /* iterate through interface list and write out whitelist items - * and also compile a home_net list for snort. - */ - foreach($int_array as $int) { - /* calculate interface subnet information */ - $ifcfg = $config['interfaces'][$int]; - $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); - $subnetmask = gen_subnet_mask($ifcfg['subnet']); - if($subnet == "pppoe" or $subnet == "dhcp") { - $subnet = find_interface_ip("ng0"); - if($subnet) - $home_net .= "{$subnet} "; - } else { - if ($subnet) - if($ifcfg['subnet']) - $home_net .= "{$subnet}/{$ifcfg['subnet']} "; - } - } - - /* add all WAN ips to the whitelist */ - $wan_if = get_real_wan_interface(); - $ip = find_interface_ip($wan_if); - if($ip) - $home_net .= "{$ip} "; - - /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ - $int = convert_friendly_interface_to_real_interface_name("WAN"); - $gw = get_interface_gateway($int); - if($gw) - $home_net .= "{$gw} "; - - /* Add DNS server for WAN interface to whitelist */ - $dns_servers = get_dns_servers(); - foreach($dns_servers as $dns) { - if($dns) - $home_net .= "{$dns} "; - } - - /* Add loopback to whitelist (ftphelper) */ - $home_net .= "127.0.0.1 "; - - /* iterate all vips and add to whitelist */ - if($config['virtualip']) - foreach($config['virtualip']['vip'] as $vip) - if($vip['subnet']) - $home_net .= $vip['subnet'] . " "; - - if($config['installedpackages']['snortwhitelist']) - foreach($config['installedpackages']['snortwhitelist']['config'] as $snort) - if($snort['ip']) - $home_net .= $snort['ip'] . " "; - - /* write out whitelist, convert spaces to carriage returns */ - $whitelist_home_net = str_replace(" ", " ", $home_net); - $whitelist_home_net = str_replace(" ", "\n", $home_net); - - /* make $home_net presentable to snort */ - $home_net = trim($home_net); - $home_net = str_replace(" ", ",", $home_net); - $home_net = "[{$home_net}]"; - - /* foreach through whitelist, writing out to file */ - $whitelist_split = split("\n", $whitelist_home_net); - foreach($whitelist_split as $wl) - if(trim($wl)) - fwrite($whitelist, trim($wl) . "\n"); - - /* should we whitelist vpns? */ - $whitelistvpns = $config['installedpackages']['snort']['config'][0]['whitelistvpns']; - - /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ - if($whitelistvpns) { - $vpns_list = get_vpns_list(); - $whitelist_vpns = split(" ", $vpns_list); - foreach($whitelist_vpns as $wl) - if(trim($wl)) - fwrite($whitelist, trim($wl) . "\n"); - } - - /* close file */ - fclose($whitelist); - - /* Be sure we're really rw before writing */ - conf_mount_rw(); - /* open snort's threshold.conf for writing */ - $threshlist = fopen("/usr/local/etc/snort/threshold.conf", "w"); - if(!$threshlist) { - log_error("Could not open /usr/local/etc/snort/threshold.conf for writing."); - return; - } - - /* list all entries to new lines */ - if($config['installedpackages']['snortthreshold']) - foreach($config['installedpackages']['snortthreshold']['config'] as $snortthreshlist) - if($snortthreshlist['threshrule']) - $snortthreshlist_r .= $snortthreshlist['threshrule'] . "\n"; - - - /* foreach through threshlist, writing out to file */ - $threshlist_split = split("\n", $snortthreshlist_r); - foreach($threshlist_split as $wl) - if(trim($wl)) - fwrite($threshlist, trim($wl) . "\n"); - - /* close snort's threshold.conf file */ - fclose($threshlist); - - /* generate rule sections to load */ - $enabled_rulesets = $config['installedpackages']['snort']['rulesets']; - if($enabled_rulesets) { - $selected_rules_sections = ""; - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); - foreach($enabled_rulesets_array as $enabled_item) - $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; - } - - conf_mount_ro(); - - /* build snort configuration file */ - /* TODO; feed back from pfsense users to reduce false positives */ - $snort_conf_text = <<<EOD - -# snort configuration file -# generated by the pfSense -# package manager system -# see /usr/local/pkg/snort.inc -# for more information -# snort.conf -# Snort can be found at http://www.snort.org/ - -# Copyright (C) 2006 Robert Zelaya -# part of pfSense -# All rights reserved. - -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: - -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. - -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. - -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -######################### - # -# Define Local Network # - # -######################### - -var HOME_NET {$home_net} -var EXTERNAL_NET !\$HOME_NET - -################### - # -# Define Servers # - # -################### - -var DNS_SERVERS [{$def_dns_servers_type}] -var SMTP_SERVERS [{$def_smtp_servers_type}] -var HTTP_SERVERS [{$def_http_servers_type}] -var SQL_SERVERS [{$def_sql_servers_type}] -var TELNET_SERVERS [{$def_telnet_servers_type}] -var SNMP_SERVERS [{$def_snmp_servers_type}] -var FTP_SERVERS [{$def_ftp_servers_type}] -var SSH_SERVERS [{$def_ssh_servers_type}] -var POP_SERVERS [{$def_pop_servers_type}] -var IMAP_SERVERS [{$def_imap_servers_type}] -var RPC_SERVERS \$HOME_NET -var WWW_SERVERS [{$def_www_servers_type}] -var SIP_PROXY_IP [{$def_sip_proxy_ip_type}] -var AIM_SERVERS \ -[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] - -######################## - # -# Define Server Ports # - # -######################## - -portvar HTTP_PORTS [{$def_http_ports_type}] -portvar SHELLCODE_PORTS !80 -portvar ORACLE_PORTS [{$def_oracle_ports_type}] -portvar AUTH_PORTS [{$def_auth_ports_type}] -portvar DNS_PORTS [{$def_dns_ports_type}] -portvar FINGER_PORTS [{$def_finger_ports_type}] -portvar FTP_PORTS [{$def_ftp_ports_type}] -portvar IMAP_PORTS [{$def_imap_ports_type}] -portvar IRC_PORTS [{$def_irc_ports_type}] -portvar MSSQL_PORTS [{$def_mssql_ports_type}] -portvar NNTP_PORTS [{$def_nntp_ports_type}] -portvar POP2_PORTS [{$def_pop2_ports_type}] -portvar POP3_PORTS [{$def_pop3_ports_type}] -portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779] -portvar RLOGIN_PORTS [{$def_rlogin_ports_type}] -portvar RSH_PORTS [{$def_rsh_ports_type}] -portvar SMB_PORTS [139,445] -portvar SMTP_PORTS [{$def_smtp_ports_type}] -portvar SNMP_PORTS [{$def_snmp_ports_type}] -portvar SSH_PORTS [{$def_ssh_ports_type}] -portvar TELNET_PORTS [{$def_telnet_ports_type}] -portvar MAIL_PORTS [{$def_mail_ports_type}] -portvar SSL_PORTS [{$def_ssl_ports_type}] -portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}] - -# DCERPC NCACN-IP-TCP -portvar DCERPC_NCACN_IP_TCP [139,445] -portvar DCERPC_NCADG_IP_UDP [138,1024:] -portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:] -portvar DCERPC_NCACN_UDP_LONG [135,1024:] -portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:] -portvar DCERPC_NCACN_TCP [2103,2105,2107] -portvar DCERPC_BRIGHTSTORE [6503,6504] - -##################### - # -# Define Rule Paths # - # -##################### - -var RULE_PATH /usr/local/etc/snort/rules -# var PREPROC_RULE_PATH ./preproc_rules - -################################ - # -# Configure the snort decoder # - # -################################ - -config checksum_mode: all -config disable_decode_alerts -config disable_tcpopt_experimental_alerts -config disable_tcpopt_obsolete_alerts -config disable_ttcp_alerts -config disable_tcpopt_alerts -config disable_ipopt_alerts -config disable_decode_drops - -################################### - # -# Configure the detection engine # -# Use lower memory models # - # -################################### - -config detection: search-method {$snort_performance} -config detection: max_queue_events 5 -config event_queue: max_queue 8 log 3 order_events content_length - -#Configure dynamic loaded libraries -dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/ -dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so -dynamicdetection directory /usr/local/lib/snort/dynamicrules/ - -################### - # -# Flow and stream # - # -################### - -preprocessor frag3_global: max_frags 8192 -preprocessor frag3_engine: policy windows -preprocessor frag3_engine: policy linux -preprocessor frag3_engine: policy first -preprocessor frag3_engine: policy bsd detect_anomalies - -preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ -track_udp yes, track_icmp yes -preprocessor stream5_tcp: bind_to any, policy windows -preprocessor stream5_tcp: bind_to any, policy linux -preprocessor stream5_tcp: bind_to any, policy vista -preprocessor stream5_tcp: bind_to any, policy macos -preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes -preprocessor stream5_udp -preprocessor stream5_icmp - -########################## - # -# NEW # -# Performance Statistics # - # -########################## - -preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000 - -################# - # -# HTTP Inspect # - # -################# - -preprocessor http_inspect: global iis_unicode_map unicode.map 1252 - -preprocessor http_inspect_server: server default \ - ports { 80 8080 } \ - no_alerts \ - non_strict \ - non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ - flow_depth 0 \ - apache_whitespace yes \ - directory no \ - iis_backslash no \ - u_encode yes \ - ascii yes \ - chunk_length 500000 \ - bare_byte yes \ - double_decode yes \ - iis_unicode yes \ - iis_delimiter yes \ - multi_slash no - -################## - # -# Other preprocs # - # -################## - -preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 -preprocessor bo - -##################### - # -# ftp preprocessor # - # -##################### - -preprocessor ftp_telnet: global \ -inspection_type stateless - -preprocessor ftp_telnet_protocol: telnet \ - normalize \ - ayt_attack_thresh 200 - -preprocessor ftp_telnet_protocol: \ - ftp server default \ - def_max_param_len 100 \ - ports { 21 } \ - ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \ - ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \ - ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \ - ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \ - ftp_cmds { FEAT CEL CMD MACB } \ - ftp_cmds { MDTM REST SIZE MLST MLSD } \ - ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \ - alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \ - alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \ - alt_max_param_len 256 { RNTO CWD } \ - alt_max_param_len 400 { PORT } \ - alt_max_param_len 512 { SIZE } \ - chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \ - chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \ - chk_str_fmt { LIST NLST SITE SYST STAT HELP } \ - chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \ - chk_str_fmt { FEAT CEL CMD } \ - chk_str_fmt { MDTM REST SIZE MLST MLSD } \ - chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity STRU < char FRP > \ - cmd_validity ALLO < int [ char R int ] > \ - cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \ - cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - cmd_validity PORT < host_port > - -preprocessor ftp_telnet_protocol: ftp client default \ - max_resp_len 256 \ - bounce yes \ - telnet_cmds yes - -##################### - # -# SMTP preprocessor # - # -##################### - -preprocessor SMTP: \ - ports { 25 465 691 } \ - inspection_type stateful \ - normalize cmds \ - valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \ -CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \ -PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - max_header_line_len 1000 \ - max_response_line_len 512 \ - alt_max_command_line_len 260 { MAIL } \ - alt_max_command_line_len 300 { RCPT } \ - alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ - alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ - alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \ - alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \ - alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - xlink2state { enable } - -################ - # -# sf Portscan # - # -################ - -preprocessor sfportscan: scan_type { all } \ - proto { all } \ - memcap { 10000000 } \ - sense_level { medium } \ - ignore_scanners { \$HOME_NET } - -############################ - # -# OLD # -# preprocessor dcerpc: \ # -# autodetect \ # -# max_frag_size 3000 \ # -# memcap 100000 # - # -############################ - -############### - # -# NEW # -# DCE/RPC 2 # - # -############### - -preprocessor dcerpc2: memcap 102400, events [smb, co, cl] -preprocessor dcerpc2_server: default, policy WinXP, \ - detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ - autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ - smb_max_chain 3 - -#################### - # -# DNS preprocessor # - # -#################### - -preprocessor dns: \ - ports { 53 } \ - enable_rdata_overflow - -############################## - # -# NEW # -# Ignore SSL and Encryption # - # -############################## - -preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 }, trustservers, noinspect_encrypted - -##################### - # -# Snort Output Logs # - # -##################### - -$snortalertlogtype_type -$alertsystemlog_type -$tcpdumplog_type -$snortmysqllog_info_chk -$snortunifiedlog_type -$spoink_type - -################# - # -# Misc Includes # - # -################# - -include /usr/local/etc/snort/reference.config -include /usr/local/etc/snort/classification.config -include /usr/local/etc/snort/threshold.conf - -# Snort user pass through configuration -{$snort_config_pass_thru} - -################### - # -# Rules Selection # - # -################### - -{$selected_rules_sections} - -EOD; - conf_mount_ro(); - return $snort_conf_text; -} - -/* check downloaded text from snort.org to make sure that an error did not occur - * for example, if you are not a premium subscriber you can only download rules - * so often, etc. - */ -function check_for_common_errors($filename) { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - $contents = file_get_contents($filename); - if(stristr($contents, "You don't have permission")) { - if(!$console_mode) { - update_all_status("An error occured while downloading {$filename}."); - hide_progress_bar_status(); - } else { - log_error("An error occured. Scroll down to inspect it's contents."); - echo "An error occured. Scroll down to inspect it's contents."; - } - if(!$console_mode) { - update_output_window(strip_tags("$contents")); - } else { - $contents = strip_tags($contents); - log_error("Error downloading snort rules: {$contents}"); - echo "Error downloading snort rules: {$contents}"; - } - scroll_down_to_bottom_of_page(); - exit; - } -} - -/* force browser to scroll all the way down */ -function scroll_down_to_bottom_of_page() { - global $snort_filename, $console_mode; - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>"; -} - -/* ensure downloaded file looks sane */ -function verify_downloaded_file($filename) { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(filesize($filename)<9500) { - if(!$console_mode) { - update_all_status("Checking {$filename}..."); - check_for_common_errors($filename); - } - } - update_all_status("Verifying {$filename}..."); - if(!file_exists($filename)) { - if(!$console_mode) { - update_all_status("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."); - hide_progress_bar_status(); - } else { - log_error("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."); - echo "Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."; - } - exit; - } - update_all_status("Verifyied {$filename}."); -} - -/* extract rules */ -function extract_snort_rules_md5($tmpfname) { - global $snort_filename, $snort_filename_md5, $console_mode; - ini_set("memory_limit","64M"); - conf_mount_rw(); - ob_flush(); - if(!$console_mode) { - $static_output = gettext("Extracting snort rules..."); - update_all_status($static_output); - } - if(!is_dir("/usr/local/etc/snort/rules/")) - mkdir("/usr/local/etc/snort/rules/"); - $cmd = "/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/ rules/"; - $handle = popen("{$cmd} 2>&1", 'r'); - while(!feof($handle)) { - $buffer = fgets($handle); - update_output_window($buffer); - } - pclose($handle); - - if(!$console_mode) { - $static_output = gettext("Snort rules extracted."); - update_all_status($static_output); - } else { - log_error("Snort rules extracted."); - echo "Snort rules extracted."; - } - conf_mount_ro(); -} - -/* verify MD5 against downloaded item */ -function verify_snort_rules_md5($tmpfname) { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) { - $static_output = gettext("Verifying md5 signature..."); - update_all_status($static_output); - } - - $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; - $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if($md5 == $file_md5_ondisk) { - if(!$console_mode) { - $static_output = gettext("snort rules: md5 signature of rules mismatch."); - update_all_status($static_output); - hide_progress_bar_status(); - } else { - log_error("snort rules: md5 signature of rules mismatch."); - echo "snort rules: md5 signature of rules mismatch."; - } - exit; - } -} - -/* hide progress bar */ -function hide_progress_bar_status() { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; -} - -/* unhide progress bar */ -function unhide_progress_bar_status() { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>"; -} - -/* update both top and bottom text box during an operation */ -function update_all_status($status) { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) { - update_status($status); - update_output_window($status); - } -} - -/* obtain alert description for an ip address */ -function get_snort_alert($ip) { - global $snort_alert_file_split, $snort_config; - if(!file_exists("/var/log/snort/alert")) - return; - if(!$snort_config) - $snort_config = read_snort_config_cache(); - if($snort_config[$ip]) - return $snort_config[$ip]; - if(!$snort_alert_file_split) - $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert")); - foreach($snort_alert_file_split as $fileline) { - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - $alert_title = $matches[2]; - if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches)) - $alert_ip = $matches[0]; - if($alert_ip == $ip) { - if(!$snort_config[$ip]) - $snort_config[$ip] = $alert_title; - return $alert_title; - } - } - return "n/a"; -} - -function make_clickable($buffer) { - global $config, $g; - /* if clickable urls is disabled, simply return buffer back to caller */ - $clickablalerteurls = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; - if(!$clickablalerteurls) - return $buffer; - $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer); - - return $buffer; -} - -function read_snort_config_cache() { - global $g, $config, $snort_config; - if($snort_config) - return $snort_config; - if(file_exists($g['tmp_path'] . '/snort_config.cache')) { - $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache')); - return $snort_config; - } - return; -} - -function write_snort_config_cache($snort_config) { - global $g, $config; - conf_mount_rw(); - $configcache = fopen($g['tmp_path'] . '/snort_config.cache', "w"); - if(!$configcache) { - log_error("Could not open {$g['tmp_path']}/snort_config.cache for writing."); - return false; - } - fwrite($configcache, serialize($snort_config)); - fclose($configcache); - conf_mount_ro(); - return true; -} - -function snort_advanced() { - global $g, $config; - sync_package_snort(); -} - -function snort_define_servers() { - global $g, $config; - sync_package_snort(); -} - -?> diff --git a/config/snort-old/snort.xml b/config/snort-old/snort.xml deleted file mode 100644 index 3bc40fce..00000000 --- a/config/snort-old/snort.xml +++ /dev/null @@ -1,378 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfsense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>Snort</name> - <version>2.8.4.1_5</version> - <title>Services: Snort 2.8.4.1_5 pkg v. 1.8</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <menu> - <name>Snort</name> - <tooltiptext>Setup snort specific settings</tooltiptext> - <section>Services</section> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - </menu> - <service> - <name>snort</name> - <rcfile>snort.sh</rcfile> - <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology worldwide..</description> - </service> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> - </tab> - <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> - </tab> - <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> - </tab> - <tab> - <text>Blocked</text> - <url>/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> - </tab> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/bin/barnyard2</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_download_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_rules_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_rulesets.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_whitelist.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_blocked.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_check_for_rule_updates.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_alerts.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/pf/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_dynamic_ip_reload.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_advanced.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_define_servers.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/snort_threshold.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-old/pfsense_rules/local.rules</item> - </additional_files_needed> - <fields> - <field> - <fielddescr>Interface</fielddescr> - <fieldname>iface_array</fieldname> - <description>Select the interface(s) Snort will listen on.</description> - <type>interfaces_selection</type> - <size>3</size> - <value>lan</value> - <multiple>true</multiple> - </field> - <field> - <fielddescr>Memory Performance</fielddescr> - <fieldname>performance</fieldname> - <description>Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.</description> - <type>select</type> - <options> - <option> - <name>ac-bnfa</name> - <value>ac-bnfa</value> - </option> - <option> - <name>lowmem</name> - <value>lowmem</value> - </option> - <option> - <name>ac-std</name> - <value>ac-std</value> - </option> - <option> - <name>ac</name> - <value>ac</value> - </option> - <option> - <name>ac-banded</name> - <value>ac-banded</value> - </option> - <option> - <name>ac-sparsebands</name> - <value>ac-sparsebands</value> - </option> - <option> - <name>acs</name> - <value>acs</value> - </option> - </options> - </field> - <field> - <fielddescr>Oinkmaster code</fielddescr> - <fieldname>oinkmastercode</fieldname> - <description>Obtain a snort.org Oinkmaster code and paste here.</description> - <type>input</type> - <size>60</size> - <value></value> - </field> - <field> - <fielddescr>Snort.org subscriber</fielddescr> - <fieldname>subscriber</fieldname> - <description>Check this box if you are a Snort.org subscriber (premium rules).</description> - <type>checkbox</type> - <size>60</size> - </field> - <field> - <fielddescr>Block offenders</fielddescr> - <fieldname>blockoffenders7</fieldname> - <description>Checking this option will automatically block hosts that generate a snort alert.</description> - <type>checkbox</type> - <size>60</size> - </field> - <field> - <fielddescr>Remove blocked hosts every</fielddescr> - <fieldname>rm_blocked</fieldname> - <description>Please select the amount of time hosts are blocked</description> - <type>select</type> - <options> - <option> - <name>never</name> - <value>never_b</value> - </option> - <option> - <name>1 hour</name> - <value>1h_b</value> - </option> - <option> - <name>3 hours</name> - <value>3h_b</value> - </option> - <option> - <name>6 hours</name> - <value>6h_b</value> - </option> - <option> - <name>12 hours</name> - <value>12h_b</value> - </option> - <option> - <name>1 day</name> - <value>1d_b</value> - </option> - <option> - <name>4 days</name> - <value>4d_b</value> - </option> - <option> - <name>7 days</name> - <value>7d_b</value> - </option> - <option> - <name>28 days</name> - <value>28d_b</value> - </option> - </options> - </field> - <field> - </field> - <field> - <fielddescr>Update rules automatically</fielddescr> - <fieldname>autorulesupdate7</fieldname> - <description>Please select the update times for rules.</description> - <type>select</type> - <options> - <option> - <name>never</name> - <value>never_up</value> - </option> - <option> - <name>6 hours</name> - <value>6h_up</value> - </option> - <option> - <name>12 hours</name> - <value>12h_up</value> - </option> - <option> - <name>1 day</name> - <value>1d_up</value> - </option> - <option> - <name>4 days</name> - <value>4d_up</value> - </option> - <option> - <name>7 days</name> - <value>7d_up</value> - </option> - <option> - <name>28 days</name> - <value>28d_up</value> - </option> - </options> - </field> - <field> - <fielddescr>Whitelist VPNs automatically</fielddescr> - <fieldname>whitelistvpns</fieldname> - <description>Checking this option will install whitelists for all VPNs.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Convert Snort alerts urls to clickable links</fielddescr> - <fieldname>clickablalerteurls</fieldname> - <description>Checking this option will automatically convert URLs in the Snort alerts tab to clickable links.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Associate events on Blocked tab</fielddescr> - <fieldname>associatealertip</fieldname> - <description>Checking this option will automatically associate the blocked reason from the snort alerts file.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Install emergingthreats rules.</fielddescr> - <fieldname>emergingthreats</fieldname> - <description>Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</description> - <type>checkbox</type> - </field> - </fields> - <custom_php_resync_config_command> - sync_package_snort(); - </custom_php_resync_config_command> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_install_command> - sync_package_snort_reinstall(); - </custom_php_install_command> - <custom_php_deinstall_command> - snort_deinstall(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/snort-old/snort_advanced.xml b/config/snort-old/snort_advanced.xml deleted file mode 100644 index 1fdddda2..00000000 --- a/config/snort-old/snort_advanced.xml +++ /dev/null @@ -1,196 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>SnortAdvanced</name> - <version>none</version> - <title>Services: Snort Advanced</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - </tab> - <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> - </tab> - <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> - </tab> - <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> - </tab> - <tab> - <text>Blocked</text> - <url>/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> - <active/> - </tab> - </tabs> - <fields> - <field> - <fielddescr>BPF Buffer size</fielddescr> - <fieldname>bpfbufsize</fieldname> - <description>Changing this option adjusts the system BPF buffer size. Leave blank if you do not know what this does. Default is 1024.</description> - <type>input</type> - </field> - <field> - <fielddescr>Maximum BPF buffer size</fielddescr> - <fieldname>bpfmaxbufsize</fieldname> - <description>Changing this option adjusts the system maximum BPF buffer size. Leave blank if you do not know what this does. Default is 524288. This value should never be set above hardware cache size. The best (optimal size) is 50% - 80% of the hardware cache size.</description> - <type>input</type> - </field> - <field> - <fielddescr>Maximum BPF inserts</fielddescr> - <fieldname>bpfmaxinsns</fieldname> - <description>Changing this option adjusts the system maximum BPF insert size. Leave blank if you do not know what this does. Default is 512.</description> - <type>input</type> - </field> - <field> - <fielddescr>Advanced configuration pass through</fielddescr> - <fieldname>configpassthru</fieldname> - <description>Add items to here will be automatically inserted into the running snort configuration</description> - <type>textarea</type> - <cols>40</cols> - <rows>5</rows> - </field> - <field> - <fielddescr>Snort signature info files.</fielddescr> - <fieldname>signatureinfo</fieldname> - <description>Snort signature info files will be installed during updates. At leats 500 mb of memory is needed.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Alerts Tab logging type.</fielddescr> - <fieldname>snortalertlogtype</fieldname> - <description>Please choose the type of Alert logging you will like see in the Alerts Tab. The options are Full descriptions or Fast short descriptions</description> - <type>select</type> - <options> - <option> - <name>fast</name> - <value>fast</value> - </option> - <option> - <name>full</name> - <value>full</value> - </option> - </options> - </field> - <field> - <fielddescr>Send alerts to main System logs.</fielddescr> - <fieldname>alertsystemlog</fieldname> - <description>Snort will send Alerts to the Pfsense system logs.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Log to a Tcpdump file.</fielddescr> - <fieldname>tcpdumplog</fieldname> - <description>Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by a wireshark type of application. WARNING: File may become large.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Enable Barnyard2.</fielddescr> - <fieldname>snortbarnyardlog</fieldname> - <description>This will enable barnyard2 in the snort package. You will also have to set the database credentials.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Barnyard2 Log Mysql Database.</fielddescr> - <fieldname>snortbarnyardlog_database</fieldname> - <description>Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Barnyard2 Configure Hostname ID.</fielddescr> - <fieldname>snortbarnyardlog_hostname</fieldname> - <description>Example: pfsense.local</description> - <type>input</type> - <size>25</size> - <value></value> - </field> - <field> - <fielddescr>Barnyard2 Configure Interface ID</fielddescr> - <fieldname>snortbarnyardlog_interface</fieldname> - <description>Example: vr0</description> - <type>input</type> - <size>25</size> - <value></value> - </field> - <field> - <fielddescr>Log Alerts to a snort unified2 file.</fielddescr> - <fieldname>snortunifiedlog</fieldname> - <description>Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</description> - <type>checkbox</type> - </field> - </fields> - <custom_php_deinstall_command> - snort_advanced(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/snort-old/snort_alerts.php b/config/snort-old/snort_alerts.php deleted file mode 100644 index e67b9b5f..00000000 --- a/config/snort-old/snort_alerts.php +++ /dev/null @@ -1,124 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_alerts.php - part of pfSense - - Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("globals.inc"); -require("guiconfig.inc"); -require("/usr/local/pkg/snort.inc"); - -$snort_logfile = "{$g['varlog_path']}/snort/alert"; - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("killall syslogd"); - conf_mount_rw(); - exec("rm {$snort_logfile}; touch {$snort_logfile}"); - conf_mount_ro(); - system_syslogd_start(); - exec("/usr/bin/killall -HUP snort"); - exec("/usr/bin/killall snort2c"); - if ($config['installedpackages']['snort']['config'][0]['blockoffenders'] == 'on') - exec("/usr/local/bin/snort2c -w /var/db/whitelist -a /var/log/snort/alert"); -} - -$pgtitle = "Services: Snort: Snort Alerts"; -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"),false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), true, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); -?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td colspan="2" class="listtopic"> - Last <?=$nentries;?> Snort Alert entries</td> - </tr> - <?php dump_log_file($snort_logfile, $nentries); ?> - <tr><td><br><form action="snort_alerts.php" method="post"> - <input name="clear" type="submit" class="formbtn" value="Clear log"></td></tr> - </table> - </div> - </form> - </td> - </tr> -</table> -<?php include("fend.inc"); ?> -<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>"> -</body> -</html> -<!-- <?php echo $snort_logfile; ?> --> - -<?php - -function dump_log_file($logfile, $tail, $withorig = true, $grepfor = "", $grepinvert = "") { - global $g, $config; - $logarr = ""; - exec("cat {$logfile} | /usr/bin/tail -n {$tail}", $logarr); - foreach ($logarr as $logent) { - if(!logent) - continue; - $ww_logent = $logent; - $ww_logent = str_replace("[", " [ ", $ww_logent); - $ww_logent = str_replace("]", " ] ", $ww_logent); - echo "<tr valign=\"top\">\n"; - echo "<td colspan=\"2\" class=\"listr\">" . make_clickable($ww_logent) . " </td>\n"; - echo "</tr>\n"; - } -} - -?>
\ No newline at end of file diff --git a/config/snort-old/snort_blocked.php b/config/snort-old/snort_blocked.php deleted file mode 100644 index ff158853..00000000 --- a/config/snort-old/snort_blocked.php +++ /dev/null @@ -1,174 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_blocked.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/snort.inc"); - -if($_POST['todelete'] or $_GET['todelete']) { - if($_POST['todelete']) - $ip = $_POST['todelete']; - if($_GET['todelete']) - $ip = $_GET['todelete']; - exec("/sbin/pfctl -t snort2c -T delete {$ip}"); -} - -$pgtitle = "Snort: Snort Blocked"; -include("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<?php include("fbegin.inc"); ?> - -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> - -<form action="snort_rulesets.php" method="post" name="iform" id="iform"> -<script src="/row_toggle.js" type="text/javascript"></script> -<script src="/javascript/sorttable.js" type="text/javascript"></script> -<?php if ($savemsg) print_info_box($savemsg); ?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), true, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Remove</td> - <td class="listhdrr">IP</td> - <td class="listhdrr">Alert Description</td> - </tr> -<?php - - $associatealertip = $config['installedpackages']['snort']['config'][0]['associatealertip']; - $ips = `/sbin/pfctl -t snort2c -T show`; - $ips_array = split("\n", $ips); - $counter = 0; - foreach($ips_array as $ip) { - if(!$ip) - continue; - $ww_ip = str_replace(" ", "", $ip); - $counter++; - if($associatealertip) - $alert_description = get_snort_alert($ww_ip); - else - $alert_description = ""; - echo "\n<tr>"; - echo "\n<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ww_ip)) . "'>"; - echo "\n<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>"; - echo "\n<td> {$ww_ip}</td>"; - echo "\n<td> {$alert_description}<!-- |{$ww_ip}| get_snort_alert($ww_ip); --></td>"; - echo "\n</tr>"; - } - echo "\n<tr><td colspan='3'> </td></tr>"; - if($counter < 1) - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>"; - else - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>"; - -?> - - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> - -</form> - -<p> - -<?php - -$blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blocked']; - if ($blockedtab_msg_chk == "1h_b") { - $blocked_msg = "hour"; - } - if ($blockedtab_msg_chk == "3h_b") { - $blocked_msg = "3 hours"; - } - if ($blockedtab_msg_chk == "6h_b") { - $blocked_msg = "6 hours"; - } - if ($blockedtab_msg_chk == "12h_b") { - $blocked_msg = "12 hours"; - } - if ($blockedtab_msg_chk == "1d_b") { - $blocked_msg = "day"; - } - if ($blockedtab_msg_chk == "4d_b") { - $blocked_msg = "4 days"; - } - if ($blockedtab_msg_chk == "7d_b") { - $blocked_msg = "7 days"; - } - if ($blockedtab_msg_chk == "28d_b") { - $blocked_msg = "28 days"; - } - -echo "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every $blocked_msg."; - -?> - -<?php include("fend.inc"); ?> - -</body> -</html> - -<?php - -/* write out snort cache */ -write_snort_config_cache($snort_config); - -?>
\ No newline at end of file diff --git a/config/snort-old/snort_check_for_rule_updates.php b/config/snort-old/snort_check_for_rule_updates.php deleted file mode 100644 index 8d308245..00000000 --- a/config/snort-old/snort_check_for_rule_updates.php +++ /dev/null @@ -1,634 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* Setup enviroment */ -$tmpfname = "/root/snort_rules_up"; -$snortdir = "/usr/local/etc/snort_bkup"; -$snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; -$snort_filename = "snortrules-snapshot-2.8.tar.gz"; -$emergingthreats_filename_md5 = "version.txt"; -$emergingthreats_filename = "emerging.rules.tar.gz"; -$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; -$pfsense_rules_filename = "pfsense_rules.tar.gz"; - -require("/usr/local/pkg/snort.inc"); -require_once("config.inc"); - -?> - - -<?php - -$up_date_time = date('l jS \of F Y h:i:s A'); -echo ""; -echo "#########################"; -echo "$up_date_time"; -echo "#########################"; -echo ""; - -/* Begin main code */ -/* Set user agent to Mozilla */ -ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","125M"); - -/* send current buffer */ -ob_flush(); - -/* define oinkid */ -if($config['installedpackages']['snort']) - $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; - -/* if missing oinkid exit */ -if(!$oinkid) { - echo "Please add you oink code\n"; - exit; -} - -/* premium_subscriber check */ -//unset($config['installedpackages']['snort']['config'][0]['subscriber']); -//write_config(); // Will cause switch back to read-only on nanobsd -//conf_mount_rw(); // Uncomment this if the previous line is uncommented -$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; - -if ($premium_subscriber_chk === on) { - $premium_subscriber = "_s"; -}else{ - $premium_subscriber = ""; -} - -$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -if ($premium_url_chk === on) { - $premium_url = "sub-rules"; -}else{ - $premium_url = "reg-rules"; -} - -/* send current buffer */ -ob_flush(); - -conf_mount_rw(); -/* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - exec("/bin/rm -r {$tmpfname}"); - apc_clear_cache(); -} - -/* send current buffer */ -ob_flush(); - -/* If tmp dir does not exist create it */ -if (file_exists($tmpfname)) { - echo "The directory tmp exists...\n"; -} else { - mkdir("{$tmpfname}", 700); -} - -/* download md5 sig from snort.org */ -if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { - echo "md5 temp file exists...\n"; -} else { - echo "Downloading md5 file...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done. downloading md5\n"; -} - -/* download md5 sig from emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats']; -if ($emergingthreats_url_chk == on) { - echo "Downloading md5 file...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $f = fopen("{$tmpfname}/version.txt", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done. downloading md5\n"; -} - -/* download md5 sig from pfsense.org */ -if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - echo "md5 temp file exists...\n"; -} else { - echo "Downloading pfsense md5 file...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done. downloading md5\n"; -} - -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snort']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snort']['last_rules_install']; - -/* If md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){ - echo "Please wait... You may only check for New Rules every 15 minutes...\n"; - echo "Rules are released every month from snort.org. You may download the Rules at any time.\n"; - exit(0); -} - -/* If emergingthreats md5 file is empty wait 15min exit not needed */ - -/* If pfsense md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - echo "Please wait... You may only check for New Pfsense Rules every 15 minutes...\n"; - echo "Rules are released to support Pfsense packages.\n"; - exit(0); -} - -/* Check if were up to date snort.org */ -if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){ -$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($md5_check_new == $md5_check_old) { - echo "Your rules are up to date...\n"; - echo "You may start Snort now, check update.\n"; - $snort_md5_check_ok = on; - } -} - -/* Check if were up to date emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats']; -if ($emergingthreats_url_chk == on) { -if (file_exists("{$snortdir}/version.txt")){ -$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt"); -$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); -$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($emerg_md5_check_new == $emerg_md5_check_old) { - echo "Your emergingthreats rules are up to date...\n"; - echo "You may start Snort now, check update.\n"; - $emerg_md5_check_chk_ok = on; - } - } -} - -/* Check if were up to date pfsense.org */ -if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){ -$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -if ($pfsense_md5_check_new == $pfsense_md5_check_old) { - $pfsense_md5_check_ok = on; - } -} - -/* Make Clean Snort Directory emergingthreats not checked */ -if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) { - echo "Cleaning the snort Directory...\n"; - echo "removing...\n"; - exec("/bin/rm {$snortdir}/rules/emerging*\n"); - exec("/bin/rm {$snortdir}/version.txt"); - echo "Done making cleaning emrg direcory.\n"; -} - -/* Check if were up to date exits */ -if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) { - echo "Your rules are up to date...\n"; - echo "You may start Snort now...\n"; - exit(0); -} - -if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) { - echo "Your rules are up to date...\n"; - echo "You may start Snort now...\n"; - exit(0); -} - -/* You are Not Up to date, always stop snort when updating rules for low end machines */; -echo "You are NOT up to date...\n"; -echo "Stopping Snort service...\n"; -$chk_if_snort_up = exec("pgrep -x snort"); -if ($chk_if_snort_up != "") { - exec("/usr/bin/touch /tmp/snort_download_halt.pid"); - stop_service("snort"); - sleep(2); -} - -/* download snortrules file */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - echo "Snortrule tar file exists...\n"; -} else { - - echo "There is a new set of Snort rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done downloading rules file.\n"; - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - echo "Error with the snort rules download...\n"; - echo "Snort rules file downloaded failed...\n"; - exit(0); - } - } -} - -/* download emergingthreats rules file */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - echo "Emergingthreats tar file exists...\n"; -} else { - echo "There is a new set of Emergingthreats rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz"); -// $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz"); - $f = fopen("{$tmpfname}/emerging.rules.tar.gz", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done downloading Emergingthreats rules file.\n"; - } - } - } - -/* download pfsense rules file */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - echo "Snortrule tar file exists...\n"; -} else { - - echo "There is a new set of Pfsense rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz"); - $f = fopen("{$tmpfname}/pfsense_rules.tar.gz", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done downloading rules file.\n"; - } -} - -/* Untar snort rules file individually to help people with low system specs */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - echo "Extracting rules...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/"); - echo "Done extracting Rules.\n"; -} else { - echo "The Download rules file missing...\n"; - echo "Error rules extracting failed...\n"; - exit(0); - } -} - -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - echo "Extracting rules...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } -} - -/* Untar Pfsense rules to tmp */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - echo "Extracting Pfsense rules...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } -} - -/* Untar snort signatures */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { -$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo']; -if ($premium_url_chk == on) { - echo "Extracting Signatures...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - echo "Done extracting Signatures.\n"; - } - } -} - -/* Make Clean Snort Directory */ -//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) { -//if (file_exists("{$snortdir}/rules")) { -// echo "Cleaning the snort Directory...\n"; -// echo "removing...\n"; -// exec("/bin/mkdir -p {$snortdir}"); -// exec("/bin/mkdir -p {$snortdir}/rules"); -// exec("/bin/mkdir -p {$snortdir}/signatures"); -// exec("/bin/rm {$snortdir}/*"); -// exec("/bin/rm {$snortdir}/rules/*"); -// exec("/bin/rm {$snortdir_wan}/*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*"); -//} else { -// echo "Making Snort Directory...\n"; -// echo "should be fast...\n"; -// exec("/bin/mkdir {$snortdir}"); -// exec("/bin/mkdir {$snortdir}/rules"); -// exec("/bin/rm {$snortdir_wan}/\*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*"); -// echo "Done making snort direcory.\n"; -// } -//} - -/* Copy so_rules dir to snort lib dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) { - echo "Copying so_rules...\n"; - echo "May take a while...\n"; - sleep(2); - exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`"); - exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/web-misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - echo "Done copying so_rules.\n"; -} else { - echo "Directory so_rules does not exist...\n"; - echo "Error copping so_rules...\n"; - exit(0); - } -} - -/* enable disable setting will carry over with updates */ -/* TODO carry signature changes with the updates */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { - -if (!empty($config['installedpackages']['snort']['rule_sid_on'])) { -$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on']; -$enabled_sid_on_array = split('\|\|', $enabled_sid_on); -foreach($enabled_sid_on_array as $enabled_item_on) -$selected_sid_on_sections .= "$enabled_item_on\n"; - } - -if (!empty($config['installedpackages']['snort']['rule_sid_off'])) { -$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off']; -$enabled_sid_off_array = split('\|\|', $enabled_sid_off); -foreach($enabled_sid_off_array as $enabled_item_off) -$selected_sid_off_sections .= "$enabled_item_off\n"; - } - -$snort_sid_text = <<<EOD - -########################################### -# # -# this is auto generated on snort updates # -# # -########################################### - -path = /bin:/usr/bin:/usr/local/bin - -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - -url = dir:///usr/local/etc/snort_bkup/rules - -$selected_sid_on_sections - -$selected_sid_off_sections - -EOD; - - /* open snort's threshold.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w"); - - fwrite($oinkmasterlist, "$snort_sid_text"); - - /* close snort's threshold.conf file */ - fclose($oinkmasterlist); - -} - -/* Copy configs to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$snortdir}/etc/Makefile.am")) { - echo "Copying configs to snort directory...\n"; - exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); -} else { - echo "The snort configs does not exist...\n"; - echo "Error copping config...\n"; - exit(0); - } -} - -/* Copy md5 sig to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$snort_filename_md5")) { - echo "Copying md5 sig to snort directory...\n"; - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); -} else { - echo "The md5 file does not exist...\n"; - echo "Error copping config...\n"; - exit(0); - } -} - -/* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { - echo "Copying md5 sig to snort directory...\n"; - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); -} else { - echo "The emergingthreats md5 file does not exist...\n"; - echo "Error copping config...\n"; - exit(0); - } - } -} - -/* Copy Pfsense md5 sig to snort dir */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - echo "Copying Pfsense md5 sig to snort directory...\n"; - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); -} else { - echo "The Pfsense md5 file does not exist...\n"; - echo "Error copping config...\n"; - exit(0); - } -} - -/* Copy signatures dir to snort dir */ -if ($snort_md5_check_ok != on) { -$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo']; -if ($premium_url_chk == on) { -if (file_exists("{$snortdir}/doc/signatures")) { - echo "Copying signatures...\n"; - echo "May take a while...\n"; - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - echo "Done copying signatures.\n"; -} else { - echo "Directory signatures exist...\n"; - echo "Error copping signature...\n"; - exit(0); - } - } -} - -/* double make shure clean up emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) { - apc_clear_cache(); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules"); -} - -if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); -} - -echo "Updating Alert Messages...\n"; -echo "Please Wait...\n"; -sleep(2); -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map"); - -/* Run oinkmaster to snort_wan and cp configs */ -/* If oinkmaster is not needed cp rules normally */ -/* TODO add per interface settings here */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { - - if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) { -echo "Your first set of rules are being copied...\n"; -echo "May take a while...\n"; - - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); - -} else { - echo "Your enable and disable changes are being applied to your fresh set of rules...\n"; - echo "May take a while...\n"; - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); - - /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log"); - exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - - } -} - -/* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - echo "Cleaning up...\n"; - exec("/bin/rm -r /root/snort_rules_up"); -} - -/* php code to flush out cache some people are reportting missing files this might help */ -sleep(5); -apc_clear_cache(); -exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); - -/* if snort is running hardrestart, if snort is not running do nothing */ -if (file_exists("/tmp/snort_download_halt.pid")) { - start_service("snort"); - echo "The Rules update finished...\n"; - echo "Snort has restarted with your new set of rules...\n"; - exec("/bin/rm /tmp/snort_download_halt.pid"); -} else { - echo "The Rules update finished...\n"; - echo "You may start snort now...\n"; -} -conf_mount_ro(); - -?> diff --git a/config/snort-old/snort_define_servers.xml b/config/snort-old/snort_define_servers.xml deleted file mode 100644 index 7df880d0..00000000 --- a/config/snort-old/snort_define_servers.xml +++ /dev/null @@ -1,364 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>SnortDefServers</name> - <version>none</version> - <title>Services: Snort Define Servers</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - </tab> - <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> - </tab> - <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> - </tab> - <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Blocked</text> - <url>/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> - </tab> - </tabs> - <fields> - <field> - <fielddescr>Define DNS_SERVERS</fielddescr> - <fieldname>def_dns_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define DNS_PORTS</fielddescr> - <fieldname>def_dns_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SMTP_SERVERS</fielddescr> - <fieldname>def_smtp_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SMTP_PORTS</fielddescr> - <fieldname>def_smtp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define Mail_Ports</fielddescr> - <fieldname>def_mail_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define HTTP_SERVERS</fielddescr> - <fieldname>def_http_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define WWW_SERVERS</fielddescr> - <fieldname>def_www_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define HTTP_PORTS</fielddescr> - <fieldname>def_http_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SQL_SERVERS</fielddescr> - <fieldname>def_sql_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define ORACLE_PORTS</fielddescr> - <fieldname>def_oracle_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define MSSQL_PORTS</fielddescr> - <fieldname>def_mssql_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define TELNET_SERVERS</fielddescr> - <fieldname>def_telnet_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define TELNET_PORTS</fielddescr> - <fieldname>def_telnet_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SNMP_SERVERS</fielddescr> - <fieldname>def_snmp_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SNMP_PORTS</fielddescr> - <fieldname>def_snmp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define FTP_SERVERS</fielddescr> - <fieldname>def_ftp_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define FTP_PORTS</fielddescr> - <fieldname>def_ftp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SSH_SERVERS</fielddescr> - <fieldname>def_ssh_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SSH_PORTS</fielddescr> - <fieldname>def_ssh_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define POP_SERVERS</fielddescr> - <fieldname>def_pop_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define POP2_PORTS</fielddescr> - <fieldname>def_pop2_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define POP3_PORTS</fielddescr> - <fieldname>def_pop3_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define IMAP_SERVERS</fielddescr> - <fieldname>def_imap_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define IMAP_PORTS</fielddescr> - <fieldname>def_imap_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SIP_PROXY_IP</fielddescr> - <fieldname>def_sip_proxy_ip</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SIP_PROXY_PORTS</fielddescr> - <fieldname>def_sip_proxy_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define AUTH_PORTS</fielddescr> - <fieldname>def_auth_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define FINGER_PORTS</fielddescr> - <fieldname>def_finger_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define IRC_PORTS</fielddescr> - <fieldname>def_irc_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define NNTP_PORTS</fielddescr> - <fieldname>def_nntp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define RLOGIN_PORTS</fielddescr> - <fieldname>def_rlogin_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define RSH_PORTS</fielddescr> - <fieldname>def_rsh_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SSL_PORTS</fielddescr> - <fieldname>def_ssl_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - </fields> - <custom_php_deinstall_command> - snort_define_servers(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/snort-old/snort_download_rules.php b/config/snort-old/snort_download_rules.php deleted file mode 100644 index 9826ba2a..00000000 --- a/config/snort-old/snort_download_rules.php +++ /dev/null @@ -1,790 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich and Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* Setup enviroment */ -$tmpfname = "/root/snort_rules_up"; -$snortdir = "/usr/local/etc/snort_bkup"; -$snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; -$snort_filename = "snortrules-snapshot-2.8.tar.gz"; -$emergingthreats_filename_md5 = "version.txt"; -$emergingthreats_filename = "emerging.rules.tar.gz"; -$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; -$pfsense_rules_filename = "pfsense_rules.tar.gz"; - -require_once("guiconfig.inc"); -require_once("functions.inc"); -require_once("service-utils.inc"); -require("/usr/local/pkg/snort.inc"); - -$pgtitle = "Services: Snort: Update Rules"; - -include("/usr/local/www/head.inc"); - -?> - -<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("/usr/local/www/fbegin.inc"); ?> - -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> - -<form action="snort_download_rules.php" method="post"> -<div id="inputerrors"></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td align="center" valign="top"> - <!-- progress bar --> - <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'> - <tr> - <td> - <img border='0' src='./themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' /> - </td> - </tr> - </table> - <br /> - <!-- status box --> - <textarea cols="60" rows="2" name="status" id="status" wrap="hard"> - <?=gettext("Initializing...");?> - </textarea> - <!-- command output box --> - <textarea cols="60" rows="2" name="output" id="output" wrap="hard"> - </textarea> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> -</form> - -<?php include("fend.inc");?> - -<?php - - -/* Begin main code */ -/* Set user agent to Mozilla */ -ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","125M"); - -/* send current buffer */ -ob_flush(); - -/* define oinkid */ -if($config['installedpackages']['snort']) - $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; - -/* if missing oinkid exit */ -if(!$oinkid) { - $static_output = gettext("You must obtain an oinkid from snort.org and set its value in the Snort settings tab."); - update_all_status($static_output); - hide_progress_bar_status(); - exit; -} - -/* premium_subscriber check */ -//unset($config['installedpackages']['snort']['config'][0]['subscriber']); -//write_config(); // Will cause switch back to read-only on nanobsd -//conf_mount_rw(); // Uncomment this if the previous line is uncommented - -$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; - -if ($premium_subscriber_chk === on) { - $premium_subscriber = "_s"; -}else{ - $premium_subscriber = ""; -} - -$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -if ($premium_url_chk === on) { - $premium_url = "sub-rules"; -}else{ - $premium_url = "reg-rules"; -} - -/* hide progress bar */ -hide_progress_bar_status(); - -/* send current buffer */ -ob_flush(); - -conf_mount_rw(); - -/* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - update_status(gettext("Removing old tmp files...")); - exec("/bin/rm -r {$tmpfname}"); - apc_clear_cache(); -} - -/* Make shure snortdir exits */ -exec("/bin/mkdir -p {$snortdir}"); -exec("/bin/mkdir -p {$snortdir}/rules"); -exec("/bin/mkdir -p {$snortdir}/signatures"); - -/* send current buffer */ -ob_flush(); - -/* If tmp dir does not exist create it */ -if (file_exists($tmpfname)) { - update_status(gettext("The directory tmp exists...")); -} else { - mkdir("{$tmpfname}", 700); -} - -/* unhide progress bar and lets end this party */ -unhide_progress_bar_status(); - -/* download md5 sig from snort.org */ -if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { - update_status(gettext("md5 temp file exists...")); -} else { - update_status(gettext("Downloading md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done. downloading md5")); -} - -/* download md5 sig from emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats']; -if ($emergingthreats_url_chk == on) { - update_status(gettext("Downloading md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $f = fopen("{$tmpfname}/version.txt", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done. downloading md5")); -} - -/* download md5 sig from pfsense.org */ -if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - update_status(gettext("md5 temp file exists...")); -} else { - update_status(gettext("Downloading pfsense md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done. downloading md5")); -} - -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snort']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snort']['last_rules_install']; - -/* If md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){ - update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); - update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); - hide_progress_bar_status(); - /* Display last time of sucsessful md5 check from cache */ - echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n"; - echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n"; - echo "\n\n</body>\n</html>\n"; - exit(0); -} - -/* If emergingthreats md5 file is empty wait 15min exit not needed */ - -/* If pfsense md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); - update_output_window(gettext("Rules are released to support Pfsense packages.")); - hide_progress_bar_status(); - /* Display last time of sucsessful md5 check from cache */ - echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n"; - echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n"; - echo "\n\n</body>\n</html>\n"; - exit(0); -} - -/* Check if were up to date snort.org */ -if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){ -$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($md5_check_new == $md5_check_old) { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now, check update.")); - hide_progress_bar_status(); - /* Timestamps to html */ - echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n"; - echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n"; -// echo "P is this code {$premium_subscriber}"; - echo "\n\n</body>\n</html>\n"; - $snort_md5_check_ok = on; - } -} - -/* Check if were up to date emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats']; -if ($emergingthreats_url_chk == on) { -if (file_exists("{$snortdir}/version.txt")){ -$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt"); -$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); -$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($emerg_md5_check_new == $emerg_md5_check_old) { - update_status(gettext("Your emergingthreats rules are up to date...")); - update_output_window(gettext("You may start Snort now, check update.")); - hide_progress_bar_status(); - $emerg_md5_check_chk_ok = on; - } - } -} - -/* Check if were up to date pfsense.org */ -if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){ -$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -if ($pfsense_md5_check_new == $pfsense_md5_check_old) { - $pfsense_md5_check_ok = on; - } -} - -/* Make Clean Snort Directory emergingthreats not checked */ -if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) { - update_status(gettext("Cleaning the snort Directory...")); - update_output_window(gettext("removing...")); - exec("/bin/rm {$snortdir}/rules/emerging*"); - exec("/bin/rm {$snortdir}/version.txt"); - exec("/bin/rm {$snortdir_wan}/rules/emerging*"); - exec("/bin/rm {$snortdir_wan}/version.txt"); - update_status(gettext("Done making cleaning emrg direcory.")); -} - -/* Check if were up to date exits */ -if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - exit(0); -} - -if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - exit(0); -} - -/* You are Not Up to date, always stop snort when updating rules for low end machines */; -update_status(gettext("You are NOT up to date...")); -update_output_window(gettext("Stopping Snort service...")); -$chk_if_snort_up = exec("pgrep -x snort"); -if ($chk_if_snort_up != "") { - exec("/usr/bin/touch /tmp/snort_download_halt.pid"); - stop_service("snort"); - sleep(2); -} - -/* download snortrules file */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Snortrule tar file exists...")); -} else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Snort rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); -// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - update_status(gettext("Error with the snort rules download...")); - update_output_window(gettext("Snort rules file downloaded failed...")); - exit(0); - } - } -} - -/* download emergingthreats rules file */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - update_status(gettext("Emergingthreats tar file exists...")); -} else { - update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); -// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading Emergingthreats rules file.")); - } - } - } - -/* download pfsense rules file */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Snortrule tar file exists...")); -} else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); -// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - } -} - -/* Compair md5 sig to file sig */ - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk == on) { -//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md5 == $file_md5_ondisk) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); -// update_output_window(gettext("Error md5 Mismatch...")); -// exit(0); -// } -//} - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk != on) { -//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; -//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md55 == $file_md5_ondisk2) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...Not P")); -// update_output_window(gettext("Error md5 Mismatch...")); -// exit(0); -// } -//} - -/* Untar snort rules file individually to help people with low system specs */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/"); - update_status(gettext("Done extracting Rules.")); -} else { - update_status(gettext("The Download rules file missing...")); - update_output_window(gettext("Error rules extracting failed...")); - exit(0); - } -} - -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } -} - -/* Untar Pfsense rules to tmp */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Extracting Pfsense rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } -} - -/* Untar snort signatures */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { -$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo']; -if ($premium_url_chk == on) { - update_status(gettext("Extracting Signatures...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - update_status(gettext("Done extracting Signatures.")); - } - } -} - -/* Make Clean Snort Directory */ -//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) { -//if (file_exists("{$snortdir}/rules")) { -// update_status(gettext("Cleaning the snort Directory...")); -// update_output_window(gettext("removing...")); -// exec("/bin/mkdir -p {$snortdir}"); -// exec("/bin/mkdir -p {$snortdir}/rules"); -// exec("/bin/mkdir -p {$snortdir}/signatures"); -// exec("/bin/rm {$snortdir}/*"); -// exec("/bin/rm {$snortdir}/rules/*"); -// exec("/bin/rm {$snortdir_wan}/*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); - -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*"); -//} else { -// update_status(gettext("Making Snort Directory...")); -// update_output_window(gettext("should be fast...")); -// exec("/bin/mkdir -p {$snortdir}"); -// exec("/bin/mkdir -p {$snortdir}/rules"); -// exec("/bin/rm {$snortdir_wan}/*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*"); -// update_status(gettext("Done making snort direcory.")); -// } -//} - -/* Copy so_rules dir to snort lib dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) { - update_status(gettext("Copying so_rules...")); - update_output_window(gettext("May take a while...")); - exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`"); - exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - update_status(gettext("Done copying so_rules.")); -} else { - update_status(gettext("Directory so_rules does not exist...")); - update_output_window(gettext("Error copying so_rules...")); - exit(0); - } -} - -/* enable disable setting will carry over with updates */ -/* TODO carry signature changes with the updates */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { - -if (!empty($config['installedpackages']['snort']['rule_sid_on'])) { -$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on']; -$enabled_sid_on_array = split('\|\|', $enabled_sid_on); -foreach($enabled_sid_on_array as $enabled_item_on) -$selected_sid_on_sections .= "$enabled_item_on\n"; - } - -if (!empty($config['installedpackages']['snort']['rule_sid_off'])) { -$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off']; -$enabled_sid_off_array = split('\|\|', $enabled_sid_off); -foreach($enabled_sid_off_array as $enabled_item_off) -$selected_sid_off_sections .= "$enabled_item_off\n"; - } - -$snort_sid_text = <<<EOD - -########################################### -# # -# this is auto generated on snort updates # -# # -########################################### - -path = /bin:/usr/bin:/usr/local/bin - -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - -url = dir:///usr/local/etc/snort_bkup/rules - -$selected_sid_on_sections - -$selected_sid_off_sections - -EOD; - - /* open snort's threshold.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w"); - - fwrite($oinkmasterlist, "$snort_sid_text"); - - /* close snort's threshold.conf file */ - fclose($oinkmasterlist); - -} - -/* Copy configs to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$snortdir}/etc/Makefile.am")) { - update_status(gettext("Copying configs to snort directory...")); - exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - -} else { - update_status(gettext("The snort config does not exist...")); - update_output_window(gettext("Error copying config...")); - exit(0); - } -} - -/* Copy md5 sig to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$snort_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); -} else { - update_status(gettext("The md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - exit(0); - } -} - -/* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); -} else { - update_status(gettext("The emergingthreats md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - exit(0); - } - } -} - -/* Copy Pfsense md5 sig to snort dir */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - update_status(gettext("Copying Pfsense md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); -} else { - update_status(gettext("The Pfsense md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - exit(0); - } -} - -/* Copy signatures dir to snort dir */ -if ($snort_md5_check_ok != on) { -$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo']; -if ($premium_url_chk == on) { -if (file_exists("{$snortdir}/doc/signatures")) { - update_status(gettext("Copying signatures...")); - update_output_window(gettext("May take a while...")); - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - update_status(gettext("Done copying signatures.")); -} else { - update_status(gettext("Directory signatures exist...")); - update_output_window(gettext("Error copying signature...")); - exit(0); - } - } -} - -/* double make shure cleanup emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) { - apc_clear_cache(); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules"); -} - -if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); -} - -/* create a msg-map for snort */ -update_status(gettext("Updating Alert Messages...")); -update_output_window(gettext("Please Wait...")); -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map"); - -/* Run oinkmaster to snort_wan and cp configs */ -/* If oinkmaster is not needed cp rules normally */ -/* TODO add per interface settings here */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { - - if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) { - update_status(gettext("Your first set of rules are being copied...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); - -} else { - update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); - - /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log"); - exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - - - } -} - -/* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /root/snort_rules_up"); -// apc_clear_cache(); -} - -/* php code to flush out cache some people are reportting missing files this might help */ -sleep(2); -apc_clear_cache(); -exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); - -/* if snort is running hardrestart, if snort is not running do nothing */ -if (file_exists("/tmp/snort_download_halt.pid")) { - start_service("snort"); - update_status(gettext("The Rules update finished...")); - update_output_window(gettext("Snort has restarted with your new set of rules...")); - exec("/bin/rm /tmp/snort_download_halt.pid"); -} else { - update_status(gettext("The Rules update finished...")); - update_output_window(gettext("You may start snort now...")); -} - -/* hide progress bar and lets end this party */ -hide_progress_bar_status(); -conf_mount_ro(); -?> - -<?php - -function read_body_firmware($ch, $string) { - global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; - $length = strlen($string); - $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - $a = $file_size; - $b = $downloaded; - $c = $downloadProgress; - $text = " Snort download in progress\\n"; - $text .= "----------------------------------------------------\\n"; - $text .= " Downloaded : {$b}\\n"; - $text .= "----------------------------------------------------\\n"; - $counter++; - if($counter > 150) { - update_output_window($text); - update_progress_bar($downloadProgress); - flush(); - $counter = 0; - } - conf_mount_rw(); - fwrite($fout, $string); - conf_mount_ro(); - return $length; -} - -?> - -</body> -</html> diff --git a/config/snort-old/snort_dynamic_ip_reload.php b/config/snort-old/snort_dynamic_ip_reload.php deleted file mode 100644 index 0fad085b..00000000 --- a/config/snort-old/snort_dynamic_ip_reload.php +++ /dev/null @@ -1,49 +0,0 @@ -<?php - -/* $Id$ */ -/* - snort_dynamic_ip_reload.php - Copyright (C) 2006 Scott Ullrich and Robert Zeleya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* NOTE: this file gets included from the pfSense filter.inc plugin process */ -/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */ - -require_once("/usr/local/pkg/snort.inc"); -require_once("service-utils.inc"); -require_once("config.inc"); - - -if($config['interfaces']['wan']['ipaddr'] == "pppoe" or - $config['interfaces']['wan']['ipaddr'] == "dhcp") { - create_snort_conf(); - exec("killall -HUP snort"); - /* define snortbarnyardlog_chk */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; - if ($snortbarnyardlog_info_chk == on) - exec("killall -HUP barnyard2"); -} - -?>
\ No newline at end of file diff --git a/config/snort-old/snort_rules.php b/config/snort-old/snort_rules.php deleted file mode 100644 index 94c99f0e..00000000 --- a/config/snort-old/snort_rules.php +++ /dev/null @@ -1,626 +0,0 @@ -<?php -/* $Id$ */ -/* - edit_snortrule.php - Copyright (C) 2004, 2005 Scott Ullrich and Rober Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -require("guiconfig.inc"); -require("config.inc"); - -if(!is_dir("/usr/local/etc/snort/rules")) { - conf_mount_rw(); - exec('mkdir /usr/local/etc/snort/rules/'); - conf_mount_ro(); -} - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules'); -if ($isrulesfolderempty == "") { - -include("head.inc"); -include("fbegin.inc"); - -echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - -echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n -<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n -<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); - -echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n -# The rules directory is empty.\n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n -</table>\n -\n -</form>\n -\n -<p>\n\n"; - -echo "Please click on the Update Rules tab to install your selected rule sets."; -include("fend.inc"); - -echo "</body>"; -echo "</html>"; - -exit(0); - -} - -function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; -} - -function write_rule_file($content_changed, $received_file) -{ - conf_mount_rw(); - - //read snort file with writing enabled - $filehandle = fopen($received_file, "w"); - - //delimiter for each new rule is a new line - $delimiter = "\n"; - - //implode the array back into a string for writing purposes - $fullfile = implode($delimiter, $content_changed); - - //write data to file - fwrite($filehandle, $fullfile); - - //close file handle - fclose($filehandle); - - conf_mount_rw(); -} - -function load_rule_file($incoming_file) -{ - - //read snort file - $filehandle = fopen($incoming_file, "r"); - - //read file into string, and get filesize - $contents = fread($filehandle, filesize($incoming_file)); - - //close handler - fclose ($filehandle); - - //string for populating category select - $currentruleset = substr($file, 27); - - //delimiter for each new rule is a new line - $delimiter = "\n"; - - //split the contents of the string file into an array using the delimiter - $splitcontents = explode($delimiter, $contents); - - return $splitcontents; - -} - -$ruledir = "/usr/local/etc/snort/rules/"; -$dh = opendir($ruledir); - -$message_reload = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect."; - -while (false !== ($filename = readdir($dh))) -{ - //only populate this array if its a rule file - $isrulefile = strstr($filename, ".rules"); - if ($isrulefile !== false) - { - $files[] = $filename; - } -} - -sort($files); - -if ($_GET['openruleset']) -{ - $file = $_GET['openruleset']; -} -else -{ - $file = $ruledir.$files[0]; - -} - -//Load the rule file -$splitcontents = load_rule_file($file); - -if ($_POST) -{ - if (!$_POST['apply']) { - //retrieve POST data - $post_lineid = $_POST['lineid']; - $post_enabled = $_POST['enabled']; - $post_src = $_POST['src']; - $post_srcport = $_POST['srcport']; - $post_dest = $_POST['dest']; - $post_destport = $_POST['destport']; - - //clean up any white spaces insert by accident - $post_src = str_replace(" ", "", $post_src); - $post_srcport = str_replace(" ", "", $post_srcport); - $post_dest = str_replace(" ", "", $post_dest); - $post_destport = str_replace(" ", "", $post_destport); - - //copy rule contents from array into string - $tempstring = $splitcontents[$post_lineid]; - - //search string - $findme = "# alert"; //find string for disabled alerts - - //find if alert is disabled - $disabled = strstr($tempstring, $findme); - - //if find alert is false, then rule is disabled - if ($disabled !== false) - { - //has rule been enabled - if ($post_enabled == "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("# alert", "alert", $tempstring); - $counter2 = 1; - } - else - { - //rule is staying disabled - $counter2 = 2; - } - } - else - { - //has rule been disabled - if ($post_enabled != "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("alert", "# alert", $tempstring); - $counter2 = 2; - } - else - { - //rule is staying enabled - $counter2 = 1; - } - } - - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); - - //insert new values - $counter2++; - $rule_content[$counter2] = $post_src;//source location - $counter2++; - $rule_content[$counter2] = $post_srcport;//source port location - $counter2 = $counter2+2; - $rule_content[$counter2] = $post_dest;//destination location - $counter2++; - $rule_content[$counter2] = $post_destport;//destination port location - - //implode the array back into string - $tempstring = implode(' ', $rule_content); - - //copy string into file array for writing - $splitcontents[$post_lineid] = $tempstring; - - //write the new .rules file - write_rule_file($splitcontents, $file); - - //once file has been written, reload file - $splitcontents = load_rule_file($file); - - $stopMsg = true; - } - - if ($_POST['apply']) { -// stop_service("snort"); -// sleep(2); -// start_service("snort"); - $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab."; - $stopMsg = false; - } - -} -else if ($_GET['act'] == "toggle") -{ - $toggleid = $_GET['id']; - - //copy rule contents from array into string - $tempstring = $splitcontents[$toggleid]; - - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); - - //search string - $findme = "# alert"; //find string for disabled alerts - - //find if alert is disabled - $disabled = strstr($tempstring, $findme); - - //if find alert is false, then rule is disabled - if ($disabled !== false) - { - //rule has been enabled - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("# alert", "alert", $tempstring); - - } - else - { - //has rule been disabled - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("alert", "# alert", $tempstring); - - } - - //copy string into array for writing - $splitcontents[$toggleid] = $tempstring; - - //write the new .rules file - write_rule_file($splitcontents, $file); - - //once file has been written, reload file - $splitcontents = load_rule_file($file); - - $stopMsg = true; - - //write disable/enable sid to config.xml - if ($disabled == false) { - $string_sid = strstr($tempstring, 'sid:'); - $sid_pieces = explode(";", $string_sid); - $sid_off_cut = $sid_pieces[0]; - // sid being turned off - $sid_off = str_replace("sid:", "", $sid_off_cut); - // rule_sid_on registers - $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; - // if off sid is the same as on sid remove it - $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces"); - // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old; - // rule sid off registers - $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off']; - // if off sid is the same as off sid remove it - $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces"); - // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old; - // add sid off registers to new off sid - $config['installedpackages']['snort']['rule_sid_off'] = "||disablesid $sid_off" . $config['installedpackages']['snort']['rule_sid_off']; - write_config(); - } - else - { - $string_sid = strstr($tempstring, 'sid:'); - $sid_pieces = explode(";", $string_sid); - $sid_on_cut = $sid_pieces[0]; - // sid being turned off - $sid_on = str_replace("sid:", "", $sid_on_cut); - // rule_sid_off registers - $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off']; - // if off sid is the same as on sid remove it - $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces"); - // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old; - // rule sid on registers - $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; - // if on sid is the same as on sid remove it - $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces"); - // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old; - // add sid on registers to new on sid - $config['installedpackages']['snort']['rule_sid_on'] = "||enablesid $sid_on" . $config['installedpackages']['snort']['rule_sid_on']; - write_config(); - } - -} - - -$pgtitle = "Snort: Rules"; -require("guiconfig.inc"); -include("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> -<form action="snort_rules.php" method="post" name="iform" id="iform"> -<?php if ($savemsg){print_info_box($savemsg);} else if ($stopMsg){print_info_box_np($message_reload);}?> -<br> -</form> -<script type="text/javascript" language="javascript" src="row_toggle.js"> - <script src="/javascript/sorttable.js" type="text/javascript"> -</script> - -<script language="javascript" type="text/javascript"> -<!-- -function go() -{ - var agt=navigator.userAgent.toLowerCase(); - if (agt.indexOf("msie") != -1) { - box = document.forms.selectbox; - } else { - box = document.forms[1].selectbox; - } - destination = box.options[box.selectedIndex].value; - if (destination) - location.href = destination; -} -// --> -</script> - -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="5%" class="listhdr">SID</td> - <td width="6%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> - <td width="10%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> - <td width="10%" class="listhdrr">Port</td> - <td width="32%" class="listhdrr">Message</td> - - </tr> - <tr> - <?php - - echo "<br>Category: "; - - //string for populating category select - $currentruleset = substr($file, 27); - ?> - <form name="forms"> - <select name="selectbox" class="formfld" onChange="go()"> - <?php - $i=0; - foreach ($files as $value) - { - $selectedruleset = ""; - if ($files[$i] === $currentruleset) - $selectedruleset = "selected"; - ?> - <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>" - <?php - $i++; - - } - ?> - </select> - </form> - </tr> - <?php - - $counter = 0; - $printcounter = 0; - - foreach ( $splitcontents as $value ) - { - - $counter++; - $disabled = "False"; - $comments = "False"; - - $tempstring = $splitcontents[$counter]; - $findme = "# alert"; //find string for disabled alerts - - //find alert - $disabled_pos = strstr($tempstring, $findme); - - - //do soemthing, this rule is enabled - $counter2 = 1; - - //retrieve sid value - $sid = get_middle($tempstring, 'sid:', ';', 0); - - //check to see if the sid is numberical - $is_sid_num = is_numeric($sid); - - //if SID is numerical, proceed - if ($is_sid_num) - { - - //if find alert is false, then rule is disabled - if ($disabled_pos !== false){ - $counter2 = $counter2+1; - $textss = "<span class=\"gray\">"; - $textse = "</span>"; - $iconb = "icon_block_d.gif"; - } - else - { - $textss = $textse = ""; - $iconb = "icon_block.gif"; - } - - $rule_content = explode(' ', $tempstring); - - $protocol = $rule_content[$counter2];//protocol location - $counter2++; - $source = $rule_content[$counter2];//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = $rule_content[$counter2];//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - $message = get_middle($tempstring, 'msg:"', '";', 0); - - echo "<tr>"; - echo "<td class=\"listt\">"; - echo $textss; - ?> - <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a> - <?php - echo $textse; - echo "</td>"; - - - echo "<td class=\"listlr\">"; - echo $textss; - echo $sid; - echo $textse; - echo "</td>"; - - echo "<td class=\"listlr\">"; - echo $textss; - echo $protocol; - $printcounter++; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $source; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $source_port; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $destination; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $destination_port; - echo $textse; - echo "</td>"; - ?> - <td class="listbg"><font color="white"> - <?php - echo $textss; - echo $message; - echo $textse; - echo "</td>"; - ?> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - <?php - } - } - echo " "; - echo "There are "; - echo $printcounter; - echo " rules in this category. <br><br>"; - ?> - </table> - </td> - </tr> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> - <td>Rule Enabled</td> - </tr> - <tr> - <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> - <td nowrap>Rule Disabled</td> - - - </tr> - <tr> - <td colspan="10"> - <p> - <!--<strong><span class="red">Warning:<br> - </span></strong>Editing these r</p>--> - </td> - </tr> - </table> - </table> - - </td> - </tr> -</table> - - -<?php include("fend.inc"); ?> -</div></body> -</html>
\ No newline at end of file diff --git a/config/snort-old/snort_rules_edit.php b/config/snort-old/snort_rules_edit.php deleted file mode 100644 index cbabce73..00000000 --- a/config/snort-old/snort_rules_edit.php +++ /dev/null @@ -1,207 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_rules_edit.php - Copyright (C) 2004, 2005 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; -} - - -$file = $_GET['openruleset']; - -//read snort file -$filehandle = fopen($file, "r"); - -//get rule id -$lineid = $_GET['id']; - -//read file into string, and get filesize -$contents = fread($filehandle, filesize($file)); - -//close handler -fclose ($filehandle); - -//delimiter for each new rule is a new line -$delimiter = "\n"; - -//split the contents of the string file into an array using the delimiter -$splitcontents = explode($delimiter, $contents); - -//copy rule contents from array into string -$tempstring = $splitcontents[$lineid]; - -//explode rule contents into an array, (delimiter is space) -$rule_content = explode(' ', $tempstring); - -//search string -$findme = "# alert"; //find string for disabled alerts - -//find if alert is disabled -$disabled = strstr($tempstring, $findme); - -//get sid -$sid = get_middle($tempstring, 'sid:', ';', 0); - - -//if find alert is false, then rule is disabled -if ($disabled !== false) -{ - //move counter up 1, so we do not retrieve the # in the rule_content array - $counter2 = 2; -} -else -{ - $counter2 = 1; -} - - -$protocol = $rule_content[$counter2];//protocol location -$counter2++; -$source = $rule_content[$counter2];//source location -$counter2++; -$source_port = $rule_content[$counter2];//source port location -$counter2++; -$direction = $rule_content[$counter2]; -$counter2++; -$destination = $rule_content[$counter2];//destination location -$counter2++; -$destination_port = $rule_content[$counter2];//destination port location -$message = get_middle($tempstring, 'msg:"', '";', 0); - -$content = get_middle($tempstring, 'content:"', '";', 0); -$classtype = get_middle($tempstring, 'classtype:', ';', 0); -$revision = get_middle($tempstring, 'rev:', ';',0); - -$pgtitle = "Snort: Edit Rule"; -require("guiconfig.inc"); -include("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("fbegin.inc"); ?> -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <form action="snort_rules.php?openruleset=<?=$file;?>&id=<?=$lineid;?>" target="" method="post" name="editform" id="editform"> - <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listhdr" width="10%">Enabled: </td> - <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if ($disabled === false) echo "checked";?>></td> - </tr> - <tr> - <td class="listhdr" width="10%">SID: </td> - <td class="listlr" width="30%"><?php echo $sid; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Protocol: </td> - <td class="listlr" width="30%"><?php echo $protocol; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Source: </td> - <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo $source;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Source Port: </td> - <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo $source_port;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Direction:</td> - <td class="listlr" width="30%"><?php echo $direction;?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Destination:</td> - <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo $destination;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Destination Port: </td> - <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo $destination_port;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Message: </td> - <td class="listlr" width="30%"><?php echo $message; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Content: </td> - <td class="listlr" width="30%"><?php echo $content; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Classtype: </td> - <td class="listlr" width="30%"><?php echo $classtype; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Revision: </td> - <td class="listlr" width="30%"><?php echo $revision; ?></td> - </tr> - <tr><td> </td></tr> - <tr> - <td><input name="lineid" type="hidden" value="<?=$lineid;?>"></td> - <td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">   <input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td> - </tr> - </table> - </form> - </td> - </tr> - </table> - </td> -</tr> -</table> - -<?php include("fend.inc"); ?> -</div></body> -</html>
\ No newline at end of file diff --git a/config/snort-old/snort_rulesets.php b/config/snort-old/snort_rulesets.php deleted file mode 100644 index d839ae7a..00000000 --- a/config/snort-old/snort_rulesets.php +++ /dev/null @@ -1,230 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require_once("service-utils.inc"); -require("/usr/local/pkg/snort.inc"); - -if(!is_dir("/usr/local/etc/snort/rules")) { - conf_mount_rw(); - exec('mkdir /usr/local/etc/snort/rules/'); - conf_mount_ro(); -} - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules'); -if ($isrulesfolderempty == "") { - -include("head.inc"); -include("fbegin.inc"); - -echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - -echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n -<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n -<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); - -echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n -# The rules directory is empty.\n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n -</table>\n -\n -</form>\n -\n -<p>\n\n"; - -echo "Please click on the Update Rules tab to install your selected rule sets."; -include("fend.inc"); - -echo "</body>"; -echo "</html>"; - -exit(0); - -} - -if($_POST) { - $enabled_items = ""; - $isfirst = true; - foreach($_POST['toenable'] as $toenable) { - if(!$isfirst) - $enabled_items .= "||"; - $enabled_items .= "{$toenable}"; - $isfirst = false; - } - $config['installedpackages']['snort']['rulesets'] = $enabled_items; - write_config(); - stop_service("snort"); - create_snort_conf(); - sleep(2); - start_service("snort"); - $savemsg = "The snort ruleset selections have been saved."; -} - -$enabled_rulesets = $config['installedpackages']['snort']['rulesets']; -if($enabled_rulesets) - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); - -$pgtitle = "Snort: Categories"; -include("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<?php include("fbegin.inc"); ?> - -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> - -<form action="snort_rulesets.php" method="post" name="iform" id="iform"> -<script src="/row_toggle.js" type="text/javascript"></script> -<script src="/javascript/sorttable.js" type="text/javascript"></script> -<?php if ($savemsg) print_info_box($savemsg); ?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Enabled</td> - <td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td> - <!-- <td class="listhdrr">Description</td> --> - </tr> -<?php - $dir = "/usr/local/etc/snort/rules/"; - $dh = opendir($dir); - while (false !== ($filename = readdir($dh))) { - $files[] = $filename; - } - sort($files); - foreach($files as $file) { - if(!stristr($file, ".rules")) - continue; - echo "<tr>"; - echo "<td align=\"center\" valign=\"top\">"; - if(is_array($enabled_rulesets_array)) - if(in_array($file, $enabled_rulesets_array)) { - $CHECKED = " checked=\"checked\""; - } else { - $CHECKED = ""; - } - else - $CHECKED = ""; - echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />"; - echo "</td>"; - echo "<td>"; - echo "<a href='snort_rules.php?openruleset=/usr/local/etc/snort/rules/" . urlencode($file) . "'>{$file}</a>"; - echo "</td>"; - //echo "<td>"; - //echo "description"; - //echo "</td>"; - } - -?> - </table> - </td> - </tr> - <tr><td> </td></tr> - <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr> - <tr><td> </td></tr> - <tr><td><input value="Save" type="submit" name="save" id="save" /></td></tr> - </table> - </div> - </td> - </tr> -</table> - -</form> - -<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset. - -<?php include("fend.inc"); ?> - -</body> -</html> - -<?php - - function get_snort_rule_file_description($filename) { - $filetext = file_get_contents($filename); - - } - -?>
\ No newline at end of file diff --git a/config/snort-old/snort_threshold.xml b/config/snort-old/snort_threshold.xml deleted file mode 100644 index f9075d3d..00000000 --- a/config/snort-old/snort_threshold.xml +++ /dev/null @@ -1,129 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>snort-threshold</name> - <version>0.1.0</version> - <title>Snort: Alert Thresholding and Suppression</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <!-- Menu is where this packages menu will appear --> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - </tab> - <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> - </tab> - <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> - </tab> - <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> - </tab> - <tab> - <text>Blocked</text> - <url>/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - <active/> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> - </tab> - </tabs> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Thresholding or Suppression Rule</fielddescr> - <fieldname>threshrule</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - </adddeleteeditpagefields> - <fields> - <field> - <fielddescr>Thresholding or Suppression Rule</fielddescr> - <fieldname>threshrule</fieldname> - <description>Enter the Rule. Example; "suppress gen_id 125, sig_id 4" or "threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60"</description> - <type>input</type> - <size>40</size> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>Enter the description for this item</description> - <type>input</type> - <size>60</size> - </field> - </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> - <custom_php_resync_config_command> - create_snort_conf(); - </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file diff --git a/config/snort-old/snort_whitelist.xml b/config/snort-old/snort_whitelist.xml deleted file mode 100644 index 42769e4e..00000000 --- a/config/snort-old/snort_whitelist.xml +++ /dev/null @@ -1,129 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>snort-whitelist</name> - <version>0.1.0</version> - <title>Snort: Whitelist</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <!-- Menu is where this packages menu will appear --> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - </tab> - <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> - </tab> - <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> - </tab> - <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> - </tab> - <tab> - <text>Blocked</text> - <url>/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> - <active/> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> - </tab> - </tabs> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Whitelisted IP</fielddescr> - <fieldname>ip</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - </adddeleteeditpagefields> - <fields> - <field> - <fielddescr>Whitelisted IP</fielddescr> - <fieldname>ip</fieldname> - <description>Enter the IP or network to whitelist from snort blocking. Network items should be expressed in CIDR notation. Example: 0.0.0.0/24 or 0.0.0.0/32</description> - <type>input</type> - <size>40</size> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>Enter the description for this item</description> - <type>input</type> - <size>60</size> - </field> - </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> - <custom_php_resync_config_command> - create_snort_conf(); - </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file diff --git a/config/snort-old/snort_xmlrpc_sync.php b/config/snort-old/snort_xmlrpc_sync.php deleted file mode 100644 index db8b3f3e..00000000 --- a/config/snort-old/snort_xmlrpc_sync.php +++ /dev/null @@ -1,114 +0,0 @@ -<?php - -/* $Id$ */ -/* - snort_xmlrpc_sync.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* NOTE: this file gets included from the pfSense filter.inc plugin process */ - -require_once("/usr/local/pkg/snort.inc"); -require_once("service-utils.inc"); - -if(!$config) { - log_error("\$config is not enabled!!"); -} else { - if(!$g['booting']) - snort_do_xmlrpc_sync(); -} - -function snort_do_xmlrpc_sync() { - - return; /* need to fix the bug which whipes out carp sync settings, etc */ - - global $config, $g; - $syncxmlrpc = $config['installedpackages']['snort']['config'][0]['syncxmlrpc']; - /* option enabled? */ - if(!$syncxmlrpc) - return; - - $carp = &$config['installedpackages']['carpsettings']['config'][0]; - $password = $carp['password']; - - if(!$carp['synchronizetoip']) - return; - - log_error("[SNORT] snort_xmlrpc_sync.php is starting."); - $xmlrpc_sync_neighbor = $carp['synchronizetoip']; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") { - $port = "80"; - } else { - $port = "443"; - } - } - $synchronizetoip .= $carp['synchronizetoip']; - - /* xml will hold the sections to sync */ - $xml = array(); - $xml['installedpackages']['snort'] = &$config['installedpackages']['snort']; - $xml['installedpackages']['snortwhitelist'] = &$config['installedpackages']['snortwhitelist']; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - $method = 'pfsense.restore_config_section'; - - /* Sync! */ - log_error("Beginning Snort XMLRPC sync to {$url}:{$port}."); - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - if($g['debug']) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after 240 seconds */ - $resp = $cli->send($msg, "999"); - if(!$resp) { - $error = "A communications error occured while attempting Snort XMLRPC sync with {$url}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "Snort Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "Snort Settings Sync", ""); - } else { - log_error("Snort XMLRPC sync successfully completed with {$url}:{$port}."); - } - log_error("[SNORT] snort_xmlrpc_sync.php is ending."); -} - -?>
\ No newline at end of file diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 52aaed2a..f4fd93b9 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -5,7 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009-2010 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013,2014 Bill Meeks * part of pfSense * All rights reserved. * @@ -51,11 +51,13 @@ $snortver = array(); exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); $snort_version = $snortver[0]; if (empty($snort_version)) - $snort_version = "2.9.5.5"; + $snort_version = "2.9.6.0"; -/* package version */ -$pfSense_snort_version = "3.0.2"; -$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}"; +/* Used to indicate latest version of this include file has been loaded */ +$pfSense_snort_version = "3.0.7"; + +/* get installed package version for display */ +$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; // Define SNORTDIR and SNORTLIBDIR constants according to pfSense version $pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); @@ -81,6 +83,7 @@ define("VRT_FILE_PREFIX", "snort_"); define("GPL_FILE_PREFIX", "GPLv2_"); define("ET_OPEN_FILE_PREFIX", "emerging-"); define("ET_PRO_FILE_PREFIX", "etpro-"); +define("IPREP_PATH", "/var/db/snort/iprep/"); /* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */ $rebuild_rules = false; @@ -498,21 +501,18 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { return $valresult; } -/* checks to see if service is running yes/no and stop/start */ +/* checks to see if service is running */ function snort_is_running($snort_uuid, $if_real, $type = 'snort') { global $config, $g; - if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid")) - return 'yes'; - - return 'no'; + return isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid"); } function snort_barnyard_stop($snortcfg, $if_real) { global $config, $g; $snort_uuid = $snortcfg['uuid']; - if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { + if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { log_error("[Snort] Barnyard2 STOP for {$snortcfg['descr']}({$if_real})..."); killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } @@ -522,7 +522,7 @@ function snort_stop($snortcfg, $if_real) { global $config, $g; $snort_uuid = $snortcfg['uuid']; - if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { log_error("[Snort] Snort STOP for {$snortcfg['descr']}({$if_real})..."); killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); } @@ -534,12 +534,13 @@ function snort_barnyard_start($snortcfg, $if_real) { global $config, $g; $snortdir = SNORTDIR; + $snortlogdir = SNORTLOGDIR; $snort_uuid = $snortcfg['uuid']; /* define snortbarnyardlog_chk */ - if ($snortcfg['barnyard_enable'] == 'on' && !empty($snortcfg['barnyard_mysql'])) { + if ($snortcfg['barnyard_enable'] == 'on') { log_error("[Snort] Barnyard2 START for {$snortcfg['descr']}({$if_real})..."); - exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q"); + mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); } } @@ -547,11 +548,12 @@ function snort_start($snortcfg, $if_real) { global $config, $g; $snortdir = SNORTDIR; + $snortlogdir = SNORTLOGDIR; $snort_uuid = $snortcfg['uuid']; if ($snortcfg['enable'] == 'on') { log_error("[Snort] Snort START for {$snortcfg['descr']}({$if_real})..."); - exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + mwexec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); } else return; @@ -575,64 +577,44 @@ function snort_reload_config($snortcfg, $signal="SIGHUP") { $snortdir = SNORTDIR; $snort_uuid = $snortcfg['uuid']; - $if_real = snort_get_real_interface($snortcfg['interface']); + $if_real = get_real_interface($snortcfg['interface']); /******************************************************/ /* Only send the SIGHUP if Snort is running and we */ /* can find a valid PID for the process. */ /******************************************************/ - if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { log_error("[Snort] Snort RELOAD CONFIG for {$snortcfg['descr']} ({$if_real})..."); - exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid 2>&1 &"); + mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); } } -function snort_get_friendly_interface($interface) { - - if (function_exists('convert_friendly_interface_to_friendly_descr')) - $iface = convert_friendly_interface_to_friendly_descr($interface); - else { - if (!$interface || ($interface == "wan")) - $iface = "WAN"; - else if(strtolower($interface) == "lan") - $iface = "LAN"; - else if(strtolower($interface) == "pppoe") - $iface = "PPPoE"; - else if(strtolower($interface) == "pptp") - $iface = "PPTP"; - else - $iface = strtoupper($interface); - } - - return $iface; -} +function snort_barnyard_reload_config($snortcfg, $signal="HUP") { -/* get the real iface name of wan */ -function snort_get_real_interface($interface) { - global $config; + /**************************************************************/ + /* This function sends the passed SIGNAL to the Barnyard2 */ + /* instance on the passed interface to cause Barnyard to */ + /* reload and parse the running configuration without */ + /* impacting packet processing. It also executes the reload */ + /* as a background process and returns control immediately */ + /* to the caller. */ + /* */ + /* $signal = HUP (default) parses and reloads config. */ + /**************************************************************/ + global $g; - $lc_interface = strtolower($interface); - if (function_exists('get_real_interface')) - return get_real_interface($lc_interface); - else { - if ($lc_interface == "lan") { - if ($config['inerfaces']['lan']) - return $config['interfaces']['lan']['if']; - return $interface; - } - if ($lc_interface == "wan") - return $config['interfaces']['wan']['if']; - $ifdescrs = array(); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { - $ifname = "opt{$j}"; - if(strtolower($ifname) == $lc_interface) - return $config['interfaces'][$ifname]['if']; - if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface)) - return $config['interfaces'][$ifname]['if']; - } - } + $snortdir = SNORTDIR; + $snort_uuid = $snortcfg['uuid']; + $if_real = get_real_interface($snortcfg['interface']); - return $interface; + /******************************************************/ + /* Only send the SIGHUP if Barnyard2 is running and */ + /* we can find a valid PID for the process. */ + /******************************************************/ + if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { + log_error("[Snort] Barnyard2 CONFIG RELOAD initiated for {$snortcfg['descr']} ({$if_real})..."); + mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); + } } /* @@ -650,7 +632,7 @@ function snort_post_delete_logs($snort_uuid = 0) { foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { if ($value['uuid'] != $snort_uuid) continue; - $if_real = snort_get_real_interface($value['interface']); + $if_real = get_real_interface($value['interface']); $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; if ($if_real != '') { @@ -661,18 +643,14 @@ function snort_post_delete_logs($snort_uuid = 0) { @unlink($file); /* Clean-up packet capture files if any exist */ - $filelist = glob("{$snort_log_dir}/snort.log.*"); - foreach ($filelist as $file) - @unlink($file); + unlink_if_exists("{$snort_log_dir}/snort.log.*"); - /* Clean-up stats files if they are enabled */ - if ($value['perform_stat'] == 'on') { - $fd = fopen("{$snort_log_dir}/{$if_real}.stats", "w"); - if ($fd) { - ftruncate($fd, 0); - fclose($fd); - } - } + /* Clean-up Barnyard2 archived files if any exist */ + unlink_if_exists("{$snort_log_dir}/barnyard2/archive/*"); + + /* Clean-up stats file if enabled */ + if ($value['perform_stat'] == 'on') + @file_put_contents("{$snort_log_dir}/{$if_real}.stats", ""); } } } @@ -686,62 +664,16 @@ function snort_Getdirsize($node) { return substr( $blah, 0, strpos($blah, 9) ); } -/* func for log dir size limit cron */ -function snort_snortloglimit_install_cron($should_install) { - global $config, $g; - - if (!is_array($config['cron']['item'])) - $config['cron']['item'] = array(); +function snort_snortloglimit_install_cron($should_install=TRUE) { - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], 'snort_check_cron_misc.inc')) { - $is_installed = true; - break; - } - $x++; - } - - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/5"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc"; - $config['cron']['item'][] = $cron_item; - } - break; - case false: - if($is_installed == true) - unset($config['cron']['item'][$x]); - break; - } + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc", $should_install, "*/5"); } -/* func for updating cron */ function snort_rm_blocked_install_cron($should_install) { global $config, $g; - if (!is_array($config['cron']['item'])) - $config['cron']['item'] = array(); - - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort2c")) { - $is_installed = true; - break; - } - $x++; - } - $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; + if ($snort_rm_blocked_info_ck == "15m_b") { $snort_rm_blocked_min = "*/2"; $snort_rm_blocked_hr = "*"; @@ -822,46 +754,15 @@ function snort_rm_blocked_install_cron($should_install) { $snort_rm_blocked_wday = "*"; $snort_rm_blocked_expire = "2419200"; } - switch($should_install) { - case true: - $cron_item = array(); - $cron_item['minute'] = "$snort_rm_blocked_min"; - $cron_item['hour'] = "$snort_rm_blocked_hr"; - $cron_item['mday'] = "$snort_rm_blocked_mday"; - $cron_item['month'] = "$snort_rm_blocked_month"; - $cron_item['wday'] = "$snort_rm_blocked_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; - - /* Add cron job if not already installed, else just update the existing one */ - if (!$is_installed) - $config['cron']['item'][] = $cron_item; - elseif ($is_installed) - $config['cron']['item'][$x] = $cron_item; - break; - case false: - if ($is_installed == true) - unset($config['cron']['item'][$x]); - break; - } + + $command = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; + install_cron_job($command, $should_install, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root"); } /* func to install snort update */ function snort_rules_up_install_cron($should_install) { global $config, $g; - if(!$config['cron']['item']) - $config['cron']['item'] = array(); - - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; /* See if a customized start time has been set for rule file updates */ @@ -924,28 +825,9 @@ function snort_rules_up_install_cron($should_install) { $snort_rules_up_month = "*"; $snort_rules_up_wday = "*"; } - switch($should_install) { - case true: - $cron_item = array(); - $cron_item['minute'] = "$snort_rules_up_min"; - $cron_item['hour'] = "$snort_rules_up_hr"; - $cron_item['mday'] = "$snort_rules_up_mday"; - $cron_item['month'] = "$snort_rules_up_month"; - $cron_item['wday'] = "$snort_rules_up_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php"; - - /* Add cron job if not already installed, else just update the existing one */ - if (!$is_installed) - $config['cron']['item'][] = $cron_item; - elseif ($is_installed) - $config['cron']['item'][$x] = $cron_item; - break; - case false: - if($is_installed == true) - unset($config['cron']['item'][$x]); - break; - } + + $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/snort/snort_check_for_rule_updates.php"; + install_cron_job($command, $should_install, $snort_rules_up_min, $snort_rules_up_hr, $snort_rules_up_mday, $snort_rules_up_month, $snort_rules_up_wday, "root"); } /* Only run when all ifaces needed to sync. Expects filesystem rw */ @@ -967,14 +849,14 @@ function sync_snort_package_config() { $snortconf = $config['installedpackages']['snortglobal']['rule']; foreach ($snortconf as $value) { - $if_real = snort_get_real_interface($value['interface']); + $if_real = get_real_interface($value['interface']); /* create a snort.conf file for interface */ snort_generate_conf($value); /* create barnyard2.conf file for interface */ if ($value['barnyard_enable'] == 'on') - snort_create_barnyard2_conf($value, $if_real); + snort_generate_barnyard2_conf($value, $if_real); } /* create snort bootup file snort.sh only create once */ @@ -982,7 +864,7 @@ function sync_snort_package_config() { $snortglob = $config['installedpackages']['snortglobal']; - snort_snortloglimit_install_cron($snortglob['snortloglimit'] == 'on' ? true : false); + snort_snortloglimit_install_cron(true); /* set the snort block hosts time IMPORTANT */ snort_rm_blocked_install_cron($snortglob['rm_blocked'] != "never_b" ? true : false); @@ -1004,7 +886,19 @@ function snort_build_sid_msg_map($rules_path, $sid_file) { /*************************************************************/ /* This function reads all the rules file in the passed */ /* $rules_path variable and produces a properly formatted */ - /* sid-msg.map file for use by Snort and/or barnyard2. */ + /* sid-msg.map v2 file for use by Snort and/or barnyard2. */ + /* */ + /* This function produces the new v2 format sid-msg.map */ + /* with the field layout as follows: */ + /* */ + /* GID || SID || REV || CLASSTYPE || PRI || MSG || REF ... */ + /* */ + /* On Entry: $rules_path --> array or directory of files */ + /* or a single file containing */ + /* the rules to read. */ + /* $sid_file --> the complete destination path */ + /* and filename for the output */ + /* sid-msg.map file. */ /*************************************************************/ $sidMap = array(); @@ -1013,7 +907,7 @@ function snort_build_sid_msg_map($rules_path, $sid_file) { /* First check if we were passed a directory, a single file */ /* or an array of filenames to read. Set our $rule_files */ /* variable accordingly. If we can't figure it out, return */ - /* and don't write a sid_msg_map file. */ + /* and don't write a sid-msg.map file. */ if (is_string($rules_path)) { if (is_dir($rules_path)) $rule_files = glob($rules_path . "*.rules"); @@ -1066,7 +960,11 @@ function snort_build_sid_msg_map($rules_path, $sid_file) { $record = ""; /* Parse the rule to find sid and any references. */ + $gid = '1'; // default to 1 for regular rules $sid = ''; + $rev = ''; + $classtype = 'NOCLASS'; // required default for v2 format + $priority = '0'; // required default for v2 format $msg = ''; $matches = ''; $sidEntry = ''; @@ -1074,23 +972,32 @@ function snort_build_sid_msg_map($rules_path, $sid_file) { $msg = trim($matches[1]); if (preg_match('/\bsid\s*:\s*(\d+)\s*;/i', $rule, $matches)) $sid = trim($matches[1]); - if (!empty($sid) && !empty($msg)) { - $sidEntry = $sid . ' || ' . $msg; + if (preg_match('/\bgid\s*:\s*(\d+)\s*;/i', $rule, $matches)) + $gid = trim($matches[1]); + if (preg_match('/\brev\s*:\s*([^\;]+)/i', $rule, $matches)) + $rev = trim($matches[1]); + if (preg_match('/\bclasstype\s*:\s*([^\;]+)/i', $rule, $matches)) + $classtype = trim($matches[1]); + if (preg_match('/\bpriority\s*:\s*([^\;]+)/i', $rule, $matches)) + $priority = trim($matches[1]); + + if (!empty($gid) && !empty($sid) && !empty($msg)) { + $sidEntry = $gid . ' || ' . $sid . ' || ' . $rev . ' || ' . $classtype . ' || '; + $sidEntry .= $priority . ' || ' . $msg; preg_match_all('/\breference\s*:\s*([^\;]+)/i', $rule, $matches); foreach ($matches[1] as $ref) $sidEntry .= " || " . trim($ref); $sidEntry .= "\n"; - if (!is_array($sidMap[$sid])) - $sidMap[$sid] = array(); - $sidMap[$sid] = $sidEntry; + $sidMap[] = $sidEntry; } } } - /* Sort the generated sid-msg map by sid */ - ksort($sidMap); + /* Sort the generated sid-msg map */ + natcasesort($sidMap); /* Now print the result to the supplied file */ - @file_put_contents($sid_file, array_values($sidMap)); + @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Snort.\n\n"); + @file_put_contents($sid_file, array_values($sidMap), FILE_APPEND); } function snort_merge_reference_configs($cfg_in, $cfg_out) { @@ -1211,7 +1118,7 @@ function snort_load_rules_map($rules_path) { * Read all the rules into the map array. * The structure of the map array is: * - * map[gid][sid]['rule']['category']['disabled']['flowbits'] + * map[gid][sid]['rule']['category']['disabled']['action']['flowbits'] * * where: * gid = Generator ID from rule, or 1 if general text @@ -1221,6 +1128,7 @@ function snort_load_rules_map($rules_path) { * category = File name of file containing the rule * disabled = 1 if rule is disabled (commented out), 0 if * rule is enabled + * action = alert|log|pass|drop|reject|sdrop * flowbits = Array of applicable flowbits if rule contains * flowbits options ***************************************************************/ @@ -1267,7 +1175,7 @@ function snort_load_rules_map($rules_path) { /* Skip any non-rule lines unless we're in */ /* multiline mode. */ - if (!preg_match('/^\s*#*\s*(alert|drop|pass)/i', $rule) && !$b_Multiline) + if (!preg_match('/^\s*#*\s*(alert|log|pass|drop|reject|sdrop)/i', $rule) && !$b_Multiline) continue; /* Test for a multi-line rule; loop and reassemble */ @@ -1312,6 +1220,13 @@ function snort_load_rules_map($rules_path) { else $map_ref[$gid][$sid]['disabled'] = 0; + /* Grab the rule action (this is for a future option) */ + $matches = array(); + if (preg_match('/^\s*#*\s*(alert|log|pass|drop|reject|sdrop)/i', $rule, $matches)) + $map_ref[$gid][$sid]['action'] = $matches[1]; + else + $map_ref[$gid][$sid]['action'] = ""; + /* Grab any associated flowbits from the rule. */ $map_ref[$gid][$sid]['flowbits'] = snort_get_flowbits($rule); @@ -1715,7 +1630,7 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) { /* If the $rule_map array is empty, then exit. */ if (empty($rule_map)) { - file_put_contents($rule_file, ""); + @file_put_contents($rule_file, ""); return; } @@ -1739,34 +1654,32 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) { } } -function snort_load_sid_mods($sids, $value) { +function snort_load_sid_mods($sids) { /*****************************************/ /* This function parses the string of */ - /* SID values in $sids and returns an */ - /* array with the SID as the key and */ - /* value. The SID values in $sids are */ + /* GID:SID values in $sids and returns */ + /* an array with the GID and SID as the */ + /* keys. The values in $sids are */ /* assumed to be delimited by "||". */ /* */ - /* $sids ==> string of SID values from */ - /* saved config file. */ + /* $sids ==> string of GID:SID values */ + /* from the config file. */ /* */ - /* $value ==> type of mod (enable or */ - /* disable). Not currently */ - /* utilized, but maintained */ - /* so as not to break legacy */ - /* code elsewhere. */ + /* Returns ==> a multidimensional array */ + /* with GID and SID as the */ + /* keys ($result[GID][SID]) */ /*****************************************/ $result = array(); - if (empty($sids) || empty($value)) + if (empty($sids)) return $result; $tmp = explode("||", $sids); foreach ($tmp as $v) { - if (preg_match('/\s\d+/', $v, $match)) { - if (!is_array($result[trim($match[0])])) - $result[trim($match[0])] = array(); - $result[trim($match[0])] = trim($match[0]); + if (preg_match('/(\d+)\s*:\s*(\d+)/', $v, $match)) { + if (!is_array($result[$match[1]])) + $result[$match[1]] = array(); + $result[$match[1]][$match[2]] = "{$match[1]}:{$match[2]}"; } } unset($tmp); @@ -1791,15 +1704,15 @@ function snort_modify_sids(&$rule_map, $snortcfg) { /* Load up our enablesid and disablesid */ /* arrays with lists of modified SIDs */ - $enablesid = snort_load_sid_mods($snortcfg['rule_sid_on'], "enablesid"); - $disablesid = snort_load_sid_mods($snortcfg['rule_sid_off'], "disablesid"); + $enablesid = snort_load_sid_mods($snortcfg['rule_sid_on']); + $disablesid = snort_load_sid_mods($snortcfg['rule_sid_off']); /* Turn on any rules that need to be */ /* forced "on" with enablesid mods. */ if (!empty($enablesid)) { foreach ($rule_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { - if (in_array($k2, $enablesid) && $v['disabled'] == 1) { + if (isset($enablesid[$k1][$k2]) && $v['disabled'] == 1) { $rule_map[$k1][$k2]['rule'] = ltrim($v['rule'], " \t#"); $rule_map[$k1][$k2]['disabled'] = 0; } @@ -1812,7 +1725,7 @@ function snort_modify_sids(&$rule_map, $snortcfg) { if (!empty($disablesid)) { foreach ($rule_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { - if (in_array($k2, $disablesid) && $v['disabled'] == 0) { + if (isset($disablesid[$k1][$k2]) && $v['disabled'] == 0) { $rule_map[$k1][$k2]['rule'] = "# " . $v['rule']; $rule_map[$k1][$k2]['disabled'] = 1; } @@ -1831,9 +1744,10 @@ function snort_create_rc() { /* after any changes to snort.conf saved in the GUI. */ /*********************************************************/ - global $config, $g; + global $config, $g, $pfs_version; $snortdir = SNORTDIR; + $snortlogdir = SNORTLOGDIR; $rcdir = RCFILEPREFIX; // If no interfaces are configured for Snort, exit @@ -1847,36 +1761,37 @@ function snort_create_rc() { $start_snort_iface_start = array(); $start_snort_iface_stop = array(); + // If not using PBI package, then make sure Barnyard2 can + // find the latest MySQL shared libs in /usr/local/lib/mysql + if ($pfs_version < 2.1) { + $sql_lib_path = "\n# Ensure MySQL shared libs are in ldconfig search path\n"; + $sql_lib_path .= "/sbin/ldconfig -m /usr/local/lib/mysql"; + $start_snort_iface_start[] = $sql_lib_path; + } + // Loop thru each configured interface and build // the shell script. foreach ($snortconf as $value) { + // Skip disabled Snort interfaces + if ($value['enable'] <> 'on') + continue; $snort_uuid = $value['uuid']; - $if_real = snort_get_real_interface($value['interface']); + $if_real = get_real_interface($value['interface']); $start_barnyard = <<<EOE if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - pid=`/bin/pgrep -f "barnyard2 -r {$snort_uuid} "` + pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` else pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid` fi if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill \$pid -a - time=0 timeout=30 - while kill -0 \$pid 2>/dev/null; do - sleep 1 - time=\$((time+1)) - if [ \$time -gt \$timeout ]; then - break - fi - done - if [ -f /var/run/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid - fi + /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." + /bin/pkill -HUP \$pid + else + /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..." + /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q fi - /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..." - /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q EOE; $stop_barnyard2 = <<<EOE @@ -1897,7 +1812,7 @@ EOE; /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid fi else - pid=`/bin/pgrep -f "barnyard2 -r {$snort_uuid} "` + pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` if [ ! -z \$pid ]; then /bin/pkill -f "barnyard2 -r {$snort_uuid} " time=0 timeout=30 @@ -1912,7 +1827,7 @@ EOE; fi EOE; - if ($value['barnyard_enable'] == 'on' && !empty($value['barnyard_mysql'])) + if ($value['barnyard_enable'] == 'on') $start_barnyard2 = $start_barnyard; else $start_barnyard2 = $stop_barnyard2; @@ -1922,7 +1837,7 @@ EOE; ###### For Each Iface # Start snort and barnyard2 if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then - pid=`/bin/pgrep -f "snort -R {$snort_uuid} "` + pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` else pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` fi @@ -1932,7 +1847,7 @@ EOE; /bin/pkill -HUP \$pid else /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..." - /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + /usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} fi sleep 2 @@ -1958,10 +1873,10 @@ EOE; /bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid fi else - pid=`/bin/pgrep -f "snort -R {$snort_uuid} "` + pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` if [ ! -z \$pid ]; then /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -f "snort -R {$snort_uuid} " + /bin/pkill -fn "snort -R {$snort_uuid} " time=0 timeout=30 while kill -0 \$pid 2>/dev/null; do sleep 1 @@ -2021,79 +1936,122 @@ EOD; @chmod("{$rcdir}/snort.sh", 0755); } -/* open barnyard2.conf for writing */ -function snort_create_barnyard2_conf($snortcfg, $if_real) { - global $config, $g; - - $snortdir = SNORTDIR; - $snort_uuid = $snortcfg['uuid']; - - if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) - exec("/usr/bin/touch {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); - - if (!file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo")) { - @touch("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo"); - mwexec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true); - } - - $barnyard2_conf_text = snort_generate_barnyard2_conf($snortcfg, $if_real); +function snort_generate_barnyard2_conf($snortcfg, $if_real) { - /* write out barnyard2_conf */ - @file_put_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text); -} + /****************************************************/ + /* This function creates the barnyard2.conf config */ + /* file for the passed interface when Barnyard2 is */ + /* enabled. */ + /****************************************************/ -/* open barnyard2.conf for writing" */ -function snort_generate_barnyard2_conf($snortcfg, $if_real) { global $config, $g; - $snortdir = SNORTDIR; $snort_uuid = $snortcfg['uuid']; + $snortdir = SNORTDIR; + $snortcfgdir = SNORTDIR . "/snort_{$snort_uuid}_{$if_real}"; + $snortlogdir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; + + // Create required directories for barnyard2 if missing + if (!is_dir("{$snortlogdir}/barnyard2")) + safe_mkdir("{$snortlogdir}/barnyard2"); + if (!is_dir("{$snortlogdir}/barnyard2/archive")) + safe_mkdir("{$snortlogdir}/barnyard2/archive"); + + // Create the barnyard2 waldo file if missing + if (!file_exists("{$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo")) { + @touch("{$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo"); + mwexec("/bin/chmod 770 {$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo", true); + } + + // If there is no gen-msg.map file present, create an + // empty one so Barnyard2 will at least start. + if (!file_exists("{$snortcfgdir}/gen-msg.map")) + @file_put_contents("{$snortcfgdir}/gen-msg.map", ""); + + $snortbarnyard_hostname_info = php_uname("n"); + + // Set general config parameters + $gen_configs = "config quiet\nconfig daemon\nconfig decode_data_link\nconfig alert_with_interface_name\nconfig event_cache_size: 8192"; + if ($snortcfg['barnyard_show_year'] == 'on') + $gen_configs .= "\nconfig show_year"; + if ($snortcfg['barnyard_obfuscate_ip'] == 'on') + $gen_configs .= "\nconfig obfuscate"; + if ($snortcfg['barnyard_dump_payload'] == 'on') + $gen_configs .= "\nconfig dump_payload"; + if ($snortcfg['barnyard_archive_enable'] == 'on') + $gen_configs .= "\nconfig archivedir: {$snortlogdir}/barnyard2/archive"; + + // Set output plugins + $snortbarnyardlog_output_plugins = ""; + if ($snortcfg['barnyard_mysql_enable'] == 'on') { + $by2_dbpwd = base64_decode($snortcfg['barnyard_dbpwd']); + $snortbarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: log, mysql, "; + $snortbarnyardlog_output_plugins .= "user={$snortcfg['barnyard_dbuser']} password={$by2_dbpwd} "; + $snortbarnyardlog_output_plugins .= "dbname={$snortcfg['barnyard_dbname']} host={$snortcfg['barnyard_dbhost']}"; + if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0) + $snortbarnyardlog_output_plugins .= " sensor_name={$snortcfg['barnyard_sensor_name']}"; + if ($snortcfg['barnyard_disable_sig_ref_tbl'] == 'on') + $snortbarnyardlog_output_plugins .= " disable_signature_reference_table"; + $snortbarnyardlog_output_plugins .= "\n\n"; + } + if ($snortcfg['barnyard_syslog_enable'] == 'on') { + $snortbarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\noutput alert_syslog_full: "; + if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0) + $snortbarnyardlog_output_plugins .= "sensor_name {$snortcfg['barnyard_sensor_name']}, "; + else + $snortbarnyardlog_output_plugins .= "sensor_name {$snortbarnyard_hostname_info}, "; + if ($snortcfg['barnyard_syslog_local'] == 'on') + $snortbarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n\n"; + else { + $snortbarnyardlog_output_plugins .= "server {$snortcfg['barnyard_syslog_rhost']}, protocol {$snortcfg['barnyard_syslog_proto']}, "; + $snortbarnyardlog_output_plugins .= "port {$snortcfg['barnyard_syslog_dport']}, operation_mode {$snortcfg['barnyard_syslog_opmode']}, "; + $snortbarnyardlog_output_plugins .= "log_facility {$snortcfg['barnyard_syslog_facility']}, log_priority {$snortcfg['barnyard_syslog_priority']}\n\n"; + } + } + if ($snortcfg['barnyard_bro_ids_enable'] == 'on') { + $snortbarnyardlog_output_plugins .= "# alert_bro: log to a Bro-IDS receiver\n"; + $snortbarnyardlog_output_plugins .= "output alert_bro: {$snortcfg['barnyard_bro_ids_rhost']}:{$snortcfg['barnyard_bro_ids_dport']}\n"; + } + + // Trim leading and trailing newlines and spaces + $snortbarnyardlog_output_plugins = rtrim($snortbarnyardlog_output_plugins, "\n"); - /* TODO: add support for the other 5 output plugins */ - $snortbarnyardlog_database_info_chk = $snortcfg['barnyard_mysql']; - $snortbarnyardlog_hostname_info_chk = php_uname("n"); - /* user add arguments */ + // User pass-through arguments $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['barnconfigpassthru'])); + // Create the conf file as a text string $barnyard2_conf_text = <<<EOD -# barnyard2.conf +# barnyard2.conf # barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php # -# set the appropriate paths to the file(s) your Snort process is using -config reference_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config -config classification_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config -config gen_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map -config sid_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map - -config hostname: $snortbarnyardlog_hostname_info_chk -config interface: {$if_real} -config decode_data_link -config waldo_file: /var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo - -# Show year in timestamps -config show_year +## General Barnyard2 settings ## +{$gen_configs} +config reference_file: {$snortcfgdir}/reference.config +config classification_file: {$snortcfgdir}/classification.config +config sid_file: {$snortcfgdir}/sid-msg.map +config gen_file: {$snortcfgdir}/gen-msg.map +config hostname: {$snortbarnyard_hostname_info} +config interface: {$if_real} +config waldo_file: {$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo +config logdir: {$snortlogdir} ## START user pass through ## - - {$snortbarnyardlog_config_pass_thru} - +{$snortbarnyardlog_config_pass_thru} ## END user pass through ## -# Step 2: setup the input plugins +## Setup input plugins ## input unified2 -config logdir: /var/log/snort/snort_{$if_real}{$snort_uuid} - -# database: log to a variety of databases -# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx - - $snortbarnyardlog_database_info_chk +## Setup output plugins ## +{$snortbarnyardlog_output_plugins} EOD; - return $barnyard2_conf_text; + /* Write out barnyard2_conf text string to disk */ + @file_put_contents("{$snortcfgdir}/barnyard2.conf", $barnyard2_conf_text); + unset($barnyard2_conf_text); } function snort_deinstall() { @@ -2105,6 +2063,7 @@ function snort_deinstall() { $snortlogdir = SNORTLOGDIR; $rcdir = RCFILEPREFIX; $snort_rules_upd_log = RULES_UPD_LOGFILE; + $iprep_path = IPREP_PATH; log_error(gettext("[Snort] Snort package uninstall in progress...")); @@ -2117,7 +2076,7 @@ function snort_deinstall() { mwexec('/usr/bin/killall -9 snort', true); sleep(2); // Delete any leftover snort PID files in /var/run - array_map('@unlink', glob("/var/run/snort_*.pid")); + unlink_if_exists("/var/run/snort_*.pid"); /* Make sure all active Barnyard2 processes are terminated */ /* Log a message only if a running process is detected */ @@ -2128,38 +2087,48 @@ function snort_deinstall() { mwexec('/usr/bin/killall -9 barnyard2', true); sleep(2); // Delete any leftover barnyard2 PID files in /var/run - array_map('@unlink', glob("/var/run/barnyard2_*.pid")); + unlink_if_exists("/var/run/barnyard2_*.pid"); /* Remove the snort user and group */ mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true); - /* Remove snort cron entries Ugly code needs smoothness */ - if (!function_exists('snort_deinstall_cron')) { - function snort_deinstall_cron($crontask) { - global $config, $g; - - if(!is_array($config['cron']['item'])) - return; + /* Remove all the Snort cron jobs. */ + install_cron_job("snort2c", false); + install_cron_job("snort_check_for_rule_updates.php", false); + install_cron_job("snort_check_cron_misc.inc", false); + configure_cron(); - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], $crontask)) { - $is_installed = true; - break; + /* Remove our associated Dashboard widget config. If */ + /* "save settings" is enabled, then save old widget */ + /* container settings so we can restore them later. */ + $widgets = $config['widgets']['sequence']; + if (!empty($widgets)) { + $widgetlist = explode(",", $widgets); + foreach ($widgetlist as $key => $widget) { + if (strstr($widget, "snort_alerts-container")) { + if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { + $config['installedpackages']['snortglobal']['dashboard_widget'] = $widget; } - $x++; + unset($widgetlist[$key]); + break; } - if ($is_installed == true) - unset($config['cron']['item'][$x]); } + $config['widgets']['sequence'] = implode(",", $widgetlist); + write_config("Snort pkg: remove Snort Dashboard Widget on package deinstall."); } - /* Remove all the Snort cron jobs. */ - snort_deinstall_cron("snort2c"); - snort_deinstall_cron("snort_check_for_rule_updates.php"); - snort_deinstall_cron("snort_check_cron_misc.inc"); - configure_cron(); + /* See if we are to clear blocked hosts on uninstall */ + if ($config['installedpackages']['snortglobal']['clearblocks'] == 'on') { + log_error(gettext("[Snort] Removing all blocked hosts from <snort2c> table...")); + mwexec("/sbin/pfctl -t snort2c -T flush"); + } + + /* See if we are to clear Snort log files on uninstall */ + if ($config['installedpackages']['snortglobal']['clearlogs'] == 'on') { + log_error(gettext("[Snort] Clearing all Snort-related log files...")); + unlink_if_exists("{$snort_rules_upd_log}"); + mwexec("/bin/rm -rf {$snortlogdir}"); + } /**********************************************************/ /* Test for existence of library backup tarballs in /tmp. */ @@ -2188,8 +2157,11 @@ function snort_deinstall() { log_error(gettext("Not saving settings... all Snort configuration info and logs deleted...")); unset($config['installedpackages']['snortglobal']); unset($config['installedpackages']['snortsync']); - @unlink("{$snort_rules_upd_log}"); + unlink_if_exists("{$snort_rules_upd_log}"); + log_error(gettext("[Snort] Flushing <snort2c> firewall table to remove addresses blocked by Snort...")); + mwexec("/sbin/pfctl -t snort2c -T flush"); mwexec("/bin/rm -rf {$snortlogdir}"); + mwexec("/bin/rm -rf {$iprep_path}"); log_error(gettext("[Snort] The package has been removed from this system...")); } } @@ -2209,28 +2181,52 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* to be written. */ /***********************************************************/ - global $rebuild_rules; + global $g, $rebuild_rules; $snortdir = SNORTDIR; $flowbit_rules_file = FLOWBITS_FILENAME; $snort_enforcing_rules_file = ENFORCING_RULES_FILENAME; $no_rules_defined = true; + $enabled_rules = array(); /* If there is no reason to rebuild the rules, exit to save time. */ if (!$rebuild_rules) return; /* Log a message for rules rebuild in progress */ - log_error(gettext("[Snort] Updating rules configuration for: " . snort_get_friendly_interface($snortcfg['interface']) . " ...")); + log_error(gettext("[Snort] Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . " ...")); + + /* Enable all, some or none of the SDF rules depending on setting. */ + if ($snortcfg['sensitive_data'] == 'on' && $snortcfg['protect_preproc_rules'] != 'on') { + if (file_exists(SNORTDIR."/preproc_rules/sensitive-data.rules")) { + $sdf_alert_pattern="(".preg_replace("/,/","|",$snortcfg['sdf_alert_data_type']).")"; + $sd_tmp_file=file(SNORTDIR."/preproc_rules/sensitive-data.rules"); + $sd_tmp_new_file=""; + foreach ($sd_tmp_file as $sd_tmp_line) + $sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : ""; + @file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX); + } + } + elseif ($snortcfg['sensitive_data'] != 'on' && $snortcfg['protect_preproc_rules'] != 'on') { + /* Setting is "off", so disable all SDF rules. */ + $sedcmd = '/^alert.*classtype:sdf/s/^/#/'; + @file_put_contents("{$g['tmp_path']}/sedcmd", $sedcmd); + mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/sensitive-data.rules"); + @unlink("{$g['tmp_path']}/sedcmd"); + } + + /* Load the decoder, preprocessor and sensitive-data */ + /* rules from the interface's preproc_rule directory */ + /* into the $enabled_rules array. */ + $enabled_rules = snort_load_rules_map("{$snortcfgdir}/preproc_rules/"); /* Only rebuild rules if some are selected or an IPS Policy is enabled */ if (!empty($snortcfg['rulesets']) || $snortcfg['ips_policy_enable'] == 'on') { - $enabled_rules = array(); $enabled_files = array(); $all_rules = array(); $no_rules_defined = false; - /* Load up all the rules into a Rules Map array. */ + /* Load up all the text rules into a Rules Map array. */ $all_rules = snort_load_rules_map("{$snortdir}/rules/"); /* Create an array with the filenames of the enabled */ @@ -2258,6 +2254,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { $enabled_rules[$k1][$k2]['rule'] = $v['rule']; $enabled_rules[$k1][$k2]['category'] = $v['category']; $enabled_rules[$k1][$k2]['disabled'] = $v['disabled']; + $enabled_rules[$k1][$k2]['action'] = $v['action']; $enabled_rules[$k1][$k2]['flowbits'] = $v['flowbits']; } } @@ -2280,6 +2277,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { $enabled_rules[$k1][$k2]['rule'] = $p['rule']; $enabled_rules[$k1][$k2]['category'] = $p['category']; $enabled_rules[$k1][$k2]['disabled'] = $p['disabled']; + $enabled_rules[$k1][$k2]['action'] = $p['action']; $enabled_rules[$k1][$k2]['flowbits'] = $p['flowbits']; } } @@ -2292,7 +2290,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Check for and disable any rules dependent upon disabled preprocessors if */ /* this option is enabled for the interface. */ if ($snortcfg['preproc_auto_rule_disable'] == "on") { - log_error('[Snort] Checking for rules dependent on disabled preprocessors for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...'); + log_error('[Snort] Checking for rules dependent on disabled preprocessors for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...'); snort_filter_preproc_rules($snortcfg, $enabled_rules); } @@ -2301,7 +2299,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* If auto-flowbit resolution is enabled, generate the dependent flowbits rules file. */ if ($snortcfg['autoflowbitrules'] == 'on') { - log_error('[Snort] Enabling any flowbit-required rules for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...'); + log_error('[Snort] Enabling any flowbit-required rules for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...'); $fbits = snort_resolve_flowbits($all_rules, $enabled_rules); /* Check for and disable any flowbit-required rules the user has */ @@ -2311,7 +2309,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Check for and disable any flowbit-required rules dependent upon */ /* disabled preprocessors if this option is enabled for the interface. */ if ($snortcfg['preproc_auto_rule_disable'] == "on") { - log_error('[Snort] Checking flowbit rules dependent on disabled preprocessors for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...'); + log_error('[Snort] Checking flowbit rules dependent on disabled preprocessors for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...'); snort_filter_preproc_rules($snortcfg, $fbits, true); } snort_write_flowbit_rules_file($fbits, "{$snortcfgdir}/rules/{$flowbit_rules_file}"); @@ -2320,7 +2318,8 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Just put an empty file to always have the file present */ snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); } else { - snort_write_enforcing_rules_file(array(), "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}"); + /* No regular rules or policy were selected, so just use the decoder and preproc rules */ + snort_write_enforcing_rules_file($enabled_rules, "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}"); snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); } @@ -2333,11 +2332,11 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Log a warning if the interface has no rules defined or enabled */ if ($no_rules_defined) - log_error(gettext("[Snort] Warning - no text rules selected for: " . snort_get_friendly_interface($snortcfg['interface']) . " ...")); + log_error(gettext("[Snort] Warning - no text rules or IPS-Policy selected for: " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . " ...")); /* Build a new sid-msg.map file from the enabled */ /* rules and copy it to the interface directory. */ - log_error(gettext("[Snort] Building new sig-msg.map file for " . snort_get_friendly_interface($snortcfg['interface']) . "...")); + log_error(gettext("[Snort] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); snort_build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map"); } @@ -2462,7 +2461,7 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa /* when flowbit-required rules are being assessed after the */ /* primary enforcing rules have been evaluated. */ /***************************************************************/ - $iface = snort_get_friendly_interface($snortcfg['interface']); + $iface = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); $file = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log"; if ($persist_log) $fp = fopen($file, 'a'); @@ -2528,7 +2527,7 @@ function snort_generate_conf($snortcfg) { else $protect_preproc_rules = "off"; - $if_real = snort_get_real_interface($snortcfg['interface']); + $if_real = get_real_interface($snortcfg['interface']); $snort_uuid = $snortcfg['uuid']; $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; @@ -2588,8 +2587,18 @@ function snort_generate_conf($snortcfg) { /* define snortunifiedlog */ $snortunifiedlog_type = ""; - if ($snortcfg['snortunifiedlog'] == "on") - $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; + if ($snortcfg['barnyard_enable'] == "on") { + if (isset($snortcfg['unified2_log_limit'])) + $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}"; + else + $u2_log_limit = "limit 128"; + + $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}"; + if ($snortcfg['barnyard_log_vlan_events'] == 'on') + $snortunifiedlog_type .= ", vlan_event_types"; + if ($snortcfg['barnyard_log_mpls_events'] == 'on') + $snortunifiedlog_type .= ", mpls_event_types"; + } /* define spoink */ $spoink_type = ""; @@ -2598,7 +2607,7 @@ function snort_generate_conf($snortcfg) { if ($snortcfg['blockoffenderskill'] == "on") $pfkill = "kill"; $spoink_wlist = snort_build_list($snortcfg, $snortcfg['whitelistname'], true); - /* write whitelist */ + /* write Pass List */ @file_put_contents("{$snortcfgdir}/{$snortcfg['whitelistname']}", implode("\n", $spoink_wlist)); $spoink_type = "output alert_pf: {$snortcfgdir}/{$snortcfg['whitelistname']},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; } @@ -3147,6 +3156,49 @@ preprocessor sensitive_data: \ EOD; + /* define IP Reputation preprocessor */ + if (is_array($snortcfg['blist_files']['item'])) { + $blist_files = ""; + $bIsFirst = TRUE; + foreach ($snortcfg['blist_files']['item'] as $blist) { + if ($bIsFirst) { + $blist_files .= "blacklist " . IPREP_PATH . $blist; + $bIsFirst = FALSE; + } + else + $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist; + } + } + if (is_array($snortcfg['wlist_files']['item'])) { + $wlist_files = ""; + $bIsFirst = TRUE; + foreach ($snortcfg['wlist_files']['item'] as $wlist) { + if ($bIsFirst) { + $wlist_files .= "whitelist " . IPREP_PATH . $wlist; + $bIsFirst = FALSE; + } + else + $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist; + } + } + if (!empty($blist_files)) + $ip_lists = $blist_files; + if (!empty($wlist_files)) + $ip_lists .= ", \\ \n" . $wlist_files; + if ($snortcfg['iprep_scan_local'] == 'on') + $ip_lists .= ", \\ \n\tscan_local"; + + $reputation_preproc = <<<EOD +# IP Reputation preprocessor # +preprocessor reputation: \ + memcap {$snortcfg['iprep_memcap']}, \ + priority {$snortcfg['iprep_priority']}, \ + nested_ip {$snortcfg['iprep_nested_ip']}, \ + white {$snortcfg['iprep_white']}, \ + {$ip_lists} + +EOD; + /* define servers as IP variables */ $snort_servers = array ( "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", @@ -3177,11 +3229,11 @@ EOD; "ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc" ); $snort_preproc = array ( - "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", - "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc" + "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan", + "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc" ); $default_disabled_preprocs = array( - "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc" + "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat" ); $snort_preprocessors = ""; foreach ($snort_preproc as $preproc) { @@ -3219,43 +3271,9 @@ EOD; $snort_misc_include_rules .= "include {$snortcfgdir}/reference.config\n"; if (file_exists("{$snortcfgdir}/classification.config")) $snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n"; - if (is_dir("{$snortcfgdir}/preproc_rules")) { - if ($snortcfg['sensitive_data'] == 'on' && $protect_preproc_rules == "off") { - $sedcmd = '/^#alert.*classtype:sdf/s/^#//'; - if (file_exists("{$snortcfgdir}/preproc_rules/sensitive-data.rules")){ - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/sensitive-data.rules\n"; - #enable only selected sensitive data - if (file_exists(SNORTDIR."/preproc_rules/sensitive-data.rules")){ - $sdf_alert_pattern="(".preg_replace("/,/","|",$snortcfg['sdf_alert_data_type']).")"; - $sd_tmp_file=file(SNORTDIR."/preproc_rules/sensitive-data.rules"); - $sd_tmp_new_file=""; - foreach ($sd_tmp_file as $sd_tmp_line) - $sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : ""; - file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX); - } - } - } else - $sedcmd = '/^alert.*classtype:sdf/s/^/#/'; - if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") && - file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules") && $protect_preproc_rules == "off") { - @file_put_contents("{$g['tmp_path']}/sedcmd", $sedcmd); - mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/preprocessor.rules"); - mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/decoder.rules"); - @unlink("{$g['tmp_path']}/sedcmd"); - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; - } else if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") && - file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules") && $protect_preproc_rules == "on") { - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; - } - else { - $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; - log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them"); - } - } else { + if (!file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") || !file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules")) { $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; - log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them"); + log_error("[Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file."); } /* generate rule sections to load */ @@ -3528,7 +3546,7 @@ EOD; // Check for and configure Host Attribute Table if enabled $host_attrib_config = ""; if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribute_data'])) { - file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data'])); + @file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data'])); $host_attrib_config = "# Host Attribute Table #\n"; $host_attrib_config .= "attribute_table filename {$snortcfgdir}/host_attributes\n"; if (!empty($snortcfg['max_attribute_hosts'])) @@ -3673,9 +3691,8 @@ EOD; ipvar HOME_NET [{$home_net}] ipvar EXTERNAL_NET [{$external_net}] -# Define Rule Paths # +# Define Rule Path # var RULE_PATH {$snortcfgdir}/rules -var PREPROC_RULE_PATH {$snortcfgdir}/preproc_rules # Define Servers # {$ipvardef} @@ -3766,14 +3783,7 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src EOD; // Write out snort.conf file - $conf = fopen("{$snortcfgdir}/snort.conf", "w"); - if(!$conf) { - log_error("Could not open {$snortcfgdir}/snort.conf for writing."); - conf_mount_ro(); - return -1; - } - fwrite($conf, $snort_conf_text); - fclose($conf); + @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); conf_mount_ro(); unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); unset($home_net, $external_net, $ipvardef, $portvardef); diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc index 5e159747..8db5408d 100644 --- a/config/snort/snort.priv.inc +++ b/config/snort/snort.priv.inc @@ -24,10 +24,9 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_edit.php* $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_global.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress_edit.php*"; -$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist.php*"; -$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist_edit.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_passlist.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_passlist_edit.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_list_view.php*"; -$priv_list['page-services-snort']['match'][] = "snort/snort_log_view.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_migrate_config.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_post_install.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_preprocessors.php*"; @@ -37,9 +36,14 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_rules_flowbits.php*" $priv_list['page-services-snort']['match'][] = "snort/snort_rulesets.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_select_alias.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_stream5_engine.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_ip_list_mgmt.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_ip_reputation.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.php*"; +$priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*"; +$priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*"; +$priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*"; $priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort_sync.xml*"; -$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=sort/snort.xml*"; +$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort/snort.xml*"; $priv_list['page-services-snort']['match'][] = "snort/snort_check_cron_misc.inc*"; $priv_list['page-services-snort']['match'][] = "snort/snort.inc*"; - ?>
\ No newline at end of file diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 9d4f1d61..9d52aa6c 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -8,7 +8,7 @@ /* ========================================================================== */ /* authng.xml - part of pfSense (http://www.pfsense.com) + part of pfSense (https://www.pfsense.org) Copyright (C) 2007 to whom it may belong All rights reserved. @@ -46,12 +46,12 @@ <requirements>None</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> - <version>2.9.5.5</version> - <title>Services:2.9.5.5 pkg v3.0.2</title> + <version>2.9.6.0</version> + <title>Services:2.9.6.0 pkg v3.0.7</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> - <tooltiptext>Setup snort specific settings</tooltiptext> + <tooltiptext>Set up snort specific settings</tooltiptext> <section>Services</section> <url>/snort/snort_interfaces.php</url> </menu> @@ -66,177 +66,202 @@ <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort.inc</item> + <item>https://packages.pfsense.org/packages/config/snort/snort.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.inc</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_check_cron_misc.inc</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_migrate_config.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_migrate_config.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_post_install.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_post_install.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_barnyard.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_barnyard.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_blocked.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_define_servers.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_download_rules.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_download_updates.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_download_updates.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_check_for_rule_updates.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_edit.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_global.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_global.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_rules.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_rules_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_rulesets.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_preprocessors.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_preprocessors.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_passlist.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist_edit.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_passlist_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_suppress.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress_edit.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_suppress_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_log_view.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_list_view.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_list_view.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_rules_flowbits.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rules_flowbits.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_edit_hat_data.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_edit_hat_data.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_frag3_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_frag3_engine.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_stream5_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_stream5_engine.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_httpinspect_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_httpinspect_engine.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_ftp_client_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_ftp_client_engine.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_ftp_server_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_ftp_server_engine.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_import_aliases.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_import_aliases.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_select_alias.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort.priv.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_select_alias.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_ip_reputation.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/etc/inc/priv/</prefix> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort_ip_list_mgmt.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort.priv.inc</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_iprep_list_browser.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/javascript/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.js</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.widget.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/include/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/snort/widget-snort.inc</item> </additional_files_needed> <fields> </fields> @@ -244,13 +269,13 @@ </custom_add_php_command> <custom_php_resync_config_command> <![CDATA[ - if ($GLOBALS['pfSense_snort_version'] == "3.0.2") + if ($GLOBALS['pfSense_snort_version'] == "3.0.7") sync_snort_package_config(); ]]> </custom_php_resync_config_command> <custom_php_install_command> <![CDATA[ - include_once("/usr/local/pkg/snort/snort_post_install.php"); + include_once("/usr/local/www/snort/snort_post_install.php"); ]]> </custom_php_install_command> <custom_php_deinstall_command> diff --git a/config/snort/snort_alerts.js b/config/snort/snort_alerts.js new file mode 100644 index 00000000..647eb1b1 --- /dev/null +++ b/config/snort/snort_alerts.js @@ -0,0 +1,115 @@ + +var snorttimer; +var snortisBusy = false; +var snortisPaused = false; + +if (typeof getURL == 'undefined') { + getURL = function(url, callback) { + if (!url) + throw 'No URL for getURL'; + try { + if (typeof callback.operationComplete == 'function') + callback = callback.operationComplete; + } catch (e) {} + if (typeof callback != 'function') + throw 'No callback function for getURL'; + var http_request = null; + if (typeof XMLHttpRequest != 'undefined') { + http_request = new XMLHttpRequest(); + } + else if (typeof ActiveXObject != 'undefined') { + try { + http_request = new ActiveXObject('Msxml2.XMLHTTP'); + } catch (e) { + try { + http_request = new ActiveXObject('Microsoft.XMLHTTP'); + } catch (e) {} + } + } + if (!http_request) + throw 'Both getURL and XMLHttpRequest are undefined'; + http_request.onreadystatechange = function() { + if (http_request.readyState == 4) { + callback( { success : true, + content : http_request.responseText, + contentType : http_request.getResponseHeader("Content-Type") } ); + } + } + http_request.open('GET', url, true); + http_request.send(null); + } +} + +function snort_alerts_fetch_new_events_callback(callback_data) { + var data_split; + var new_data_to_add = Array(); + var data = callback_data.content; + data_split = data.split("\n"); + + // Loop through rows and generate replacement HTML + for(var x=0; x<data_split.length-1; x++) { + row_split = data_split[x].split("||"); + var line = ''; + line = '<td class="' + snortWidgetColClass + '">' + row_split[0] + '<br/>' + row_split[1] + '</td>'; + line += '<td class="' + snortWidgetColClass + '" style="overflow: hidden; text-overflow: ellipsis;" nowrap>'; + line += '<div style="display:inline;" title="' + row_split[2] + '">' + row_split[2] + '</div><br/>'; + line += '<div style="display:inline;" title="' + row_split[3] + '">' + row_split[3] + '</div></td>'; + line += '<td class="' + snortWidgetColClass + '">' + 'Priority: ' + row_split[4] + ' ' + row_split[5] + '</td>'; + new_data_to_add[new_data_to_add.length] = line; + } + snort_alerts_update_div_rows(new_data_to_add); + snortisBusy = false; +} + +function snort_alerts_update_div_rows(data) { + if(snortisPaused) + return; + + var rows = $$('#snort-alert-entries>tr'); + + // Number of rows to move by + var move = rows.length + data.length - snort_nentries; + if (move < 0) + move = 0; + + for (var i = rows.length - 1; i >= move; i--) { + rows[i].innerHTML = rows[i - move].innerHTML; + } + + var tbody = $$('#snort-alert-entries'); + for (var i = data.length - 1; i >= 0; i--) { + if (i < rows.length) { + rows[i].innerHTML = data[i]; + } else { + var newRow = document.getElementById('snort-alert-entries').insertRow(0); + newRow.innerHTML = data[i]; + } + } + + // Add the even/odd class to each of the rows now + // they have all been added. + rows = $$('#snort-alert-entries>tr'); + for (var i = 0; i < rows.length; i++) { + rows[i].className = i % 2 == 0 ? snortWidgetRowOddClass : snortWidgetRowEvenClass; + } +} + +function fetch_new_snortalerts() { + if(snortisPaused) + return; + if(snortisBusy) + return; + snortisBusy = true; + getURL('/widgets/widgets/snort_alerts.widget.php?getNewAlerts=' + new Date().getTime(), snort_alerts_fetch_new_events_callback); +} + +function snort_alerts_toggle_pause() { + if(snortisPaused) { + snortisPaused = false; + fetch_new_snortalerts(); + } else { + snortisPaused = true; + } +} +/* start local AJAX engine */ +snorttimer = setInterval('fetch_new_snortalerts()', snortupdateDelay); diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index f232f897..45443ec2 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -7,6 +7,7 @@ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2013,2014 Bill Meeks * All rights reserved. * * Modified for the Pfsense snort package v. 1.8+ @@ -39,6 +40,7 @@ require_once("/usr/local/pkg/snort/snort.inc"); $snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; $supplist = array(); +$snortlogdir = SNORTLOGDIR; function snort_is_alert_globally_suppressed($list, $gid, $sid) { @@ -97,11 +99,13 @@ function snort_add_supplist_entry($suppress) { $a_suppress[] = $s_list; $a_instance[$instanceid]['suppresslistname'] = $s_list['name']; $found_list = true; + $list_name = $s_list['name']; } else { /* If we get here, a Suppress List is defined for the interface so see if we can find it */ foreach ($a_suppress as $a_id => $alist) { if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) { $found_list = true; + $list_name = $alist['name']; if (!empty($alist['suppresspassthru'])) { $tmplist = base64_decode($alist['suppresspassthru']); $tmplist .= "\n{$suppress}"; @@ -119,7 +123,7 @@ function snort_add_supplist_entry($suppress) { /* If we created a new list or updated an existing one, save the change, */ /* tell Snort to load it, and return true; otherwise return false. */ if ($found_list) { - write_config(); + write_config("Snort pkg: modified Suppress List {$list_name}."); sync_snort_package_config(); snort_reload_config($a_instance[$instanceid]); return true; @@ -128,19 +132,27 @@ function snort_add_supplist_entry($suppress) { return false; } -if ($_GET['instance']) - $instanceid = $_GET['instance']; -if ($_POST['instance']) +if (isset($_POST['instance']) && is_numericint($_POST['instance'])) $instanceid = $_POST['instance']; -if (empty($instanceid)) +elseif (isset($_GET['instance']) && is_numericint($_GET['instance'])) + $instanceid = htmlspecialchars($_GET['instance']); +if (empty($instanceid) || !is_numericint($instanceid)) $instanceid = 0; if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_instance = &$config['installedpackages']['snortglobal']['rule']; $snort_uuid = $a_instance[$instanceid]['uuid']; -$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); +$if_real = get_real_interface($a_instance[$instanceid]['interface']); +// Load up the arrays of force-enabled and force-disabled SIDs +$enablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_on']); +$disablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_off']); + +// Grab pfSense version so we can refer to it later on this page +$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); + +$pconfig = array(); if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) { $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber']; @@ -158,70 +170,136 @@ if ($_POST['save']) { $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; - write_config(); + write_config("Snort pkg: updated ALERTS tab settings."); header("Location: /snort/snort_alerts.php?instance={$instanceid}"); exit; } -if ($_POST['todelete'] || $_GET['todelete']) { +if ($_POST['todelete']) { $ip = ""; - if($_POST['todelete']) - $ip = $_POST['todelete']; - else if($_GET['todelete']) - $ip = $_GET['todelete']; - if (is_ipaddr($ip)) { - exec("/sbin/pfctl -t snort2c -T delete {$ip}"); - $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table."); + if($_POST['ip']) { + $ip = $_POST['ip']; + if (is_ipaddr($_POST['ip'])) { + exec("/sbin/pfctl -t snort2c -T delete {$ip}"); + $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Hosts Table."); + } } } -if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { - if (empty($_GET['descr'])) - $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n"; +if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) { + if ($_POST['addsuppress_srcip']) + $method = "by_src"; + elseif ($_POST['addsuppress_dstip']) + $method = "by_dst"; else - $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}"; + $method ="all"; + + // See which kind of Suppress Entry to create + switch ($method) { + case "all": + if (empty($_POST['descr'])) + $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n"; + else + $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n"; + $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}' has been added to the Suppress List."); + break; + case "by_src": + case "by_dst": + // Check for valid IP addresses, exit if not valid + if (is_ipaddr($_POST['ip'])) { + if (empty($_POST['descr'])) + $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n"; + else + $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n"; + $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}' has been added to the Suppress List."); + } + else { + $input_errors[] = gettext("An invalid IP address was passed as a Suppress List parameter."); + } + break; + default: + header("Location: /snort/snort_alerts.php?instance={$instanceid}"); + exit; + } - /* Add the new entry to the Suppress List */ - if (snort_add_supplist_entry($suppress)) - $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List."); - else - $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!"); + if (!$input_errors) { + /* Add the new entry to the Suppress List and signal Snort to reload config */ + if (snort_add_supplist_entry($suppress)) { + snort_reload_config($a_instance[$instanceid]); + $savemsg = $success; + /* Give Snort a couple seconds to reload the configuration */ + sleep(2); + } + else + $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!"); + } } -if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip") && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { - if ($_GET['act'] == "addsuppress_srcip") - $method = "by_src"; - else - $method = "by_dst"; - - /* Check for valid IP addresses, exit if not valid */ - if (is_ipaddr($_GET['ip']) || is_ipaddrv6($_GET['ip'])) { - if (empty($_GET['descr'])) - $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n"; - else - $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n"; +if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) { + // Get the GID and SID tags embedded in the clicked rule icon. + $gid = $_POST['gen_id']; + $sid= $_POST['sidid']; + + // See if the target SID is in our list of modified SIDs, + // and toggle it if present. + if (isset($enablesid[$gid][$sid])) + unset($enablesid[$gid][$sid]); + if (isset($disablesid[$gid][$sid])) + unset($disablesid[$gid][$sid]); + elseif (!isset($disablesid[$gid][$sid])) + $disablesid[$gid][$sid] = "disablesid"; + + // Write the updated enablesid and disablesid values to the config file. + $tmp = ""; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } - else { - header("Location: /snort/snort_alerts.php?instance={$instanceid}"); - exit; + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_instance[$instanceid]['rule_sid_on'] = $tmp; + else + unset($a_instance[$instanceid]['rule_sid_on']); + + $tmp = ""; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } + $tmp = rtrim($tmp, "||"); - /* Add the new entry to the Suppress List */ - if (snort_add_supplist_entry($suppress)) - $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List."); - else - /* We did not find the defined list, so notify the user with an error */ - $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!"); + if (!empty($tmp)) + $a_instance[$instanceid]['rule_sid_off'] = $tmp; + else + unset($a_instance[$instanceid]['rule_sid_off']); + + /* Update the config.xml file. */ + write_config("Snort pkg: modified state for rule {$gid}:{$sid}"); + + /*************************************************/ + /* Update the snort.conf file and rebuild the */ + /* rules for this interface. */ + /*************************************************/ + $rebuild_rules = true; + snort_generate_conf($a_instance[$instanceid]); + $rebuild_rules = false; + + /* Soft-restart Snort to live-load the new rules */ + snort_reload_config($a_instance[$instanceid]); + + /* Give Snort a couple seconds to reload the configuration */ + sleep(2); + + $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules."); } -if ($_GET['action'] == "clear" || $_POST['delete']) { +if ($_POST['delete']) { snort_post_delete_logs($snort_uuid); - $fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+"); - if ($fd) - fclose($fd); + file_put_contents("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert", ""); /* XXX: This is needed if snort is run as snort user */ - mwexec('/bin/chmod 660 /var/log/snort/*', true); + mwexec("/bin/chmod 660 {$snortlogdir}/*", true); if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); header("Location: /snort/snort_alerts.php?instance={$instanceid}"); @@ -231,7 +309,7 @@ if ($_GET['action'] == "clear" || $_POST['delete']) { if ($_POST['download']) { $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); $file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz"; - exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *"); + exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *"); if (file_exists("/tmp/{$file_name}")) { ob_start(); //important or other posts will fail @@ -264,25 +342,28 @@ include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - +<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php include_once("fbegin.inc"); /* refresh every 60 secs */ if ($pconfig['arefresh'] == 'on') echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php?instance={$instanceid}\" />\n"; -?> -<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - if ($savemsg) { - print_info_box($savemsg); - } +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} +if ($savemsg) { + print_info_box($savemsg); +} ?> <form action="/snort/snort_alerts.php" method="post" id="formalert"> +<input type="hidden" name="instance" id="instance" value="<?=$instanceid;?>"/> +<input type="hidden" name="sidid" id="sidid" value=""/> +<input type="hidden" name="gen_id" id="gen_id" value=""/> +<input type="hidden" name="ip" id="ip" value=""/> +<input type="hidden" name="descr" id="descr" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -292,10 +373,11 @@ if ($pconfig['arefresh'] == 'on') $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php?instance={$instanceid}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -307,13 +389,13 @@ if ($pconfig['arefresh'] == 'on') <tr> <td width="22%" class="vncell"><?php echo gettext('Instance to inspect'); ?></td> <td width="78%" class="vtable"> - <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='get';document.getElementById('formalert').submit()"> + <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='post';document.getElementById('formalert').submit()"> <?php foreach ($a_instance as $id => $instance) { $selected = ""; if ($id == $instanceid) $selected = "selected"; - echo "<option value='{$id}' {$selected}> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n"; + echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . ") {$instance['descr']}</option>\n"; } ?> </select> <?php echo gettext('Choose which instance alerts you want to inspect.'); ?> @@ -321,22 +403,23 @@ if ($pconfig['arefresh'] == 'on') <tr> <td width="22%" class="vncell"><?php echo gettext('Save or Remove Logs'); ?></td> <td width="78%" class="vtable"> - <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' . - 'log files will be saved.'); ?> <a href="/snort/snort_alerts.php?action=clear&instance=<?=$instanceid;?>"> + <input name="download" type="submit" class="formbtns" value="Download" + title="<?=gettext("Download interface log files as a gzip archive");?>"/> + <?php echo gettext('All log files will be saved.');?> <input name="delete" type="submit" class="formbtns" value="Clear" - onclick="return confirm('Do you really want to remove all instance logs?')"></a> - <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?> + onclick="return confirm('Do you really want to remove all instance logs?')" title="<?=gettext("Clear all interface log files");?>"/> + <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?> </td> </tr> <tr> <td width="22%" class="vncell"><?php echo gettext('Auto Refresh and Log View'); ?></td> <td width="78%" class="vtable"> - <input name="save" type="submit" class="formbtns" value="Save"> - <?php echo gettext('Refresh'); ?> <input name="arefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>> - <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> - <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"> - <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/> + <?php echo gettext('Refresh');?> <input name="arefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/> + <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/> + <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> </td> </tr> <tr> @@ -345,39 +428,39 @@ if ($pconfig['arefresh'] == 'on') </tr> <tr> <td width="100%" colspan="2"> - <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0"> + <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> <colgroup> - <col width="9%" align="center" axis="date"> - <col width="45" align="center" axis="number"> - <col width="65" align="center" axis="string"> + <col width="10%" align="center" axis="date"> + <col width="40" align="center" axis="number"> + <col width="52" align="center" axis="string"> <col width="10%" axis="string"> <col width="13%" align="center" axis="string"> - <col width="8%" align="center" axis="string"> + <col width="7%" align="center" axis="string"> <col width="13%" align="center" axis="string"> - <col width="8%" align="center" axis="string"> - <col width="9%" align="center" axis="number"> + <col width="7%" align="center" axis="string"> + <col width="10%" align="center" axis="number"> <col axis="string"> </colgroup> <thead> <tr> - <th class="listhdrr" axis="date"><?php echo gettext("DATE"); ?></th> - <th class="listhdrr" axis="number"><?php echo gettext("PRI"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("PROTO"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("CLASS"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("SRC"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("SPORT"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("DST"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("DPORT"); ?></th> + <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th> + <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Class"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("SPort"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Destination"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("DPort"); ?></th> <th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("DESCRIPTION"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Description"); ?></th> </tr> </thead> <tbody> <?php /* make sure alert file exists */ -if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { - exec("tail -{$anentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); +if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { + exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); if (file_exists("/tmp/alert_{$snort_uuid}")) { $tmpblocked = array_flip(snort_get_blocked_ips()); $counter = 0; @@ -385,7 +468,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 11) + if(count($fields) < 13) continue; /* Time */ @@ -403,16 +486,23 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_src = $fields[6]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_src = str_replace(":", ":​", $alert_ip_src); - /* Add Reverse DNS lookup icon */ - $alert_ip_src .= "<br/><a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>"; + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ + $alert_ip_src .= "<br/>"; + if ($pfs_version > 2.0) { + $alert_ip_src .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[6]}&dialog_output=true', outputrule);\">"; + $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; + $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; + } + $alert_ip_src .= "<a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>"; $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) { - $alert_ip_src .= " <a href='?instance={$instanceid}&act=addsuppress_srcip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[6])) . "'>"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; - $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'></a>"; + $alert_ip_src .= " <input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[6]}','{$alert_descr}');\" "; + $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'>"; } elseif (isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) { $alert_ip_src .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; @@ -420,9 +510,8 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { } /* Add icon for auto-removing from Blocked Table if required */ if (isset($tmpblocked[$fields[6]])) { - $alert_ip_src .= " "; - $alert_ip_src .= "<a href='?instance={$id}&todelete=" . trim(urlencode($fields[6])) . "'> - <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>"; + $alert_ip_src .= " <input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[6]}';\" "; + $alert_ip_src .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>"; } /* IP SRC Port */ $alert_src_p = $fields[7]; @@ -430,16 +519,22 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_dst = $fields[8]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); - /* Add Reverse DNS lookup icon */ - $alert_ip_dst .= "<br/><a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>"; + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ + $alert_ip_dst .= "<br/>"; + if ($pfs_version > 2.0) { + $alert_ip_dst .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[8]}&dialog_output=true', outputrule);\">"; + $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; + $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; + } + $alert_ip_dst .= "<a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>"; $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) { - $alert_ip_dst .= " <a href='?instance={$instanceid}&act=addsuppress_dstip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[8])) . "'>"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; - $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'></a>"; + $alert_ip_dst .= " <input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[8]}','{$alert_descr}');\" "; + $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>"; } elseif (isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) { $alert_ip_dst .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; @@ -447,38 +542,49 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { } /* Add icon for auto-removing from Blocked Table if required */ if (isset($tmpblocked[$fields[8]])) { - $alert_ip_dst .= " "; - $alert_ip_dst .= "<a href='?instance={$id}&todelete=" . trim(urlencode($fields[8])) . "'> - <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>"; + $alert_ip_dst .= " <input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[8]}';\" "; + $alert_ip_dst .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>"; } /* IP DST Port */ $alert_dst_p = $fields[9]; /* SID */ $alert_sid_str = "{$fields[1]}:{$fields[2]}"; if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2])) { - $sidsupplink = "<a href='?instance={$instanceid}&act=addsuppress&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}'>"; - $sidsupplink .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; - $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'></a>"; + $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','{$alert_descr}');\" "; + $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>"; } else { $sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; $sidsupplink .= "title='" . gettext("This alert is already in the Suppress List") . "'/>"; } + /* Add icon for toggling rule state */ + if (isset($disablesid[$fields[1]][$fields[2]])) { + $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" "; + $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' "; + $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>"; + } + else { + $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" "; + $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' "; + $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>"; + } + /* DESCRIPTION */ $alert_class = $fields[11]; + /* Write out a table row */ echo "<tr> <td class='listr' align='center'>{$alert_date}<br/>{$alert_time}</td> <td class='listr' align='center'>{$alert_priority}</td> <td class='listr' align='center'>{$alert_proto}</td> <td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td> - <td class='listr' align='center'>{$alert_ip_src}</td> + <td class='listr' align='center' sorttable_customkey='{$fields[6]}'>{$alert_ip_src}</td> <td class='listr' align='center'>{$alert_src_p}</td> - <td class='listr' align='center'>{$alert_ip_dst}</td> + <td class='listr' align='center' sorttable_customkey='{$fields[8]}'>{$alert_ip_dst}</td> <td class='listr' align='center'>{$alert_dst_p}</td> - <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}</td> - <td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td> + <td class='listr' align='center' sorttable_customkey='{$fields[2]}'>{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> + <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td> </tr>\n"; - $counter++; } fclose($fd); @@ -498,6 +604,21 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { <?php include("fend.inc"); ?> - +<script type="text/javascript"> +function encRuleSig(rulegid,rulesid,srcip,ruledescr) { + + // This function stuffs the passed GID, SID + // and other values into hidden Form Fields + // for postback. + if (typeof srcipip == "undefined") + var srcipip = ""; + if (typeof ruledescr == "undefined") + var ruledescr = ""; + document.getElementById("sidid").value = rulesid; + document.getElementById("gen_id").value = rulegid; + document.getElementById("ip").value = srcip; + document.getElementById("descr").value = ruledescr; +} +</script> </body> </html> diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php new file mode 100644 index 00000000..0700ef2a --- /dev/null +++ b/config/snort/snort_alerts.widget.php @@ -0,0 +1,246 @@ +<?php +/* + snort_alerts.widget.php + Copyright (C) 2009 Jim Pingle + mod 24-07-2012 + mod 28-02-2014 by Bill Meeks + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$nocsrf = true; + +require_once("guiconfig.inc"); +require_once("/usr/local/www/widgets/include/widget-snort.inc"); + +global $config, $g; + +/* retrieve snort variables */ +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); +$a_instance = &$config['installedpackages']['snortglobal']['rule']; + +// Test pfSense version and set different CSS class variables +// depending on version. 2.1 offers enhanced CSS styles. +$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pfs_version > '2.0') { + $alertRowEvenClass = "listMReven"; + $alertRowOddClass = "listMRodd"; + $alertColClass = "listMRr"; +} +else { + $alertRowEvenClass = "listr"; + $alertRowOddClass = "listr"; + $alertColClass = "listr"; +} + +/* check if Snort widget alert display lines value is set */ +$snort_nentries = $config['widgets']['widget_snort_display_lines']; +if (!isset($snort_nentries) || $snort_nentries < 0) + $snort_nentries = 5; + +/* array sorting of the alerts */ +function sksort(&$array, $subkey="id", $sort_ascending=false) { + /* an empty array causes sksort to fail - this test alleviates the error */ + if(empty($array)) + return false; + if (count($array)) { + $temp_array[key($array)] = array_shift($array); + }; + foreach ($array as $key => $val){ + $offset = 0; + $found = false; + foreach ($temp_array as $tmp_key => $tmp_val) { + if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) { + $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset)); + $found = true; + }; + $offset++; + }; + if (!$found) $temp_array = array_merge($temp_array, array($key => $val)); + }; + + if ($sort_ascending) { + $array = array_reverse($temp_array); + } else $array = $temp_array; + /* below is the complement for empty array test */ + return true; +}; + +// Called by Ajax to update the "snort-alert-entries" <tbody> table element's contents +if (isset($_GET['getNewAlerts'])) { + $response = ""; + $s_alerts = snort_widget_get_alerts(); + $counter = 0; + foreach ($s_alerts as $a) { + $response .= $a['instanceid'] . " " . $a['dateonly'] . "||" . $a['timeonly'] . "||" . $a['src'] . "||"; + $response .= $a['dst'] . "||" . $a['priority'] . "||" . $a['category'] . "\n"; + $counter++; + if($counter >= $snort_nentries) + break; + } + echo $response; + return; +} + +// See if saving new display line count value +if(isset($_POST['widget_snort_display_lines'])) { + $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines']; + write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard"); + header("Location: ../../index.php"); +} + +// Read "$snort_nentries" worth of alerts from the top of the alert.log file +// of each configured interface, and then return the most recent '$snort_entries' +// alerts in a sorted array (most recent alert first). +function snort_widget_get_alerts() { + + global $config, $a_instance, $snort_nentries; + $snort_alerts = array(); + /* read log file(s) */ + $counter=0; + foreach ($a_instance as $instanceid => $instance) { + $snort_uuid = $a_instance[$instanceid]['uuid']; + $if_real = get_real_interface($a_instance[$instanceid]['interface']); + + /* make sure alert file exists, then "tail" the last '$snort_nentries' from it */ + if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { + exec("tail -{$snort_nentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_snort{$snort_uuid}"); + + if (file_exists("/tmp/alert_snort{$snort_uuid}")) { + + /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ + /* File format: timestamp,generator_id,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ + $fd = fopen("/tmp/alert_snort{$snort_uuid}", "r"); + while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { + if(count($fields) < 13) + continue; + + // Get the Snort interface this alert was received from + $snort_alerts[$counter]['instanceid'] = strtoupper($a_instance[$instanceid]['interface']); + + // "fields[0]" is the complete timestamp in ASCII form. Convert + // to a UNIX timestamp so we can use it for various date and + // time formatting. Also extract the MM/DD/YY component and + // reverse its order to YY/MM/DD for proper sorting. + $fields[0] = trim($fields[0]); // remove trailing space before comma delimiter + $tstamp = strtotime(str_replace("-", " ", $fields[0])); // remove "-" between date and time components + $tmp = substr($fields[0],6,2) . '/' . substr($fields[0],0,2) . '/' . substr($fields[0],3,2); + $snort_alerts[$counter]['timestamp'] = str_replace(substr($fields[0],0,8),$tmp,$fields[0]); + + $snort_alerts[$counter]['timeonly'] = date("H:i:s", $tstamp); + $snort_alerts[$counter]['dateonly'] = date("M d", $tstamp); + // Add square brackets around any any IPv6 address + if (strpos($fields[6], ":") === FALSE) + $snort_alerts[$counter]['src'] = trim($fields[6]); + else + $snort_alerts[$counter]['src'] = "[" . trim($fields[6]) . "]"; + // Add the SRC PORT if not null + if (!empty($fields[7])) + $snort_alerts[$counter]['src'] .= ":" . trim($fields[7]); + // Add square brackets around any any IPv6 address + if (strpos($fields[8], ":") === FALSE) + $snort_alerts[$counter]['dst'] = trim($fields[8]); + else + $snort_alerts[$counter]['dst'] = "[" . trim($fields[8]) . "]"; + // Add the DST PORT if not null + if (!empty($fields[9])) + $snort_alerts[$counter]['dst'] .= ":" . trim($fields[9]); + $snort_alerts[$counter]['priority'] = trim($fields[12]); + $snort_alerts[$counter]['category'] = trim($fields[11]); + $counter++; + }; + fclose($fd); + @unlink("/tmp/alert_snort{$snort_uuid}"); + }; + }; + }; + + /* sort the alerts array */ + if (isset($config['syslog']['reverse'])) { + sksort($snort_alerts, 'timestamp', false); + } else { + sksort($snort_alerts, 'timestamp', true); + }; + + return $snort_alerts; +} +?> + +<input type="hidden" id="snort_alerts-config" name="snort_alerts-config" value="" /> +<div id="snort_alerts-settings" class="widgetconfigdiv" style="display:none;"> + <form action="/widgets/widgets/snort_alerts.widget.php" method="post" name="iformd"> + Enter number of recent alerts to display (default is 5)<br/> + <input type="text" size="5" name="widget_snort_display_lines" class="formfld unknown" id="widget_snort_display_lines" value="<?= $config['widgets']['widget_snort_display_lines'] ?>" /> + <input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" /> + </form> +</div> + +<table id="snort-alert-tbl" width="100%" border="0" cellspacing="0" cellpadding="0" style="table-layout: fixed;"> + <colgroup> + <col style="width: 24%;" /> + <col style="width: 38%;" /> + <col style="width: 38%;" /> + </colgroup> + <thead> + <tr> + <th class="widgetsubheader"><?=gettext("IF/Date");?></th> + <th class="widgetsubheader"><?=gettext("Src/Dst Address");?></th> + <th class="widgetsubheader"><?=gettext("Classification");?></th> + </tr> + </thead> + <tbody id="snort-alert-entries"> + <?php + $snort_alerts = snort_widget_get_alerts(); + $counter=0; + if (is_array($snort_alerts)) { + foreach ($snort_alerts as $alert) { + $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; + echo(" <tr class='" . $alertRowClass . "'> + <td class='" . $alertColClass . "'>" . $alert['instanceid'] . " " . $alert['dateonly'] . "<br/>" . $alert['timeonly'] . "</td> + <td class='" . $alertColClass . "' style='overflow: hidden; text-overflow: ellipsis;' nowrap><div style='display:inline;' title='" . $alert['src'] . "'>" . $alert['src'] . "</div><br/><div style='display:inline;' title='" . $alert['dst'] . "'>" . $alert['dst'] . "</div></td> + <td class='" . $alertColClass . "'>Priority: " . $alert['priority'] . " " . $alert['category'] . "</td></tr>"); + $counter++; + if($counter >= $snort_nentries) + break; + } + } + ?> + </tbody> +</table> + +<script type="text/javascript"> +//<![CDATA[ +<!-- needed in the snort_alerts.js file code --> + var snortupdateDelay = 10000; // update every 10 seconds + var snort_nentries = <?=$snort_nentries;?>; // number of alerts to display (5 is default) + var snortWidgetRowEvenClass = "<?=$alertRowEvenClass;?>"; // allows alternating background on 2.1 and higher + var snortWidgetRowOddClass = "<?=$alertRowOddClass;?>"; // allows alternating background on 2.1 and higher + var snortWidgetColClass = "<?=$alertColClass;?>"; // sets column CSS style (different on 2.1 and higher) + +<!-- needed to display the widget settings menu --> + selectIntLink = "snort_alerts-configure"; + textlink = document.getElementById(selectIntLink); + textlink.style.display = "inline"; +//]]> +</script> + diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 2457b573..902c1637 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -5,6 +5,7 @@ * * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2008-2009 Robert Zelaya. + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,9 +35,11 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; @@ -47,63 +50,151 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) $a_nat = &$config['installedpackages']['snortglobal']['rule']; $pconfig = array(); + +// The keys in the $retentions array are the retention period +// converted to hours. +$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'), + '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'), + '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") ); + +$log_sizes = array( '0' => gettext('NO LIMIT'), '8' => gettext('8 MB'), '16' => gettext('16 MB'), '32' => gettext('32 MB'), + '64' => gettext('64 MB'), '128' => gettext('128 MB'), '256' => gettext('256 MB') ); + if (isset($id) && $a_nat[$id]) { - /* old options */ $pconfig = $a_nat[$id]; if (!empty($a_nat[$id]['barnconfigpassthru'])) $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); + if (!empty($a_nat[$id]['barnyard_dbpwd'])) + $pconfig['barnyard_dbpwd'] = base64_decode($a_nat[$id]['barnyard_dbpwd']); + if (empty($a_nat[$id]['barnyard_show_year'])) + $pconfig['barnyard_show_year'] = "on"; + if (empty($a_nat[$id]['unified2_log_limit'])) + $pconfig['unified2_log_limit'] = "32"; + if (empty($a_nat[$id]['barnyard_archive_enable'])) + $pconfig['barnyard_archive_enable'] = "on"; + if (empty($a_nat[$id]['u2_archived_log_retention'])) + $pconfig['u2_archived_log_retention'] = "168"; + if (empty($a_nat[$id]['barnyard_obfuscate_ip'])) + $pconfig['barnyard_obfuscate_ip'] = "off"; + if (empty($a_nat[$id]['barnyard_syslog_dport'])) + $pconfig['barnyard_syslog_dport'] = "514"; + if (empty($a_nat[$id]['barnyard_syslog_proto'])) + $pconfig['barnyard_syslog_proto'] = "udp"; + if (empty($a_nat[$id]['barnyard_syslog_opmode'])) + $pconfig['barnyard_syslog_opmode'] = "default"; + if (empty($a_nat[$id]['barnyard_syslog_facility'])) + $pconfig['barnyard_syslog_facility'] = "LOG_USER"; + if (empty($a_nat[$id]['barnyard_syslog_priority'])) + $pconfig['barnyard_syslog_priority'] = "LOG_INFO"; + if (empty($a_nat[$id]['barnyard_bro_ids_dport'])) + $pconfig['barnyard_bro_ids_dport'] = "47760"; } -if (isset($_GET['dup'])) - unset($id); +if ($_POST['save']) { + // Check that at least one output plugin is enabled + if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' && + $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on") + $input_errors[] = gettext("You must enable at least one output option when using Barnyard2."); -if ($_POST) { + // Validate inputs if MySQL database loggging enabled + if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") { + if (empty($_POST['barnyard_dbhost'])) + $input_errors[] = gettext("Please provide a valid hostname or IP address for the MySQL database host."); + if (empty($_POST['barnyard_dbname'])) + $input_errors[] = gettext("You must provide a DB instance name when logging to a MySQL database."); + if (empty($_POST['barnyard_dbuser'])) + $input_errors[] = gettext("You must provide a DB user login name when logging to a MySQL database."); + } + + // Validate inputs if syslog output enabled + if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_enable'] == "on") { + if ($_POST['barnyard_log_vlan_events'] == 'on' || $_POST['barnyard_log_mpls_events'] == 'on') + $input_errors[] = gettext("Logging of VLAN or MPLS events is not compatible with syslog output. You must disable VLAN and MPLS event type logging when using the syslog output option."); + } + if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_syslog_local'] <> 'on' && + $_POST['barnyard_enable'] == "on") { + if (empty($_POST['barnyard_syslog_dport']) || !is_numeric($_POST['barnyard_syslog_dport'])) + $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Syslog Remote Port."); + if (empty($_POST['barnyard_syslog_rhost'])) + $input_errors[] = gettext("Please provide a valid hostname or IP address for the Syslog Remote Host."); + } - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; - if ($natent['interface'] != $_POST['interface']) - $input_error[] = "This interface has already an instance defined"; + // Validate inputs if Bro-IDS output enabled + if ($_POST['barnyard_bro_ids_enable'] == 'on' && $_POST['barnyard_enable'] == "on") { + if (empty($_POST['barnyard_bro_ids_dport']) || !is_numeric($_POST['barnyard_bro_ids_dport'])) + $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Bro-IDS Remote Port."); + if (empty($_POST['barnyard_bro_ids_rhost'])) + $input_errors[] = gettext("Please provide a valid hostname or IP address for the Bro-IDS Remote Host."); } - /* if no errors write to conf */ + // if no errors write to conf if (!$input_errors) { $natent = array(); /* repost the options already in conf */ $natent = $pconfig; $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off'; - if ($_POST['barnyard_mysql']) $natent['barnyard_mysql'] = $_POST['barnyard_mysql']; else unset($natent['barnyard_mysql']); + $natent['barnyard_show_year'] = $_POST['barnyard_show_year'] ? 'on' : 'off'; + $natent['barnyard_archive_enable'] = $_POST['barnyard_archive_enable'] ? 'on' : 'off'; + $natent['barnyard_dump_payload'] = $_POST['barnyard_dump_payload'] ? 'on' : 'off'; + $natent['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip'] ? 'on' : 'off'; + $natent['barnyard_log_vlan_events'] = $_POST['barnyard_log_vlan_events'] ? 'on' : 'off'; + $natent['barnyard_log_mpls_events'] = $_POST['barnyard_log_mpls_events'] ? 'on' : 'off'; + $natent['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'] ? 'on' : 'off'; + $natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off'; + $natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off'; + $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off'; + $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off'; + $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; + $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; + + if ($_POST['unified2_log_limit']) $natent['unified2_log_limit'] = $_POST['unified2_log_limit']; else unset($natent['unified2_log_limit']); + if ($_POST['u2_archived_log_retention']) $natent['u2_archived_log_retention'] = $_POST['u2_archived_log_retention']; else unset($natent['u2_archived_log_retention']); + if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']); + if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']); + if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']); + if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']); + if ($_POST['barnyard_dbpwd']) $natent['barnyard_dbpwd'] = base64_encode($_POST['barnyard_dbpwd']); else unset($natent['barnyard_dbpwd']); + if ($_POST['barnyard_syslog_rhost']) $natent['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost']; else unset($natent['barnyard_syslog_rhost']); + if ($_POST['barnyard_syslog_dport']) $natent['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; else $natent['barnyard_syslog_dport'] = '514'; + if ($_POST['barnyard_syslog_facility']) $natent['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; else $natent['barnyard_syslog_facility'] = 'LOG_USER'; + if ($_POST['barnyard_syslog_priority']) $natent['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; else $natent['barnyard_syslog_priority'] = 'LOG_INFO'; + if ($_POST['barnyard_bro_ids_rhost']) $natent['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; else unset($natent['barnyard_bro_ids_rhost']); + if ($_POST['barnyard_bro_ids_dport']) $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; else $natent['barnyard_bro_ids_dport'] = '47760'; if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']); - if ($_POST['barnyard_enable'] == "on") - $natent['snortunifiedlog'] = 'on'; - else - $natent['snortunifiedlog'] = 'off'; - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - $a_nat[] = $natent; - } - write_config(); + $a_nat[$id] = $natent; + write_config("Snort pkg: modified Barnyard2 settings."); - /* No need to rebuild rules if just toggling Barnyard2 on or off */ + // No need to rebuild rules for Barnyard2 changes $rebuild_rules = false; sync_snort_package_config(); - /* after click go to this page */ - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: snort_barnyard.php?id=$id"); - exit; + // If disabling Barnyard2 on the interface, stop any + // currently running instance. If an instance is + // running, signal it to reload the configuration. + // If Barnyard2 is enabled but not running, notify the + // user to restart Snort to enable Unified2 output. + if ($a_nat[$id]['barnyard_enable'] == "off") { + snort_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); + } + elseif ($a_nat[$id]['barnyard_enable'] == "on") { + if (snort_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) + snort_barnyard_reload_config($a_nat[$id], "HUP"); + else { + // Notify user a Snort restart is required if enabling Barnyard2 for the first time + $savemsg = gettext("NOTE: you must restart Snort on this interface to activate unified2 logging for Barnyard2."); + } + } + $pconfig = $natent; + } + else { + // We had errors, so save previous field data to prevent retyping + $pconfig = $_POST; } } -$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Barnyard2 Settings"); include_once("head.inc"); @@ -111,21 +202,6 @@ include_once("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<script language="JavaScript"> -<!-- - -function enable_change(enable_change) { - endis = !(document.iform.barnyard_enable.checked || enable_change); - // make shure a default answer is called if this is envoked. - endis2 = (document.iform.barnyard_enable); - - document.iform.barnyard_mysql.disabled = endis; - document.iform.barnconfigpassthru.disabled = endis; -} -//--> -</script> <?php @@ -138,10 +214,10 @@ function enable_change(enable_change) { print_info_box($savemsg); } - ?> +?> -<form action="snort_barnyard.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"> +<form action="snort_barnyard.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>" /> </td> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -149,23 +225,25 @@ function enable_change(enable_change) { $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); - $tab_array = array(); - $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -178,46 +256,282 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Enable"); ?></td> <td width="78%" class="vtable"> - <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"> + <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"/> <strong><?php echo gettext("Enable Barnyard2"); ?></strong><br/> - <?php echo gettext("This will enable barnyard2 for this interface. You will also have to set the database credentials."); ?></td> + <?php echo gettext("This will enable barnyard2 for this interface. You will also to enable at least one logging destination below."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Show Year"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_show_year" type="checkbox" value="on" <?php if ($pconfig['barnyard_show_year'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable the year being shown in timestamps. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td> + <td width="78%" class="vtable"><select name="unified2_log_limit" class="formselect" id="unified2_log_limit"> + <?php foreach ($log_sizes as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['unified2_log_limit']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> <?php echo gettext("Choose a Unified2 Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/><br/> + <?php echo gettext("This sets the maximum size for a Unified2 Log file before it is rotated and a new one created."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Archive Unified2 Logs"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_archive_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_archive_enable'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable the archiving of processed unified2 log files. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?><br/> + <?php echo gettext("Unified2 log files will be moved to an archive folder for subsequent cleanup when processed."); ?> + </td> + </tr> + <tr> + <td class="vncell" width="22%" valign="top"><?=gettext("Unified2 Archived Log Retention Period");?></td> + <td width="78%" class="vtable"><select name="u2_archived_log_retention" class="formselect" id="u2_archived_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['u2_archived_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> <?=gettext("Choose retention period for archived Barnyard2 binary log files. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/> + <?=gettext("When Barnyard2 output is enabled, Snort writes event data to a binary format file that Barnyard2 reads and processes. ") . + gettext("When finished processing a file, Barnyard2 moves it to an archive folder. This setting determines how long files ") . + gettext("remain in the archive folder before they are automatically deleted.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Dump Payload"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dump_payload" type="checkbox" value="on" <?php if ($pconfig['barnyard_dump_payload'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable dumping of application data from unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Obfuscate IP Addresses"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_obfuscate_ip" type="checkbox" value="on" <?php if ($pconfig['barnyard_obfuscate_ip'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable obfuscation of logged IP addresses. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?> + </td> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log VLAN Events"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_log_vlan_events" type="checkbox" value="on" <?php if ($pconfig['barnyard_log_vlan_events'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable logging of VLAN event types in unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log MPLS Events"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_log_mpls_events" type="checkbox" value="on" <?php if ($pconfig['barnyard_log_mpls_events'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable logging of MPLS event types in unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor Name"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_sensor_name" type="text" class="formfld unknown" + id="barnyard_sensor_name" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_name']);?>"/> + <?php echo gettext("Unique name for this sensor. Leave blank to use internal default."); ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Database Output Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable MySQL Database"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_mysql_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_mysql_enable'] == "on") echo "checked"; ?> + onClick="toggle_mySQL()"/><?php echo gettext("Enable logging of alerts to a MySQL database instance"); ?><br/> + <?php echo gettext("You will also have to provide the database credentials in the fields below."); ?></td> + </tr> + <tbody id="mysql_config_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Host"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dbhost" type="text" class="formfld host" + id="barnyard_dbhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbhost']);?>"/> + <?php echo gettext("Hostname or IP address of the MySQL database server"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Name"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dbname" type="text" class="formfld unknown" + id="barnyard_dbname" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbname']);?>"/> + <?php echo gettext("Instance or DB name of the MySQL database"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Name"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dbuser" type="text" class="formfld user" + id="barnyard_dbuser" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbuser']);?>"/> + <?php echo gettext("Username for the MySQL database"); ?> + </td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Settings"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Password"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dbpwd" type="password" class="formfld pwd" + id="barnyard_dbpwd" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbpwd']);?>"/> + <?php echo gettext("Password for the MySQL database user"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/> + <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/> + <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Snort instances."); ?> + </td> + </tr> + </tbody> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Syslog"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_enable'] == "on") echo "checked"; ?> + onClick="toggle_syslog()"/> + <?php echo gettext("Enable logging of alerts to a syslog receiver"); ?><br/> + <?php echo gettext("This will send alert data to either a local or remote syslog receiver."); ?></td> + </tr> + <tbody id="syslog_config_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Operation Mode"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_default" + value="default" <?php if ($pconfig['barnyard_syslog_opmode'] == 'default') echo "checked";?>/> + <?php echo gettext("DEFAULT"); ?> <input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_complete" + value="complete" <?php if ($pconfig['barnyard_syslog_opmode'] == 'complete') echo "checked";?>/> + <?php echo gettext("COMPLETE"); ?> + <?php echo gettext("Select the level of detail to include when reporting"); ?><br/><br/> + <?php echo gettext("DEFAULT mode is compatible with the standard Snort syslog format. COMPLETE mode includes additional information such as the raw packet data (displayed in hex format)."); ?> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Log to a MySQL Database"); ?></td> - <td width="78%" class="vtable"><input name="barnyard_mysql" - type="text" class="formfld unknown" id="barnyard_mysql" style="width:95%;" size="85" - value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br/> - <span class="vexpl"><?php echo gettext("Example: output database: alert, mysql, " . - "dbname=snort user=snort host=localhost password=xyz"); ?><br/> - <?php echo gettext("Example: output database: log, mysql, dbname=snort user=snort " . - "host=localhost password=xyz"); ?></span></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Only"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_local" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_local'] == "on") echo "checked"; ?> + onClick="toggle_local_syslog()"/> + <?php echo gettext("Enable logging of alerts to the local system only"); ?><br/> + <?php echo gettext("This will send alert data to the local system only and overrides the host, port, protocol, facility and priority values below."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_rhost" type="text" class="formfld host" + id="barnyard_syslog_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_rhost']);?>"/> + <?php echo gettext("Hostname or IP address of remote syslog host"); ?> + </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_dport" type="text" class="formfld unknown" + id="barnyard_syslog_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_dport']);?>"/> + <?php echo gettext("Port number for syslog on remote host. Default is ") . "<strong>" . gettext("514") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Protocol"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_udp" + value="udp" <?php if ($pconfig['barnyard_syslog_proto'] == 'udp') echo "checked";?>/> + <?php echo gettext("UDP"); ?> <input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_tcp" + value="tcp" <?php if ($pconfig['barnyard_syslog_proto'] == 'tcp') echo "checked";?>/> + <?php echo gettext("TCP"); ?> + <?php echo gettext("Select IP protocol to use for remote reporting. Default is ") . "<strong>" . gettext("UDP") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td> + <td width="78%" class="vtable"> + <select name="barnyard_syslog_facility" id="barnyard_syslog_facility" class="formselect"> + <?php + $log_facility = array( "LOG_AUTH", "LOG_AUTHPRIV", "LOG_DAEMON", "LOG_KERN", "LOG_SYSLOG", "LOG_USER", "LOG_LOCAL1", + "LOG_LOCAL2", "LOG_LOCAL3", "LOG_LOCAL4", "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7" ); + foreach ($log_facility as $facility) { + $selected = ""; + if ($facility == $pconfig['barnyard_syslog_facility']) + $selected = " selected"; + echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; + } + ?></select> + <?php echo gettext("Select Syslog Facility to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Priority"); ?></td> + <td width="78%" class="vtable"> + <select name="barnyard_syslog_priority" id="barnyard_syslog_priority" class="formselect"> + <?php + $log_priority = array( "LOG_EMERG", "LOG_ALERT", "LOG_CRIT", "LOG_ERR", "LOG_WARNING", "LOG_NOTICE", "LOG_INFO" ); + foreach ($log_priority as $priority) { + $selected = ""; + if ($priority == $pconfig['barnyard_syslog_priority']) + $selected = " selected"; + echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n"; + } + ?></select> + <?php echo gettext("Select Syslog Priority (Level) to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?> + </td> + </tr> + </tbody> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Bro-IDS Output Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Bro-IDS"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_bro_ids_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_bro_ids_enable'] == "on") echo "checked"; ?> + onClick="toggle_bro_ids()"/> + <?php echo gettext("Enable logging of alerts to a Bro-IDS receiver"); ?><br/> + <?php echo gettext("This will send alert data to either a local or remote Bro-IDS receiver."); ?></td> + </tr> + <tbody id="bro_ids_config_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_bro_ids_rhost" type="text" class="formfld host" + id="barnyard_bro_ids_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_rhost']);?>"/> + <?php echo gettext("Hostname or IP address of remote Bro-IDS host"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_bro_ids_dport" type="text" class="formfld unknown" + id="barnyard_bro_ids_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_dport']);?>"/> + <?php echo gettext("Port number for Bro-IDS instance on remote host. Default is ") . "<strong>" . gettext("47760") . "</strong>."; ?> + </td> + </tr> + </tbody> + <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Advanced Settings"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration " . - "pass through"); ?></td> + "pass-through"); ?></td> <td width="78%" class="vtable"><textarea name="barnconfigpassthru" style="width:95%;" cols="65" rows="7" id="barnconfigpassthru" ><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> <br/> - <?php echo gettext("Arguments here will be automatically inserted into the running " . + <?php echo gettext("Arguments entered here will be automatically inserted into the running " . "barnyard2 configuration."); ?></td> </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input name="id" type="hidden" value="<?=$id;?>"> </td> + <input name="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save Barnyard2 configuration");?>" /> </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span></span> <br/> - <?php echo gettext("Please save your settings before you click start."); ?> </td> + <?php echo gettext("Remember to save your settings before you leave this tab."); ?> </td> </tr> </table> </div> @@ -225,10 +539,107 @@ function enable_change(enable_change) { </tr> </table> </form> + <script language="JavaScript"> -<!-- +function toggle_mySQL() { + var endis = !document.iform.barnyard_mysql_enable.checked; + + document.iform.barnyard_dbhost.disabled = endis; + document.iform.barnyard_dbname.disabled = endis; + document.iform.barnyard_dbuser.disabled = endis; + document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; + + if (endis) + document.getElementById("mysql_config_rows").style.display = "none"; + else + document.getElementById("mysql_config_rows").style.display = ""; +} + +function toggle_syslog() { + var endis = !document.iform.barnyard_syslog_enable.checked; + + document.iform.barnyard_syslog_opmode_default.disabled = endis; + document.iform.barnyard_syslog_opmode_complete.disabled = endis; + document.iform.barnyard_syslog_local.disabled = endis; + document.iform.barnyard_syslog_rhost.disabled = endis; + document.iform.barnyard_syslog_dport.disabled = endis; + document.iform.barnyard_syslog_proto_udp.disabled = endis; + document.iform.barnyard_syslog_proto_tcp.disabled = endis; + document.iform.barnyard_syslog_facility.disabled = endis; + document.iform.barnyard_syslog_priority.disabled = endis; + + if (endis) + document.getElementById("syslog_config_rows").style.display = "none"; + else + document.getElementById("syslog_config_rows").style.display = ""; +} + +function toggle_local_syslog() { + var endis = document.iform.barnyard_syslog_local.checked; + + if (document.iform.barnyard_syslog_enable.checked) { + document.iform.barnyard_syslog_rhost.disabled = endis; + document.iform.barnyard_syslog_dport.disabled = endis; + document.iform.barnyard_syslog_proto_udp.disabled = endis; + document.iform.barnyard_syslog_proto_tcp.disabled = endis; + document.iform.barnyard_syslog_facility.disabled = endis; + document.iform.barnyard_syslog_priority.disabled = endis; + } +} + +function toggle_bro_ids() { + var endis = !document.iform.barnyard_bro_ids_enable.checked; + + document.iform.barnyard_bro_ids_rhost.disabled = endis; + document.iform.barnyard_bro_ids_dport.disabled = endis; + + if (endis) + document.getElementById("bro_ids_config_rows").style.display = "none"; + else + document.getElementById("bro_ids_config_rows").style.display = ""; +} + +function enable_change(enable_change) { + endis = !(document.iform.barnyard_enable.checked || enable_change); + // make sure a default answer is called if this is invoked. + endis2 = (document.iform.barnyard_enable); + document.iform.unified2_log_limit.disabled = endis; + document.iform.barnyard_archive_enable.disabled = endis; + document.iform.u2_archived_log_retention.disabled = endis; + document.iform.barnyard_show_year.disabled = endis; + document.iform.barnyard_dump_payload.disabled = endis; + document.iform.barnyard_obfuscate_ip.disabled = endis; + document.iform.barnyard_log_vlan_events.disabled = endis; + document.iform.barnyard_log_mpls_events.disabled = endis; + document.iform.barnyard_sensor_name.disabled = endis; + document.iform.barnyard_mysql_enable.disabled = endis; + document.iform.barnyard_dbhost.disabled = endis; + document.iform.barnyard_dbname.disabled = endis; + document.iform.barnyard_dbuser.disabled = endis; + document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; + document.iform.barnyard_syslog_enable.disabled = endis; + document.iform.barnyard_syslog_local.disabled = endis; + document.iform.barnyard_syslog_opmode_default.disabled = endis; + document.iform.barnyard_syslog_opmode_complete.disabled = endis; + document.iform.barnyard_syslog_rhost.disabled = endis; + document.iform.barnyard_syslog_dport.disabled = endis; + document.iform.barnyard_syslog_proto_udp.disabled = endis; + document.iform.barnyard_syslog_proto_tcp.disabled = endis; + document.iform.barnyard_syslog_facility.disabled = endis; + document.iform.barnyard_syslog_priority.disabled = endis; + document.iform.barnyard_bro_ids_enable.disabled = endis; + document.iform.barnyard_bro_ids_rhost.disabled = endis; + document.iform.barnyard_bro_ids_dport.disabled = endis; + document.iform.barnconfigpassthru.disabled = endis; +} + enable_change(false); -//--> +toggle_mySQL(); +toggle_syslog(); +toggle_local_syslog(); +toggle_bro_ids(); </script> <?php include("fend.inc"); ?> </body> diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 8d106a90..76d5a9df 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -7,6 +7,7 @@ * * Modified for the Pfsense snort package v. 1.8+ * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2014 Bill Meeks * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -33,6 +34,11 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +$snortlogdir = SNORTLOGDIR; + +// Grab pfSense version so we can refer to it later on this page +$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); + if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $config['installedpackages']['snortglobal']['alertsblocks'] = array(); @@ -44,14 +50,14 @@ if (empty($pconfig['blertnumber'])) else $bnentries = $pconfig['blertnumber']; -if ($_POST['todelete'] || $_GET['todelete']) { +if ($_POST['todelete']) { $ip = ""; - if($_POST['todelete']) - $ip = $_POST['todelete']; - else if($_GET['todelete']) - $ip = $_GET['todelete']; + if ($_POST['ip']) + $ip = $_POST['ip']; if (is_ipaddr($ip)) exec("/sbin/pfctl -t snort2c -T delete {$ip}"); + else + $input_errors[] = gettext("An invalid IP address was provided as a parameter."); } if ($_POST['remove']) { @@ -113,7 +119,7 @@ if ($_POST['save']) $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; - write_config(); + write_config("Snort pkg: updated BLOCKED tab settings."); header("Location: /snort/snort_blocked.php"); exit; @@ -127,6 +133,7 @@ include_once("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000"> +<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php @@ -135,12 +142,19 @@ include_once("fbegin.inc"); /* refresh every 60 secs */ if ($pconfig['brefresh'] == 'on') echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n"; -?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} +if ($savemsg) { + print_info_box($savemsg); +} +?> -<?php if ($savemsg) print_info_box($savemsg); ?> <form action="/snort/snort_blocked.php" method="post"> +<input type="hidden" name="ip" id="ip" value=""/> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> @@ -151,10 +165,11 @@ if ($pconfig['brefresh'] == 'on') $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td> </tr> @@ -167,22 +182,23 @@ if ($pconfig['brefresh'] == 'on') <tr> <td width="22%" class="vncell"><?php echo gettext("Save or Remove Hosts"); ?></td> <td width="78%" class="vtable"> - <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext("All " . - "blocked hosts will be saved."); ?> <input name="remove" type="submit" - class="formbtns" value="Clear"> <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> - <?php echo gettext("all hosts will be removed."); ?> + <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/> + <?php echo gettext("All blocked hosts will be saved."); ?> + <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>" + onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/> + <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("all hosts will be removed."); ?> </td> </tr> <tr> <td width="22%" class="vncell"><?php echo gettext("Auto Refresh and Log View"); ?></td> <td width="78%" class="vtable"> - <input name="save" type="submit" class="formbtns" value="Save"> <?php echo gettext("Refresh"); ?> <input - name="brefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>> - <?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> <input - name="blertnumber" type="text" class="formfld unknown" id="blertnumber" - size="5" value="<?=htmlspecialchars($bnentries);?>"> <?php printf(gettext("Enter the " . - "number of blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/> + <?php echo gettext("Refresh"); ?> <input name="brefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>/> + <?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="blertnumber" type="text" class="formfld unknown" id="blertnumber" + size="5" value="<?=htmlspecialchars($bnentries);?>"/> <?php printf(gettext("Enter number of " . + "blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> </td> </tr> <tr> @@ -220,13 +236,13 @@ if ($pconfig['brefresh'] == 'on') if (!empty($blocked_ips_array)) { $tmpblocked = array_flip($blocked_ips_array); $src_ip_list = array(); - foreach (glob("/var/log/snort/*/alert") as $alertfile) { + foreach (glob("{$snortlogdir}/*/alert") as $alertfile) { $fd = fopen($alertfile, "r"); if ($fd) { /* 0 1 2 3 4 5 6 7 8 9 10 11 12 /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 11) + if(count($fields) < 13) continue; if (isset($tmpblocked[$fields[6]])) { @@ -260,19 +276,26 @@ if ($pconfig['brefresh'] == 'on') /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $tmp_ip = str_replace(":", ":​", $blocked_ip); - + /* Add reverse DNS lookup icons (two different links if pfSense version supports them) */ + $rdns_link = ""; + if ($pfs_version > 2.0) { + $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$blocked_ip}&dialog_output=true', outputrule);\">"; + $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; + $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; + } + $rdns_link .= "<a href='/diag_dns.php?host={$blocked_ip}'>"; + $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; + $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; /* use one echo to do the magic*/ echo "<tr> <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> - <td valign=\"middle\" class=\"listr\">{$tmp_ip} <a href='/diag_dns.php?host={$blocked_ip}'> - <img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' - title='" . gettext("Resolve host via reverse DNS lookup") . "'></a></td> + <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td> <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td> - <td align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'> - <img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> + <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\"> + <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$blocked_ip}';\" + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td> </tr>\n"; } - } ?> </tbody> diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index 038a11cd..a5b9e65e 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -1,10 +1,11 @@ <?php /* - * snort_chk_log_dir_size.php + * snort_check_cron_misc.inc * part of pfSense * - * Modified for the Pfsense snort package v. 1.8+ + * Modified for the pfSense snort package v. 1.8+ * Copyright (C) 2009-2010 Robert Zelaya Developer + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,68 +32,98 @@ require_once("/usr/local/pkg/snort/snort.inc"); -// 'B' => 1, -// 'KB' => 1024, -// 'MB' => 1024 * 1024, -// 'GB' => 1024 * 1024 * 1024, -// 'TB' => 1024 * 1024 * 1024 * 1024, -// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024, +$snortlogdir = SNORTLOGDIR; +function snort_check_dir_size_limit($snortloglimitsize) { -/* chk if snort log dir is full if so clear it */ -$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit']; -$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize']; + /******************************************************** + * This function checks the total size of the Snort * + * logging sub-directory structure and prunes the files * + * for all Snort interfaces if the size exceeds the * + * passed limit. * + * * + * On Entry: $snortloglimitsize = dir size limit in * + * in megabytes * + ********************************************************/ -if ($g['booting']==true) - return; + global $g, $config; -if ($snortloglimit == 'off') - return; + // Convert Log Limit Size setting from MB to KB + $snortloglimitsizeKB = round($snortloglimitsize * 1024); + $snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR); + if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) { + log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated.")); + conf_mount_rw(); -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; + // Truncate the Rules Update Log file if it exists + if (file_exists(RULES_UPD_LOGFILE)) { + log_error(gettext("[Snort] Truncating the Rules Update Log file...")); + @file_put_contents(RULES_UPD_LOGFILE, ""); + } -/* Convert Log Limit Size setting from MB to KB */ -$snortloglimitsizeKB = round($snortloglimitsize * 1024); -$snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR); -if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) { - log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated.")); - conf_mount_rw(); - - /* Truncate the Rules Update Log file if it exists */ - if (file_exists(RULES_UPD_LOGFILE)) { - log_error(gettext("[Snort] Truncating the Rules Update Log file...")); - $fd = @fopen(RULES_UPD_LOGFILE, "w+"); - if ($fd) - fclose($fd); - } + // Clean-up the logs for each configured Snort instance + foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + $snort_uuid = $value['uuid']; + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; + log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})...")); + snort_post_delete_logs($snort_uuid); + + // Truncate the alert log file if it exists + if (file_exists("{$snort_log_dir}/alert")) { + @file_put_contents("{$snort_log_dir}/alert", ""); + } - /* Clean-up the logs for each configured Snort instance */ - foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - $if_real = snort_get_real_interface($value['interface']); - $snort_uuid = $value['uuid']; - $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; - log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})...")); - snort_post_delete_logs($snort_uuid); - - /* Truncate the alert log file if it exists */ - if (file_exists("{$snort_log_dir}/alert")) { - $fd = @fopen("{$snort_log_dir}/alert", "w+"); - if ($fd) - fclose($fd); + // This is needed if snort is run as snort user + mwexec('/bin/chmod 660 {$snort_log_dir}/*', true); + + // Soft-restart Snort process to resync logging + if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})...")); + mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); + } } + conf_mount_ro(); + log_error(gettext("[Snort] Automatic clean-up of Snort logs completed.")); + } +} + +/************************* + * Start of main code * + *************************/ + +// If firewall is booting, do nothing +if ($g['booting'] == true) + return; - /* This is needed if snort is run as snort user */ - mwexec('/bin/chmod 660 /var/log/snort/*', true); +// If no interfaces defined, there is nothing to clean up +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; - /* Soft-restart Snort process to resync logging */ - if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { - log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})...")); - mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); +// Check unified2 archived log retention in the interface logging directories if enabled +foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$value['uuid']}"; + if (is_dir("{$snort_log_dir}/barnyard2/archive") && $value['u2_archived_log_retention'] > 0) { + $now = time(); + $files = glob("{$snort_log_dir}/barnyard2/archive/snort_{$value['uuid']}_{$if_real}.u2.*"); + $prune_count = 0; + foreach ($files as $f) { + if (($now - filemtime($f)) > ($value['u2_archived_log_retention'] * 3600)) { + $prune_count++; + unlink_if_exists($f); + } } + unset($files); + if ($prune_count > 0) + log_error(gettext("[Snort] Barnyard2 archived logs cleanup job removed {$prune_count} file(s)...")); } - conf_mount_ro(); - log_error(gettext("[Snort] Automatic clean-up of Snort logs completed.")); } +// Check the overall log directory limit (if enabled) and prune if necessary +if ($config['installedpackages']['snortglobal']['snortloglimit'] == 'on') + snort_check_dir_size_limit($config['installedpackages']['snortglobal']['snortloglimitsize']); + +return; + ?> diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 807b7844..667f4044 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -5,7 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,7 +34,7 @@ require_once("functions.inc"); require_once("service-utils.inc"); require_once "/usr/local/pkg/snort/snort.inc"; -global $g, $pkg_interface, $snort_gui_include, $rebuild_rules; +global $g, $config, $pkg_interface, $snort_gui_include, $rebuild_rules; if (!defined("VRT_DNLD_URL")) define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/"); @@ -62,10 +62,13 @@ if (!defined("ET_OPEN_FILE_PREFIX")) define("ET_OPEN_FILE_PREFIX", "emerging-"); if (!defined("ET_PRO_FILE_PREFIX")) define("ET_PRO_FILE_PREFIX", "etpro-"); +if (!defined("IPREP_PATH")) + define("IPREP_PATH", "/var/db/snort/iprep/"); $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; +$snortiprepdir = IPREP_PATH; $snort_rules_upd_log = RULES_UPD_LOGFILE; /* Save the state of $pkg_interface so we can restore it */ @@ -78,15 +81,14 @@ else /* define checks */ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; $etproid = $config['installedpackages']['snortglobal']['etpro_code']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; -$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro']; -$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules']; -$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload']; -$et_enabled = $config['installedpackages']['snortglobal']['emergingthreats']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off'; +$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'] == 'on' ? 'on' : 'off'; +$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'on' ? 'on' : 'off'; +$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off'; +$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off'; -/* Working directory for downloaded rules tarballs */ -$tmpfname = "{$snortdir}/tmp/snort_rules_up"; +/* Working directory for downloaded rules tarballs and extraction */ +$tmpfname = "/tmp/snort_rules_up"; /* Grab the Snort binary version programmatically and use it to construct */ /* the proper Snort VRT rules tarball and md5 filenames. Fallback to a */ @@ -96,7 +98,7 @@ exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26 // Save the version with decimal delimiters for use in extracting the rules $snort_version = $snortver[0]; if (empty($snort_version)) - $snort_version = "2.9.5.5"; + $snort_version = "2.9.6.0"; // Create a collapsed version string for use in the tarball filename $snortver[0] = str_replace(".", "", $snortver[0]); @@ -114,7 +116,6 @@ if ($etpro == "on") { $emergingthreats_url = ETPRO_BASE_DNLD_URL; $emergingthreats_url .= "{$etproid}/snort-" . ET_VERSION . "/"; $emergingthreats = "on"; - $et_enabled= "on"; $et_name = "Emerging Threats Pro"; $et_md5_remove = ET_DNLD_FILENAME . ".md5"; @unlink("{$snortdir}/{$et_md5_remove}"); @@ -152,22 +153,54 @@ function snort_download_file_url($url, $file_out) { global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update; + $rfc2616 = array( + 100 => "100 Continue", + 101 => "101 Switching Protocols", + 200 => "200 OK", + 201 => "201 Created", + 202 => "202 Accepted", + 203 => "203 Non-Authoritative Information", + 204 => "204 No Content", + 205 => "205 Reset Content", + 206 => "206 Partial Content", + 300 => "300 Multiple Choices", + 301 => "301 Moved Permanently", + 302 => "302 Found", + 303 => "303 See Other", + 304 => "304 Not Modified", + 305 => "305 Use Proxy", + 306 => "306 (Unused)", + 307 => "307 Temporary Redirect", + 400 => "400 Bad Request", + 401 => "401 Unauthorized", + 402 => "402 Payment Required", + 403 => "403 Forbidden", + 404 => "404 Not Found", + 405 => "405 Method Not Allowed", + 406 => "406 Not Acceptable", + 407 => "407 Proxy Authentication Required", + 408 => "408 Request Timeout", + 409 => "409 Conflict", + 410 => "410 Gone", + 411 => "411 Length Required", + 412 => "412 Precondition Failed", + 413 => "413 Request Entity Too Large", + 414 => "414 Request-URI Too Long", + 415 => "415 Unsupported Media Type", + 416 => "416 Requested Range Not Satisfiable", + 417 => "417 Expectation Failed", + 500 => "500 Internal Server Error", + 501 => "501 Not Implemented", + 502 => "502 Bad Gateway", + 503 => "503 Service Unavailable", + 504 => "504 Gateway Timeout", + 505 => "505 HTTP Version Not Supported" + ); + // Initialize required variables for the pfSense "read_body()" function $file_size = 1; $downloaded = 1; $first_progress_update = TRUE; - - - // Array of message strings for HTTP Response Codes - $http_resp_msg = array( 200 => "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content", - 206 => "Partial Content", 301 => "Moved Permanently", 302 => "Found", - 305 => "Use Proxy", 307 => "Temporary Redirect", 400 => "Bad Request", - 401 => "Unauthorized", 402 => "Payment Required", 403 => "Forbidden", - 404 => "Not Found", 405 => "Method Not Allowed", 407 => "Proxy Authentication Required", - 408 => "Request Timeout", 410 => "Gone", 500 => "Internal Server Error", - 501 => "Not Implemented", 502 => "Bad Gateway", 503 => "Service Unavailable", - 504 => "Gateway Timeout", 505 => "HTTP Version Not Supported" ); - $last_curl_error = ""; $fout = fopen($file_out, "wb"); @@ -217,8 +250,8 @@ function snort_download_file_url($url, $file_out) { if ($rc === false) $last_curl_error = curl_error($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if (isset($http_resp_msg[$http_code])) - $last_curl_error = $http_resp_msg[$http_code]; + if (isset($rfc2616[$http_code])) + $last_curl_error = $rfc2616[$http_code]; curl_close($ch); fclose($fout); @@ -252,7 +285,7 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") { /* error occurred. */ /**********************************************************/ - global $pkg_interface, $snort_rules_upd_log, $last_curl_error; + global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors; $snortdir = SNORTDIR; $filename_md5 = basename($file_dst); @@ -294,9 +327,9 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") { log_error(gettext("[Snort] {$desc} md5 download failed...")); log_error(gettext("[Snort] Server returned error code {$rc}...")); error_log(gettext("\t{$snort_err_msg}\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + $update_errors = true; return false; } } @@ -320,7 +353,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { /* FALSE if download was not successful. */ /**********************************************************/ - global $pkg_interface, $snort_rules_upd_log, $last_curl_error; + global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors; $snortdir = SNORTDIR; $filename = basename($file_dst); @@ -350,6 +383,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $snort_rules_upd_log); error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $snort_rules_upd_log); error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + $update_errors = true; return false; } return true; @@ -359,9 +393,9 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { update_output_window(gettext("{$desc} file download failed...")); log_error(gettext("[Snort] {$desc} file download failed... server returned error '{$rc}'...")); error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + $update_errors = true; return false; } @@ -371,27 +405,29 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { /* Start of main code */ /**********************/ -/* remove old $tmpfname files */ +/* remove any old $tmpfname files */ if (is_dir("{$tmpfname}")) - exec("/bin/rm -r {$tmpfname}"); + exec("/bin/rm -rf {$tmpfname}"); /* Make sure required snortdirs exsist */ -exec("/bin/mkdir -p {$snortdir}/rules"); -exec("/bin/mkdir -p {$snortdir}/signatures"); -exec("/bin/mkdir -p {$snortdir}/preproc_rules"); -exec("/bin/mkdir -p {$tmpfname}"); -exec("/bin/mkdir -p {$snortlibdir}/dynamicrules"); -exec("/bin/mkdir -p {$snortlogdir}"); +safe_mkdir("{$snortdir}/rules"); +safe_mkdir("{$snortdir}/signatures"); +safe_mkdir("{$snortdir}/preproc_rules"); +safe_mkdir("{$tmpfname}"); +safe_mkdir("{$snortlibdir}/dynamicrules"); +safe_mkdir("{$snortlogdir}"); +safe_mkdir("{$snortiprepdir}"); /* See if we need to automatically clear the Update Log based on 1024K size limit */ if (file_exists($snort_rules_upd_log)) { if (1048576 < filesize($snort_rules_upd_log)) - exec("/bin/rm -r {$snort_rules_upd_log}"); + @unlink("{$snort_rules_upd_log}"); } /* Log start time for this rules update */ error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $snort_rules_upd_log); $last_curl_error = ""; +$update_errors = false; /* Check for and download any new Snort VRT sigs */ if ($snortdownload == 'on') { @@ -429,26 +465,125 @@ if ($emergingthreats == 'on') { $emergingthreats = 'off'; } -/* Untar Snort GPLv2 Community rules file to tmp */ +/* Untar Snort rules file to tmp and install the rules */ +if ($snortdownload == 'on') { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + /* Currently, only FreeBSD-8-1, FreeBSD-9-0 and FreeBSD-10-0 precompiled SO rules exist from Snort.org */ + /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x or FreeBSD 10.x */ + $freebsd_version_so = 'FreeBSD-8-1'; + if (substr(php_uname("r"), 0, 1) == '9') + $freebsd_version_so = 'FreeBSD-9-0'; + elseif (substr(php_uname("r"), 0, 2) == '10') + $freebsd_version_so = 'FreeBSD-10-0'; + + /* Remove the old Snort rules files */ + $vrt_prefix = VRT_FILE_PREFIX; + unlink_if_exists("{$snortdir}/rules/{$vrt_prefix}*.rules"); + + if ($pkg_interface <> "console") { + update_status(gettext("Extracting Snort VRT rules...")); + update_output_window(gettext("Installing Sourcefire VRT rules...")); + } + error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $snort_rules_upd_log); + /* extract snort.org rules and add VRT_FILE_PREFIX prefix to all snort.org files */ + safe_mkdir("{$tmpfname}/snortrules"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}/snortrules rules/"); + $files = glob("{$tmpfname}/snortrules/rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}"); + } + /* Extract any IP lists */ + $files = glob("{$tmpfname}/snortrules/rules/*.txt"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$snortdir}/rules/{$newfile}"); + } + exec("rm -r {$tmpfname}/snortrules"); + /* Extract the Snort preprocessor rules */ + if ($pkg_interface <> "console") + update_output_window(gettext("Extracting preprocessor rules files...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} preproc_rules/"); + $files = glob("{$tmpfname}/preproc_rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$snortdir}/preproc_rules/{$newfile}"); + } + exec("rm -r {$tmpfname}/preproc_rules"); + /* extract so rules */ + if ($pkg_interface <> "console") { + update_status(gettext("Extracting Snort VRT Shared Objects rules...")); + update_output_window(gettext("Installing precompiled Shared Objects rules for {$freebsd_version_so}...")); + } + exec("/bin/mkdir -p {$snortlibdir}/dynamicrules/"); + error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, $snort_rules_upd_log); + $snort_arch = php_uname("m"); + $nosorules = false; + if ($snort_arch == 'i386'){ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/"); + exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/*.so {$snortlibdir}/dynamicrules/"); + } elseif ($snort_arch == 'amd64') { + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/"); + exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/dynamicrules/"); + } else + $nosorules = true; + exec("rm -rf {$tmpfname}/so_rules"); + if ($nosorules == false) { + /* extract Shared Object stub rules, rename and copy to the rules folder. */ + if ($pkg_interface <> "console") + update_status(gettext("Copying Snort VRT Shared Objects rules...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} --exclude precompiled/ --exclude src/ so_rules/"); + $files = glob("{$tmpfname}/so_rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file, ".rules"); + @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}.so.rules"); + } + exec("rm -rf {$tmpfname}/so_rules"); + } + /* extract base etc files */ + if ($pkg_interface <> "console") { + update_status(gettext("Extracting Snort VRT config and map files...")); + update_output_window(gettext("Copying config and map files...")); + } + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} etc/"); + foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { + if (file_exists("{$tmpfname}/etc/{$file}")) + @copy("{$tmpfname}/etc/{$file}", "{$tmpfname}/VRT_{$file}"); + } + exec("rm -r {$tmpfname}/etc"); + if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { + if ($pkg_interface <> "console") + update_status(gettext("Copying md5 signature to snort directory...")); + @copy("{$tmpfname}/{$snort_filename_md5}", "{$snortdir}/{$snort_filename_md5}"); + } + if ($pkg_interface <> "console") { + update_status(gettext("Extraction of Snort VRT rules completed...")); + update_output_window(gettext("Installation of Sourcefire VRT rules completed...")); + } + error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $snort_rules_upd_log); + } +} + +/* Untar Snort GPLv2 Community rules file to tmp and install the rules */ if ($snortcommunityrules == 'on') { - safe_mkdir("{$snortdir}/tmp/community"); + safe_mkdir("{$tmpfname}/community"); if (file_exists("{$tmpfname}/{$snort_community_rules_filename}")) { if ($pkg_interface <> "console") { update_status(gettext("Extracting Snort GPLv2 Community Rules...")); update_output_window(gettext("Installing Snort GPLv2 Community Rules...")); } error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, $snort_rules_upd_log); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$snortdir}/tmp/community/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$tmpfname}/community/"); - $files = glob("{$snortdir}/tmp/community/community-rules/*.rules"); + $files = glob("{$tmpfname}/community/community-rules/*.rules"); foreach ($files as $file) { $newfile = basename($file); @copy($file, "{$snortdir}/rules/" . GPL_FILE_PREFIX . "{$newfile}"); } /* base etc files for Snort GPLv2 Community rules */ foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { - if (file_exists("{$snortdir}/tmp/community/community-rules/{$file}")) - @copy("{$snortdir}/tmp/community/community-rules/{$file}", "{$snortdir}/tmp/" . GPL_FILE_PREFIX . "{$file}"); + if (file_exists("{$tmpfname}/community/community-rules/{$file}")) + @copy("{$tmpfname}/community/community-rules/{$file}", "{$tmpfname}/" . GPL_FILE_PREFIX . "{$file}"); } /* Copy snort community md5 sig to snort dir */ if (file_exists("{$tmpfname}/{$snort_community_rules_filename_md5}")) { @@ -461,30 +596,30 @@ if ($snortcommunityrules == 'on') { update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed...")); } error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log); - exec("rm -r {$snortdir}/tmp/community"); + exec("rm -rf {$tmpfname}/community"); } } -/* Untar Emerging Threats rules file to tmp */ +/* Untar Emerging Threats rules file to tmp and install the rules */ if ($emergingthreats == 'on') { - safe_mkdir("{$snortdir}/tmp/emerging"); + safe_mkdir("{$tmpfname}/emerging"); if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { if ($pkg_interface <> "console") { update_status(gettext("Extracting {$et_name} rules...")); update_output_window(gettext("Installing {$et_name} rules...")); } error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $snort_rules_upd_log); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname}/emerging rules/"); /* Remove the old Emerging Threats rules files */ $eto_prefix = ET_OPEN_FILE_PREFIX; $etpro_prefix = ET_PRO_FILE_PREFIX; - array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*.rules")); - array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*.rules")); - array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*ips.txt")); - array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*ips.txt")); + unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*.rules"); + unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*.rules"); + unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*ips.txt"); + unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*ips.txt"); - $files = glob("{$snortdir}/tmp/emerging/rules/*.rules"); + $files = glob("{$tmpfname}/emerging/rules/*.rules"); foreach ($files as $file) { $newfile = basename($file); if ($etpro == "on") @@ -493,18 +628,22 @@ if ($emergingthreats == 'on') { @copy($file, "{$snortdir}/rules/{$newfile}"); } /* IP lists for Emerging Threats rules */ - $files = glob("{$snortdir}/tmp/emerging/rules/*ips.txt"); + $files = glob("{$tmpfname}/emerging/rules/*ips.txt"); foreach ($files as $file) { $newfile = basename($file); - if ($etpro == "on") + if ($etpro == "on") { + @copy($file, IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}"); @copy($file, "{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "{$newfile}"); - else + } + else { + @copy($file, IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}"); @copy($file, "{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}"); + } } /* base etc files for Emerging Threats rules */ foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { - if (file_exists("{$snortdir}/tmp/emerging/rules/{$file}")) - @copy("{$snortdir}/tmp/emerging/rules/{$file}", "{$snortdir}/tmp/ET_{$file}"); + if (file_exists("{$tmpfname}/emerging/rules/{$file}")) + @copy("{$tmpfname}/emerging/rules/{$file}", "{$tmpfname}/ET_{$file}"); } /* Copy emergingthreats md5 sig to snort dir */ @@ -518,146 +657,32 @@ if ($emergingthreats == 'on') { update_output_window(gettext("Installation of {$et_name} rules completed...")); } error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log); - exec("rm -r {$snortdir}/tmp/emerging"); - } -} - -/* Untar Snort rules file to tmp */ -if ($snortdownload == 'on') { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - /* Currently, only FreeBSD-8-1 and FreeBSD-9-0 precompiled SO rules exist from Snort.org */ - /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x */ - $freebsd_version_so = 'FreeBSD-8-1'; - if (substr(php_uname("r"), 0, 1) == '9') - $freebsd_version_so = 'FreeBSD-9-0'; - - /* Remove the old Snort rules files */ - $vrt_prefix = VRT_FILE_PREFIX; - array_map('unlink', glob("{$snortdir}/rules/{$vrt_prefix}*.rules")); - - if ($pkg_interface <> "console") { - update_status(gettext("Extracting Snort VRT rules...")); - update_output_window(gettext("Installing Sourcefire VRT rules...")); - } - error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $snort_rules_upd_log); - /* extract snort.org rules and add prefix to all snort.org files */ - safe_mkdir("{$snortdir}/tmp/snortrules"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp/snortrules rules/"); - $files = glob("{$snortdir}/tmp/snortrules/rules/*.rules"); - foreach ($files as $file) { - $newfile = basename($file); - @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}"); - } - /* IP lists */ - $files = glob("{$snortdir}/tmp/snortrules/rules/*.txt"); - foreach ($files as $file) { - $newfile = basename($file); - @copy($file, "{$snortdir}/rules/{$newfile}"); - } - exec("rm -r {$snortdir}/tmp/snortrules"); - /* extract so rules */ - if ($pkg_interface <> "console") { - update_status(gettext("Extracting Snort VRT Shared Objects rules...")); - update_output_window(gettext("Installing precompiled Shared Objects rules for {$freebsd_version_so}...")); - } - exec("/bin/mkdir -p {$snortlibdir}/dynamicrules/"); - error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, $snort_rules_upd_log); - $snort_arch = php_uname("m"); - $nosorules = false; - if ($snort_arch == 'i386'){ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/"); - exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/*.so {$snortlibdir}/dynamicrules/"); - } elseif ($snort_arch == 'amd64') { - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/"); - exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/dynamicrules/"); - } else - $nosorules = true; - exec("rm -r {$snortdir}/tmp/so_rules"); - if ($nosorules == false) { - /* extract so stub rules, rename and copy to the rules folder. */ - if ($pkg_interface <> "console") - update_status(gettext("Copying Snort VRT Shared Objects rules...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp --exclude precompiled/ --exclude src/ so_rules/"); - $files = glob("{$snortdir}/tmp/so_rules/*.rules"); - foreach ($files as $file) { - $newfile = basename($file, ".rules"); - @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}.so.rules"); - } - exec("rm -r {$snortdir}/tmp/so_rules"); - } - /* extract base etc files */ - if ($pkg_interface <> "console") { - update_status(gettext("Extracting Snort VRT config and map files...")); - update_output_window(gettext("Copying config and map files...")); - } - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp etc/"); - foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { - if (file_exists("{$snortdir}/tmp/etc/{$file}")) - @copy("{$snortdir}/tmp/etc/{$file}", "{$snortdir}/tmp/VRT_{$file}"); - } - exec("rm -r {$snortdir}/tmp/etc"); - /* Untar snort signatures */ - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == 'on') { - if ($pkg_interface <> "console") - update_status(gettext("Extracting Snort VRT Signatures...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - if ($pkg_interface <> "console") - update_status(gettext("Done extracting Signatures.")); - - if (is_dir("{$snortdir}/doc/signatures")) { - if ($pkg_interface <> "console") - update_status(gettext("Copying Snort VRT signatures...")); - exec("/bin/cp -r {$snortdir}/doc/signatures {$snortdir}/signatures"); - if ($pkg_interface <> "console") - update_status(gettext("Done copying signatures.")); - } - } - /* Extract the Snort preprocessor rules */ - if ($pkg_interface <> "console") - update_output_window(gettext("Extracting preprocessor rules files...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp preproc_rules/"); - - if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { - if ($pkg_interface <> "console") - update_status(gettext("Copying md5 signature to snort directory...")); - @copy("{$tmpfname}/{$snort_filename_md5}", "{$snortdir}/{$snort_filename_md5}"); - } - if ($pkg_interface <> "console") { - update_status(gettext("Extraction of Snort VRT rules completed...")); - update_output_window(gettext("Installation of Sourcefire VRT rules completed...")); - } - error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $snort_rules_upd_log); + exec("rm -rf {$tmpfname}/emerging"); } } function snort_apply_customizations($snortcfg, $if_real) { - global $vrt_enabled; + global $vrt_enabled, $rebuild_rules; $snortdir = SNORTDIR; - /* Update the Preprocessor rules for the master configuration and for the interface if Snort VRT rules are in use. */ - if ($vrt_enabled == 'on') { - exec("/bin/mkdir -p {$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/preproc_rules"); - $preproc_files = glob("{$snortdir}/tmp/preproc_rules/*.rules"); + /* Update the Preprocessor rules from the master configuration for the interface if Snort */ + /* VRT rules are in use and the interface's preprocessor rules are not protected. */ + if ($vrt_enabled == 'on' && $snortcfg['protect_preproc_rules'] != 'on') { + $preproc_files = glob("{$snortdir}/preproc_rules/*.rules"); foreach ($preproc_files as $file) { $newfile = basename($file); - @copy($file, "{$snortdir}/preproc_rules/{$newfile}"); - /* Check if customized preprocessor rule protection is enabled for interface before overwriting them. */ - if ($snortcfg['protect_preproc_rules'] <> 'on') - @copy($file, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/preproc_rules/{$newfile}"); + @copy($file, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/preproc_rules/{$newfile}"); } } - else { - exec("/bin/mkdir -p {$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/preproc_rules"); - } - snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}"); + if ($rebuild_rules == true) + snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}"); /* Copy the master config and map files to the interface directory */ @copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config"); - @copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/gen-msg.map"); @copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/reference.config"); + @copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/gen-msg.map"); @copy("{$snortdir}/unicode.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/unicode.map"); } @@ -667,45 +692,37 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = update_status(gettext('Copying new config and map files...')); error_log(gettext("\tCopying new config and map files...\n"), 3, $snort_rules_upd_log); - /* Determine which config and map file set to use for the master copy. */ - /* If the Snort VRT rules are not enabled, then use Emerging Threats. */ - if (($vrt_enabled == 'off') && ($et_enabled == 'on')) { - $cfgs = glob("{$snortdir}/tmp/*reference.config"); - $cfgs[] = "{$snortdir}/reference.config"; - snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config"); - $cfgs = glob("{$snortdir}/tmp/*classification.config"); - $cfgs[] = "{$snortdir}/classification.config"; - snort_merge_classification_configs($cfgs, "{$snortdir}/classification.config"); - /* Use the unicode.map and gen-msg.map files from ET rules. */ - if (file_exists("{$snortdir}/tmp/ET_unicode.map")) - @copy("{$snortdir}/tmp/ET_unicode.map", "{$snortdir}/unicode.map"); - if (file_exists("{$snortdir}/tmp/ET_gen-msg.map")) - @copy("{$snortdir}/tmp/ET_gen-msg.map", "{$snortdir}/gen-msg.map"); - } - elseif (($vrt_enabled == 'on') && ($et_enabled == 'off')) { - foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { - if (file_exists("{$snortdir}/tmp/VRT_{$file}")) - @copy("{$snortdir}/tmp/VRT_{$file}", "{$snortdir}/{$file}"); - } - } - elseif (($vrt_enabled == 'on') && ($et_enabled == 'on')) { - /* Both VRT and ET rules are enabled, so build combined */ - /* reference.config and classification.config files. */ - $cfgs = glob("{$snortdir}/tmp/*reference.config"); - $cfgs[] = "{$snortdir}/reference.config"; - snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config"); - $cfgs = glob("{$snortdir}/tmp/*classification.config"); - $cfgs[] = "{$snortdir}/classification.config"; - snort_merge_classification_configs($cfgs, "{$snortdir}/classification.config"); - /* Use the unicode.map and gen-msg.map files from VRT rules. */ - if (file_exists("{$snortdir}/tmp/VRT_unicode.map")) - @copy("{$snortdir}/tmp/VRT_unicode.map", "{$snortdir}/unicode.map"); - if (file_exists("{$snortdir}/tmp/VRT_gen-msg.map")) - @copy("{$snortdir}/tmp/VRT_gen-msg.map", "{$snortdir}/gen-msg.map"); - } + /******************************************************************/ + /* Build the classification.config and reference.config files */ + /* using the ones from all the downloaded rules plus the default */ + /* files installed with Snort. */ + /******************************************************************/ + $cfgs = glob("{$tmpfname}/*reference.config"); + $cfgs[] = "{$snortdir}/reference.config"; + snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config"); + $cfgs = glob("{$tmpfname}/*classification.config"); + $cfgs[] = "{$snortdir}/classification.config"; + snort_merge_classification_configs($cfgs, "{$snortdir}/classification.config"); + + /*******************************************************************/ + /* Determine which map files set to use for the master copy. If */ + /* the Snort VRT rules are not enabled, then use Emerging Threats */ + /* or Snort Community Rules, in that order, if either is enabled. */ + /*******************************************************************/ + if ($snortdownload == 'on' || $vrt_enabled == 'on') + $prefix = "VRT_"; + elseif ($emergingthreats == 'on') + $prefix = "ET_"; + elseif ($snortcommunityrules == 'on') + $prefix = GPL_FILE_PREFIX; + if (file_exists("{$tmpfname}/{$prefix}unicode.map")) + @copy("{$tmpfname}/{$prefix}unicode.map", "{$snortdir}/unicode.map"); + if (file_exists("{$tmpfname}/{$prefix}gen-msg.map")) + @copy("{$tmpfname}/{$prefix}gen-msg.map", "{$snortdir}/gen-msg.map"); /* Start the rules rebuild proccess for each configured interface */ - if (is_array($config['installedpackages']['snortglobal']['rule'])) { + if (is_array($config['installedpackages']['snortglobal']['rule']) && + !empty($config['installedpackages']['snortglobal']['rule'])) { /* Set the flag to force rule rebuilds since we downloaded new rules, */ /* except when in post-install mode. Post-install does its own rebuild. */ @@ -716,19 +733,32 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* Create configuration for each active Snort interface */ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { - $if_real = snort_get_real_interface($value['interface']); - $tmp = "Updating rules configuration for: " . snort_get_friendly_interface($value['interface']) . " ..."; + $if_real = get_real_interface($value['interface']); + $tmp = "Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($value['interface']) . " ..."; if ($pkg_interface <> "console"){ update_status(gettext($tmp)); - update_output_window(gettext("Please wait while Snort interface files are being updated...")); + update_output_window(gettext("Please wait while Snort interface files are updated...")); } + + // Make sure the interface subdirectory and required sub-directories exists. + // We need to re-create them during a pkg reinstall for the intial rules set + // download and configuration done as part of restoring saved settings. + if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}")) + safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}"); + if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/rules")) + safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/rules"); + if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules")) + safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules"); + if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/dynamicpreprocessor")) + safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/dynamicpreprocessor"); + snort_apply_customizations($value, $if_real); /* Log a message in Update Log if protecting customized preprocessor rules. */ $tmp = "\t" . $tmp . "\n"; if ($value['protect_preproc_rules'] == 'on') { $tmp .= gettext("\tPreprocessor text rules flagged as protected and not updated for "); - $tmp .= snort_get_friendly_interface($value['interface']) . "...\n"; + $tmp .= convert_friendly_interface_to_friendly_descr($value['interface']) . "...\n"; } error_log($tmp, 3, $snort_rules_upd_log); } @@ -744,13 +774,6 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* Clear the rebuild rules flag. */ $rebuild_rules = false; - /* remove old $tmpfname files */ - if (is_dir("{$snortdir}/tmp")) { - if ($pkg_interface <> "console") - update_status(gettext("Cleaning up after rules extraction...")); - exec("/bin/rm -r {$snortdir}/tmp"); - } - /* Restart snort if already running and we are not rebooting to pick up the new rules. */ if (is_process_running("snort") && !$g['booting']) { if ($pkg_interface <> "console") { @@ -770,6 +793,11 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = } } +/* remove $tmpfname files */ +if (is_dir("{$tmpfname}")) { + exec("/bin/rm -rf {$tmpfname}"); +} + if ($pkg_interface <> "console") update_status(gettext("The Rules update has finished...")); log_error(gettext("[Snort] The Rules update has finished.")); @@ -779,4 +807,11 @@ conf_mount_ro(); /* Restore the state of $pkg_interface */ $pkg_interface = $pkg_interface_orig; +/* Save this update status to the configuration file */ +if ($update_errors) + $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("failed"); +else + $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("success"); +$config['installedpackages']['snortglobal']['last_rule_upd_time'] = time(); +write_config("Snort pkg: updated status for updated rules package(s) check."); ?> diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 7c057b19..4d1b3c2e 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -5,6 +5,7 @@ * * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2008-2009 Robert Zelaya. + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -35,12 +36,14 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; + header("Location: /snort/snort_interfaces.php"); + exit; } if (!is_array($config['installedpackages']['snortglobal']['rule'])) { @@ -87,20 +90,20 @@ $snort_ports = array( ); // Sort our SERVERS and PORTS arrays to make values -// easier to locate by the the user. +// easier to locate for the user. ksort($snort_servers); ksort($snort_ports); $pconfig = $a_nat[$id]; /* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); +$if_real = get_real_interface($pconfig['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; /* alert file */ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; -if ($_POST) { +if ($_POST['save']) { $natent = array(); $natent = $pconfig; @@ -131,7 +134,7 @@ if ($_POST) { $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: modified settings for VARIABLES tab."); /* Update the snort conf file for this interface. */ $rebuild_rules = false; @@ -149,9 +152,11 @@ if ($_POST) { header("Location: snort_define_servers.php?id=$id"); exit; } + else + $pconfig = $_POST; } -$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} Variables - Servers and Ports"); include_once("head.inc"); @@ -160,7 +165,6 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} /* Display Alert message */ if ($input_errors) print_input_errors($input_errors); // TODO: add checks @@ -180,23 +184,25 @@ if ($savemsg) $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); - $tab_array = array(); - $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -256,7 +262,7 @@ if ($savemsg) <tr> <td width="30%" valign="top"> </td> <td width="70%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> + <input name="save" type="submit" class="formbtn" value="Save"> <input name="id" type="hidden" value="<?=$id;?>"> </td> </tr> @@ -276,9 +282,6 @@ if ($savemsg) if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) foreach($config['aliases']['alias'] as $alias_name) { if ($alias_name['type'] == "host" || $alias_name['type'] == "network") { - // Skip any Aliases that resolve to an empty string - if (trim(filter_expand_alias($alias_name['name'])) == "") - continue; if($addrisfirst == 1) $aliasesaddr .= ","; $aliasesaddr .= "'" . $alias_name['name'] . "'"; $addrisfirst = 1; diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 562a6b36..f35341f1 100755 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -91,7 +91,7 @@ include("head.inc"); <?php $snort_gui_include = true; -include("/usr/local/pkg/snort/snort_check_for_rule_updates.php"); +include("/usr/local/www/snort/snort_check_for_rule_updates.php"); /* hide progress bar and lets end this party */ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 5c9b8210..ecc1e5b5 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -39,7 +39,6 @@ require_once("/usr/local/pkg/snort/snort.inc"); /* Define some locally required variables from Snort constants */ $snortdir = SNORTDIR; $snort_rules_upd_log = RULES_UPD_LOGFILE; -$log = $snort_rules_upd_log; /* Grab the Snort binary version programmatically and */ /* use it to construct the proper Snort VRT rules */ @@ -52,38 +51,71 @@ if (empty($snortver[0])) $snortver[0] = str_replace(".", "", $snortver[0]); $snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz"; -//$snort_rules_file = VRT_DNLD_FILENAME; $snort_community_rules_filename = GPLV2_DNLD_FILENAME; -/* load only javascript that is needed */ -$snort_load_jquery = 'yes'; -$snort_load_jquery_colorbox = 'yes'; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; $etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro']; $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules']; +/* Get last update information if available */ +if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_time'])) + $last_rule_upd_time = date('M-d Y H:i', $config['installedpackages']['snortglobal']['last_rule_upd_time']); +else + $last_rule_upd_time = gettext("Unknown"); +if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_status'])) + $last_rule_upd_status = htmlspecialchars($config['installedpackages']['snortglobal']['last_rule_upd_status']); +else + $last_rule_upd_status = gettext("Unknown"); + if ($etpro == "on") { $emergingthreats_filename = ETPRO_DNLD_FILENAME; - $et_name = "EMERGING THREATS PRO RULES"; + $et_name = "Emerging Threats Pro Rules"; } else { $emergingthreats_filename = ET_DNLD_FILENAME; - $et_name = "EMERGING THREATS RULES"; + $et_name = "Emerging Threats Open Rules"; } -/* quick md5s chk */ -$snort_org_sig_chk_local = 'N/A'; -if (file_exists("{$snortdir}/{$snort_rules_file}.md5")) +/* quick md5 chk of downloaded rules */ +if ($snortdownload == 'on') { + $snort_org_sig_chk_local = 'Not Downloaded'; + $snort_org_sig_date = 'Not Downloaded'; +} +else { + $snort_org_sig_chk_local = 'Not Enabled'; + $snort_org_sig_date = 'Not Enabled'; +} +if (file_exists("{$snortdir}/{$snort_rules_file}.md5") && $snortdownload == 'on') { $snort_org_sig_chk_local = file_get_contents("{$snortdir}/{$snort_rules_file}.md5"); + $snort_org_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_rules_file}.md5")); +} -$emergingt_net_sig_chk_local = 'N/A'; -if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5")) +if ($etpro == "on" || $emergingthreats == "on") { + $emergingt_net_sig_chk_local = 'Not Downloaded'; + $emergingt_net_sig_date = 'Not Downloaded'; +} +else { + $emergingt_net_sig_chk_local = 'Not Enabled'; + $emergingt_net_sig_date = 'Not Enabled'; +} +if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5") && ($etpro == "on" || $emergingthreats == "on")) { $emergingt_net_sig_chk_local = file_get_contents("{$snortdir}/{$emergingthreats_filename}.md5"); + $emergingt_net_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$emergingthreats_filename}.md5")); +} -$snort_community_sig_chk_local = 'N/A'; -if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5")) +if ($snortcommunityrules == 'on') { + $snort_community_sig_chk_local = 'Not Downloaded'; + $snort_community_sig_sig_date = 'Not Downloaded'; +} +else { + $snort_community_sig_chk_local = 'Not Enabled'; + $snort_community_sig_sig_date = 'Not Enabled'; +} +if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5") && $snortcommunityrules == 'on') { $snort_community_sig_chk_local = file_get_contents("{$snortdir}/{$snort_community_rules_filename}.md5"); + $snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_community_rules_filename}.md5")); +} /* Check for postback to see if we should clear the update log file. */ if (isset($_POST['clear'])) { @@ -91,7 +123,27 @@ if (isset($_POST['clear'])) { mwexec("/bin/rm -f {$snort_rules_upd_log}"); } -if (isset($_POST['update'])) { +if (isset($_POST['check'])) { + header("Location: /snort/snort_download_rules.php"); + exit; +} + +if ($_POST['force']) { + // Mount file system R/W since we need to remove files + conf_mount_rw(); + + // Remove the existing MD5 signature files to force a download + if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5")) + @unlink("{$snortdir}/{$emergingthreats_filename}.md5"); + if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5")) + @unlink("{$snortdir}/{$snort_community_rules_filename}.md5"); + if (file_exists("{$snortdir}/{$snort_rules_file}.md5")) + @unlink("{$snortdir}/{$snort_rules_file}.md5"); + + // Revert file system to R/O. + conf_mount_ro(); + + // Go download the updates header("Location: /snort/snort_download_rules.php"); exit; } @@ -101,6 +153,15 @@ $snort_rules_upd_logfile_chk = 'no'; if (file_exists("{$snort_rules_upd_log}")) $snort_rules_upd_logfile_chk = 'yes'; +if ($_POST['view']&& $snort_rules_upd_logfile_chk == 'yes') { + $contents = @file_get_contents($snort_rules_upd_log); + if (empty($contents)) + $input_errors[] = gettext("Unable to read log file: {$snort_rules_upd_log}"); +} + +if ($_POST['hide']) + $contents = ""; + $pgtitle = gettext("Snort: Updates"); include_once("head.inc"); ?> @@ -108,25 +169,6 @@ include_once("head.inc"); <body link="#000000" vlink="#000000" alink="#000000"> <?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<script language="javascript" type="text/javascript"> -function wopen(url, name, w, h) -{ -// Fudge factors for window decoration space. -// In my tests these work well on all platforms & browsers. -w += 32; -h += 96; - var win = window.open(url, - name, - 'width=' + w + ', height=' + h + ', ' + - 'location=no, menubar=no, ' + - 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); - win.resizeTo(w, h); - win.focus(); -} - -</script> <form action="snort_download_updates.php" method="post" name="iform" id="iform"> @@ -139,111 +181,134 @@ h += 96; $tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> <td> <div id="mainarea"> <table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr align="center"> - <td> - <br/> - <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURE");?></td> + </tr> + <tr> + <td align="center"><br/> + <table width="95%" border="0" cellpadding="2" cellspacing="2"> + <thead> + <tr> + <th class="listhdrr"><?=gettext("Rule Set Name/Publisher");?></th> + <th class="listhdrr"><?=gettext("MD5 Signature Hash");?></th> + <th class="listhdrr"><?=gettext("MD5 Signature Date");?></th> + </tr> + </thead> <tr> - <td id="download_rules_td" style="background-color: #eeeeee"> - <div height="32" width="725px" style="background-color: #eeeeee"> - <p style="text-align: left; margin-left: 225px;"> - <font color="#777777" size="2.5px"> - <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/> - <font color="#FF850A" size="1px"><b>SNORT VRT RULES --></b></font> - <font size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br/> - <font color="#FF850A" size="1px"><b><?=$et_name;?> --></b></font> - <font size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br/> - <font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES --></b></font> - <font size="1px" color="#000000"> <? echo $snort_community_sig_chk_local; ?></font><br/> - </p> - </div> - </td> + <td align="center" class="vncell vexpl"><b>Snort VRT Rules</b></td> + <td align="center" class="vncell vexpl"><? echo trim($snort_org_sig_chk_local);?></td> + <td align="center" class="vncell vexpl"><?php echo gettext($snort_org_sig_date);?></td> </tr> - </table> - <br/> - <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - <p style="text-align: left; margin-left: 225px;"> - <font color='#777777' size='2.5px'><b><?php echo gettext("UPDATE YOUR RULESET"); ?></b></font><br/> - <br/> - - <?php - - if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on') { - echo ' - <button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/> - <p style="text-align:left; margin-left:150px;"> - <font color="#fc3608" size="2px"><b>' . gettext("WARNING:") . '</b></font><font size="1px" color="#000000"> ' . gettext('No rule types have been selected for download. ') . - gettext('Visit the ') . '<a href="snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br/>'; - - echo '</p>' . "\n"; - } else { - - echo ' - <input type="submit" value="' . gettext("Update Rules") . '" name="update" id="Submit" class="formbtn" /><br/>' . "\n"; - - } - - ?> <br/> - </p> - </div> - </td> + <td align="center" class="vncell vexpl"><b>Snort GPLv2 Community Rules</b></td> + <td align="center" class="vncell vexpl"><? echo trim($snort_community_sig_chk_local);?></td> + <td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_sig_date);?></td> </tr> - </table> - <br/> - <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - <p style="text-align: left; margin-left: 225px;"> - <font color='#777777' size='2.5px'><b><?php echo gettext("VIEW UPDATE LOG"); ?></b></font><br/> - <br> - <?php - - if ($snort_rules_upd_logfile_chk == 'yes') { - echo " - <button class=\"formbtn\" onclick=\"wopen('snort_log_view.php?logfile={$log}', 'LogViewer', 800, 600)\"><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>"; - echo " <input type=\"submit\" value=\"Clear Log\" name=\"clear\" id=\"Submit\" class=\"formbtn\" />\n"; - }else{ - echo " - <button disabled='disabled'><span class='pwhitetxt'>" . gettext("View Log") . "</span></button> " . gettext("Log is empty.") . "\n"; - } - echo '<br><br>' . gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); - ?> - <br/> - </p> - </div> - </td> + <td align="center" class="vncell vexpl"><b><?=$et_name;?></b></td> + <td align="center" class="vncell vexpl"><? echo trim($emergingt_net_sig_chk_local);?></td> + <td align="center" class="vncell vexpl"><?php echo gettext($emergingt_net_sig_date);?></td> </tr> - </table> - - <br/> + </table><br/> + </td> + </tr> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("UPDATE YOUR RULE SET");?></td> + </tr> + <tr> + <td align="center"> + <table width="45%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr> + <td class="list" align="right"><strong><?php echo gettext("Last Update:");?></strong></td> + <td class="list" align="left"><?php echo $last_rule_upd_time;?></td> + </tr> + <tr> + <td class="list" align="right"><strong><?php echo gettext("Result:");?></strong></td> + <td class="list" align="left"><?php echo $last_rule_upd_status;?></td> + </tr> + </tbody> + </table> + </td> + </tr> + <tr> + <td align="center"> + <?php if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on'): ?> + <br/><button disabled="disabled"><?=gettext("Check");?></button> + <button disabled="disabled"><?=gettext("Force");?></button> + <br/> + <p style="text-align:center;" class="vexpl"> + <font class="red"><b><?php echo gettext("WARNING:");?></b></font> + <?php echo gettext('No rule types have been selected for download. ') . + gettext('Visit the ') . '<a href="/snort/snort_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?> + <br/></p> + <?php else: ?> + <br/> + <input type="submit" value="<?=gettext("Check");?>" name="check" id="check" class="formbtn" + title="<?php echo gettext("Check for new updates to enabled rule sets"); ?>"/> + <input type="submit" value="<?=gettext("Force");?>" name="force" id="force" class="formbtn" + title="<?=gettext("Force an update of all enabled rule sets");?>" + onclick="return confirm('<?=gettext("This will zero-out the MD5 hashes to force a fresh download of enabled rule sets. Click OK to continue or CANCEL to quit");?>');"/> + <br/><br/> + <?php endif; ?> + </td> + </tr> - <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'><span class="vexpl"> - <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span> - <a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" . - gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" . - gettext(" will go down from time to time. Please be patient."); ?></span> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("MANAGE RULE SET LOG");?></td> + </tr> + <tr> + <td align="center" valign="middle" class="vexpl"> + <?php if ($snort_rules_upd_logfile_chk == 'yes'): ?> + <br/> + <?php if (!empty($contents)): ?> + <input type="submit" value="<?php echo gettext("Hide"); ?>" name="hide" id="hide" class="formbtn" + title="<?php echo gettext("Hide rules update log"); ?>"/> + <?php else: ?> + <input type="submit" value="<?php echo gettext("View"); ?>" name="view" id="view" class="formbtn" + title="<?php echo gettext("View rules update log"); ?>"/> + <?php endif; ?> + + <input type="submit" value="<?php echo gettext("Clear"); ?>" name="clear" id="clear" class="formbtn" + title="<?php echo gettext("Clear rules update log"); ?>" onClick="return confirm('Are you sure you want to delete the log contents?\nOK to confirm, or CANCEL to quit');"/> + <br/> + <?php else: ?> + <br/> + <button disabled='disabled'><?php echo gettext("View Log"); ?></button><br/><?php echo gettext("Log is empty."); ?><br/> + <?php endif; ?> + <br/><?php echo gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); ?><br/><br/> + </td> + </tr> + <?php if (!empty($contents)): ?> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("RULE SET UPDATE LOG");?></td> + </tr> + <tr> + <td align="center"> + <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea style="width:100%; height:100%;" readonly wrap="off" rows="24" cols="80" name="logtext"><?=$contents;?></textarea> </div> - </td> - </tr> - </table> - + </td> + </tr> + <?php endif; ?> + <tr> + <td align="center"> + <span class="vexpl"><br/> + <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span> + <a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" . + gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" . + gettext(" will go down from time to time. Please be patient."); ?></span><br/> </td> </tr> </table> @@ -252,7 +317,6 @@ h += 96; </td> </tr> </table> -<!-- end of final table --> </form> <?php include("fend.inc"); ?> </body> diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php index f6d00b0b..a5ec0aad 100644 --- a/config/snort/snort_edit_hat_data.php +++ b/config/snort/snort_edit_hat_data.php @@ -3,6 +3,7 @@ * snort_edit_hat_data.php * Copyright (C) 2004 Scott Ullrich * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * originially part of m0n0wall (http://m0n0.ch/wall) @@ -47,9 +48,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) { } $a_nat = &$config['installedpackages']['snortglobal']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; @@ -62,24 +65,27 @@ else if ($_POST['clear']) { unset($a_nat[$id]['host_attribute_data']); - write_config(); + $a_nat[$id]['host_attribute_table'] = 'off'; + write_config("Snort pkg: cleared Host Attribute Table data for {$a_nat[$id]['interface']}."); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); - header("Location: /snort/snort_edit_hat_data.php?id={$id}"); - exit; + $pconfig['host_attribute_data'] = ""; } -if ($_POST['host_attribute_data']) { +if ($_POST['save']) { $a_nat[$id]['host_attribute_data'] = base64_encode($_POST['host_attribute_data']); - write_config(); + if (strlen($_POST['host_attribute_data']) > 0) + $a_nat[$id]['host_attribute_table'] = 'on'; + else + $a_nat[$id]['host_attribute_table'] = 'off'; + write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}."); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); - header("Location: /snort/snort_preprocessors.php?id={$id}"); - exit; + $pconfig['host_attribute_data'] = $_POST['host_attribute_data']; } -$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Host Attribute Table Data"); include_once("head.inc"); @@ -89,8 +95,8 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -if ($input_errors) print_input_errors($input_errors); +if ($input_errors) + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> @@ -106,11 +112,11 @@ if ($savemsg) <tr> <td> <input type='hidden' name='id' value='<?=$id;?>'> - <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=$pconfig['host_attribute_data'];?></textarea></td> + <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=htmlspecialchars($pconfig['host_attribute_data']);?></textarea></td> </tr> <tr> <td> - <input name="Submit" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/> + <input name="save" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/> <input type="button" class="formbtn" value=" <?php echo gettext("Return"); ?>" onclick="parent.location='snort_preprocessors.php?id=<?=$id;?>'" title="<?php echo gettext("Return to Preprocessors tab"); ?>"/> <input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all Host Attribute data for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all Host Attribute data"); ?>"/> </td> diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php index 89a21dc8..9489bf16 100644 --- a/config/snort/snort_frag3_engine.php +++ b/config/snort/snort_frag3_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_frag3_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,12 +34,15 @@ global $g; $snortdir = SNORTDIR; // Grab the incoming QUERY STRING or POST variables -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); @@ -90,10 +93,10 @@ if ($_POST['Cancel']) { // Check for returned "selected alias" if action is import if ($_GET['act'] == "import") { if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue'])) - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); } -if ($_POST['Submit']) { +if ($_POST['save']) { /* Grab all the POST values and save in new temp array */ $engine = array(); @@ -182,14 +185,14 @@ if ($_POST['Submit']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified frag3 engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row"); exit; } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} Frag3 Preprocessor Engine"); include_once("head.inc"); @@ -324,7 +327,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save Frag3 engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php index b039df5b..f462efa8 100644 --- a/config/snort/snort_ftp_client_engine.php +++ b/config/snort/snort_ftp_client_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_ftp_client_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,12 +33,15 @@ global $g; $snortdir = SNORTDIR; -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { // Clear and close out any session variable we created @@ -84,7 +87,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "bounce_to_net" || $_GET['varname'] == "bounce_to_port") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['ftp_client_import'])) $_SESSION['ftp_client_import'] = array(); @@ -112,7 +115,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); @@ -213,14 +216,14 @@ if ($_POST['Submit']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified ftp_telnet_client engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Client Engine"); include_once("head.inc"); @@ -353,7 +356,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save ftp engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php index e70033e7..cb9abc9c 100644 --- a/config/snort/snort_ftp_server_engine.php +++ b/config/snort/snort_ftp_server_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_ftp_server_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,12 +34,15 @@ global $g; $snortdir = SNORTDIR; // Grab any QUERY STRING or POST variables -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { // Clear and close out any session variable we created @@ -85,7 +88,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['ftp_server_import'])) $_SESSION['ftp_server_import'] = array(); @@ -109,7 +112,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); @@ -184,14 +187,14 @@ if ($_POST['Submit']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified ftp_telnet_server engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Server Engine"); include_once("head.inc"); @@ -316,7 +319,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save ftp engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php index 94d3364f..c7680892 100644 --- a/config/snort/snort_httpinspect_engine.php +++ b/config/snort/snort_httpinspect_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_httpinspect_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,12 +33,15 @@ global $g; $snortdir = SNORTDIR; -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { // Clear and close out any session variable we created @@ -137,7 +140,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); $_SESSION['http_inspect_import'] = array(); $_SESSION['http_inspect_import'][$_GET['varname']] = $_GET['varvalue']; @@ -160,7 +163,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); @@ -293,14 +296,14 @@ if ($_POST['Submit']) { } // Now write the new engine array to conf - write_config(); + write_config("Snort pkg: modified http_inspect engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#httpinspect_row"); exit; } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: {$if_friendly} - HTTP_Inspect Preprocessor Engine"); include_once("head.inc"); @@ -637,7 +640,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save httpinspect engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index 77cd5490..80b3bb1d 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -2,7 +2,7 @@ /* $Id$ */ /* snort_import_aliases.php - Copyright (C) 2013 Bill Meeks + Copyright (C) 2013, 2014 Bill Meeks All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,12 +32,15 @@ require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); // Retrieve any passed QUERY STRING or POST variables -$id = $_GET['id']; -$eng = $_GET['eng']; if (isset($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (isset($_POST['eng'])) $eng = $_POST['eng']; +elseif (isset($_GET['eng'])) + $eng = htmlspecialchars($_GET['eng']); // Make sure we have a valid rule ID and ENGINE name, or // else bail out to top-level menu. @@ -46,7 +49,10 @@ if (is_null($id) || is_null($eng)) { exit; } -// Used to track if any selectable Aliases are found +// Used to track if any selectable Aliases are found. Selectable +// means aliases matching the requirements of the configuration +// engine we are importing into (e.g., single IP only or +// multiple IP alias). $selectablealias = false; // Initialize required array variables as necessary @@ -89,7 +95,7 @@ switch ($eng) { break; case "stream5_tcp_engine": $anchor = "#stream5_row"; - $multi_ip = true; + $multi_ip = false; $title = "Stream5 TCP Engine"; break; case "ftp_server_engine": @@ -200,7 +206,7 @@ if ($_POST['save']) { } // Now write the new engine array to conf and return - write_config(); + write_config("Snort pkg: imported new host or network alias."); header("Location: /snort/snort_preprocessors.php?id={$id}{$anchor}"); exit; @@ -269,7 +275,7 @@ include("head.inc"); ?> <?php if ($disable): ?> <tr title="<?=$tooltip;?>"> - <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/> + <td class="listlr" align="center" sorttable_customkey=""><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height="11" border="0"/> <?php else: ?> <tr> <td class="listlr" align="center"><input type="checkbox" name="toimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 15d9addc..c82ec57e 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -4,6 +4,7 @@ * * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -28,60 +29,43 @@ * POSSIBILITY OF SUCH DAMAGE. */ -$nocsrf = true; require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; $snortdir = SNORTDIR; +$snortlogdir = SNORTLOGDIR; $rcdir = RCFILEPREFIX; -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_nat = &$config['installedpackages']['snortglobal']['rule']; + +// Calculate the index of the next added Snort interface $id_gen = count($config['installedpackages']['snortglobal']['rule']); if (isset($_POST['del_x'])) { - /* delete selected rules */ + /* Delete selected Snort interfaces */ if (is_array($_POST['rule'])) { conf_mount_rw(); foreach ($_POST['rule'] as $rulei) { - /* convert fake interfaces to real */ - $if_real = snort_get_real_interface($a_nat[$rulei]['interface']); + $if_real = get_real_interface($a_nat[$rulei]['interface']); $snort_uuid = $a_nat[$rulei]['uuid']; snort_stop($a_nat[$rulei], $if_real); - exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}"); + exec("/bin/rm -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}"); exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}"); - // If interface had auto-generated Suppress List, then - // delete that along with the interface - $autolist = "{$a_nat[$rulei]['interface']}" . "suppress"; - if (is_array($config['installedpackages']['snortglobal']['suppress']) && - is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { - $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; - foreach ($a_suppress as $k => $i) { - if ($i['name'] == $autolist) { - unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]); - break; - } - } - } - // Finally delete the interface's config entry entirely unset($a_nat[$rulei]); } conf_mount_ro(); - /* If all the Snort interfaces are removed, then unset the config array. */ + /* If all the Snort interfaces are removed, then unset the interfaces config array. */ if (empty($a_nat)) unset($a_nat); - write_config(); + write_config("Snort pkg: deleted one or more Snort interfaces."); sleep(2); /* if there are no ifaces remaining do not create snort.sh */ @@ -106,13 +90,13 @@ if (isset($_POST['del_x'])) { } -/* start/stop snort */ -if ($_GET['act'] == 'bartoggle' && is_numeric($id)) { - $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id]; - $if_real = snort_get_real_interface($snortcfg['interface']); - $if_friendly = snort_get_friendly_interface($snortcfg['interface']); +/* start/stop barnyard2 */ +if ($_POST['bartoggle'] && is_numericint($_POST['id'])) { + $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']]; + $if_real = get_real_interface($snortcfg['interface']); + $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); - if (snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2') == 'no') { + if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) { log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})..."); sync_snort_package_config(); snort_barnyard_start($snortcfg, $if_real); @@ -120,27 +104,18 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) { log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})..."); snort_barnyard_stop($snortcfg, $if_real); } - sleep(3); // So the GUI reports correctly - header("Location: /snort/snort_interfaces.php"); - exit; } /* start/stop snort */ -if ($_GET['act'] == 'toggle' && is_numeric($id)) { - $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id]; - $if_real = snort_get_real_interface($snortcfg['interface']); - $if_friendly = snort_get_friendly_interface($snortcfg['interface']); +if ($_POST['toggle'] && is_numericint($_POST['id'])) { + $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']]; + $if_real = get_real_interface($snortcfg['interface']); + $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); - if (snort_is_running($snortcfg['uuid'], $if_real) == 'yes') { + if (snort_is_running($snortcfg['uuid'], $if_real)) { log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})..."); snort_stop($snortcfg, $if_real); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); } else { log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})..."); @@ -149,16 +124,8 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { sync_snort_package_config(); $rebuild_rules = false; snort_start($snortcfg, $if_real); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); } sleep(3); // So the GUI reports correctly - header("Location: /snort/snort_interfaces.php"); - exit; } $pgtitle = "Services: $snort_package_version"; @@ -169,34 +136,18 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -if ($pfsense_stable == 'yes') - echo '<p class="pgtitle">' . $pgtitle . '</p>'; -?> -<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php /* Display Alert message */ if ($input_errors) - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); - - //if (file_exists($d_snortconfdirty_path)) { - if ($d_snortconfdirty_path_ls != '') { - echo '<p>'; - - if($savemsg) - print_info_box_np("{$savemsg}"); - else { - print_info_box_np(gettext( - 'The Snort configuration has changed for one or more interfaces.<br>' . - 'You must apply the changes in order for them to take effect.<br>' - )); - } - } ?> +<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<input type="hidden" name="id" id="id" value=""> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> @@ -207,10 +158,11 @@ if ($pfsense_stable == 'yes') $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td> </tr> @@ -257,11 +209,10 @@ if ($pfsense_stable == 'yes') <?php /* convert fake interfaces to real and check if iface is up */ - /* There has to be a smarter way to do this */ - $if_real = snort_get_real_interface($natent['interface']); - $natend_friendly= snort_get_friendly_interface($natent['interface']); + $if_real = get_real_interface($natent['interface']); + $natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']); $snort_uuid = $natent['uuid']; - if (snort_is_running($snort_uuid, $if_real) == 'no'){ + if (!snort_is_running($snort_uuid, $if_real)){ $iconfn = 'block'; $iconfn_msg1 = 'Snort is not running on '; $iconfn_msg2 = '. Click to start.'; @@ -271,7 +222,7 @@ if ($pfsense_stable == 'yes') $iconfn_msg1 = 'Snort is running on '; $iconfn_msg2 = '. Click to stop.'; } - if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no'){ + if (!snort_is_running($snort_uuid, $if_real, 'barnyard2')){ $biconfn = 'block'; $biconfn_msg1 = 'Barnyard2 is not running on '; $biconfn_msg2 = '. Click to start.'; @@ -312,14 +263,13 @@ if ($pfsense_stable == 'yes') <?php $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable']; if ($check_snort_info == "on") { - echo strtoupper("enabled"); - echo "<a href='?act=toggle&id={$i}'> - <img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' - width='13' height='13' border='0' - title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'></a>"; + echo gettext("ENABLED") . " "; + echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' "; + echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" "; + echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>"; echo ($no_rules) ? " <img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : ""; } else - echo strtoupper("disabled"); + echo gettext("DISABLED"); ?> </td> <td class="listr" @@ -353,13 +303,11 @@ if ($pfsense_stable == 'yes') <?php $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable']; if ($check_snortbarnyardlog_info == "on") { - echo strtoupper("enabled"); - echo "<a href='?act=bartoggle&id={$i}'> - <img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' - width='13' height='13' border='0' - title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'></a>"; + echo gettext("ENABLED") . " "; + echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' "; + echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>"; } else - echo strtoupper("disabled"); + echo gettext("DISABLED"); ?> </td> <td class="listbg" @@ -393,8 +341,7 @@ if ($pfsense_stable == 'yes') src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> <?php else: ?> - <input name="del" type="image" - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>" onclick="return intf_del()"> <?php endif; ?></td> @@ -420,12 +367,8 @@ if ($pfsense_stable == 'yes') </td> </tr> <tr> - <td colspan="3" class="vexpl"><br> - </td> - </tr> - <tr> - <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br> - <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong> + <td colspan="3" class="vexpl"> + <?php echo gettext("New settings will not take effect until interface restart."); ?> </td> </tr> <tr> @@ -484,9 +427,9 @@ function intf_del() { } } if (isSelected) - return confirm('Do you really want to delete the selected Snort mapping?'); + return confirm('Do you really want to delete the selected Snort interface mapping(s)?'); else - alert("There is no Snort mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete."); + alert("There is no Snort interface mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete."); } </script> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 72aa82e2..4c868844 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -4,6 +4,7 @@ * * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,6 +34,9 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; +$snortdir = SNORTDIR; +$snortlogdir = SNORTLOGDIR; + if (!is_array($config['installedpackages']['snortglobal'])) $config['installedpackages']['snortglobal'] = array(); $snortglob = $config['installedpackages']['snortglobal']; @@ -41,9 +45,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_rule = &$config['installedpackages']['snortglobal']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; @@ -63,13 +69,7 @@ else { $snort_uuid = $pconfig['uuid']; // Get the physical configured interfaces on the firewall -if (function_exists('get_configured_interface_with_descr')) - $interfaces = get_configured_interface_with_descr(); -else { - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; -} +$interfaces = get_configured_interface_with_descr(); // See if interface is already configured, and use its values if (isset($id) && $a_rule[$id]) { @@ -89,6 +89,8 @@ elseif (isset($id) && !isset($a_rule[$id])) { foreach ($ifaces as $i) { if (!in_array($i, $ifrules)) { $pconfig['interface'] = $i; + $pconfig['descr'] = strtoupper($i); + $pconfig['enable'] = 'on'; break; } } @@ -99,19 +101,26 @@ elseif (isset($id) && !isset($a_rule[$id])) { } } -if (isset($_GET['dup'])) - unset($id); - // Set defaults for empty key parameters if (empty($pconfig['blockoffendersip'])) $pconfig['blockoffendersip'] = "both"; if (empty($pconfig['performance'])) $pconfig['performance'] = "ac-bnfa"; -if ($_POST["Submit"]) { - if (!$_POST['interface']) +if ($_POST["save"]) { + if (!isset($_POST['interface'])) $input_errors[] = "Interface is mandatory"; + /* See if assigned interface is already in use */ + if (isset($_POST['interface'])) { + foreach ($a_rule as $k => $v) { + if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { + $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Snort instance."); + break; + } + } + } + /* if no errors write to conf */ if (!$input_errors) { $natent = $a_rule[$id]; @@ -136,6 +145,8 @@ if ($_POST["Submit"]) { if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); + if ($_POST['alert_log_limit']) $natent['alert_log_limit'] = $_POST['alert_log_limit']; else unset($natent['alert_log_limit']); + if ($_POST['alert_log_retention']) $natent['alert_log_retention'] = $_POST['alert_log_retention']; else unset($natent['alert_log_retention']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } @@ -145,14 +156,20 @@ if ($_POST["Submit"]) { if ($_POST['fpm_search_optimize'] == "on") { $natent['fpm_search_optimize'] = 'on'; }else{ $natent['fpm_search_optimize'] = 'off'; } if ($_POST['fpm_no_stream_inserts'] == "on") { $natent['fpm_no_stream_inserts'] = 'on'; }else{ $natent['fpm_no_stream_inserts'] = 'off'; } - $if_real = snort_get_real_interface($natent['interface']); + $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { + // See if moving an existing Snort instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { - $oif_real = snort_get_real_interface($a_rule[$id]['interface']); - snort_stop($a_rule[$id], $oif_real); - exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']); + $oif_real = get_real_interface($a_rule[$id]['interface']); + if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) { + snort_stop($a_rule[$id], $oif_real); + $snort_start = true; + } + else + $snort_start = false; + exec("mv -f {$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']} {$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}"); conf_mount_rw(); - exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + exec("mv -f {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real} {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}"); conf_mount_ro(); } $a_rule[$id] = $natent; @@ -256,7 +273,7 @@ if ($_POST["Submit"]) { snort_stop($natent, $if_real); /* Save configuration changes */ - write_config(); + write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); /* Most changes don't require a rules rebuild, so default to "off" */ $rebuild_rules = false; @@ -264,6 +281,10 @@ if ($_POST["Submit"]) { /* Update snort.conf and snort.sh files for this interface */ sync_snort_package_config(); + /* See if we need to restart Snort after an interface re-assignment */ + if ($snort_start == true) + snort_start($natent, $if_real); + /*******************************************************/ /* Signal Snort to reload configuration if we changed */ /* HOME_NET, EXTERNAL_NET or Suppress list values. */ @@ -284,21 +305,18 @@ if ($_POST["Submit"]) { $pconfig = $_POST; } -$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings"); include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> - -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<?php include("fbegin.inc"); -<?php /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); } if ($savemsg) { @@ -306,7 +324,8 @@ include_once("head.inc"); } ?> -<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform"> +<form action="snort_interfaces_edit.php" method="post" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>"/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -314,12 +333,13 @@ include_once("head.inc"); $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); @@ -328,9 +348,10 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -345,7 +366,7 @@ include_once("head.inc"); if ($pconfig['enable'] == "on") $checked = "checked"; echo " - <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\"> + <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\"/> " . gettext("Enable or Disable") . "\n"; ?> <br/> @@ -368,15 +389,15 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td> <td width="78%" class="vtable"><input name="descr" type="text" - class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"> <br/> + class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"/><br/> <span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td> </tr> -<tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> -</tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> + </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Logs"); ?></td> - <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>> + <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/> <?php echo gettext("Snort will send Alerts to the firewall's system logs."); ?></td> </tr> <tr> @@ -384,14 +405,14 @@ include_once("head.inc"); <td width="78%" class="vtable"> <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> - onClick="enable_blockoffenders()"> + onClick="enable_blockoffenders();" /> <?php echo gettext("Checking this option will automatically block hosts that generate a " . "Snort alert."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Kill States"); ?></td> <td width="78%" class="vtable"> - <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>> + <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>/> <?php echo gettext("Checking this option will kill firewall states for the blocked IP"); ?> </td> </tr> @@ -410,12 +431,12 @@ include_once("head.inc"); ?> </select> <?php echo gettext("Select which IP extracted from the packet you wish to block"); ?><br/> - <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td> + <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?><br/> </td> </tr> -<tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td> -</tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td> + </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Search Method"); ?></td> <td width="78%" class="vtable"> @@ -442,7 +463,7 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Split ANY-ANY"); ?></td> <td width="78%" class="vtable"> - <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>> + <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>/> <?php echo gettext("Enable splitting of ANY-ANY port group.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/> <br/><?php echo gettext("This setting is a memory/performance trade-off. It reduces memory footprint by not " . @@ -454,7 +475,7 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Search Optimize"); ?></td> <td width="78%" class="vtable"> - <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>> + <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>/> <?php echo gettext("Enable search optimization.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.<br/> <br/><?php echo gettext("This setting optimizes fast pattern memory when used with search-methods AC or AC-SPLIT " . @@ -465,7 +486,7 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Stream Inserts"); ?></td> <td width="78%" class="vtable"> - <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>> + <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>/> <?php echo gettext("Do not evaluate stream inserted packets against the detection engine.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/> <br/><?php echo gettext("This is a potential performance improvement based on the idea the stream rebuilt packet " . @@ -475,15 +496,14 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Checksum Check Disable"); ?></td> <td width="78%" class="vtable"> - <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>> + <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>/> <?php echo gettext("Disable checksum checking within Snort to improve performance."); ?> <br><span class="red"><?php echo gettext("Hint: ") . "</span>" . gettext("Most of this is already done at the firewall/filter level, so it is usually safe to check this box."); ?> </td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks " . - "Snort should inspect and whitelist."); ?></td> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks Snort should inspect and whitelist"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td> @@ -545,11 +565,11 @@ include_once("head.inc"); </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td> <td width="78%" class="vtable"> <select name="whitelistname" class="formselect" id="whitelistname"> <?php - /* find whitelist names and filter by type, make sure to track by uuid */ + /* find whitelist (Pass List) names and filter by type, make sure to track by uuid */ echo "<option value='default' >default</option>\n"; if (is_array($snortglob['whitelist']['item'])) { foreach ($snortglob['whitelist']['item'] as $value) { @@ -562,19 +582,19 @@ include_once("head.inc"); } ?> </select> - <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')" - id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/> + <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','passlist')" + id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/> <br/> - <span class="vexpl"><?php echo gettext("Choose the whitelist you want this interface to " . + <span class="vexpl"><?php echo gettext("Choose the Pass List you want this interface to " . "use."); ?> </span><br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("This option will only be used when block offenders is on."); ?><br/> - <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Default " . - "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> + <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("The default " . + "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> </td> </tr> -<tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired."); ?></td> -</tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired"); ?></td> + </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Alert Suppression and Filtering"); ?></td> <td width="78%" class="vtable"> @@ -602,29 +622,28 @@ include_once("head.inc"); gettext("Default option disables suppression and filtering."); ?> </td> </tr> -<tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " . - "be automatically inserted into the Snort configuration."); ?></td> -</tr> -<tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td> - <td width="78%" class="vtable"> - <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> - </td> -</tr> -<tr> - <td width="22%" valign="top"></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " . + "be automatically inserted into the Snort configuration."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td> + <td width="78%" class="vtable"> + <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> + </td> + </tr> + <tr> + <td width="22%" valign="top"></td> + <td width="78%"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo gettext("Click to save settings and exit"); ?>"/> - <input name="id" type="hidden" value="<?=$id;?>"/> - </td> -</tr> -<tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" . - gettext("Please save your settings before you attempt to start Snort."); ?> - </td> -</tr> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" . + gettext("Please save your settings before you attempt to start Snort."); ?> + </td> + </tr> </table> </div> </td></tr> @@ -684,11 +703,12 @@ function getSelectedValue(elemID) { function viewList(id, elemID, elemType) { if (typeof elemType == "undefined") { - elemType = "whitelist"; + elemType = "passlist"; } var url = "snort_list_view.php?id=" + id + "&wlist="; url = url + getSelectedValue(elemID) + "&type=" + elemType; - wopen(url, 'WhitelistViewer', 640, 480); + url = url + "&time=" + new Date().getTime(); + wopen(url, 'PassListViewer', 640, 480); } enable_change(false); diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index b22a6934..69a182bd 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -5,6 +5,7 @@ * * Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Copyright (C) 2008-2009 Robert Zelaya @@ -42,23 +43,26 @@ global $g; $snortdir = SNORTDIR; /* make things short */ -$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; +$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off'; $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; $pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code']; -$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; -$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro']; +$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off'; +$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off'; $pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; $pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; $pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; $pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime']; -$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; -$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules']; +$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off'; +$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off'; +$pconfig['clearlogs'] = $config['installedpackages']['snortglobal']['clearlogs'] == "on" ? 'on' : 'off'; +$pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off'; +/* Set sensible values for any empty default params */ if (empty($pconfig['snortloglimit'])) $pconfig['snortloglimit'] = 'on'; -if (empty($pconfig['rule_update_starttime'])) - $pconfig['rule_update_starttime'] = '00:30'; +if (!isset($pconfig['rule_update_starttime'])) + $pconfig['rule_update_starttime'] = '00:05'; if ($_POST['rule_update_starttime']) { if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['rule_update_starttime'])) @@ -73,12 +77,14 @@ if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code'])) /* if no errors move foward with save */ if (!$input_errors) { - if ($_POST["Submit"]) { + if ($_POST["save"]) { $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off'; // If any rule sets are being turned off, then remove them // from the active rules section of each interface. Start @@ -145,7 +151,7 @@ if (!$input_errors) { /* create whitelist and homenet file then sync files */ sync_snort_package_config(); - write_config(); + write_config("Snort pkg: modified global settings."); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -187,10 +193,11 @@ if ($input_errors) $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -268,7 +275,7 @@ if ($input_errors) <tr> <td> </td> <td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . " " . - gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td> + gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are automatically disabled when the ETPro rules are selected."); ?></td> </tr> </table> <table id="etpro_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0"> @@ -310,11 +317,11 @@ if ($input_errors) <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td> <td width="78%" class="vtable"><input type="text" class="formfld time" name="rule_update_starttime" id="rule_update_starttime" size="4" - maxlength="5" value="<?=$pconfig['rule_update_starttime'];?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl"> + maxlength="5" value="<?=htmlspecialchars($pconfig['rule_update_starttime']);?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl"> <?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). ") . "<strong>" . - gettext("Default") . " </strong>" . gettext("is ") . "<strong>" . gettext("00:03") . "</strong></span>"; ?>.<br/><br/> + gettext("Default") . " </strong>" . gettext("is ") . "<strong>" . gettext("00:05") . "</strong></span>"; ?>.<br/><br/> <?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " . - "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:03 and 12:03 each day."); ?></td> + "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:05 and 12:05 each day."); ?></td> </tr> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> @@ -322,7 +329,7 @@ if ($input_errors) <tr> <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " . - "Limit"); ?><br/> + "Limit"); ?><br/><br/> <br/> <br/> <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/> @@ -368,6 +375,18 @@ if ($input_errors) <?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts After Deinstall"); ?></td> + <td width="78%" class="vtable"><input name="clearblocks" id="clearblocks" type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['clearblocks']=="on") echo " checked"; ?>/> + <?php echo gettext("All blocked hosts added by Snort will be removed during package deinstallation."); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Snort Log Files After Deinstall"); ?></td> + <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['clearlogs']=="on") echo " checked"; ?>/> + <?php echo gettext("All Snort log files will be removed during package deinstallation."); ?></td> +</tr> +<tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Snort Settings After Deinstall"); ?></td> <td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" @@ -377,7 +396,7 @@ if ($input_errors) <tr> <td width="22%" valign="top"> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" > + <input name="save" type="submit" class="formbtn" value="Save" > </td> </tr> <tr> diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index e42b7f8c..ecbd04a7 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -46,7 +46,6 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; $id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']); - function snort_suppresslist_used($supplist) { /****************************************************************/ @@ -69,15 +68,15 @@ function snort_suppresslist_used($supplist) { return false; } -if ($_GET['act'] == "del") { - if ($a_suppress[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - if (snort_suppresslist_used($a_suppress[$_GET['id']]['name'])) { - $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to an interface and cannot be removed!"); +if ($_POST['del']) { + if ($a_suppress[$_POST['list_id']] && is_numericint($_POST['list_id'])) { + /* make sure list is not being referenced by any Snort interfaces */ + if (snort_suppresslist_used($a_suppress[$_POST['list_id']]['name'])) { + $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to a Snort interface and cannot be removed! Unassign it from all Snort interfaces first."); } else { - unset($a_suppress[$_GET['id']]); - write_config(); + unset($a_suppress[$_POST['list_id']]); + write_config("Snort pkg: deleted a Suppress List."); header("Location: /snort/snort_interfaces_suppress.php"); exit; } @@ -93,14 +92,16 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} if ($input_errors) { print_input_errors($input_errors); } +if ($savemsg) + print_info_box($savemsg); ?> -<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<form action="/snort/snort_interfaces_suppress.php" method="post"> +<input type="hidden" name="list_id" id="list_id" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -110,10 +111,11 @@ if ($input_errors) { $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td> </tr> @@ -137,15 +139,13 @@ if ($input_errors) { <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a - href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td> - <td><a - href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" - onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td> + <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?php echo gettext("Edit Suppress List"); ?>"></a></td> + <td><input type="image" name="del[]" + onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this Suppress List?");?>');" + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete Suppress List");?>"/></td> </tr> </table> </td> @@ -160,7 +160,7 @@ if ($input_errors) { <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td> + width="17" height="17" border="0" title="<?php echo gettext("Add a new list"); ?>"></a></td> </tr> </table> </td> diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 3d703987..986bfc38 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -10,6 +10,7 @@ * * modified for the pfsense snort package * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -37,7 +38,6 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); - if (!is_array($config['installedpackages']['snortglobal'])) $config['installedpackages']['snortglobal'] = array(); $snortglob = $config['installedpackages']['snortglobal']; @@ -48,9 +48,16 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) $config['installedpackages']['snortglobal']['suppress']['item'] = array(); $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +/* Should never be called without identifying list index, so bail */ +if (is_null($id)) { + header("Location: /snort/snort_interfaces_suppress.php"); + exit; +} /* returns true if $name is a valid name for a whitelist file name or ip */ function is_validwhitelistname($name) { @@ -77,7 +84,7 @@ if (isset($id) && $a_suppress[$id]) { $pconfig['uuid'] = uniqid(); } -if ($_POST['submit']) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -102,7 +109,6 @@ if ($_POST['submit']) { } } - if (!$input_errors) { $s_list = array(); $s_list['name'] = $_POST['name']; @@ -118,7 +124,7 @@ if ($_POST['submit']) { else $a_suppress[] = $s_list; - write_config(); + write_config("Snort pkg: modified Suppress List {$s_list['name']}."); sync_snort_package_config(); header("Location: /snort/snort_interfaces_suppress.php"); @@ -135,14 +141,14 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - -if ($input_errors) print_input_errors($input_errors); +if ($input_errors) + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> <form action="/snort/snort_interfaces_suppress_edit.php" name="iform" id="iform" method="post"> +<input name="id" type="hidden" value="<?=$id;?>"/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -152,10 +158,11 @@ if ($savemsg) $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -204,11 +211,10 @@ if ($savemsg) </td> </tr> <tr> - <td colspan="2"><input id="submit" name="submit" type="submit" + <td colspan="2"><input id="save" name="save" type="submit" class="formbtn" value="Save" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" - onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"/> <?php endif; ?> + onclick="history.back();"/> </td> </tr> </table> diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php deleted file mode 100644 index 9391eb85..00000000 --- a/config/snort/snort_interfaces_whitelist.php +++ /dev/null @@ -1,177 +0,0 @@ -<?php -/* - * snort_interfaces_whitelist.php - * - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['whitelist'])) - $config['installedpackages']['snortglobal']['whitelist'] = array(); -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) - $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); -else - $id_gen = '0'; - -if ($_GET['act'] == "del") { - if ($a_whitelist[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - unset($a_whitelist[$_GET['id']]); - write_config(); - sync_snort_package_config(); - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; - } -} - -$pgtitle = gettext("Snort: Whitelists"); -include_once("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include_once("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -if ($savemsg) print_info_box($savemsg); -?> - -<form action="/snort/snort_interfaces_whitelist.php" method="post"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); -?> - </td> -</tr> -<tr> - <td><div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">File Name</td> - <td width="40%" class="listhdrr">Values</td> - <td width="40%" class="listhdr">Description</td> - <td width="10%" class="list"></td> - </tr> - <?php foreach ($a_whitelist as $i => $list): ?> - <tr> - <td class="listlr" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?></td> - <td class="listr" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?php - $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); - echo $addresses; - if(count($addresses) < 10) { - echo " "; - } else { - echo "..."; - } - ?></td> - <td class="listbg" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a - href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?php echo gettext("edit whitelist"); ?>"></a></td> - <td><a - href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" - onclick="return confirm('<?php echo gettext("Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!"); ?>')"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="<?php echo gettext("delete whitelist"); ?>"></a></td> - </tr> - </table> - </td> - </tr> - <?php endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a - href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td> - </tr> - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> -<br> -<table width="100%" border="0" cellpadding="1" - cellspacing="1"> - <tr> - <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> - <p><?php echo gettext("Here you can create whitelist files for your " . - "snort package rules."); ?><br> - <?php echo gettext("Please add all the ips or networks you want to protect against snort " . - "block decisions."); ?><br> - <?php echo gettext("Remember that the default whitelist only includes local networks."); ?><br> - <?php echo gettext("Be careful, it is very easy to get locked out of your system."); ?></p></span></td> - </tr> - <tr> - <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td> - </tr> -</table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php new file mode 100644 index 00000000..ae4a1032 --- /dev/null +++ b/config/snort/snort_ip_list_mgmt.php @@ -0,0 +1,275 @@ +<?php +/* + * Copyright (C) 2004 Scott Ullrich + * Copyright (C) 2011-2012 Ermal Luci + * All rights reserved. + * + * originially part of m0n0wall (http://m0n0.ch/wall) + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * All rights reserved. + * + * modified for the pfsense snort package + * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); + +// Hard-code the path where IP Lists are stored +// and disregard any user-supplied path element. +$iprep_path = IPREP_PATH; + +// Set default to not show IP List editor controls +$iplist_edit_style = "display: none;"; + +function snort_is_iplist_active($iplist) { + + /*************************************************** + * This function checks all the configured Snort * + * interfaces to see if the passed IP List is used * + * as a whitelist or blacklist by an interface. * + * * + * Returns: TRUE if IP List is in use * + * FALSE if IP List is not in use * + ***************************************************/ + + global $g, $config; + + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return FALSE; + + foreach ($config['installedpackages']['snortglobal']['rule'] as $rule) { + if (is_array($rule['wlist_files']['item'])) { + foreach ($rule['wlist_files']['item'] as $file) { + if ($file == $iplist) + return TRUE; + } + } + if (is_array($rule['blist_files']['item'])) { + foreach ($rule['blist_files']['item'] as $file) { + if ($file == $iplist) + return TRUE; + } + } + } + return FALSE; +} + + +if (isset($_POST['upload'])) { + if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) { + $tmp_name = $_FILES["iprep_fileup"]["tmp_name"]; + $name = $_FILES["iprep_fileup"]["name"]; + move_uploaded_file($tmp_name, "{$iprep_path}{$name}"); + } + else + $input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}"); +} + +if (isset($_POST['iplist_delete']) && isset($_POST['iplist_fname'])) { + if (!snort_is_iplist_active($_POST['iplist_fname'])) + unlink_if_exists("{$iprep_path}{$_POST['iplist_fname']}"); + else + $input_errors[] = gettext("This IP List is currently assigned as a Whitelist or Blackist for an interface and cannot be deleted."); +} + +if (isset($_POST['iplist_edit']) && isset($_POST['iplist_fname'])) { + $file = $iprep_path . basename($_POST['iplist_fname']); + $data = file_get_contents($file); + if ($data !== FALSE) { + $iplist_data = htmlspecialchars($data); + $iplist_edit_style = "display: table-row-group;"; + $iplist_name = basename($_POST['iplist_fname']); + unset($data); + } + else { + $input_errors[] = gettext("An error occurred reading the file."); + } +} + +if (isset($_POST['save']) && isset($_POST['iplist_data'])) { + if (strlen(basename($_POST['iplist_name'])) > 0) { + $file = $iprep_path . basename($_POST['iplist_name']); + $data = str_replace("\r\n", "\n", $_POST['iplist_data']); + file_put_contents($file, $data); + unset($data); + } + else { + $input_errors[] = gettext("You must provide a valid filename for the IP List."); + $iplist_edit_style = "display: table-row-group;"; + } +} + +// Get all files in the IP Lists sub-directory as an array +// Leave this as the last thing before spewing the page HTML +// so we can pick up any changes made to files in code above. +$ipfiles = return_dir_as_array($iprep_path); + +$pgtitle = gettext("Snort: IP Reputation Lists"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); +if ($input_errors) { + print_input_errors($input_errors); +} + +if ($savemsg) + print_info_box($savemsg); +?> + +<form action="/snort/snort_ip_list_mgmt.php" enctype="multipart/form-data" method="post"> +<input type="hidden" name="MAX_FILE_SIZE" value="100000000" /> +<input type="hidden" name="iplist_fname" id="iplist_fname" value=""/> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("IP Lists"), true, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); +?> +</td> +</tr> +<tbody id="uploader" style="display: none;" class="tabcont"> + <tr> + <td colspan="4" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td> + </tr> + <tr> + <td colspan="4" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" /> + <input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>" + title="<?=gettext("Upload selected IP list to firewall");?>"/> <input type="button" + value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td> + <td class="list"></td> + </tr> +</tbody> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col style="width: 50%;"> + <col style="width: 25%;"> + <col style="width: 15%;"> + <col style="width: 10%;"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?php echo gettext("IP List File Name"); ?></th> + <th class="listhdrr"><?php echo gettext("Last Modified Time"); ?></th> + <th class="listhdrr"><?php echo gettext("File Size"); ?></th> + <th class="list" align="left"><img style="cursor:pointer;" name="iplist_new" id="iplist_new" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" + height="17" border="0" title="<?php echo gettext('Create a new IP List');?>" + onClick="document.getElementById('iplist_data').value=''; document.getElementById('iplist_name').value=''; document.getElementById('iplist_editor').style.display='table-row-group'; document.getElementById('iplist_name').focus();" /> + <img style="cursor:pointer;" name="iplist_import" id="iplist_import" + onClick="document.getElementById('uploader').style.display='table-row-group';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" + height="17" border="0" title="<?php echo gettext('Import/Upload an IP List');?>"/></th> + </tr> + </thead> + <?php foreach ($ipfiles as $file): ?> + <tr> + <td class="listr"><?php echo gettext($file); ?></td> + <td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td> + <td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td> + <td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]" + onClick="document.getElementById('iplist_fname').value='<?=$file;?>';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" + height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/> + <input type="image" name="iplist_delete[]" id="iplist_delete[]" + onClick="document.getElementById('iplist_fname').value='<?=$file;?>'; + return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file? Click OK to continue or CANCEL to quit.");?>');" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" + height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td> + </tr> + <?php endforeach; ?> + <tbody id="iplist_editor" style="<?=$iplist_edit_style;?>"> + <tr> + <td colspan="4"> </td> + </tr> + <tr> + <td colspan="4"><strong><?=gettext("File Name: ");?></strong><input type="text" size="45" class="formfld file" id="iplist_name" name="iplist_name" value="<?=$iplist_name;?>" /> + <input type="submit" id="save" name="save" value="<?=gettext(" Save ");?>" title="<?=gettext("Save changes and close editor");?>" /> + <input type="button" id="cancel" name="cancel" value="<?=gettext("Cancel");?>" onClick="document.getElementById('iplist_editor').style.display='none';" + title="<?=gettext("Abandon changes and quit editor");?>" /></td> + </tr> + <tr> + <td colspan="4"> </td> + </tr> + <tr> + <td colspan="4"><textarea wrap="off" cols="80" rows="20" name="iplist_data" id="iplist_data" + style="width:95%; height:100%;"><?=$iplist_data;?></textarea> + </td> + </tr> + </tbody> + + <tr> + <td colspan="3" class="vexpl"><br/><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span> + <br/><?php echo gettext("1. IP Lists are used by the IP Reputation Preprocessor and are text files formatted " . + "with one IP address (or CIDR network) per line."); ?></td> + <td class="list"></td> + </tr> + <tr> + <td colspan="3" class="vexpl" style="height: 20px; vertical-align: middle;"><?php echo gettext("2. IP Lists are stored as local files on the firewall and their contents are " . + "not saved as part of the firewall configuration file."); ?></td> + <td class="list"></td> + </tr> + <tr> + <td colspan="3" class="vexpl"><br/><strong><?php echo gettext("IP List Controls:"); ?></strong><br/><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the editor window to create a new IP List. You must provide a valid filename before saving.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the file upload control for uploading a new IP List from your local machine.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the IP List in a text edit control for viewing or editing its contents.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" /> + <?=gettext("Deletes the IP List from the file system after confirmation.");?></td> + <td class="list"></td> + </tr> + </table> + </div> + </td> +</tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php new file mode 100644 index 00000000..3de8c661 --- /dev/null +++ b/config/snort/snort_ip_reputation.php @@ -0,0 +1,506 @@ +<?php +/* + * snort_ip_reputation.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g, $rebuild_rules; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; +} + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['wlist_files']['item'])) { + $config['installedpackages']['snortglobal']['rule'][$id]['wlist_files']['item'] = array(); +} +if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['blist_files']['item'])) { + $config['installedpackages']['snortglobal']['rule'][$id]['blist_files']['item'] = array(); +} + +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$pconfig = $a_nat[$id]; +$iprep_path = IPREP_PATH; +$if_real = get_real_interface($a_nat[$id]['interface']); +$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + +// Set sensible defaults for any empty parameters +if (empty($pconfig['iprep_memcap'])) + $pconfig['iprep_memcap'] = '500'; +if (empty($pconfig['iprep_priority'])) + $pconfig['iprep_priority'] = 'whitelist'; +if (empty($pconfig['iprep_nested_ip'])) + $pconfig['iprep_nested_ip'] = 'inner'; +if (empty($pconfig['iprep_white'])) + $pconfig['iprep_white'] = 'unblack'; + +if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) { + $pconfig = $_POST; + + // Test the supplied IP List file to see if it exists + if (file_exists($_POST['iplist'])) { + // See if the file is already assigned to the interface + foreach ($a_nat[$id]['blist_files']['item'] as $f) { + if ($f == basename($_POST['iplist'])) { + $input_errors[] = gettext("The file {$f} is already assigned as a blacklist file."); + break; + } + } + if (!$input_errors) { + $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']); + write_config("Snort pkg: added new blacklist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); + } + } + else + $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + + $pconfig['blist_files'] = $a_nat[$id]['blist_files']; + $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; +} + +if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) { + $pconfig = $_POST; + + // Test the supplied IP List file to see if it exists + if (file_exists($_POST['iplist'])) { + // See if the file is already assigned to the interface + foreach ($a_nat[$id]['wlist_files']['item'] as $f) { + if ($f == basename($_POST['iplist'])) { + $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file."); + break; + } + } + if (!$input_errors) { + $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']); + write_config("Snort pkg: added new whitelist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); + } + } + else + $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + + $pconfig['blist_files'] = $a_nat[$id]['blist_files']; + $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; +} + +if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) { + $pconfig = $_POST; + unset($a_nat[$id]['blist_files']['item'][$_POST['list_id']]); + write_config("Snort pkg: deleted blacklist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); + $pconfig['blist_files'] = $a_nat[$id]['blist_files']; + $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; +} + +if ($_POST['wlist_del'] && is_numericint($_POST['list_id'])) { + $pconfig = $_POST; + unset($a_nat[$id]['wlist_files']['item'][$_POST['list_id']]); + write_config("Snort pkg: deleted whitelist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); + $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; + $pconfig['blist_files'] = $a_nat[$id]['blist_files']; +} + +if ($_POST['save'] || $_POST['apply']) { + + $natent = array(); + $natent = $pconfig; + + if (!is_numericint($_POST['iprep_memcap']) || strval($_POST['iprep_memcap']) < 1 || strval($_POST['iprep_memcap']) > 4095) + $input_errors[] = gettext("The value for Memory Cap must be an integer between 1 and 4095."); + + // if no errors write to conf + if (!$input_errors) { + + $natent['reputation_preproc'] = $_POST['reputation_preproc'] ? 'on' : 'off'; + $natent['iprep_scan_local'] = $_POST['iprep_scan_local'] ? 'on' : 'off'; + $natent['iprep_memcap'] = $_POST['iprep_memcap']; + $natent['iprep_priority'] = $_POST['iprep_priority']; + $natent['iprep_nested_ip'] = $_POST['iprep_nested_ip']; + $natent['iprep_white'] = $_POST['iprep_white']; + + $a_nat[$id] = $natent; + + write_config("Snort pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}."); + + // Update the snort conf file for this interface + $rebuild_rules = false; + snort_generate_conf($a_nat[$id]); + + // Soft-restart Snort to live-load new variables + snort_reload_config($a_nat[$id]); + $pconfig = $natent; + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('snort_iprep'); + } + else + $pconfig = $_POST; +} + +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); +$pgtitle = gettext("Snort: Interface {$if_friendly} IP Reputation Preprocessor"); +include_once("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include("fbegin.inc"); +/* Display Alert message */ +if ($input_errors) + print_input_errors($input_errors); +if ($savemsg) + print_info_box($savemsg); +?> + +<form action="snort_ip_reputation.php" method="post" name="iform" id="iform" > +<input name="id" type="hidden" value="<?=$id;?>" /> +<input type="hidden" id="mode" name="mode" value="" /> +<input name="iplist" id="iplist" type="hidden" value="" /> +<input name="list_id" id="list_id" type="hidden" value="" /> + +<?php if (is_subsystem_dirty('snort_iprep')): ?><p> +<?php print_info_box_np(gettext("A change has been made to blacklist or whitelist file assignments.") . "<br/>" . gettext("You must apply the changes in order for them to take effect."));?> +<?php endif; ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); + echo '</td></tr>'; + echo '<tr><td class="tabnavtbl">'; + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), true, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); + ?> + </td> + </tr> + <tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Reputation Preprocessor Configuration"); ?></td> + </tr> + <tr> + <td width="22%" valign='top' class='vncell'><?php echo gettext("Enable"); ?> + </td> + <td width="78%" class="vtable"><input name="reputation_preproc" type="checkbox" value="on" <?php if ($pconfig['reputation_preproc'] == "on") echo "checked"; ?>/> + <?php echo gettext("Use IP Reputation Lists on this interface. Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td> + <td class="vtable"><input name="iprep_memcap" type="text" class="formfld unknown" + id="http_inspect_memcap" size="9" + value="<?=htmlspecialchars($pconfig['iprep_memcap']);?>"> + <?php echo gettext("Maximum memory in megabytes (MB) supported for IP Reputation Lists. Default is ") . "<strong>" . + gettext("500.") . "</strong><br/>" . gettext("The Minimum value is ") . + "<strong>" . gettext("1 MB") . "</strong>" . gettext(" and the Maximum is ") . "<strong>" . + gettext("4095 MB.") . "</strong> " . gettext("Enter an integer value between 1 and 4095."); ?><br/> + </td> + </tr> + <tr> + <td width="22%" valign='top' class='vncell'><?php echo gettext("Scan Local"); ?> + </td> + <td width="78%" class="vtable"><input name="iprep_scan_local" type="checkbox" value="on" <?php if ($pconfig['iprep_scan_local'] == "on") echo "checked"; ?>/> + <?php echo gettext("Scan RFC 1918 addresses on this interface. Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?><br/> + <?php echo gettext("When checked, Snort will inspect addresses in the 10/8, 172.16/12 and 192.168/16 ranges defined in RFC 1918.");?><br/><br/> + <span class="red"><strong><?=gettext("Hint: ");?></strong></span><?=gettext("if these address ranges are used in your internal network, and this instance ") . + gettext("is on an internal interface, this option should usually be enabled (checked).");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Nested IP"); ?></td> + <td width="78%" class="vtable"> + <input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_inner" + value="inner" <?php if ($pconfig['iprep_nested_ip'] == 'inner') echo "checked";?>/> + <?php echo gettext("Inner"); ?> <input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_outer" + value="outer" <?php if ($pconfig['iprep_nested_ip'] == 'outer') echo "checked";?>/> + <?php echo gettext("Outer"); ?> <input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_both" + value="both" <?php if ($pconfig['iprep_nested_ip'] == 'both') echo "checked";?>/> + <?php echo gettext("Both"); ?><br/> + <?php echo gettext("Specify which IP address to use for whitelist/blacklist matching when there is IP encapsulation. Default is ") . "<strong>" . gettext("Inner") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Priority"); ?></td> + <td width="78%" class="vtable"> + <input name="iprep_priority" type="radio" id="iprep_priority_blacklist" + value="blacklist" <?php if ($pconfig['iprep_priority'] == 'blacklist') echo "checked";?>/> + <?php echo gettext("Blacklist"); ?> <input name="iprep_priority" type="radio" id="iprep_priority" + value="whitelist" <?php if ($pconfig['iprep_priority'] == 'whitelist') echo "checked";?>/> + <?php echo gettext("Whitelist"); ?><br/> + <?php echo gettext("Specify which list has priority when source/destination is on blacklist while destination/source is on whitelist.") . + "<br/>" . gettext("Default is ") . "<strong>" . gettext("Whitelist") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist Meaning"); ?></td> + <td width="78%" class="vtable"> + <input name="iprep_white" type="radio" id="iprep_white_unblack" + value="unblack" <?php if ($pconfig['iprep_white'] == 'unblack') echo "checked";?>/> + <?php echo gettext("Unblack"); ?> <input name="iprep_white" type="radio" id="iprep_white_trust" + value="trust" <?php if ($pconfig['iprep_white'] == 'trust') echo "checked";?>/> + <?php echo gettext("Trust"); ?><br/> + <?php echo gettext("Specify the meaning of whitelist. \"Unblack\" unblacks blacklisted IP addresses and routes them for further inspection. \"Trust\" means the packet bypasses all further Snort detection. ") . + gettext("Default is ") . "<strong>" . gettext("Unblack") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> </td> + <td width="78%" class="vtable"> + <input name="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save IP Reputation configuration");?>" /> + <?=gettext("Click to save configuration settings and live-reload the running Snort configuration.");?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Assign Blacklists/Whitelists to IP Reputation Preprocessor"); ?></td> + </tr> + <tr> + <td width="22%" valign='top' class='vncell'><?php echo gettext("Blacklist Files"); ?> + </td> + <td width="78%" class="vtable"> + <!-- blist_chooser --> + <div id="blistChooser" name="blistChooser" style="display:none; border:1px dashed gray; width:98%;"></div> + <table width="95%" border="0" cellpadding="2" cellspacing="0"> + <colgroup> + <col style="text-align:left;"> + <col style="width: 30%; text-align:left;"> + <col style="width: 17px;"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?php echo gettext("Blacklist Filename"); ?></th> + <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th> + <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="blist_add" id="blist_add" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" + height="17" border="0" title="<?php echo gettext('Assign a blacklist file');?>"/></th> + </tr> + </thead> + <tbody> + <?php foreach($pconfig['blist_files']['item'] as $k => $f): + $class = "listr"; + if (!file_exists("{$iprep_path}{$f}")) { + $filedate = gettext("Unknown -- file missing"); + $class .= " red"; + } + else + $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$f}")); + ?> + <tr> + <td class="<?=$class;?>"><?=htmlspecialchars($f);?></td> + <td class="<?=$class;?>" align="center"><?=$filedate;?></td> + <td class="list"><input type="image" name="blist_del[]" id="blist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" + border="0" title="<?php echo gettext('Remove this blacklist file');?>"/></td> + </tr> + <?php endforeach; ?> + <tr> + <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span> + <?=gettext("changes to blacklist assignments are immediately saved.");?></td> + </tr> + </tbody> + </table> + </td> + </tr> + <tr> + <td width="22%" valign='top' class='vncell'><?php echo gettext("Whitelist Files"); ?> + </td> + <td width="78%" class="vtable"> + <table width="95%" border="0" cellpadding="2" cellspacing="0"> + <!-- wlist_chooser --> + <div id="wlistChooser" name="wlistChooser" style="display:none; border:1px dashed gray; width:98%;"></div> + <colgroup> + <col style="text-align:left;"> + <col style="width: 30%; text-align:left;"> + <col style="width: 17px;"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?php echo gettext("Whitelist Filename"); ?></th> + <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th> + <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="wlist_add" id="wlist_add" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" + border="0" title="<?php echo gettext('Assign a whitelist file');?>"/></th> + </tr> + </thead> + <tbody> + <?php foreach($pconfig['wlist_files']['item'] as $k => $f): + $class = "listr"; + if (!file_exists("{$iprep_path}{$f}")) { + $filedate = gettext("Unknown -- file missing"); + $class .= " red"; + } + else + $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$f}")); + ?> + <tr> + <td class="<?=$class;?>"><?=htmlspecialchars($f);?></td> + <td class="<?=$class;?>" align="center"><?=$filedate;?></td> + <td class="list"><input type="image" name="wlist_del[]" id="wlist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" + border="0" title="<?php echo gettext('Remove this whitelist file');?>"/></td> + </tr> + <?php endforeach; ?> + <tr> + <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span> + <?=gettext("changes to whitelist assignments are immediately saved.");?></td> + </tr> + </tbody> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> + +<script type="text/javascript"> +Event.observe( + window, "load", + function() { + Event.observe( + "blist_add", "click", + function() { + Effect.Appear("blistChooser", { duration: 0.25 }); + blistChoose(); + } + ); + + Event.observe( + "wlist_add", "click", + function() { + Effect.Appear("wlistChooser", { duration: 0.25 }); + wlistChoose(); + } + ); + } +); + +function blistChoose() { + Effect.Appear("blistChooser", { duration: 0.25 }); + if($("fbCurrentDir")) + $("fbCurrentDir").innerHTML = "Loading ..."; + + new Ajax.Request( + "/snort/snort_iprep_list_browser.php?container=blistChooser&target=iplist&val=" + new Date().getTime(), + { method: "get", onComplete: blistComplete } + ); +} + +function wlistChoose() { + Effect.Appear("wlistChooser", { duration: 0.25 }); + if($("fbCurrentDir")) + $("fbCurrentDir").innerHTML = "Loading ..."; + + new Ajax.Request( + "/snort/snort_iprep_list_browser.php?container=wlistChooser&target=iplist&val=" + new Date().getTime(), + { method: "get", onComplete: wlistComplete } + ); +} + +function blistComplete(req) { + $("blistChooser").innerHTML = req.responseText; + + var actions = { + fbClose: function() { $("blistChooser").hide(); }, + fbFile: function() { $("iplist").value = this.id; + $("mode").value = 'blist_add'; + document.getElementById('iform').submit(); + } + } + + for(var type in actions) { + var elem = $("blistChooser"); + var list = elem.getElementsByClassName(type); + for (var i=0; i<list.length; i++) { + Event.observe(list[i], "click", actions[type]); + list[i].style.cursor = "pointer"; + } + } +} + +function wlistComplete(req) { + $("wlistChooser").innerHTML = req.responseText; + + var actions = { + fbClose: function() { $("wlistChooser").hide(); }, + fbFile: function() { $("iplist").value = this.id; + $("mode").value = 'wlist_add'; + document.getElementById('iform').submit(); + } + } + + for(var type in actions) { + var elem = $("wlistChooser"); + var list = elem.getElementsByClassName(type); + for (var i=0; i<list.length; i++) { + Event.observe(list[i], "click", actions[type]); + list[i].style.cursor = "pointer"; + } + } +} + +</script> + +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_iprep_list_browser.php b/config/snort/snort_iprep_list_browser.php new file mode 100644 index 00000000..3e4d6b6a --- /dev/null +++ b/config/snort/snort_iprep_list_browser.php @@ -0,0 +1,99 @@ +<?php + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +// Fetch a list of files inside a given directory +function get_content($dir) { + $files = array(); + + clearstatcache(); + $fd = @opendir($dir); + while($entry = @readdir($fd)) { + if($entry == ".") continue; + if($entry == "..") continue; + + if(is_dir("{$dir}/{$entry}")) + continue; + else + array_push($files, $entry); + } + @closedir($fd); + natsort($files); + return $files; +} + +$path = IPREP_PATH; +$container = htmlspecialchars($_GET['container']); +$target = htmlspecialchars($_GET['target']); + +// ----- header ----- +?> +<table width="100%"> + <tr> + <td width="25px" align="left"> + <img src="/filebrowser/images/icon_home.gif" alt="Home" title="Home" /> + </td> + <td><b><?=$path;?></b></td> + <td class="fbClose" align="right"> + <img onClick="$('<?=$container;?>').hide();" border="0" src="/filebrowser/images/icon_cancel.gif" alt="Close" title="Close" /> + </td> + </tr> + <tr> + <td id="fbCurrentDir" colspan="3" class="vexpl" align="left"> + </td> + </tr> +<?php +$files = get_content($path); + +// ----- files ----- +foreach($files as $file): + $ext = strrchr($file, "."); + + if($ext == ".css" ) $type = "code"; + elseif($ext == ".html") $type = "code"; + elseif($ext == ".xml" ) $type = "code"; + elseif($ext == ".rrd" ) $type = "database"; + elseif($ext == ".gif" ) $type = "image"; + elseif($ext == ".jpg" ) $type = "image"; + elseif($ext == ".png" ) $type = "image"; + elseif($ext == ".js" ) $type = "js"; + elseif($ext == ".pdf" ) $type = "pdf"; + elseif($ext == ".inc" ) $type = "php"; + elseif($ext == ".php" ) $type = "php"; + elseif($ext == ".conf") $type = "system"; + elseif($ext == ".pid" ) $type = "system"; + elseif($ext == ".sh" ) $type = "system"; + elseif($ext == ".bz2" ) $type = "zip"; + elseif($ext == ".gz" ) $type = "zip"; + elseif($ext == ".tgz" ) $type = "zip"; + elseif($ext == ".zip" ) $type = "zip"; + else $type = "generic"; + + $fqpn = "{$path}/{$file}"; + + if(is_file($fqpn)) { + $fqpn = realpath($fqpn); + $size = sprintf("%.2f KiB", filesize($fqpn) / 1024); + } + else + $size = ""; +?> + <tr> + <td></td> + <td class="fbFile vexpl" id="<?=$fqpn;?>" align="left"> + <?php $filename = str_replace("//","/", "{$path}/{$file}"); ?> + <div onClick="$('<?=$target;?>').value='<?=$filename?>'; $('<?=$container;?>').hide();"> + <img src="/filebrowser/images/file_<?=$type;?>.gif" alt="" title=""> + <?=$file;?> + </div> + </td> + <td align="right" class="vexpl"> + <?=$size;?> + </td> + </tr> +<?php +endforeach; +?> +</table> + diff --git a/config/snort/snort_list_view.php b/config/snort/snort_list_view.php index 856367ef..8c3d0134 100644 --- a/config/snort/snort_list_view.php +++ b/config/snort/snort_list_view.php @@ -4,6 +4,7 @@ * * Copyright (C) 2004, 2005 Scott Ullrich * Copyright (C) 2011 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Adapted for FreeNAS by Volker Theile (votdev@gmx.de) @@ -41,23 +42,29 @@ global $g, $config; $contents = ''; -$id = $_GET['id']; -$wlist = $_GET['wlist']; -$type = $_GET['type']; +if (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +$wlist = htmlspecialchars($_GET['wlist']); +$type = htmlspecialchars($_GET['type']); +$title = "List"; if (isset($id) && isset($wlist)) { $a_rule = $config['installedpackages']['snortglobal']['rule'][$id]; if ($type == "homenet") { $list = snort_build_list($a_rule, $wlist); $contents = implode("\n", $list); + $title = "HOME_NET"; } - elseif ($type == "whitelist") { + elseif ($type == "passlist") { $list = snort_build_list($a_rule, $wlist, true); $contents = implode("\n", $list); + $title = "Pass List"; } elseif ($type == "suppress") { $list = snort_find_list($wlist, $type); $contents = str_replace("\r", "", base64_decode($list['suppresspassthru'])); + $title = "Suppress List"; } else $contents = gettext("\n\nERROR -- Requested List Type entity is not valid!"); @@ -65,35 +72,32 @@ if (isset($id) && isset($wlist)) { else $contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!"); -$pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer")); +$pgtitle = array(gettext("Snort"), gettext($title . " Viewer")); ?> <?php include("head.inc");?> <body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php // include("fbegin.inc");?> -<form action="snort_whitelist_view.php" method="post"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> <tr> - <td class="pgtitle" colspan="2">Snort: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td> + <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td> </tr> <tr> <td align="left" width="20%"> <input type="button" class="formbtn" value="Return" onclick="window.close()"> </td> <td align="right"> - <b><?php echo gettext(ucfirst($type) . ": ") . '</b> ' . $_GET['wlist']; ?> + <b><?php echo gettext($title . ": ") . '</b> ' . htmlspecialchars($_GET['wlist']); ?> </td> </tr> <tr> <td colspan="2" valign="top" class="label"> <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea> + <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea> </div> </td> </tr> @@ -101,7 +105,5 @@ $pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer")); </td> </tr> </table> -</form> -<?php // include("fend.inc");?> </body> </html> diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php deleted file mode 100644 index 4fc8d990..00000000 --- a/config/snort/snort_log_view.php +++ /dev/null @@ -1,89 +0,0 @@ -<?php -/* - * snort_log_view.php - * - * Copyright (C) 2004, 2005 Scott Ullrich - * Copyright (C) 2011 Ermal Luci - * All rights reserved. - * - * Adapted for FreeNAS by Volker Theile (votdev@gmx.de) - * Copyright (C) 2006-2009 Volker Theile - * - * Adapted for Pfsense Snort package by Robert Zelaya - * Copyright (C) 2008-2009 Robert Zelaya - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -$contents = ''; - -// Read the contents of the argument passed to us. -// Is it a fully qualified path and file? -if (file_exists($_GET['logfile'])) - $contents = file_get_contents($_GET['logfile']); -// It is not something we can display, so print an error. -else - $contents = gettext("\n\nERROR -- File: {$_GET['logfile']} not found!"); - -$pgtitle = array(gettext("Snort"), gettext("Log File Viewer")); -?> - -<?php include("head.inc");?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php // include("fbegin.inc");?> - -<form action="snort_log_view.php" method="post"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr> - <td class="tabcont"> - <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> - <tr> - <td class="pgtitle" colspan="2">Snort: Log File Viewer</td> - </tr> - <tr> - <td align="left" width="20%"> - <input type="button" class="formbtn" value="Return" onclick="window.close()"> - </td> - <td align="right"> - <b><?php echo gettext("Log File: ") . '</b> ' . $_GET['logfile']; ?> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="label"> - <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea style="width:100%; height:100%;" readonly wrap="off" rows="33" cols="80" name="code2"><?=$contents;?></textarea> - </div> - </td> - </tr> - </table> - </td> -</tr> -</table> -</form> -<?php // include("fend.inc");?> -</body> -</html> diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 61989e99..b3152d5d 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -1,8 +1,8 @@ <?php /* - * snort_migrate_config.inc + * snort_migrate_config.php * - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -288,6 +288,75 @@ foreach ($rule as &$r) { } } + // Change any ENABLE_SID settings to new format of GID:SID + if (!empty($pconfig['rule_sid_on'])) { + $tmp = explode("||", $pconfig['rule_sid_on']); + $new_tmp = ""; + foreach ($tmp as $v) { + if (strpos($v, ":") === false) { + if (preg_match('/(\d+)/', $v, $match)) + $new_tmp .= "1:{$match[1]}||"; + } + } + $new_tmp = rtrim($new_tmp, " ||"); + if (!empty($new_tmp)) { + $pconfig['rule_sid_on'] = $new_tmp; + $updated_cfg = true; + } + } + + // Change any DISABLE_SID settings to new format of GID:SID + if (!empty($pconfig['rule_sid_off'])) { + $tmp = explode("||", $pconfig['rule_sid_off']); + $new_tmp = ""; + foreach ($tmp as $v) { + if (strpos($v, ":") === false) { + if (preg_match('/(\d+)/', $v, $match)) + $new_tmp .= "1:{$match[1]}||"; + } + } + $new_tmp = rtrim($new_tmp, " ||"); + if (!empty($new_tmp)) { + $pconfig['rule_sid_off'] = $new_tmp; + $updated_cfg = true; + } + } + + // Migrate any Barnyard2 settings to the new advanced fields. + // Parse the old DB connect string and find the "host", "user", + // "dbname" and "password" values and save them in the new + // MySQL field names in the config file. + if (!empty($pconfig['barnyard_mysql'])) { + if (preg_match_all('/(dbname|host|user|password)\s*\=\s*([^\s]*)/i', $pconfig['barnyard_mysql'], $matches)) { + foreach ($matches[1] as $k => $p) { + if (strcasecmp($p, 'dbname') == 0) + $pconfig['barnyard_dbname'] = $matches[2][$k]; + elseif (strcasecmp($p, 'host') == 0) + $pconfig['barnyard_dbhost'] = $matches[2][$k]; + elseif (strcasecmp($p, 'user') == 0) + $pconfig['barnyard_dbuser'] = $matches[2][$k]; + elseif (strcasecmp($p, 'password') == 0) + $pconfig['barnyard_dbpwd'] = base64_encode($matches[2][$k]); + } + $pconfig['barnyard_mysql_enable'] = 'on'; + unset($pconfig['barnyard_mysql']); + } + // Since Barnyard2 was enabled, configure the new archived log settings + $pconfig['u2_archived_log_retention'] = '168'; + $pconfig['barnyard_archive_enable'] = 'on'; + $pconfig['unified2_log_limit'] = '32'; + $updated_cfg = true; + } + + // This setting is deprecated and replaced + // by 'barnyard_enable' since any Barnyard2 + // chaining requires unified2 logging. + if (isset($pconfig['snortunifiedlog'])) { + unset($pconfig['snortunifiedlog']); + $pconfig['barnyard_enable'] = 'on'; + $updated_cfg = true; + } + // Save the new configuration data into the $config array pointer $r = $pconfig; } @@ -296,9 +365,9 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.2"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.7"; log_error("[Snort] Saving configuration settings in new format..."); - write_config(); + write_config("Snort pkg: migrate existing settings to new format as part of package upgrade."); log_error("[Snort] Settings successfully migrated to new configuration format..."); } else diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php new file mode 100644 index 00000000..2cac9cd4 --- /dev/null +++ b/config/snort/snort_passlist.php @@ -0,0 +1,205 @@ +<?php +/* + * snort_passlist.php + * + * Copyright (C) 2004 Scott Ullrich + * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * originially part of m0n0wall (http://m0n0.ch/wall) + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * All rights reserved. + * + * modified for the pfsense snort package + * Copyright (C) 2009-2010 Robert Zelaya. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['whitelist'])) + $config['installedpackages']['snortglobal']['whitelist'] = array(); +if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); +$a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item']; + +// Calculate the next Pass List index ID +if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) + $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); +else + $id_gen = '0'; + +function snort_is_passlist_used($list) { + + /********************************************** + * This function tests the provided Pass List * + * to determine if it is assigned to an * + * interface. * + * * + * On Entry: $list -> Pass List name to test * + * * + * Returns: TRUE if Pass List is in use or * + * FALSE if not in use * + **********************************************/ + + global $config; + + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return FALSE; + + foreach($config['installedpackages']['snortglobal']['rule'] as $v) { + if (isset($v['whitelistname']) && $v['whitelistname'] == $list) + return TRUE; + } + return FALSE; +} + +if ($_POST['del'] && is_numericint($_POST['list_id'])) { + if ($a_passlist[$_POST['list_id']]) { + /* make sure list is not being referenced by any interface */ + if (snort_is_passlist_used($a_passlist[$_POST['list_id']]['name'])) { + $input_errors[] = gettext("This Pass List is currently assigned to a Snort interface and cannot be deleted. Unassign it from all Snort interfaces first."); + } + if (!$input_errors) { + unset($a_passlist[$_POST['list_id']]); + write_config("Snort pkg: deleted PASS LIST."); + sync_snort_package_config(); + header("Location: /snort/snort_passlist.php"); + exit; + } + } +} + +$pgtitle = gettext("Snort: Pass Lists"); +include_once("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include_once("fbegin.inc"); + +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); +} +if ($savemsg) { + print_info_box($savemsg); +} +?> + +<form action="/snort/snort_passlist.php" method="post"> +<input type="hidden" name="list_id" id="list_id" value=""/> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Pass Lists"), true, "/snort/snort_passlist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); +?> + </td> +</tr> +<tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr">List Name</td> + <td width="30%" class="listhdrr">Assigned Alias</td> + <td class="listhdr">Description</td> + <td width="40px" class="list"></td> + </tr> + <?php foreach ($a_passlist as $i => $list): ?> + <tr> + <td class="listlr" + ondblclick="document.location='snort_passlist_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?></td> + <td class="listr" + ondblclick="document.location='snort_passlist_edit.php?id=<?=$i;?>';" + title="<?=filter_expand_alias($list['address']);?>"> + <?php echo gettext($list['address']);?></td> + <td class="listbg" + ondblclick="document.location='snort_passlist_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> + </td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="snort_passlist_edit.php?id=<?=$i;?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit pass list"); ?>"></a> + </td> + <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this pass list? Click OK to continue or CANCEL to quit.)!");?>');" + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete pass list"); ?>"/> + </td> + </tr> + </table> + </td> + </tr> + <?php endforeach; ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a href="snort_passlist_edit.php?id=<?php echo $id_gen;?> "> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext("add a new pass list"); ?>"/></a> + </td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +<br> +<table width="100%" border="0" cellpadding="1" + cellspacing="1"> + <tr> + <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span> + <p><?php echo gettext("1. Here you can create Pass List files for your Snort package rules. Hosts on a Pass List are never blocked by Snort."); ?><br/> + <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Snort block decisions."); ?><br/> + <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/> + <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td> + </tr> + <tr> + <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_passlist_edit.php index 882c2b6f..3be776f4 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -1,8 +1,9 @@ <?php /* - * snort_interfaces_whitelist_edit.php + * snort_passlist_edit.php * Copyright (C) 2004 Scott Ullrich * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * originially part of m0n0wall (http://m0n0.ch/wall) @@ -39,7 +40,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); if ($_POST['cancel']) { - header("Location: /snort/snort_interfaces_whitelist.php"); + header("Location: /snort/snort_passlist.php"); exit; } @@ -47,27 +48,32 @@ if (!is_array($config['installedpackages']['snortglobal']['whitelist'])) $config['installedpackages']['snortglobal']['whitelist'] = array(); if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; +$a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +/* Should never be called without identifying list index, so bail */ if (is_null($id)) { header("Location: /snort/snort_interfaces_whitelist.php"); exit; } -if (empty($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'])) { - $whitelist_uuid = 0; - while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { - $whitelist_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $whitelist_uuid; +/* If no entry for this passlist, then create a UUID and treat it like a new list */ +if (!isset($a_passlist[$id]['uuid'])) { + $passlist_uuid = 0; + while ($passlist_uuid > 65535 || $passlist_uuid == 0) { + $passlist_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $passlist_uuid; + $pconfig['name'] = "passlist_{$passlist_uuid}"; } } else - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; + $passlist_uuid = $a_passlist[$id]['uuid']; -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name) { +/* returns true if $name is a valid name for a pass list file name or ip */ +function is_validpasslistname($name) { if (!is_string($name)) return false; @@ -77,29 +83,29 @@ function is_validwhitelistname($name) { return false; } -if (isset($id) && $a_whitelist[$id]) { +if (isset($id) && $a_passlist[$id]) { /* old settings */ $pconfig = array(); - $pconfig['name'] = $a_whitelist[$id]['name']; - $pconfig['uuid'] = $a_whitelist[$id]['uuid']; - $pconfig['detail'] = $a_whitelist[$id]['detail']; - $pconfig['address'] = $a_whitelist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); - $pconfig['localnets'] = $a_whitelist[$id]['localnets']; - $pconfig['wanips'] = $a_whitelist[$id]['wanips']; - $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; - $pconfig['vips'] = $a_whitelist[$id]['vips']; - $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; + $pconfig['name'] = $a_passlist[$id]['name']; + $pconfig['uuid'] = $a_passlist[$id]['uuid']; + $pconfig['detail'] = $a_passlist[$id]['detail']; + $pconfig['address'] = $a_passlist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); + $pconfig['localnets'] = $a_passlist[$id]['localnets']; + $pconfig['wanips'] = $a_passlist[$id]['wanips']; + $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; + $pconfig['vips'] = $a_passlist[$id]['vips']; + $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; } // Check for returned "selected alias" if action is import if ($_GET['act'] == "import") { - if ($_GET['varname'] == "address" && !empty($_GET['varvalue'])) - $pconfig[$_GET['varname']] = $_GET['varvalue']; + if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); } -if ($_POST['submit']) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -108,19 +114,19 @@ if ($_POST['submit']) { $reqdfieldsn = explode(",", "Name"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = gettext("Whitelist file names may not be named defaultwhitelist."); + if(strtolower($_POST['name']) == "defaultpasslist") + $input_errors[] = gettext("Pass List file names may not be named defaultpasslist."); - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = gettext("Whitelist file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); + if (is_validpasslistname($_POST['name']) == false) + $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); /* check for name conflicts */ - foreach ($a_whitelist as $w_list) { - if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) + foreach ($a_passlist as $w_list) { + if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list)) continue; if ($w_list['name'] == $_POST['name']) { - $input_errors[] = gettext("A whitelist file name with this name already exists."); + $input_errors[] = gettext("A Pass List file name with this name already exists."); break; } } @@ -133,7 +139,7 @@ if ($_POST['submit']) { $w_list = array(); /* post user input */ $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $whitelist_uuid; + $w_list['uuid'] = $passlist_uuid; $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; @@ -145,22 +151,22 @@ if ($_POST['submit']) { $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); $w_list['detail'] = $final_address_details; - if (isset($id) && $a_whitelist[$id]) - $a_whitelist[$id] = $w_list; + if (isset($id) && $a_passlist[$id]) + $a_passlist[$id] = $w_list; else - $a_whitelist[] = $w_list; + $a_passlist[] = $w_list; - write_config(); + write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); - /* create whitelist and homenet file then sync files */ + /* create pass list and homenet file, then sync files */ sync_snort_package_config(); - header("Location: /snort/snort_interfaces_whitelist.php"); + header("Location: /snort/snort_passlist.php"); exit; } } -$pgtitle = gettext("Snort: Whitelist Edit - {$a_whitelist[$id]['name']}"); +$pgtitle = gettext("Snort: Pass List Edit - {$pconfig['name']}"); include_once("head.inc"); ?> @@ -168,8 +174,8 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -if ($input_errors) print_input_errors($input_errors); +if ($input_errors) + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> @@ -177,7 +183,8 @@ if ($savemsg) </script> <script type="text/javascript" src="/javascript/suggestions.js"> </script> -<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform"> +<form action="snort_passlist_edit.php" method="post" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>" /> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -187,10 +194,11 @@ if ($savemsg) $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), true, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array,true); ?> </td> </tr> @@ -266,12 +274,12 @@ if ($savemsg) <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add custom IP Addresses from configured Aliases."); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"> - <div id="addressnetworkport"><?php echo gettext("Alias Name:"); ?></div> + <td width="22%" valign="top" class="vncell"> + <?php echo gettext("Assigned Aliases:"); ?> </td> <td width="78%" class="vtable"> <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" - title="<?=trim(filter_expand_alias($pconfig['address']));?>" /> + title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/> </td> @@ -279,9 +287,8 @@ if ($savemsg) <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> + <input id="save" name="save" type="submit" class="formbtn" value="Save" /> <input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" /> - <input name="id" type="hidden" value="<?=$id;?>" /> </td> </tr> </table> @@ -299,15 +306,11 @@ if ($savemsg) foreach($config['aliases']['alias'] as $alias_name) { if ($alias_name['type'] != "host" && $alias_name['type'] != "network") continue; - // Skip any Aliases that resolve to an empty string - if (trim(filter_expand_alias($alias_name['name'])) == "") - continue; if($addrisfirst == 1) $aliasesaddr .= ","; $aliasesaddr .= "'" . $alias_name['name'] . "'"; $addrisfirst = 1; } ?> - var addressarray=new Array(<?php echo $aliasesaddr; ?>); function createAutoSuggest() { diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 003628be..dbac41ef 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -96,13 +96,15 @@ function snort_build_new_conf($snortcfg) { if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; + conf_mount_rw(); + /* See if we should protect and not modify the preprocessor rules files */ if (!empty($snortcfg['protect_preproc_rules'])) $protect_preproc_rules = $snortcfg['protect_preproc_rules']; else $protect_preproc_rules = "off"; - $if_real = snort_get_real_interface($snortcfg['interface']); + $if_real = get_real_interface($snortcfg['interface']); $snort_uuid = $snortcfg['uuid']; $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; @@ -162,8 +164,18 @@ function snort_build_new_conf($snortcfg) { /* define snortunifiedlog */ $snortunifiedlog_type = ""; - if ($snortcfg['snortunifiedlog'] == "on") - $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; + if ($snortcfg['barnyard_enable'] == "on") { + if (isset($snortcfg['unified2_log_limit'])) + $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}"; + else + $u2_log_limit = "limit 128"; + + $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}"; + if ($snortcfg['barnyard_log_vlan_events'] == 'on') + $snortunifiedlog_type .= ", vlan_event_types"; + if ($snortcfg['barnyard_log_mpls_events'] == 'on') + $snortunifiedlog_type .= ", mpls_event_types"; + } /* define spoink */ $spoink_type = ""; @@ -721,6 +733,49 @@ preprocessor sensitive_data: \ EOD; + /* define IP Reputation preprocessor */ + if (is_array($snortcfg['blist_files']['item'])) { + $blist_files = ""; + $bIsFirst = TRUE; + foreach ($snortcfg['blist_files']['item'] as $blist) { + if ($bIsFirst) { + $blist_files .= "blacklist " . IPREP_PATH . $blist; + $bIsFirst = FALSE; + } + else + $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist; + } + } + if (is_array($snortcfg['wlist_files']['item'])) { + $wlist_files = ""; + $bIsFirst = TRUE; + foreach ($snortcfg['wlist_files']['item'] as $wlist) { + if ($bIsFirst) { + $wlist_files .= "whitelist " . IPREP_PATH . $wlist; + $bIsFirst = FALSE; + } + else + $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist; + } + } + if (!empty($blist_files)) + $ip_lists = $blist_files; + if (!empty($wlist_files)) + $ip_lists .= ", \\ \n" . $wlist_files; + if ($snortcfg['iprep_scan_local'] == 'on') + $ip_lists .= ", \\ \n\tscan_local"; + + $reputation_preproc = <<<EOD +# IP Reputation preprocessor # +preprocessor reputation: \ + memcap {$snortcfg['iprep_memcap']}, \ + priority {$snortcfg['iprep_priority']}, \ + nested_ip {$snortcfg['iprep_nested_ip']}, \ + white {$snortcfg['iprep_white']}, \ + {$ip_lists} + +EOD; + /* define servers as IP variables */ $snort_servers = array ( "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", @@ -751,11 +806,11 @@ EOD; "ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc" ); $snort_preproc = array ( - "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", - "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc" + "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan", + "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc" ); $default_disabled_preprocs = array( - "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc" + "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat" ); $snort_preprocessors = ""; foreach ($snort_preproc as $preproc) { @@ -793,43 +848,9 @@ EOD; $snort_misc_include_rules .= "include {$snortcfgdir}/reference.config\n"; if (file_exists("{$snortcfgdir}/classification.config")) $snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n"; - if (is_dir("{$snortcfgdir}/preproc_rules")) { - if ($snortcfg['sensitive_data'] == 'on' && $protect_preproc_rules == "off") { - $sedcmd = '/^#alert.*classtype:sdf/s/^#//'; - if (file_exists("{$snortcfgdir}/preproc_rules/sensitive-data.rules")){ - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/sensitive-data.rules\n"; - #enable only selected sensitive data - if (file_exists(SNORTDIR."/preproc_rules/sensitive-data.rules")){ - $sdf_alert_pattern="(".preg_replace("/,/","|",$snortcfg['sdf_alert_data_type']).")"; - $sd_tmp_file=file(SNORTDIR."/preproc_rules/sensitive-data.rules"); - $sd_tmp_new_file=""; - foreach ($sd_tmp_file as $sd_tmp_line) - $sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : ""; - file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX); - } - } - } else - $sedcmd = '/^alert.*classtype:sdf/s/^/#/'; - if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") && - file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules") && $protect_preproc_rules == "off") { - @file_put_contents("{$g['tmp_path']}/sedcmd", $sedcmd); - mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/preprocessor.rules"); - mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/decoder.rules"); - @unlink("{$g['tmp_path']}/sedcmd"); - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; - } else if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") && - file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules") && $protect_preproc_rules == "on") { - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; - } - else { - $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; - log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them"); - } - } else { + if (!file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") || !file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules")) { $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; - log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them"); + log_error("[Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file."); } /* generate rule sections to load */ @@ -1247,9 +1268,8 @@ EOD; ipvar HOME_NET [{$home_net}] ipvar EXTERNAL_NET [{$external_net}] -# Define Rule Paths # +# Define Rule Path # var RULE_PATH {$snortcfgdir}/rules -var PREPROC_RULE_PATH {$snortcfgdir}/preproc_rules # Define Servers # {$ipvardef} @@ -1340,13 +1360,8 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src EOD; // Write out snort.conf file - $conf = fopen("{$snortcfgdir}/snort.conf", "w"); - if(!$conf) { - log_error("Could not open {$snortcfgdir}/snort.conf for writing."); - return -1; - } - fwrite($conf, $snort_conf_text); - fclose($conf); + file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); + conf_mount_ro(); unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); unset($home_net, $external_net, $ipvardef, $portvardef); } @@ -1361,14 +1376,14 @@ if(is_process_running("snort")) { exec("/usr/bin/killall -z snort"); sleep(2); // Delete any leftover snort PID files in /var/run - array_map('@unlink', glob("/var/run/snort_*.pid")); + unlink_if_exists("/var/run/snort_*.pid"); } // Hard kill any running Barnyard2 processes if(is_process_running("barnyard")) { exec("/usr/bin/killall -z barnyard2"); sleep(2); // Delete any leftover barnyard2 PID files in /var/run - array_map('@unlink', glob("/var/run/barnyard2_*.pid")); + unlink_if_exists("/var/run/barnyard2_*.pid"); } /* Set flag for post-install in progress */ @@ -1397,46 +1412,68 @@ foreach ($preproc_rules as $file) { @unlink("{$rcdir}/snort.sh"); @unlink("{$rcdir}/barnyard2"); +/* Create required log and db directories in /var */ +safe_mkdir(SNORTLOGDIR); +safe_mkdir(IPREP_PATH); + +/* If installed, absorb the Snort Dashboard Widget into this package */ +/* by removing it as a separately installed package. */ +$pkgid = get_pkg_id("Dashboard Widget: Snort"); +if ($pkgid >= 0) { + log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package.")); + unset($config['installedpackages']['package'][$pkgid]); + unlink_if_exists("/usr/local/pkg/widget-snort.xml"); + write_config("Snort pkg: removed legacy Snort Dashboard Widget."); +} + +/* Define a default Dashboard Widget Container for Snort */ +$snort_widget_container = "snort_alerts-container:col2:close"; + /* remake saved settings */ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); /* Do one-time settings migration for new multi-engine configurations */ - update_output_window(gettext("Please wait... migrating settings to new multi-engine configuration...")); - include "/usr/local/pkg/snort/snort_migrate_config.php"; + update_output_window(gettext("Please wait... migrating settings to new configuration...")); + include('/usr/local/www/snort/snort_migrate_config.php'); update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); log_error(gettext("[Snort] Downloading and updating configured rule types...")); update_output_window(gettext("Please wait... downloading and updating configured rule types...")); if ($pkg_interface <> "console") $snort_gui_include = true; - include "/usr/local/pkg/snort/snort_check_for_rule_updates.php"; + include('/usr/local/www/snort/snort_check_for_rule_updates.php'); update_status(gettext("Generating snort.conf configuration file from saved settings...")); $rebuild_rules = true; /* Create the snort.conf files for each enabled interface */ $snortconf = $config['installedpackages']['snortglobal']['rule']; foreach ($snortconf as $value) { - $if_real = snort_get_real_interface($value['interface']); + $if_real = get_real_interface($value['interface']); /* create a snort.conf file for interface */ snort_build_new_conf($value); /* create barnyard2.conf file for interface */ if ($value['barnyard_enable'] == 'on') - snort_create_barnyard2_conf($value, $if_real); + snort_generate_barnyard2_conf($value, $if_real); } /* create snort bootup file snort.sh */ snort_create_rc(); /* Set Log Limit, Block Hosts Time and Rules Update Time */ - snort_snortloglimit_install_cron($config['installedpackages']['snortglobal']['snortloglimit'] == 'on' ? true : false); + snort_snortloglimit_install_cron(true); snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false); snort_rules_up_install_cron($config['installedpackages']['snortglobal']['autorulesupdate7'] != "never_up" ? true : false); /* Add the recurring jobs created above to crontab */ configure_cron(); + /* Restore the last Snort Dashboard Widget setting if none is set */ + if (!empty($config['installedpackages']['snortglobal']['dashboard_widget']) && + stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) + $config['widgets']['sequence'] .= "," . $config['installedpackages']['snortglobal']['dashboard_widget']; + $rebuild_rules = false; update_output_window(gettext("Finished rebuilding Snort configuration files...")); log_error(gettext("[Snort] Finished rebuilding installation from saved settings...")); @@ -1451,9 +1488,14 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { } } +/* If an existing Snort Dashboard Widget container is not found, */ +/* then insert our default Widget Dashboard container. */ +if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) + $config['widgets']['sequence'] .= ",{$snort_widget_container}"; + /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.2"; -write_config(); +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.7"; +write_config("Snort pkg: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 26b37e81..5cee95df 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -6,7 +6,7 @@ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -38,9 +38,11 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; $snortlogdir = SNORTLOGDIR; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; @@ -66,6 +68,8 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_clie $a_nat = &$config['installedpackages']['snortglobal']['rule']; $vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload']; + +// Calculate the "next engine ID" to use for the multi-config engine arrays $frag3_engine_next_id = count($a_nat[$id]['frag3_engine']['item']); $stream5_tcp_engine_next_id = count($a_nat[$id]['stream5_tcp_engine']['item']); $http_inspect_engine_next_id = count($a_nat[$id]['http_inspect_engine']['item']); @@ -73,170 +77,9 @@ $ftp_server_engine_next_id = count($a_nat[$id]['ftp_server_engine']['item']); $ftp_client_engine_next_id = count($a_nat[$id]['ftp_client_engine']['item']); $pconfig = array(); -if (isset($id) && $a_nat[$id]) { +if (isset($id) && isset($a_nat[$id])) { $pconfig = $a_nat[$id]; - /* Get current values from config for page form fields */ - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['host_attribute_table'] = $a_nat[$id]['host_attribute_table']; - $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data']; - $pconfig['max_attribute_hosts'] = $a_nat[$id]['max_attribute_hosts']; - $pconfig['max_attribute_services_per_host'] = $a_nat[$id]['max_attribute_services_per_host']; - $pconfig['max_paf'] = $a_nat[$id]['max_paf']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['ftp_telnet_inspection_type'] = $a_nat[$id]['ftp_telnet_inspection_type']; - $pconfig['ftp_telnet_alert_encrypted'] = $a_nat[$id]['ftp_telnet_alert_encrypted']; - $pconfig['ftp_telnet_check_encrypted'] = $a_nat[$id]['ftp_telnet_check_encrypted']; - $pconfig['ftp_telnet_normalize'] = $a_nat[$id]['ftp_telnet_normalize']; - $pconfig['ftp_telnet_detect_anomalies'] = $a_nat[$id]['ftp_telnet_detect_anomalies']; - $pconfig['ftp_telnet_ayt_attack_threshold'] = $a_nat[$id]['ftp_telnet_ayt_attack_threshold']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['pscan_protocol'] = $a_nat[$id]['pscan_protocol']; - $pconfig['pscan_type'] = $a_nat[$id]['pscan_type']; - $pconfig['pscan_sense_level'] = $a_nat[$id]['pscan_sense_level']; - $pconfig['pscan_memcap'] = $a_nat[$id]['pscan_memcap']; - $pconfig['pscan_ignore_scanners'] = $a_nat[$id]['pscan_ignore_scanners']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data']; - $pconfig['sdf_alert_data_type'] = $a_nat[$id]['sdf_alert_data_type']; - $pconfig['sdf_alert_threshold'] = $a_nat[$id]['sdf_alert_threshold']; - $pconfig['sdf_mask_output'] = $a_nat[$id]['sdf_mask_output']; - $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc']; - $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc']; - $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc']; - $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc']; - $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc']; - $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc']; - $pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc']; - $pconfig['ssh_preproc'] = $a_nat[$id]['ssh_preproc']; - $pconfig['preproc_auto_rule_disable'] = $a_nat[$id]['preproc_auto_rule_disable']; - $pconfig['protect_preproc_rules'] = $a_nat[$id]['protect_preproc_rules']; - - // Frag3 global settings - $pconfig['frag3_detection'] = $a_nat[$id]['frag3_detection']; - $pconfig['frag3_max_frags'] = $a_nat[$id]['frag3_max_frags']; - $pconfig['frag3_memcap'] = $a_nat[$id]['frag3_memcap']; - - // See if new Frag3 engine array is configured and use it; - // otherwise create a default engine configuration. - if (empty($pconfig['frag3_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", - "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", - "overlap_limit" => 0, "min_frag_len" => 0 ); - $pconfig['frag3_engine']['item'] = array(); - $pconfig['frag3_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['frag3_engine']['item'])) - $a_nat[$id]['frag3_engine']['item'] = array(); - $a_nat[$id]['frag3_engine']['item'][] = $default; - write_config(); - $frag3_engine_next_id++; - } - else - $pconfig['frag3_engine'] = $a_nat[$id]['frag3_engine']; - - // Stream5 global settings - $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly']; - $pconfig['stream5_flush_on_alert'] = $a_nat[$id]['stream5_flush_on_alert']; - $pconfig['stream5_prune_log_max'] = $a_nat[$id]['stream5_prune_log_max']; - $pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap']; - $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp']; - $pconfig['stream5_max_tcp'] = $a_nat[$id]['stream5_max_tcp']; - $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp']; - $pconfig['stream5_max_udp'] = $a_nat[$id]['stream5_max_udp']; - $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout']; - $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp']; - $pconfig['stream5_max_icmp'] = $a_nat[$id]['stream5_max_icmp']; - $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout']; - - // See if new Stream5 engine array is configured and use it; - // otherwise create a default engine configuration. - if (empty($pconfig['stream5_tcp_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30, - "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0, - "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0, - "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off", - "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default", - "ports_both" => "default", "ports_server" => "none" ); - $pconfig['stream5_tcp_engine']['item'] = array(); - $pconfig['stream5_tcp_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['stream5_tcp_engine']['item'])) - $a_nat[$id]['stream5_tcp_engine']['item'] = array(); - $a_nat[$id]['stream5_tcp_engine']['item'][] = $default; - write_config(); - $stream5_tcp_engine_next_id++; - } - else - $pconfig['stream5_tcp_engine'] = $a_nat[$id]['stream5_tcp_engine']; - - // HTTP_INSPECT global settings - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap']; - $pconfig['http_inspect_proxy_alert'] = $a_nat[$id]['http_inspect_proxy_alert']; - $pconfig['http_inspect_max_gzip_mem'] = $a_nat[$id]['http_inspect_max_gzip_mem']; - - // See if new HTTP_INSPECT engine array is configured and use it; - // otherwise create a default engine configuration. - if (empty($pconfig['http_inspect_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off", - "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on", - "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off", - "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", - "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", - "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, - "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" ); - $pconfig['http_inspect_engine']['item'] = array(); - $pconfig['http_inspect_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['http_inspect_engine']['item'])) - $a_nat[$id]['http_inspect_engine']['item'] = array(); - $a_nat[$id]['http_inspect_engine']['item'][] = $default; - write_config(); - $http_inspect_engine_next_id++; - } - else - $pconfig['http_inspect_engine'] = $a_nat[$id]['http_inspect_engine']; - - // See if new FTP client engine array is configured and use it; - // otherwise create a default engine configuration.. - if (empty($pconfig['ftp_client_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256, - "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", - "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); - $pconfig['ftp_client_engine']['item'] = array(); - $pconfig['ftp_client_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['ftp_client_engine']['item'])) - $a_nat[$id]['ftp_client_engine']['item'] = array(); - $a_nat[$id]['ftp_client_engine']['item'][] = $default; - write_config(); - $ftp_client_engine_next_id++; - } - else - $pconfig['ftp_client_engine'] = $a_nat[$id]['ftp_client_engine']; - - // See if new FTP server engine array is configured and use it; - // otherwise create a default engine configuration.. - if (empty($pconfig['ftp_server_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "ports" => "default", - "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", - "ignore_data_chan" => "no", "def_max_param_len" => 100 ); - $pconfig['ftp_server_engine']['item'] = array(); - $pconfig['ftp_server_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['ftp_server_engine']['item'])) - $a_nat[$id]['ftp_server_engine']['item'] = array(); - $a_nat[$id]['ftp_server_engine']['item'][] = $default; - write_config(); - $ftp_server_engine_next_id++; - } - else - $pconfig['ftp_server_engine'] = $a_nat[$id]['ftp_server_engine']; - - /* If not using the Snort VRT rules, then disable */ - /* the Sensitive Data (sdf) preprocessor. */ - if ($vrt_enabled == "off") - $pconfig['sensitive_data'] = "off"; - /************************************************************/ /* To keep new users from shooting themselves in the foot */ /* enable the most common required preprocessors by default */ @@ -264,12 +107,14 @@ if (isset($id) && $a_nat[$id]) { $pconfig['ftp_telnet_detect_anomalies'] = 'on'; if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0) $pconfig['ftp_telnet_ayt_attack_threshold'] = '20'; + if (empty($pconfig['sdf_alert_data_type'])) $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers"; if (empty($pconfig['sdf_alert_threshold'])) $pconfig['sdf_alert_threshold'] = '25'; if (empty($pconfig['sdf_mask_output'])) $pconfig['sdf_mask_output'] = 'off'; + if (empty($pconfig['smtp_preprocessor'])) $pconfig['smtp_preprocessor'] = 'on'; if (empty($pconfig['dce_rpc_2'])) @@ -340,36 +185,56 @@ if (isset($id) && $a_nat[$id]) { $pconfig['pscan_sense_level'] = 'medium'; } -/* Define the "disabled_preproc_rules.log" file for this interface */ -$iface = snort_get_friendly_interface($pconfig['interface']); -$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log"; +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); -if ($_GET['act'] && isset($_GET['eng_id'])) { +/* Define the "disabled_preproc_rules.log" file for this interface */ +$disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log"; - $natent = array(); - $natent = $pconfig; +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); +} - if ($_GET['act'] == "del_frag3") - unset($natent['frag3_engine']['item'][$_GET['eng_id']]); - elseif ($_GET['act'] == "del_stream5_tcp") - unset($natent['stream5_tcp_engine']['item'][$_GET['eng_id']]); - elseif ($_GET['act'] == "del_http_inspect") - unset($natent['http_inspect_engine']['item'][$_GET['eng_id']]); - elseif ($_GET['act'] == "del_ftp_server") - unset($natent['ftp_server_engine']['item'][$_GET['eng_id']]); - - if (isset($id) && $a_nat[$id]) { - $a_nat[$id] = $natent; - write_config(); +// Handle deleting of any of the multiple configuration engines +if ($_POST['del_http_inspect']) { + if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) { + unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]); + write_config("Snort pkg: deleted http_inspect engine for {$a_nat[$id]['interface']}."); + header("Location: snort_preprocessors.php?id=$id#httpinspect_row"); + exit; } - - header("Location: snort_preprocessors.php?id=$id"); - exit; } - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; +elseif ($_POST['del_frag3']) { + if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { + unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]); + write_config("Snort pkg: deleted frag3 engine for {$a_nat[$id]['interface']}."); + header("Location: snort_preprocessors.php?id=$id#frag3_row"); + exit; + } +} +elseif ($_POST['del_stream5_tcp']) { + if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { + unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]); + write_config("Snort pkg: deleted stream5 engine for {$a_nat[$id]['interface']}."); + header("Location: snort_preprocessors.php?id=$id#stream5_row"); + exit; + } +} +elseif ($_POST['del_ftp_client']) { + if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { + unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]); + write_config("Snort pkg: deleted ftp_client engine for {$a_nat[$id]['interface']}."); + header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row"); + exit; + } +} +elseif ($_POST['del_ftp_server']) { + if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { + unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]); + write_config("Snort pkg: deleted ftp_server engine for {$a_nat[$id]['interface']}."); + header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row"); + exit; + } } if ($_POST['ResetAll']) { @@ -434,7 +299,8 @@ if ($_POST['ResetAll']) { /* Log a message at the top of the page to inform the user */ $savemsg = gettext("All preprocessor settings have been reset to their defaults."); } -elseif ($_POST['Submit']) { + +if ($_POST['save']) { $natent = array(); $natent = $pconfig; @@ -509,9 +375,9 @@ elseif ($_POST['Submit']) { $natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off'; $natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off'; - if (isset($id) && $a_nat[$id]) { + if (isset($id) && isset($a_nat[$id])) { $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}."); } /*************************************************/ @@ -524,7 +390,7 @@ elseif ($_POST['Submit']) { /* If 'preproc_auto_rule_disable' is off, then clear log file */ if ($natent['preproc_auto_rule_disable'] == 'off') - @unlink("{$disabled_rules_log}"); + unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}"); /*******************************************************/ /* Signal Snort to reload Host Attribute Table if one */ @@ -543,20 +409,25 @@ elseif ($_POST['Submit']) { header("Location: snort_preprocessors.php?id=$id"); exit; } + else + $pconfig = $_POST; } -elseif ($_POST['btn_import']) { + +if ($_POST['btn_import']) { if (is_uploaded_file($_FILES['host_attribute_file']['tmp_name'])) { $data = file_get_contents($_FILES['host_attribute_file']['tmp_name']); - if ($data === false) + if ($data === false) { $input_errors[] = gettext("Error uploading file {$_FILES['host_attribute_file']}!"); + $pconfig = $_POST; + } else { - if (isset($id) && $a_nat[$id]) { + if (isset($id) && isset($a_nat[$id])) { $a_nat[$id]['host_attribute_table'] = "on"; $a_nat[$id]['host_attribute_data'] = base64_encode($data); $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data']; $a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts']; $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; - write_config(); + write_config("Snort pkg: imported Host Attribute Table data for {$a_nat[$id]['interface']}."); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -567,15 +438,18 @@ elseif ($_POST['btn_import']) { exit; } } - else + else { $input_errors[] = gettext("No filename specified for import!"); + $pconfig = $_POST; + } } -elseif ($_POST['btn_edit_hat']) { - if (isset($id) && $a_nat[$id]) { + +if ($_POST['btn_edit_hat']) { + if (isset($id) && isset($a_nat[$id])) { $a_nat[$id]['host_attribute_table'] = "on"; $a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts']; $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; - write_config(); + write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}."); header("Location: snort_edit_hat_data.php?id=$id"); exit; } @@ -586,26 +460,21 @@ elseif ($_POST['btn_edit_hat']) { if ($pconfig['host_attribute_table'] == 'on' && empty($pconfig['host_attribute_data'])) $input_errors[] = gettext("The Host Attribute Table option is enabled, but no Host Attribute data has been loaded. Data may be entered manually or imported from a suitable file."); -$if_friendly = snort_get_friendly_interface($pconfig['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Preprocessors and Flow"); include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="enable_change_all()"> -<?php include("fbegin.inc"); ?> -<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - - - /* Display Alert message */ +<?php include("fbegin.inc"); - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box($savemsg); - } +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); +} +if ($savemsg) { + print_info_box($savemsg); +} ?> <script type="text/javascript" src="/javascript/autosuggest.js"> @@ -613,8 +482,9 @@ include_once("head.inc"); <script type="text/javascript" src="/javascript/suggestions.js"> </script> -<form action="snort_preprocessors.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"> +<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>"/> +<input name="eng_id" id="eng_id" type="hidden" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -622,23 +492,25 @@ include_once("head.inc"); $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); - $tab_array = array(); - $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), true, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -694,7 +566,7 @@ include_once("head.inc"); "disabled preprocessors, but can substantially compromise the level of protection by " . "automatically disabling detection rules."); ?></td> </tr> - <?php if (file_exists($disabled_rules_log) && filesize($disabled_rules_log) > 0): ?> + <?php if (file_exists("{$snortlogdir}/{$disabled_rules_log}") && filesize("{$snortlogdir}/{$disabled_rules_log}") > 0): ?> <tr> <td width="3%"> </td> <td class="vexpl"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$disabled_rules_log;?>','FileViewer',800,600);"> @@ -718,8 +590,8 @@ include_once("head.inc"); <tr id="host_attrib_table_data_row"> <td width="22%" valign="top" class="vncell"><?php echo gettext("Host Attribute Data"); ?></td> <td width="78%" class="vtable"><strong><?php echo gettext("Import From File"); ?></strong><br/> - <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40"> - <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"><br/> + <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40"/> + <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"/><br/> <?php echo gettext("Choose the Host Attributes file to use for auto-configuration."); ?><br/><br/> <span class="red"><strong><?php echo gettext("Warning: "); ?></strong></span> <?php echo gettext("The Host Attributes file has a required format. See the "); ?><a href="http://manual.snort.org/" target="_blank"> @@ -744,7 +616,7 @@ include_once("head.inc"); <table cellpadding="0" cellspacing="0"> <tr> <td><input name="max_attribute_hosts" type="text" class="formfld unknown" id="max_attribute_hosts" size="9" - value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>"> + value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>"/> <?php echo gettext("Max number of hosts to read from the Attribute Table. Min is ") . "<strong>" . gettext("32") . "</strong>" . gettext(" and Max is ") . "<strong>" . gettext("524288") . "</strong>"; ?>.</td> @@ -761,7 +633,7 @@ include_once("head.inc"); <table cellpadding="0" cellspacing="0"> <tr> <td><input name="max_attribute_services_per_host" type="text" class="formfld unknown" id="max_attribute_services_per_host" size="9" - value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>"> + value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>"/> <?php echo gettext("Max number of per host services to read from the Attribute Table. Min is ") . "<strong>" . gettext("1") . "</strong>" . gettext(" and Max is ") . "<strong>" . gettext("65535") . "</strong>"; ?>.</td> @@ -868,10 +740,10 @@ include_once("head.inc"); <td class="listt" align="right"><a href="snort_httpinspect_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>"> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a> - <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_http_inspect" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this server configuration");?>"></a> + <?php if ($v['bind_to'] <> "all") : ?> + <input type="image" name="del_http_inspect[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this server configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default server configuration cannot be deleted");?>"> @@ -937,9 +809,9 @@ include_once("head.inc"); <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this engine configuration");?>"></a> <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_frag3" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this engine configuration");?>"></a> + <input type="image" name="del_frag3[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this engine configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default engine configuration cannot be deleted");?>"> @@ -1094,9 +966,9 @@ include_once("head.inc"); <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this TCP engine configuration");?>"></a> <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_stream5_tcp" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this TCP engine configuration");?>"></a> + <input type="image" name="del_stream5_tcp[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this TCP engine configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default engine configuration cannot be deleted");?>"> @@ -1329,9 +1201,9 @@ include_once("head.inc"); <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this FTP client configuration");?>"></a> <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this FTP client configuration");?>"></a> + <input type="image" name="del_ftp_client[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this FTP client configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default client configuration cannot be deleted");?>"> @@ -1371,9 +1243,9 @@ include_once("head.inc"); <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this FTP server configuration");?>"></a> <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this FTP server configuration");?>"></a> + <input type="image" name="del_ftp_server[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this FTP server configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default server configuration cannot be deleted");?>"> @@ -1399,7 +1271,7 @@ include_once("head.inc"); <?php echo gettext("Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data."); ?> <br/> <span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the ") . - "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\"/>" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?> + "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\">" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?> </td> </tr> <tr id="sdf_alert_data_row"> @@ -1533,9 +1405,9 @@ include_once("head.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo + <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo gettext("Save preprocessor settings"); ?>"> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . gettext("WARNING: This will reset ALL preprocessor settings to their defaults. Click OK to continue or CANCEL to quit.") . @@ -1582,8 +1454,6 @@ include_once("head.inc"); function createAutoSuggest() { <?php echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n"; - echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n"; - echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n"; ?> } diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index a82d81d2..e69152c3 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -5,6 +5,7 @@ * Copyright (C) 2004, 2005 Scott Ullrich * Copyright (C) 2008, 2009 Robert Zelaya * Copyright (C) 2011 Ermal Luci + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -29,7 +30,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ - require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); @@ -37,38 +37,26 @@ global $g, $rebuild_rules; $snortdir = SNORTDIR; $rules_map = array(); +$categories = array(); +$pconfig = array(); if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_rule = &$config['installedpackages']['snortglobal']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; + header("Location: /snort/snort_interfaces.php"); + exit; } -if (isset($id) && $a_rule[$id]) { - $pconfig['enable'] = $a_rule[$id]['enable']; +if (isset($id) && isset($a_rule[$id])) { $pconfig['interface'] = $a_rule[$id]['interface']; $pconfig['rulesets'] = $a_rule[$id]['rulesets']; - if (!empty($a_rule[$id]['customrules'])) - $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); -} - -function truncate($string, $length) { - - /******************************** - * This function truncates the * - * passed string to the length * - * specified adding ellipsis if * - * truncation was necessary. * - ********************************/ - if (strlen($string) > $length) - $string = substr($string, 0, ($length - 2)) . "..."; - return $string; } function add_title_attribute($tag, $title) { @@ -104,233 +92,255 @@ function add_title_attribute($tag, $title) { } /* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); +$if_real = get_real_interface($pconfig['interface']); $snort_uuid = $a_rule[$id]['uuid']; $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off'; $emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; -$categories = explode("||", $pconfig['rulesets']); - -if ($_GET['openruleset']) - $currentruleset = $_GET['openruleset']; -else if ($_POST['openruleset']) +$etprodownload = $config['installedpackages']['snortglobal']['emergingthreats_pro']; + +// Add any previously saved rules files to the categories array +if (!empty($pconfig['rulesets'])) + $categories = explode("||", $pconfig['rulesets']); + +// add the standard rules files to the categories array +$categories[] = "custom.rules"; +$categories[] = "decoder.rules"; +$categories[] = "preprocessor.rules"; +$categories[] = "sensitive-data.rules"; +if (!empty($a_rule[$id]['ips_policy'])) + $categories[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); +if ($a_rule[$id]['autoflowbitrules'] == 'on') + $categories[] = "Auto-Flowbit Rules"; +natcasesort($categories); + +if (isset($_POST['openruleset'])) $currentruleset = $_POST['openruleset']; +elseif (isset($_GET['openruleset'])) + $currentruleset = htmlspecialchars($_GET['openruleset']); else - $currentruleset = $categories[0]; - -if (empty($categories[0]) && ($currentruleset != "custom.rules") && ($currentruleset != "Auto-Flowbit Rules")) { - if (!empty($a_rule[$id]['ips_policy'])) - $currentruleset = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); - else - $currentruleset = "custom.rules"; -} + $currentruleset = $categories[key($categories)]; /* One last sanity check -- if the rules directory is empty, default to loading custom rules */ $tmp = glob("{$snortdir}/rules/*.rules"); if (empty($tmp)) $currentruleset = "custom.rules"; -$ruledir = "{$snortdir}/rules"; -$rulefile = "{$ruledir}/{$currentruleset}"; +$rulefile = "{$snortdir}/rules/{$currentruleset}"; if ($currentruleset != 'custom.rules') { // Read the current rules file into our rules map array. // If it is the auto-flowbits file, set the full path. if ($currentruleset == "Auto-Flowbit Rules") - $rulefile = "{$snortcfgdir}/rules/" . FLOWBITS_FILENAME; + $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME); // Test for the special case of an IPS Policy file. - if (substr($currentruleset, 0, 10) == "IPS Policy") + elseif (substr($currentruleset, 0, 10) == "IPS Policy") $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); - elseif (!file_exists($rulefile)) - $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again."); - else + // Test for preproc_rules file and set the full path. + elseif (file_exists("{$snortdir}/preproc_rules/{$currentruleset}")) + $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$currentruleset}"); + // Test for existence of regular text rules file and load it. + elseif (file_exists($rulefile)) $rules_map = snort_load_rules_map($rulefile); + else + $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again."); } /* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ -$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on'], "enablesid"); -$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off'], "disablesid"); +$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']); +$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']); -if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { +if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) { - // Get the SID tag embedded in the clicked rule icon. - $sid= $_GET['ids']; + // Get the GID:SID tags embedded in the clicked rule icon. + $gid = $_POST['gid']; + $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, - // and toggle it if present; otherwise, add it to the - // appropriate list. - if (isset($enablesid[$sid])) { - unset($enablesid[$sid]); - if (!isset($disablesid[$sid])) - $disablesid[$sid] = "disablesid"; - } - elseif (isset($disablesid[$sid])) { - unset($disablesid[$sid]); - if (!isset($enablesid[$sid])) - $enablesid[$sid] = "enablesid"; - } + // and toggle it back to default if present; otherwise, + // add it to the appropriate modified SID list. + if (isset($enablesid[$gid][$sid])) + unset($enablesid[$gid][$sid]); + elseif (isset($disablesid[$gid][$sid])) + unset($disablesid[$gid][$sid]); else { - if ($rules_map[1][$sid]['disabled'] == 1) - $enablesid[$sid] = "enablesid"; + if ($rules_map[$gid][$sid]['disabled'] == 1) + $enablesid[$gid][$sid] = "enablesid"; else - $disablesid[$sid] = "disablesid"; + $disablesid[$gid][$sid] = "disablesid"; } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; - foreach ($enablesid as $k => $v) { - $tmp .= "||{$v} {$k}"; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } + $tmp = rtrim($tmp, "||"); + if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); + $tmp = ""; - foreach ($disablesid as $k => $v) { - $tmp .= "||{$v} {$k}"; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } + $tmp = rtrim($tmp, "||"); + if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ - write_config(); + write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}."); - $_GET['openruleset'] = $currentruleset; - $anchor = "rule_{$sid}"; + $anchor = "rule_{$gid}_{$sid}"; } - -if ($_GET['act'] == "disable_all" && !empty($rules_map)) { +elseif ($_POST['disable_all'] && !empty($rules_map)) { // Mark all rules in the currently selected category "disabled". foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { - if (isset($enablesid[$k2])) - unset($enablesid[$k2]); - $disablesid[$k2] = "disablesid"; + if (isset($enablesid[$k1][$k2])) + unset($enablesid[$k1][$k2]); + $disablesid[$k1][$k2] = "disablesid"; } } + // Write the updated enablesid and disablesid values to the config file. $tmp = ""; - foreach ($enablesid as $k => $v) { - $tmp .= "||{$v} {$k}"; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } + $tmp = rtrim($tmp, "||"); + if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); + $tmp = ""; - foreach ($disablesid as $k => $v) { - $tmp .= "||{$v} {$k}"; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } + $tmp = rtrim($tmp, "||"); + if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); - write_config(); - $_GET['openruleset'] = $currentruleset; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); } - -if ($_GET['act'] == "enable_all" && !empty($rules_map)) { +elseif ($_POST['enable_all'] && !empty($rules_map)) { // Mark all rules in the currently selected category "enabled". foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { - if (isset($disablesid[$k2])) - unset($disablesid[$k2]); - $enablesid[$k2] = "enablesid"; + if (isset($disablesid[$k1][$k2])) + unset($disablesid[$k1][$k2]); + $enablesid[$k1][$k2] = "enablesid"; } } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; - foreach ($enablesid as $k => $v) { - $tmp .= "||{$v} {$k}"; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } + $tmp = rtrim($tmp, "||"); + if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); + $tmp = ""; - foreach ($disablesid as $k => $v) { - $tmp .= "||{$v} {$k}"; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } + $tmp = rtrim($tmp, "||"); + if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); - write_config(); - $_GET['openruleset'] = $currentruleset; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); } - -if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { +elseif ($_POST['resetcategory'] && !empty($rules_map)) { // Reset any modified SIDs in the current rule category to their defaults. foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { - if (isset($enablesid[$k2])) - unset($enablesid[$k2]); - if (isset($disablesid[$k2])) - unset($disablesid[$k2]); + if (isset($enablesid[$k1][$k2])) + unset($enablesid[$k1][$k2]); + if (isset($disablesid[$k1][$k2])) + unset($disablesid[$k1][$k2]); } } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; - foreach ($enablesid as $k => $v) { - $tmp .= "||{$v} {$k}"; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } + $tmp = rtrim($tmp, "||"); + if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); + $tmp = ""; - foreach ($disablesid as $k => $v) { - $tmp .= "||{$v} {$k}"; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; } + $tmp = rtrim($tmp, "||"); + if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); - write_config(); - $_GET['openruleset'] = $currentruleset; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}."); } - -if ($_GET['act'] == "resetall" && !empty($rules_map)) { +elseif ($_POST['resetall'] && !empty($rules_map)) { // Remove all modified SIDs from config.xml and save the changes. unset($a_rule[$id]['rule_sid_on']); unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ - write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}."); } - -if ($_POST['clear']) { +else if ($_POST['cancel']) { + $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); +} +elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); - write_config(); + write_config("Snort pkg: clear all custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + $pconfig['customrules'] = ''; } - -if ($_POST['customrules']) { - $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); - write_config(); +elseif ($_POST['save']) { + $pconfig['customrules'] = $_POST['customrules']; + if ($_POST['customrules']) + $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); + else + unset($a_rule[$id]['customrules']); + write_config("Snort pkg: save modified custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; @@ -346,14 +356,15 @@ if ($_POST['customrules']) { $input_errors[] = "Custom rules have errors:\n {$error}"; } else { - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + /* Soft-restart Snort to live-load new rules */ + snort_reload_config($a_rule[$id]); + $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. "); + $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules."); } } - else if ($_POST['apply']) { /* Save new configuration */ - write_config(); + write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ @@ -365,29 +376,18 @@ else if ($_POST['apply']) { /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); - - /* Return to this same page */ - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; -} -else if ($_POST['cancel']) { - - /* Return to this same page */ - header("Location: /snort/snort_rules.php?id={$id}"); - exit; } require_once("guiconfig.inc"); include_once("head.inc"); -$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); -if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} /* Display message */ if ($input_errors) { @@ -401,6 +401,10 @@ if ($savemsg) { ?> <form action="/snort/snort_rules.php" method="post" name="iform" id="iform"> +<input type='hidden' name='id' id='id' value='<?=$id;?>'/> +<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/> +<input type='hidden' name='sid' id='sid' value=''/> +<input type='hidden' name='gid' id='gid' value=''/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -408,23 +412,25 @@ if ($savemsg) { $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array,true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; - $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");; - $tab_array = array(); - $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -432,25 +438,21 @@ if ($savemsg) { <tr> <td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td> </tr> - <tr> <td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong> <select id="selectbox" name="selectbox" class="formselect" onChange="go()"> - <option value='?id=<?=$id;?>&openruleset=custom.rules'>custom.rules</option> <?php - $files = explode("||", $pconfig['rulesets']); - if ($a_rule[$id]['ips_policy_enable'] == 'on') - $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); - if ($a_rule[$id]['autoflowbitrules'] == 'on') - $files[] = "Auto-Flowbit Rules"; - natcasesort($files); - foreach ($files as $value) { - if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_") + foreach ($categories as $value) { + if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX) + continue; + if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX) + continue; + if ($etprodownload != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX) continue; - if ($emergingdownload != 'on' && substr($value, 0, 8) == "emerging") + if ($snortcommunitydownload != 'on' && substr($value, 0, mb_strlen(GPL_FILE_PREFIX)) == GPL_FILE_PREFIX) continue; if (empty($value)) continue; - echo "<option value='?id={$id}&openruleset={$value}' "; + echo "<option value='{$value}' "; if ($value == $currentruleset) echo "selected"; echo ">{$value}</option>\n"; @@ -459,21 +461,18 @@ if ($savemsg) { </select> <?php echo gettext("Select the rule category to view"); ?> </td> </tr> - <?php if ($currentruleset == 'custom.rules'): ?> <tr> <td class="listtopic"><?php echo gettext("Defined Custom Rules"); ?></td> </tr> <tr> <td valign="top" class="vtable"> - <input type='hidden' name='openruleset' value='custom.rules'> - <input type='hidden' name='id' value='<?=$id;?>'> - <textarea wrap="soft" cols="90" rows="40" name="customrules"><?=$pconfig['customrules'];?></textarea> + <textarea wrap="soft" cols="90" rows="40" name="customrules"><?=base64_decode($a_rule[$id]['customrules']);?></textarea> </td> </tr> <tr> <td> - <input name="Submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/> + <input name="save" type="submit" class="formbtn" id="save" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/> <input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel changes and return to last page"); ?>"/> <input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/> </td> @@ -486,43 +485,50 @@ if ($savemsg) { <td class="vncell"> <table width="100%" align="center" border="0" cellpadding="0" cellspacing="0"> <tr> - <td rowspan="4" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn" - title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/> - <input type='hidden' name='id' value='<?=$id;?>'/> - <input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/><br/><br/> + <td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn" + title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/> <span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . - gettext("Snort must be restarted to activate any SID enable/disable changes made on this tab."); ?></span></td> - <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'> - <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" + gettext("When finished, click APPLY to save and send any SID enable/disable changes made on this tab to Snort."); ?></span></td> + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetcategory[]' + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' - title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'></a>"?> + title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?> <?php echo gettext("Remove Enable/Disable changes in the current Category"); ?></td> </tr> <tr> - <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetall'> - <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetall[]' + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' - title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'></a>"?> + title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?> <?php echo gettext("Remove all Enable/Disable changes in all Categories"); ?></td> </tr> <tr> - <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=disable_all'> - <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='disable_all[]' + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' - title='" . gettext("Click to disable all rules in the selected category") . "'></a>"?> + title='" . gettext("Click to disable all rules in the selected category") . "'/>"?> <?php echo gettext("Disable all rules in the current Category"); ?></td> </tr> <tr> - <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=enable_all'> - <img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\" + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='enable_all[]' + src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\" onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"' onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus_mo.gif\"' border='0' - title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?> + title='" . gettext("Click to enable all rules in the selected category") . "'/>"?> <?php echo gettext("Enable all rules in the current Category"); ?></td> </tr> + <tr> + <td class="vexpl" valign="middle"><a href="javascript: void(0)" + onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" width="15" height="15" <?php + echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"' + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?> + title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a> + <?php echo gettext("View full file contents for the current Category"); ?></td> + </tr> <?php if ($currentruleset == 'Auto-Flowbit Rules'): ?> <tr> <td colspan="3"> </td> @@ -530,77 +536,73 @@ if ($savemsg) { <tr> <td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" . gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") . - "<a href='snort_rules_flowbits.php?id={$id}&openruleset={$currentruleset}&returl=" . urlencode($_SERVER['PHP_SELF']) . "' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" . + "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" . gettext("clicking here") . ".</a>";?></td> </tr> <?php endif;?> </table> </td> </tr> - <tr> <td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td> </tr> <tr> <td> + + <?php if ($currentruleset != 'decoder.rules' && $currentruleset != 'preprocessor.rules'): ?> + <table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0"> <colgroup> - <col width="15" align="left" valign="middle"> + <col width="14" align="left" valign="middle"> + <col width="6%" align="center" axis="number"> <col width="9%" align="center" axis="number"> - <col width="60" align="center" axis="string"> + <col width="52" align="center" axis="string"> <col width="14%" align="center" axis="string"> - <col width="11%" align="center" axis="string"> + <col width="10%" align="center" axis="string"> <col width="14%" align="center" axis="string"> - <col width="11%" align="center" axis="string"> + <col width="10%" align="center" axis="string"> <col axis="string"> - <col width="22" align="right" valign="middle"> </colgroup> <thead> <tr> <th class="list"> </th> + <th class="listhdrr"><?php echo gettext("GID"); ?></th> <th class="listhdrr"><?php echo gettext("SID"); ?></th> <th class="listhdrr"><?php echo gettext("Proto"); ?></th> <th class="listhdrr"><?php echo gettext("Source"); ?></th> - <th class="listhdrr"><?php echo gettext("Port"); ?></th> + <th class="listhdrr"><?php echo gettext("SPort"); ?></th> <th class="listhdrr"><?php echo gettext("Destination"); ?></th> - <th class="listhdrr"><?php echo gettext("Port"); ?></th> + <th class="listhdrr"><?php echo gettext("DPort"); ?></th> <th class="listhdrr"><?php echo gettext("Message"); ?></th> - <th class="list"><a href="javascript: void(0)" - onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php - echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"' - onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?> - title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th> </tr> </thead> <tbody> - <?php $counter = $enable_cnt = $disable_cnt = 0; foreach ($rules_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { - $sid = snort_get_sid($v['rule']); - $gid = snort_get_gid($v['rule']); + $sid = $k2; + $gid = $k1; - if (isset($disablesid[$sid])) { + if (isset($disablesid[$gid][$sid])) { $textss = "<span class=\"gray\">"; $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to enabled state"); + $title = gettext("Disabled by user. Click to toggle to default state"); } - elseif (($v['disabled'] == 1) && (!isset($enablesid[$sid]))) { + elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; $textse = "</span>"; $iconb = "icon_block_d.gif"; $disable_cnt++; $title = gettext("Disabled by default. Click to toggle to enabled state"); } - elseif (isset($enablesid[$sid])) { + elseif (isset($enablesid[$gid][$sid])) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to disabled state"); + $title = gettext("Enabled by user. Click to toggle to default state"); } else { $textss = $textse = ""; @@ -622,48 +624,47 @@ if ($savemsg) { $dstspan = add_title_attribute($textss, $rule_content[5]); $dstprtspan = add_title_attribute($textss, $rule_content[6]); - $protocol = $rule_content[1]; //protocol field - $source = truncate($rule_content[2], 14); //source field - $source_port = truncate($rule_content[3], 10); //source port field - $destination = truncate($rule_content[5], 14); //destination field - $destination_port = truncate($rule_content[6], 10); //destination port field - $message = snort_get_msg($v['rule']); - - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss - <a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}'> - <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" - width=\"11\" height=\"11\" border=\"0\" - title='{$title}'></a> - $textse + $protocol = $rule_content[1]; //protocol field + $source = $rule_content[2]; //source field + $source_port = $rule_content[3]; //source port field + $destination = $rule_content[5]; //destination field + $destination_port = $rule_content[6]; //destination port field + $message = snort_get_msg($v['rule']); // description field + $sid_tooltip = gettext("View the raw text for this rule"); + + echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} + <a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; + document.getElementById('gid').value='{$gid}';\" + src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}' name=\"toggle[]\"/></a>{$textse} </td> - <td class=\"listlr\" align=\"center\"> - {$textss}{$sid}{$textse} + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$gid}{$textse} </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <a href=\"javascript: void(0)\" + onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\" + title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a> + </td> + <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$protocol}{$textse} </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$srcspan}{$source}</span> </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$srcprtspan}{$source_port}</span> </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$dstspan}{$destination}</span> </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$dstprtspan}{$destination_port}</span> </td> - <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\"> - {$textss}{$message}{$textse}</font> + <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$message}{$textse} </td>"; ?> - <td align="right" valign="middle" nowrap class="listt"> - <a href="javascript: void(0)" - onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif" - title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a> - </td> </tr> <?php $counter++; @@ -673,6 +674,109 @@ if ($savemsg) { ?> </tbody> </table> + + <?php else: ?> + + <table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="15" align="left" valign="middle"> + <col width="6%" align="center" axis="number"> + <col width="6%" align="center" axis="number"> + <col width="22%" align="center" axis="string"> + <col width="15%" align="center" axis="string"> + <col align="left" axis="string"> + </colgroup> + <thead> + <tr> + <th class="list"> </th> + <th class="listhdrr"><?php echo gettext("GID"); ?></th> + <th class="listhdrr"><?php echo gettext("SID"); ?></th> + <th class="listhdrr"><?php echo gettext("Classification"); ?></th> + <th class="listhdrr"><?php echo gettext("IPS Policy"); ?></th> + <th class="listhdrr"><?php echo gettext("Message"); ?></th> + </tr> + </thead> + <tbody> + <?php + $counter = $enable_cnt = $disable_cnt = 0; + foreach ($rules_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + $sid = snort_get_sid($v['rule']); + $gid = snort_get_gid($v['rule']); + if (isset($disablesid[$gid][$sid])) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_reject_d.gif"; + $disable_cnt++; + $title = gettext("Disabled by user. Click to toggle to default state"); + } + elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + $disable_cnt++; + $title = gettext("Disabled by default. Click to toggle to enabled state"); + } + elseif (isset($enablesid[$gid][$sid])) { + $textss = $textse = ""; + $iconb = "icon_reject.gif"; + $enable_cnt++; + $title = gettext("Enabled by user. Click to toggle to default state"); + } + else { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + $enable_cnt++; + $title = gettext("Enabled by default. Click to toggle to disabled state"); + } + $message = snort_get_msg($v['rule']); + $matches = array(); + if (preg_match('/(?:classtype\b\s*:)\s*(\S*\s*;)/iU', $v['rule'], $matches)) + $classtype = trim($matches[1], " ;"); + else + $classtype = "No Classtype Defined"; + $matches = array(); + if (preg_match_all('/(\S*-ips)(?:\s*drop|alert)(?:,|\s*|;)/i', $v['rule'], $matches)) + $policy = implode("<br/>", $matches[1]); + else + $policy = "none"; + + echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} + <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; + document.getElementById('gid').value='{$gid}';\" + src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}' name=\"toggle[]\"/>{$textse} + </td> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$gid}{$textse} + </td> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <a href=\"javascript: void(0)\" + onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\" + title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a> + </td> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$classtype}</span> + </td> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$policy}</span> + </td> + <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$message}{$textse} + </td>"; + ?> + </tr> + <?php + $counter++; + } + } + unset($rulem, $v); + ?> + </tbody> + </table> + + <?php endif;?> + </td> </tr> <tr> @@ -721,10 +825,11 @@ if ($savemsg) { <script language="javascript" type="text/javascript"> function go() { - var box = document.iform.selectbox; - destination = box.options[box.selectedIndex].value; - if (destination) - location.href = destination; + var box = document.getElementById("selectbox"); + var ruleset = box.options[box.selectedIndex].value; + if (ruleset) + document.getElementById("openruleset").value = ruleset; + document.getElementById("iform").submit(); } function wopen(url, name, w, h) diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index c0087464..49423440 100755 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -4,6 +4,7 @@ * * Copyright (C) 2004, 2005 Scott Ullrich * Copyright (C) 2011 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Adapted for FreeNAS by Volker Theile (votdev@gmx.de) @@ -40,28 +41,30 @@ require_once("/usr/local/pkg/snort/snort.inc"); $flowbit_rules_file = FLOWBITS_FILENAME; $snortdir = SNORTDIR; -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_rule = &$config['installedpackages']['snortglobal']['rule']; +if (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); -$id = $_GET['id']; +// If we were not passed a valid index ID, close the pop-up and exit if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); + echo '<html><body link="#000000" vlink="#000000" alink="#000000">'; + echo '<script language="javascript" type="text/javascript">'; + echo 'window.close();</script>'; + echo '</body></html>'; exit; } -if (isset($id) && $a_rule[$id]) { - $pconfig['enable'] = $a_rule[$id]['enable']; - $pconfig['interface'] = $a_rule[$id]['interface']; - $pconfig['rulesets'] = $a_rule[$id]['rulesets']; +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); } -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); +$a_rule = &$config['installedpackages']['snortglobal']['rule']; + +$if_real = get_real_interface($a_rule[$id]['interface']); $snort_uuid = $a_rule[$id]['uuid']; -$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; -$file = $_GET['openruleset']; +$snortlogdir = SNORTLOGDIR; +$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}/"; + +$file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401); $contents = ''; $wrap_flag = "off"; @@ -76,13 +79,13 @@ else // a standard rules file, or a complete file name. // Test for the special case of an IPS Policy file. if (substr($file, 0, 10) == "IPS Policy") { - $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); - if (isset($_GET['ids'])) { - $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule']; + $rules_map = snort_load_vrt_policy(strtolower(trim(substr($file, strpos($file, "-")+1)))); + if (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { + $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; $wrap_flag = "soft"; } else { - $contents = "# Snort IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']) . "\n\n"; + $contents = "# Snort IPS Policy - " . ucfirst(trim(substr($file, strpos($file, "-")+1))) . "\n\n"; foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { $contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n"; @@ -93,28 +96,32 @@ if (substr($file, 0, 10) == "IPS Policy") { unset($rules_map); } // Is it a SID to load the rule text from? -elseif (isset($_GET['ids'])) { +elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { // If flowbit rule, point to interface-specific file if ($file == "Auto-Flowbit Rules") $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME); + elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) + $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$file}"); else $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}"); - $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule']; + $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; $wrap_flag = "soft"; } - // Is it our special flowbit rules file? elseif ($file == "Auto-Flowbit Rules") $contents = file_get_contents("{$snortcfgdir}/rules/{$flowbit_rules_file}"); // Is it a rules file in the ../rules/ directory? elseif (file_exists("{$snortdir}/rules/{$file}")) $contents = file_get_contents("{$snortdir}/rules/{$file}"); -// Is it a fully qualified path and file? -elseif (file_exists($file)) - $contents = file_get_contents($file); +// Is it a rules file in the ../preproc_rules/ directory? +elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) + $contents = file_get_contents("{$snortdir}/preproc_rules/{$file}"); +// Is it a disabled preprocessor auto-rules-disable file? +elseif (file_exists("{$snortlogdir}/{$file}")) + $contents = file_get_contents("{$snortlogdir}/{$file}"); // It is not something we can display, so exit. else - $input_errors[] = gettext("Unable to open file: {$displayfile}"); + $contents = gettext("Unable to open file: {$displayfile}"); $pgtitle = array(gettext("Snort"), gettext("File Viewer")); ?> @@ -122,10 +129,8 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer")); <?php include("head.inc");?> <body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> <?php // include("fbegin.inc");?> -<form action="snort_rules_edit.php" method="post"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> @@ -152,7 +157,6 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer")); </td> </tr> </table> -</form> <?php // include("fend.inc");?> </body> </html> diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index 325276ee..daf1c4ef 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -1,7 +1,7 @@ <?php /* * snort_rules_flowbits.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -41,40 +41,34 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) { } $a_nat = &$config['installedpackages']['snortglobal']['rule']; -// Set who called us so we can return to the correct page with -// the RETURN button. Save the original referrer and the query -// string in session variables. -session_start(); -if (!isset($_SESSION['org_referrer']) || isset($_GET['returl'])) { - $_SESSION['org_referrer'] = urldecode($_GET['returl']); - $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING']; -} -$referrer = $_SESSION['org_referrer']; -$querystr = $_SESSION['org_querystr']; -session_write_close(); +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); -if ($_POST['cancel']) { - session_start(); - unset($_SESSION['org_referrer']); - unset($_SESSION['org_querystr']); - session_write_close(); - header("Location: {$referrer}?{$querystr}"); +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); exit; } -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - session_start(); - unset($_SESSION['org_referrer']); - unset($_SESSION['org_querystr']); - session_write_close(); - header("Location: /snort/snort_interfaces.php"); +// Set who called us so we can return to the correct page with +// the RETURN ('cancel') button. +if ($_POST['referrer']) + $referrer = $_POST['referrer']; +else + $referrer = $_SERVER['HTTP_REFERER']; + +// Make sure a rule index ID is appended to the return URL +if (strpos($referrer, "?id={$id}") === FALSE) + $referrer .= "?id={$id}"; + +// If RETURN button clicked, exit to original calling page +if ($_POST['cancel']) { + header("Location: {$referrer}"); exit; } -$if_real = snort_get_real_interface($a_nat[$id]['interface']); +$if_real = get_real_interface($a_nat[$id]['interface']); $snort_uuid = $a_nat[$id]['uuid']; /* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */ @@ -89,12 +83,13 @@ if ($a_nat[$id]['autoflowbitrules'] == 'on') { else $input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!"); -if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { - $descr = snort_get_msg($rules_map[$_GET['gen_id']][$_GET['sidid']]['rule']); +if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) { + $descr = snort_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']); + $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n"); if (empty($descr)) - $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n"; + $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; else - $suppress = "# {$descr}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}"; + $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; if (!is_array($config['installedpackages']['snortglobal']['suppress'])) $config['installedpackages']['snortglobal']['suppress'] = array(); if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) @@ -130,11 +125,11 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_ } } if ($found_list) { - write_config(); + write_config("Snort pkg: modified Suppress List for {$a_nat[$id]['interface']}."); $rebuild_rules = false; sync_snort_package_config(); snort_reload_config($a_nat[$id]); - $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'."); + $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'."); } else { /* We did not find the defined list, so notify the user with an error */ @@ -142,23 +137,10 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_ } } -function truncate($string, $length) { - - /******************************** - * This function truncates the * - * passed string to the length * - * specified adding ellipsis if * - * truncation was necessary. * - ********************************/ - if (strlen($string) > $length) - $string = substr($string, 0, ($length - 3)) . "..."; - return $string; -} - /* Load up an array with the current Suppression List GID,SID values */ $supplist = snort_load_suppress_sigs($a_nat[$id]); -$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Flowbit Rules"); include_once("head.inc"); @@ -168,12 +150,16 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -if ($input_errors) print_input_errors($input_errors); +if ($input_errors) + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> <form action="snort_rules_flowbits.php" method="post" name="iform" id="iform"> +<input type="hidden" name="id" value="<?=$id;?>"/> +<input type="hidden" name="referrer" value="<?=$referrer;?>"/> +<input type="hidden" name="sid" id="sid" value=""/> +<input type="hidden" name="gid" id="gid" value=""/> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -203,7 +189,7 @@ if ($savemsg) <td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td> <td rowspan="3" align="right"><input id="cancel" name="cancel" type="submit" class="formbtn" <?php echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/> - <input name="id" type="hidden" value="<?=$id;?>" /></td> + </td> </tr> <tr> <td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus_d.gif" width='12' height='12' border='0'/></td> @@ -220,13 +206,13 @@ if ($savemsg) </tr> <tr> <td> - <table id="myTable" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0"> + <table id="myTable" width="100%" class="sortable" style="table-layout: fixed;" border="0" cellpadding="0" cellspacing="0"> <colgroup> <col width="11%" axis="number"> - <col width="10%" axis="string"> + <col width="54" axis="string"> <col width="14%" axis="string"> <col width="14%" axis="string"> - <col width="20%" axis="string"> + <col width="24%" axis="string"> <col axis="string"> </colgroup> <thead> @@ -253,19 +239,20 @@ if ($savemsg) $tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp)); $rule_content = preg_split('/[\s]+/', $tmp); - $protocol = $rule_content[1]; //protocol - $source = truncate($rule_content[2], 14); //source - $destination = truncate($rule_content[5], 14); //destination - $message = snort_get_msg($v['rule']); + $protocol = $rule_content[1]; //protocol + $source = $rule_content[2]; //source + $destination = $rule_content[5]; //destination + $message = snort_get_msg($v['rule']); // description $flowbits = implode("; ", snort_get_flowbits($v['rule'])); if (strstr($flowbits, "noalert")) $supplink = ""; else { if (!isset($supplist[$gid][$sid])) { - $supplink = "<a href=\"?id={$id}&act=addsuppress&sidid={$sid}&gen_id={$gid}\">"; - $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" "; + $supplink = "<input type=\"image\" name=\"addsuppress[]\" onClick=\"document.getElementById('sid').value='{$sid}';"; + $supplink .= "document.getElementById('gid').value='{$gid}';\" "; + $supplink .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" "; $supplink .= "width='12' height='12' border='0' title='"; - $supplink .= gettext("Click to add to Suppress List") . "'/></a>"; + $supplink .= gettext("Click to add to Suppress List") . "'/>"; } else { $supplink = "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\" "; @@ -276,12 +263,12 @@ if ($savemsg) // Use "echo" to write the table HTML row-by-row. echo "<tr>" . - "<td class=\"listr\">{$sid} {$supplink}</td>" . - "<td class=\"listr\">{$protocol}</td>" . - "<td class=\"listr\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" . - "<td class=\"listr\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" . + "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . + "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" . + "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[2]}\">{$source}</span></td>" . + "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[5]}\">{$destination}</span></td>" . "<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$flowbits}</td>" . - "<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" . + "<td class=\"listbg\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" . "</tr>"; $count++; } @@ -297,7 +284,6 @@ if ($savemsg) <td align="center" valign="middle"> <input id="cancel" name="cancel" type="submit" class="formbtn" <?php echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/> - <input name="id" type="hidden" value="<?=$id;?>" /> </td> </tr> <?php endif; ?> diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 9c14392d..79365f5f 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -5,6 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya * Copyright (C) 2011 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -42,12 +43,14 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) { } $a_nat = &$config['installedpackages']['snortglobal']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; + header("Location: /snort/snort_interfaces.php"); + exit; } if (isset($id) && $a_nat[$id]) { @@ -59,12 +62,12 @@ if (isset($id) && $a_nat[$id]) { $pconfig['ips_policy'] = $a_nat[$id]['ips_policy']; } -$if_real = snort_get_real_interface($pconfig['interface']); +$if_real = get_real_interface($pconfig['interface']); $snort_uuid = $a_nat[$id]['uuid']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; -$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro']; -$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off'; +$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'] == 'on' ? 'on' : 'off'; +$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'on' ? 'on' : 'off'; +$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off'; $no_emerging_files = false; $no_snort_files = false; @@ -118,7 +121,12 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') { else $disable_vrt_rules = ""; -if ($_POST["Submit"]) { +if (!empty($a_nat[$id]['rulesets'])) + $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); +else + $enabled_rulesets_array = array(); + +if ($_POST["save"]) { if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; @@ -145,7 +153,7 @@ if ($_POST["Submit"]) { @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } - write_config(); + write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ @@ -158,8 +166,10 @@ if ($_POST["Submit"]) { /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_nat[$id]); - header("Location: /snort/snort_rulesets.php?id=$id"); - exit; + $pconfig = $_POST; + $enabled_rulesets_array = explode("||", $enabled_items); + if (snort_is_running($snort_uuid, $if_real)) + $savemsg = gettext("Snort is 'live-reloading' the new rule set."); } if ($_POST['unselectall']) { @@ -174,61 +184,47 @@ if ($_POST['unselectall']) { unset($a_nat[$id]['ips_policy']); } - write_config(); - sync_snort_package_config(); + $pconfig['autoflowbits'] = $_POST['autoflowbits']; + $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable']; + $pconfig['ips_policy'] = $_POST['ips_policy']; + $enabled_rulesets_array = array(); - header("Location: /snort/snort_rulesets.php?id=$id"); - exit; + $savemsg = gettext("All rule categories have been de-selected. "); + if ($a_nat[$id]['ips_policy_enable'] = 'on') + $savemsg .= gettext("Only the rules included in the selected IPS Policy will be used."); + else + $savemsg .= gettext("There currently are no inspection rules enabled for this Snort instance!"); } if ($_POST['selectall']) { - $rulesets = array(); - - if ($_POST['ips_policy_enable'] == "on") { - $a_nat[$id]['ips_policy_enable'] = 'on'; - $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; - } - else { - $a_nat[$id]['ips_policy_enable'] = 'off'; - unset($a_nat[$id]['ips_policy']); - } + $enabled_rulesets_array = array(); if ($emergingdownload == 'on') { $files = glob("{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "*.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } elseif ($etpro == 'on') { $files = glob("{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "*.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } if ($snortcommunitydownload == 'on') { $files = glob("{$snortdir}/rules/" . GPL_FILE_PREFIX . "community.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } /* Include the Snort VRT rules only if enabled and no IPS policy is set */ if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') { $files = glob("{$snortdir}/rules/" . VRT_FILE_PREFIX . "*.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } - - $a_nat[$id]['rulesets'] = implode("||", $rulesets); - - write_config(); - sync_snort_package_config(); - - header("Location: /snort/snort_rulesets.php?id=$id"); - exit; } -$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); - -$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Categories"); include_once("head.inc"); ?> @@ -237,11 +233,10 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} /* Display message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); } if ($savemsg) { @@ -259,12 +254,13 @@ if ($savemsg) { $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); @@ -273,9 +269,10 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -392,9 +389,9 @@ if ($savemsg) { <td colspan="6"> <table width=90% align="center" border="0" cellpadding="2" cellspacing="0"> <tr height="45px"> - <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td> - <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td> - <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> + <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all categories to enforcing rules"); ?>"/></td> + <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove categories all from enforcing rules"); ?>"/></td> + <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> <td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td> </tr> </table> @@ -426,14 +423,14 @@ if ($savemsg) { <?php endif; ?> <?php endif; ?> - <?php if ($no_emerging_files) - $msg_emerging = "downloaded."; + <?php if ($no_emerging_files && ($emergingdownload == 'on' || $etpro == 'on')) + $msg_emerging = "have not been downloaded."; else - $msg_emerging = "enabled."; - if ($no_snort_files) - $msg_snort = "downloaded."; + $msg_emerging = "are not enabled."; + if ($no_snort_files && $snortdownload == 'on') + $msg_snort = "have not been downloaded."; else - $msg_snort = "enabled."; + $msg_snort = "are not enabled."; ?> <tr id="frheader"> <?php if ($emergingdownload == 'on' && !$no_emerging_files): ?> @@ -443,7 +440,7 @@ if ($savemsg) { <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td> <?php else: ?> - <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules not {$msg_emerging}"); ?></td> + <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules {$msg_emerging}"); ?></td> <?php endif; ?> <?php if ($snortdownload == 'on' && !$no_snort_files): ?> <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> @@ -451,7 +448,7 @@ if ($savemsg) { <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: Snort SO Rules');?></td> <?php else: ?> - <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules have not been {$msg_snort}"); ?></td> + <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules {$msg_snort}"); ?></td> <?php endif; ?> </tr> <?php @@ -561,7 +558,7 @@ if ($savemsg) { </tr> <tr> <td colspan="6" align="center" valign="middle"> - <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td> + <input value="Save" type="submit" name="save" id="save" class="formbtn" title="<?php echo gettext("Click to Save changes and rebuild rules");?>"/></td> </tr> <?php endif; ?> </table> diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index c5c6347e..c632b388 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -2,7 +2,7 @@ /* $Id$ */ /* snort_select_alias.php - Copyright (C) 2013 Bill Meeks + Copyright (C) 2013, 2014 Bill Meeks All rights reserved. Redistribution and use in source and binary forms, with or without @@ -42,22 +42,29 @@ require_once("/usr/local/pkg/snort/snort.inc"); // overwrite it on subsequent POST-BACKs to this page. if (!isset($_POST['org_querystr'])) $querystr = $_SERVER['QUERY_STRING']; +else + $querystr = $_POST['org_querystr']; // Retrieve any passed QUERY STRING or POST variables -$type = $_GET['type']; -$varname = $_GET['varname']; -$multi_ip = $_GET['multi_ip']; -$referrer = urldecode($_GET['returl']); if (isset($_POST['type'])) $type = $_POST['type']; +elseif (isset($_GET['type'])) + $type = htmlspecialchars($_GET['type']); + if (isset($_POST['varname'])) $varname = $_POST['varname']; +elseif (isset($_GET['varname'])) + $varname = htmlspecialchars($_GET['varname']); + if (isset($_POST['multi_ip'])) $multi_ip = $_POST['multi_ip']; +elseif (isset($_GET['multi_ip'])) + $multi_ip = htmlspecialchars($_GET['multi_ip']); + if (isset($_POST['returl'])) $referrer = urldecode($_POST['returl']); -if (isset($_POST['org_querystr'])) - $querystr = $_POST['org_querystr']; +elseif (isset($_GET['returl'])) + $referrer = urldecode($_GET['returl']); // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. @@ -122,11 +129,11 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <form action="snort_select_alias.php" method="post"> -<input type="hidden" name="varname" value="<?=$varname;?>"> -<input type="hidden" name="type" value="<?=$type;?>"> -<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"> -<input type="hidden" name="returl" value="<?=$referrer;?>"> -<input type="hidden" name="org_querystr" value="<?=$querystr;?>"> +<input type="hidden" name="varname" value="<?=$varname;?>"/> +<input type="hidden" name="type" value="<?=$type;?>"/> +<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/> +<input type="hidden" name="returl" value="<?=$referrer;?>"/> +<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php index b3d81f37..89b0bc02 100644 --- a/config/snort/snort_stream5_engine.php +++ b/config/snort/snort_stream5_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_stream5_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -36,14 +36,16 @@ $snortdir = SNORTDIR; /* Retrieve required array index values from QUERY string if available. */ /* 'id' is the [rule] array index, and 'eng_id' is the index for the */ /* stream5_tcp_engine's [item] array. */ -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; - /* See if values are in our form's POST content */ -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); /* If we don't have a [rule] index specified, exit */ if (is_null($id)) { @@ -131,7 +133,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports_client" || $_GET['varname'] == "ports_both" || $_GET['varname'] == "ports_server") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['stream5_client_import'])) $_SESSION['stream5_client_import'] = array(); @@ -165,7 +167,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); unset($_SESSION['org_referer']); @@ -326,14 +328,14 @@ if ($_POST['Submit']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: save modified stream5 engine."); header("Location: /snort/snort_preprocessors.php?id={$id}#stream5_row"); exit; } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Stream5 Preprocessor TCP Engine"); include_once("head.inc"); @@ -586,7 +588,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save Stream5 engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo diff --git a/config/snort/snort_sync.xml b/config/snort/snort_sync.xml index 14a13321..2b9594ea 100755 --- a/config/snort/snort_sync.xml +++ b/config/snort/snort_sync.xml @@ -47,7 +47,7 @@ POSSIBILITY OF SUCH DAMAGE. <faq>Currently there are no FAQ items provided.</faq> <name>snortsync</name> <version>1.0</version> - <title>Snort: XMLRPC Sync (EXPERIMENTAL)</title> + <title>Snort: XMLRPC Sync</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <tabs> <tab> @@ -71,14 +71,18 @@ POSSIBILITY OF SUCH DAMAGE. <url>/snort/snort_blocked.php</url> </tab> <tab> - <text>Whitelists</text> - <url>/snort/snort_interfaces_whitelist.php</url> + <text>Pass Lists</text> + <url>/snort/snort_passlist.php</url> </tab> <tab> <text>Suppress</text> <url>/snort/snort_interfaces_suppress.php</url> </tab> <tab> + <text>IP Lists</text> + <url>/snort/snort_ip_list_mgmt.php</url> + </tab> + <tab> <text>Sync</text> <url>/pkg_edit.php?xml=snort/snort_sync.xml</url> <active/> @@ -180,10 +184,6 @@ POSSIBILITY OF SUCH DAMAGE. </rowhelperfield> </rowhelper> </field> - <field> - <name>WARNING: This feature is considered experimental and not recommended for production use</name> - <type>listtopic</type> - </field> </fields> <custom_delete_php_command> </custom_delete_php_command> diff --git a/config/snort/widget-snort.inc b/config/snort/widget-snort.inc new file mode 100644 index 00000000..3c4d9718 --- /dev/null +++ b/config/snort/widget-snort.inc @@ -0,0 +1,24 @@ +<?php +require_once("config.inc"); + +//set variables for custom title and link +$snort_alerts_title = "Snort Alerts"; +$snort_alerts_title_link = "snort/snort_alerts.php"; + +function widget_snort_uninstall() { + + global $config; + + /* Remove the Snort widget from the Dashboard display list */ + $widgets = $config['widgets']['sequence']; + if (!empty($widgets)) { + $widgetlist = explode(",", $widgets); + foreach ($widgetlist as $key => $widget) { + if (strstr($widget, "snort_alerts-container")) + unset($widgetlist[$key]); + } + $config['widgets']['sequence'] = implode(",", $widgetlist); + write_config(); + } +} +?> diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml index 76d39af9..45cc9168 100644 --- a/config/spamd/spamd.xml +++ b/config/spamd/spamd.xml @@ -42,7 +42,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>spamdsources</name> - <version>4.2</version> + <version>4.9.1 v1.1</version> <title>SpamD: External Sources</title> <include_file>/usr/local/pkg/spamd.inc</include_file> <backup_file>/var/db/spamd</backup_file> @@ -97,42 +97,42 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/spamd/spamd_rules.php</item> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_rules.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/spamd/spamd_whitelist.xml</item> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_whitelist.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/spamd/spamd_outlook.xml</item> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_outlook.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/spamd/spamd.inc</item> + <item>https://packages.pfsense.org/packages/config/spamd/spamd.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/spamd/spamd_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/spamd/spamd_db.php</item> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_db.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/spamd/spamd_db_ext.php</item> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_db_ext.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/spamd/spamd_gather_stats.php</item> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_gather_stats.php</item> </additional_files_needed> <!-- fields gets invoked when the user adds or edits a item. the following items diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php index 7faef7f0..c2df25d1 100644 --- a/config/spamd/spamd_db.php +++ b/config/spamd/spamd_db.php @@ -103,7 +103,7 @@ if($_POST['spamtrapemail'] <> "") { } if($_GET['getstatus'] <> "") { - $status = exec("/usr/local/sbin/spamdb | grep \"{$_GET['getstatus']}\""); + $status = exec("/usr/local/sbin/spamdb | grep " . escapeshellarg($_GET['getstatus'])); if(stristr($status, "WHITE") == true) { echo "WHITE"; } else if(stristr($status, "TRAPPED") == true) { diff --git a/config/spamd/spamd_db_ext.php b/config/spamd/spamd_db_ext.php index e029f676..61a90141 100644 --- a/config/spamd/spamd_db_ext.php +++ b/config/spamd/spamd_db_ext.php @@ -54,8 +54,6 @@ foreach($config['installedpackages']['spamdoutlook']['config'] as $outlook) { } } -exec("echo {$_GET['action']} > /tmp/tmp"); - /* handle AJAX operations */ if($_GET['action'] or $_POST['action']) { if($_GET['action']) diff --git a/config/squid-head/squid.xml b/config/squid-head/squid.xml index 67f4c2aa..6657e3af 100644 --- a/config/squid-head/squid.xml +++ b/config/squid-head/squid.xml @@ -95,30 +95,30 @@ </tabs> <!-- Installation --> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/squid.inc</item> + <item>https://packages.pfsense.org/packages/config/squid.inc</item> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/squid_nac.xml</item> + <item>https://packages.pfsense.org/packages/config/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/squid_traffic.xml</item> + <item>https://packages.pfsense.org/packages/config/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/squid_upstream.xml</item> + <item>https://packages.pfsense.org/packages/config/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/squid_auth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/squid_users.xml</item> + <item>https://packages.pfsense.org/packages/config/squid_users.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/All/squid_monitor.sh</item> + <item>https://www.pfsense.org/packages/All/squid_monitor.sh</item> </additional_files_needed> <fields> <field> diff --git a/config/squid/squid.xml b/config/squid/squid.xml index 3df0482a..32a65589 100644 --- a/config/squid/squid.xml +++ b/config/squid/squid.xml @@ -96,57 +96,57 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/squid.inc</item> + <item>https://packages.pfsense.org/packages/config/squid/squid.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/squid_nac.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/squid_ng.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_ng.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/squid_traffic.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/squid_upstream.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/squid_auth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/squid_users.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_users.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/sqpmon.sh</item> + <item>https://packages.pfsense.org/packages/config/squid/sqpmon.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/swapstate_check.php</item> + <item>https://packages.pfsense.org/packages/config/squid/swapstate_check.php</item> </additional_files_needed> <fields> <field> diff --git a/config/squid/squid_ng.inc b/config/squid/squid_ng.inc index cfd2fe66..f96c73e4 100644 --- a/config/squid/squid_ng.inc +++ b/config/squid/squid_ng.inc @@ -803,7 +803,7 @@ function custom_php_install_command() { touch("/tmp/custom_php_install_command"); /* make sure this all exists, see: - * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391 + * https://forum.pfsense.org/index.php?topic=23.msg2391#msg2391 */ update_output_window("Setting up Squid environment..."); mwexec("mkdir -p /var/squid"); diff --git a/config/squid/squid_ng.xml b/config/squid/squid_ng.xml index 5d956387..4ff3690c 100644 --- a/config/squid/squid_ng.xml +++ b/config/squid/squid_ng.xml @@ -102,42 +102,42 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_nac.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_ng.inc</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_ng.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_traffic.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_upstream.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_auth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_auth.inc</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_auth.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_extauth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_extauth.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/squid3/31/squid.xml b/config/squid3/31/squid.xml index aa76c0f1..53293acd 100644 --- a/config/squid3/31/squid.xml +++ b/config/squid3/31/squid.xml @@ -111,112 +111,112 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_general.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_general.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_peer.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_peer.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_uri.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_uri.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_nac.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_ng.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_ng.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_ng.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_ng.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_traffic.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_upstream.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_auth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_users.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_users.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/sqpmon.sh</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/sqpmon.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/swapstate_check.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/swapstate_check.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_redir.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_redir.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_monitor.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_monitor.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_monitor_data.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_monitor_data.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/31/squid_log_parser.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/31/squid_log_parser.php</item> </additional_files_needed> <fields> diff --git a/config/squid3/31/squid_ng.inc b/config/squid3/31/squid_ng.inc index 0e1e0515..3b9ef405 100644 --- a/config/squid3/31/squid_ng.inc +++ b/config/squid3/31/squid_ng.inc @@ -803,7 +803,7 @@ function squid3_custom_php_install_command() { touch("/tmp/squid3_custom_php_install_command"); /* make sure this all exists, see: - * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391 + * https://forum.pfsense.org/index.php?topic=23.msg2391#msg2391 */ update_output_window("Setting up Squid environment..."); mwexec("mkdir -p /var/squid"); diff --git a/config/squid3/31/squid_ng.xml b/config/squid3/31/squid_ng.xml index 142536d6..b96b4eb2 100644 --- a/config/squid3/31/squid_ng.xml +++ b/config/squid3/31/squid_ng.xml @@ -102,42 +102,42 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_nac.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_ng.inc</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_ng.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_traffic.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_upstream.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_auth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_auth.inc</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_auth.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_extauth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_extauth.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/squid3/33/check_ip.php b/config/squid3/33/check_ip.php index 6c65ff3f..e16cee0b 100644 --- a/config/squid3/33/check_ip.php +++ b/config/squid3/33/check_ip.php @@ -49,10 +49,11 @@ if ($pf_version > 2.0){ $dbhandle = sqlite_open("$dir/$file", 0666, $error); if ($dbhandle){ $query = "select * from captiveportal"; - $result = sqlite_query($dbhandle, $query); + $result = sqlite_array_query($dbhandle, $query, SQLITE_ASSOC); if ($result){ - $row = sqlite_fetch_array($result, SQLITE_ASSOC); - $cp_db[]=implode(",",$row); + foreach ($result as $rownum => $row){ + $cp_db[$rownum]=implode(",",$row); + } sqlite_close($dbhandle); } } diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index c55160bc..a97746e2 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -5,7 +5,7 @@ Copyright (C) 2006-2009 Scott Ullrich Copyright (C) 2006 Fernando Lemos Copyright (C) 2012 Martin Fuchs - Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2012-2014 Marcello Coutinho Copyright (C) 2013 Gekkenhuis All rights reserved. @@ -95,8 +95,17 @@ function squid_chown_recursive($dir, $user, $group) { } } +function squid_check_clamav_user($user) + { + exec("/usr/sbin/pw usershow {$user}",$sq_ex_output,$sq_ex_return); + $user_arg=($sq_ex_return == 0?"mod":"add"); + exec("/usr/sbin/pw user{$user_arg} {$user} -G wheel -u 9595 -s /sbin/nologin",$sq_ex_output,$sq_ex_return); + if ($sq_ex_return != 0) + log_error("Squid - Could not change clamav user settings. ".serialize($sq_ex_output)); + } + /* setup cache */ -function squid_dash_z() { +function squid_dash_z($cache_action='none') { global $config; //Do nothing if there is no cache config @@ -110,7 +119,12 @@ function squid_dash_z() { return; $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); - + + if ($cache_action=="clean"){ + rename ($cachedir,"{$cachedir}.old"); + mwexec_bg("/bin/rm -rf {$cachedir}.old"); + } + if(!is_dir($cachedir.'/')) { log_error("Creating Squid cache dir $cachedir"); make_dirs($cachedir); @@ -354,9 +368,9 @@ function squid_deinstall_command() { $settings = array(); $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs'); - update_status("Removing swap.state ... One moment please..."); + update_status("Removing cache ... One moment please..."); update_output_window("$plswait_txt"); - mwexec('rm -rf $cachedir/swap.state'); + mwexec_bg('rm -rf $cachedir'); mwexec('rm -rf $logdir'); update_status("Finishing package cleanup."); mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); @@ -721,19 +735,26 @@ function squid_install_cron($should_install) { $x=0; $rotate_job_id=-1; $swapstate_job_id=-1; + $cron_cmd=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); + $cron_cmd .= SQUID_LOCALBASE."/sbin/squid -k rotate -f " . SQUID_CONFFILE; + $need_write = false; foreach($config['cron']['item'] as $item) { if(strstr($item['task_name'], "squid_rotate_logs")) { $rotate_job_id = $x; + if ($item['command'] != $cron_cmd){ + $config['cron']['item'][$x]['command']=$cron_cmd; + $need_write = true; + } } elseif(strstr($item['task_name'], "squid_check_swapstate")) { $swapstate_job_id = $x; } $x++; } - $need_write = false; switch($should_install) { case true: $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); if($rotate_job_id < 0) { + $cron_item['command']=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); $cron_item = array(); $cron_item['task_name'] = "squid_rotate_logs"; $cron_item['minute'] = "0"; @@ -742,7 +763,7 @@ function squid_install_cron($should_install) { $cron_item['month'] = "*"; $cron_item['wday'] = "*"; $cron_item['who'] = "root"; - $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; ". SQUID_LOCALBASE."/sbin/squid -k rotate -f " . SQUID_CONFFILE; + $cron_item['command'] .= $cron_cmd; /* Add this cron_item as a new entry at the end of the item array. */ $config['cron']['item'][] = $cron_item; $need_write = true; @@ -919,7 +940,7 @@ function squid_resync_general() { $conf .= "http_port 127.0.0.1:{$port} intercept\n"; } } - $icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 7); + $icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0); $dns_v4_first= ($settings['dns_v4_first'] == "on" ? "on" : "off" ); $pidfile = "{$g['varrun_path']}/squid.pid"; $language = ($settings['error_language'] ? $settings['error_language'] : 'en'); @@ -934,6 +955,8 @@ function squid_resync_general() { } $logdir_cache = $logdir . '/cache.log'; $logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null'); + $pinger_helper = ($settings['disable_pinger']) =='on' ? 'off' : 'on'; + $pinger_program=SQUID_LOCALBASE."/libexec/squid/pinger"; $conf .= <<< EOD icp_port {$icp_port} @@ -948,15 +971,17 @@ cache_mgr {$email} access_log {$logdir_access} cache_log {$logdir_cache} cache_store_log none +netdb_filename {$logdir}/netdb.state +pinger_enable {$pinger_helper} +pinger_program {$pinger_program} {$interception_checks} EOD; // Per squid docs, setting logfile_rotate to 0 is safe and causes a simple close/reopen. -// Rotating also ensures that swap.state is rewritten, so is useful even if the logs -// are not being rotated. $rotate = empty($settings['log_rotate']) ? 0 : $settings['log_rotate']; $conf .= "logfile_rotate {$rotate}\n"; +$conf .= "debug_options rotate={$rotate}\n"; squid_install_cron(true); $conf .= <<< EOD @@ -1051,7 +1076,7 @@ EOC; range_offset_limit -1 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims -refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims +refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims EOC; } @@ -1310,8 +1335,27 @@ function squid_resync_antivirus(){ if (preg_match("/fr/i",$squid_config['error_language'])) $clwarn="clwarn.cgi.fr_FR"; if (preg_match("/pt_br/i",$squid_config['error_language'])) - $clwarn="clwarn.cgi.pt_BR"; - copy(SQUID_LOCALBASE."/libexec/squidclamav/{$clwarn}","/usr/local/www/clwarn.cgi"); + $clwarn="clwarn.cgi.pt_BR"; + $clwarn_file="/usr/local/www/clwarn.cgi"; + copy(SQUID_LOCALBASE."/libexec/squidclamav/{$clwarn}",$clwarn_file); + + #fix perl path on clwarn.cgi + $clwarn_file_new=file_get_contents($clwarn_file); + $c_pattern[]="@/usr/\S+/perl@"; + $c_replacement[]=SQUID_LOCALBASE."/bin/perl"; + /*$c_pattern[]="@redirect \S+/clwarn.cgi@"; + $gui_proto=$config['system']['webgui']['protocol']; + $gui_port=$config['system']['webgui']['port']; + if($gui_port == "") { + $gui_port($gui_proto == "http"?"80":"443"); + } + $c_replacement[]=SQUID_LOCALBASE."redirect {$gui_proto}://127.0.0.1:{$gui_port}/clwarn.cgi"; + */ + $clwarn_file_new=preg_replace($c_pattern, $c_replacement,$clwarn_file_new); + file_put_contents($clwarn_file, $clwarn_file_new,LOCK_EX); + + #fix clwarn.cgi file permission + chmod($clwarn_file,0755); $conf = <<< EOF icap_enable on @@ -1346,7 +1390,7 @@ EOF; if (!isset($clamav_clamd_enable)) $rc_file.='clamav_clamd_enable="YES"'."\n"; file_put_contents("/etc/rc.conf.local",$rc_file,LOCK_EX); - + squid_check_clamav_user('clamav'); #patch sample files to pfsense dirs #squidclamav.conf if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")) @@ -1391,9 +1435,13 @@ EOF; foreach ($dirs as $dir_path => $dir_user){ if (!is_dir($dir_path)) make_dirs($dir_path); - squid_chown_recursive($dir_path, $dir_user, $dir_user); + squid_chown_recursive($dir_path, $dir_user, "wheel"); + } + #Check clamav database + if (count(glob("/var/db/clamav/*d"))==0){ + log_error("Squid - Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam on background."); + mwexec_bg(SQUID_LOCALBASE."/bin/freshclam"); } - #check startup scripts on pfsense > 2.1 if (preg_match("/usr.pbi/",SQUID_LOCALBASE)){ $rcd_files = scandir(SQUID_LOCALBASE."/etc/rc.d"); @@ -1410,7 +1458,7 @@ EOF; #check antivirus daemons #check icap if (is_process_running("c-icap")){ - mwexec('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl'); + mwexec_bg('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl'); } else{ #check c-icap user on startup file @@ -1421,13 +1469,13 @@ EOF; $cicapr[0]='c_icap_user="clamav"}'; file_put_contents($c_icap_rcfile,preg_replace($cicapm,$cicapr,$sample_file),LOCK_EX); } - mwexec("/usr/local/etc/rc.d/c-icap start"); + mwexec_bg("/usr/local/etc/rc.d/c-icap start"); } #check clamav if (is_process_running("clamd")) mwexec_bg("/usr/local/etc/rc.d/clamav-clamd reload"); else - mwexec("/usr/local/etc/rc.d/clamav-clamd start"); + mwexec_bg("/usr/local/etc/rc.d/clamav-clamd start"); } return $conf; } @@ -1533,12 +1581,12 @@ include('/usr/local/pkg/squid_reverse.inc'); function squid_resync_auth() { global $config, $valid_acls; - - if (is_array($config['installedpackages']['squidauth']['config'])) - $settings = $config['installedpackages']['squidauth']['config'][0]; - else - $settings = array(); - + $write_config=0; + if (!is_array($config['installedpackages']['squidauth']['config'])){ + $config['installedpackages']['squidauth']['config'][]=array('auth_method'=> "none"); + $write_config++; + } + $settings = $config['installedpackages']['squidauth']['config'][0]; if (is_array($config['installedpackages']['squidnac']['config'])) $settingsnac = $config['installedpackages']['squidnac']['config'][0]; else @@ -1549,6 +1597,9 @@ function squid_resync_auth() { else $settingsconfig = array(); + if ($write_config > 0) + write_config(); + $conf = ''; // SSL interception acl options part 1 @@ -1568,8 +1619,8 @@ function squid_resync_auth() { $conf.="# Package Integration\n".preg_replace($co_preg,$co_rep,$settingsconfig['custom_options'])."\n\n"; } - // Custom User Options - $conf .= "# Custom options\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n"; + // Custom User Options before authentication acls + $conf .= "# Custom options before auth\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n"; // Deny the banned guys before allowing the good guys if(! empty($settingsnac['banned_hosts'])) { @@ -1626,10 +1677,10 @@ function squid_resync_auth() { } // SSL interception acl options part 2 - if ($settingsconfig['ssl_proxy'] == "on"){ + /*if ($settingsconfig['ssl_proxy'] == "on"){ $conf .= "always_direct allow all\n"; $conf .= "ssl_bump server-first all\n"; - } + }*/ // Include squidguard denied acl log in squid if ($settingsconfig['log_sqd']) @@ -1687,9 +1738,8 @@ function squid_resync_auth() { $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n"; break; case 'cp': - $conf .= "external_acl_type check_filter children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n"; - $conf .= "acl dgfilter external check_filter\n"; - $conf .= "http_access allow dgfilter\n"; + $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n"; + $conf .= "acl password external check_cp\n"; break; case 'msnt': $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n"; @@ -1705,6 +1755,14 @@ acl password proxy_auth REQUIRED EOD; } + // Custom User Options after authentication definition + $conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n"; + + // SSL interception acl options part 2 + if ($settingsconfig['ssl_proxy'] == "on"){ + $conf .= "always_direct allow all\n"; + $conf .= "ssl_bump server-first all\n"; + } // Onto the ACLs $password = array('localnet', 'allowed_subnets'); $passwordless = array('unrestricted_hosts'); @@ -1721,7 +1779,7 @@ EOD; foreach ($passwordless as $acl) $conf .= "http_access allow $acl\n"; - if ($auth_method != 'cp'){ + //if ($auth_method != 'cp'){ // Include squidguard denied acl log in squid if ($settingsconfig['log_sqd']) $conf .="http_access deny password sglog\n"; @@ -1729,9 +1787,9 @@ EOD; // Allow the other ACLs as long as they authenticate foreach ($password as $acl) $conf .= "http_access allow password $acl\n"; - } + // } } - + $conf .= "# Default block all to be sure\n"; $conf .= "http_access deny allsrc\n"; @@ -2224,6 +2282,12 @@ EOD; {$squid_local_base}/sbin/squid -k shutdown -f {$squid_conffile_var} # Just to be sure... sleep 5 + +if [ -f /usr/bin/ipcs ];then +# http://man.chinaunix.net/newsoft/squid/Squid_FAQ/FAQ-22.html#ss22.8 +ipcs | grep '^[mq]' | awk '{printf "ipcrm -%s %s\\n", $1, $2}' | /bin/sh +fi + killall -9 squid 2>/dev/null killall pinger 2>/dev/null diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml index a8bc0530..bf740221 100644 --- a/config/squid3/33/squid.xml +++ b/config/squid3/33/squid.xml @@ -126,127 +126,127 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_general.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_general.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_peer.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_peer.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_uri.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_uri.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_nac.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_ng.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_ng.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_ng.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_ng.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_traffic.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_upstream.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_auth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_users.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_users.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_antivirus.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_antivirus.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/sqpmon.sh</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/sqpmon.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/swapstate_check.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/swapstate_check.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_redir.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_redir.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_monitor.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_monitor.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_monitor_data.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_monitor_data.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/squid_log_parser.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/squid_log_parser.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/pkg_squid.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/pkg_squid.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/33/check_ip.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/33/check_ip.php</item> </additional_files_needed> <fields> <field> @@ -301,6 +301,12 @@ <type>checkbox</type> </field> <field> + <fielddescr>Disable ICMP</fielddescr> + <fieldname>disable_pinger</fieldname> + <description><![CDATA[Enable this option to disable squid ICMP pinger helper.]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Use alternate DNS-servers for the proxy-server</fielddescr> <fieldname>dns_nameservers</fieldname> <description>If you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;).</description> @@ -528,9 +534,19 @@ <rows>5</rows> </field> <field> - <fielddescr>Custom Options</fielddescr> + <fielddescr>Custom ACLS (Before_Auth)</fielddescr> <fieldname>custom_options_squid3</fieldname> - <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration.<br> + <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration before authetication acls(if any).<br> + <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> + <type>textarea</type> + <encoding>base64</encoding> + <cols>78</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>Custom ACLS (After_Auth)</fielddescr> + <fieldname>custom_options2_squid3</fieldname> + <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration after authetication definition(if any).<br> <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> <type>textarea</type> <encoding>base64</encoding> diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml index 26d6463c..f60863c9 100755 --- a/config/squid3/33/squid_cache.xml +++ b/config/squid3/33/squid_cache.xml @@ -166,7 +166,11 @@ <field> <fielddescr>Hard disk cache system</fielddescr> <fieldname>harddisk_cache_system</fieldname> - <description>This specifies the kind of storage system to use. <p> <b> ufs </b> is the old well-known Squid storage format that has always been there. <p> <b> aufs </b> uses POSIX-threads to avoid blocking the main Squid process on disk-I/O. (Formerly known as async-io.) <p> <b> diskd </b> uses a separate process to avoid blocking the main Squid process on disk-I/O. <p> <b> null </b> Does not use any storage. Ideal for Embedded/NanoBSD.</description> + <description><![CDATA[This specifies the kind of storage system to use. + <br><br><b>ufs</b> is the old well-known Squid storage format that has always been there. + <br><br><b>aufs</b> uses POSIX-threads to avoid blocking the main Squid process on disk-I/O. (Formerly known as async-io.) + <br><br><b>diskd</b> uses a separate process to avoid blocking the main Squid process on disk-I/O.<br>To use <b>ipcs</b> and <b>ipcrm</b> on squid, Download livefs.iso from ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.3/ mount it and copy <b>/usr/bin/ipcs</b> and <b>/usr/bin/ipcrm</b> to your system and set them as executables. + <br><br><b>null</b> Does not use any storage. Ideal for Embedded/NanoBSD.]]></description> <type>select</type> <default_value>ufs</default_value> <options> @@ -175,7 +179,14 @@ <option><name>diskd</name><value>diskd</value></option> <option><name>null</name><value>null</value></option> </options> - </field> + </field> + <field> + <fielddescr>Clear cache on log rotate</fielddescr> + <fieldname>clear_cache</fieldname> + <description><![CDATA[If set, Squid will clear cache and swap.state on every log rotate.<br> + This action will be executed automatically if the swap.state file is taking up more than 75% disk space,or the drive is 90%]]></description> + <type>checkbox</type> + </field> <field> <fielddescr>Level 1 subdirectories</fielddescr> <fieldname>level1_subdirs</fieldname> diff --git a/config/squid3/33/squid_ng.inc b/config/squid3/33/squid_ng.inc index 0e1e0515..3b9ef405 100755 --- a/config/squid3/33/squid_ng.inc +++ b/config/squid3/33/squid_ng.inc @@ -803,7 +803,7 @@ function squid3_custom_php_install_command() { touch("/tmp/squid3_custom_php_install_command"); /* make sure this all exists, see: - * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391 + * https://forum.pfsense.org/index.php?topic=23.msg2391#msg2391 */ update_output_window("Setting up Squid environment..."); mwexec("mkdir -p /var/squid"); diff --git a/config/squid3/33/squid_ng.xml b/config/squid3/33/squid_ng.xml index 142536d6..b96b4eb2 100755 --- a/config/squid3/33/squid_ng.xml +++ b/config/squid3/33/squid_ng.xml @@ -102,42 +102,42 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_nac.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_ng.inc</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_ng.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_traffic.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_upstream.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_auth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_auth.inc</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_auth.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid/squid_extauth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid/squid_extauth.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index c4061ba4..08c7b388 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -110,7 +110,7 @@ function squid_resync_reverse() { foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; diff --git a/config/squid3/33/swapstate_check.php b/config/squid3/33/swapstate_check.php index 6ecfff3c..a0b3c98b 100644 --- a/config/squid3/33/swapstate_check.php +++ b/config/squid3/33/swapstate_check.php @@ -28,6 +28,7 @@ */ require_once('config.inc'); require_once('util.inc'); +require_once('squid.inc'); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) @@ -46,13 +47,12 @@ if ($settings['harddisk_cache_system'] != "null"){ $diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100); $swapstate_size = filesize($swapstate); $swapstate_pct = round(($swapstate_size / $disktotal) * 100); - // If the swap.state file is taking up more than 75% disk space, // or the drive is 90% full and swap.state is larger than 1GB, // kill it and initiate a rotate to write a fresh copy. - if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024))) { - mwexec_bg("/bin/rm $swapstate; ". SQUID_LOCALBASE . "/sbin/squid -k rotate"); - log_error(gettext(sprintf("Squid swap.state file exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); + if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024)) || $argv[1]=="clean") { + squid_dash_z('clean'); + log_error(gettext(sprintf("Squid cache and/or swap.state exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); } } ?>
\ No newline at end of file diff --git a/config/squid3/old/squid.xml b/config/squid3/old/squid.xml index ea13625e..5762efb1 100644 --- a/config/squid3/old/squid.xml +++ b/config/squid3/old/squid.xml @@ -96,52 +96,52 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/squid.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/squid_nac.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/squid_ng.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_ng.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/squid_traffic.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/squid_upstream.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/squid_auth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/squid_users.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_users.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/etc/rc.d/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/proxy_monitor.sh</item> + <item>https://packages.pfsense.org/packages/config/squid3/proxy_monitor.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid3/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_cache.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/squid3/old/squid_ng.inc b/config/squid3/old/squid_ng.inc index 03f6d48c..bfc99faf 100644 --- a/config/squid3/old/squid_ng.inc +++ b/config/squid3/old/squid_ng.inc @@ -803,7 +803,7 @@ function custom_php_install_command() { touch("/tmp/custom_php_install_command"); /* make sure this all exists, see: - * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391 + * https://forum.pfsense.org/index.php?topic=23.msg2391#msg2391 */ update_output_window("Setting up Squid environment..."); mwexec("mkdir -p /var/squid"); diff --git a/config/squid3/old/squid_ng.xml b/config/squid3/old/squid_ng.xml index cb535cd3..3448657f 100644 --- a/config/squid3/old/squid_ng.xml +++ b/config/squid3/old/squid_ng.xml @@ -102,42 +102,42 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid3/squid_cache.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid3/squid_nac.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid3/squid_ng.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_ng.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid3/squid_traffic.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid3/squid_upstream.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid3/squid_auth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid3/squid_auth.inc</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_auth.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid3/squid_extauth.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/squid_extauth.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/squidGuard-devel/squidguard.xml b/config/squidGuard-devel/squidguard.xml index e9ce78fd..d5f2b82d 100644 --- a/config/squidGuard-devel/squidguard.xml +++ b/config/squidGuard-devel/squidguard.xml @@ -63,57 +63,57 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard.inc</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_configurator.inc</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_configurator.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_acl.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_default.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_default.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_dest.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_dest.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_rewr.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_rewr.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_time.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_time.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/squidGuard/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_log.php</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_log.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/squidGuard/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_blacklist.php</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_blacklist.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard-devel/sgerror.php</item> + <item>https://packages.pfsense.org/packages/config/squidGuard-devel/sgerror.php</item> </additional_files_needed> <fields> <field> diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml index e1fb3d41..ee7302f4 100644 --- a/config/squidGuard/squidguard.xml +++ b/config/squidGuard/squidguard.xml @@ -63,57 +63,57 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard.inc</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_configurator.inc</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_configurator.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_acl.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_acl.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_default.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_default.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_dest.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_dest.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_rewr.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_rewr.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_time.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_time.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/squidGuard/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_log.php</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_log.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/squidGuard/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_blacklist.php</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_blacklist.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/sgerror.php</item> + <item>https://packages.pfsense.org/packages/config/squidGuard/sgerror.php</item> </additional_files_needed> <fields> <field> diff --git a/config/sshdcond/sshdcond.xml b/config/sshdcond/sshdcond.xml index eeb35d75..17dda28d 100644 --- a/config/sshdcond/sshdcond.xml +++ b/config/sshdcond/sshdcond.xml @@ -60,12 +60,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>755</chmod> - <item>http://www.pfsense.com/packages/config/sshdcond/sshdcond.inc</item> + <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>755</chmod> - <item>http://www.pfsense.com/packages/config/sshdcond/sshdcond_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond_sync.xml</item> </additional_files_needed> <tabs> <tab> diff --git a/config/sshterm/sshterm.xml b/config/sshterm/sshterm.xml index 80907d0a..69098f01 100644 --- a/config/sshterm/sshterm.xml +++ b/config/sshterm/sshterm.xml @@ -64,12 +64,12 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/sshterm/diag_shell_head.php</item> + <item>https://packages.pfsense.org/packages/config/sshterm/diag_shell_head.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/sshterm/diag_shell_releng.php</item> + <item>https://packages.pfsense.org/packages/config/sshterm/diag_shell_releng.php</item> </additional_files_needed> <!-- fields gets invoked when the user adds or edits a item. diff --git a/config/states-summary/states-summary.xml b/config/states-summary/states-summary.xml index a27230fd..7071420f 100644 --- a/config/states-summary/states-summary.xml +++ b/config/states-summary/states-summary.xml @@ -57,7 +57,7 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/states-summary/diag_states_summary.php</item> + <item>https://packages.pfsense.org/packages/config/states-summary/diag_states_summary.php</item> </additional_files_needed> <custom_php_deinstall_command> <![CDATA[ diff --git a/config/strikeback/strikeback.xml b/config/strikeback/strikeback.xml index 15c35668..221f3f77 100644 --- a/config/strikeback/strikeback.xml +++ b/config/strikeback/strikeback.xml @@ -39,7 +39,7 @@ </copyright> <description>Strikeback</description> <requirements>Active Internet</requirements> - <faq>http://forum.pfsense.org/index.php/topic,37225.0.html</faq> + <faq>https://forum.pfsense.org/index.php/topic,37225.0.html</faq> <name>Strikeback Settings</name> <version>0.1</version> <title>Settings</title> @@ -62,52 +62,52 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/strikeback.xml</item> + <item>https://packages.pfsense.org/packages/config/strikeback/strikeback.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/strikeback.inc</item> + <item>https://packages.pfsense.org/packages/config/strikeback/strikeback.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/strikeback.tmp</item> + <item>https://packages.pfsense.org/packages/config/strikeback/strikeback.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/index.tmp</item> + <item>https://packages.pfsense.org/packages/config/strikeback/index.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/firewall_shaper.tmp</item> + <item>https://packages.pfsense.org/packages/config/strikeback/firewall_shaper.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/help.tmp</item> + <item>https://packages.pfsense.org/packages/config/strikeback/help.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/settings.tmp</item> + <item>https://packages.pfsense.org/packages/config/strikeback/settings.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/parse.tmp</item> + <item>https://packages.pfsense.org/packages/config/strikeback/parse.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/strikeback.db</item> + <item>https://packages.pfsense.org/packages/config/strikeback/strikeback.db</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/strikeback/jscolor.js</item> + <item>https://packages.pfsense.org/packages/config/strikeback/jscolor.js</item> </additional_files_needed> <fields> <field> diff --git a/config/stunnel.xml b/config/stunnel.xml index 601dbfa2..21e023a9 100644 --- a/config/stunnel.xml +++ b/config/stunnel.xml @@ -55,12 +55,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/stunnel/stunnel.inc</item> + <item>https://packages.pfsense.org/packages/config/stunnel/stunnel.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/stunnel/stunnel_certs.xml</item> + <item>https://packages.pfsense.org/packages/config/stunnel/stunnel_certs.xml</item> </additional_files_needed> <!-- configpath gets expanded out automatically and config items will be stored in that location --> diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml index defca988..16fc272b 100644 --- a/config/sudo/sudo.xml +++ b/config/sudo/sudo.xml @@ -16,7 +16,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/sudo/sudo.inc</item> + <item>https://packages.pfsense.org/packages/config/sudo/sudo.inc</item> </additional_files_needed> <fields> <field> diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc new file mode 100644 index 00000000..b5f5fb56 --- /dev/null +++ b/config/suricata/suricata.inc @@ -0,0 +1,2021 @@ +<?php +/* + suricata.inc + + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("pfsense-utils.inc"); +require_once("config.inc"); +require_once("functions.inc"); +require_once("services.inc"); +require_once("service-utils.inc"); +require_once("pkg-utils.inc"); +require_once("filter.inc"); + +global $g, $config; + +if (!is_array($config['installedpackages']['suricata'])) + $config['installedpackages']['suricata'] = array(); + +// Define the binary and package build versions +define('SURICATA_VER', '1.4.6'); +define('SURICATA_PKG_VER', 'v0.3-BETA'); + +// Create some other useful defines +define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/'); +define('SURICATALOGDIR', '/var/log/suricata/'); +define('RULES_UPD_LOGFILE', SURICATALOGDIR . 'suricata_rules_update.log'); +define('ENFORCING_RULES_FILENAME', 'suricata.rules'); +define('FLOWBITS_FILENAME', 'flowbit-required.rules'); + +// Rule set download filenames and prefixes +define('ET_DNLD_FILENAME', 'emerging.rules.tar.gz'); +define('ETPRO_DNLD_FILENAME', 'etpro.rules.tar.gz'); +define('VRT_DNLD_FILENAME', 'snortrules-snapshot-edge.tar.gz'); +define('GPLV2_DNLD_FILENAME', 'community-rules.tar.gz'); +define('VRT_FILE_PREFIX', 'snort_'); +define('GPL_FILE_PREFIX', 'GPLv2_'); +define('ET_OPEN_FILE_PREFIX', 'emerging-'); +define('ET_PRO_FILE_PREFIX', 'etpro-'); + +function suricata_generate_id() { + global $config; + + $suricatacfg = $config['installedpackages']['suricata']['rule']; + while (true) { + $suricata_uuid = mt_rand(1, 65535); + foreach ($suricatacfg as $value) { + if ($value['uuid'] == $suricata_uuid) + continue 2; + } + break; + } + + return $suricata_uuid; +} + +function suricata_is_running($suricata_uuid, $if_real, $type = 'suricata') { + global $g; + return isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid"); +} + +function suricata_barnyard_stop($suricatacfg, $if_real) { + global $g; + + $suricata_uuid = $suricatacfg['uuid']; + if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) { + log_error("[Suricata] Barnyard2 STOP for {$suricatacfg['descr']}({$if_real})..."); + killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid"); + } +} + +function suricata_stop($suricatacfg, $if_real) { + global $g; + + $suricata_uuid = $suricatacfg['uuid']; + if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) { + log_error("[Suricata] Suricata STOP for {$suricatacfg['descr']}({$if_real})..."); + killbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); + sleep(1); + + // For some reason Suricata seems to need a double TERM signal to actually shutdown + if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) + killbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); + } + // Stop Barnyard2 on the interface if running + suricata_barnyard_stop($suricatacfg, $if_real); +} + +function suricata_barnyard_start($suricatacfg, $if_real) { + global $g; + + $suricata_uuid = $suricatacfg['uuid']; + $suricatadir = SURICATADIR . "suricata_{$suricata_uuid}_{$if_real}"; + $suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; + + if ($suricatacfg['barnyard_enable'] == 'on') { + log_error("[Suricata] Barnyard2 START for {$suricatacfg['descr']}({$if_real})..."); + mwexec_bg("/usr/local/bin/barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}/barnyard2.conf -d {$suricatalogdir} -D -q"); + } +} + +function suricata_start($suricatacfg, $if_real) { + global $g; + + $suricatadir = SURICATADIR; + $suricata_uuid = $suricatacfg['uuid']; + + if ($suricatacfg['enable'] == 'on') { + log_error("[Suricata] Suricata START for {$suricatacfg['descr']}({$if_real})..."); + mwexec_bg("/usr/local/bin/suricata -i {$if_real} -D -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/suricata.yaml --pidfile {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); + } + else + return; + + // Start Barnyard2 if enabled on the interface + suricata_barnyard_start($suricatacfg, $if_real); +} + +function suricata_reload_config($suricatacfg, $signal="USR2") { + + /**************************************************************/ + /* This function sends the passed SIGNAL to the Suricata */ + /* instance on the passed interface to cause Suricata to */ + /* reload and parse the running configuration without */ + /* impacting packet processing. It also executes the reload */ + /* as a background process and returns control immediately */ + /* to the caller. */ + /* */ + /* $signal = USR2 (default) parses and reloads config. */ + /**************************************************************/ + global $g; + + $suricatadir = SURICATADIR; + $suricata_uuid = $suricatacfg['uuid']; + $if_real = get_real_interface($suricatacfg['interface']); + + /******************************************************/ + /* Only send the SIGUSR2 if Suricata is running and */ + /* we can find a valid PID for the process. */ + /******************************************************/ + if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) { + log_error("[Suricata] Suricata LIVE RULE RELOAD initiated for {$suricatacfg['descr']} ({$if_real})..."); +// sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", $signal); + mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); + } +} + +function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") { + + /**************************************************************/ + /* This function sends the passed SIGNAL to the Barnyard2 */ + /* instance on the passed interface to cause Barnyard to */ + /* reload and parse the running configuration without */ + /* impacting packet processing. It also executes the reload */ + /* as a background process and returns control immediately */ + /* to the caller. */ + /* */ + /* $signal = HUP (default) parses and reloads config. */ + /**************************************************************/ + global $g; + + $suricatadir = SURICATADIR; + $suricata_uuid = $suricatacfg['uuid']; + $if_real = get_real_interface($suricatacfg['interface']); + + /******************************************************/ + /* Only send the SIGHUP if Barnyard2 is running and */ + /* we can find a valid PID for the process. */ + /******************************************************/ + if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) { + log_error("[Suricata] Barnyard2 CONFIG RELOAD initiated for {$suricatacfg['descr']} ({$if_real})..."); +// sigkillbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid", $signal); + mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid"); + } +} + +function suricata_get_blocked_ips() { + + // This is a placeholder function for later use. + // Blocking is not currently enabled in Suricata. + return array(); +} + +/* func builds custom white lists */ +function suricata_find_list($find_name, $type = 'whitelist') { + global $config; + + $suricataglob = $config['installedpackages']['suricata']; + if (!is_array($suricataglob[$type])) + return ""; + if (!is_array($suricataglob[$type]['item'])) + return ""; + + foreach ($suricataglob[$type]['item'] as $value) { + if ($value['name'] == $find_name) + return $value; + } + + return array(); +} + +function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { + + /***********************************************************/ + /* The default is to build a HOME_NET variable unless */ + /* '$whitelist' is set to 'true' when calling. */ + /***********************************************************/ + + global $config, $g, $aliastable, $filterdns; + $home_net = array(); + + if ($listname == 'default' || empty($listname)) { + $localnet = 'yes'; $wanip = 'yes'; $wangw = 'yes'; $wandns = 'yes'; $vips = 'yes'; $vpns = 'yes'; + } else { + $list = suricata_find_list($listname); + if (empty($list)) + return $list; + $localnet = $list['localnets']; + $wanip = $list['wanips']; + $wangw = $list['wangateips']; + $wandns = $list['wandnsips']; + $vips = $list['vips']; + $vpns = $list['vpnips']; + if (!empty($list['address']) && is_alias($list['address'])) + $home_net = explode(" ", trim(filter_expand_alias($list['address']))); + } + + // Always add loopback to HOME_NET and whitelist (ftphelper) + if (!in_array("127.0.0.1", $home_net)) + $home_net[] = "127.0.0.1"; + + /********************************************************************/ + /* Always put the interface running Suricata in HOME_NET and */ + /* whitelist unless it's the WAN. WAN options are handled further */ + /* down. If the user specifically chose not to include LOCAL_NETS */ + /* in the WHITELIST, then do not include the Suricata interface */ + /* subnet in the WHITELIST. We do include the actual LAN interface */ + /* IP for Suricata, though, to prevent locking out the firewall. */ + /********************************************************************/ + $suricataip = get_interface_ip($suricatacfg['interface']); + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + if (is_ipaddr($suricataip)) { + if ($suricatacfg['interface'] <> "wan") { + $sn = get_interface_subnet($suricatacfg['interface']); + $ip = gen_subnet($suricataip, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + } + } + else { + if (is_ipaddr($suricataip)) { + if (!in_array($suricataip, $home_net)) + $home_net[] = $suricataip; + } + } + + $suricataip = get_interface_ipv6($suricatacfg['interface']); + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + if (is_ipaddrv6($suricataip)) { + if ($suricatacfg['interface'] <> "wan") { + $sn = get_interface_subnetv6($suricatacfg['interface']); + $ip = gen_subnetv6($suricataip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + } + } + else { + if (is_ipaddrv6($suricataip)) { + if (!in_array($suricataip, $home_net)) + $home_net[] = $suricataip; + } + } + + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + /*************************************************************************/ + /* Iterate through the interface list and write out whitelist items and */ + /* also compile a HOME_NET list of all the local interfaces for suricata. */ + /* Skip the WAN interface as we do not typically want that whole subnet */ + /* whitelisted (just the i/f IP itself which was handled earlier). */ + /*************************************************************************/ + $int_array = get_configured_interface_list(); + foreach ($int_array as $int) { + if ($int == "wan") + continue; + $subnet = get_interface_ip($int); + if (is_ipaddr($subnet)) { + $sn = get_interface_subnet($int); + $ip = gen_subnet($subnet, $sn) . "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + if ($int == "wan") + continue; + $subnet = get_interface_ipv6($int); + if (is_ipaddrv6($subnet)) { + $sn = get_interface_subnetv6($int); + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + } + } + + if ($wanip == 'yes') { + $ip = get_interface_ip("wan"); + if (is_ipaddr($ip)) { + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + $ip = get_interface_ipv6("wan"); + if (is_ipaddrv6($ip)) { + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + } + + if ($wangw == 'yes') { + // Grab the default gateway if set + $default_gw = exec("/sbin/route -n get default |grep 'gateway:' | /usr/bin/awk '{ print $2 }'"); + if (is_ipaddr($default_gw) && !in_array($default_gw, $home_net)) + $home_net[] = $default_gw; + if (is_ipaddrv6($default_gw) && !in_array($default_gw, $home_net)) + $home_net[] = $default_gw; + + // Get any other interface gateway and put in $HOME_NET if not there already + $gw = get_interface_gateway($suricatacfg['interface']); + if (is_ipaddr($gw) && !in_array($gw, $home_net)) + $home_net[] = $gw; + $gw = get_interface_gateway_v6($suricatacfg['interface']); + if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) + $home_net[] = $gw; + } + + if ($wandns == 'yes') { + // Add DNS server for WAN interface to whitelist + $dns_servers = get_dns_servers(); + foreach ($dns_servers as $dns) { + if ($dns && !in_array($dns, $home_net)) + $home_net[] = $dns; + } + } + + if($vips == 'yes') { + // iterate all vips and add to whitelist + if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { + foreach($config['virtualip']['vip'] as $vip) { + if ($vip['subnet'] && $vip['mode'] != 'proxyarp') { + if (!in_array("{$vip['subnet']}/{$vip['subnet_bits']}", $home_net)) + $home_net[] = "{$vip['subnet']}/{$vip['subnet_bits']}"; + } + } + } + } + + // grab a list of vpns and whitelist if user desires + if ($vpns == 'yes') { + $vpns_list = filter_get_vpns_list(); + if (!empty($vpns_list)) { + // Convert the returned space-delimited string to an array + // and then add each VPN address to our HOME_NET array. + $vpns = explode(" ", $vpns_list); + foreach ($vpns as $vpn) + $home_net[] = trim($vpn); + unset($vpns, $vpns_list); + } + } + + $valresult = array(); + foreach ($home_net as $vald) { + if (empty($vald)) + continue; + $vald = trim($vald); + if (empty($valresult[$vald])) + $valresult[$vald] = $vald; + } + + // Release memory no longer required + unset($home_net); + + // Sort the list and return it + natsort($valresult); + return $valresult; +} + +function suricata_rules_up_install_cron($should_install=true) { + global $config, $g; + + $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php"; + + // Get auto-rule update parameter from configuration + $suricata_rules_up_info_ck = $config['installedpackages']['suricata']['config'][0]['autoruleupdate']; + + // See if a customized start time has been set for rule file updates + if (!empty($config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'])) + $suricata_rules_upd_time = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime']; + else + $suricata_rules_upd_time = "00:03"; + + if ($suricata_rules_up_info_ck == "6h_up") { + $suricata_rules_up_min = intval(substr($suricata_rules_upd_time, -2)); + $hour = intval(substr($suricata_rules_upd_time, 0, 2)); + $suricata_rules_up_hr = strval($hour); + for ($i=0; $i<3; $i++) { + $hour += 6; + if ($hour > 24) + $hour -= 24; + $suricata_rules_up_hr .= "," . strval($hour); + } + $suricata_rules_up_mday = "*"; + $suricata_rules_up_month = "*"; + $suricata_rules_up_wday = "*"; + } + if ($suricata_rules_up_info_ck == "12h_up") { + $suricata_rules_up_min = intval(substr($suricata_rules_upd_time, -2)); + $hour = intval(substr($suricata_rules_upd_time, 0, 2)); + $suricata_rules_up_hr = strval($hour) . ","; + $hour += 12; + if ($hour > 24) + $hour -= 24; + $suricata_rules_up_hr .= strval($hour); + $suricata_rules_up_mday = "*"; + $suricata_rules_up_month = "*"; + $suricata_rules_up_wday = "*"; + } + if ($suricata_rules_up_info_ck == "1d_up") { + $suricata_rules_up_min = intval(substr($suricata_rules_upd_time, -2)); + $suricata_rules_up_hr = intval(substr($suricata_rules_upd_time, 0, 2)); + $suricata_rules_up_mday = "*/1"; + $suricata_rules_up_month = "*"; + $suricata_rules_up_wday = "*"; + } + if ($suricata_rules_up_info_ck == "4d_up") { + $suricata_rules_up_min = intval(substr($suricata_rules_upd_time, -2)); + $suricata_rules_up_hr = intval(substr($suricata_rules_upd_time, 0, 2)); + $suricata_rules_up_mday = "*/4"; + $suricata_rules_up_month = "*"; + $suricata_rules_up_wday = "*"; + } + if ($suricata_rules_up_info_ck == "7d_up") { + $suricata_rules_up_min = intval(substr($suricata_rules_upd_time, -2)); + $suricata_rules_up_hr = intval(substr($suricata_rules_upd_time, 0, 2)); + $suricata_rules_up_mday = "*/7"; + $suricata_rules_up_month = "*"; + $suricata_rules_up_wday = "*"; + } + if ($suricata_rules_up_info_ck == "28d_up") { + $suricata_rules_up_min = intval(substr($suricata_rules_upd_time, -2)); + $suricata_rules_up_hr = intval(substr($suricata_rules_upd_time, 0, 2)); + $suricata_rules_up_mday = "*/28"; + $suricata_rules_up_month = "*"; + $suricata_rules_up_wday = "*"; + } + + // System call to manage the cron job. + install_cron_job($command, $should_install, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root"); +} + +function suricata_loglimit_install_cron($should_install=true) { + + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", $should_install, "*/5"); +} + +function sync_suricata_package_config() { + global $config, $g; + + $suricatadir = SURICATADIR; + $rcdir = RCFILEPREFIX; + + conf_mount_rw(); + + // Do not start config build if there are no Suricata-configured interfaces + if (!is_array($config['installedpackages']['suricata']) || !is_array($config['installedpackages']['suricata']['rule'])) { + @unlink("{$rcdir}/suricata.sh"); + conf_mount_ro(); + return; + } + + $suricataconf = $config['installedpackages']['suricata']['rule']; + foreach ($suricataconf as $value) { + $if_real = get_real_interface($value['interface']); + + // create a suricata.yaml file for interface + suricata_generate_yaml($value); + + // create barnyard2.conf file for interface + if ($value['barnyard_enable'] == 'on') + suricata_generate_barnyard2_conf($value, $if_real); + } + + // create suricata bootup file suricata.sh + suricata_create_rc(); + + $suricataglob = $config['installedpackages']['suricata']['config'][0]; + // setup the log directory size check job if enabled + suricata_loglimit_install_cron(); + // setup the suricata rules update job if enabled + suricata_rules_up_install_cron($suricataglob['autoruleupdate'] != "never_up" ? true : false); + + write_config(); + configure_cron(); + + // Do not attempt package sync if reinstalling package or booting +// if (!$g['suricata_postinstall'] && !$g['booting']) +// suricata_sync_on_changes(); + + conf_mount_ro(); +} + +function suricata_load_suppress_sigs($suricatacfg, $track_by=false) { + + global $config; + + /**********************************************************/ + /* This function loads the GEN_ID and SIG_ID for all the */ + /* suppressed alert entries from the Suppression List of */ + /* the passed Suricata interface. The results are */ + /* returned in an array with GEN_ID and SIG_ID as the */ + /* primary keys. Any "track by_src" or "track by_dst" */ + /* entries in the Suppression List are tacked on as */ + /* additional keys in the array along with the IP address */ + /* in either IPv4 or IPv6 format when $track_by is passed */ + /* as true. */ + /* */ + /* Sample returned array: */ + /* $suppress[1][2069] = "suppress" */ + /* $suppress[1][2070]['by_src']['10.1.1.5'] = "suppress" */ + /* $suppress[1][2070]['by_dst']['10.1.1.6'] = "suppress" */ + /* */ + /**********************************************************/ + + $suppress = array(); + + if (!is_array($config['installedpackages']['suricata'])) + return; + if (!is_array($config['installedpackages']['suricata']['suppress'])) + return; + if (!is_array($config['installedpackages']['suricata']['suppress']['item'])) + return; + $a_suppress = $config['installedpackages']['suricata']['suppress']['item']; + + foreach ($a_suppress as $a_id => $alist) { + if ($alist['name'] == $suricatacfg['suppresslistname']) { + if (!empty($alist['suppresspassthru'])) { + $tmplist = str_replace("\r", "", base64_decode($alist['suppresspassthru'])); + $tmp = explode("\n", $tmplist); + foreach ($tmp as $line) { + // Skip any blank lines + if (trim($line, " \n") == "") + continue; + // Skip any comment lines + if (preg_match('/^\s*#/', $line)) + continue; + /* See if entry suppresses GID:SID for all hosts */ + if (preg_match('/\s*suppress\s*gen_id\b\s*(\d+),\s*sig_id\b\s*(\d+)\s*$/i', $line, $matches)) { + $genid = $matches[1]; + $sigid = $matches[2]; + if (!empty($genid) && !empty($sigid)) { + if (!is_array($suppress[$genid])) + $suppress[$genid] = array(); + if (!is_array($suppress[$genid][$sigid])) + $suppress[$genid][$sigid] = array(); + $suppress[$genid][$sigid] = "suppress"; + } + } + + /* Get "track by IP" entries if requested */ + if ($track_by) { + /* See if entry suppresses only by SRC or DST IPv4 address */ + if (preg_match('/\s*suppress\s*gen_id\b\s*(\d+),\s*sig_id\b\s*(\d+),\s*track\s*(by_src|by_dst),\s*ip\s*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s*$/i', $line, $matches)) { + $genid = $matches[1]; + $sigid = $matches[2]; + $whichip = trim($matches[3]); + $ip = $matches[4]; + if (!empty($genid) && !empty($sigid) && !empty($whichip) && !empty($ip)) { + if (!is_array($suppress[$genid])) + $suppress[$genid] = array(); + if (!is_array($suppress[$genid][$sigid])) + $suppress[$genid][$sigid] = array(); + if (!is_array($suppress[$genid][$sigid][$whichip])) + $suppress[$genid][$sigid][$whichip] = array(); + if (!is_array($suppress[$genid][$sigid][$whichip][$ip])) + $suppress[$genid][$sigid][$whichip][$ip] = array(); + $suppress[$genid][$sigid][$whichip][$ip] = "suppress"; + } + } + /* See if entry suppresses only by SRC or DST IPv6 address */ + if (preg_match('/\s*suppress\s*gen_id\b\s*(\d+),\s*sig_id\b\s*(\d+),\s*track\s*(by_src|by_dst),\s*ip\s*([0-9a-f\.:]+)\s*$/i', $line, $matches)) { + $genid = $matches[1]; + $sigid = $matches[2]; + $whichip = trim($matches[3]); + $ip = trim($matches[4]); + if (!empty($genid) && !empty($sigid) && !empty($whichip) && !empty($ip)) { + if (!is_array($suppress[$genid])) + $suppress[$genid] = array(); + if (!is_array($suppress[$genid][$sigid])) + $suppress[$genid][$sigid] = array(); + if (!is_array($suppress[$genid][$sigid][$whichip])) + $suppress[$genid][$sigid][$whichip] = array(); + if (!is_array($suppress[$genid][$sigid][$whichip][$ip])) + $suppress[$genid][$sigid][$whichip][$ip] = array(); + $suppress[$genid][$sigid][$whichip][$ip] = "suppress"; + } + } + } + } + unset($tmp); + } + break; + } + } + unset($alist); + return $suppress; +} + +function suricata_post_delete_logs($suricata_uuid = 0) { + + /***********************************************/ + /* This function cleans up related log files */ + /* for the passed instance. These include */ + /* Barnyard2 unified2 logs and pcap logs. */ + /***********************************************/ + + global $config, $g; + + // do nothing if no Suricata interfaces active + if (!is_array($config['installedpackages']['suricata']['rule'])) + return; + + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + if ($value['uuid'] != $suricata_uuid) + continue; + $if_real = get_real_interface($value['interface']); + $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; + + if ($if_real != '') { + /* Clean-up Barnyard2 files if any exist */ + $filelist = glob("{$suricata_log_dir}/unified2.alert.*"); + // Keep most recent file + unset($filelist[count($filelist) - 1]); + foreach ($filelist as $file) + @unlink($file); + + /* Clean-up Barnyard2 archived files if any exist */ + $filelist = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); + foreach ($filelist as $file) + @unlink($file); + + /* Clean-up packet capture files if any exist */ + $filelist = glob("{$suricata_log_dir}/log.pcap.*"); + // Keep most recent file + unset($filelist[count($filelist) - 1]); + foreach ($filelist as $file) + @unlink($file); + unset($filelist); + } + } +} + +/* This returns size of passed directory or file in 1024-byte blocks */ +function suricata_Getdirsize($node) { + if(!is_readable($node)) + return false; + + $blah = exec( "/usr/bin/du -kdc $node" ); + return substr( $blah, 0, strpos($blah, 9) ); +} + +function suricata_build_sid_msg_map($rules_path, $sid_file) { + + /*************************************************************/ + /* This function reads all the rules file in the passed */ + /* $rules_path variable and produces a properly formatted */ + /* sid-msg.map v2 file for use by Suricata and barnyard2. */ + /* */ + /* This function produces the new v2 format sid-msg.map */ + /* with the field layout as follows: */ + /* */ + /* GID || SID || REV || CLASSTYPE || PRI || MSG || REF ... */ + /* */ + /* On Entry: $rules_path --> array or directory of files */ + /* or a single file containing */ + /* the rules to read. */ + /* $sid_file --> the complete destination path */ + /* and filename for the output */ + /* sid-msg.map file. */ + /*************************************************************/ + + $sidMap = array(); + $rule_files = array(); + + // First check if we were passed a directory, a single file + // or an array of filenames to read. Set our $rule_files + // variable accordingly. If we can't figure it out, return + // and don't write a sid-msg.map file. + if (is_string($rules_path)) { + if (is_dir($rules_path)) + $rule_files = glob($rules_path . "*.rules"); + elseif (is_file($rules_path)) + $rule_files = (array)$rules_path; + } + elseif (is_array($rules_path)) + $rule_files = $rules_path; + else + return; + + // Read the rule files into an array, then iterate the list + foreach ($rule_files as $file) { + + // Don't process files with "deleted" in the filename + if (stristr($file, "deleted")) + continue; + + // Read the file into an array, skipping missing files. + if (!file_exists($file)) + continue; + + $rules_array = file($file, FILE_SKIP_EMPTY_LINES); + $record = ""; + $b_Multiline = false; + + // Read and process each line from the rules in the current file + foreach ($rules_array as $rule) { + + // Skip any non-rule lines unless we're in multiline mode. + if (!preg_match('/^\s*#*\s*(alert|drop|pass)/i', $rule) && !$b_Multiline) + continue; + + // Test for a multi-line rule, and reassemble the + // pieces back into a single line. + if (preg_match('/\\\\s*[\n]$/m', $rule)) { + $rule = substr($rule, 0, strrpos($rule, '\\')); + $record .= $rule; + $b_Multiline = true; + continue; + } + // If the last segment of a multiline rule, then + // append it onto the previous parts to form a + // single-line rule for further processing below. + elseif (!preg_match('/\\\\s*[\n]$/m', $rule) && $b_Multiline) { + $record .= $rule; + $rule = $record; + } + $b_Multiline = false; + $record = ""; + + // Parse the rule to find sid and any references. + $gid = '1'; // default to 1 for regular rules + $sid = ''; + $rev = ''; + $classtype = 'NOCLASS'; // required default for v2 format + $priority = '0'; // required default for v2 format + $msg = ''; + $matches = ''; + $sidEntry = ''; + if (preg_match('/\bmsg\s*:\s*"(.+?)"\s*;/i', $rule, $matches)) + $msg = trim($matches[1]); + if (preg_match('/\bsid\s*:\s*(\d+)\s*;/i', $rule, $matches)) + $sid = trim($matches[1]); + if (preg_match('/\bgid\s*:\s*(\d+)\s*;/i', $rule, $matches)) + $gid = trim($matches[1]); + if (preg_match('/\brev\s*:\s*([^\;]+)/i', $rule, $matches)) + $rev = trim($matches[1]); + if (preg_match('/\bclasstype\s*:\s*([^\;]+)/i', $rule, $matches)) + $classtype = trim($matches[1]); + if (preg_match('/\bpriority\s*:\s*([^\;]+)/i', $rule, $matches)) + $priority = trim($matches[1]); + + if (!empty($gid) && !empty($sid) && !empty($msg)) { + $sidEntry = $gid . ' || ' . $sid . ' || ' . $rev . ' || ' . $classtype . ' || '; + $sidEntry .= $priority . ' || ' . $msg; + preg_match_all('/\breference\s*:\s*([^\;]+)/i', $rule, $matches); + foreach ($matches[1] as $ref) + $sidEntry .= " || " . trim($ref); + $sidEntry .= "\n"; + $sidMap[] = $sidEntry; + } + } + } + // Sort the generated sid-msg map + natcasesort($sidMap); + + // Now print the result to the supplied file + @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Snort.\n\n"); + @file_put_contents($sid_file, array_values($sidMap), FILE_APPEND); +} + +function suricata_merge_reference_configs($cfg_in, $cfg_out) { + + /***********************************************************/ + /* This function takes a list of "reference.config" files */ + /* in the $cfg_in array and merges them into a single */ + /* file specified by $cfg_out. The merging is done so */ + /* no duplication of lines occurs in the output file. */ + /***********************************************************/ + + $outMap = array(); + foreach ($cfg_in as $file) { + if (!file_exists($file)) + continue; + $in = file($file, FILE_SKIP_EMPTY_LINES); + foreach ($in as $line) { + /* Skip comment lines */ + if (preg_match('/^\s*#/', $line)) + continue; + if (preg_match('/(\:)\s*(\w+)\s*(.*)/', $line, $matches)) { + if (!empty($matches[2]) && !empty($matches[3])) { + $matches[2] = trim($matches[2]); + if (!array_key_exists($matches[2], $outMap)) { + if (!is_array($outMap[$matches[2]])) + $outMap[$matches[2]] = array(); + $outMap[$matches[2]] = trim($matches[3]); + } + } + } + } + } + // Sort the new reference map. + uksort($outMap,'strnatcasecmp'); + + // Do NOT write an empty references.config file, just + // exit instead. + if (empty($outMap)) + return false; + + // Format and write it to the supplied output file. + $format = "config reference: %-12s %s\n"; + foreach ($outMap as $key=>$value) + $outMap[$key] = sprintf($format, $key, $value); + @file_put_contents($cfg_out, array_values($outMap)); + return true; +} + +function suricata_merge_classification_configs($cfg_in, $cfg_out) { + + /************************************************************/ + /* This function takes a list of "classification.config" */ + /* files in the $cfg_in array and merges them into a */ + /* single file specified by $cfg_out. The merging is done */ + /* so no duplication of lines occurs in the output file. */ + /************************************************************/ + + $outMap = array(); + foreach ($cfg_in as $file) { + if (!file_exists($file)) + continue; + $in = file($file, FILE_SKIP_EMPTY_LINES); + foreach ($in as $line) { + if (preg_match('/(.*:)(\s*.*),(.*),(.*)/', $line, $matches)) { + /* Skip comment lines */ + if (preg_match('/^\s*#/', $line)) + continue; + if (!empty($matches[2]) && !empty($matches[3]) && !empty($matches[4])) { + $matches[2] = trim($matches[2]); + if (!array_key_exists($matches[2], $outMap)) { + if (!is_array($outMap[$matches[2]])) + $outMap[$matches[2]] = array(); + $outMap[$matches[2]] = trim($matches[3]) . "," . trim($matches[4]); + } + } + } + } + } + // Sort the new classification map. + uksort($outMap,'strnatcasecmp'); + + // Do NOT write an empty classification.config file, just + // exit instead. + if (empty($outMap)) + return false; + + // Format and write it to the supplied output file. + $format = "config classification: %s,%s\n"; + foreach ($outMap as $key=>$value) + $outMap[$key] = sprintf($format, $key, $value); + @file_put_contents($cfg_out, array_values($outMap)); + return true; +} + +function suricata_load_rules_map($rules_path) { + + /***************************************************************/ + /* This function loads and returns an array with all the rules */ + /* found in the *.rules files in the passed rules path. */ + /* */ + /* $rules_path can be: */ + /* a directory (assumed to contain *.rules files) */ + /* a filename (identifying a specific *.rules file) */ + /* an array of filenames (identifying *.rules files) */ + /***************************************************************/ + + $map_ref = array(); + $rule_files = array(); + + if (empty($rules_path)) + return $map_ref; + + /*************************************************************** + * Read all the rules into the map array. + * The structure of the map array is: + * + * map[gid][sid]['rule']['category']['disabled']['flowbits'] + * + * where: + * gid = Generator ID from rule, or 1 if general text + * rule + * sid = Signature ID from rule + * rule = Complete rule text + * category = File name of file containing the rule + * action = alert, drop, reject or pass + * disabled = 1 if rule is disabled (commented out), 0 if + * rule is enabled + * flowbits = Array of applicable flowbits if rule contains + * flowbits options + ***************************************************************/ + + // First check if we were passed a directory, a single file + // or an array of filenames to read. Set our $rule_files + // variable accordingly. If we can't figure it out, return + // an empty rules map array. + if (is_string($rules_path)) { + if (is_dir($rules_path)) + $rule_files = glob($rules_path . "*.rules"); + elseif (is_file($rules_path)) + $rule_files = (array)$rules_path; + } + elseif (is_array($rules_path)) + $rule_files = $rules_path; + else + return $map_ref; + + // Read the rule files into an array, then iterate the list + // to process the rules from the files one-by-one. + foreach ($rule_files as $file) { + + // Don't process files with "deleted" in the filename. + if (stristr($file, "deleted")) + continue; + + // Read the file contents into an array, skipping + // missing files. + if (!file_exists($file)) + continue; + + $rules_array = file($file, FILE_SKIP_EMPTY_LINES); + $record = ""; + $b_Multiline = false; + + // Read and process each line from the rules in the + // current file into an array. + foreach ($rules_array as $rule) { + + // Skip any lines that may be just spaces. + if (trim($rule, " \n") == "") + continue; + + // Skip any non-rule lines unless we're in + // multiline mode. + if (!preg_match('/^\s*#*\s*(alert|drop|pass|reject)/i', $rule) && !$b_Multiline) + continue; + + // Test for a multi-line rule; loop and reassemble + // the pieces back into a single line. + if (preg_match('/\\\\s*[\n]$/m', $rule)) { + $rule = substr($rule, 0, strrpos($rule, '\\')); + $record .= $rule; + $b_Multiline = true; + continue; + } + // If the last segment of a multiline rule, then + // append it onto the previous parts to form a + // single-line rule for further processing below. + elseif (!preg_match('/\\\\s*[\n]$/m', $rule) && $b_Multiline) { + $record .= $rule; + $rule = $record; + } + + // We have an actual single-line rule, or else a + // re-assembled multiline rule that is now a + // single-line rule, so store it in our rules map. + + // Get and test the SID. If we don't find one, + // ignore and skip this rule as it is invalid. + $sid = suricata_get_sid($rule); + if (empty($sid)) { + $b_Multiline = false; + $record = ""; + continue; + } + + $gid = suricata_get_gid($rule); + if (!is_array($map_ref[$gid])) + $map_ref[$gid] = array(); + if (!is_array($map_ref[$gid][$sid])) + $map_ref[$gid][$sid] = array(); + $map_ref[$gid][$sid]['rule'] = $rule; + $map_ref[$gid][$sid]['category'] = basename($file, ".rules"); + + // Grab the rule action + $matches = array(); + if (preg_match('/^\s*#*\s*(alert|drop|pass|reject)/i', $rule, $matches)) + $map_ref[$gid][$sid]['action'] = $matches[1]; + else + $map_ref[$gid][$sid]['action'] = ""; + + // Determine if default state is "disabled" + if (preg_match('/^\s*\#+/', $rule)) + $map_ref[$gid][$sid]['disabled'] = 1; + else + $map_ref[$gid][$sid]['disabled'] = 0; + + // Grab any associated flowbits from the rule. + $map_ref[$gid][$sid]['flowbits'] = suricata_get_flowbits($rule); + + // Reset our local flag and record variables + // for the next rule in the set. + $b_Multiline = false; + $record = ""; + } + + // Zero out our processing array and get the next file. + unset($rules_array); + } + return $map_ref; +} + +function suricata_get_gid($rule) { + + /****************************************************************/ + /* If a gid is defined, then return it, else default to "1" for */ + /* general text rules match. */ + /****************************************************************/ + + if (preg_match('/\bgid\s*:\s*(\d+)\s*;/i', $rule, $matches)) + return trim($matches[1]); + else + return "1"; +} + +function suricata_get_sid($rule) { + + /***************************************************************/ + /* If a sid is defined, then return it, else default to an */ + /* empty value. */ + /***************************************************************/ + + if (preg_match('/\bsid\s*:\s*(\d+)\s*;/i', $rule, $matches)) + return trim($matches[1]); + else + return ""; +} + +function suricata_get_msg($rule) { + + /**************************************************************/ + /* Return the MSG section of the passed rule as a string. */ + /**************************************************************/ + + $msg = ""; + if (preg_match('/\bmsg\s*:\s*"(.+?)"\s*;/i', $rule, $matches)) + $msg = trim($matches[1]); + return $msg; +} + +function suricata_get_flowbits($rule) { + + /*************************************************************/ + /* This will pull out "flowbits:" options from the rule text */ + /* and return them in an array (minus the "flowbits:" part). */ + /*************************************************************/ + + $flowbits = array(); + + // Grab any "flowbits:set, setx, unset, isset or toggle" options first. + // Examine flowbits targets for logical operators to capture all targets. + if (preg_match_all('/flowbits\b\s*:\s*(set|setx|unset|toggle|isset|isnotset)\s*,([^;]+)/i', $rule, $matches)) { + $i = -1; + while (++$i < count($matches[1])) { + $action = trim($matches[1][$i]); + $target = preg_split('/[&|]/', $matches[2][$i]); + foreach ($target as $t) + $flowbits[] = "{$action}," . trim($t); + } + } + + // Include the "flowbits:noalert or reset" options, if present. + if (preg_match_all('/flowbits\b\s*:\s*(noalert|reset)\b/i', $rule, $matches)) { + $i = -1; + while (++$i < count($matches[1])) { + $flowbits[] = trim($matches[1][$i]); + } + } + + return $flowbits; +} + +function suricata_get_checked_flowbits($rules_map) { + + /*************************************************************/ + /* This function checks all the currently enabled rules to */ + /* find any checked flowbits, and returns the checked */ + /* flowbit names in an array. */ + /*************************************************************/ + + $checked_flowbits = array(); + foreach ($rules_map as $rulem) { + if (!is_array($rulem)) + continue; + foreach ($rulem as $rulem2) { + if (!is_array($rulem2)) + continue; + if ($rulem2['disabled'] == 1) + continue; + if (empty($rulem2['flowbits'])) + continue; + if (!is_array($rulem2['flowbits'])) + continue; + foreach ($rulem2['flowbits'] as $flowbit) { + if (empty($flowbit)) + continue; + // If no comma in flowbits option, then skip it. + $pos = strpos($flowbit, ","); + if ($pos === false) + continue; + $action = substr(strtolower($flowbit), 0, $pos); + if ($action == "isset" || $action == "isnotset") { + $target = preg_split('/[&|]/', substr($flowbit, $pos + 1)); + foreach ($target as $t) + if (!empty($t) && !isset($checked_flowbits[$t])) { + if (!is_array($checked_flowbits[$t])) + $checked_flowbits[$t] = array(); + $checked_flowbits[$t] = $action; + } + } + } + } + } + unset($rulem, $rulem2); + return $checked_flowbits; +} + +function suricata_get_set_flowbits($rules_map) { + + /*********************************************************/ + /* This function checks all the currently enabled rules */ + /* to find any set flowbits, and returns the flowbit */ + /* names in an array. */ + /*********************************************************/ + + $set_flowbits = array(); + foreach ($rules_map as $rulem) { + if (!is_array($rulem)) + continue; + foreach ($rulem as $rulem2) { + if ($rulem2['disabled'] == 1) + continue; + if (empty($rulem2['flowbits'])) + continue; + if (!is_array($rulem2['flowbits'])) + continue; + foreach ($rulem2['flowbits'] as $flowbit) { + if (empty($flowbit)) + continue; + /* If no comma in flowbits option, then skip it. */ + $pos = strpos($flowbit, ","); + if ($pos === false) + continue; + $action = substr(strtolower($flowbit), 0, $pos); + if ($action == "set" || $action == "toggle" || $action == "setx") { + $target = preg_split('/[&|]/', substr($flowbit, $pos + 1)); + foreach ($target as $t) + if (!empty($t) && !isset($set_flowbits[$t])) { + if (!is_array($set_flowbits[$t])) + $set_flowbits[$t] = array(); + $set_flowbits[$t] = $action; + } + } + } + } + } + unset($rulem, $rulem2); + return $set_flowbits; +} + +function suricata_find_flowbit_required_rules($rules, $unchecked_flowbits) { + + /********************************************************/ + /* This function finds all rules that must be enabled */ + /* in order to satisfy the "checked flowbits" used by */ + /* the currently enabled rules. It returns the list */ + /* of required rules in an array. */ + /********************************************************/ + + $required_flowbits_rules = array(); + foreach ($rules as $k1 => $rule) { + if (!is_array($rule)) + continue; + foreach ($rule as $k2 => $rule2) { + if (empty($rule2['flowbits'])) + continue; + if (!is_array($rule2['flowbits'])) + continue; + foreach ($rule2['flowbits'] as $flowbit) { + if (empty($flowbit)) + continue; + $action = substr($flowbit, 0, strpos($flowbit, ",")); + if (!strcasecmp(substr($action, 0, 3), "set")) { + $tmp = substr($flowbit, strpos($flowbit, ",") +1 ); + if (!empty($tmp) && isset($unchecked_flowbits[$tmp])) { + if (!is_array($required_flowbits_rules[$k1])) + $required_flowbits_rules[$k1] = array(); + if (!is_array($required_flowbits_rules[$k1][$k2])) + $required_flowbits_rules[$k1][$k2] = array(); + $required_flowbits_rules[$k1][$k2]['category'] = $rule2['category']; + if ($rule2['disabled'] == 0) + // If not disabled, just return the rule text "as is" + $required_flowbits_rules[$k1][$k2]['rule'] = ltrim($rule2['rule']); + else { + // If rule is disabled, remove leading '#' to enable it + $required_flowbits_rules[$k1][$k2]['rule'] = ltrim(substr($rule2['rule'], strpos($rule2['rule'], "#") + 1)); + $required_flowbits_rules[$k1][$k2]['disabled'] = 0; + } + } + } + } + } + } + unset($rule, $rule2); + + return $required_flowbits_rules; +} + +function suricata_resolve_flowbits($rules, $active_rules) { + + /******************************************************/ + /* This function auto-resolves flowbit requirements */ + /* by finding all checked flowbits in the currently */ + /* enabled rules, and then making sure all the "set" */ + /* flowbit rules for those "checked" flowbits are */ + /* enabled. For any that are not enabled, they are */ + /* copied to an array, enabled, and returned. */ + /* */ + /* $active_rules --> Rules Map array containing */ + /* the current rules for the */ + /* interface to resolve flowbit */ + /* dependencies for. */ + /* */ + /* $rules --> Rules Map array containing */ + /* all the available rules. */ + /******************************************************/ + + $suricatadir = SURICATADIR; + + // Check $rules array to be sure it is filled. + if (empty($rules)) { + log_error(gettext("[Suricata] WARNING: Flowbit resolution not done - no rules in {$suricatadir}rules/ ...")); + return array(); + } + + // First, find all the "checked" and "set" flowbits. + $checked_flowbits = suricata_get_checked_flowbits($active_rules); + $set_flowbits = suricata_get_set_flowbits($active_rules); + + // Next find any "checked" flowbits without matching + // "set" flowbit rules in the enabled rule set. + $delta_flowbits = array_diff_key($checked_flowbits, $set_flowbits); + + // Cleanup and release the memory we no longer need. + unset($checked_flowbits); + unset($set_flowbits); + + // Now find all the needed "set flowbit" rules from + // the master list of all rules. + $required_rules = suricata_find_flowbit_required_rules($rules, $delta_flowbits); + + // Cleanup and release memory we no longer need. + unset($delta_flowbits); + + return $required_rules; +} + +function suricata_write_flowbit_rules_file($flowbit_rules, $rule_file) { + + /************************************************/ + /* This function takes an array of rules in the */ + /* rules_map format and writes them to the file */ + /* given. */ + /* */ + /* $flowbit_rules --> array of flowbit-required */ + /* rules. */ + /* */ + /* $rule_file --> filename to write the */ + /* flowbit-required rules */ + /* to. */ + /************************************************/ + + $flowbit_rules_file = FLOWBITS_FILENAME; + + // See if we were passed a directory or full + // filename to write the rules to, and adjust + // the destination argument accordingly. + if (is_dir($rule_file)) + $rule_file = rtrim($rule_file, '/')."/{$flowbit_rules_file}"; + + if (empty($flowbit_rules)) { + @file_put_contents($rule_file, ""); + return; + } + + $fp = fopen($rule_file, "w"); + if ($fp) { + @fwrite($fp, "# These rules set flowbits checked by your other enabled rules. If the\n"); + @fwrite($fp, "# dependent flowbits are not set, then some of your chosen rules may\n"); + @fwrite($fp, "# not fire. Enabling all rules that set these dependent flowbits ensures\n"); + @fwrite($fp, "# your chosen rules fire as intended.\n#\n"); + @fwrite($fp, "# If you wish to prevent alerts from any of these rules, add the GID:SID\n"); + @fwrite($fp, "# of the rule to the Suppression List for the interface.\n"); + foreach ($flowbit_rules as $k1 => $rule) { + foreach ($rule as $k2 => $rule2) { + @fwrite($fp, "\n# Category: {$rule2['category']}"); + @fwrite($fp, " GID:{$k1} SID:{$k2}\n"); + @fwrite($fp, $rule2['rule']); + } + } + fclose($fp); + } +} + +function suricata_load_vrt_policy($policy, $all_rules=null) { + + /************************************************/ + /* This function returns an array of all rules */ + /* marked with the passed in $policy metadata. */ + /* */ + /* $policy --> desired VRT security policy */ + /* 1. connectivity */ + /* 2. balanced */ + /* 3. security */ + /* */ + /* $all_rules --> optional Rules Map array of */ + /* rules to scan for policy. */ + /* If not provided, then an */ + /* array will be created. */ + /************************************************/ + + $suricatadir = SURICATADIR; + $vrt_policy_rules = array(); + + // Load a map of all the VRT rules if we were + // not passed a pre-loaded one to use. + if (is_null($all_rules)) { + /* Since only Snort VRT rules have IPS Policy metadata, */ + /* limit our search to just those files. */ + $suricata_file_pattern = VRT_FILE_PREFIX . "*.rules"; + $suricata_vrt_files = glob("{$suricatadir}rules/{$suricata_file_pattern}"); + $all_rules = suricata_load_rules_map($suricata_vrt_files); + } + + // Now walk the rules list and find all those that are + // defined as active for the chosen security policy. + foreach ($all_rules as $k1 => $arulem) { + foreach ($arulem as $k2 => $arulem2) { + if (strripos($arulem2['rule'], "policy {$policy}-ips") !== false) { + if (!preg_match('/flowbits\s*:\s*noalert/i', $arulem2['rule'])) { + if (!is_array($vrt_policy_rules[$k1])) + $vrt_policy_rules[$k1] = array(); + if (!is_array($vrt_policy_rules[$k1][$k2])) + $vrt_policy_rules[$k1][$k2] = array(); + $vrt_policy_rules[$k1][$k2] = $arulem2; + + // Enable the policy rule if disabled + if ($arulem2['disabled'] == 1) { + $vrt_policy_rules[$k1][$k2]['rule'] = ltrim(substr($arulem2['rule'], strpos($arulem2['rule'], "#") + 1)); + $vrt_policy_rules[$k1][$k2]['disabled'] = 0; + } + } + } + } + } + + // Release memory we no longer need. + unset($arulem, $arulem2); + + // Return all the rules that match the policy. + return $vrt_policy_rules; +} + +function suricata_load_sid_mods($sids) { + + /*****************************************/ + /* This function parses the string of */ + /* SID values in $sids and returns an */ + /* array with the SID as the key and */ + /* value. The SID values in $sids are */ + /* assumed to be delimited by "||". */ + /* */ + /* $sids ==> string of SID values from */ + /* saved config file. */ + /* */ + /* Returns ==> a multidimensional array */ + /* with GID and SID as the */ + /* keys ($result[GID][SID]) */ + /*****************************************/ + + $result = array(); + if (empty($sids)) + return $result; + $tmp = explode("||", $sids); + foreach ($tmp as $v) { + if (preg_match('/(\d+)\s*:\s*(\d+)/', $v, $match)) { + if (!is_array($result[$match[1]])) + $result[$match[1]] = array(); + $result[$match[1]][$match[2]] = "{$match[1]}:{$match[2]}"; + } + } + unset($tmp); + + return $result; +} + +function suricata_modify_sids(&$rule_map, $suricatacfg) { + + /*****************************************/ + /* This function modifies the rules in */ + /* the passed rules_map array based on */ + /* values in the enablesid/disablesid */ + /* configuration parameters. */ + /* */ + /* $rule_map = array of current rules */ + /* $suricatacfg = config settings */ + /*****************************************/ + + if (!isset($suricatacfg['rule_sid_on']) && + !isset($suricatacfg['rule_sid_off'])) + return; + + // Load up our enablesid and disablesid + // arrays with lists of modified SIDs. + $enablesid = suricata_load_sid_mods($suricatacfg['rule_sid_on'], "enablesid"); + $disablesid = suricata_load_sid_mods($suricatacfg['rule_sid_off'], "disablesid"); + + /* Turn on any rules that need to be */ + /* forced "on" with enablesid mods. */ + if (!empty($enablesid)) { + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (isset($enablesid[$k1][$k2]) && $v['disabled'] == 1) { + $rule_map[$k1][$k2]['rule'] = ltrim($v['rule'], " \t#"); + $rule_map[$k1][$k2]['disabled'] = 0; + } + } + } + } + + /* Turn off any rules that need to be */ + /* forced "off" with disablesid mods. */ + if (!empty($disablesid)) { + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (isset($disablesid[$k1][$k2]) && $v['disabled'] == 0) { + $rule_map[$k1][$k2]['rule'] = "# " . $v['rule']; + $rule_map[$k1][$k2]['disabled'] = 1; + } + } + } + } + unset($enablesid, $disablesid); +} + +function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) { + + /***********************************************************/ + /* This function builds a new set of enforcing rules for */ + /* Suricata and writes them to disk. */ + /* */ + /* $suricatacfg --> pointer to applicable section of */ + /* config.xml containing settings for */ + /* the interface. */ + /* */ + /* $suricatacfgdir --> pointer to physical directory on */ + /* disk where Suricata configuration is */ + /* to be written. */ + /***********************************************************/ + + global $rebuild_rules; + + $suricatadir = SURICATADIR; + $flowbit_rules_file = FLOWBITS_FILENAME; + $suricata_enforcing_rules_file = ENFORCING_RULES_FILENAME; + $no_rules_defined = true; + + // If there is no reason to rebuild the rules, exit to save time. + if (!$rebuild_rules) + return; + + // Log a message for rules rebuild in progress + log_error(gettext("[Suricata] Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " ...")); + + // Only rebuild rules if some are selected or an IPS Policy is enabled + if (!empty($suricatacfg['rulesets']) || $suricatacfg['ips_policy_enable'] == 'on') { + $enabled_rules = array(); + $enabled_files = array(); + $all_rules = array(); + $no_rules_defined = false; + + // Load up all the rules into a Rules Map array. + $all_rules = suricata_load_rules_map("{$suricatadir}rules/"); + + // Create an array with the filenames of the enabled + // rule category files if we have any. + if (!empty($suricatacfg['rulesets'])) { + foreach (explode("||", $suricatacfg['rulesets']) as $file){ + $category = basename($file, ".rules"); + if (!is_array($enabled_files[$category])) + $enabled_files[$category] = array(); + $enabled_files[$category] = $file; + } + + /****************************************************/ + /* Walk the ALL_RULES map array and copy the rules */ + /* matching our selected file categories to the */ + /* ENABLED_RULES map array. */ + /****************************************************/ + foreach ($all_rules as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (isset($enabled_files[$v['category']])) { + if (!is_array($enabled_rules[$k1])) + $enabled_rules[$k1] = array(); + if (!is_array($enabled_rules[$k1][$k2])) + $enabled_rules[$k1][$k2] = array(); + $enabled_rules[$k1][$k2]['rule'] = $v['rule']; + $enabled_rules[$k1][$k2]['category'] = $v['category']; + $enabled_rules[$k1][$k2]['disabled'] = $v['disabled']; + $enabled_rules[$k1][$k2]['flowbits'] = $v['flowbits']; + } + } + } + + // Release memory we no longer need. + unset($enabled_files, $rulem, $v); + } + + // Check if a pre-defined Snort VRT policy is selected. If so, + // add all the VRT policy rules to our enforcing rule set. + if (!empty($suricatacfg['ips_policy'])) { + $policy_rules = suricata_load_vrt_policy($suricatacfg['ips_policy'], $all_rules); + foreach ($policy_rules as $k1 => $policy) { + foreach ($policy as $k2 => $p) { + if (!is_array($enabled_rules[$k1])) + $enabled_rules[$k1] = array(); + if (!is_array($enabled_rules[$k1][$k2])) + $enabled_rules[$k1][$k2] = array(); + $enabled_rules[$k1][$k2]['rule'] = $p['rule']; + $enabled_rules[$k1][$k2]['category'] = $p['category']; + $enabled_rules[$k1][$k2]['disabled'] = $p['disabled']; + $enabled_rules[$k1][$k2]['flowbits'] = $p['flowbits']; + } + } + unset($policy_rules, $policy, $p); + } + + // Process any enablesid or disablesid modifications for the selected rules. + suricata_modify_sids($enabled_rules, $suricatacfg); + + // Write the enforcing rules file to the Suricata interface's "rules" directory. + suricata_write_enforcing_rules_file($enabled_rules, "{$suricatacfgdir}/rules/{$suricata_enforcing_rules_file}"); + + // If auto-flowbit resolution is enabled, generate the dependent flowbits rules file. + if ($suricatacfg['autoflowbitrules'] == 'on') { + log_error('[Suricata] Enabling any flowbit-required rules for: ' . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . '...'); + $fbits = suricata_resolve_flowbits($all_rules, $enabled_rules); + + // Check for and disable any flowbit-required rules the user has + // manually forced to a disabled state. + suricata_modify_sids($fbits, $suricatacfg); + suricata_write_flowbit_rules_file($fbits, "{$suricatacfgdir}/rules/{$flowbit_rules_file}"); + unset($fbits); + } else + // Just put an empty file to always have the file present + suricata_write_flowbit_rules_file(array(), "{$suricatacfgdir}/rules/{$flowbit_rules_file}"); + } else { + suricata_write_enforcing_rules_file(array(), "{$suricatacfgdir}/rules/{$suricata_enforcing_rules_file}"); + suricata_write_flowbit_rules_file(array(), "{$suricatacfgdir}/rules/{$flowbit_rules_file}"); + } + + if (!empty($suricatacfg['customrules'])) { + @file_put_contents("{$suricatacfgdir}/rules/custom.rules", base64_decode($suricatacfg['customrules'])); + $no_rules_defined = false; + } + else + @file_put_contents("{$suricatacfgdir}/rules/custom.rules", ""); + + // Log a warning if the interface has no rules defined or enabled + if ($no_rules_defined) + log_error(gettext("[Suricata] Warning - no text rules selected for: " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " ...")); + + // Build a new sid-msg.map file from the enabled + // rules and copy it to the interface directory. + log_error(gettext("[Suricata] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "...")); + suricata_build_sid_msg_map("{$suricatacfgdir}/rules/", "{$suricatacfgdir}/sid-msg.map"); +} + + +function suricata_write_enforcing_rules_file($rule_map, $rule_path) { + + /************************************************/ + /* This function takes a rules map array of */ + /* the rules chosen for the active rule set */ + /* and writes them out to the passed path. */ + /* */ + /* $rule_map --> Rules Map array of rules to */ + /* write to disk. */ + /* */ + /* $rule_path --> filename or directory where */ + /* rules file will be written. */ + /************************************************/ + + $rule_file = "/" . ENFORCING_RULES_FILENAME; + + // See if we were passed a directory or full + // filename to write the rules to, and adjust + // the destination argument accordingly. + if (is_dir($rule_path)) + $rule_file = rtrim($rule_path, '/').$rule_file; + else + $rule_file = $rule_path; + + // If the $rule_map array is empty, then exit. + if (empty($rule_map)) { + file_put_contents($rule_file, ""); + return; + } + + $fp = fopen($rule_file, "w"); + if ($fp) { + @fwrite($fp, "# These rules are your current set of enforced rules for the protected\n"); + @fwrite($fp, "# interface. This list was compiled from the categories selected on the\n"); + @fwrite($fp, "# CATEGORIES tab of the Suricata configuration for the interface and/or any\n"); + @fwrite($fp, "# chosen Snort VRT pre-defined IPS Policy.\n#\n"); + @fwrite($fp, "# Any enablesid or disablesid customizations you made have been applied\n"); + @fwrite($fp, "# to the rules in this file.\n\n"); + foreach ($rule_map as $rulem) { + foreach ($rulem as $rulem2) { + /* No reason to write disabled rules to enforcing file, so skip them. */ + if ($rulem2['disabled'] == 1) + continue; + @fwrite($fp, $rulem2['rule']); + } + } + fclose($fp); + } +} + +function suricata_create_rc() { + + /************************************************************/ + /* This function builds the /usr/local/etc/rc.d/suricata.sh */ + /* shell script for starting and stopping Suricata. The */ + /* script is rebuilt on each package sync operation and */ + /* after any changes to suricata.conf saved in the GUI. */ + /************************************************************/ + + global $config, $g; + + $suricatadir = SURICATADIR; + $suricatalogdir = SURICATALOGDIR; + $rcdir = RCFILEPREFIX; + + // If no interfaces are configured for Suricata, exit + if (!is_array($config['installedpackages']['suricata']['rule'])) + return; + $suricataconf = $config['installedpackages']['suricata']['rule']; + if (empty($suricataconf)) + return; + + // At least one interface is configured, so OK + $start_suricata_iface_start = array(); + $start_suricata_iface_stop = array(); + + // Loop thru each configured interface and build + // the shell script. + foreach ($suricataconf as $value) { + // Skip disabled Suricata interfaces + if ($value['enable'] <> 'on') + continue; + $suricata_uuid = $value['uuid']; + $if_real = get_real_interface($value['interface']); + + $start_barnyard = <<<EOE + + if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid ]; then + pid=`/bin/pgrep -fn "barnyard2 -r {$suricata_uuid} "` + else + pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid` + fi + + if [ ! -z \$pid ]; then + /usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$suricata_uuid}_{$if_real})..." + /bin/pkill -HUP \$pid + else + /usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 START for {$value['descr']}({$suricata_uuid}_{$if_real})..." + /usr/local/bin/barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/barnyard2.conf -d {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} -D -q + fi + +EOE; + $stop_barnyard2 = <<<EOE + + if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid ]; then + /usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 STOP for {$value['descr']}({$suricata_uuid}_{$if_real})..." + pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid` + /bin/pkill -TERM -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid + time=0 timeout=30 + while /bin/kill -TERM \$pid 2>/dev/null; do + sleep 1 + time=\$((time+1)) + if [ \$time -gt \$timeout ]; then + break + fi + done + if [ -f /var/run/barnyard2_{$if_real}{$suricata_uuid}.pid ]; then + /bin/rm /var/run/barnyard2_{$if_real}{$suricata_uuid}.pid + fi + else + pid=`/bin/pgrep -fn "barnyard2 -r {$suricata_uuid} "` + if [ ! -z \$pid ]; then + /bin/pkill -TERM -fn "barnyard2 -r {$suricata_uuid} " + time=0 timeout=30 + while /bin/kill -TERM \$pid 2>/dev/null; do + sleep 1 + time=\$((time+1)) + if [ \$time -gt \$timeout ]; then + break + fi + done + fi + fi + +EOE; + if ($value['barnyard_enable'] == 'on') + $start_barnyard2 = $start_barnyard; + else + $start_barnyard2 = $stop_barnyard2; + + $start_suricata_iface_start[] = <<<EOE + +###### For Each Iface + # Start suricata and barnyard2 + if [ ! -f {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid ]; then + pid=`/bin/pgrep -fn "suricata -i {$if_real} "` + else + pid=`/bin/pgrep -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid` + fi + + if [ ! -z \$pid ]; then + /usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata SOFT RESTART for {$value['descr']}({$suricata_uuid}_{$if_real})..." + /bin/pkill -USR2 \$pid + else + /usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata START for {$value['descr']}({$suricata_uuid}_{$if_real})..." + /usr/local/bin/suricata -i {$if_real} -D -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/suricata.yaml --pidfile {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid + fi + + sleep 2 + {$start_barnyard2} + +EOE; + + $start_suricata_iface_stop[] = <<<EOE + + if [ -f {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid ]; then + pid=`/bin/pgrep -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid` + /usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata STOP for {$value['descr']}({$suricata_uuid}_{$if_real})..." + /bin/pkill -TERM -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid + time=0 timeout=30 + while /bin/kill -TERM \$pid 2>/dev/null; do + sleep 1 + time=\$((time+1)) + if [ \$time -gt \$timeout ]; then + break + fi + done + if [ -f /var/run/suricata_{$if_real}{$suricata_uuid}.pid ]; then + /bin/rm /var/run/suricata_{$if_real}{$suricata_uuid}.pid + fi + else + pid=`/bin/pgrep -fn "suricata -i {$if_real} "` + if [ ! -z \$pid ]; then + /usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata STOP for {$value['descr']}({$suricata_uuid}_{$if_real})..." + /bin/pkill -TERM -fn "suricata -i {$if_real} " + time=0 timeout=30 + while /bin/kill -TERM \$pid 2>/dev/null; do + sleep 1 + time=\$((time+1)) + if [ \$time -gt \$timeout ]; then + break + fi + done + fi + fi + + sleep 2 + {$stop_barnyard2} + +EOE; + } + + $rc_start = implode("\n", $start_suricata_iface_start); + $rc_stop = implode("\n", $start_suricata_iface_stop); + + $suricata_sh_text = <<<EOD +#!/bin/sh +######## +# This file was automatically generated +# by the pfSense service handler. +######## Start of main suricata.sh + +rc_start() { + {$rc_start} +} + +rc_stop() { + {$rc_stop} +} + +case $1 in + start) + rc_start + ;; + stop) + rc_stop + ;; + restart) + rc_stop + rc_start + ;; +esac + +EOD; + + // Write out the suricata.sh script file + @file_put_contents("{$rcdir}/suricata.sh", $suricata_sh_text); + @chmod("{$rcdir}/suricata.sh", 0755); + unset($suricata_sh_text); +} + +function suricata_generate_barnyard2_conf($suricatacfg, $if_real) { + global $config, $g; + + $suricata_uuid = $suricatacfg['uuid']; + $suricatadir = SURICATADIR . "suricata_{$suricata_uuid}_{$if_real}"; + $suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; + + // Create required directories for barnyard2 if missing + if (!is_dir("{$suricatalogdir}/barnyard2")) + safe_mkdir("{$suricatalogdir}/barnyard2"); + if (!is_dir("{$suricatalogdir}/barnyard2/archive")) + safe_mkdir("{$suricatalogdir}/barnyard2/archive"); + + // Create the barnyard2 waldo file if missing + if (!file_exists("{$suricatalogdir}/barnyard2/{$suricata_uuid}_{$if_real}.waldo")) { + @touch("{$suricatalogdir}/barnyard2/{$suricata_uuid}_{$if_real}.waldo"); + mwexec("/bin/chmod 770 {$suricatalogdir}/barnyard2/{$suricata_uuid}_{$if_real}.waldo", true); + } + + // If there is no gen-msg.map file present, create an + // empty one so Barnyard2 will at least start. + if (!file_exists("{$suricatadir}/gen-msg.map")) + @file_put_contents("{$suricatadir}/gen-msg.map", ""); + + if (!empty($suricatacfg['barnyard_sensor_name'])) + $suricatabarnyardlog_hostname_info_chk = $suricatacfg['barnyard_sensor_name']; + else + $suricatabarnyardlog_hostname_info_chk = php_uname("n"); + + // Set general config parameters + $gen_configs = "config quiet\nconfig daemon\nconfig decode_data_link\nconfig alert_with_interface_name\nconfig event_cache_size: 4096"; + if ($suricatacfg['barnyard_show_year'] == 'on') + $gen_configs .= "\nconfig show_year"; + if ($suricatacfg['barnyard_obfuscate_ip'] == 'on') + $gen_configs .= "\nconfig obfuscate"; + if ($suricatacfg['barnyard_dump_payload'] == 'on') + $gen_configs .= "\nconfig dump_payload"; + if ($suricatacfg['barnyard_archive_enable'] == 'on') + $gen_configs .= "\nconfig archivedir: {$suricatalogdir}/barnyard2/archive"; + + // Set output plugins + $suricatabarnyardlog_output_plugins = ""; + if ($suricatacfg['barnyard_mysql_enable'] == 'on') { + $by2_dbpwd = base64_decode($suricatacfg['barnyard_dbpwd']); + $suricatabarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: alert, mysql, "; + $suricatabarnyardlog_output_plugins .= "user={$suricatacfg['barnyard_dbuser']} password={$by2_dbpwd} "; + $suricatabarnyardlog_output_plugins .= "dbname={$suricatacfg['barnyard_dbname']} host={$suricatacfg['barnyard_dbhost']}\n\n"; + } + if ($suricatacfg['barnyard_syslog_enable'] == 'on') { + $suricatabarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\n"; + $suricatabarnyardlog_output_plugins .= "output alert_syslog_full: sensor_name {$suricatabarnyardlog_hostname_info_chk}, "; + if ($suricatacfg['barnyard_syslog_local'] == 'on') + $suricatabarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n\n"; + else { + $suricatabarnyardlog_output_plugins .= "server {$suricatacfg['barnyard_syslog_rhost']}, protocol {$suricatacfg['barnyard_syslog_proto']}, "; + $suricatabarnyardlog_output_plugins .= "port {$suricatacfg['barnyard_syslog_dport']}, operation_mode {$suricatacfg['barnyard_syslog_opmode']}, "; + $suricatabarnyardlog_output_plugins .= "log_facility {$suricatacfg['barnyard_syslog_facility']}, log_priority {$suricatacfg['barnyard_syslog_priority']}\n\n"; + } + } + if ($suricatacfg['barnyard_bro_ids_enable'] == 'on') { + $suricatabarnyardlog_output_plugins .= "# alert_bro: log to a Bro-IDS receiver\n"; + $suricatabarnyardlog_output_plugins .= "output alert_bro: {$suricatacfg['barnyard_bro_ids_rhost']}:{$suricatacfg['barnyard_bro_ids_dport']}\n"; + } + + // Trim leading and trailing newlines and spaces + $suricatabarnyardlog_output_plugins = rtrim($suricatabarnyardlog_output_plugins, "\n"); + + // User pass-through arguments + $suricatabarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($suricatacfg['barnconfigpassthru'])); + + // Create the conf file as a text string + $barnyard2_conf_text = <<<EOD + +# barnyard2.conf +# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php +# + +## General Barnyard2 settings ## +{$gen_configs} +config reference_file: {$suricatadir}/reference.config +config classification_file: {$suricatadir}/classification.config +config sid_file: {$suricatadir}/sid-msg.map +config gen_file: {$suricatadir}/gen-msg.map +config hostname: {$suricatabarnyardlog_hostname_info_chk} +config interface: {$if_real} +config waldo_file: {$suricatalogdir}/barnyard2/{$suricata_uuid}_{$if_real}.waldo +config logdir: {$suricatalogdir} + +## START user pass through ## +{$suricatabarnyardlog_config_pass_thru} +## END user pass through ## + +## Setup input plugins ## +input unified2 + +## Setup output plugins ## +{$suricatabarnyardlog_output_plugins} + +EOD; + + /* Write out barnyard2_conf text string to disk */ + @file_put_contents("{$suricatadir}/barnyard2.conf", $barnyard2_conf_text); + unset($barnyard2_conf_text); +} + +function suricata_generate_yaml($suricatacfg) { + + /************************************************************/ + /* This function generates the suricata.yaml configuration */ + /* file for Suricata on the passed interface instance. The */ + /* code uses two included files: one that contains most of */ + /* the PHP code, and another that provides the template for */ + /* generating the configuration file. Using two include */ + /* files works around the "require_once()" caching issues */ + /* that can prevent new changes in this code from being */ + /* available during package installs on pfSense. */ + /* */ + /* On Entry: suricatacfg --> Suricata instance info in */ + /* the config.xml master config */ + /* file. */ + /************************************************************/ + + global $config, $g; + + $suricatadir = SURICATADIR; + $suricatalogdir = SURICATALOGDIR; + $flowbit_rules_file = FLOWBITS_FILENAME; + $suricata_enforcing_rules_file = ENFORCING_RULES_FILENAME; + $if_real = get_real_interface($suricatacfg['interface']); + $suricata_uuid = $suricatacfg['uuid']; + $suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}"; + + conf_mount_rw(); + + if (!is_array($config['installedpackages']['suricata']['rule'])) + return; + + // Pull in the PHP code that generates the suricata.yaml file + // variables that will be substitued further down below. + include("/usr/local/www/suricata/suricata_generate_yaml.php"); + + // Pull in the boilerplate template for the suricata.yaml + // configuration file. The contents of the template along + // with substituted variables is stored in $suricata_conf_text + // (which is defined in the included file). + include("/usr/local/pkg/suricata/suricata_yaml_template.inc"); + + // Now write out the conf file using $suricata_conf_text contents + @file_put_contents("{$suricatacfgdir}/suricata.yaml", $suricata_conf_text); + unset($suricata_conf_text); + conf_mount_ro(); +} + +?> diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc new file mode 100644 index 00000000..8dcec887 --- /dev/null +++ b/config/suricata/suricata.priv.inc @@ -0,0 +1,46 @@ +<?php + +global $priv_list; + +$priv_list['page-services-suricata'] = array(); +$priv_list['page-services-suricata']['name'] = "WebCfg - Services: suricata package."; +$priv_list['page-services-suricata']['descr'] = "Allow access to suricata package gui"; +$priv_list['page-services-suricata']['match'] = array(); +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_alerts.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_barnyard.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_check_for_rule_updates.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_define_vars.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_download_rules.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_download_updates.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_app_parsers.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_libhtp_policy_engine.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_import_aliases.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_edit.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_global.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress_edit.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist_edit.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_list_view.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_browser.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_mgmt.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_flow_stream.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules_edit.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules_flowbits.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rulesets.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_os_policy_engine.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_global.php*"; +$priv_list['page-services-suricata']['match'][] = "pkg_edit.php?xml=suricata/suricata.xml*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_check_cron_misc.inc*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_yaml_template.inc*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata.inc*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_uninstall.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_generate_yaml.php*"; +$priv_list['page-services-suricata']['match'][] = "widgets/javascript/suricata_alerts.js*"; +$priv_list['page-services-suricata']['match'][] = "widgets/widgets/suricata_alerts.widget.php*"; +$priv_list['page-services-suricata']['match'][] = "widgets/include/widget-suricata.inc*"; +?>
\ No newline at end of file diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml new file mode 100644 index 00000000..fb296aed --- /dev/null +++ b/config/suricata/suricata.xml @@ -0,0 +1,246 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + suricata.xml + part of the Suricata package for pfSense + Copyright (C) 2014 Bill meeks + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Suricata IDS/IPS Package</description> + <requirements>None</requirements> + <name>suricata</name> + <version>1.4.6 pkg v0.3-BETA</version> + <title>Services: Suricata IDS</title> + <include_file>/usr/local/pkg/suricata/suricata.inc</include_file> + <menu> + <name>Suricata</name> + <tooltiptext>Configure Suricata settings</tooltiptext> + <section>Services</section> + <url>/suricata/suricata_interfaces.php</url> + </menu> + <service> + <name>suricata</name> + <rcfile>suricata.sh</rcfile> + <executable>suricata</executable> + <description>Suricata IDS/IPS Daemon</description> + </service> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + <chmod>077</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata.inc</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_check_cron_misc.inc</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_yaml_template.inc</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_generate_yaml.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_download_updates.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_global.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_interfaces.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_interfaces_edit.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_download_rules.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_check_for_rule_updates.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_rules.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_rulesets.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_rules_flowbits.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_rules_edit.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_flow_stream.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_os_policy_engine.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_import_aliases.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_suppress.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_suppress_edit.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_logs_browser.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_logs_mgmt.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_list_view.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_app_parsers.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_libhtp_policy_engine.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_uninstall.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_define_vars.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_barnyard.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_post_install.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/javascript/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.js</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.widget.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/include/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/widget-suricata.inc</item> + </additional_files_needed> + <!-- configpath gets expanded out automatically and config items will be stored in that location --> + <configpath>['installedpackages']['suricata']</configpath> + <tabs> + </tabs> + <fields> + </fields> + <custom_php_install_command> + <![CDATA[ + include_once("/usr/local/www/suricata/suricata_post_install.php"); + ]]> + </custom_php_install_command> + <custom_php_deinstall_command> + <![CDATA[ + include_once("/usr/local/www/suricata/suricata_uninstall.php"); + ]]> + </custom_php_deinstall_command> + <custom_php_resync_config_command> + sync_suricata_package_config(); + </custom_php_resync_config_command> + <custom_php_validation_command> + </custom_php_validation_command> +</packagegui> diff --git a/config/suricata/suricata_alerts.js b/config/suricata/suricata_alerts.js new file mode 100644 index 00000000..b6a5d3c3 --- /dev/null +++ b/config/suricata/suricata_alerts.js @@ -0,0 +1,85 @@ + +var suricatatimer; +var suricataisBusy = false; +var suricataisPaused = false; + +function suricata_alerts_fetch_new_rules_callback(callback_data) { + var data_split; + var new_data_to_add = Array(); + var data = callback_data; + + data_split = data.split("\n"); + + // Loop through rows and generate replacement HTML + for(var x=0; x<data_split.length-1; x++) { + row_split = data_split[x].split("||"); + var line = ''; + line = '<td class="listMRr">' + row_split[0] + '<br/>' + row_split[1] + '</td>'; + line += '<td class="listMRr ellipsis" nowrap><div style="display:inline;" title="'; + line += row_split[2] + '">' + row_split[2] + '</div><br/><div style="display:inline;" title="'; + line += row_split[3] + '">' + row_split[3] + '</div></td>'; + line += '<td class="listMRr">' + 'Pri: ' + row_split[4] + ' ' + row_split[5] + '</td>'; + new_data_to_add[new_data_to_add.length] = line; + } + suricata_alerts_update_div_rows(new_data_to_add); + suricataisBusy = false; +} +function suricata_alerts_update_div_rows(data) { + if(suricataisPaused) + return; + + var rows = jQuery('#suricata-alert-entries>tr'); + + // Number of rows to move by + var move = rows.length + data.length - suri_nentries; + if (move < 0) + move = 0; + + for (var i = rows.length - 1; i >= move; i--) { + jQuery(rows[i]).html(jQuery(rows[i - move]).html()); + } + + var tbody = jQuery('#suricata-alert-entries'); + for (var i = data.length - 1; i >= 0; i--) { + if (i < rows.length) { + jQuery(rows[i]).html(data[i]); + } else { + jQuery(tbody).prepend('<tr>' + data[i] + '</tr>'); + } + } + + // Add the even/odd class to each of the rows now + // they have all been added. + rows = jQuery('#suricata-alert-entries>tr'); + for (var i = 0; i < rows.length; i++) { + rows[i].className = i % 2 == 0 ? 'listMRodd' : 'listMReven'; + } +} + +function fetch_new_surialerts() { + if(suricataisPaused) + return; + if(suricataisBusy) + return; + + suricataisBusy = true; + + jQuery.ajax('/widgets/widgets/suricata_alerts.widget.php?getNewAlerts=' + new Date().getTime(), { + type: 'GET', + dataType: 'text', + success: function(data) { + suricata_alerts_fetch_new_rules_callback(data); + } + }); +} + +function suricata_alerts_toggle_pause() { + if(suricataisPaused) { + suricataisPaused = false; + fetch_new_surialerts(); + } else { + suricataisPaused = true; + } +} +/* start local AJAX engine */ +suricatatimer = setInterval('fetch_new_surialerts()', suricataupdateDelay); diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php new file mode 100644 index 00000000..01d4daeb --- /dev/null +++ b/config/suricata/suricata_alerts.php @@ -0,0 +1,607 @@ +<?php +/* + * suricata_alerts.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +$supplist = array(); + +function suricata_is_alert_globally_suppressed($list, $gid, $sid) { + + /************************************************/ + /* Checks the passed $gid:$sid to see if it has */ + /* been globally suppressed. If true, then any */ + /* "track by_src" or "track by_dst" options are */ + /* disabled since they are overridden by the */ + /* global suppression of the $gid:$sid. */ + /************************************************/ + + /* If entry has a child array, then it's by src or dst ip. */ + /* So if there is a child array or the keys are not set, */ + /* then this gid:sid is not globally suppressed. */ + if (is_array($list[$gid][$sid])) + return false; + elseif (!isset($list[$gid][$sid])) + return false; + else + return true; +} + +function suricata_add_supplist_entry($suppress) { + + /************************************************/ + /* Adds the passed entry to the Suppress List */ + /* for the active interface. If a Suppress */ + /* List is defined for the interface, it is */ + /* used. If no list is defined, a new default */ + /* list is created using the interface name. */ + /* */ + /* On Entry: */ + /* $suppress --> suppression entry text */ + /* */ + /* Returns: */ + /* TRUE if successful or FALSE on failure */ + /************************************************/ + + global $config, $a_instance, $instanceid; + + if (!is_array($config['installedpackages']['suricata']['suppress'])) + $config['installedpackages']['suricata']['suppress'] = array(); + if (!is_array($config['installedpackages']['suricata']['suppress']['item'])) + $config['installedpackages']['suricata']['suppress']['item'] = array(); + $a_suppress = &$config['installedpackages']['suricata']['suppress']['item']; + + $found_list = false; + + /* If no Suppress List is set for the interface, then create one with the interface name */ + if (empty($a_instance[$instanceid]['suppresslistname']) || $a_instance[$instanceid]['suppresslistname'] == 'default') { + $s_list = array(); + $s_list['uuid'] = uniqid(); + $s_list['name'] = $a_instance[$instanceid]['interface'] . "suppress" . "_" . $s_list['uuid']; + $s_list['descr'] = "Auto-generated list for Alert suppression"; + $s_list['suppresspassthru'] = base64_encode($suppress); + $a_suppress[] = $s_list; + $a_instance[$instanceid]['suppresslistname'] = $s_list['name']; + $found_list = true; + } else { + /* If we get here, a Suppress List is defined for the interface so see if we can find it */ + foreach ($a_suppress as $a_id => $alist) { + if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) { + $found_list = true; + if (!empty($alist['suppresspassthru'])) { + $tmplist = base64_decode($alist['suppresspassthru']); + $tmplist .= "\n{$suppress}"; + $alist['suppresspassthru'] = base64_encode($tmplist); + $a_suppress[$a_id] = $alist; + } + else { + $alist['suppresspassthru'] = base64_encode($suppress); + $a_suppress[$a_id] = $alist; + } + } + } + } + + /* If we created a new list or updated an existing one, save the change, */ + /* tell Snort to load it, and return true; otherwise return false. */ + if ($found_list) { + write_config(); + sync_suricata_package_config(); + suricata_reload_config($a_instance[$instanceid]); + return true; + } + else + return false; +} + +if (isset($_POST['instance']) && is_numericint($_POST['instance'])) + $instanceid = $_POST['instance']; +// This is for the auto-refresh so we can stay on the same interface +elseif (isset($_GET['instance']) && is_numericint($_GET['instance'])) + $instanceid = $_GET['instance']; + +if (is_null($instanceid)) + $instanceid = 0; + +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); +$a_instance = &$config['installedpackages']['suricata']['rule']; +$suricata_uuid = $a_instance[$instanceid]['uuid']; +$if_real = get_real_interface($a_instance[$instanceid]['interface']); +$suricatalogdir = SURICATALOGDIR; + +// Load up the arrays of force-enabled and force-disabled SIDs +$enablesid = suricata_load_sid_mods($a_instance[$instanceid]['rule_sid_on']); +$disablesid = suricata_load_sid_mods($a_instance[$instanceid]['rule_sid_off']); + +$pconfig = array(); +if (is_array($config['installedpackages']['suricata']['alertsblocks'])) { + $pconfig['arefresh'] = $config['installedpackages']['suricata']['alertsblocks']['arefresh']; + $pconfig['alertnumber'] = $config['installedpackages']['suricata']['alertsblocks']['alertnumber']; +} + +if (empty($pconfig['alertnumber'])) + $pconfig['alertnumber'] = '250'; +if (empty($pconfig['arefresh'])) + $pconfig['arefresh'] = 'off'; +$anentries = $pconfig['alertnumber']; + +if ($_POST['save']) { + if (!is_array($config['installedpackages']['suricata']['alertsblocks'])) + $config['installedpackages']['suricata']['alertsblocks'] = array(); + $config['installedpackages']['suricata']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; + + write_config(); + + header("Location: /suricata/suricata_alerts.php?instance={$instanceid}"); + exit; +} + +//if ($_POST['unblock'] && $_POST['ip']) { +// if (is_ipaddr($_POST['ip'])) { +// exec("/sbin/pfctl -t snort2c -T delete {$_POST['ip']}"); +// $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table."); +// } +//} + +if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) { + if ($_POST['addsuppress_srcip']) + $method = "by_src"; + elseif ($_POST['addsuppress_dstip']) + $method = "by_dst"; + else + $method ="all"; + + // See which kind of Suppress Entry to create + switch ($method) { + case "all": + if (empty($_POST['descr'])) + $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n"; + else + $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n"; + $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}' has been added to the Suppress List."); + break; + case "by_src": + case "by_dst": + // Check for valid IP addresses, exit if not valid + if (is_ipaddr($_POST['ip'])) { + if (empty($_POST['descr'])) + $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n"; + else + $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n"; + $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}' has been added to the Suppress List."); + } + else { + header("Location: /suricata/suricata_alerts.php"); + exit; + } + break; + default: + header("Location: /suricata/suricata_alerts.php"); + exit; + } + + /* Add the new entry to the Suppress List and signal Suricata to reload config */ + if (suricata_add_supplist_entry($suppress)) { + suricata_reload_config($a_instance[$instanceid]); + $savemsg = $success; + sleep(2); + } + else + $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!"); +} + +if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) { + // Get the GID and SID tags embedded in the clicked rule icon. + $gid = $_POST['gen_id']; + $sid= $_POST['sidid']; + + // See if the target SID is in our list of modified SIDs, + // and toggle it if present. + if (isset($enablesid[$gid][$sid])) + unset($enablesid[$gid][$sid]); + if (isset($disablesid[$gid][$sid])) + unset($disablesid[$gid][$sid]); + elseif (!isset($disablesid[$gid][$sid])) + $disablesid[$gid][$sid] = "disablesid"; + + // Write the updated enablesid and disablesid values to the config file. + $tmp = ""; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_instance[$instanceid]['rule_sid_on'] = $tmp; + else + unset($a_instance[$instanceid]['rule_sid_on']); + + $tmp = ""; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_instance[$instanceid]['rule_sid_off'] = $tmp; + else + unset($a_instance[$instanceid]['rule_sid_off']); + + /* Update the config.xml file. */ + write_config(); + + /*************************************************/ + /* Update the suricata.yaml file and rebuild the */ + /* rules for this interface. */ + /*************************************************/ + $rebuild_rules = true; + suricata_generate_yaml($a_instance[$instanceid]); + $rebuild_rules = false; + + /* Signal Suricata to live-load the new rules */ + suricata_reload_config($a_instance[$instanceid]); + sleep(2); + + $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules."); +} + +if ($_POST['delete']) { + suricata_post_delete_logs($suricata_uuid); + $fd = @fopen("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/alerts.log", "w+"); + if ($fd) + fclose($fd); + /* XXX: This is needed if suricata is run as suricata user */ + mwexec('/bin/chmod 660 {$suricatalogdir}*', true); + header("Location: /suricata/suricata_alerts.php?instance={$instanceid}"); + exit; +} + +if ($_POST['download']) { + $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $file_name = "suricata_logs_{$save_date}_{$if_real}.tar.gz"; + exec("cd {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *"); + + if (file_exists("/tmp/{$file_name}")) { + ob_start(); //important or other posts will fail + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + header("Content-Type: application/octet-stream"); + header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-disposition: attachment; filename = {$file_name}"); + ob_end_clean(); //important or other post will fail + readfile("/tmp/{$file_name}"); + + // Clean up the temp file + @unlink("/tmp/{$file_name}"); + } + else + $savemsg = gettext("An error occurred while creating archive"); +} + +/* Load up an array with the current Suppression List GID,SID values */ +$supplist = suricata_load_suppress_sigs($a_instance[$instanceid], true); + +$pgtitle = gettext("Suricata: Alerts"); +include_once("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<script src="/javascript/filter_log.js" type="text/javascript"></script> +<?php +include_once("fbegin.inc"); + +/* refresh every 60 secs */ +if ($pconfig['arefresh'] == 'on') + echo "<meta http-equiv=\"refresh\" content=\"60;url=/suricata/suricata_alerts.php?instance={$instanceid}\" />\n"; +?> + +<?php +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} +if ($savemsg) { + print_info_box($savemsg); +} +?> +<form action="/suricata/suricata_alerts.php" method="post" id="formalert"> +<input type="hidden" name="sidid" id="sidid" value=""/> +<input type="hidden" name="gen_id" id="gen_id" value=""/> +<input type="hidden" name="ip" id="ip" value=""/> +<input type="hidden" name="descr" id="descr" value=""/> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Alert Log View Settings"); ?></td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext('Instance to Inspect'); ?></td> + <td width="78%" class="vtable"> + <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='post';document.getElementById('formalert').submit()"> + <?php + foreach ($a_instance as $id => $instance) { + $selected = ""; + if ($id == $instanceid) + $selected = "selected"; + echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . ") {$instance['descr']}</option>\n"; + } + ?> + </select> <?php echo gettext('Choose which instance alerts you want to inspect.'); ?> + </td> + <tr> + <td width="22%" class="vncell"><?php echo gettext('Save or Remove Logs'); ?></td> + <td width="78%" class="vtable"> + <input name="download" type="submit" class="formbtns" value="Download" + title="<?=gettext("Download interface log files as a gzip archive");?>"/> + <?php echo gettext('All log files will be saved.');?> + <input name="delete" type="submit" class="formbtns" value="Clear" + onclick="return confirm('Do you really want to remove all instance logs?')" title="<?=gettext("Clear all interface log files");?>"/> + <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo gettext('all log files will be deleted.'); ?> + </td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext('Auto Refresh and Log View'); ?></td> + <td width="78%" class="vtable"> + <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/> + <?php echo gettext('Refresh');?> <input name="arefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/> + <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/> + <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + </td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), $anentries); ?> + <?php echo gettext("(Most recent entries are listed first)"); ?></td> + </tr> + <tr> + <td width="100%" colspan="2"> + <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="10%" align="center" axis="date"> + <col width="40" align="center" axis="number"> + <col width="52" align="center" axis="string"> + <col width="10%" axis="string"> + <col width="13%" align="center" axis="string"> + <col width="7%" align="center" axis="string"> + <col width="13%" align="center" axis="string"> + <col width="7%" align="center" axis="string"> + <col width="10%" align="center" axis="number"> + <col axis="string"> + </colgroup> + <thead> + <tr> + <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th> + <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Class"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Src"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("SPort"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Dst"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("DPort"); ?></th> + <th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Description"); ?></th> + </tr> + </thead> + <tbody> + <?php + +/* make sure alert file exists */ +if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) { + exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_suricata{$suricata_uuid}"); + if (file_exists("/tmp/alerts_suricata{$suricata_uuid}")) { + $tmpblocked = array_flip(suricata_get_blocked_ips()); + $counter = 0; + /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ + /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */ + $fd = fopen("/tmp/alerts_suricata{$suricata_uuid}", "r"); + while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { + if(count($fields) < 13) + continue; + + // Create a DateTime object from the event timestamp that + // we can use to easily manipulate output formats. + $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]); + + // Check the 'CATEGORY' field for the text "(null)" and + // substitute "Not Assigned". + if ($fields[6] == "(null)") + $fields[6] = "Not Assigned"; + + /* Time */ + $alert_time = date_format($event_tm, "H:i:s"); + /* Date */ + $alert_date = date_format($event_tm, "m/d/Y"); + /* Description */ + $alert_descr = $fields[5]; + $alert_descr_url = urlencode($fields[5]); + /* Priority */ + $alert_priority = $fields[7]; + /* Protocol */ + $alert_proto = $fields[8]; + /* IP SRC */ + $alert_ip_src = $fields[9]; + /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ + $alert_ip_src = str_replace(":", ":​", $alert_ip_src); + /* Add Reverse DNS lookup icons */ + $alert_ip_src .= "<br/><a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[9]}&dialog_output=true', outputrule);\">"; + $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; + $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; + $alert_ip_src .= "<a href='/diag_dns.php?host={$fields[9]}&instance={$instanceid}'>"; + $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; + $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + /* Add icons for auto-adding to Suppress List if appropriate */ + if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) && + !isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) { + $alert_ip_src .= " <input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[9]}','{$alert_descr}');\" "; + $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'/>"; + } + elseif (isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) { + $alert_ip_src .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; + $alert_ip_src .= "title='" . gettext("This alert track by_src IP is already in the Suppress List") . "'/>"; + } + /* Add icon for auto-removing from Blocked Table if required */ +// if (isset($tmpblocked[$fields[9]])) { +// $alert_ip_src .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" "; +// $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; +// } + /* IP SRC Port */ + $alert_src_p = $fields[10]; + /* IP Destination */ + $alert_ip_dst = $fields[11]; + /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ + $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); + /* Add Reverse DNS lookup icons */ + $alert_ip_dst .= "<br/><a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[11]}&dialog_output=true', outputrule);\">"; + $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; + $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; + $alert_ip_dst .= "<a href='/diag_dns.php?host={$fields[11]}&instance={$instanceid}'>"; + $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; + $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + /* Add icons for auto-adding to Suppress List if appropriate */ + if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) && + !isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) { + $alert_ip_dst .= " <input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[11]}','{$alert_descr}');\" "; + $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>"; + } + elseif (isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) { + $alert_ip_dst .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; + $alert_ip_dst .= "title='" . gettext("This alert track by_dst IP is already in the Suppress List") . "'/>"; + } + /* Add icon for auto-removing from Blocked Table if required */ +// if (isset($tmpblocked[$fields[11]])) { +// $alert_ip_dst .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" "; +// $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; +// } + /* IP DST Port */ + $alert_dst_p = $fields[12]; + /* SID */ + $alert_sid_str = "{$fields[2]}:{$fields[3]}"; + if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3])) { + $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','{$alert_descr}');\" "; + $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>"; + } + else { + $sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; + $sidsupplink .= "title='" . gettext("This alert is already in the Suppress List") . "'/>"; + } + /* Add icon for toggling rule state */ + if (isset($disablesid[$fields[2]][$fields[3]])) { + $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" "; + $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' "; + $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>"; + } + else { + $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" "; + $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' "; + $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>"; + } + /* DESCRIPTION */ + $alert_class = $fields[6]; + + echo "<tr> + <td class='listr' align='center'>{$alert_date}<br/>{$alert_time}</td> + <td class='listr' align='center'>{$alert_priority}</td> + <td class='listr' align='center'>{$alert_proto}</td> + <td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td> + <td class='listr' align='center' sorttable_customkey='{$fields[9]}'>{$alert_ip_src}</td> + <td class='listr' align='center'>{$alert_src_p}</td> + <td class='listr' align='center' sorttable_customkey='{$fields[11]}'>{$alert_ip_dst}</td> + <td class='listr' align='center'>{$alert_dst_p}</td> + <td class='listr' align='center' sorttable_customkey='{$fields[3]}'>{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> + <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td> + </tr>\n"; + + $counter++; + } + fclose($fd); + @unlink("/tmp/alerts_suricata{$suricata_uuid}"); + } +} +?> + </tbody> + </table> + </td> +</tr> +</table> +</div> +</td></tr> +</table> +</form> +<?php +include("fend.inc"); +?> +<script type="text/javascript"> +function encRuleSig(rulegid,rulesid,srcip,ruledescr) { + + // This function stuffs the passed GID, SID + // and other values into hidden Form Fields + // for postback. + if (typeof srcipip == "undefined") + var srcipip = ""; + if (typeof ruledescr == "undefined") + var ruledescr = ""; + document.getElementById("sidid").value = rulesid; + document.getElementById("gen_id").value = rulegid; + document.getElementById("ip").value = srcip; + document.getElementById("descr").value = ruledescr; +} +</script> +</body> +</html> diff --git a/config/suricata/suricata_alerts.widget.php b/config/suricata/suricata_alerts.widget.php new file mode 100644 index 00000000..21fad03d --- /dev/null +++ b/config/suricata/suricata_alerts.widget.php @@ -0,0 +1,229 @@ +<?php +/* + suricata_alerts.widget.php + Copyright (C) 2009 Jim Pingle + mod 24-07-2012 + + Copyright (C) 2014 Bill Meeks + mod 03-Mar-2014 adapted for use with Suricata by Bill Meeks + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$nocsrf = true; + +require_once("guiconfig.inc"); +require_once("/usr/local/www/widgets/include/widget-suricata.inc"); + +global $config, $g; + +/* Retrieve Suricata configuration */ +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); +$a_instance = &$config['installedpackages']['suricata']['rule']; + +/* array sorting */ +function sksort(&$array, $subkey="id", $sort_ascending=false) { + /* an empty array causes sksort to fail - this test alleviates the error */ + if(empty($array)) + return false; + if (count($array)){ + $temp_array[key($array)] = array_shift($array); + }; + foreach ($array as $key => $val){ + $offset = 0; + $found = false; + foreach ($temp_array as $tmp_key => $tmp_val) { + if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) { + $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset)); + $found = true; + }; + $offset++; + }; + if (!$found) $temp_array = array_merge($temp_array, array($key => $val)); + }; + + if ($sort_ascending) { + $array = array_reverse($temp_array); + } else $array = $temp_array; + /* below is the complement for empty array test */ + return true; +}; + +/* check if suricata widget variable is set */ +$suri_nentries = $config['widgets']['widget_suricata_display_lines']; +if (!isset($suri_nentries) || $suri_nentries < 0) + $suri_nentries = 5; + +// Called by Ajax to update alerts table contents +if (isset($_GET['getNewAlerts'])) { + $response = ""; + $suri_alerts = suricata_widget_get_alerts(); + $counter = 0; + foreach ($suri_alerts as $a) { + $response .= $a['instanceid'] . " " . $a['dateonly'] . "||" . $a['timeonly'] . "||" . $a['src'] . "||"; + $response .= $a['dst'] . "||" . $a['priority'] . "||" . $a['category'] . "\n"; + $counter++; + if($counter >= $suri_nentries) + break; + } + echo $response; + return; +} + +if(isset($_POST['widget_suricata_display_lines'])) { + $config['widgets']['widget_suricata_display_lines'] = $_POST['widget_suricata_display_lines']; + write_config("Saved Suricata Alerts Widget Displayed Lines Parameter via Dashboard"); + header("Location: ../../index.php"); +} + +// Read "$suri_nentries" worth of alerts from the top of the alerts.log file +function suricata_widget_get_alerts() { + + global $config, $a_instance, $suri_nentries; + $suricata_alerts = array(); + + /* read log file(s) */ + $counter=0; + foreach ($a_instance as $instanceid => $instance) { + $suricata_uuid = $a_instance[$instanceid]['uuid']; + $if_real = get_real_interface($a_instance[$instanceid]['interface']); + + // make sure alert file exists, then grab the most recent {$suri_nentries} from it + // and write them to a temp file. + if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) { + exec("tail -{$suri_nentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/surialerts_{$suricata_uuid}"); + if (file_exists("/tmp/surialerts_{$suricata_uuid}")) { + + /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ + /* File format: timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */ + $fd = fopen("/tmp/surialerts_{$suricata_uuid}", "r"); + while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { + if(count($fields) < 13) + continue; + + // Create a DateTime object from the event timestamp that + // we can use to easily manipulate output formats. + $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]); + + // Check the 'CATEGORY' field for the text "(null)" and + // substitute "No classtype defined". + if ($fields[6] == "(null)") + $fields[6] = "No classtype assigned"; + + $suricata_alerts[$counter]['instanceid'] = strtoupper($a_instance[$instanceid]['interface']); + $suricata_alerts[$counter]['timestamp'] = strval(date_timestamp_get($event_tm)); + $suricata_alerts[$counter]['timeonly'] = date_format($event_tm, "H:i:s"); + $suricata_alerts[$counter]['dateonly'] = date_format($event_tm, "M d"); + // Add square brackets around any IPv6 address + if (is_ipaddrv6($fields[9])) + $suricata_alerts[$counter]['src'] = "[" . $fields[9] . "]"; + else + $suricata_alerts[$counter]['src'] = $fields[9]; + // Add the SRC PORT if not null + if (!empty($fields[10])) + $suricata_alerts[$counter]['src'] .= ":" . $fields[10]; + // Add square brackets around any IPv6 address + if (is_ipaddrv6($fields[11])) + $suricata_alerts[$counter]['dst'] = "[" . $fields[11] . "]"; + else + $suricata_alerts[$counter]['dst'] = $fields[11]; + // Add the SRC PORT if not null + if (!empty($fields[12])) + $suricata_alerts[$counter]['dst'] .= ":" . $fields[12]; + $suricata_alerts[$counter]['priority'] = $fields[7]; + $suricata_alerts[$counter]['category'] = $fields[6]; + $counter++; + }; + fclose($fd); + @unlink("/tmp/surialerts_{$suricata_uuid}"); + }; + }; + }; + + // Sort the alerts array + if (isset($config['syslog']['reverse'])) { + sksort($suricata_alerts, 'timestamp', false); + } else { + sksort($suricata_alerts, 'timestamp', true); + } + + return $suricata_alerts; +} + +/* display the result */ +?> + +<input type="hidden" id="suricata_alerts-config" name="suricata_alerts-config" value=""/> +<div id="suricata_alerts-settings" class="widgetconfigdiv" style="display:none;"> + <form action="/widgets/widgets/suricata_alerts.widget.php" method="post" name="iformd"> + Enter number of recent alerts to display (default is 5)<br/> + <input type="text" size="5" name="widget_suricata_display_lines" class="formfld unknown" id="widget_suricata_display_lines" value="<?= $config['widgets']['widget_suricata_display_lines'] ?>" /> + <input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" /> + </form> +</div> + +<table width="100%" border="0" cellspacing="0" cellpadding="0" style="table-layout: fixed;"> + <colgroup> + <col style="width: 24%;" /> + <col style="width: 38%;" /> + <col style="width: 38%;" /> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?=gettext("IF/Date");?></th> + <th class="listhdrr"><?=gettext("Src/Dst Address");?></th> + <th class="listhdrr"><?=gettext("Classification");?></th> + </tr> + </thead> + <tbody id="suricata-alert-entries"> + <?php + $suricata_alerts = suricata_widget_get_alerts($suri_nentries); + $counter=0; + if (is_array($suricata_alerts)) { + foreach ($suricata_alerts as $alert) { + $evenRowClass = $counter % 2 ? " listMReven" : " listMRodd"; + echo(" <tr class='" . $evenRowClass . "'> + <td class='listMRr'>" . $alert['instanceid'] . " " . $alert['dateonly'] . "<br/>" . $alert['timeonly'] . "</td> + <td class='listMRr ellipsis' nowrap><div style='display:inline;' title='" . $alert['src'] . "'>" . $alert['src'] . "</div><br/><div style='display:inline;' title='" . $alert['dst'] . "'>" . $alert['dst'] . "</div></td> + <td class='listMRr'>Pri: " . $alert['priority'] . " " . $alert['category'] . "</td></tr>"); + $counter++; + if($counter >= $suri_nentries) + break; + } + } + ?> + </tbody> +</table> + +<script type="text/javascript"> +//<![CDATA[ + var suricataupdateDelay = 10000; // update every 10 seconds + var suri_nentries = <?php echo $suri_nentries; ?>; // default is 5 + +<!-- needed to display the widget settings menu --> + selectIntLink = "suricata_alerts-configure"; + textlink = document.getElementById(selectIntLink); + textlink.style.display = "inline"; +//]]> +</script> + diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php new file mode 100644 index 00000000..8d0bb4f4 --- /dev/null +++ b/config/suricata/suricata_app_parsers.php @@ -0,0 +1,524 @@ +<?php +/* + * suricata_app_parsers.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (is_null($id)) + $id = 0; + +if (!is_array($config['installedpackages']['suricata'])) + $config['installedpackages']['suricata'] = array(); +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); + +// Initialize HTTP libhtp engine arrays if necessary +if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'])) + $config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array(); + +// Initialize required array variables as necessary +if (!is_array($config['aliases']['alias'])) + $config['aliases']['alias'] = array(); +$a_aliases = $config['aliases']['alias']; + +$a_nat = &$config['installedpackages']['suricata']['rule']; + +$libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']); + +// Build a lookup array of currently used engine 'bind_to' Aliases +// so we can screen matching Alias names from the list. +$used = array(); +foreach ($a_nat[$id]['libhtp_policy']['item'] as $v) + $used[$v['bind_to']] = true; + +$pconfig = array(); +if (isset($id) && $a_nat[$id]) { + /* Get current values from config for page form fields */ + $pconfig = $a_nat[$id]; + + // See if Host-OS policy engine array is configured and use + // it; otherwise create a default engine configuration. + if (empty($pconfig['libhtp_policy']['item'])) { + $default = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", + "request-body-limit" => 4096, "response-body-limit" => 4096, + "double-decode-path" => "no", "double-decode-query" => "no" ); + $pconfig['libhtp_policy']['item'] = array(); + $pconfig['libhtp_policy']['item'][] = $default; + if (!is_array($a_nat[$id]['libhtp_policy']['item'])) + $a_nat[$id]['libhtp_policy']['item'] = array(); + $a_nat[$id]['libhtp_policy']['item'][] = $default; + write_config(); + $libhtp_engine_next_id++; + } + else + $pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy']; +} + +// Check for "import or select alias mode" and set flags if TRUE. +// "selectalias", when true, displays radio buttons to limit +// multiple selections. +if ($_POST['import_alias']) { + $importalias = true; + $selectalias = false; + $title = "HTTP Server Policy"; +} +elseif ($_POST['select_alias']) { + $importalias = true; + $selectalias = true; + $title = "HTTP Server Policy"; + + // Preserve current Libhtp Policy Engine settings + $eng_id = $_POST['eng_id']; + $eng_name = $_POST['policy_name']; + $eng_bind = $_POST['policy_bind_to']; + $eng_personality = $_POST['personality']; + $eng_req_body_limit = $_POST['req_body_limit']; + $eng_resp_body_limit = $_POST['resp_body_limit']; + $eng_enable_double_decode_path = $_POST['enable_double_decode_path']; + $eng_enable_double_decode_query = $_POST['enable_double_decode_query']; + $mode = "add_edit_libhtp_policy"; +} +if ($_POST['save_libhtp_policy']) { + if ($_POST['eng_id'] != "") { + $eng_id = $_POST['eng_id']; + + // Grab all the POST values and save in new temp array + $engine = array(); + $policy_name = trim($_POST['policy_name']); + if ($policy_name) { + $engine['name'] = $policy_name; + } + else + $input_errors[] = gettext("The 'Policy Name' value cannot be blank."); + + if ($_POST['policy_bind_to']) { + if (is_alias($_POST['policy_bind_to'])) + $engine['bind_to'] = $_POST['policy_bind_to']; + elseif (strtolower(trim($_POST['policy_bind_to'])) == "all") + $engine['bind_to'] = "all"; + else + $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value."); + } + else + $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'."); + + if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "bsd"; } + + if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0) + $engine['request-body-limit'] = $_POST['req_body_limit']; + else + $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero."); + + if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0) + $engine['response-body-limit'] = $_POST['resp_body_limit']; + else + $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero."); + + if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; } + if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; } + + // Can only have one "all" Bind_To address + if ($engine['bind_to'] == "all" && $engine['name'] <> "default") + $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses."); + + // if no errors, write new entry to conf + if (!$input_errors) { + if (isset($eng_id) && $a_nat[$id]['libhtp_policy']['item'][$eng_id]) { + $a_nat[$id]['libhtp_policy']['item'][$eng_id] = $engine; + } + else + $a_nat[$id]['libhtp_policy']['item'][] = $engine; + + /* Reorder the engine array to ensure the */ + /* 'bind_to=all' entry is at the bottom */ + /* if it contains more than one entry. */ + if (count($a_nat[$id]['libhtp_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } + } + /* Only relocate the entry if we */ + /* found it, and it's not already */ + /* at the end. */ + if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['libhtp_policy']['item'][$i]; + unset($a_nat[$id]['libhtp_policy']['item'][$i]); + $a_nat[$id]['libhtp_policy']['item'][] = $tmp; + } + } + + // Now write the new engine array to conf + write_config(); + $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item']; + } + else { + $add_edit_libhtp_policy = true; + $pengcfg = $engine; + } + } +} +elseif ($_POST['add_libhtp_policy']) { + $add_edit_libhtp_policy = true; + $pengcfg = array( "name" => "engine_{$libhtp_engine_next_id}", "bind_to" => "", "personality" => "IDS", + "request-body-limit" => "4096", "response-body-limit" => "4096", + "double-decode-path" => "no", "double-decode-query" => "no" ); + $eng_id = $libhtp_engine_next_id; +} +elseif ($_POST['edit_libhtp_policy']) { + if ($_POST['eng_id'] != "") { + $add_edit_libhtp_policy = true; + $eng_id = $_POST['eng_id']; + $pengcfg = $a_nat[$id]['libhtp_policy']['item'][$eng_id]; + } +} +elseif ($_POST['del_libhtp_policy']) { + $natent = array(); + $natent = $pconfig; + + if ($_POST['eng_id'] != "") { + unset($natent['libhtp_policy']['item'][$_POST['eng_id']]); + $pconfig = $natent; + } + if (isset($id) && $a_nat[$id]) { + $a_nat[$id] = $natent; + write_config(); + } +} +elseif ($_POST['cancel_libhtp_policy']) { + $add_edit_libhtp_policy = false; +} +elseif ($_POST['ResetAll']) { + + /* Reset all the settings to defaults */ + $pconfig['asn1_max_frames'] = "256"; + + /* Log a message at the top of the page to inform the user */ + $savemsg = gettext("All flow and stream settings have been reset to their defaults."); +} +elseif ($_POST['save_import_alias']) { + // If saving out of "select alias" mode, + // then return to Libhtp Policy Engine edit + // page. + if ($_POST['mode'] == 'add_edit_libhtp_policy') { + $pengcfg = array(); + $eng_id = $_POST['eng_id']; + $pengcfg['name'] = $_POST['eng_name']; + $pengcfg['bind_to'] = $_POST['eng_bind']; + $pengcfg['personality'] = $_POST['eng_personality']; + $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit']; + $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit']; + $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path']; + $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query']; + $add_edit_libhtp_policy = true; + $mode = "add_edit_libhtp_policy"; + + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) { + $pengcfg['bind_to'] = $_POST['aliastoimport'][0]; + $importalias = false; + $selectalias = false; + } + else { + $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE."); + $importalias = true; + $selectalias = true; + $eng_id = $_POST['eng_id']; + $eng_name = $_POST['eng_name']; + $eng_bind = $_POST['eng_bind']; + $eng_personality = $_POST['eng_personality']; + $eng_req_body_limit = $_POST['eng_req_body_limit']; + $eng_resp_body_limit = $_POST['eng_resp_body_limit']; + $eng_enable_double_decode_path = $_POST['eng_enable_double_decode_path']; + $eng_enable_double_decode_query = $_POST['eng_enable_double_decode_query']; + } + } + else { + $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS", + "request-body-limit" => "4096", "response-body-limit" => "4096", + "double-decode-path" => "no", "double-decode-query" => "no" ); + + // See if anything was checked to import + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) { + foreach ($_POST['aliastoimport'] as $item) { + $engine['name'] = strtolower($item); + $engine['bind_to'] = $item; + $a_nat[$id]['libhtp_policy']['item'][] = $engine; + } + } + else { + $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); + $importalias = true; + } + + // if no errors, write new entry to conf + if (!$input_errors) { + // Reorder the engine array to ensure the + // 'bind_to=all' entry is at the bottom if + // the array contains more than one entry. + if (count($a_nat[$id]['libhtp_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } + } + // Only relocate the entry if we + // found it, and it's not already + // at the end. + if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['libhtp_policy']['item'][$i]; + unset($a_nat[$id]['libhtp_policy']['item'][$i]); + $a_nat[$id]['libhtp_policy']['item'][] = $tmp; + } + $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item']; + } + + // Write the new engine array to config file + write_config(); + $importalias = false; + } + } +} +elseif ($_POST['cancel_import_alias']) { + $importalias = false; + $selectalias = false; + $eng_id = $_POST['eng_id']; + + // If cancelling out of "select alias" mode, + // then return to Libhtp Policy Engine edit + // page. + if ($_POST['mode'] == 'add_edit_libhtp_policy') { + $pengcfg = array(); + $pengcfg['name'] = $_POST['eng_name']; + $pengcfg['bind_to'] = $_POST['eng_bind']; + $pengcfg['personality'] = $_POST['eng_personality']; + $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit']; + $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit']; + $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path']; + $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query']; + $add_edit_libhtp_policy = true; + } +} +elseif ($_POST['save']) { + $natent = array(); + $natent = $pconfig; + + // TODO: validate input values + if (!is_numeric($_POST['asn1_max_frames'] ) || $_POST['asn1_max_frames'] < 1) + $input_errors[] = gettext("The value for 'ASN1 Max Frames' must be all numbers and greater than 0."); + + /* if no errors write to conf */ + if (!$input_errors) { + if ($_POST['asn1_max_frames'] != "") { $natent['asn1_max_frames'] = $_POST['asn1_max_frames']; }else{ $natent['asn1_max_frames'] = "256"; } + + /**************************************************/ + /* If we have a valid rule ID, save configuration */ + /* then update the suricata.conf file for this */ + /* interface. */ + /**************************************************/ + if (isset($id) && $a_nat[$id]) { + $a_nat[$id] = $natent; + write_config(); + $rebuild_rules = false; + suricata_generate_yaml($natent); + } + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: suricata_app_parsers.php?id=$id"); + exit; + } +} + +$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$pgtitle = gettext("Suricata: Interface {$if_friendly} - Layer 7 Application Parsers"); +include_once("head.inc"); +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); + /* Display error or save message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + if ($savemsg) { + print_info_box($savemsg); + } +?> + +<form action="suricata_app_parsers.php" method="post" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>"/> +<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); + echo '</td></tr>'; + echo '<tr><td>'; + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), true, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr><td><div id="mainarea"> + +<?php if ($importalias) : ?> + <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); + if ($selectalias) { + echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>'; + echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>'; + echo '<input type="hidden" name="eng_personality" value="' . $eng_personality . '"/>'; + echo '<input type="hidden" name="eng_req_body_limit" value="' . $eng_req_body_limit . '"/>'; + echo '<input type="hidden" name="eng_resp_body_limit" value="' . $eng_resp_body_limit . '"/>'; + echo '<input type="hidden" name="eng_enable_double_decode_path" value="' . $eng_enable_double_decode_path . '"/>'; + echo '<input type="hidden" name="eng_enable_double_decode_query" value="' . $eng_enable_double_decode_query . '"/>'; + } + ?> + +<?php elseif ($add_edit_libhtp_policy) : ?> + <?php include("/usr/local/www/suricata/suricata_libhtp_policy_engine.php"); ?> + +<?php else: ?> + +<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Abstract Syntax One Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Asn1 Max Frames"); ?></td> + <td width="78%" class="vtable"> + <input name="asn1_max_frames" type="text" class="formfld unknown" id="asn1_max_frames" size="9" + value="<?=htmlspecialchars($pconfig['asn1_max_frames']);?>"> + <?php echo gettext("Limit for max number of asn1 frames to decode. Default is ") . + "<strong>" . gettext("256") . "</strong>" . gettext(" frames."); ?><br/><br/> + <?php echo gettext("To protect itself, Suricata will inspect only the maximum asn1 frames specified. ") . + gettext("Application layer protocols such as X.400 electronic mail, X.500 and LDAP directory services, ") . + gettext("H.323 (VoIP), and SNMP, use ASN.1 to describe the protocol data units (PDUs) they exchange."); ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host-Specific HTTP Server Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Server Configuration"); ?></td> + <td width="78%" class="vtable"> + <table width="95%" align="left" id="libhtpEnginesTable" style="table-layout: fixed;" border="0" cellspacing="0" cellpadding="0"> + <colgroup> + <col width="45%" align="left"> + <col width="45%" align="center"> + <col width="10%" align="right"> + </colgroup> + <thead> + <tr> + <th class="listhdrr" axis="string"><?php echo gettext("Name");?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th> + <th class="list" align="right"><input type="image" name="import_alias[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17" + height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"/> + <input type="image" name="add_libhtp_policy[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17" + height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></th> + </tr> + </thead> + <?php foreach ($pconfig['libhtp_policy']['item'] as $f => $v): ?> + <tr> + <td class="listlr" align="left"><?=gettext($v['name']);?></td> + <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td> + <td class="listt" align="right"><input type="image" name="edit_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'" + src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"/> + <?php if ($v['bind_to'] <> "all") : ?> + <input type="image" name="del_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this server configuration");?>"> + <?php else : ?> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" + title="<?=gettext("Default server configuration cannot be deleted");?>"> + <?php endif ?> + </td> + </tr> + <?php endforeach; ?> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo + gettext("Save flow and stream settings"); ?>"> + + <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo + gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . + gettext("WARNING: This will reset ALL App Parsers settings to their defaults. Click OK to continue or CANCEL to quit.") . + "');\""; ?>></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: "); ?></strong></span></span> + <?php echo gettext("Please save your settings before you exit. Changes will rebuild the rules file. This "); ?> + <?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td> + </tr> +</table> + +<?php endif; ?> + +</div> +</td></tr></table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php new file mode 100644 index 00000000..850e4bed --- /dev/null +++ b/config/suricata/suricata_barnyard.php @@ -0,0 +1,616 @@ +<?php +/* + * suricata_barnyard.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (is_null($id)) { + header("Location: /suricata/suricata_interfaces.php"); + exit; +} + +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); +$a_nat = &$config['installedpackages']['suricata']['rule']; + +$pconfig = array(); + +if (isset($id) && $a_nat[$id]) { + $pconfig = $a_nat[$id]; + if (!empty($a_nat[$id]['barnconfigpassthru'])) + $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); + if (!empty($a_nat[$id]['barnyard_dbpwd'])) + $pconfig['barnyard_dbpwd'] = base64_decode($a_nat[$id]['barnyard_dbpwd']); + if (empty($a_nat[$id]['barnyard_show_year'])) + $pconfig['barnyard_show_year'] = "on"; + if (empty($a_nat[$id]['barnyard_archive_enable'])) + $pconfig['barnyard_archive_enable'] = "on"; + if (empty($a_nat[$id]['barnyard_obfuscate_ip'])) + $pconfig['barnyard_obfuscate_ip'] = "off"; + if (empty($a_nat[$id]['barnyard_syslog_dport'])) + $pconfig['barnyard_syslog_dport'] = "514"; + if (empty($a_nat[$id]['barnyard_syslog_proto'])) + $pconfig['barnyard_syslog_proto'] = "udp"; + if (empty($a_nat[$id]['barnyard_syslog_opmode'])) + $pconfig['barnyard_syslog_opmode'] = "default"; + if (empty($a_nat[$id]['barnyard_syslog_facility'])) + $pconfig['barnyard_syslog_facility'] = "LOG_USER"; + if (empty($a_nat[$id]['barnyard_syslog_priority'])) + $pconfig['barnyard_syslog_priority'] = "LOG_INFO"; + if (empty($a_nat[$id]['barnyard_bro_ids_dport'])) + $pconfig['barnyard_bro_ids_dport'] = "47760"; + if (empty($a_nat[$id]['barnyard_sensor_id'])) + $pconfig['barnyard_sensor_id'] = "0"; + if (empty($a_nat[$id]['barnyard_sensor_name'])) + $pconfig['barnyard_sensor_name'] = php_uname("n"); +} + +if ($_POST['save']) { + // Check that at least one output plugin is enabled + if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' && + $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on") + $input_errors[] = gettext("You must enable at least one output option when using Barnyard2."); + + // Validate Sensor ID is a valid integer + if ($_POST['barnyard_enable'] == 'on') { + if (!is_numericint($_POST['barnyard_sensor_id']) || $_POST['barnyard_sensor_id'] < 0) + $input_errors[] = gettext("The value for 'Sensor ID' must be a valid positive integer."); + } + + // Validate inputs if MySQL database loggging enabled + if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") { + if (empty($_POST['barnyard_dbhost'])) + $input_errors[] = gettext("Please provide a valid hostname or IP address for the MySQL database host."); + if (empty($_POST['barnyard_dbname'])) + $input_errors[] = gettext("You must provide a DB instance name when logging to a MySQL database."); + if (empty($_POST['barnyard_dbuser'])) + $input_errors[] = gettext("You must provide a DB user login name when logging to a MySQL database."); + } + + // Validate inputs if syslog output enabled + if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_syslog_local'] <> 'on' && + $_POST['barnyard_enable'] == "on") { + if (empty($_POST['barnyard_syslog_dport']) || !is_numeric($_POST['barnyard_syslog_dport'])) + $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Syslog Remote Port."); + if (empty($_POST['barnyard_syslog_rhost'])) + $input_errors[] = gettext("Please provide a valid hostname or IP address for the Syslog Remote Host."); + } + + // Validate inputs if Bro-IDS output enabled + if ($_POST['barnyard_bro_ids_enable'] == 'on' && $_POST['barnyard_enable'] == "on") { + if (empty($_POST['barnyard_bro_ids_dport']) || !is_numeric($_POST['barnyard_bro_ids_dport'])) + $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Bro-IDS Remote Port."); + if (empty($_POST['barnyard_bro_ids_rhost'])) + $input_errors[] = gettext("Please provide a valid hostname or IP address for the Bro-IDS Remote Host."); + } + + // if no errors write to conf + if (!$input_errors) { + $natent = array(); + /* repost the options already in conf */ + $natent = $pconfig; + + $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off'; + $natent['barnyard_show_year'] = $_POST['barnyard_show_year'] ? 'on' : 'off'; + $natent['barnyard_archive_enable'] = $_POST['barnyard_archive_enable'] ? 'on' : 'off'; + $natent['barnyard_dump_payload'] = $_POST['barnyard_dump_payload'] ? 'on' : 'off'; + $natent['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip'] ? 'on' : 'off'; + $natent['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'] ? 'on' : 'off'; + $natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off'; + $natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off'; + $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off'; + $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; + $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; + + if ($_POST['barnyard_sensor_id']) $natent['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; else $natent['barnyard_sensor_id'] = '0'; + if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']); + if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']); + if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']); + if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']); + if ($_POST['barnyard_dbpwd']) $natent['barnyard_dbpwd'] = base64_encode($_POST['barnyard_dbpwd']); else unset($natent['barnyard_dbpwd']); + if ($_POST['barnyard_syslog_rhost']) $natent['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost']; else unset($natent['barnyard_syslog_rhost']); + if ($_POST['barnyard_syslog_dport']) $natent['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; else $natent['barnyard_syslog_dport'] = '514'; + if ($_POST['barnyard_syslog_facility']) $natent['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; else $natent['barnyard_syslog_facility'] = 'LOG_USER'; + if ($_POST['barnyard_syslog_priority']) $natent['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; else $natent['barnyard_syslog_priority'] = 'LOG_INFO'; + if ($_POST['barnyard_bro_ids_rhost']) $natent['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; else unset($natent['barnyard_bro_ids_rhost']); + if ($_POST['barnyard_bro_ids_dport']) $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; else $natent['barnyard_bro_ids_dport'] = '47760'; + if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']); + + $a_nat[$id] = $natent; + write_config(); + + // No need to rebuild rules for Barnyard2 changes + $rebuild_rules = false; + sync_suricata_package_config(); + + // If disabling Barnyard2 on the interface, stop any + // currently running instance. If an instance is + // running, signal it to reload the configuration. + // If Barnyard2 is enabled but not running, start it. + if ($a_nat[$id]['barnyard_enable'] == "off") { + suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); + } + elseif ($a_nat[$id]['barnyard_enable'] == "on") { + if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) + suricata_barnyard_reload_config($a_nat[$id], "HUP"); + else + suricata_barnyard_start($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); + } + + // after click go to this page + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: suricata_barnyard.php?id=$id"); + exit; + } + else { + // We had errors, so save incoming field data to prevent retyping + $pconfig['barnyard_enable'] = $_POST['barnyard_enable']; + $pconfig['barnyard_show_year'] = $_POST['barnyard_show_year']; + $pconfig['barnyard_archive_enable'] = $_POST['barnyard_archive_enable']; + $pconfig['barnyard_dump_payload'] = $_POST['barnyard_dump_payload']; + $pconfig['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip']; + $pconfig['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable']; + $pconfig['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable']; + $pconfig['barnyard_syslog_local'] = $_POST['barnyard_syslog_local']; + $pconfig['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; + $pconfig['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; + $pconfig['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable']; + + $pconfig['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; + $pconfig['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; + $pconfig['barnyard_dbhost'] = $_POST['barnyard_dbhost']; + $pconfig['barnyard_dbname'] = $_POST['barnyard_dbname']; + $pconfig['barnyard_dbuser'] = $_POST['barnyard_dbuser']; + $pconfig['barnyard_dbpwd'] = $_POST['barnyard_dbpwd']; + $pconfig['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost']; + $pconfig['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; + $pconfig['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; + $pconfig['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; + $pconfig['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; + $pconfig['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; + $pconfig['barnconfigpassthru'] = $_POST['barnconfigpassthru']; + } +} + +$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$pgtitle = gettext("Suricata: Interface {$if_friendly} - Barnyard2 Settings"); +include_once("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); + + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box($savemsg); + } + +?> + +<form action="suricata_barnyard.php" method="post" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); + echo '</td></tr>'; + echo '<tr><td class="tabnavtbl">'; + $tab_array = array(); + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/suricata/suricata_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> + <tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Barnyard2 " . + "Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Enable"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"/> + <strong><?php echo gettext("Enable Barnyard2"); ?></strong><br/> + <?php echo gettext("This will enable barnyard2 for this interface. You will also to enable at least one logging destination below."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Show Year"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_show_year" type="checkbox" value="on" <?php if ($pconfig['barnyard_show_year'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable the year being shown in timestamps. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Archive Unified2 Logs"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_archive_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_archive_enable'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable the archiving of processed unified2 log files. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?><br/> + <?php echo gettext("Unified2 log files will be moved to an archive folder for subsequent cleanup when processed."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Dump Payload"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dump_payload" type="checkbox" value="on" <?php if ($pconfig['barnyard_dump_payload'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable dumping of application data from unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Obfuscate IP Addresses"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_obfuscate_ip" type="checkbox" value="on" <?php if ($pconfig['barnyard_obfuscate_ip'] == "on") echo "checked"; ?>/> + <?php echo gettext("Enable obfuscation of logged IP addresses. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?> + </td> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor ID"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_sensor_id" type="text" class="formfld unknown" + id="barnyard_sensor_id" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_id']);?>"/> + <?php echo gettext("Sensor ID to use for this sensor. Default is ") . "<strong>" . gettext("0.") . "</strong>"; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor Name"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_sensor_name" type="text" class="formfld unknown" + id="barnyard_sensor_name" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_name']);?>"/> + <?php echo gettext("Unique name to use for this sensor. (Optional)"); ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Database Output Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable MySQL Database"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_mysql_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_mysql_enable'] == "on") echo "checked"; ?> + onClick="toggle_mySQL()"/><?php echo gettext("Enable logging of alerts to a MySQL database instance"); ?><br/> + <?php echo gettext("You will also have to provide the database credentials in the fields below."); ?></td> + </tr> + <tbody id="mysql_config_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Host"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dbhost" type="text" class="formfld host" + id="barnyard_dbhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbhost']);?>"/> + <?php echo gettext("Hostname or IP address of the MySQL database server"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Name"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dbname" type="text" class="formfld unknown" + id="barnyard_dbname" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbname']);?>"/> + <?php echo gettext("Instance or DB name of the MySQL database"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Name"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dbuser" type="text" class="formfld user" + id="barnyard_dbuser" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbuser']);?>"/> + <?php echo gettext("Username for the MySQL database"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Password"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_dbpwd" type="password" class="formfld pwd" + id="barnyard_dbpwd" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbpwd']);?>"/> + <?php echo gettext("Password for the MySQL database user"); ?> + </td> + </tr> + </tbody> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Syslog"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_enable'] == "on") echo "checked"; ?> + onClick="toggle_syslog()"/> + <?php echo gettext("Enable logging of alerts to a syslog receiver"); ?><br/> + <?php echo gettext("This will send alert data to either a local or remote syslog receiver."); ?></td> + </tr> + <tbody id="syslog_config_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Operation Mode"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_default" + value="default" <?php if ($pconfig['barnyard_syslog_opmode'] == 'default') echo "checked";?>/> + <?php echo gettext("DEFAULT"); ?> <input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_complete" + value="complete" <?php if ($pconfig['barnyard_syslog_opmode'] == 'complete') echo "checked";?>/> + <?php echo gettext("COMPLETE"); ?> + <?php echo gettext("Select the level of detail to include when reporting"); ?><br/><br/> + <?php echo gettext("DEFAULT mode is compatible with the standard Snort syslog format. COMPLETE mode includes additional information such as the raw packet data (displayed in hex format)."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Only"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_local" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_local'] == "on") echo "checked"; ?> + onClick="toggle_local_syslog()"/> + <?php echo gettext("Enable logging of alerts to the local system only"); ?><br/> + <?php echo gettext("This will send alert data to the local system only and overrides the host, port, protocol, facility and priority values below."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_rhost" type="text" class="formfld host" + id="barnyard_syslog_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_rhost']);?>"/> + <?php echo gettext("Hostname or IP address of remote syslog host"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_dport" type="text" class="formfld unknown" + id="barnyard_syslog_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_dport']);?>"/> + <?php echo gettext("Port number for syslog on remote host. Default is ") . "<strong>" . gettext("514") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Protocol"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_udp" + value="udp" <?php if ($pconfig['barnyard_syslog_proto'] == 'udp') echo "checked";?>/> + <?php echo gettext("UDP"); ?> <input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_tcp" + value="tcp" <?php if ($pconfig['barnyard_syslog_proto'] == 'tcp') echo "checked";?>/> + <?php echo gettext("TCP"); ?> + <?php echo gettext("Select IP protocol to use for remote reporting. Default is ") . "<strong>" . gettext("UDP") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td> + <td width="78%" class="vtable"> + <select name="barnyard_syslog_facility" id="barnyard_syslog_facility" class="formselect"> + <?php + $log_facility = array( "LOG_AUTH", "LOG_AUTHPRIV", "LOG_DAEMON", "LOG_KERN", "LOG_SYSLOG", "LOG_USER", "LOG_LOCAL1", + "LOG_LOCAL2", "LOG_LOCAL3", "LOG_LOCAL4", "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7" ); + foreach ($log_facility as $facility) { + $selected = ""; + if ($facility == $pconfig['barnyard_syslog_facility']) + $selected = " selected"; + echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; + } + ?></select> + <?php echo gettext("Select Syslog Facility to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Priority"); ?></td> + <td width="78%" class="vtable"> + <select name="barnyard_syslog_priority" id="barnyard_syslog_priority" class="formselect"> + <?php + $log_priority = array( "LOG_EMERG", "LOG_ALERT", "LOG_CRIT", "LOG_ERR", "LOG_WARNING", "LOG_NOTICE", "LOG_INFO" ); + foreach ($log_priority as $priority) { + $selected = ""; + if ($priority == $pconfig['barnyard_syslog_priority']) + $selected = " selected"; + echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n"; + } + ?></select> + <?php echo gettext("Select Syslog Priority (Level) to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?> + </td> + </tr> + </tbody> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Bro-IDS Output Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Bro-IDS"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_bro_ids_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_bro_ids_enable'] == "on") echo "checked"; ?> + onClick="toggle_bro_ids()"/> + <?php echo gettext("Enable logging of alerts to a Bro-IDS receiver"); ?><br/> + <?php echo gettext("This will send alert data to either a local or remote Bro-IDS receiver."); ?></td> + </tr> + <tbody id="bro_ids_config_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_bro_ids_rhost" type="text" class="formfld host" + id="barnyard_bro_ids_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_rhost']);?>"/> + <?php echo gettext("Hostname or IP address of remote Bro-IDS host"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_bro_ids_dport" type="text" class="formfld unknown" + id="barnyard_bro_ids_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_dport']);?>"/> + <?php echo gettext("Port number for Bro-IDS instance on remote host. Default is ") . "<strong>" . gettext("47760") . "</strong>."; ?> + </td> + </tr> + </tbody> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Advanced Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration " . + "pass through"); ?></td> + <td width="78%" class="vtable"><textarea name="barnconfigpassthru" style="width:95%;" + cols="65" rows="7" id="barnconfigpassthru" ><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> + <br/> + <?php echo gettext("Arguments entered here will be automatically inserted into the running " . + "barnyard2 configuration."); ?></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="Save"> + <input name="id" type="hidden" value="<?=$id;?>"> </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span></span> + <br/> + <?php echo gettext("Please save your settings before you click start."); ?> </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +</form> + +<script language="JavaScript"> + +function toggle_mySQL() { + var endis = !document.iform.barnyard_mysql_enable.checked; + + document.iform.barnyard_dbhost.disabled = endis; + document.iform.barnyard_dbname.disabled = endis; + document.iform.barnyard_dbuser.disabled = endis; + document.iform.barnyard_dbpwd.disabled = endis; + + if (endis) + document.getElementById("mysql_config_rows").style.display = "none"; + else + document.getElementById("mysql_config_rows").style.display = ""; +} + +function toggle_syslog() { + var endis = !document.iform.barnyard_syslog_enable.checked; + + document.iform.barnyard_syslog_opmode_default.disabled = endis; + document.iform.barnyard_syslog_opmode_complete.disabled = endis; + document.iform.barnyard_syslog_local.disabled = endis; + document.iform.barnyard_syslog_rhost.disabled = endis; + document.iform.barnyard_syslog_dport.disabled = endis; + document.iform.barnyard_syslog_proto_udp.disabled = endis; + document.iform.barnyard_syslog_proto_tcp.disabled = endis; + document.iform.barnyard_syslog_facility.disabled = endis; + document.iform.barnyard_syslog_priority.disabled = endis; + + if (endis) + document.getElementById("syslog_config_rows").style.display = "none"; + else + document.getElementById("syslog_config_rows").style.display = ""; +} + +function toggle_local_syslog() { + var endis = document.iform.barnyard_syslog_local.checked; + + if (document.iform.barnyard_syslog_enable.checked) { + document.iform.barnyard_syslog_rhost.disabled = endis; + document.iform.barnyard_syslog_dport.disabled = endis; + document.iform.barnyard_syslog_proto_udp.disabled = endis; + document.iform.barnyard_syslog_proto_tcp.disabled = endis; + document.iform.barnyard_syslog_facility.disabled = endis; + document.iform.barnyard_syslog_priority.disabled = endis; + } +} + +function toggle_bro_ids() { + var endis = !document.iform.barnyard_bro_ids_enable.checked; + + document.iform.barnyard_bro_ids_rhost.disabled = endis; + document.iform.barnyard_bro_ids_dport.disabled = endis; + + if (endis) + document.getElementById("bro_ids_config_rows").style.display = "none"; + else + document.getElementById("bro_ids_config_rows").style.display = ""; +} + +function enable_change(enable_change) { + endis = !(document.iform.barnyard_enable.checked || enable_change); + // make sure a default answer is called if this is invoked. + endis2 = (document.iform.barnyard_enable); + document.iform.barnyard_archive_enable.disabled = endis; + document.iform.barnyard_show_year.disabled = endis; + document.iform.barnyard_dump_payload.disabled = endis; + document.iform.barnyard_obfuscate_ip.disabled = endis; + document.iform.barnyard_sensor_id.disabled = endis; + document.iform.barnyard_sensor_name.disabled = endis; + document.iform.barnyard_mysql_enable.disabled = endis; + document.iform.barnyard_dbhost.disabled = endis; + document.iform.barnyard_dbname.disabled = endis; + document.iform.barnyard_dbuser.disabled = endis; + document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_syslog_enable.disabled = endis; + document.iform.barnyard_syslog_local.disabled = endis; + document.iform.barnyard_syslog_opmode_default.disabled = endis; + document.iform.barnyard_syslog_opmode_complete.disabled = endis; + document.iform.barnyard_syslog_rhost.disabled = endis; + document.iform.barnyard_syslog_dport.disabled = endis; + document.iform.barnyard_syslog_proto_udp.disabled = endis; + document.iform.barnyard_syslog_proto_tcp.disabled = endis; + document.iform.barnyard_syslog_facility.disabled = endis; + document.iform.barnyard_syslog_priority.disabled = endis; + document.iform.barnyard_bro_ids_enable.disabled = endis; + document.iform.barnyard_bro_ids_rhost.disabled = endis; + document.iform.barnyard_bro_ids_dport.disabled = endis; + document.iform.barnconfigpassthru.disabled = endis; +} + +enable_change(false); +toggle_mySQL(); +toggle_syslog(); +toggle_local_syslog(); +toggle_bro_ids(); + +</script> + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc new file mode 100644 index 00000000..b9ba3fb7 --- /dev/null +++ b/config/suricata/suricata_check_cron_misc.inc @@ -0,0 +1,195 @@ +<?php +/* + * suricata_check_cron_misc.inc + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $config; + +function suricata_check_dir_size_limit($suricataloglimitsize) { + + /******************************************************** + * This function checks the total size of the Suricata * + * logging sub-directory structure and prunes the files * + * for all Suricata interfaces if the size exceeds the * + * passed limit. * + * * + * On Entry: $surictaaloglimitsize = dir size limit * + * in megabytes * + ********************************************************/ + + global $config; + + // Convert Log Limit Size setting from MB to KB + $suricataloglimitsizeKB = round($suricataloglimitsize * 1024); + $suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR); + + if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) { + log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated.")); + conf_mount_rw(); + + // Truncate the Rules Update Log file if it exists + if (file_exists(RULES_UPD_LOGFILE)) { + log_error(gettext("[Suricata] Truncating the Rules Update Log file...")); + @file_put_contents(RULES_UPD_LOGFILE, ""); + } + + // Initialize an array of the log files we want to prune + $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" ); + + // Clean-up the logs for each configured Suricata instance + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + $suricata_uuid = $value['uuid']; + $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; + log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})...")); + suricata_post_delete_logs($suricata_uuid); + + foreach ($logs as $file) { + // Truncate the log file if it exists + if (file_exists("{$suricata_log_dir}/{$file}")) { + try { + file_put_contents("{$suricata_log_dir}/{$file}", ""); + } catch (Exception $e) { + log_error("[Suricata] Failed to truncate file '{$suricata_log_dir}/{$file}' -- error was {$e->getMessage()}"); + } + } + } + + // Check for any captured stored files and clean them up + unlink_if_exists("{$suricata_log_dir}/files/*"); + + // This is needed if suricata is run as suricata user + mwexec('/bin/chmod 660 /var/log/suricata/*', true); + } + conf_mount_ro(); + log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed.")); + } +} + +function suricata_check_rotate_log($log_file, $log_limit, $retention) { + + /******************************************************** + * This function checks the passed log file against * + * the passed size limit and rotates the log file if * + * necessary. It also checks the age of previously * + * rotated logs and removes those older than the * + * rentention parameter. * + * * + * On Entry: $log_file -> full pathname/filename of * + * log file to check * + * $log_limit -> size of file in bytes to * + * trigger rotation. Zero * + * means no rotation. * + * $retention -> retention period in hours * + * for rotated logs. Zero * + * means never remove. * + ********************************************************/ + + // Check the current log to see if it needs rotating. + // If it does, rotate it and put the current time + // on the end of the filename as UNIX timestamp. + if (($log_limit > 0) && (filesize($log_file) >= $log_limit)) { + $newfile = $log_file . "." . strval(time()); + try { + copy($log_file, $newfile); + file_put_contents($log_file, ""); + } catch (Exception $e) { + log_error("[Suricata] Failed to rotate file '{$log_file}' -- error was {$e->getMessage()}"); + } + } + + // Check previously rotated logs to see if time to + // delete any older than the retention period. + // Rotated logs have a UNIX timestamp appended to + // filename. + if ($retention > 0) { + $now = time(); + $rotated_files = glob("{$log_file}.*"); + foreach ($rotated_files as $file) { + if (($now - filemtime($file)) > ($retention * 3600)) + unlink_if_exists($file); + } + unset($rotated_files); + } +} + +/************************* + * Start of main code * + *************************/ + +// If firewall is booting, do nothing +if ($g['booting'] == true) + return; + +// If no interfaces defined, there is nothing to clean up +if (!is_array($config['installedpackages']['suricata']['rule'])) + return; + +$logs = array (); + +// Build an arry of files to check and limits to check them against from our saved configuration +$logs['alerts.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size']; +$logs['alerts.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention']; +$logs['files-json.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size']; +$logs['files-json.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention']; +$logs['http.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size']; +$logs['http.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention']; +$logs['stats.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size']; +$logs['stats.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention']; +$logs['tls.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size']; +$logs['tls.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention']; + +// Check log limits and retention in the interface logging directories if enabled +if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on') { + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$value['uuid']}"; + foreach ($logs as $k => $p) + suricata_check_rotate_log("{$suricata_log_dir}/{$k}", $p['limit']*1024, $p['retention']); + } + + // Prune any aged-out Barnyard2 archived logs if any exist + if (is_dir("{$suricata_log_dir}/barnyard2/archive") && + $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) { + $now = time(); + $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) + unlink_if_exists($f); + } + } + unset($files); +} + +// Check the overall log directory limit (if enabled) and prune if necessary +if ($config['installedpackages']['suricata']['config'][0]['suricataloglimit'] == 'on') + suricata_check_dir_size_limit($config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']); + +?> diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php new file mode 100644 index 00000000..51efd7d0 --- /dev/null +++ b/config/suricata/suricata_check_for_rule_updates.php @@ -0,0 +1,764 @@ +<?php +/* + * suricata_check_for_rule_updates.php + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("functions.inc"); +require_once("service-utils.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $pkg_interface, $suricata_gui_include, $rebuild_rules; + +if (!defined("VRT_DNLD_URL")) + define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/"); +if (!defined("ET_VERSION")) + define("ET_VERSION", "2.9.0"); +if (!defined("ET_BASE_DNLD_URL")) + define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); +if (!defined("ETPRO_BASE_DNLD_URL")) + define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); +if (!defined("ET_DNLD_FILENAME")) + define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); +if (!defined("ETPRO_DNLD_FILENAME")) + define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); +if (!defined("VRT_DNLD_FILENAME")) + define("VRT_DNLD_FILENAME", "snortrules-snapshot-edge.tar.gz"); +if (!defined("GPLV2_DNLD_FILENAME")) + define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); +if (!defined("GPLV2_DNLD_URL")) + define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/"); +if (!defined("RULES_UPD_LOGFILE")) + define("RULES_UPD_LOGFILE", SURICATALOGDIR . "/suricata_rules_update.log"); +if (!defined("VRT_FILE_PREFIX")) + define("VRT_FILE_PREFIX", "snort_"); +if (!defined("GPL_FILE_PREFIX")) + define("GPL_FILE_PREFIX", "GPLv2_"); +if (!defined("ET_OPEN_FILE_PREFIX")) + define("ET_OPEN_FILE_PREFIX", "emerging-"); +if (!defined("ET_PRO_FILE_PREFIX")) + define("ET_PRO_FILE_PREFIX", "etpro-"); + +$suricatadir = SURICATADIR; +$suricatalogdir = SURICATALOGDIR; +$suricata_rules_upd_log = RULES_UPD_LOGFILE; + +/* Save the state of $pkg_interface so we can restore it */ +$pkg_interface_orig = $pkg_interface; +if ($suricata_gui_include) + $pkg_interface = ""; +else + $pkg_interface = "console"; + +/* define checks */ +$oinkid = $config['installedpackages']['suricata']['config'][0]['oinkcode']; +$etproid = $config['installedpackages']['suricata']['config'][0]['etprocode']; +$snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] == 'on' ? 'on' : 'off'; +$etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'] == 'on' ? 'on' : 'off'; +$eto = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'] == 'on' ? 'on' : 'off'; +$vrt_enabled = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] == 'on' ? 'on' : 'off'; +$snortcommunityrules = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] == 'on' ? 'on' : 'off'; + +/* Working directory for downloaded rules tarballs */ +$tmpfname = "/tmp/suricata_rules_up"; + +/* Snort Edge VRT Rules filenames and URL */ +$snort_filename = VRT_DNLD_FILENAME; +$snort_filename_md5 = "{$snort_filename}.md5"; +$snort_rule_url = VRT_DNLD_URL; + +/* Snort GPLv2 Community Rules filenames and URL */ +$snort_community_rules_filename = GPLV2_DNLD_FILENAME; +$snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5"; +$snort_community_rules_url = GPLV2_DNLD_URL; + +/* Mount the Suricata conf directories R/W so we can modify files there */ +conf_mount_rw(); + +/* Set up Emerging Threats rules filenames and URL */ +if ($etpro == "on") { + $emergingthreats_filename = ETPRO_DNLD_FILENAME; + $emergingthreats_filename_md5 = ETPRO_DNLD_FILENAME . ".md5"; + $emergingthreats_url = ETPRO_BASE_DNLD_URL; + $emergingthreats_url .= "{$etproid}/suricata/"; + $et_name = "Emerging Threats Pro"; + $et_md5_remove = ET_DNLD_FILENAME . ".md5"; + @unlink("{$suricatadir}{$et_md5_remove}"); +} +else { + $emergingthreats_filename = ET_DNLD_FILENAME; + $emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5"; + $emergingthreats_url = ET_BASE_DNLD_URL; + // If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules + $emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/"; + $emergingthreats_url .= "suricata/"; + $et_name = "Emerging Threats Open"; + $et_md5_remove = ETPRO_DNLD_FILENAME . ".md5"; + @unlink("{$suricatadir}{$et_md5_remove}"); +} + +// Set a common flag for all Emerging Threats rules (open and pro). +if ($etpro == 'on' || $eto == 'on') + $emergingthreats = 'on'; +else + $emergingthreats = 'off'; + +function suricata_download_file_url($url, $file_out) { + + /************************************************/ + /* This function downloads the file specified */ + /* by $url using the CURL library functions and */ + /* saves the content to the file specified by */ + /* $file. */ + /* */ + /* This is needed so console output can be */ + /* suppressed to prevent XMLRPC sync errors. */ + /* */ + /* It provides logging of returned CURL errors. */ + /************************************************/ + + global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update; + + $rfc2616 = array( + 100 => "100 Continue", + 101 => "101 Switching Protocols", + 200 => "200 OK", + 201 => "201 Created", + 202 => "202 Accepted", + 203 => "203 Non-Authoritative Information", + 204 => "204 No Content", + 205 => "205 Reset Content", + 206 => "206 Partial Content", + 300 => "300 Multiple Choices", + 301 => "301 Moved Permanently", + 302 => "302 Found", + 303 => "303 See Other", + 304 => "304 Not Modified", + 305 => "305 Use Proxy", + 306 => "306 (Unused)", + 307 => "307 Temporary Redirect", + 400 => "400 Bad Request", + 401 => "401 Unauthorized", + 402 => "402 Payment Required", + 403 => "403 Forbidden", + 404 => "404 Not Found", + 405 => "405 Method Not Allowed", + 406 => "406 Not Acceptable", + 407 => "407 Proxy Authentication Required", + 408 => "408 Request Timeout", + 409 => "409 Conflict", + 410 => "410 Gone", + 411 => "411 Length Required", + 412 => "412 Precondition Failed", + 413 => "413 Request Entity Too Large", + 414 => "414 Request-URI Too Long", + 415 => "415 Unsupported Media Type", + 416 => "416 Requested Range Not Satisfiable", + 417 => "417 Expectation Failed", + 500 => "500 Internal Server Error", + 501 => "501 Not Implemented", + 502 => "502 Bad Gateway", + 503 => "503 Service Unavailable", + 504 => "504 Gateway Timeout", + 505 => "505 HTTP Version Not Supported" + ); + + // Initialize required variables for the pfSense "read_body()" function + $file_size = 1; + $downloaded = 1; + $first_progress_update = TRUE; + $last_curl_error = ""; + + $fout = fopen($file_out, "wb"); + if ($fout) { + $ch = curl_init($url); + if (!$ch) + return false; + curl_setopt($ch, CURLOPT_FILE, $fout); + + // NOTE: required to suppress errors from XMLRPC due to progress bar output + if ($g['suricata_sync_in_progress']) + curl_setopt($ch, CURLOPT_HEADER, false); + else { + curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); + curl_setopt($ch, CURLOPT_WRITEFUNCTION, 'read_body'); + } + + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)"); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); + curl_setopt($ch, CURLOPT_TIMEOUT, 0); + + // Use the system proxy server setttings if configured + if (!empty($config['system']['proxyurl'])) { + curl_setopt($ch, CURLOPT_PROXY, $config['system']['proxyurl']); + if (!empty($config['system']['proxyport'])) + curl_setopt($ch, CURLOPT_PROXYPORT, $config['system']['proxyport']); + if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) { + @curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_ANY | CURLAUTH_ANYSAFE); + curl_setopt($ch, CURLOPT_PROXYUSERPWD, "{$config['system']['proxyuser']}:{$config['system']['proxypass']}"); + } + } + + $counter = 0; + $rc = true; + // Try up to 4 times to download the file before giving up + while ($counter < 4) { + $counter++; + $rc = curl_exec($ch); + if ($rc === true) + break; + log_error(gettext("[Suricata] Rules download error: " . curl_error($ch))); + log_error(gettext("[Suricata] Will retry in 15 seconds...")); + sleep(15); + } + if ($rc === false) + $last_curl_error = curl_error($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + if (isset($rfc2616[$http_code])) + $last_curl_error = $rfc2616[$http_code]; + curl_close($ch); + fclose($fout); + + // If we had to try more than once, log it + if ($counter > 1) + log_error(gettext("File '" . basename($file_out) . "' download attempts: {$counter} ...")); + return ($http_code == 200) ? true : $http_code; + } + else { + $last_curl_error = gettext("Failed to create file " . $file_out); + log_error(gettext("[Suricata] Failed to create file {$file_out} ...")); + return false; + } +} + +function suricata_check_rule_md5($file_url, $file_dst, $desc = "") { + + /**********************************************************/ + /* This function attempts to download the passed MD5 hash */ + /* file and compare its contents to the currently stored */ + /* hash file to see if a new rules file has been posted. */ + /* */ + /* On Entry: $file_url = URL for md5 hash file */ + /* $file_dst = Temp destination to store the */ + /* downloaded hash file */ + /* $desc = Short text string used to label */ + /* log messages with rules type */ + /* */ + /* Returns: TRUE if new rule file download required. */ + /* FALSE if rule download not required or an */ + /* error occurred. */ + /**********************************************************/ + + global $pkg_interface, $suricata_rules_upd_log, $last_curl_error, $update_errors; + + $suricatadir = SURICATADIR; + $filename_md5 = basename($file_dst); + + if ($pkg_interface <> "console") + update_status(gettext("Downloading {$desc} md5 file...")); + error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, $suricata_rules_upd_log); + $rc = suricata_download_file_url($file_url, $file_dst); + + // See if download from URL was successful + if ($rc === true) { + if ($pkg_interface <> "console") + update_status(gettext("Done downloading {$filename_md5}.")); + error_log("\tChecking {$desc} md5 file...\n", 3, $suricata_rules_upd_log); + + // check md5 hash in new file against current file to see if new download is posted + if (file_exists("{$suricatadir}{$filename_md5}")) { + $md5_check_new = file_get_contents($file_dst); + $md5_check_old = file_get_contents("{$suricatadir}{$filename_md5}"); + if ($md5_check_new == $md5_check_old) { + if ($pkg_interface <> "console") + update_status(gettext("{$desc} are up to date...")); + log_error(gettext("[Suricata] {$desc} are up to date...")); + error_log(gettext("\t{$desc} are up to date.\n"), 3, $suricata_rules_upd_log); + return false; + } + else + return true; + } + return true; + } + else { + error_log(gettext("\t{$desc} md5 download failed.\n"), 3, $suricata_rules_upd_log); + $suricata_err_msg = gettext("Server returned error code {$rc}."); + if ($pkg_interface <> "console") { + update_status(gettext("{$desc} md5 error ... Server returned error code {$rc} ...")); + update_output_window(gettext("{$desc} will not be updated.\n\t{$suricata_err_msg}")); + } + log_error(gettext("[Suricata] {$desc} md5 download failed...")); + log_error(gettext("[Suricata] Server returned error code {$rc}...")); + error_log(gettext("\t{$suricata_err_msg}\n"), 3, $suricata_rules_upd_log); + if ($pkg_interface == "console") + error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, $suricata_rules_upd_log); + $update_errors = true; + return false; + } +} + +function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { + + /**********************************************************/ + /* This function downloads the passed rules file and */ + /* compares its computed md5 hash to the passed md5 hash */ + /* to verify the file's integrity. */ + /* */ + /* On Entry: $file_url = URL of rules file */ + /* $file_dst = Temp destination to store the */ + /* downloaded rules file */ + /* $file_md5 = Expected md5 hash for the new */ + /* downloaded rules file */ + /* $desc = Short text string for use in */ + /* log messages */ + /* */ + /* Returns: TRUE if download was successful. */ + /* FALSE if download was not successful. */ + /**********************************************************/ + + global $pkg_interface, $suricata_rules_upd_log, $last_curl_error, $update_errors; + + $suricatadir = SURICATADIR; + $filename = basename($file_dst); + + if ($pkg_interface <> "console") + update_status(gettext("There is a new set of {$desc} posted. Downloading...")); + log_error(gettext("[Suricata] There is a new set of {$desc} posted. Downloading {$filename}...")); + error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, $suricata_rules_upd_log); + $rc = suricata_download_file_url($file_url, $file_dst); + + // See if the download from the URL was successful + if ($rc === true) { + if ($pkg_interface <> "console") + update_status(gettext("Done downloading {$desc} file.")); + log_error("[Suricata] {$desc} file update downloaded successfully"); + error_log(gettext("\tDone downloading rules file.\n"),3, $suricata_rules_upd_log); + + // Test integrity of the rules file. Turn off update if file has wrong md5 hash + if ($file_md5 != trim(md5_file($file_dst))){ + if ($pkg_interface <> "console") + update_output_window(gettext("{$desc} file MD5 checksum failed...")); + log_error(gettext("[Suricata] {$desc} file download failed. Bad MD5 checksum...")); + log_error(gettext("[Suricata] Downloaded File MD5: " . md5_file($file_dst))); + log_error(gettext("[Suricata] Expected File MD5: {$file_md5}")); + error_log(gettext("\t{$desc} file download failed. Bad MD5 checksum.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $suricata_rules_upd_log); + $update_errors = true; + return false; + } + return true; + } + else { + if ($pkg_interface <> "console") + update_output_window(gettext("{$desc} file download failed...")); + log_error(gettext("[Suricata] {$desc} file download failed... server returned error '{$rc}'...")); + error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, $suricata_rules_upd_log); + if ($pkg_interface == "console") + error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, $suricata_rules_upd_log); + $update_errors = true; + return false; + } + +} + +/* Start of main code */ + +/* remove old $tmpfname files if present */ +if (is_dir("{$tmpfname}")) + exec("/bin/rm -r {$tmpfname}"); + +/* Make sure required suricatadirs exsist */ +exec("/bin/mkdir -p {$suricatadir}rules"); +exec("/bin/mkdir -p {$tmpfname}"); +exec("/bin/mkdir -p {$suricatalogdir}"); + +/* See if we need to automatically clear the Update Log based on 1024K size limit */ +if (file_exists($suricata_rules_upd_log)) { + if (1048576 < filesize($suricata_rules_upd_log)) + exec("/bin/rm -r {$suricata_rules_upd_log}"); +} + +/* Log start time for this rules update */ +error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $suricata_rules_upd_log); +$last_curl_error = ""; +$update_errors = false; + +/* Check for and download any new Emerging Threats Rules sigs */ +if ($emergingthreats == 'on') { + if (suricata_check_rule_md5("{$emergingthreats_url}{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}", "{$et_name} rules")) { + /* download Emerging Threats rules file */ + $file_md5 = trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")); + if (!suricata_fetch_new_rules("{$emergingthreats_url}{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}", $file_md5, "{$et_name} rules")) + $emergingthreats = 'off'; + } + else + $emergingthreats = 'off'; +} + +/* Check for and download any new Snort VRT sigs */ +if ($snortdownload == 'on') { + if (suricata_check_rule_md5("{$snort_rule_url}{$snort_filename_md5}/{$oinkid}/", "{$tmpfname}/{$snort_filename_md5}", "Snort VRT rules")) { + /* download snortrules file */ + $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_filename_md5}")); + if (!suricata_fetch_new_rules("{$snort_rule_url}{$snort_filename}/{$oinkid}/", "{$tmpfname}/{$snort_filename}", $file_md5, "Snort VRT rules")) + $snortdownload = 'off'; + } + else + $snortdownload = 'off'; +} + +/* Check for and download any new Snort GPLv2 Community Rules sigs */ +if ($snortcommunityrules == 'on') { + if (suricata_check_rule_md5("{$snort_community_rules_url}{$snort_community_rules_filename_md5}", "{$tmpfname}/{$snort_community_rules_filename_md5}", "Snort GPLv2 Community Rules")) { + /* download Snort GPLv2 Community Rules file */ + $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")); + if (!suricata_fetch_new_rules("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}", $file_md5, "Snort GPLv2 Community Rules")) + $snortcommunityrules = 'off'; + } + else + $snortcommunityrules = 'off'; +} + +/* Untar Emerging Threats rules file to tmp if downloaded */ +if ($emergingthreats == 'on') { + safe_mkdir("{$tmpfname}/emerging"); + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { + if ($pkg_interface <> "console") { + update_status(gettext("Extracting {$et_name} rules...")); + update_output_window(gettext("Installing {$et_name} rules...")); + } + error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $suricata_rules_upd_log); + exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname}/emerging rules/"); + + /* Remove the old Emerging Threats rules files */ + $eto_prefix = ET_OPEN_FILE_PREFIX; + $etpro_prefix = ET_PRO_FILE_PREFIX; + unlink_if_exists("{$suricatadir}rules/{$eto_prefix}*.rules"); + unlink_if_exists("{$suricatadir}rules/{$etpro_prefix}*.rules"); + unlink_if_exists("{$suricatadir}rules/{$eto_prefix}*ips.txt"); + unlink_if_exists("{$suricatadir}rules/{$etpro_prefix}*ips.txt"); + + // The code below renames ET files with a prefix, so we + // skip renaming the Suricata default events rule files + // that are also bundled in the ET rules. + $default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" ); + $files = glob("{$tmpfname}/emerging/rules/*.rules"); + // Determine the correct prefix to use based on which + // Emerging Threats rules package is enabled. + if ($etpro == "on") + $prefix = ET_PRO_FILE_PREFIX; + else + $prefix = ET_OPEN_FILE_PREFIX; + foreach ($files as $file) { + $newfile = basename($file); + if (in_array($newfile, $default_rules)) + @copy($file, "{$suricatadir}rules/{$newfile}"); + else { + if (strpos($newfile, $prefix) === FALSE) + @copy($file, "{$suricatadir}rules/{$prefix}{$newfile}"); + else + @copy($file, "{$suricatadir}rules/{$newfile}"); + } + } + /* IP lists for Emerging Threats rules */ + $files = glob("{$tmpfname}/emerging/rules/*ips.txt"); + foreach ($files as $file) { + $newfile = basename($file); + if ($etpro == "on") + @copy($file, "{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "{$newfile}"); + else + @copy($file, "{$suricatadir}rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}"); + } + /* base etc files for Emerging Threats rules */ + foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { + if (file_exists("{$tmpfname}/emerging/rules/{$file}")) + @copy("{$tmpfname}/emerging/rules/{$file}", "{$tmpfname}/ET_{$file}"); + } + + /* Copy emergingthreats md5 sig to Suricata dir */ + if (file_exists("{$tmpfname}/{$emergingthreats_filename_md5}")) { + if ($pkg_interface <> "console") + update_status(gettext("Copying md5 signature to Suricata directory...")); + @copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$suricatadir}{$emergingthreats_filename_md5}"); + } + if ($pkg_interface <> "console") { + update_status(gettext("Extraction of {$et_name} rules completed...")); + update_output_window(gettext("Installation of {$et_name} rules completed...")); + } + error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $suricata_rules_upd_log); + exec("rm -r {$tmpfname}/emerging"); + } +} + +/* Untar Snort rules file to tmp */ +if ($snortdownload == 'on') { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + /* Remove the old Snort rules files */ + $vrt_prefix = VRT_FILE_PREFIX; + unlink_if_exists("{$suricatadir}rules/{$vrt_prefix}*.rules"); + + if ($pkg_interface <> "console") { + update_status(gettext("Extracting Snort VRT rules...")); + update_output_window(gettext("Installing Sourcefire VRT rules...")); + } + error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $suricata_rules_upd_log); + + /* extract snort.org rules and add prefix to all snort.org files */ + safe_mkdir("{$tmpfname}/snortrules"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}/snortrules rules/"); + $files = glob("{$tmpfname}/snortrules/rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$suricatadir}rules/" . VRT_FILE_PREFIX . "{$newfile}"); + } + + /* IP lists */ + $files = glob("{$tmpfname}/snortrules/rules/*.txt"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$suricatadir}rules/{$newfile}"); + } + exec("rm -r {$tmpfname}/snortrules"); + + /* extract base etc files */ + if ($pkg_interface <> "console") { + update_status(gettext("Extracting Snort VRT config and map files...")); + update_output_window(gettext("Copying config and map files...")); + } + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} etc/"); + foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { + if (file_exists("{$tmpfname}/etc/{$file}")) + @copy("{$tmpfname}/etc/{$file}", "{$tmpfname}/VRT_{$file}"); + } + exec("rm -r {$tmpfname}/etc"); + if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { + if ($pkg_interface <> "console") + update_status(gettext("Copying md5 signature to Suricata directory...")); + @copy("{$tmpfname}/{$snort_filename_md5}", "{$suricatadir}{$snort_filename_md5}"); + } + if ($pkg_interface <> "console") { + update_status(gettext("Extraction of Snort VRT rules completed...")); + update_output_window(gettext("Installation of Sourcefire VRT rules completed...")); + } + error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $suricata_rules_upd_log); + } +} + +/* Untar Snort GPLv2 Community rules file to tmp */ +if ($snortcommunityrules == 'on') { + safe_mkdir("{$tmpfname}/community"); + if (file_exists("{$tmpfname}/{$snort_community_rules_filename}")) { + if ($pkg_interface <> "console") { + update_status(gettext("Extracting Snort GPLv2 Community Rules...")); + update_output_window(gettext("Installing Snort GPLv2 Community Rules...")); + } + error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, $suricata_rules_upd_log); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$tmpfname}/community/"); + + $files = glob("{$tmpfname}/community/community-rules/*.rules"); + foreach ($files as $file) { + $newfile = basename($file); + @copy($file, "{$suricatadir}rules/" . GPL_FILE_PREFIX . "{$newfile}"); + } + /* base etc files for Snort GPLv2 Community rules */ + foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { + if (file_exists("{$tmpfname}/community/community-rules/{$file}")) + @copy("{$tmpfname}/community/community-rules/{$file}", "{$tmpfname}/" . GPL_FILE_PREFIX . "{$file}"); + } + /* Copy snort community md5 sig to suricata dir */ + if (file_exists("{$tmpfname}/{$snort_community_rules_filename_md5}")) { + if ($pkg_interface <> "console") + update_status(gettext("Copying md5 signature to suricata directory...")); + @copy("{$tmpfname}/{$snort_community_rules_filename_md5}", "{$suricatadir}{$snort_community_rules_filename_md5}"); + } + if ($pkg_interface <> "console") { + update_status(gettext("Extraction of Snort GPLv2 Community Rules completed...")); + update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed...")); + } + error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $suricata_rules_upd_log); + exec("rm -r {$tmpfname}/community"); + } +} + +function suricata_apply_customizations($suricatacfg, $if_real) { + + global $vrt_enabled, $rebuild_rules; + $suricatadir = SURICATADIR; + + suricata_prepare_rule_files($suricatacfg, "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}"); + + /* Copy the master config and map files to the interface directory */ + @copy("{$suricatadir}classification.config", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/classification.config"); + @copy("{$suricatadir}reference.config", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/reference.config"); + @copy("{$suricatadir}gen-msg.map", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/gen-msg.map"); + @copy("{$suricatadir}unicode.map", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/unicode.map"); +} + +if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules == 'on') { + + if ($pkg_interface <> "console") + update_status(gettext('Copying new config and map files...')); + error_log(gettext("\tCopying new config and map files...\n"), 3, $suricata_rules_upd_log); + + /******************************************************************/ + /* Build the classification.config and reference.config files */ + /* using the ones from all the downloaded rules plus the default */ + /* files installed with Suricata. */ + /******************************************************************/ + $cfgs = glob("{$tmpfname}/*reference.config"); + $cfgs[] = "{$suricatadir}reference.config"; + suricata_merge_reference_configs($cfgs, "{$suricatadir}reference.config"); + $cfgs = glob("{$tmpfname}/*classification.config"); + $cfgs[] = "{$suricatadir}classification.config"; + suricata_merge_classification_configs($cfgs, "{$suricatadir}classification.config"); + + /* Determine which map files to use for the master copy. */ + /* The Snort VRT ones are preferred, if available. */ + if ($snortdownload == 'on') + $prefix = "VRT_"; + elseif ($emergingthreats == 'on') + $prefix = "ET_"; + elseif ($snortcommunityrules == 'on') + $prefix = GPL_FILE_PREFIX; + if (file_exists("{$tmpfname}/{$prefix}unicode.map")) + @copy("{$tmpfname}/{$prefix}unicode.map", "{$suricatadir}unicode.map"); + if (file_exists("{$tmpfname}/{$prefix}gen-msg.map")) + @copy("{$tmpfname}/{$prefix}gen-msg.map", "{$suricatadir}gen-msg.map"); + + /* Start the rules rebuild proccess for each configured interface */ + if (is_array($config['installedpackages']['suricata']['rule']) && + !empty($config['installedpackages']['suricata']['rule'])) { + + /* Set the flag to force rule rebuilds since we downloaded new rules */ + $rebuild_rules = true; + + /* Create configuration for each active Suricata interface */ + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + // Make sure the interface subdirectory exists. We need to re-create + // it during a pkg reinstall on the intial rules set download. + if (!is_dir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}")) + safe_mkdir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}"); + if (!is_dir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}/rules")) + safe_mkdir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}/rules"); + $tmp = "Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($value['interface']) . " ..."; + if ($pkg_interface <> "console"){ + update_status(gettext($tmp)); + update_output_window(gettext("Please wait while Suricata interface files are being updated...")); + } + suricata_apply_customizations($value, $if_real); + $tmp = "\t" . $tmp . "\n"; + error_log($tmp, 3, $suricata_rules_upd_log); + } + } + else { + if ($pkg_interface <> "console") { + update_output_window(gettext("Warning: No interfaces configured for Suricata were found...")); + update_output_window(gettext("No interfaces currently have Suricata configured and enabled on them...")); + } + error_log(gettext("\tWarning: No interfaces configured for Suricata were found...\n"), 3, $suricata_rules_upd_log); + } + + /* Clear the rebuild rules flag. */ + $rebuild_rules = false; + + /* Restart Suricata if already running and we are not rebooting to pick up the new rules. */ + if (is_process_running("suricata") && !$g['booting'] && + !empty($config['installedpackages']['suricata']['rule'])) { + + // See if "Live Reload" is configured and signal each Suricata instance + // if enabled, else just do a hard restart of all the instances. + if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates'] == 'on') { + if ($pkg_interface <> "console") { + update_status(gettext('Signalling Suricata to live-load the new set of rules...')); + update_output_window(gettext("Please wait ... the process should complete in a few seconds...")); + } + log_error(gettext("[Suricata] Live-Reload of rules from auto-update is enabled...")); + error_log(gettext("\tLive-Reload of updated rules is enabled...\n"), 3, $suricata_rules_upd_log); + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + suricata_reload_config($value); + error_log(gettext("\tLive swap of updated rules requested for " . convert_friendly_interface_to_friendly_descr($value['interface']) . ".\n"), 3, $suricata_rules_upd_log); + } + log_error(gettext("[Suricata] Live-Reload of updated rules completed...")); + error_log(gettext("\tLive-Reload of the updated rules is complete.\n"), 3, $suricata_rules_upd_log); + } + else { + if ($pkg_interface <> "console") { + update_status(gettext('Restarting Suricata to activate the new set of rules...')); + update_output_window(gettext("Please wait ... restarting Suricata will take some time...")); + } + error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, $suricata_rules_upd_log); + restart_service("suricata"); + if ($pkg_interface <> "console") + update_output_window(gettext("Suricata has restarted with your new set of rules...")); + log_error(gettext("[Suricata] Suricata has restarted with your new set of rules...")); + error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, $suricata_rules_upd_log); + } + } + else { + if ($pkg_interface <> "console") + update_output_window(gettext("The rules update task is complete...")); + } +} + +// Remove old $tmpfname files +if (is_dir("{$tmpfname}")) { + if ($pkg_interface <> "console") { + update_status(gettext("Cleaning up after rules extraction...")); + update_output_window(gettext("Removing {$tmpfname} directory...")); + } + exec("/bin/rm -r {$tmpfname}"); +} + +if ($pkg_interface <> "console") { + update_status(gettext("The Rules update has finished...")); + update_output_window(""); +} +log_error(gettext("[Suricata] The Rules update has finished.")); +error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $suricata_rules_upd_log); +conf_mount_ro(); + +// Restore the state of $pkg_interface +$pkg_interface = $pkg_interface_orig; + +/* Save this update status to the configuration file */ +if ($update_errors) + $config['installedpackages']['suricata']['config'][0]['last_rule_upd_status'] = gettext("failed"); +else + $config['installedpackages']['suricata']['config'][0]['last_rule_upd_status'] = gettext("success"); +$config['installedpackages']['suricata']['config'][0]['last_rule_upd_time'] = time(); +write_config(); + +?> diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php new file mode 100644 index 00000000..22b8ab3c --- /dev/null +++ b/config/suricata/suricata_define_vars.php @@ -0,0 +1,270 @@ +<?php +/* + * suricata_define_vars.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +//require_once("globals.inc"); +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); +if (is_null($id)) { + header("Location: /suricata/suricata_interfaces.php"); + exit; +} + +if (!is_array($config['installedpackages']['suricata']['rule'])) { + $config['installedpackages']['suricata']['rule'] = array(); +} +$a_nat = &$config['installedpackages']['suricata']['rule']; + +/* define servers and ports */ +$suricata_servers = array ( + "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", + "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", "dnp3_server" => "\$HOME_NET", + "dnp3_client" => "\$HOME_NET", "modbus_server" => "\$HOME_NET", "modbus_client" => "\$HOME_NET", + "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", + "aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24" +); + +/* if user has defined a custom ssh port, use it */ +if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port'])) + $ssh_port = $config['system']['ssh']['port']; +else + $ssh_port = "22"; +$suricata_ports = array( + "http_ports" => "80", + "oracle_ports" => "1521", + "ssh_ports" => $ssh_port, + "shellcode_ports" => "!80", + "DNP3_PORTS" => "20000", "file_data_ports" => "\$HTTP_PORTS,110,143" +); + +// Sort our SERVERS and PORTS arrays to make values +// easier to locate by the the user. +ksort($suricata_servers); +ksort($suricata_ports); + +$pconfig = $a_nat[$id]; + +/* convert fake interfaces to real */ +$if_real = get_real_interface($pconfig['interface']); +$suricata_uuid = $config['installedpackages']['suricata']['rule'][$id]['uuid']; + +if ($_POST) { + + $natent = array(); + $natent = $pconfig; + + foreach ($suricata_servers as $key => $server) { + if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"])) + $input_errors[] = "Only aliases are allowed"; + } + foreach ($suricata_ports as $key => $server) { + if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"])) + $input_errors[] = "Only aliases are allowed"; + } + /* if no errors write to suricata.yaml */ + if (!$input_errors) { + /* post new options */ + foreach ($suricata_servers as $key => $server) { + if ($_POST["def_{$key}"]) + $natent["def_{$key}"] = $_POST["def_{$key}"]; + else + unset($natent["def_{$key}"]); + } + foreach ($suricata_ports as $key => $server) { + if ($_POST["def_{$key}"]) + $natent["def_{$key}"] = $_POST["def_{$key}"]; + else + unset($natent["def_{$key}"]); + } + + $a_nat[$id] = $natent; + + write_config(); + + /* Update the suricata.yaml file for this interface. */ + $rebuild_rules = false; + suricata_generate_yaml($a_nat[$id]); + + /* Soft-restart Suricaa to live-load new variables. */ + suricata_reload_config($a_nat[$id]); + + /* after click go to this page */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: suricata_define_vars.php?id=$id"); + exit; + } +} + +$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$pgtitle = gettext("Suricata: Interface {$if_friendly} Variables - Servers and Ports"); +include_once("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include("fbegin.inc"); +if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} +/* Display Alert message */ +if ($input_errors) + print_input_errors($input_errors); // TODO: add checks +if ($savemsg) + print_info_box($savemsg); +?> + +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> +<form action="suricata_define_vars.php" method="post" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); + echo '</td></tr>'; + echo '<tr><td class="tabnavtbl">'; + $tab_array = array(); + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), true, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Define Servers (IP variables)"); ?></td> + </tr> +<?php + foreach ($suricata_servers as $key => $server): + if (strlen($server) > 40) + $server = substr($server, 0, 40) . "..."; + $label = strtoupper($key); + $value = ""; + $title = ""; + if (!empty($pconfig["def_{$key}"])) { + $value = htmlspecialchars($pconfig["def_{$key}"]); + $title = trim(filter_expand_alias($pconfig["def_{$key}"])); + } +?> + <tr> + <td width='30%' valign='top' class='vncell'><?php echo gettext("Define"); ?> <?=$label;?></td> + <td width="70%" class="vtable"> + <input name="def_<?=$key;?>" size="40" + type="text" autocomplete="off" class="formfldalias" id="def_<?=$key;?>" + value="<?=$value;?>" title="<?=$title;?>"> <br/> + <span class="vexpl"><?php echo gettext("Default value:"); ?> "<?=$server;?>" <br/><?php echo gettext("Leave " . + "blank for default value."); ?></span> + </td> + </tr> +<?php endforeach; ?> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Define Ports (port variables)"); ?></td> + </tr> +<?php + foreach ($suricata_ports as $key => $server): + if (strlen($server) > 40) + $server = substr($server, 0, 40) . "..."; + $label = strtoupper($key); + $value = ""; + $title = ""; + if (!empty($pconfig["def_{$key}"])) { + $value = htmlspecialchars($pconfig["def_{$key}"]); + $title = trim(filter_expand_alias($pconfig["def_{$key}"])); + } +?> + <tr> + <td width='30%' valign='top' class='vncell'><?php echo gettext("Define"); ?> <?=$label;?></td> + <td width="70%" class="vtable"> + <input name="def_<?=$key;?>" type="text" size="40" autocomplete="off" class="formfldalias" id="def_<?=$key;?>" + value="<?=$value;?>" title="<?=$title;?>"> <br/> + <span class="vexpl"><?php echo gettext("Default value:"); ?> "<?=$server;?>" <br/> <?php echo gettext("Leave " . + "blank for default value."); ?></span> + </td> + </tr> +<?php endforeach; ?> + <tr> + <td width="30%" valign="top"> </td> + <td width="70%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input name="id" type="hidden" value="<?=$id;?>"> + </td> + </tr> + </table> +</div> +</td></tr> +</table> +</form> +<script type="text/javascript"> +//<![CDATA[ + var addressarray = <?= json_encode(get_alias_list(array("host", "network"))) ?>; + var portsarray = <?= json_encode(get_alias_list("port")) ?>; + + function createAutoSuggest() { + <?php + foreach ($suricata_servers as $key => $server) + echo " var objAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(addressarray));\n"; + foreach ($suricata_ports as $key => $server) + echo "var pobjAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(portsarray));\n"; + ?> + } + +setTimeout("createAutoSuggest();", 500); + +//]]> +</script> + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_download_rules.php b/config/suricata/suricata_download_rules.php new file mode 100644 index 00000000..26737dcf --- /dev/null +++ b/config/suricata/suricata_download_rules.php @@ -0,0 +1,97 @@ +<?php +/* + * suricata_download_rules.php + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("functions.inc"); +require_once("service-utils.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g; + +$pgtitle = "Services: Suricata - Update Rules"; +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> +<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> + +<form action="/suricata/suricata_download_updates.php" method="GET"> + +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td align="center"><div id="boxarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="tabcont" align="center"> + <table width="420" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td style="background:url('../themes/<?= $g['theme']; ?>/images/misc/bar_left.gif')" height="15" width="5"></td> + <td style="background:url('../themes/<?= $g['theme']; ?>/images/misc/bar_gray.gif')" height="15" width="410"> + <table id="progholder" width='410' cellpadding='0' cellspacing='0'> + <tr> + <td align="left"><img border='0' src='../themes/<?= $g['theme']; ?>/images/misc/bar_blue.gif' + width='0' height='15' name='progressbar' id='progressbar' alt='' /></td + </tr> + </table></td> + <td style="background:url('../themes/<?= $g['theme']; ?>/images/misc/bar_right.gif')" height="15" width="5"></td> + </tr> + </table> + </td> + </tr> + <tr> + <td class="tabcont" align="center"> + <!-- status box --> + <textarea cols="85" rows="1" name="status" id="status" wrap="soft"><?=gettext("Initializing..."); ?>.</textarea> + <!-- command output box --> + <textarea cols="85" rows="12" name="output" id="output" wrap="soft"></textarea> + </td> + </tr> + <tr> + <td class="tabcont" align="center" valign="middle"><input type="submit" name="return" id="return" Value="Return"></td> + </tr> + </table> + </div> + </td> + </tr> +</table> +</form> +<?php include("fend.inc");?> +</body> +</html> +<?php + +$suricata_gui_include = true; +include("/usr/local/www/suricata/suricata_check_for_rule_updates.php"); + +/* hide progress bar and lets end this party */ +echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; + +?> diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php new file mode 100644 index 00000000..188255c8 --- /dev/null +++ b/config/suricata/suricata_download_updates.php @@ -0,0 +1,317 @@ +<?php +/* + * suricata_download_updates.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +/* Define some locally required variables from Suricata constants */ +$suricatadir = SURICATADIR; +$suricata_rules_upd_log = RULES_UPD_LOGFILE; + +$snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules']; +$emergingthreats = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; +$etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; +$snortcommunityrules = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules']; + +/* Get last update information if available */ +if (!empty($config['installedpackages']['suricata']['config'][0]['last_rule_upd_time'])) + $last_rule_upd_time = date('M-d Y H:i', $config['installedpackages']['suricata']['config'][0]['last_rule_upd_time']); +else + $last_rule_upd_time = gettext("Unknown"); +if (!empty($config['installedpackages']['suricata']['config'][0]['last_rule_upd_status'])) + $last_rule_upd_status = htmlspecialchars($config['installedpackages']['suricata']['config'][0]['last_rule_upd_status']); +else + $last_rule_upd_status = gettext("Unknown"); + +$snort_rules_file = VRT_DNLD_FILENAME; +$snort_community_rules_filename = GPLV2_DNLD_FILENAME; + +if ($etpro == "on") { + $emergingthreats_filename = ETPRO_DNLD_FILENAME; + $et_name = "Emerging Threats Pro Rules"; +} +else { + $emergingthreats_filename = ET_DNLD_FILENAME; + $et_name = "Emerging Threats Open Rules"; +} + +/* quick md5 chk of downloaded rules */ +if ($snortdownload == 'on') { + $snort_org_sig_chk_local = 'Not Downloaded'; + $snort_org_sig_date = 'Not Downloaded'; +} +else { + $snort_org_sig_chk_local = 'Not Enabled'; + $snort_org_sig_date = 'Not Enabled'; +} +if (file_exists("{$suricatadir}{$snort_rules_file}.md5")){ + $snort_org_sig_chk_local = file_get_contents("{$suricatadir}{$snort_rules_file}.md5"); + $snort_org_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$snort_rules_file}.md5")); +} + +if ($etpro == "on" || $emergingthreats == "on") { + $emergingt_net_sig_chk_local = 'Not Downloaded'; + $emergingt_net_sig_date = 'Not Downloaded'; +} +else { + $emergingt_net_sig_chk_local = 'Not Enabled'; + $emergingt_net_sig_date = 'Not Enabled'; +} +if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5")) { + $emergingt_net_sig_chk_local = file_get_contents("{$suricatadir}{$emergingthreats_filename}.md5"); + $emergingt_net_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$emergingthreats_filename}.md5")); +} + +if ($snortcommunityrules == 'on') { + $snort_community_sig_chk_local = 'Not Downloaded'; + $snort_community_sig_sig_date = 'Not Downloaded'; +} +else { + $snort_community_sig_chk_local = 'Not Enabled'; + $snort_community_sig_sig_date = 'Not Enabled'; +} +if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5")) { + $snort_community_sig_chk_local = file_get_contents("{$suricatadir}{$snort_community_rules_filename}.md5"); + $snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$snort_community_rules_filename}.md5")); +} + +/* Check for postback to see if we should clear the update log file. */ +if ($_POST['clear']) { + if (file_exists("{$suricata_rules_upd_log}")) + mwexec("/bin/rm -f {$suricata_rules_upd_log}"); +} + +if ($_POST['check']) { + // Go see if new updates for rule sets are available + header("Location: /suricata/suricata_download_rules.php"); + exit; +} + +if ($_POST['force']) { + // Mount file system R/W since we need to remove files + conf_mount_rw(); + + // Remove the existing MD5 signature files to force a download + if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5")) + @unlink("{$suricatadir}{$emergingthreats_filename}.md5"); + if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5")) + @unlink("{$suricatadir}{$snort_community_rules_filename}.md5"); + if (file_exists("{$suricatadir}{$snort_rules_file}.md5")) + @unlink("{$suricatadir}{$snort_rules_file}.md5"); + + // Revert file system to R/O. + conf_mount_ro(); + + // Go download the updates + header("Location: /suricata/suricata_download_rules.php"); + exit; +} + +/* check for logfile */ +if (file_exists("{$suricata_rules_upd_log}")) + $suricata_rules_upd_log_chk = 'yes'; +else + $suricata_rules_upd_log_chk = 'no'; + +if ($_POST['view']&& $suricata_rules_upd_log_chk == 'yes') { + $contents = @file_get_contents($suricata_rules_upd_log); + if (empty($contents)) + $input_errors[] = gettext("Unable to read log file: {$suricata_rules_upd_log}"); +} + +if ($_POST['hide']) + $contents = ""; + +$pgtitle = gettext("Suricata: Update Rules Set Files"); +include_once("head.inc"); +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php include("fbegin.inc"); ?> +<?php + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); + } + + if ($savemsg) { + print_info_box($savemsg); + } +?> +<form action="suricata_download_updates.php" method="post" name="iform" id="iform"> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), true, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea"> + <table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURE");?></td> + </tr> + <tr> + <td align="center"><br/> + <table width="95%" border="0" cellpadding="2" cellspacing="2"> + <thead> + <tr> + <th class="listhdrr"><?=gettext("Rule Set Name/Publisher");?></th> + <th class="listhdrr"><?=gettext("MD5 Signature Hash");?></th> + <th class="listhdrr"><?=gettext("MD5 Signature Date");?></th> + </tr> + </thead> + <tr> + <td align="center" class="vncell vexpl"><b><?=$et_name;?></b></td> + <td align="center" class="vncell vexpl"><? echo trim($emergingt_net_sig_chk_local);?></td> + <td align="center" class="vncell vexpl"><?php echo gettext($emergingt_net_sig_date);?></td> + </tr> + <tr> + <td align="center" class="vncell vexpl"><b>Snort VRT Rules</b></td> + <td align="center" class="vncell vexpl"><? echo trim($snort_org_sig_chk_local);?></td> + <td align="center" class="vncell vexpl"><?php echo gettext($snort_org_sig_date);?></td> + </tr> + <tr> + <td align="center" class="vncell vexpl"><b>Snort GPLv2 Community Rules</b></td> + <td align="center" class="vncell vexpl"><? echo trim($snort_community_sig_chk_local);?></td> + <td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_sig_date);?></td> + </tr> + </table><br/> + </td> + </tr> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("UPDATE YOUR RULE SET");?></td> + </tr> + <tr> + <td align="center"> + <table width="45%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr> + <td class="list" align="right"><strong><?php echo gettext("Last Update:");?></strong></td> + <td class="list" align="left"><?php echo $last_rule_upd_time;?></td> + </tr> + <tr> + <td class="list" align="right"><strong><?php echo gettext("Result:");?></strong></td> + <td class="list" align="left"><?php echo $last_rule_upd_status;?></td> + </tr> + </tbody> + </table> + </td> + </tr> + <tr> + <td align="center"> + <?php if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on'): ?> + <br/><button disabled="disabled"><?=gettext("Check");?></button> + <button disabled="disabled"><?=gettext("Force");?></button> + <br/> + <p style="text-align:center;" class="vexpl"> + <font class="red"><b><?php echo gettext("WARNING:");?></b></font> + <?php echo gettext('No rule types have been selected for download. ') . + gettext('Visit the ') . '<a href="/suricata/suricata_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?> + <br/></p> + <?php else: ?> + <br/> + <input type="submit" value="<?=gettext("Check");?>" name="check" id="check" class="formbtn" + title="<?php echo gettext("Check for new updates to enabled rule sets"); ?>"/> + <input type="submit" value="<?=gettext("Force");?>" name="force" id="force" class="formbtn" + title="<?=gettext("Force an update of all enabled rule sets");?>" + onclick="return confirm('<?=gettext("This will zero-out the MD5 hashes to force a fresh download of all enabled rule sets. Click OK to continue or CANCEL to quit");?>');"/> + <br/><br/> + <?php endif; ?> + </td> + </tr> + + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("MANAGE RULE SET LOG");?></td> + </tr> + <tr> + <td align="center" valign="middle" class="vexpl"> + <?php if ($suricata_rules_upd_log_chk == 'yes'): ?> + <br/> + <?php if (!empty($contents)): ?> + <input type="submit" value="<?php echo gettext("Hide"); ?>" name="hide" id="hide" class="formbtn" + title="<?php echo gettext("Hide rules update log"); ?>"/> + <?php else: ?> + <input type="submit" value="<?php echo gettext("View"); ?>" name="view" id="view" class="formbtn" + title="<?php echo gettext("View rules update log"); ?>"/> + <?php endif; ?> + + <input type="submit" value="<?php echo gettext("Clear"); ?>" name="clear" id="clear" class="formbtn" + title="<?php echo gettext("Clear rules update log"); ?>" onClick="return confirm('Are you sure you want to delete the log contents?\nOK to confirm, or CANCEL to quit');"/> + <br/> + <?php else: ?> + <br/> + <button disabled='disabled'><?php echo gettext("View Log"); ?></button><br/><?php echo gettext("Log is empty."); ?><br/> + <?php endif; ?> + <br/><?php echo gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); ?><br/><br/> + </td> + </tr> + <?php if (!empty($contents)): ?> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("RULE SET UPDATE LOG");?></td> + </tr> + <tr> + <td align="center"> + <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea style="width:100%; height:100%;" readonly wrap="off" rows="24" cols="80" name="logtext"><?=$contents;?></textarea> + </div> + </td> + </tr> + <?php endif; ?> + <tr> + <td align="center"> + <span class="vexpl"><br/> + <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span> + <a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" . + gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" . + gettext(" will go down from time to time. Please be patient."); ?></span><br/> + </td> + </tr> + </table> + </div> + </td> +</tr> +</table> +<!-- end of final table --> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php new file mode 100644 index 00000000..cc00f350 --- /dev/null +++ b/config/suricata/suricata_flow_stream.php @@ -0,0 +1,835 @@ +<?php +/* + * suricata_flow_stream.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); +if (is_null($id)) + $id=0; + +if (!is_array($config['installedpackages']['suricata'])) + $config['installedpackages']['suricata'] = array(); +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); + +// Initialize required array variables as necessary +if (!is_array($config['aliases']['alias'])) + $config['aliases']['alias'] = array(); +$a_aliases = $config['aliases']['alias']; + +// Initialize Host-OS Policy engine arrays if necessary +if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'])) + $config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array(); + +$a_nat = &$config['installedpackages']['suricata']['rule']; + +$host_os_policy_engine_next_id = count($a_nat[$id]['host_os_policy']['item']); + +// Build a lookup array of currently used engine 'bind_to' Aliases +// so we can screen matching Alias names from the list. +$used = array(); +foreach ($a_nat[$id]['host_os_policy']['item'] as $v) + $used[$v['bind_to']] = true; + +$pconfig = array(); +if (isset($id) && $a_nat[$id]) { + /* Get current values from config for page form fields */ + $pconfig = $a_nat[$id]; + + // See if Host-OS policy engine array is configured and use + // it; otherwise create a default engine configuration. + if (empty($pconfig['host_os_policy']['item'])) { + $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd" ); + $pconfig['host_os_policy']['item'] = array(); + $pconfig['host_os_policy']['item'][] = $default; + if (!is_array($a_nat[$id]['host_os_policy']['item'])) + $a_nat[$id]['host_os_policy']['item'] = array(); + $a_nat[$id]['host_os_policy']['item'][] = $default; + write_config(); + $host_os_policy_engine_next_id++; + } + else + $pconfig['host_os_policy'] = $a_nat[$id]['host_os_policy']; +} + +// Check for "import or select alias mode" and set flags if TRUE. +// "selectalias", when true, displays radio buttons to limit +// multiple selections. +if ($_POST['import_alias']) { + $importalias = true; + $selectalias = false; + $title = "Host Operating System Policy"; +} +elseif ($_POST['select_alias']) { + $importalias = true; + $selectalias = true; + $title = "Host Operating System Policy"; + + // Preserve current OS Policy Engine settings + $eng_id = $_POST['eng_id']; + $eng_name = $_POST['policy_name']; + $eng_bind = $_POST['policy_bind_to']; + $eng_policy = $_POST['policy']; + $mode = "add_edit_os_policy"; +} + +if ($_POST['save_os_policy']) { + if ($_POST['eng_id'] != "") { + $eng_id = $_POST['eng_id']; + + // Grab all the POST values and save in new temp array + $engine = array(); + $policy_name = trim($_POST['policy_name']); + if ($policy_name) { + $engine['name'] = $policy_name; + } + else { + $input_errors[] = gettext("The 'Policy Name' value cannot be blank."); + $add_edit_os_policy = true; + } + if ($_POST['policy_bind_to']) { + if (is_alias($_POST['policy_bind_to'])) + $engine['bind_to'] = $_POST['policy_bind_to']; + elseif (strtolower(trim($_POST['policy_bind_to'])) == "all") + $engine['bind_to'] = "all"; + else { + $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value."); + $add_edit_os_policy = true; + } + } + else { + $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'."); + $add_edit_os_policy = true; + } + + if ($_POST['policy']) { $engine['policy'] = $_POST['policy']; } else { $engine['policy'] = "bsd"; } + + // Can only have one "all" Bind_To address + if ($engine['bind_to'] == "all" && $engine['name'] <> "default") { + $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses."); + $add_edit_os_policy = true; + $pengcfg = $engine; + } + + // if no errors, write new entry to conf + if (!$input_errors) { + if (isset($eng_id) && $a_nat[$id]['host_os_policy']['item'][$eng_id]) { + $a_nat[$id]['host_os_policy']['item'][$eng_id] = $engine; + } + else + $a_nat[$id]['host_os_policy']['item'][] = $engine; + + /* Reorder the engine array to ensure the */ + /* 'bind_to=all' entry is at the bottom */ + /* if it contains more than one entry. */ + if (count($a_nat[$id]['host_os_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } + } + /* Only relocate the entry if we */ + /* found it, and it's not already */ + /* at the end. */ + if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['host_os_policy']['item'][$i]; + unset($a_nat[$id]['host_os_policy']['item'][$i]); + $a_nat[$id]['host_os_policy']['item'][] = $tmp; + } + } + + // Now write the new engine array to conf + write_config(); + $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item']; + } + } +} +elseif ($_POST['add_os_policy']) { + $add_edit_os_policy = true; + $pengcfg = array( "name" => "engine_{$host_os_policy_engine_next_id}", "bind_to" => "", "policy" => "bsd" ); + $eng_id = $host_os_policy_engine_next_id; +} +elseif ($_POST['edit_os_policy']) { + if ($_POST['eng_id'] != "") { + $add_edit_os_policy = true; + $eng_id = $_POST['eng_id']; + $pengcfg = $a_nat[$id]['host_os_policy']['item'][$eng_id]; + } +} +elseif ($_POST['del_os_policy']) { + $natent = array(); + $natent = $pconfig; + + if ($_POST['eng_id'] != "") { + unset($natent['host_os_policy']['item'][$_POST['eng_id']]); + $pconfig = $natent; + } + if (isset($id) && $a_nat[$id]) { + $a_nat[$id] = $natent; + write_config(); + } +} +elseif ($_POST['cancel_os_policy']) { + $add_edit_os_policy = false; +} +elseif ($_POST['ResetAll']) { + + /* Reset all the settings to defaults */ + $pconfig['ip_max_frags'] = "65535"; + $pconfig['ip_frag_timeout'] = "60"; + $pconfig['frag_memcap'] = '33554432'; + $pconfig['ip_max_trackers'] = '65535'; + $pconfig['frag_hash_size'] = '65536'; + + $pconfig['flow_memcap'] = '33554432'; + $pconfig['flow_prealloc'] = '10000'; + $pconfig['flow_hash_size'] = '65536'; + $pconfig['flow_emerg_recovery'] = '30'; + $pconfig['flow_prune'] = '5'; + + $pconfig['flow_tcp_new_timeout'] = '60'; + $pconfig['flow_tcp_established_timeout'] = '3600'; + $pconfig['flow_tcp_closed_timeout'] = '120'; + $pconfig['flow_tcp_emerg_new_timeout'] = '10'; + $pconfig['flow_tcp_emerg_established_timeout'] = '300'; + $pconfig['flow_tcp_emerg_closed_timeout'] = '20'; + + $pconfig['flow_udp_new_timeout'] = '30'; + $pconfig['flow_udp_established_timeout'] = '300'; + $pconfig['flow_udp_emerg_new_timeout'] = '10'; + $pconfig['flow_udp_emerg_established_timeout'] = '100'; + + $pconfig['flow_icmp_new_timeout'] = '30'; + $pconfig['flow_icmp_established_timeout'] = '300'; + $pconfig['flow_icmp_emerg_new_timeout'] = '10'; + $pconfig['flow_icmp_emerg_established_timeout'] = '100'; + + $pconfig['stream_memcap'] = '33554432'; + $pconfig['stream_max_sessions'] = '262144'; + $pconfig['stream_prealloc_sessions'] = '32768'; + $pconfig['reassembly_memcap'] = '67108864'; + $pconfig['reassembly_depth'] = '1048576'; + $pconfig['reassembly_to_server_chunk'] = '2560'; + $pconfig['reassembly_to_client_chunk'] = '2560'; + $pconfig['enable_midstream_sessions'] = 'off'; + $pconfig['enable_async_sessions'] = 'off'; + + /* Log a message at the top of the page to inform the user */ + $savemsg = gettext("All flow and stream settings have been reset to their defaults."); +} +elseif ($_POST['save']) { + $natent = array(); + $natent = $pconfig; + + // TODO: validate input values + + /* if no errors write to conf */ + if (!$input_errors) { + if ($_POST['ip_max_frags'] != "") { $natent['ip_max_frags'] = $_POST['ip_max_frags']; }else{ $natent['ip_max_frags'] = "65535"; } + if ($_POST['ip_frag_timeout'] != "") { $natent['ip_frag_timeout'] = $_POST['ip_frag_timeout']; }else{ $natent['ip_frag_timeout'] = "60"; } + if ($_POST['frag_memcap'] != "") { $natent['frag_memcap'] = $_POST['frag_memcap']; }else{ $natent['frag_memcap'] = "33554432"; } + if ($_POST['ip_max_trackers'] != "") { $natent['ip_max_trackers'] = $_POST['ip_max_trackers']; }else{ $natent['ip_max_trackers'] = "65535"; } + if ($_POST['frag_hash_size'] != "") { $natent['frag_hash_size'] = $_POST['frag_hash_size']; }else{ $natent['frag_hash_size'] = "65536"; } + if ($_POST['flow_memcap'] != "") { $natent['flow_memcap'] = $_POST['flow_memcap']; }else{ $natent['flow_memcap'] = "33554432"; } + if ($_POST['flow_prealloc'] != "") { $natent['flow_prealloc'] = $_POST['flow_prealloc']; }else{ $natent['flow_prealloc'] = "10000"; } + if ($_POST['flow_hash_size'] != "") { $natent['flow_hash_size'] = $_POST['flow_hash_size']; }else{ $natent['flow_hash_size'] = "65536"; } + if ($_POST['flow_emerg_recovery'] != "") { $natent['flow_emerg_recovery'] = $_POST['flow_emerg_recovery']; }else{ $natent['flow_emerg_recovery'] = "30"; } + if ($_POST['flow_prune'] != "") { $natent['flow_prune'] = $_POST['flow_prune']; }else{ $natent['flow_prune'] = "5"; } + + if ($_POST['flow_tcp_new_timeout'] != "") { $natent['flow_tcp_new_timeout'] = $_POST['flow_tcp_new_timeout']; }else{ $natent['flow_tcp_new_timeout'] = "60"; } + if ($_POST['flow_tcp_established_timeout'] != "") { $natent['flow_tcp_established_timeout'] = $_POST['flow_tcp_established_timeout']; }else{ $natent['flow_tcp_established_timeout'] = "3600"; } + if ($_POST['flow_tcp_closed_timeout'] != "") { $natent['flow_tcp_closed_timeout'] = $_POST['flow_tcp_closed_timeout']; }else{ $natent['flow_tcp_closed_timeout'] = "120"; } + if ($_POST['flow_tcp_emerg_new_timeout'] != "") { $natent['flow_tcp_emerg_new_timeout'] = $_POST['flow_tcp_emerg_new_timeout']; }else{ $natent['flow_tcp_emerg_new_timeout'] = "10"; } + if ($_POST['flow_tcp_emerg_established_timeout'] != "") { $natent['flow_tcp_emerg_established_timeout'] = $_POST['flow_tcp_emerg_established_timeout']; }else{ $natent['flow_tcp_emerg_established_timeout'] = "300"; } + if ($_POST['flow_tcp_emerg_closed_timeout'] != "") { $natent['flow_tcp_emerg_closed_timeout'] = $_POST['flow_tcp_emerg_closed_timeout']; }else{ $natent['flow_tcp_emerg_closed_timeout'] = "20"; } + + if ($_POST['flow_udp_new_timeout'] != "") { $natent['flow_udp_new_timeout'] = $_POST['flow_udp_new_timeout']; }else{ $natent['flow_udp_new_timeout'] = "30"; } + if ($_POST['flow_udp_established_timeout'] != "") { $natent['flow_udp_established_timeout'] = $_POST['flow_udp_established_timeout']; }else{ $natent['flow_udp_established_timeout'] = "300"; } + if ($_POST['flow_udp_emerg_new_timeout'] != "") { $natent['flow_udp_emerg_new_timeout'] = $_POST['flow_udp_emerg_new_timeout']; }else{ $natent['flow_udp_emerg_new_timeout'] = "10"; } + if ($_POST['flow_udp_emerg_established_timeout'] != "") { $natent['flow_udp_emerg_established_timeout'] = $_POST['flow_udp_emerg_established_timeout']; }else{ $natent['flow_udp_emerg_established_timeout'] = "100"; } + + if ($_POST['flow_icmp_new_timeout'] != "") { $natent['flow_icmp_new_timeout'] = $_POST['flow_icmp_new_timeout']; }else{ $natent['flow_icmp_new_timeout'] = "30"; } + if ($_POST['flow_icmp_established_timeout'] != "") { $natent['flow_icmp_established_timeout'] = $_POST['flow_icmp_established_timeout']; }else{ $natent['flow_icmp_established_timeout'] = "300"; } + if ($_POST['flow_icmp_emerg_new_timeout'] != "") { $natent['flow_icmp_emerg_new_timeout'] = $_POST['flow_icmp_emerg_new_timeout']; }else{ $natent['flow_icmp_emerg_new_timeout'] = "10"; } + if ($_POST['flow_icmp_emerg_established_timeout'] != "") { $natent['flow_icmp_emerg_established_timeout'] = $_POST['flow_icmp_emerg_established_timeout']; }else{ $natent['flow_icmp_emerg_established_timeout'] = "100"; } + + if ($_POST['stream_memcap'] != "") { $natent['stream_memcap'] = $_POST['stream_memcap']; }else{ $natent['stream_memcap'] = "33554432"; } + if ($_POST['stream_max_sessions'] != "") { $natent['stream_max_sessions'] = $_POST['stream_max_sessions']; }else{ $natent['stream_max_sessions'] = "262144"; } + if ($_POST['stream_prealloc_sessions'] != "") { $natent['stream_prealloc_sessions'] = $_POST['stream_prealloc_sessions']; }else{ $natent['stream_prealloc_sessions'] = "32768"; } + if ($_POST['enable_midstream_sessions'] == "on") { $natent['enable_midstream_sessions'] = 'on'; }else{ $natent['enable_midstream_sessions'] = 'off'; } + if ($_POST['enable_async_sessions'] == "on") { $natent['enable_async_sessions'] = 'on'; }else{ $natent['enable_async_sessions'] = 'off'; } + if ($_POST['reassembly_memcap'] != "") { $natent['reassembly_memcap'] = $_POST['reassembly_memcap']; }else{ $natent['reassembly_memcap'] = "67108864"; } + if ($_POST['reassembly_depth'] != "") { $natent['reassembly_depth'] = $_POST['reassembly_depth']; }else{ $natent['reassembly_depth'] = "1048576"; } + if ($_POST['reassembly_to_server_chunk'] != "") { $natent['reassembly_to_server_chunk'] = $_POST['reassembly_to_server_chunk']; }else{ $natent['reassembly_to_server_chunk'] = "2560"; } + if ($_POST['reassembly_to_client_chunk'] != "") { $natent['reassembly_to_client_chunk'] = $_POST['reassembly_to_client_chunk']; }else{ $natent['reassembly_to_client_chunk'] = "2560"; } + + /**************************************************/ + /* If we have a valid rule ID, save configuration */ + /* then update the suricata.conf file for this */ + /* interface. */ + /**************************************************/ + if (isset($id) && $a_nat[$id]) { + $a_nat[$id] = $natent; + write_config(); + $rebuild_rules = false; + suricata_generate_yaml($natent); + } + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: suricata_flow_stream.php?id=$id"); + exit; + } +} +elseif ($_POST['save_import_alias']) { + // If saving out of "select alias" mode, + // then return to Host OS Policy Engine edit + // page. + if ($_POST['mode'] =='add_edit_os_policy') { + $pengcfg = array(); + $eng_id = $_POST['eng_id']; + $pengcfg['name'] = $_POST['eng_name']; + $pengcfg['bind_to'] = $_POST['eng_bind']; + $pengcfg['policy'] = $_POST['eng_policy']; + $add_edit_os_policy = true; + $mode = "add_edit_os_policy"; + + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) { + $pengcfg['bind_to'] = $_POST['aliastoimport'][0]; + $importalias = false; + $selectalias = false; + } + else { + $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE."); + $importalias = true; + $selectalias = true; + $eng_id = $_POST['eng_id']; + $eng_name = $_POST['eng_name']; + $eng_bind = $_POST['eng_bind']; + $eng_policy = $_POST['eng_policy']; + } + } + else { + // Assume we are importing one or more aliases + // for use in new Host OS Policy engines. + $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" ); + + // See if anything was checked to import + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) { + foreach ($_POST['aliastoimport'] as $item) { + $engine['name'] = strtolower($item); + $engine['bind_to'] = $item; + $a_nat[$id]['host_os_policy']['item'][] = $engine; + } + } + else { + $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); + $importalias = true; + } + + // if no errors, write new entry to conf + if (!$input_errors) { + // Reorder the engine array to ensure the + // 'bind_to=all' entry is at the bottom if + // the array contains more than one entry. + if (count($a_nat[$id]['host_os_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } + } + // Only relocate the entry if we + // found it, and it's not already + // at the end. + if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['host_os_policy']['item'][$i]; + unset($a_nat[$id]['host_os_policy']['item'][$i]); + $a_nat[$id]['host_os_policy']['item'][] = $tmp; + } + $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item']; + } + + // Write the new engine array to config file + write_config(); + $importalias = false; + $selectalias = false; + } + } +} +elseif ($_POST['cancel_import_alias']) { + $importalias = false; + $selectalias = false; + $eng_id = $_POST['eng_id']; + + // If cancelling out of "select alias" mode, + // then return to Host OS Policy Engine edit + // page. + if ($_POST['mode'] == 'add_edit_os_policy') { + $pengcfg = array(); + $pengcfg['name'] = $_POST['eng_name']; + $pengcfg['bind_to'] = $_POST['eng_bind']; + $pengcfg['policy'] = $_POST['eng_policy']; + $add_edit_os_policy = true; + } +} + +$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$pgtitle = gettext("Suricata: Interface {$if_friendly} - Flow and Stream"); +include_once("head.inc"); +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); + + /* Display error or save message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + if ($savemsg) { + print_info_box($savemsg); + } +?> + +<form action="suricata_flow_stream.php" method="post" name="iform" id="iform"> +<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/> +<input type="hidden" name="id" id="id" value="<?=$id;?>"/> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); + echo '</td></tr>'; + echo '<tr><td>'; + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), true, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr><td><div id="mainarea"> + +<?php if ($importalias) : ?> + <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); + if ($selectalias) { + echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>'; + echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>'; + echo '<input type="hidden" name="eng_policy" value="' . $eng_policy . '"/>'; + } + ?> + +<?php elseif ($add_edit_os_policy) : ?> + <?php include("/usr/local/www/suricata/suricata_os_policy_engine.php"); ?> + +<?php else: ?> + +<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host-Specific Defrag and Stream Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Host OS Policy Assignment"); ?></td> + <td width="78%" class="vtable"> + <table width="95%" align="left" id="hostOSEnginesTable" style="table-layout: fixed;" border="0" cellspacing="0" cellpadding="0"> + <colgroup> + <col width="45%" align="left"> + <col width="45%" align="center"> + <col width="10%" align="right"> + </colgroup> + <thead> + <tr> + <th class="listhdrr" axis="string"><?php echo gettext("Name");?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th> + <th class="list" align="right"><input type="image" name="import_alias[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17" + height="17" border="0" title="<?php echo gettext("Import policy configuration from existing Aliases");?>"/> + <input type="image" name="add_os_policy[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17" + height="17" border="0" title="<?php echo gettext("Add a new policy configuration");?>"/></th> + </tr> + </thead> + <?php foreach ($pconfig['host_os_policy']['item'] as $f => $v): ?> + <tr> + <td class="listlr" align="left"><?=gettext($v['name']);?></td> + <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td> + <td class="listt" align="right"><input type="image" name="edit_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'" + src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"/> + <?php if ($v['bind_to'] <> "all") : ?> + <input type="image" name="del_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this policy configuration");?>"/> + <?php else : ?> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" + title="<?=gettext("Default policy configuration cannot be deleted");?>"> + <?php endif ?> + </td> + </tr> + <?php endforeach; ?> + </table> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Defragmentation"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Fragmentation Memory Cap"); ?></td> + <td width="78%" class="vtable"> + <input name="frag_memcap" type="text" class="formfld unknown" id="frag_memcap" size="9" + value="<?=htmlspecialchars($pconfig['frag_memcap']);?>"> + <?php echo gettext("Max memory to be used for defragmentation. Default is ") . + "<strong>" . gettext("33,554,432") . "</strong>" . gettext(" bytes (32 MB)."); ?><br/><br/> + <?php echo gettext("Sets the maximum amount of memory, in bytes, to be used by the IP defragmentation engine."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Max Trackers");?></td> + <td width="78%" class="vtable"><input name="ip_max_trackers" type="text" class="formfld unknown" id="ip_max_trackers" size="9" value="<?=htmlspecialchars($pconfig['ip_max_trackers']);?>"> + <?php echo gettext("Number of defragmented flows to follow. Default is ") . + "<strong>" . gettext("65,535") . "</strong>" . gettext(" fragments.");?><br/><br/> + <?php echo gettext("Sets the number of defragmented flows to follow for reassembly."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Max Fragments");?></td> + <td width="78%" class="vtable"><input name="ip_max_frags" type="text" class="formfld unknown" id="ip_max_frags" size="9" value="<?=htmlspecialchars($pconfig['ip_max_frags']);?>"> + <?php echo gettext("Maximum number of IP fragments to hold. Default is ") . "<strong>" . gettext("65,535") . "</strong>" . gettext(" fragments.");?><br/><br/> + <?php echo gettext("Sets the maximum number of IP fragments to retain in memory while awaiting reassembly."); ?><br/><br/> + <span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("This must be equal to or greater than the Max Trackers value specified above."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Fragmentation Hash Table Size"); ?></td> + <td width="78%" class="vtable"> + <input name="frag_hash_size" type="text" class="formfld unknown" id="frag_hash_size" size="9" + value="<?=htmlspecialchars($pconfig['frag_hash_size']);?>"> + <?php echo gettext("Hash Table size. Default is ") . "<strong>" . gettext("65,536") . "</strong>" . gettext(" entries."); ?><br/><br/> + <?php echo gettext("Sets the size of the Hash Table used by the defragmentation engine."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Timeout");?></td> + <td width="78%" class="vtable"><input name="ip_frag_timeout" type="text" class="formfld unknown" id="ip_frag_timeout" size="9" value="<?=htmlspecialchars($pconfig['ip_frag_timeout']);?>"> + <?php echo gettext("Max seconds to hold an IP fragement. Default is ") . + "<strong>" . gettext("60") . "</strong>" . gettext(" seconds.");?><br/><br/> + <?php echo gettext("Sets the number of seconds to hold an IP fragment in memory while awaiting the remainder of the packet to arrive."); ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Flow Manager Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Flow Memory Cap"); ?></td> + <td width="78%" class="vtable"> + <input name="flow_memcap" type="text" class="formfld unknown" id="flow_memcap" size="9" + value="<?=htmlspecialchars($pconfig['flow_memcap']);?>"> + <?php echo gettext("Max memory, in bytes, to be used by the flow engine. Default is ") . + "<strong>" . gettext("33,554,432") . "</strong>" . gettext(" bytes (32 MB)"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Flow Hash Table Size"); ?></td> + <td width="78%" class="vtable"> + <input name="flow_hash_size" type="text" class="formfld unknown" id="flow_hash_size" size="9" + value="<?=htmlspecialchars($pconfig['flow_hash_size']);?>"> + <?php echo gettext("Hash Table size used by the flow engine. Default is ") . + "<strong>" . gettext("65,536") . "</strong>" . gettext(" entries."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Preallocated Flows"); ?></td> + <td width="78%" class="vtable"> + <input name="flow_prealloc" type="text" class="formfld unknown" id="flow_prealloc" size="9" + value="<?=htmlspecialchars($pconfig['flow_prealloc']);?>"> + <?php echo gettext("Number of preallocated flows ready for use. Default is ") . + "<strong>" . gettext("10,000") . "</strong>" . gettext(" flows."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Emergency Recovery"); ?></td> + <td width="78%" class="vtable"> + <input name="flow_emerg_recovery" type="text" class="formfld unknown" id="flow_emerg_recovery" size="9" + value="<?=htmlspecialchars($pconfig['flow_emerg_recovery']);?>"> + <?php echo gettext("Percentage of preallocated flows to complete before exiting Emergency Mode. Default is ") . + "<strong>" . gettext("30%") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Prune Flows"); ?></td> + <td width="78%" class="vtable"> + <input name="flow_prune" type="text" class="formfld unknown" id="flow_prune" size="9" + value="<?=htmlspecialchars($pconfig['flow_prune']);?>"> + <?php echo gettext("Number of flows to prune in Emergency Mode when allocating a new flow. Default is ") . + "<strong>" . gettext("5") . "</strong>" . gettext(" flows."); ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Flow Timeout Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("TCP Connections"); ?></td> + <td width="78%" class="vtable"> + <table width="100%" cellspacing="4" cellpadding="0" border="0"> + <tr> + <td class="vexpl"><input name="flow_tcp_new_timeout" type="text" class="formfld unknown" id="flow_tcp_new_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_tcp_new_timeout']);?>"> + <?php echo gettext("New TCP connection timeout in seconds. Default is ") . "<strong>" . gettext("60") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_tcp_established_timeout" type="text" class="formfld unknown" id="flow_tcp_established_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_tcp_established_timeout']);?>"> + <?php echo gettext("Established TCP connection timeout in seconds. Default is ") . "<strong>" . gettext("3600") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_tcp_closed_timeout" type="text" class="formfld unknown" id="flow_tcp_closed_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_tcp_closed_timeout']);?>"> + <?php echo gettext("Closed TCP connection timeout in seconds. Default is ") . "<strong>" . gettext("120") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_tcp_emerg_new_timeout" type="text" class="formfld unknown" id="flow_tcp_emerg_new_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_tcp_emerg_new_timeout']);?>"> + <?php echo gettext("Emergency New TCP connection timeout in seconds. Default is ") . "<strong>" . gettext("10") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_tcp_emerg_established_timeout" type="text" class="formfld unknown" id="flow_tcp_emerg_established_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_tcp_emerg_established_timeout']);?>"> + <?php echo gettext("Emergency Established TCP connection timeout in seconds. Default is ") . "<strong>" . gettext("300") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_tcp_emerg_closed_timeout" type="text" class="formfld unknown" id="flow_tcp_emerg_closed_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_tcp_emerg_closed_timeout']);?>"> + <?php echo gettext("Emergency Closed TCP connection timeout in seconds. Default is ") . "<strong>" . gettext("20") . "</strong>."; ?> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("UDP Connections"); ?></td> + <td width="78%" class="vtable"> + <table width="100%" cellspacing="4" cellpadding="0" border="0"> + <tr> + <td class="vexpl"><input name="flow_udp_new_timeout" type="text" class="formfld unknown" id="flow_udp_new_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_udp_new_timeout']);?>"> + <?php echo gettext("New UDP connection timeout in seconds. Default is ") . "<strong>" . gettext("30") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_udp_established_timeout" type="text" class="formfld unknown" id="flow_udp_established_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_udp_established_timeout']);?>"> + <?php echo gettext("Established UDP connection timeout in seconds. Default is ") . "<strong>" . gettext("300") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_udp_emerg_new_timeout" type="text" class="formfld unknown" id="flow_udp_emerg_new_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_udp_emerg_new_timeout']);?>"> + <?php echo gettext("Emergency New UDP connection timeout in seconds. Default is ") . "<strong>" . gettext("10") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_udp_emerg_established_timeout" type="text" class="formfld unknown" id="flow_udp_emerg_established_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_udp_emerg_established_timeout']);?>"> + <?php echo gettext("Emergency Established UDP connection timeout in seconds. Default is ") . "<strong>" . gettext("100") . "</strong>."; ?> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("ICMP Connections"); ?></td> + <td width="78%" class="vtable"> + <table width="100%" cellspacing="4" cellpadding="0" border="0"> + <tr> + <td class="vexpl"><input name="flow_icmp_new_timeout" type="text" class="formfld unknown" id="flow_icmp_new_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_icmp_new_timeout']);?>"> + <?php echo gettext("New ICMP connection timeout in seconds. Default is ") . "<strong>" . gettext("30") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_icmp_established_timeout" type="text" class="formfld unknown" id="flow_icmp_established_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_icmp_established_timeout']);?>"> + <?php echo gettext("Established ICMP connection timeout in seconds. Default is ") . "<strong>" . gettext("300") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_icmp_emerg_new_timeout" type="text" class="formfld unknown" id="flow_icmp_emerg_new_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_icmp_emerg_new_timeout']);?>"> + <?php echo gettext("Emergency New ICMP connection timeout in seconds. Default is ") . "<strong>" . gettext("10") . "</strong>."; ?> + </td> + </tr> + <tr> + <td class="vexpl"><input name="flow_icmp_emerg_established_timeout" type="text" class="formfld unknown" id="flow_icmp_emerg_established_timeout" + size="9" value="<?=htmlspecialchars($pconfig['flow_icmp_emerg_established_timeout']);?>"> + <?php echo gettext("Emergency Established ICMP connection timeout in seconds. Default is ") . "<strong>" . gettext("100") . "</strong>."; ?> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Stream Engine Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Stream Memory Cap"); ?></td> + <td width="78%" class="vtable"> + <input name="stream_memcap" type="text" class="formfld unknown" id="stream_memcap" size="9" + value="<?=htmlspecialchars($pconfig['stream_memcap']);?>"> + <?php echo gettext("Max memory to be used by stream engine. Default is ") . + "<strong>" . gettext("33,554,432") . "</strong>" . gettext(" bytes (32MB)"); ?><br/><br/> + <?php echo gettext("Sets the maximum amount of memory, in bytes, to be used by the stream engine."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Max Sessions"); ?></td> + <td width="78%" class="vtable"> + <input name="stream_max_sessions" type="text" class="formfld unknown" id="stream_max_sessions" size="9" + value="<?=htmlspecialchars($pconfig['stream_max_sessions']);?>"> + <?php echo gettext("Max concurrent stream engine sessions. Default is ") . + "<strong>" . gettext("262,144") . "</strong>" . gettext(" sessions."); ?><br/><br/> + <?php echo gettext("Sets the maximum number of concurrent sessions to be used by the stream engine."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Preallocated Sessions"); ?></td> + <td width="78%" class="vtable"> + <input name="stream_prealloc_sessions" type="text" class="formfld unknown" id="stream_prealloc_sessions" size="9" + value="<?=htmlspecialchars($pconfig['stream_prealloc_sessions']);?>"> + <?php echo gettext("Number of preallocated stream engine sessions. Default is ") . + "<strong>" . gettext("32,768") . "</strong>" . gettext(" sessions."); ?><br/><br/> + <?php echo gettext("Sets the number of stream engine sessions to preallocate. This can be a performance enhancement."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Mid-Stream Sessions"); ?></td> + <td width="78%" class="vtable"><input name="enable_midstream_sessions" type="checkbox" value="on" <?php if ($pconfig['enable_midstream_sessions'] == "on") echo "checked"; ?>> + <?php echo gettext("Suricata will pick up and track sessions mid-stream. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Async Streams"); ?></td> + <td width="78%" class="vtable"><input name="enable_async_sessions" type="checkbox" value="on" <?php if ($pconfig['enable_async_sessions'] == "on") echo "checked"; ?>> + <?php echo gettext("Suricata will track asynchronous one-sided streams. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Reassembly Memory Cap"); ?></td> + <td width="78%" class="vtable"> + <input name="reassembly_memcap" type="text" class="formfld unknown" id="reassembly_memcap" size="9" + value="<?=htmlspecialchars($pconfig['reassembly_memcap']);?>"> + <?php echo gettext("Max memory to be used for stream reassembly. Default is ") . + "<strong>" . gettext("67,108,864") . "</strong>" . gettext(" bytes (64MB)."); ?><br/><br/> + <?php echo gettext("Sets the maximum amount of memory, in bytes, to be used for stream reassembly."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Reassembly Depth"); ?></td> + <td width="78%" class="vtable"> + <input name="reassembly_depth" type="text" class="formfld unknown" id="reassembly_depth" size="9" + value="<?=htmlspecialchars($pconfig['reassembly_depth']);?>"> + <?php echo gettext("Amount of a stream to reassemble. Default is ") . + "<strong>" . gettext("1,048,576") . "</strong>" . gettext(" bytes (1MB)."); ?><br/><br/> + <?php echo gettext("Sets the depth, in bytes, of a stream to be reassembled by the stream engine.") . "<br/>" . + "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . gettext("Set to 0 (unlimited) to reassemble entire stream. This is required for file extraction."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("To-Server Chunk Size"); ?></td> + <td width="78%" class="vtable"> + <input name="reassembly_to_server_chunk" type="text" class="formfld unknown" id="reassembly_to_server_chunk" size="9" + value="<?=htmlspecialchars($pconfig['reassembly_to_server_chunk']);?>"> + <?php echo gettext("Size of raw stream chunks to inspect. Default is ") . + "<strong>" . gettext("2,560") . "</strong>" . gettext(" bytes."); ?><br/><br/> + <?php echo gettext("Sets the chunk size, in bytes, for raw stream inspection performed for 'to-server' traffic."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("To-Client Chunk Size"); ?></td> + <td width="78%" class="vtable"> + <input name="reassembly_to_client_chunk" type="text" class="formfld unknown" id="reassembly_to_client_chunk" size="9" + value="<?=htmlspecialchars($pconfig['reassembly_to_client_chunk']);?>"> + <?php echo gettext("Amount of a stream to reassemble. Default is ") . + "<strong>" . gettext("2,560") . "</strong>" . gettext(" bytes."); ?><br/><br/> + <?php echo gettext("Sets the chunk size, in bytes, for raw stream inspection performed for 'to-client' traffic."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo + gettext("Save flow and stream settings"); ?>"> + <input name="id" type="hidden" value="<?=$id;?>"> + <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo + gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . + gettext("WARNING: This will reset ALL flow and stream settings to their defaults. Click OK to continue or CANCEL to quit.") . + "');\""; ?>></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: "); ?></strong></span></span> + <?php echo gettext("Please save your settings before you exit. Changes will rebuild the rules file. This "); ?> + <?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td> + </tr> +</table> + +<?php endif; ?> + +</div> +</td></tr></table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php new file mode 100644 index 00000000..0e348631 --- /dev/null +++ b/config/suricata/suricata_generate_yaml.php @@ -0,0 +1,525 @@ +<?php +/* + suricata_generate_yaml.php + + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +// Create required Suricata directories if they don't exist +$suricata_dirs = array( $suricatadir, $suricatacfgdir, "{$suricatacfgdir}/rules", + "{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}" ); +foreach ($suricata_dirs as $dir) { + if (!is_dir($dir)) + safe_mkdir($dir); +} + +// Copy required generic files to the interface sub-directory +$config_files = array( "classification.config", "reference.config", "gen-msg.map", "unicode.map" ); +foreach ($config_files as $file) { + if (file_exists("{$suricatadir}{$file}")) + @copy("{$suricatadir}{$file}", "{$suricatacfgdir}/{$file}"); +} + +// Create required files if they don't exist +$suricata_files = array( "{$suricatacfgdir}/magic" ); +foreach ($suricata_files as $file) { + if (!file_exists($file)) + file_put_contents($file, "\n"); +} + +// Read the configuration parameters for the passed interface +// and construct appropriate string variables for use in the +// suricata.yaml template include file. + +// Set HOME_NET and EXTERNAL_NET for the interface +$home_net_list = suricata_build_list($suricatacfg, $suricatacfg['homelistname']); +$home_net = implode(",", $home_net_list); +$home_net = trim($home_net); +$external_net = '!$HOME_NET'; +if (!empty($suricatacfg['externallistname']) && $suricatacfg['externallistname'] != 'default') { + $external_net_list = suricata_build_list($suricatacfg, $suricatacfg['externallistname']); + $external_net = implode(",", $external_net_list); + $external_net = trim($external_net); +} + +// Set default and user-defined variables for SERVER_VARS and PORT_VARS +$suricata_servers = array ( + "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", + "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", "dnp3_server" => "\$HOME_NET", + "dnp3_client" => "\$HOME_NET", "modbus_server" => "\$HOME_NET", "modbus_client" => "\$HOME_NET", + "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", + "aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24" +); +$addr_vars = ""; + foreach ($suricata_servers as $alias => $avalue) { + if (!empty($suricatacfg["def_{$alias}"]) && is_alias($suricatacfg["def_{$alias}"])) { + $avalue = trim(filter_expand_alias($suricatacfg["def_{$alias}"])); + $avalue = preg_replace('/\s+/', ',', trim($avalue)); + } + $addr_vars .= " " . strtoupper($alias) . ": \"{$avalue}\"\n"; + } +$addr_vars = trim($addr_vars); +if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port'])) + $ssh_port = $config['system']['ssh']['port']; +else + $ssh_port = "22"; +$suricata_ports = array( + "http_ports" => "80", + "oracle_ports" => "1521", + "ssh_ports" => $ssh_port, + "shellcode_ports" => "!80", + "DNP3_PORTS" => "20000", "file_data_ports" => "\$HTTP_PORTS,110,143" +); +$port_vars = ""; + foreach ($suricata_ports as $alias => $avalue) { + if (!empty($suricatacfg["def_{$alias}"]) && is_alias($suricatacfg["def_{$alias}"])) { + $avalue = trim(filter_expand_alias($suricatacfg["def_{$alias}"])); + $avalue = preg_replace('/\s+/', ',', trim($avalue)); + } + $port_vars .= " " . strtoupper($alias) . ": \"{$avalue}\"\n"; + } +$port_vars = trim($port_vars); + +// Define a Suppress List (Threshold) if one is configured +$suppress = suricata_find_list($suricatacfg['suppresslistname'], 'suppress'); +if (!empty($suppress)) { + $suppress_data = str_replace("\r", "", base64_decode($suppress['suppresspassthru'])); + @file_put_contents("{$suricatacfgdir}/threshold.config", $suppress_data); +} +else + @file_put_contents("{$suricatacfgdir}/threshold.config", ""); + +// Add interface-specific detection engine settings +if (!empty($suricatacfg['max_pending_packets'])) + $max_pend_pkts = $suricatacfg['max_pending_packets']; +else + $max_pend_pkts = 1024; + +if (!empty($suricatacfg['detect_eng_profile'])) + $detect_eng_profile = $suricatacfg['detect_eng_profile']; +else + $detect_eng_profile = "medium"; + +if (!empty($suricatacfg['sgh_mpm_context'])) + $sgh_mpm_ctx = $suricatacfg['sgh_mpm_context']; +else + $sgh_mpm_ctx = "auto"; + +if (!empty($suricatacfg['mpm_algo'])) + $mpm_algo = $suricatacfg['mpm_algo']; +else + $mpm_algo = "ac"; + +if (!empty($suricatacfg['inspect_recursion_limit']) || $suricatacfg['inspect_recursion_limit'] == '0') + $inspection_recursion_limit = $suricatacfg['inspect_recursion_limit']; +else + $inspection_recursion_limit = ""; + +// Add interface-specific logging settings +if ($suricatacfg['alertsystemlog'] == 'on') + $alert_syslog = "yes"; +else + $alert_syslog = "no"; + +if ($suricatacfg['enable_stats_log'] == 'on') + $stats_log_enabled = "yes"; +else + $stats_log_enabled = "no"; + +if (!empty($suricatacfg['stats_upd_interval'])) + $stats_upd_interval = $suricatacfg['stats_upd_interval']; +else + $stats_upd_interval = "10"; + +if ($suricatacfg['append_stats_log'] == 'on') + $stats_log_append = "yes"; +else + $stats_log_append = "no"; + +if ($suricatacfg['enable_http_log'] == 'on') + $http_log_enabled = "yes"; +else + $http_log_enabled = "no"; + +if ($suricatacfg['append_http_log'] == 'on') + $http_log_append = "yes"; +else + $http_log_append = "no"; + +if ($suricatacfg['enable_tls_log'] == 'on') + $tls_log_enabled = "yes"; +else + $tls_log_enabled = "no"; + +if ($suricatacfg['tls_log_extended'] == 'on') + $tls_log_extended = "yes"; +else + $tls_log_extended = "no"; + +if ($suricatacfg['enable_json_file_log'] == 'on') + $json_log_enabled = "yes"; +else + $json_log_enabled = "no"; + +if ($suricatacfg['append_json_file_log'] == 'on') + $json_log_append = "yes"; +else + $json_log_append = "no"; + +if ($suricatacfg['enable_tracked_files_magic'] == 'on') + $json_log_magic = "yes"; +else + $json_log_magic = "no"; + +if ($suricatacfg['enable_tracked_files_md5'] == 'on') + $json_log_md5 = "yes"; +else + $json_log_md5 = "no"; + +if ($suricatacfg['enable_file_store'] == 'on') { + $file_store_enabled = "yes"; + if (!file_exists("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/file.waldo")) + @file_put_contents("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/file.waldo", ""); +} +else + $file_store_enabled = "no"; + +if ($suricatacfg['enable_pcap_log'] == 'on') + $pcap_log_enabled = "yes"; +else + $pcap_log_enabled = "no"; + +if (!empty($suricatacfg['max_pcap_log_size'])) + $pcap_log_limit_size = $suricatacfg['max_pcap_log_size']; +else + $pcap_log_limit_size = "32"; + +if (!empty($suricatacfg['max_pcap_log_files'])) + $pcap_log_max_files = $suricatacfg['max_pcap_log_files']; +else + $pcap_log_max_files = "1000"; + +if ($suricatacfg['barnyard_enable'] == 'on') + $barnyard2_enabled = "yes"; +else + $barnyard2_enabled = "no"; + +if (isset($config['installedpackages']['suricata']['config'][0]['unified2_log_limit'])) + $unified2_log_limit = "{$config['installedpackages']['suricata']['config'][0]['unified2_log_limit']}mb"; +else + $unified2_log_limit = "32mb"; + +if (isset($suricatacfg['barnyard_sensor_id'])) + $unified2_sensor_id = $suricatacfg['barnyard_sensor_id']; +else + $unified2_sensor_id = "0"; + +// Add interface-specific IP defrag settings +if (!empty($suricatacfg['frag_memcap'])) + $frag_memcap = $suricatacfg['frag_memcap']; +else + $frag_memcap = "33554432"; + +if (!empty($suricatacfg['ip_max_trackers'])) + $ip_max_trackers = $suricatacfg['ip_max_trackers']; +else + $ip_max_trackers = "65535"; + +if (!empty($suricatacfg['ip_max_frags'])) + $ip_max_frags = $suricatacfg['ip_max_frags']; +else + $ip_max_frags = "65535"; + +if (!empty($suricatacfg['frag_hash_size'])) + $frag_hash_size = $suricatacfg['frag_hash_size']; +else + $frag_hash_size = "65536"; + +if (!empty($suricatacfg['ip_frag_timeout'])) + $ip_frag_timeout = $suricatacfg['ip_frag_timeout']; +else + $ip_frag_timeout = "60"; + +// Add interface-specific flow manager setttings +if (!empty($suricatacfg['flow_memcap'])) + $flow_memcap = $suricatacfg['flow_memcap']; +else + $flow_memcap = "33554432"; + +if (!empty($suricatacfg['flow_hash_size'])) + $flow_hash_size = $suricatacfg['flow_hash_size']; +else + $flow_hash_size = "65536"; + +if (!empty($suricatacfg['flow_prealloc'])) + $flow_prealloc = $suricatacfg['flow_prealloc']; +else + $flow_prealloc = "10000"; + +if (!empty($suricatacfg['flow_emerg_recovery'])) + $flow_emerg_recovery = $suricatacfg['flow_emerg_recovery']; +else + $flow_emerg_recovery = "30"; + +if (!empty($suricatacfg['flow_prune'])) + $flow_prune = $suricatacfg['flow_prune']; +else + $flow_prune = "5"; + +// Add interface-specific flow timeout setttings +if (!empty($suricatacfg['flow_tcp_new_timeout'])) + $flow_tcp_new_timeout = $suricatacfg['flow_tcp_new_timeout']; +else + $flow_tcp_new_timeout = "60"; + +if (!empty($suricatacfg['flow_tcp_established_timeout'])) + $flow_tcp_established_timeout = $suricatacfg['flow_tcp_established_timeout']; +else + $flow_tcp_established_timeout = "3600"; + +if (!empty($suricatacfg['flow_tcp_closed_timeout'])) + $flow_tcp_closed_timeout = $suricatacfg['flow_tcp_closed_timeout']; +else + $flow_tcp_closed_timeout = "120"; + +if (!empty($suricatacfg['flow_tcp_emerg_new_timeout'])) + $flow_tcp_emerg_new_timeout = $suricatacfg['flow_tcp_emerg_new_timeout']; +else + $flow_tcp_emerg_new_timeout = "10"; + +if (!empty($suricatacfg['flow_tcp_emerg_established_timeout'])) + $flow_tcp_emerg_established_timeout = $suricatacfg['flow_tcp_emerg_established_timeout']; +else + $flow_tcp_emerg_established_timeout = "300"; + +if (!empty($suricatacfg['flow_tcp_emerg_closed_timeout'])) + $flow_tcp_emerg_closed_timeout = $suricatacfg['flow_tcp_emerg_closed_timeout']; +else + $flow_tcp_emerg_closed_timeout = "20"; + +if (!empty($suricatacfg['flow_udp_new_timeout'])) + $flow_udp_new_timeout = $suricatacfg['flow_udp_new_timeout']; +else + $flow_udp_new_timeout = "30"; + +if (!empty($suricatacfg['flow_udp_established_timeout'])) + $flow_udp_established_timeout = $suricatacfg['flow_udp_established_timeout']; +else + $flow_udp_established_timeout = "300"; + +if (!empty($suricatacfg['flow_udp_emerg_new_timeout'])) + $flow_udp_emerg_new_timeout = $suricatacfg['flow_udp_emerg_new_timeout']; +else + $flow_udp_emerg_new_timeout = "10"; + +if (!empty($suricatacfg['flow_udp_emerg_established_timeout'])) + $flow_udp_emerg_established_timeout = $suricatacfg['flow_udp_emerg_established_timeout']; +else + $flow_udp_emerg_established_timeout = "100"; + +if (!empty($suricatacfg['flow_icmp_new_timeout'])) + $flow_icmp_new_timeout = $suricatacfg['flow_icmp_new_timeout']; +else + $flow_icmp_new_timeout = "30"; + +if (!empty($suricatacfg['flow_icmp_established_timeout'])) + $flow_icmp_established_timeout = $suricatacfg['flow_icmp_established_timeout']; +else + $flow_icmp_established_timeout = "300"; + +if (!empty($suricatacfg['flow_icmp_emerg_new_timeout'])) + $flow_icmp_emerg_new_timeout = $suricatacfg['flow_icmp_emerg_new_timeout']; +else + $flow_icmp_emerg_new_timeout = "10"; + +if (!empty($suricatacfg['flow_icmp_emerg_established_timeout'])) + $flow_icmp_emerg_established_timeout = $suricatacfg['flow_icmp_emerg_established_timeout']; +else + $flow_icmp_emerg_established_timeout = "100"; + +// Add interface-specific stream settings +if (!empty($suricatacfg['stream_memcap'])) + $stream_memcap = $suricatacfg['stream_memcap']; +else + $stream_memcap = "33554432"; + +if (!empty($suricatacfg['stream_max_sessions'])) + $stream_max_sessions = $suricatacfg['stream_max_sessions']; +else + $stream_max_sessions = "262144"; + +if (!empty($suricatacfg['stream_prealloc_sessions'])) + $stream_prealloc_sessions = $suricatacfg['stream_prealloc_sessions']; +else + $stream_prealloc_sessions = "32768"; + +if (!empty($suricatacfg['reassembly_memcap'])) + $reassembly_memcap = $suricatacfg['reassembly_memcap']; +else + $reassembly_memcap = "67108864"; + +if (!empty($suricatacfg['reassembly_depth']) || $suricatacfg['reassembly_depth'] == '0') + $reassembly_depth = $suricatacfg['reassembly_depth']; +else + $reassembly_depth = "1048576"; + +if (!empty($suricatacfg['reassembly_to_server_chunk'])) + $reassembly_to_server_chunk = $suricatacfg['reassembly_to_server_chunk']; +else + $reassembly_to_server_chunk = "2560"; + +if (!empty($suricatacfg['reassembly_to_client_chunk'])) + $reassembly_to_client_chunk = $suricatacfg['reassembly_to_client_chunk']; +else + $reassembly_to_client_chunk = "2560"; + +if ($suricatacfg['enable_midstream_sessions'] == 'on') + $stream_enable_midstream = "true"; +else + $stream_enable_midstream = "false"; + +if ($suricatacfg['enable_async_sessions'] == 'on') + $stream_enable_async = "true"; +else + $stream_enable_async = "false"; + +// Add the OS-specific host policies if configured, otherwise +// just set default to BSD for all networks. +if (!is_array($suricatacfg['host_os_policy']['item'])) + $suricatacfg['host_os_policy']['item'] = array(); +if (empty($suricatacfg['host_os_policy']['item'])) + $host_os_policy = "bsd: [0.0.0.0/0]"; +else { + foreach ($suricatacfg['host_os_policy']['item'] as $k => $v) { + $engine = "{$v['policy']}: "; + if ($v['bind_to'] <> "all") { + $tmp = trim(filter_expand_alias($v['bind_to'])); + if (!empty($tmp)) { + $engine .= "["; + $tmp = preg_replace('/\s+/', ',', $tmp); + $list = explode(',', $tmp); + foreach ($list as $addr) { + if (is_ipaddrv6($addr) || is_subnetv6($addr)) + $engine .= "\"{$addr}\", "; + elseif (is_ipaddrv4($addr) || is_subnetv4($addr)) + $engine .= "{$addr}, "; + else + log_error("[suricata] WARNING: invalid IP address value '{$addr}' in Alias {$v['bind_to']} will be ignored."); + } + $engine = trim($engine, ' ,'); + $engine .= "]"; + } + else { + log_error("[suricata] WARNING: unable to resolve IP List Alias '{$v['bind_to']}' for Host OS Policy '{$v['name']}' ... ignoring this entry."); + continue; + } + } + else + $engine .= "[0.0.0.0/0]"; + + $host_os_policy .= " {$engine}\n"; + } + // Remove trailing newline + $host_os_policy = trim($host_os_policy); +} + +// Add the HTTP Server-specific policies if configured, otherwise +// just set default to IDS for all networks. +if (!is_array($suricatacfg['libhtp_policy']['item'])) + $suricatacfg['libhtp_policy']['item'] = array(); +if (empty($suricatacfg['libhtp_policy']['item'])) { + $http_hosts_default_policy = "default-config:\n personality: IDS\n request-body-limit: 4096\n response-body-limit: 4096\n"; + $http_hosts_default_policy .= " double-decode-path: no\n double-decode-query: no\n"; +} +else { + foreach ($suricatacfg['libhtp_policy']['item'] as $k => $v) { + if ($v['bind_to'] <> "all") { + $engine = "server-config:\n - {$v['name']}:\n"; + $tmp = trim(filter_expand_alias($v['bind_to'])); + if (!empty($tmp)) { + $engine .= " address: ["; + $tmp = preg_replace('/\s+/', ',', $tmp); + $list = explode(',', $tmp); + foreach ($list as $addr) { + if (is_ipaddrv6($addr) || is_subnetv6($addr)) + $engine .= "\"{$addr}\", "; + elseif (is_ipaddrv4($addr) || is_subnetv4($addr)) + $engine .= "{$addr}, "; + else { + log_error("[suricata] WARNING: invalid IP address value '{$addr}' in Alias {$v['bind_to']} will be ignored."); + continue; + } + } + $engine = trim($engine, ' ,'); + $engine .= "]\n"; + $engine .= " personality: {$v['personality']}\n request-body-limit: {$v['request-body-limit']}\n"; + $engine .= " response-body-limit: {$v['response-body-limit']}\n"; + $engine .= " double-decode-path: {$v['double-decode-path']}\n"; + $engine .= " double-decode-query: {$v['double-decode-query']}\n"; + $http_hosts_policy .= " {$engine}\n"; + } + else { + log_error("[suricata] WARNING: unable to resolve IP List Alias '{$v['bind_to']}' for Host OS Policy '{$v['name']}' ... ignoring this entry."); + continue; + } + } + else { + $http_hosts_default_policy = " personality: {$v['personality']}\n request-body-limit: {$v['request-body-limit']}\n"; + $http_hosts_default_policy .= " response-body-limit: {$v['response-body-limit']}\n"; + $http_hosts_default_policy .= " double-decode-path: {$v['double-decode-path']}\n"; + $http_hosts_default_policy .= " double-decode-query: {$v['double-decode-query']}\n"; + } + } + // Remove trailing newline + $http_hosts_default_policy = trim($http_hosts_default_policy); + $http_hosts_policy = trim($http_hosts_policy); +} + +// Configure ASN1 max frames value +if (!empty($suricatacfg['asn1_max_frames'])) + $asn1_max_frames = $suricatacfg['asn1_max_frames']; +else + $asn1_max_frames = "256"; + +// Create the rules files and save in the interface directory +suricata_prepare_rule_files($suricatacfg, $suricatacfgdir); + +// Check and configure only non-empty rules files for the interface +$rules_files = ""; +if (filesize("{$suricatacfgdir}/rules/".ENFORCING_RULES_FILENAME) > 0) + $rules_files .= ENFORCING_RULES_FILENAME; +if (filesize("{$suricatacfgdir}/rules/".FLOWBITS_FILENAME) > 0) + $rules_files .= "\n - " . FLOWBITS_FILENAME; +if (filesize("{$suricatacfgdir}/rules/custom.rules") > 0) + $rules_files .= "\n - custom.rules"; +$rules_files = ltrim($rules_files, '\n -'); + +// Add the general logging settings to the configuration (non-interface specific) +if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] == 'on') + $suricata_use_syslog = "yes"; +else + $suricata_use_syslog = "no"; + +?> diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php new file mode 100644 index 00000000..938d6a97 --- /dev/null +++ b/config/suricata/suricata_global.php @@ -0,0 +1,396 @@ +<?php +/* + * suricata_global.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g; + +$suricatadir = SURICATADIR; + +$pconfig['enable_vrt_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules']; +$pconfig['oinkcode'] = $config['installedpackages']['suricata']['config'][0]['oinkcode']; +$pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['etprocode']; +$pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; +$pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; +$pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked']; +$pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate']; +$pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime']; +$pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates']; +$pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog']; +$pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings']; +$pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules']; + +if (empty($pconfig['autoruleupdatetime'])) + $pconfig['autoruleupdatetime'] = '00:30'; + +if ($_POST['autoruleupdatetime']) { + if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime'])) + $input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'."; +} + +if ($_POST['suricatadownload'] == "on" && empty($_POST['oinkcode'])) + $input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!"; + +if ($_POST['enable_etpro_rules'] == "on" && empty($_POST['etprocode'])) + $input_errors[] = "You must supply a subscription code in the box provided in order to enable Emerging Threats Pro rules!"; + +/* if no errors move foward with save */ +if (!$input_errors) { + if ($_POST["save"]) { + + $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] = $_POST['enable_vrt_rules'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'] = $_POST['enable_etopen_rules'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'] = $_POST['enable_etpro_rules'] ? 'on' : 'off'; + + // If any rule sets are being turned off, then remove them + // from the active rules section of each interface. Start + // by building an arry of prefixes for the disabled rules. + $disabled_rules = array(); + $disable_ips_policy = false; + if ($config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] == 'off') { + $disabled_rules[] = VRT_FILE_PREFIX; + $disable_ips_policy = true; + } + if ($config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] == 'off') + $disabled_rules[] = GPL_FILE_PREFIX; + if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'] == 'off') + $disabled_rules[] = ET_OPEN_FILE_PREFIX; + if ($config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'] == 'off') + $disabled_rules[] = ET_PRO_FILE_PREFIX; + + // Now walk all the configured interface rulesets and remove + // any matching the disabled ruleset prefixes. + if (is_array($config['installedpackages']['suricata']['rule'])) { + foreach ($config['installedpackages']['suricata']['rule'] as &$iface) { + // Disable Snort IPS policy if VRT rules are disabled + if ($disable_ips_policy) { + $iface['ips_policy_enable'] = 'off'; + unset($iface['ips_policy']); + } + $enabled_rules = explode("||", $iface['rulesets']); + foreach ($enabled_rules as $k => $v) { + foreach ($disabled_rules as $d) + if (strpos(trim($v), $d) !== false) + unset($enabled_rules[$k]); + } + $iface['rulesets'] = implode("||", $enabled_rules); + } + } + + $config['installedpackages']['suricata']['config'][0]['oinkcode'] = $_POST['oinkcode']; + $config['installedpackages']['suricata']['config'][0]['etprocode'] = $_POST['etprocode']; + $config['installedpackages']['suricata']['config'][0]['rm_blocked'] = $_POST['rm_blocked']; + $config['installedpackages']['suricata']['config'][0]['autoruleupdate'] = $_POST['autoruleupdate']; + + /* Check and adjust format of Rule Update Starttime string to add colon and leading zero if necessary */ + $pos = strpos($_POST['autoruleupdatetime'], ":"); + if ($pos === false) { + $tmp = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT); + $_POST['autoruleupdatetime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2); + } + $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT); + $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; + + $retval = 0; + + /* create whitelist and homenet file, then sync files */ + sync_suricata_package_config(); + + write_config(); + + /* forces page to reload new settings */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_global.php"); + exit; + } +} + +$pgtitle = gettext("Suricata: Global Settings"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); + +if($pfsense_stable == 'yes') + echo '<p class="pgtitle">' . $pgtitle . '</p>'; + +/* Display Alert message, under form tag or no refresh */ +if ($input_errors) + print_input_errors($input_errors); + +?> + +<form action="suricata_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Please Choose The Type Of Rules You Wish To Download");?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Emerging Threats") . "</strong>" . gettext(" rules");?></td> + <td width="78%" class="vtable"> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td valign="top" width="8%"><input name="enable_etopen_rules" type="checkbox" value="on" onclick="enable_et_rules();" + <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>/></td> + <td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " . + "is more limited than ETPro."); ?></span></td> + </tr> + <tr> + <td valign="top" width="8%"><input name="enable_etpro_rules" type="checkbox" value="on" onclick="enable_pro_rules();" + <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']=="on") echo "checked"; ?>/></td> + <td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td> + </tr> + <tr> + <td> </td> + <td><a href="http://www.emergingthreats.net/solutions/etpro-ruleset/" target="_blank"><?php echo gettext("Sign Up for an ETPro Account"); ?> </a></td> + </tr> + <tr> + <td> </td> + <td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . " " . + gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td> + </tr> + </table> + <table id="etpro_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td colspan="2"> </td> + </tr> + <tr> + <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("ETPro Subscription Configuration"); ?></span></b></td> + </tr> + <tr> + <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td> + <td><input name="etprocode" type="text" class="formfld unknown" id="etprocode" size="52" + value="<?=htmlspecialchars($pconfig['etprocode']);?>"/><br/> + <?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td> + </tr> + </table> + </td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Snort VRT") . "</strong>" . gettext(" rules");?></td> + <td width="78%" class="vtable"> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td><input name="enable_vrt_rules" type="checkbox" id="enable_vrt_rules" value="on" onclick="enable_snort_vrt();" + <?php if($pconfig['enable_vrt_rules']=='on') echo 'checked'; ?>/></td> + <td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td> + <tr> + <td> </td> + <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> + <a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank"> + <?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td> + </tr> + </table> + <table id="snort_oink_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td colspan="2"> </td> + </tr> + <tr> + <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Oinkmaster Configuration"); ?></span></b></td> + </tr> + <tr> + <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td> + <td><input name="oinkcode" type="text" class="formfld unknown" id="oinkcode" size="52" + value="<?=htmlspecialchars($pconfig['oinkcode']);?>"/><br/> + <?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td> + </tr> + </table> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Snort Community") . "</strong>" . gettext(" rules");?></td> + <td width="78%" class="vtable"> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on" + <?php if ($config['installedpackages']['suricata']['config'][0]['snortcommunityrules']=="on") echo " checked";?>/></td> + <td class="vexpl"><?php echo gettext("The Snort Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge " . + "without any VRT License restrictions. This ruleset is updated daily and is a subset of the subscriber ruleset.");?> + <br/><br/><?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . + gettext("If you are a Snort VRT Paid Subscriber, the community ruleset is already built into your download of the ") . + gettext("Snort VRT rules, and there is no benefit in adding this rule set.");?><br/></td> + </tr> + </table></td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Rules Update Settings"); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Update Interval"); ?></td> + <td width="78%" class="vtable"> + <select name="autoruleupdate" class="formselect" id="autoruleupdate" onchange="enable_change_rules_upd()"> + <?php + $interfaces3 = array('never_up' => gettext('NEVER'), '6h_up' => gettext('6 HOURS'), '12h_up' => gettext('12 HOURS'), '1d_up' => gettext('1 DAY'), '4d_up' => gettext('4 DAYS'), '7d_up' => gettext('7 DAYS'), '28d_up' => gettext('28 DAYS')); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['autoruleupdate']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select> <?php echo gettext("Please select the interval for rule updates. Choosing ") . + "<strong>" . gettext("NEVER") . "</strong>" . gettext(" disables auto-updates."); ?><br/><br/> + <?php echo "<span class=\"red\"><strong>" . gettext("Hint: ") . "</strong></span>" . gettext("in most cases, every 12 hours is a good choice."); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td> + <td width="78%" class="vtable"><input type="text" class="formfld time" name="autoruleupdatetime" id="autoruleupdatetime" size="4" + maxlength="5" value="<?=$pconfig['autoruleupdatetime'];?>" <?php if ($pconfig['autoruleupdate'] == "never_up") {echo "disabled";} ?>/> + <?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). Default is ") . "<strong>" . gettext("00:03") . "</strong>"; ?>.<br/><br/> + <?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " . + "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:03 and 12:03 each day."); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Live Rule Swap on Update"); ?></td> + <td width="78%" class="vtable"><input name="live_swap_updates" id="live_swap_updates" type="checkbox" value="yes" + <?php if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates']=="on") echo " checked"; ?>/> + <?php echo gettext("Enable \"Live Swap\" reload of rules after downloading an update. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/><br/> + <?php echo gettext("When enabled, Suricata will perform a live load of the new rules following an update instead of a hard restart. " . + "If issues are encountered with live load, uncheck this option to perform a hard restart of all Suricata instances following an update."); ?></td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> +</tr> +<tr style="display:none;"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts Interval"); ?></td> + <td width="78%" class="vtable"> + <select name="rm_blocked" class="formselect" id="rm_blocked"> + <?php + $interfaces3 = array('never_b' => gettext('NEVER'), '15m_b' => gettext('15 MINS'), '30m_b' => gettext('30 MINS'), '1h_b' => gettext('1 HOUR'), '3h_b' => gettext('3 HOURS'), '6h_b' => gettext('6 HOURS'), '12h_b' => gettext('12 HOURS'), '1d_b' => gettext('1 DAY'), '4d_b' => gettext('4 DAYS'), '7d_b' => gettext('7 DAYS'), '28d_b' => gettext('28 DAYS')); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select> + <?php echo gettext("Please select the amount of time you would like hosts to be blocked."); ?><br/><br/> + <?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log to System Log"); ?></td> + <td width="78%" class="vtable"><input name="log_to_systemlog" id="log_to_systemlog" type="checkbox" value="yes" + <?php if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog']=="on") echo " checked"; ?>/> + <?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Suricata Settings After Deinstall"); ?></td> + <td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" + <?php if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings']=="on") echo " checked"; ?>/> + <?php echo gettext("Settings will not be removed during package deinstallation."); ?></td> +</tr> +<tr> + <td colspan="2" align="center"><input name="save" type="submit" class="formbtn" value="Save"/></td> +</tr> +<tr> + <td colspan="2" class="vexpl" align="center"><span class="red"><strong><?php echo gettext("Note:");?></strong> + </span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td> +</tr> + </table> +</div><br/> +</td></tr> +</table> +</form> +<?php include("fend.inc"); ?> + +<script language="JavaScript"> +<!-- +function enable_snort_vrt() { + var endis = !(document.iform.enable_vrt_rules.checked); + if (endis) + document.getElementById("snort_oink_code_tbl").style.display = "none"; + else + document.getElementById("snort_oink_code_tbl").style.display = "table"; +} + +function enable_et_rules() { + var endis = document.iform.enable_etopen_rules.checked; + if (endis) { + document.iform.enable_etpro_rules.checked = !(endis); + document.getElementById("etpro_code_tbl").style.display = "none"; + } +} + +function enable_pro_rules() { + var endis = document.iform.enable_etpro_rules.checked; + if (endis) { + document.iform.enable_etopen_rules.checked = !(endis); + document.iform.etprocode.disabled = ""; + document.getElementById("etpro_code_tbl").style.display = "table"; + } + else { + document.iform.etprocode.disabled = "true"; + document.getElementById("etpro_code_tbl").style.display = "none"; + } +} + +function enable_change_rules_upd() { + if (document.iform.autoruleupdate.selectedIndex == 0) + document.iform.autoruleupdatetime.disabled="true"; + else + document.iform.autoruleupdatetime.disabled=""; +} + +// Initialize the form controls state based on saved settings +enable_snort_vrt(); +enable_et_rules(); +enable_pro_rules(); +enable_change_rules_upd(); + +//--> +</script> + +</body> +</html> diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php new file mode 100644 index 00000000..ccaaf29d --- /dev/null +++ b/config/suricata/suricata_import_aliases.php @@ -0,0 +1,159 @@ +<?php +/* + suricata_import_aliases.php + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/************************************************************************************ + This file contains code for selecting and importing an existing Alias. + It is included and injected inline from other Suricata PHP pages that + use the Import Alias functionality. + + The following variables are assumed to exist and must be initialized + as necessary in order to utilize this page. + + $g --> system global variables array + $config --> global variable pointing to configuration information + $a_aliases --> $config['aliases']['alias'] array + $title --> title string for import alias engine type + $used --> array of currently used engine 'bind_to' Alias names + $selectalias --> boolean to display radio buttons instead of checkboxes + $mode --> string value to indicate current operation mode + + Information is returned from this page via the following form fields: + + aliastoimport[] --> checkbox array containing selected alias names + save_import_alias --> Submit button for save operation and exit + cancel_import_alias --> Submit button to cancel operation and exit + ************************************************************************************/ +?> + +<?php $selectablealias = false; + if (!is_array($a_aliases)) + $a_aliases = array(); + if ($mode <> "") + echo '<input type="hidden" name="mode" id="mode" value="' . $mode . '"/>'; + if ($selectalias == true) { + $fieldtype = "radio"; + $header = gettext("Select an Alias to use as {$title} target from the list below."); + } + else { + $fieldtype = "checkbox"; + $header = gettext("Select one or more Aliases to use as {$title} targets from the list below."); + } +?> + +<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> +<tr> + <td class="listtopic" align="center"><?=$header;?></td> +</tr> +<tr> + <td> + <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="5%" align="center"> + <col width="25%" align="left" axis="string"> + <col width="35%" align="left" axis="string"> + <col width="35%" align="left" axis="string"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"></th> + <th class="listhdrr" axis="string"><?=gettext("Alias Name"); ?></th> + <th class="listhdrr" axis="string"><?=gettext("Values"); ?></th> + <th class="listhdrr" axis="string"><?=gettext("Description"); ?></th> + </tr> + </thead> + <tbody> + <?php $i = 0; foreach ($a_aliases as $alias): ?> + <?php if ($alias['type'] <> "host" && $alias['type'] <> "network") + continue; + if (isset($used[$alias['name']])) + continue; + elseif (trim(filter_expand_alias($alias['name'])) == "") { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $disable = true; + $tooltip = gettext("Aliases representing a FQDN host cannot be used in Suricata Host OS Policy configurations."); + } + else { + $textss = ""; + $textse = ""; + $disable = ""; + $selectablealias = true; + $tooltip = gettext("Selected entries will be imported. Click to toggle selection of this entry."); + } + ?> + <?php if ($disable): ?> + <tr title="<?=$tooltip;?>"> + <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/> + <?php else: ?> + <tr> + <td class="listlr" align="center"><input type="<?=$fieldtype;?>" name="aliastoimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td> + <?php endif; ?> + <td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td> + <td class="listr" align="left"> + <?php + $tmpaddr = explode(" ", $alias['address']); + $addresses = implode(", ", array_slice($tmpaddr, 0, 10)); + echo "{$textss}{$addresses}{$textse}"; + if(count($tmpaddr) > 10) { + echo "..."; + } + ?> + </td> + <td class="listbg" align="left"> + <?=$textss . htmlspecialchars($alias['descr']) . $textse;?> + </td> + </tr> + <?php $i++; endforeach; ?> + </table> + </td> +</tr> +<?php if (!$selectablealias): ?> +<tr> + <td align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for import.");?></b></td> +</tr> +<tr> + <td align="center" valign="middle"> + <input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/> + </td> +</tr> +<?php else: ?> +<tr> + <td align="center" valign="middle"> + <input type="Submit" name="save_import_alias" value="Save" id="save_import_alias" class="formbtn" title="<?=gettext("Import selected item and return");?>"/> + <input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/> + </td> +</tr> +<?php endif; ?> +<tr> + <td> + <span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br></strong></span><?=gettext("Fully-Qualified Domain Name (FQDN) host Aliases cannot be used as Suricata configuration parameters. Aliases resolving to a single FQDN value are disabled in the list above. In the case of nested Aliases where one or more of the nested values is a FQDN host, the FQDN host will not be included in the {$title} configuration.");?></span> + </td> +</tr> +</table> + + diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php new file mode 100644 index 00000000..e8125986 --- /dev/null +++ b/config/suricata/suricata_interfaces.php @@ -0,0 +1,448 @@ +<?php +/* + * suricata_interfaces.php + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +$suricatadir = SURICATADIR; +$suricatalogdir = SURICATALOGDIR; +$rcdir = RCFILEPREFIX; + +if ($_POST['id']) + $id = $_POST['id']; +else + $id = 0; + +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); +$a_nat = &$config['installedpackages']['suricata']['rule']; +$id_gen = count($config['installedpackages']['suricata']['rule']); + +if ($_POST['del_x']) { + /* delete selected interfaces */ + if (is_array($_POST['rule'])) { + conf_mount_rw(); + foreach ($_POST['rule'] as $rulei) { + $if_real = get_real_interface($a_nat[$rulei]['interface']); + $suricata_uuid = $a_nat[$rulei]['uuid']; + suricata_stop($a_nat[$rulei], $if_real); + exec("/bin/rm -r {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}"); + exec("/bin/rm -r {$suricatadir}suricata_{$suricata_uuid}_{$if_real}"); + unset($a_nat[$rulei]); + } + conf_mount_ro(); + + /* If all the Suricata interfaces are removed, then unset the config array. */ + if (empty($a_nat)) + unset($a_nat); + + write_config(); + sleep(2); + + /* if there are no ifaces remaining do not create suricata.sh */ + if (!empty($config['installedpackages']['suricata']['rule'])) + suricata_create_rc(); + else { + conf_mount_rw(); + @unlink("{$rcdir}/suricata.sh"); + conf_mount_ro(); + } + + sync_suricata_package_config(); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_interfaces.php"); + exit; + } +} + +/* start/stop Barnyard2 */ +if ($_POST['bartoggle']) { + $suricatacfg = $config['installedpackages']['suricata']['rule'][$id]; + $if_real = get_real_interface($suricatacfg['interface']); + $if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']); + + if (!suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2')) { + log_error("Toggle (barnyard starting) for {$if_friendly}({$suricatacfg['descr']})..."); + sync_suricata_package_config(); + suricata_barnyard_start($suricatacfg, $if_real); + } else { + log_error("Toggle (barnyard stopping) for {$if_friendly}({$suricatacfg['descr']})..."); + suricata_barnyard_stop($suricatacfg, $if_real); + } + + sleep(3); // So the GUI reports correctly + header("Location: /suricata/suricata_interfaces.php"); + exit; +} + +/* start/stop Suricata */ +if ($_POST['toggle']) { + $suricatacfg = $config['installedpackages']['suricata']['rule'][$id]; + $if_real = get_real_interface($suricatacfg['interface']); + $if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']); + + if (suricata_is_running($suricatacfg['uuid'], $if_real)) { + log_error("Toggle (suricata stopping) for {$if_friendly}({$suricatacfg['descr']})..."); + suricata_stop($suricatacfg, $if_real); + } else { + log_error("Toggle (suricata starting) for {$if_friendly}({$suricatacfg['descr']})..."); + // set flag to rebuild interface rules before starting Snort + $rebuild_rules = true; + sync_suricata_package_config(); + $rebuild_rules = false; + suricata_start($suricatacfg, $if_real); + } + sleep(3); // So the GUI reports correctly + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_interfaces.php"); + exit; +} +$suri_bin_ver = SURICATA_VER; +$suri_pkg_ver = SURICATA_PKG_VER; +$pgtitle = "Services: Suricata {$suri_bin_ver} pkg {$suri_pkg_ver} - Intrusion Detection System"; +include_once("head.inc"); + +?> +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php include_once("fbegin.inc"); ?> + +<form action="suricata_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<input type="hidden" name="id" id="id" value=""> +<?php + /* Display Alert message */ + if ($input_errors) + print_input_errors($input_errors); + + if ($savemsg) + print_info_box($savemsg); +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); + ?> + </td> +</tr> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + + <colgroup> + <col width="3%" align="center"> + <col width="12%"> + <col width="14%"> + <col width="120" align="center"> + <col width="65" align="center"> + <col width="14%"> + <col> + <col width="20" align="center"> + </colgroup> + <thead> + <tr id="frheader"> + <th class="list"> </th> + <th class="listhdrr"><?php echo gettext("Interface"); ?></th> + <th class="listhdrr"><?php echo gettext("Suricata"); ?></th> + <th class="listhdrr"><?php echo gettext("Pattern Match"); ?></th> + <th class="listhdrr"><?php echo gettext("Block"); ?></th> + <th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th> + <th class="listhdr"><?php echo gettext("Description"); ?></th> + <th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + </th> + </tr> + </thead> + <?php $nnats = $i = 0; + + // Turn on buffering to speed up rendering + ini_set('output_buffering','true'); + + // Start buffering to fix display lag issues in IE9 and IE10 + ob_start(null, 0); + + /* If no interfaces are defined, then turn off the "no rules" warning */ + $no_rules_footnote = false; + if ($id_gen == 0) + $no_rules = false; + else + $no_rules = true; + + foreach ($a_nat as $natent): ?> + <tr valign="top" id="fr<?=$nnats;?>"> + <?php + + /* convert fake interfaces to real and check if iface is up */ + /* There has to be a smarter way to do this */ + $if_real = get_real_interface($natent['interface']); + $natend_friendly= convert_friendly_interface_to_friendly_descr($natent['interface']); + $suricata_uuid = $natent['uuid']; + if (!suricata_is_running($suricata_uuid, $if_real)){ + $iconfn = 'block'; + $iconfn_msg1 = 'Suricata is not running on '; + $iconfn_msg2 = '. Click to start.'; + } + else{ + $iconfn = 'pass'; + $iconfn_msg1 = 'Suricata is running on '; + $iconfn_msg2 = '. Click to stop.'; + } + if (!suricata_is_running($suricata_uuid, $if_real, 'barnyard2')){ + $biconfn = 'block'; + $biconfn_msg1 = 'Barnyard2 is not running on '; + $biconfn_msg2 = '. Click to start.'; + } + else{ + $biconfn = 'pass'; + $biconfn_msg1 = 'Barnyard2 is running on '; + $biconfn_msg2 = '. Click to stop.'; + } + + /* See if interface has any rules defined and set boolean flag */ + $no_rules = true; + if (isset($natent['customrules']) && !empty($natent['customrules'])) + $no_rules = false; + if (isset($natent['rulesets']) && !empty($natent['rulesets'])) + $no_rules = false; + if (isset($natent['ips_policy']) && !empty($natent['ips_policy'])) + $no_rules = false; + /* Do not display the "no rules" warning if interface disabled */ + if ($natent['enable'] == "off") + $no_rules = false; + if ($no_rules) + $no_rules_footnote = true; + ?> + <td class="listt"> + <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"> + </td> + <td class="listr" valign="middle" + id="frd<?=$nnats;?>" + ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + echo $natend_friendly; + ?> + </td> + <td class="listr" valign="middle" + id="frd<?=$nnats;?>" + ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_suricata_info = $config['installedpackages']['suricata']['rule'][$nnats]['enable']; + if ($check_suricata_info == "on") { + echo gettext("ENABLED") . " "; + echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' "; + echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" "; + echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>"; + echo ($no_rules) ? " <img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : ""; + } else + echo gettext("DISABLED"); + ?> + </td> + <td class="listr" + id="frd<?=$nnats;?>" valign="middle" align="center" + ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_performance_info = $config['installedpackages']['suricata']['rule'][$nnats]['mpm_algo']; + if ($check_performance_info != "") { + $check_performance = $check_performance_info; + }else{ + $check_performance = "unknown"; + } + ?> <?=strtoupper($check_performance);?> + </td> + <td class="listr" + id="frd<?=$nnats;?>" valign="middle" align="center" + ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_blockoffenders_info = $config['installedpackages']['suricata']['rule'][$nnats]['blockoffenders']; + if ($check_blockoffenders_info == "on") + { + $check_blockoffenders = enabled; + } else { + $check_blockoffenders = disabled; + } + ?> <?=strtoupper($check_blockoffenders);?> + </td> + <td class="listr" + id="frd<?=$nnats;?>" valign="middle" + ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_suricatabarnyardlog_info = $config['installedpackages']['suricata']['rule'][$nnats]['barnyard_enable']; + if ($check_suricatabarnyardlog_info == "on") { + echo gettext("ENABLED") . " "; + echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' "; + echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>"; + } else + echo gettext("DISABLED"); + ?> + </td> + <td class="listbg" valign="middle" + ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> + <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?> </font> + </td> + <td valign="middle" class="list" nowrap> + <a href="suricata_interfaces_edit.php?id=<?=$i;?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a> + </td> + </tr> + <?php $i++; $nnats++; endforeach; ob_end_flush(); ?> + <tr> + <td class="list"></td> + <td class="list" colspan="6"> + <?php if ($no_rules_footnote): ?><br><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_frmfld_imp.png" width="15" height="15" border="0"> + <span class="red">   <?php echo gettext("WARNING: Marked interface currently has no rules defined for Suricata"); ?></span> + <?php else: ?> + <?php endif; ?> + </td> + <td class="list" valign="middle" nowrap> + <?php if ($nnats == 0): ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> + <?php else: ?> + <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>" + onclick="return intf_del()"> + <?php endif; ?> + </td> + </tr> + <tr> + <td colspan="8"> </td> + </tr> + <tr> + <td> </td> + <td colspan="6"> + <table class="tabcont" width="100%" border="0" cellpadding="1" cellspacing="0"> + <tr> + <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> <br> + <?php echo gettext("This is the ") . "<strong>" . gettext("Suricata Menu ") . + "</strong>" . gettext("where you can see an overview of all your interface settings. "); + if (empty($a_nat)) { + echo gettext("Please configure the parameters on the ") . "<strong>" . gettext("Global Settings") . + "</strong>" . gettext(" tab before adding an interface."); + }?> + </td> + </tr> + <tr> + <td colspan="3" class="vexpl"><br> + </td> + </tr> + <tr> + <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br> + <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong> + </td> + </tr> + <tr> + <td colspan="3" class="vexpl"><br> + </td> + </tr> + <tr> + <td class="vexpl"><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext("Add Icon"); ?>"> icon to add + an interface. + </td> + <td width="3%" class="vexpl"> + </td> + <td class="vexpl"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" + width="13" height="13" border="0" title="<?php echo gettext("Running"); ?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" + width="13" height="13" border="0" title="<?php echo gettext("Not Running"); ?>"> icons will show current + suricata and barnyard2 status. + </td> + </tr> + <tr> + <td class="vexpl"><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?php echo gettext("Edit Icon"); ?>"> icon to edit + an interface and settings. + <td width="3%"> + </td> + <td class="vexpl"><strong>Click</strong> on the status icons to <strong>toggle</strong> suricata and barnyard2 status. + </td> + </tr> + <tr> + <td colspan="3" class="vexpl"><strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" border="0" title="<?php echo gettext("Delete Icon"); ?>"> icon to + delete an interface and settings. + </td> + </tr> + </table> + </td> + <td> </td> + </tr> + </table> + </div> + </td> +</tr> +</table> +</form> + +<script type="text/javascript"> + +function intf_del() { + var isSelected = false; + var inputs = document.iform.elements; + for (var i = 0; i < inputs.length; i++) { + if (inputs[i].type == "checkbox") { + if (inputs[i].checked) + isSelected = true; + } + } + if (isSelected) + return confirm('Do you really want to delete the selected Suricata mapping?'); + else + alert("There is no Suricata mapping selected for deletion. Click the checkbox beside the Suricata mapping(s) you wish to delete."); +} + +</script> + +<?php +include("fend.inc"); +?> +</body> +</html> diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php new file mode 100644 index 00000000..fbb78aa2 --- /dev/null +++ b/config/suricata/suricata_interfaces_edit.php @@ -0,0 +1,913 @@ +<?php +/* + * suricata_interfaces_edit.php + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +if (!is_array($config['installedpackages']['suricata'])) + $config['installedpackages']['suricata'] = array(); +$suricataglob = $config['installedpackages']['suricata']; + +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); +$a_rule = &$config['installedpackages']['suricata']['rule']; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])); + $id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401); + +if (is_null($id)) + $id = 0; + +$pconfig = array(); +if (empty($suricataglob['rule'][$id]['uuid'])) { + /* Adding new interface, so flag rules to build. */ + $pconfig['uuid'] = suricata_generate_id(); + $rebuild_rules = true; +} +else { + $pconfig['uuid'] = $a_rule[$id]['uuid']; + $pconfig['descr'] = $a_rule[$id]['descr']; + $rebuild_rules = false; +} +$suricata_uuid = $pconfig['uuid']; + +// Get the physical configured interfaces on the firewall +$interfaces = get_configured_interface_with_descr(); + +// See if interface is already configured, and use its values +if (isset($id) && $a_rule[$id]) { + $pconfig = $a_rule[$id]; + if (!empty($pconfig['configpassthru'])) + $pconfig['configpassthru'] = base64_decode($pconfig['configpassthru']); + if (empty($pconfig['uuid'])) + $pconfig['uuid'] = $suricata_uuid; +} +elseif (isset($id) && !isset($a_rule[$id])) { + // Must be a new interface, so try to pick next available physical interface to use + $ifaces = get_configured_interface_list(); + $ifrules = array(); + foreach($a_rule as $r) + $ifrules[] = $r['interface']; + foreach ($ifaces as $i) { + if (!in_array($i, $ifrules)) { + $pconfig['interface'] = $i; + $pconfig['enable'] = 'on'; + $pconfig['descr'] = strtoupper($i); + $pconfig['inspect_recursion_limit'] = '3000'; + break; + } + } + if (count($ifrules) == count($ifaces)) { + $input_errors[] = gettext("No more available interfaces to configure for Suricata!"); + $interfaces = array(); + $pconfig = array(); + } +} + +// Set defaults for any empty key parameters +if (empty($pconfig['blockoffendersip'])) + $pconfig['blockoffendersip'] = "both"; +if (empty($pconfig['max_pending_packets'])) + $pconfig['max_pending_packets'] = "1024"; +if (empty($pconfig['detect_eng_profile'])) + $pconfig['detect_eng_profile'] = "medium"; +if (empty($pconfig['mpm_algo'])) + $pconfig['mpm_algo'] = "ac"; +if (empty($pconfig['sgh_mpm_context'])) + $pconfig['sgh_mpm_context'] = "auto"; +if (empty($pconfig['enable_http_log'])) + $pconfig['enable_http_log'] = "on"; +if (empty($pconfig['append_http_log'])) + $pconfig['append_http_log'] = "on"; +if (empty($pconfig['enable_tls_log'])) + $pconfig['enable_tls_log'] = "off"; +if (empty($pconfig['tls_log_extended'])) + $pconfig['tls_log_extended'] = "on"; +if (empty($pconfig['enable_stats_log'])) + $pconfig['enable_stats_log'] = "off"; +if (empty($pconfig['stats_upd_interval'])) + $pconfig['stats_upd_interval'] = "10"; +if (empty($pconfig['append_stats_log'])) + $pconfig['append_stats_log'] = "off"; +if (empty($pconfig['append_json_file_log'])) + $pconfig['append_json_file_log'] = "on"; +if (empty($pconfig['enable_pcap_log'])) + $pconfig['enable_pcap_log'] = "off"; +if (empty($pconfig['max_pcap_log_size'])) + $pconfig['max_pcap_log_size'] = "32"; +if (empty($pconfig['max_pcap_log_files'])) + $pconfig['max_pcap_log_files'] = "1000"; + +if ($_POST["save"]) { + // If the interface is not enabled, stop any running Suricata + // instance on it, save the new state and exit. + if (!isset($_POST['enable'])) { + if (isset($id) && $a_rule[$id]) { + $a_rule[$id]['enable'] = 'off'; + $a_rule[$id]['interface'] = htmlspecialchars($_POST['interface']); + $a_rule[$id]['descr'] = htmlspecialchars($_POST['descr']); + suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); + + // Save configuration changes + write_config(); + + // Update suricata.conf and suricata.sh files for this interface + sync_suricata_package_config(); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_interfaces.php"); + exit; + } + } + + // Validate inputs + if (!isset($_POST['interface'])) + $input_errors[] = gettext("Choosing an Interface is mandatory!"); + + if (isset($_POST['stats_upd_interval']) && !is_numericint($_POST['stats_upd_interval'])) + $input_errors[] = gettext("The value for Stats Update Interval must contain only digits and evaluate to an integer."); + + if ($_POST['max_pending_packets'] < 1 || $_POST['max_pending_packets'] > 65000) + $input_errors[] = gettext("The value for Maximum-Pending-Packets must be between 1 and 65,000!"); + + if (isset($_POST['max_pcap_log_size']) && !is_numeric($_POST['max_pcap_log_size'])) + $input_errors[] = gettext("The value for 'Max Packet Log Size' must be numbers only. Do not include any alphabetic characters."); + + if (isset($_POST['max_pcap_log_files']) && !is_numeric($_POST['max_pcap_log_files'])) + $input_errors[] = gettext("The value for 'Max Packet Log Files' must be numbers only."); + + if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit'])) + $input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0."); + + // if no errors write to suricata.yaml + if (!$input_errors) { + $natent = $a_rule[$id]; + $natent['interface'] = $_POST['interface']; + $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; + $natent['uuid'] = $pconfig['uuid']; + + if ($_POST['descr']) $natent['descr'] = htmlspecialchars($_POST['descr']); else $natent['descr'] = strtoupper($natent['interface']); + if ($_POST['max_pcap_log_size']) $natent['max_pcap_log_size'] = $_POST['max_pcap_log_size']; else unset($natent['max_pcap_log_size']); + if ($_POST['max_pcap_log_files']) $natent['max_pcap_log_files'] = $_POST['max_pcap_log_files']; else unset($natent['max_pcap_log_files']); + if ($_POST['enable_stats_log'] == "on") { $natent['enable_stats_log'] = 'on'; }else{ $natent['enable_stats_log'] = 'off'; } + if ($_POST['append_stats_log'] == "on") { $natent['append_stats_log'] = 'on'; }else{ $natent['append_stats_log'] = 'off'; } + if ($_POST['stats_upd_interval'] >= 1) $natent['stats_upd_interval'] = $_POST['stats_upd_interval']; else $natent['stats_upd_interval'] = "10"; + if ($_POST['enable_http_log'] == "on") { $natent['enable_http_log'] = 'on'; }else{ $natent['enable_http_log'] = 'off'; } + if ($_POST['append_http_log'] == "on") { $natent['append_http_log'] = 'on'; }else{ $natent['append_http_log'] = 'off'; } + if ($_POST['enable_tls_log'] == "on") { $natent['enable_tls_log'] = 'on'; }else{ $natent['enable_tls_log'] = 'off'; } + if ($_POST['tls_log_extended'] == "on") { $natent['tls_log_extended'] = 'on'; }else{ $natent['tls_log_extended'] = 'off'; } + if ($_POST['enable_pcap_log'] == "on") { $natent['enable_pcap_log'] = 'on'; }else{ $natent['enable_pcap_log'] = 'off'; } + if ($_POST['enable_json_file_log'] == "on") { $natent['enable_json_file_log'] = 'on'; }else{ $natent['enable_json_file_log'] = 'off'; } + if ($_POST['append_json_file_log'] == "on") { $natent['append_json_file_log'] = 'on'; }else{ $natent['append_json_file_log'] = 'off'; } + if ($_POST['enable_tracked_files_magic'] == "on") { $natent['enable_tracked_files_magic'] = 'on'; }else{ $natent['enable_tracked_files_magic'] = 'off'; } + if ($_POST['enable_tracked_files_md5'] == "on") { $natent['enable_tracked_files_md5'] = 'on'; }else{ $natent['enable_tracked_files_md5'] = 'off'; } + if ($_POST['enable_file_store'] == "on") { $natent['enable_file_store'] = 'on'; }else{ $natent['enable_file_store'] = 'off'; } + if ($_POST['max_pending_packets']) $natent['max_pending_packets'] = $_POST['max_pending_packets']; else unset($natent['max_pending_packets']); + if ($_POST['inspect_recursion_limit'] >= '0') $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']); + if ($_POST['detect_eng_profile']) $natent['detect_eng_profile'] = $_POST['detect_eng_profile']; else unset($natent['detect_eng_profile']); + if ($_POST['mpm_algo']) $natent['mpm_algo'] = $_POST['mpm_algo']; else unset($natent['mpm_algo']); + if ($_POST['sgh_mpm_context']) $natent['sgh_mpm_context'] = $_POST['sgh_mpm_context']; else unset($natent['sgh_mpm_context']); + if ($_POST['blockoffenders'] == "on") $natent['blockoffenders'] = 'on'; else $natent['blockoffenders'] = 'off'; + if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); + if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); + if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); + if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); + if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); + if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); + if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); + + $if_real = get_real_interface($natent['interface']); + if (isset($id) && $a_rule[$id]) { + if ($natent['interface'] != $a_rule[$id]['interface']) { + $oif_real = get_real_interface($a_rule[$id]['interface']); + suricata_stop($a_rule[$id], $oif_real); + exec("rm -r /var/log/suricata_{$oif_real}" . $a_rule[$id]['uuid']); + exec("mv -f {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + } + // Edits don't require a rules rebuild, so turn it "off" + $rebuild_rules = false; + $a_rule[$id] = $natent; + } else { + // Adding new interface, so set interface configuration parameter defaults + $natent['ip_max_frags'] = "65535"; + $natent['ip_frag_timeout'] = "60"; + $natent['frag_memcap'] = '33554432'; + $natent['ip_max_trackers'] = '65535'; + $natent['frag_hash_size'] = '65536'; + + $natent['flow_memcap'] = '33554432'; + $natent['flow_prealloc'] = '10000'; + $natent['flow_hash_size'] = '65536'; + $natent['flow_emerg_recovery'] = '30'; + $natent['flow_prune'] = '5'; + + $natent['flow_tcp_new_timeout'] = '60'; + $natent['flow_tcp_established_timeout'] = '3600'; + $natent['flow_tcp_closed_timeout'] = '120'; + $natent['flow_tcp_emerg_new_timeout'] = '10'; + $natent['flow_tcp_emerg_established_timeout'] = '300'; + $natent['flow_tcp_emerg_closed_timeout'] = '20'; + + $natent['flow_udp_new_timeout'] = '30'; + $natent['flow_udp_established_timeout'] = '300'; + $natent['flow_udp_emerg_new_timeout'] = '10'; + $natent['flow_udp_emerg_established_timeout'] = '100'; + + $natent['flow_icmp_new_timeout'] = '30'; + $natent['flow_icmp_established_timeout'] = '300'; + $natent['flow_icmp_emerg_new_timeout'] = '10'; + $natent['flow_icmp_emerg_established_timeout'] = '100'; + + $natent['stream_memcap'] = '33554432'; + $natent['stream_max_sessions'] = '262144'; + $natent['stream_prealloc_sessions'] = '32768'; + $natent['reassembly_memcap'] = '67108864'; + $natent['reassembly_depth'] = '1048576'; + $natent['reassembly_to_server_chunk'] = '2560'; + $natent['reassembly_to_client_chunk'] = '2560'; + $natent['enable_midstream_sessions'] = 'off'; + $natent['enable_async_sessions'] = 'off'; + + $natent['asn1_max_frames'] = '256'; + + $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd" ); + if (!is_array($natent['host_os_policy']['item'])) + $natent['host_os_policy']['item'] = array(); + $natent['host_os_policy']['item'][] = $default; + + $default = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", + "request-body-limit" => 4096, "response-body-limit" => 4096, + "double-decode-path" => "no", "double-decode-query" => "no" ); + if (!is_array($natent['libhtp_policy']['item'])) + $natent['libhtp_policy']['item'] = array(); + $natent['libhtp_policy']['item'][] = $default; + + // Enable the basic default rules for the interface + $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules"; + + // Adding a new interface, so set flag to build new rules + $rebuild_rules = true; + + // Add the new interface configuration to the [rule] array in config + $a_rule[] = $natent; + } + + // If Suricata is disabled on this interface, stop any running instance + if ($natent['enable'] != 'on') + suricata_stop($natent, $if_real); + + // Save configuration changes + write_config(); + + // Update suricata.conf and suricata.sh files for this interface + sync_suricata_package_config(); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_interfaces.php"); + exit; + } else + $pconfig = $_POST; +} + +$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$pgtitle = gettext("Suricata: Interface {$if_friendly} - Edit Settings"); +include_once("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); +} +if ($savemsg) { + print_info_box($savemsg); +} +?> + +<form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); + echo '</td></tr>'; + echo '<tr><td class="tabnavtbl">'; + $tab_array = array(); + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array[] = array($menu_iface . gettext("Settings"), true, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr><td><div id="mainarea"> +<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("General Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Enable"); ?></td> + <td width="78%" class="vtable"> + <input name="enable" type="checkbox" value="on" <?php if ($pconfig['enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"/> + <?php echo gettext("Checking this box enables Suricata inspection on the interface."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Interface"); ?></td> + <td width="78%" class="vtable"> + <select name="interface" class="formselect" tabindex="0"> + <?php + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" + <?php if ($iface == $pconfig['interface']) echo " selected"; ?>><?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select> + <span class="vexpl"><?php echo gettext("Choose which interface this Suricata instance applies to."); ?><br/> + <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("In most cases, you'll want to use WAN here if this is the first Suricata-configured interface."); ?></span><br/></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td> + <td width="78%" class="vtable"><input name="descr" type="text" + class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"/> <br/> + <span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference. The default is the interface name."); ?></span><br/></td> + </tr> +<tr> + <td colspan="2" class="listtopic"><?php echo gettext("Logging Settings"); ?></td> +</tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Log"); ?></td> + <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/> + <?php echo gettext("Suricata will send Alerts to the firewall's system log."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Stats Log"); ?></td> + <td width="78%" class="vtable"><input name="enable_stats_log" type="checkbox" value="on" <?php if ($pconfig['enable_stats_log'] == "on") echo "checked"; ?> + onClick="toggle_stats_log();" id="enable_stats_log"/> + <?php echo gettext("Suricata will periodically log statistics for the interface. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?> + <div id="stats_log_warning" style="display: none;"><br/><span class="red"><strong><?php echo gettext("Warning: ") . "</strong></span>" . + gettext("The stats log file can become quite large, especially when append mode is enabled!"); ?></div></td> + </tr> + <tr id="stats_interval_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Stats Update Interval"); ?></td> + <td width="78%" class="vtable"><input name="stats_upd_interval" type="text" + class="formfld unknown" id="stats_upd_interval" size="8" value="<?=htmlspecialchars($pconfig['stats_upd_interval']); ?>"/> + <?php echo gettext("Enter the update interval in ") . "<strong>" . gettext("seconds") . "</strong>" . gettext(" for stats updating. Default is ") . "<strong>" . + gettext("10") . "</strong>."; ?><br/><?php echo gettext("Sets the update interval, in seconds, for the collection and logging of statistics.") ?></td> + </tr> + <tr id="stats_log_append_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Append Stats Log"); ?></td> + <td width="78%" class="vtable"><input name="append_stats_log" type="checkbox" value="on" <?php if ($pconfig['append_stats_log'] == "on") echo "checked"; ?>/> + <?php echo gettext("Suricata will append-to instead of clearing statistics log file when restarting. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable HTTP Log"); ?></td> + <td width="78%" class="vtable"><input name="enable_http_log" type="checkbox" value="on" <?php if ($pconfig['enable_http_log'] == "on") echo "checked"; ?> + onClick="toggle_http_log()" id="enable_http_log"/> + <?php echo gettext("Suricata will log decoded HTTP traffic for the interface. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td> + </tr> + <tr id="http_log_append_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Append HTTP Log"); ?></td> + <td width="78%" class="vtable"><input name="append_http_log" type="checkbox" value="on" <?php if ($pconfig['append_http_log'] == "on") echo "checked"; ?>/> + <?php echo gettext("Suricata will append-to instead of clearing HTTP log file when restarting. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable TLS Log"); ?></td> + <td width="78%" class="vtable"><input name="enable_tls_log" type="checkbox" value="on" <?php if ($pconfig['enable_tls_log'] == "on") echo "checked"; ?> + onClick="toggle_tls_log()" id="enable_tls_log"/> + <?php echo gettext("Suricata will log TLS handshake traffic for the interface. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr id="tls_log_extended_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Extended TLS Info"); ?></td> + <td width="78%" class="vtable"><input name="tls_log_extended" type="checkbox" value="on" <?php if ($pconfig['tls_log_extended'] == "on") echo "checked"; ?>/> + <?php echo gettext("Suricata will log extended TLS info such as fingerprint. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Tracked-Files Log"); ?></td> + <td width="78%" class="vtable"><input name="enable_json_file_log" type="checkbox" value="on" <?php if ($pconfig['enable_json_file_log'] == "on") echo "checked"; ?> + onClick="toggle_json_file_log()" id="enable_json_file_log"/> + <?php echo gettext("Suricata will log tracked files in JavaScript Object Notation (JSON) format. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr id="tracked_files_append_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Append Tracked-Files Log"); ?></td> + <td width="78%" class="vtable"><input name="append_json_file_log" type="checkbox" value="on" <?php if ($pconfig['append_json_file_log'] == "on") echo "checked"; ?> + id="append_json_file_log"/> + <?php echo gettext("Suricata will append-to instead of clearing Tracked Files log file when restarting. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td> + </tr> + <tr id="tracked_files_magic_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Logging Magic for Tracked-Files"); ?></td> + <td width="78%" class="vtable"><input name="enable_tracked_files_magic" type="checkbox" value="on" <?php if ($pconfig['enable_tracked_files_magic'] == "on") echo "checked"; ?> + id="enable_tracked_files_magic"/> + <?php echo gettext("Suricata will force logging magic on all logged Tracked Files. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr id="tracked_files_md5_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable MD5 for Tracked-Files"); ?></td> + <td width="78%" class="vtable"><input name="enable_tracked_files_md5" type="checkbox" value="on" <?php if ($pconfig['enable_tracked_files_md5'] == "on") echo "checked"; ?> + id="enable_tracked_files_md5"/> + <?php echo gettext("Suricata will generate MD5 checksums for all logged Tracked Files. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable File-Store"); ?></td> + <td width="78%" class="vtable"><input name="enable_file_store" type="checkbox" value="on" <?php if ($pconfig['enable_file_store'] == "on") echo "checked"; ?> + onClick="toggle_file_store()" id="enable_file_store"/> + <?php echo gettext("Suricata will extract and store files from application layer streams. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?> + <div id="file_store_warning" style="display: none;"><br/><span class="red"><strong><?php echo gettext("Warning: ") . "</strong></span>" . + gettext("This will consume a significant amount of disk space on a busy network when enabled!"); ?></div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Packet Log"); ?></td> + <td width="78%" class="vtable"><input name="enable_pcap_log" id="enable_pcap_log" type="checkbox" value="on" <?php if ($pconfig['enable_pcap_log'] == "on") echo "checked"; ?> + onClick="toggle_pcap_log()"/> + <?php echo gettext("Suricata will log decoded packets for the interface in pcap-format. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?> + <div id="file_pcap_warning" style="display: none;"><br/><span class="red"><strong><?php echo gettext("Warning: ") . "</strong></span>" . + gettext("This can consume a significant amount of disk space when enabled!"); ?></div> + </td> + </tr> + <tr id="pcap_log_size_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Max Packet Log File Size"); ?></td> + <td width="78%" class="vtable"><input name="max_pcap_log_size" type="text" + class="formfld unknown" id="max_pcap_log_size" size="8" value="<?=htmlspecialchars($pconfig['max_pcap_log_size']); ?>"/> + <?php echo gettext("Enter maximum size in ") . "<strong>" . gettext("MB") . "</strong>" . gettext(" for a packet log file. Default is ") . "<strong>" . + gettext("32") . "</strong>."; ?><br/><br/><?php echo gettext("When the packet log file size reaches the set limit, it will be rotated and a new one created.") ?></td> + </tr> + <tr id="pcap_log_max_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Max Packet Log Files"); ?></td> + <td width="78%" class="vtable"><input name="max_pcap_log_files" type="text" + class="formfld unknown" id="max_pcap_log_files" size="8" value="<?=htmlspecialchars($pconfig['max_pcap_log_files']); ?>"/> + <?php echo gettext("Enter maximum number of packet log files to maintain. Default is ") . "<strong>" . + gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td> + </tr> + +<!-- ### Blocking not yet enabled, so hide the controls ### +<tr> + <td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> +</tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Block Offenders"); ?></td> + <td width="78%" class="vtable"> + <input name="blockoffenders" id="blockoffenders" type="checkbox" value="on" + <?php if ($pconfig['blockoffenders'] == "on") echo "checked"; ?> + onClick="enable_blockoffenders()"/> + <?php echo gettext("Checking this option will automatically block hosts that generate a " . "Suricata alert."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Kill States"); ?></td> + <td width="78%" class="vtable"> + <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>/> + <?php echo gettext("Checking this option will kill firewall states for the blocked IP."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Which IP to Block"); ?></td> + <td width="78%" class="vtable"> + <select name="blockoffendersip" class="formselect" id="blockoffendersip"> + <?php + foreach (array("src", "dst", "both") as $btype) { + if ($btype == $pconfig['blockoffendersip']) + echo "<option value='{$btype}' selected>"; + else + echo "<option value='{$btype}'>"; + echo htmlspecialchars($btype) . '</option>'; + } + ?> + </select> + <?php echo gettext("Select which IP extracted from the packet you wish to block."); ?><br/> + <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td> + </td> + </tr> + ### End of Blocking controls ### +--> + +<tr> + <td colspan="2" class="listtopic"><?php echo gettext("Detection Engine Settings"); ?></td> +</tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Max Pending Packets"); ?></td> + <td width="78%" class="vtable"><input name="max_pending_packets" type="text" + class="formfld unknown" id="max_pending_packets" size="8" value="<?=htmlspecialchars($pconfig['max_pending_packets']); ?>"/> + <?php echo gettext("Enter number of simultaneous packets to process. Default is ") . "<strong>" . + gettext("1024") . "</strong>."; ?><br/><br/><?php echo gettext("This controls the number simultaneous packets the engine can handle. ") . + gettext("Setting this higher generally keeps the threads more busy. The minimum value is 1 and the maximum value is 65,000. ") . "<br/><span class='red'><strong>" . + gettext("Warning: ") . "</strong></span>" . gettext("Setting this too high can lead to degradation and a possible system crash by exhausting available memory.") ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Detect-Engine Profile"); ?></td> + <td width="78%" class="vtable"> + <select name="detect_eng_profile" class="formselect" id="detect_eng_profile"> + <?php + $interfaces2 = array('low' => 'Low', 'medium' => 'Medium', 'high' => 'High'); + foreach ($interfaces2 as $iface2 => $ifacename2): ?> + <option value="<?=$iface2;?>" + <?php if ($iface2 == $pconfig['detect_eng_profile']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename2);?></option> + <?php endforeach; ?> + </select> + <?php echo gettext("Choose a detection engine profile. ") . "<strong>" . gettext("Default") . + "</strong>" . gettext(" is ") . "<strong>" . gettext("Medium") . "</strong>"; ?>.<br/><br/> + <?php echo gettext("MEDIUM is recommended for most systems because it offers a good " . + "balance between memory consumption and performance. LOW uses less memory, but it offers lower performance. " . + "HIGH consumes a large amount of memory, but it offers the highest performance."); ?> + <br/></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Pattern Matcher Algorithm"); ?></td> + <td width="78%" class="vtable"> + <select name="mpm_algo" class="formselect" id="mpm_algo"> + <?php + $interfaces2 = array('ac' => 'AC', 'ac-gfbs' => 'AC-GFBS', 'ac-bs' => 'AC-BS', + 'b2g' => 'B2G', 'b3g' => 'B3G', 'wumanber' => 'WUMANBER'); + foreach ($interfaces2 as $iface2 => $ifacename2): ?> + <option value="<?=$iface2;?>" + <?php if ($iface2 == $pconfig['mpm_algo']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename2);?></option> + <?php endforeach; ?> + </select> + <?php echo gettext("Choose a multi-pattern matcher (MPM) algorithm. ") . "<strong>" . gettext("Default") . + "</strong>" . gettext(" is ") . "<strong>" . gettext("AC") . "</strong>"; ?>.<br/><br/> + <?php echo gettext("AC is the default, and is the best choice for almost all systems."); ?> + <br/></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Signature Group Header MPM Context"); ?></td> + <td width="78%" class="vtable"> + <select name="sgh_mpm_context" class="formselect" id="sgh_mpm_context"> + <?php + $interfaces2 = array('auto' => 'Auto', 'full' => 'Full', 'single' => 'Single'); + foreach ($interfaces2 as $iface2 => $ifacename2): ?> + <option value="<?=$iface2;?>" + <?php if ($iface2 == $pconfig['sgh_mpm_context']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename2);?></option> + <?php endforeach; ?> + </select> + <?php echo gettext("Choose a Signature Group Header multi-pattern matcher context. ") . "<strong>" . gettext("Default") . + "</strong>" . gettext(" is ") . "<strong>" . gettext("Auto") . "</strong>"; ?>.<br/><br/> + <?php echo gettext("AUTO means Suricata selects between Full and Single based on the MPM algorithm " . + "chosen. FULL means every Signature Group has its own MPM context. SINGLE means all Signature Groups share a single MPM " . + "context. Using FULL can improve performance at the expense of significant memory consumption."); ?> + <br/></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Inspection Recursion Limit"); ?></td> + <td width="78%" class="vtable"><input name="inspect_recursion_limit" type="text" + class="formfld unknown" id="inspect_recursion_limit" size="8" value="<?=htmlspecialchars($pconfig['inspect_recursion_limit']); ?>"/> + <?php echo gettext("Enter limit for recursive calls in content inspection code. Default is ") . "<strong>" . + gettext("3000") . "</strong>."; ?><br/><br/><?php echo gettext("When set to 0 an internal default is used. When left blank there is no recursion limit.") ?></td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td> + <td width="78%" class="vtable"> + <select name="homelistname" class="formselect" id="homelistname"> + <?php + echo "<option value='default' >default</option>"; + /* find whitelist names and filter by type */ + if (is_array($suricataglob['whitelist']['item'])) { + foreach ($suricataglob['whitelist']['item'] as $value) { + $ilistname = $value['name']; + if ($ilistname == $pconfig['homelistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; + } + } + ?> + </select> + <input type="button" class="formbtns" value="View List" + onclick="viewList('<?=$id;?>','homelistname','homenet')" id="btnHomeNet" + title="<?php echo gettext("Click to view currently selected Home Net contents"); ?>"/> + <br/> + <span class="vexpl"><?php echo gettext("Choose the Home Net you want this interface to use."); ?></span> + <br/><br/> + <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("Default Home " . + "Net adds only local networks, WAN IPs, Gateways, VPNs and VIPs."); ?><br/> + <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Create an Alias to hold a list of " . + "friendly IPs that the firewall cannot see or to customize the default Home Net."); ?><br/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("External Net"); ?></td> + <td width="78%" class="vtable"> + <select name="externallistname" class="formselect" id="externallistname"> + <?php + echo "<option value='default' >default</option>"; + /* find whitelist names and filter by type */ + if (is_array($suricataglob['whitelist']['item'])) { + foreach ($suricataglob['whitelist']['item'] as $value) { + $ilistname = $value['name']; + if ($ilistname == $pconfig['externallistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; + } + } + ?> + </select> + <?php echo gettext("Choose the External Net you want this interface " . + "to use."); ?> <br/><br/> + <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("Default " . + "External Net is networks that are not Home Net."); ?><br/> + <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Most users should leave this " . + "setting at default. Create an Alias for custom External Net settings."); ?><br/> + </td> + </tr> +<!-- + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td> + <td width="78%" class="vtable"> + <select name="whitelistname" class="formselect" id="whitelistname"> + <?php + /* find whitelist names and filter by type, make sure to track by uuid */ + echo "<option value='default' >default</option>\n"; + if (is_array($suricataglob['whitelist']['item'])) { + foreach ($suricataglob['whitelist']['item'] as $value) { + if ($value['name'] == $pconfig['whitelistname']) + echo "<option value='{$value['name']}' selected>"; + else + echo "<option value='{$value['name']}'>"; + echo htmlspecialchars($value['name']) . '</option>'; + } + } + ?> + </select> + <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')" + id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/> + <br/> + <?php echo gettext("Choose the whitelist you want this interface to " . + "use."); ?> <br/><br/> + <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("This option will only be used when block offenders is on."); ?><br/> + <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Default " . + "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> + </td> + </tr> +--> +<tr> + <td colspan="2" class="listtopic"><?php echo gettext("Alert Suppression and Filtering"); ?></td> +</tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Alert Suppression"); ?></td> + <td width="78%" class="vtable"> + <select name="suppresslistname" class="formselect" id="suppresslistname"> + <?php + echo "<option value='default' >default</option>\n"; + if (is_array($suricataglob['suppress']['item'])) { + $slist_select = $suricataglob['suppress']['item']; + foreach ($slist_select as $value) { + $ilistname = $value['name']; + if ($ilistname == $pconfig['suppresslistname']) + echo "<option value='$ilistname' selected>"; + else + echo "<option value='$ilistname'>"; + echo htmlspecialchars($ilistname) . '</option>'; + } + } + ?> + </select> + <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','suppresslistname', 'suppress')" + id="btnSuppressList" title="<?php echo gettext("Click to view currently selected Suppression List contents"); ?>"/> + <br/> + <?php echo gettext("Choose the suppression or filtering file you " . + "want this interface to use."); ?> <br/> <br/><span class="red"><?php echo gettext("Note: ") . "</span>" . + gettext("Default option disables suppression and filtering."); ?> + </td> + </tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " . + "be automatically inserted into the Suricata configuration"); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td> + <td width="78%" class="vtable"> + <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> + </td> +</tr> +<tr> + <td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo + gettext("Click to save settings and exit"); ?>"/> + <input name="id" type="hidden" value="<?=$id;?>"/> + </td> +</tr> +<tr> + <td colspan="2" align="center" valign="middle"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" . + gettext("Please save your settings before you attempt to start Suricata."); ?> + </td> +</tr> +</table> +</div> +</td></tr> +</table> +</form> + +<script language="JavaScript"> + +function enable_blockoffenders() { +// var endis = !(document.iform.blockoffenders.checked); +// document.iform.blockoffenderskill.disabled=endis; +// document.iform.blockoffendersip.disabled=endis; +// document.iform.whitelistname.disabled=endis; +// document.iform.btnWhitelist.disabled=endis; +} + +function toggle_stats_log() { + var endis = !(document.iform.enable_stats_log.checked); + if (endis) { + document.getElementById("stats_log_append_row").style.display="none"; + document.getElementById("stats_interval_row").style.display="none"; + document.getElementById("stats_log_warning").style.display="none"; + } + else { + document.getElementById("stats_log_append_row").style.display="table-row"; + document.getElementById("stats_interval_row").style.display="table-row"; + document.getElementById("stats_log_warning").style.display="inline"; + } +} + +function toggle_http_log() { + var endis = !(document.iform.enable_http_log.checked); + if (endis) + document.getElementById("http_log_append_row").style.display="none"; + else + document.getElementById("http_log_append_row").style.display="table-row"; +} + +function toggle_tls_log() { + var endis = !(document.iform.enable_tls_log.checked); + if (endis) + document.getElementById("tls_log_extended_row").style.display="none"; + else + document.getElementById("tls_log_extended_row").style.display="table-row"; +} + +function toggle_json_file_log() { + var endis = !(document.iform.enable_json_file_log.checked); + if (endis) { + document.getElementById("tracked_files_append_row").style.display="none"; + document.getElementById("tracked_files_magic_row").style.display="none"; + document.getElementById("tracked_files_md5_row").style.display="none"; + } + else { + document.getElementById("tracked_files_append_row").style.display="table-row"; + document.getElementById("tracked_files_magic_row").style.display="table-row"; + document.getElementById("tracked_files_md5_row").style.display="table-row"; + } +} + +function toggle_file_store() { + var endis = !(document.iform.enable_file_store.checked); + if (endis) { + document.getElementById("file_store_warning").style.display="none"; + } + else { + document.getElementById("file_store_warning").style.display="inline"; + } +} + +function toggle_pcap_log() { + var endis = !(document.iform.enable_pcap_log.checked); + if (endis) { + document.getElementById("pcap_log_size_row").style.display="none"; + document.getElementById("pcap_log_max_row").style.display="none"; + document.getElementById("file_pcap_warning").style.display="none"; + } + else { + document.getElementById("pcap_log_size_row").style.display="table-row"; + document.getElementById("pcap_log_max_row").style.display="table-row"; + document.getElementById("file_pcap_warning").style.display="inline"; + } +} + +function enable_change(enable_change) { + endis = !(document.iform.enable.checked || enable_change); + // make sure a default answer is called if this is invoked. + endis2 = (document.iform.enable); + document.iform.enable_stats_log.disabled = endis; + document.iform.stats_upd_interval.disabled = endis; + document.iform.append_stats_log.disabled = endis; + document.iform.enable_http_log.disabled = endis; + document.iform.append_http_log.disabled = endis; + document.iform.enable_tls_log.disabled = endis; + document.iform.tls_log_extended.disabled = endis; + document.iform.enable_json_file_log.disabled = endis; + document.iform.append_json_file_log.disabled = endis; + document.iform.enable_tracked_files_magic.disabled = endis; + document.iform.enable_tracked_files_md5.disabled = endis; + document.iform.enable_file_store.disabled = endis; + document.iform.enable_pcap_log.disabled = endis; + document.iform.max_pcap_log_size.disabled = endis; + document.iform.max_pcap_log_files.disabled = endis; + document.iform.max_pending_packets.disabled = endis; + document.iform.detect_eng_profile.disabled = endis; + document.iform.mpm_algo.disabled = endis; + document.iform.sgh_mpm_context.disabled = endis; + document.iform.inspect_recursion_limit.disabled = endis; +// document.iform.blockoffenders.disabled = endis; +// document.iform.blockoffendersip.disabled=endis; +// document.iform.blockoffenderskill.disabled=endis; + document.iform.alertsystemlog.disabled = endis; + document.iform.externallistname.disabled = endis; + document.iform.homelistname.disabled = endis; +// document.iform.whitelistname.disabled=endis; + document.iform.suppresslistname.disabled = endis; + document.iform.configpassthru.disabled = endis; + document.iform.btnHomeNet.disabled=endis; +// document.iform.btnWhitelist.disabled=endis; + document.iform.btnSuppressList.disabled=endis; +} + +function wopen(url, name, w, h) { + // Fudge factors for window decoration space. + // In my tests these work well on all platforms & browsers. + w += 32; + h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); +} + +function getSelectedValue(elemID) { + var ctrl = document.getElementById(elemID); + return ctrl.options[ctrl.selectedIndex].value; +} + +function viewList(id, elemID, elemType) { + if (typeof elemType == "undefined") { + elemType = "whitelist"; + } + var url = "suricata_list_view.php?id=" + id + "&wlist="; + url = url + getSelectedValue(elemID) + "&type=" + elemType; + url = url + "&time=" + new Date().getTime(); + wopen(url, 'WhitelistViewer', 640, 480); +} + +enable_change(false); +//enable_blockoffenders(); +toggle_stats_log(); +toggle_http_log(); +toggle_tls_log(); +toggle_json_file_log(); +toggle_file_store(); +toggle_pcap_log(); + +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php new file mode 100644 index 00000000..1a3c7455 --- /dev/null +++ b/config/suricata/suricata_libhtp_policy_engine.php @@ -0,0 +1,182 @@ +<?php +/* + * suricata_libhtp_policy_engine.php + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/************************************************************************************** + This file contains code for adding/editing an existing Libhtp Policy Engine. + It is included and injected inline as needed into the suricata_app_parsers.php + page to provide the edit functionality for Host OS Policy Engines. + + The following variables are assumed to exist and must be initialized + as necessary in order to utilize this page. + + $g --> system global variables array + $config --> global variable pointing to configuration information + $pengcfg --> array containing current Libhtp Policy engine configuration + + Information is returned from this page via the following form fields: + + policy_name --> Unique Name for the Libhtp Policy Engine + policy_bind_to --> Alias name representing "bind_to" IP address for engine + personality --> Operating system chosen for engine policy + select_alias --> Submit button for select alias operation + req_body_limit --> Request Body Limit size + resp_body_limit --> Response Body Limit size + enable_double_decode_path --> double-decode path part of URI + enable_double_decode_query --> double-decode query string part of URI + save_libhtp_policy --> Submit button for save operation and exit + cancel_libhtp_policy --> Submit button to cancel operation and exit + **************************************************************************************/ +?> + +<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="middle" class="listtopic"><?php echo gettext("Suricata Target-Based HTTP Server Policy Configuration"); ?></td> + </tr> + <tr> + <td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td> + <td class="vtable"> + <input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25" + value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>> + <?php if (htmlspecialchars($pengcfg['name']) <> "default") + echo gettext("Name or description for this engine. (Max 25 characters)"); + else + echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/> + <?php echo gettext("Unique name or description for this engine configuration. Default value is ") . + "<strong>" . gettext("default") . "</strong>"; ?>.<br/> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td> + <td class="vtable"> + <?php if ($pengcfg['name'] <> "default") : ?> + <table width="95%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" + value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off"> + <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> + <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases" + title="<?php echo gettext("Select an existing IP alias");?>"/></td> + </tr> + <tr> + <td class="vexpl" colspan="2"><?php echo gettext("This policy will apply for packets with destination addresses contained within this IP List.");?></td> + </tr> + </table> + <br/><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?> + <?php else : ?> + <input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" + value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly> + <?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/> + <?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/> + <?php endif ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Target Web Server Personality"); ?> </td> + <td width="78%" class="vtable"> + <select name="personality" class="formselect" id="personality"> + <?php + $profile = array( 'Apache', 'Apache_2_2', 'Generic', 'IDS', 'IIS_4_0', 'IIS_5_0', 'IIS_5_1', 'IIS_6_0', 'IIS_7_0', 'IIS_7_5', 'Minimal' ); + foreach ($profile as $val): ?> + <option value="<?=$val;?>" + <?php if ($val == $pengcfg['personality']) echo "selected"; ?>> + <?=gettext($val);?></option> + <?php endforeach; ?> + </select> <?php echo gettext("Choose the web server personality appropriate for the protected hosts. The default is ") . + "<strong>" . gettext("IDS") . "</strong>"; ?>.<br/><br/> + <?php echo gettext("Available web server personality targets are: Apache, Apache 2.2, Generic, IDS (default), IIS_4_0, IIS_5_0, IIS_5_1, IIS_6_0, IIS_7_0, IIS_7_5 and Minimal."); ?><br/> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Inspection Limits"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Request Body Limit"); ?></td> + <td width="78%" class="vtable"> + <input name="req_body_limit" type="text" class="formfld unknown" id="req_body_limit" size="9" + value="<?=htmlspecialchars($pengcfg['request-body-limit']);?>"> + <?php echo gettext("Maximum number of HTTP request body bytes to inspect. Default is ") . + "<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/> + <?php echo gettext("HTTP request bodies are often big, so they take a lot of time to process which has a significant impact ") . + gettext("on performance. This sets the limit (in bytes) of the client-body that will be inspected.") . "<br/><br/><span class=\"red\"><strong>" . + gettext("Note: ") . "</strong></span>" . gettext("Setting this parameter to 0 will inspect all of the client-body."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Response Body Limit"); ?></td> + <td width="78%" class="vtable"> + <input name="resp_body_limit" type="text" class="formfld unknown" id="resp_body_limit" size="9" + value="<?=htmlspecialchars($pengcfg['response-body-limit']);?>"> + <?php echo gettext("Maximum number of HTTP response body bytes to inspect. Default is ") . + "<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/> + <?php echo gettext("HTTP response bodies are often big, so they take a lot of time to process which has a significant impact ") . + gettext("on performance. This sets the limit (in bytes) of the server-body that will be inspected.") . "<br/><br/><span class=\"red\"><strong>" . + gettext("Note: ") . "</strong></span>" . gettext("Setting this parameter to 0 will inspect all of the server-body."); ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Decode Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Path"); ?></td> + <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-path'] == "yes") echo "checked"; ?>> + <?php echo gettext("Suricata will double-decode path section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Query"); ?></td> + <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-query'] == "yes") echo "checked"; ?>> + <?php echo gettext("Suricata will double-decode query string section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr> + <td width="22%" valign="bottom"> </td> + <td width="78%" valign="bottom"> + <input name="save_libhtp_policy" id="save_libhtp_policy" type="submit" class="formbtn" value=" Save " title="<?php echo + gettext("Save web server policy engine settings and return to App Parsers tab"); ?>"> + + <input name="cancel_libhtp_policy" id="cancel_libhtp_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo + gettext("Cancel changes and return to App Parsers tab"); ?>"></td> + </tr> +</table> + +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> +<script type="text/javascript"> +//<![CDATA[ +var addressarray = <?= json_encode(get_alias_list(array("host", "network"))) ?>; + +function createAutoSuggest() { +<?php + echo "\tvar objAlias = new AutoSuggestControl(document.getElementById('policy_bind_to'), new StateSuggestions(addressarray));\n"; +?> +} + +setTimeout("createAutoSuggest();", 500); + +</script> + diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php new file mode 100644 index 00000000..b6616909 --- /dev/null +++ b/config/suricata/suricata_list_view.php @@ -0,0 +1,102 @@ +<?php +/* + * suricata_list_view.php + * + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $config; + +$contents = ''; + +if (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +$wlist = htmlspecialchars($_GET['wlist']); +$type = htmlspecialchars($_GET['type']); + +if (isset($id) && isset($wlist)) { + $a_rule = $config['installedpackages']['suricata']['rule'][$id]; + if ($type == "homenet") { + $list = suricata_build_list($a_rule, $wlist); + $contents = implode("\n", $list); + } + elseif ($type == "whitelist") { + $list = suricata_build_list($a_rule, $wlist, true); + $contents = implode("\n", $list); + } + elseif ($type == "suppress") { + $list = suricata_find_list($wlist, $type); + $contents = str_replace("\r", "", base64_decode($list['suppresspassthru'])); + } + else + $contents = gettext("\n\nERROR -- Requested List Type entity is not valid!"); +} +else + $contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!"); + +$pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer")); +?> + +<?php include("head.inc");?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php // include("fbegin.inc");?> + +<form action="suricata_list_view.php" method="post"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td class="tabcont"> + <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> + <tr> + <td class="pgtitle" colspan="2">Suricata: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td> + </tr> + <tr> + <td align="left" width="20%"> + <input type="button" class="formbtn" value="Return" onclick="window.close()"> + </td> + <td align="right"> + <b><?php echo gettext(ucfirst($type) . ": ") . '</b> ' . $_GET['wlist']; ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="label"> + <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea> + </div> + </td> + </tr> + </table> + </td> +</tr> +</table> +</form> +<?php // include("fend.inc");?> +</body> +</html> diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php new file mode 100644 index 00000000..53530881 --- /dev/null +++ b/config/suricata/suricata_logs_browser.php @@ -0,0 +1,220 @@ +<?php +/* + suricata_logs_browser.php + + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +if (isset($_POST['instance']) && is_numericint($_POST['instance'])) + $instanceid = $_POST['instance']; +elseif (isset($_GET['instance']) && is_numericint($_GET['instance'])) + $instanceid = htmlspecialchars($_GET['instance']); +if (empty($instanceid)) + $instanceid = 0; + +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); +$a_instance = $config['installedpackages']['suricata']['rule']; +$suricata_uuid = $a_instance[$instanceid]['uuid']; +$if_real = get_real_interface($a_instance[$instanceid]['interface']); + +// Construct a pointer to the instance's logging subdirectory +$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; + +$logfile = $_POST['file']; + +if ($_POST['action'] == 'load') { + if(!is_file($_POST['file'])) { + echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|"; + } + else { + $data = file_get_contents($_POST['file']); + if($data === false) { + echo "|1|" . gettext("Failed to read log file") . ".|"; + } else { + $data = base64_encode($data); + echo "|0|{$_POST['file']}|{$data}|"; + } + } + exit; +} + +$pgtitle = gettext("Suricata: Logs Browser"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); +if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} +if ($input_errors) { + print_input_errors($input_errors); +} + +?> +<script type="text/javascript" src="/javascript/base64.js"></script> +<script type="text/javascript"> + function loadFile() { + jQuery("#fileStatus").html("<?=gettext("Loading file"); ?> ..."); + jQuery("#fileStatusBox").show(500); + jQuery("#filePathBox").show(500); + jQuery("#fbTarget").html(""); + + jQuery.ajax( + "<?=$_SERVER['SCRIPT_NAME'];?>", { + type: 'POST', + data: "action=load&file=" + jQuery("#logFile").val(), + complete: loadComplete + } + ); + } + + function loadComplete(req) { + jQuery("#fileContent").show(1000); + var values = req.responseText.split("|"); + values.shift(); values.pop(); + + if(values.shift() == "0") { + var file = values.shift(); + var fileContent = Base64.decode(values.join("|")); + jQuery("#fileStatus").html("<?=gettext("File successfully loaded"); ?>."); + jQuery("#fbTarget").html(file); + jQuery("#fileContent").val(fileContent); + } + else { + jQuery("#fileStatus").html(values[0]); + jQuery("#fbTarget").html(""); + jQuery("#fileContent").val(""); + } + jQuery("#fileContent").show(1000); + } + +</script> + +<form action="/suricata/suricata_logs_browser.php" method="post" id="formbrowse"> +<input type="hidden" id="instance" value="<?=$instanceid;?>"/> +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), true, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); + ?> + </td> + </tr> + <tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Logs Browser Selections"); ?></td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext('Instance to View'); ?></td> + <td width="78%" class="vtable"> + <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formbrowse').method='post';document.getElementById('formbrowse').submit()"> + <?php + foreach ($a_instance as $id => $instance) { + $selected = ""; + if ($id == $instanceid) + $selected = "selected"; + echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . ") {$instance['descr']}</option>\n"; + } + ?> + </select> <?php echo gettext('Choose which instance logs you want to view.'); ?> + </td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext('Log File to View'); ?></td> + <td width="78%" class="vtable"> + <select name="logFile" id="logFile" class="formselect" onChange="loadFile();"> + <?php + $logs = array( "alerts.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" ); + foreach ($logs as $log) { + $selected = ""; + if ($log == basename($logfile)) + $selected = "selected"; + echo "<option value='{$suricatalogdir}/{$log}' {$selected}>" . $log . "</option>\n"; + } + ?> + </select> <?php echo gettext('Choose which log you want to view.'); ?> + </td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Log Contents"); ?></td> + </tr> + <tr> + <td colspan="2"> + <div style="display:none; " id="fileStatusBox"> + <div class="list" style="padding-left:15px;"> + <strong id="fileStatus"></strong> + </div> + </div> + <div style="padding-left:15px; display:none;" id="filePathBox"> + <strong><?=gettext("Log File Path"); ?>:</strong> + <div class="list" style="display:inline;" id="fbTarget"></div> + </div> + </td> + </tr> + <tr> + <td colspan="2"> + <table width="100%"> + <tr> + <td valign="top" class="label"> + <div style="background:#eeeeee;" id="fileOutput"> + <textarea id="fileContent" name="fileContent" style="width:100%;" rows="30" wrap="off"></textarea> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +</form> + +<?php if(empty($logfile)): ?> +<script type="text/javascript"> + document.getElementById("logFile").selectedIndex=-1; +</script> +<?php endif; ?> + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php new file mode 100644 index 00000000..7418dd80 --- /dev/null +++ b/config/suricata/suricata_logs_mgmt.php @@ -0,0 +1,429 @@ +<?php +/* + * suricata_logs_mgmt.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g; + +$suricatadir = SURICATADIR; + +$pconfig = array(); + +// Grab saved settings from configuration +$pconfig['enable_log_mgmt'] = $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on' ? 'on' : 'off'; +$pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs']; +$pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimit']; +$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']; +$pconfig['alert_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size']; +$pconfig['alert_log_retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention']; +$pconfig['files_json_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size']; +$pconfig['files_json_log_retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention']; +$pconfig['http_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size']; +$pconfig['http_log_retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention']; +$pconfig['stats_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size']; +$pconfig['stats_log_retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention']; +$pconfig['tls_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size']; +$pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention']; +$pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit']; +$pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention']; + +// Load up some arrays with selection values (we use these later). +// The keys in the $retentions array are the retention period +// converted to hours. The keys in the $log_sizes array are +// the file size limits in KB. +$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'), + '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'), + '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") ); +$log_sizes = array( '0' => gettext('NO LIMIT'), '50' => gettext('50 KB'), '150' => gettext('150 KB'), '250' => gettext('250 KB'), + '500' => gettext('500 KB'), '750' => gettext('750 KB'), '1000' => gettext('1 MB'), '2000' => gettext('2 MB'), + '5000' => gettext("5 MB"), '10000' => gettext("10 MB") ); + +// Set sensible defaults for any unset parameters +if (empty($pconfig['suricataloglimit'])) + $pconfig['suricataloglimit'] = 'on'; +if (empty($pconfig['suricataloglimitsize'])) { + // Set limit to 20% of slice that is unused */ + $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024); +} + +// Set default retention periods for rotated logs +if (empty($pconfig['alert_log_retention'])) + $pconfig['alert_log_retention'] = "336"; +if (empty($pconfig['files_json_log_retention'])) + $pconfig['files_json_log_retention'] = "168"; +if (empty($pconfig['http_log_retention'])) + $pconfig['http_log_retention'] = "168"; +if (empty($pconfig['stats_log_retention'])) + $pconfig['stats_log_retention'] = "168"; +if (empty($pconfig['tls_log_retention'])) + $pconfig['tls_log_retention'] = "336"; +if (empty($pconfig['u2_archive_log_retention'])) + $pconfig['u2_archive_log_retention'] = "168"; + +// Set default log file size limits +if (empty($pconfig['alert_log_limit_size'])) + $pconfig['alert_log_limit_size'] = "500"; +if (empty($pconfig['files_json_log_limit_size'])) + $pconfig['files_json_log_limit_size'] = "1000"; +if (empty($pconfig['http_log_limit_size'])) + $pconfig['http_log_limit_size'] = "1000"; +if (empty($pconfig['stats_log_limit_size'])) + $pconfig['stats_log_limit_size'] = "500"; +if (empty($pconfig['tls_log_limit_size'])) + $pconfig['tls_log_limit_size'] = "500"; +if (empty($pconfig['unified2_log_limit'])) + $pconfig['unified2_log_limit'] = "32"; + +if ($_POST["save"]) { + if ($_POST['suricataloglimit'] == 'on') { + if (!is_numericint($_POST['suricataloglimitsize']) || $_POST['suricataloglimitsize'] < 1) + $input_errors[] = gettext("The 'Log Directory Size Limit' must be an integer value greater than zero."); + } + + // Validate unified2 log file limit + if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1) + $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be an integer value greater than zero."); + + if (!$input_errors) { + $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; + $config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = $_POST['suricataloglimit']; + $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize']; + $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'] = $_POST['alert_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['alert_log_retention'] = $_POST['alert_log_retention']; + $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'] = $_POST['files_json_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'] = $_POST['files_json_log_retention']; + $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'] = $_POST['http_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['http_log_retention'] = $_POST['http_log_retention']; + $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'] = $_POST['stats_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['stats_log_retention'] = $_POST['stats_log_retention']; + $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'] = $_POST['tls_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['tls_log_retention'] = $_POST['tls_log_retention']; + $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit']; + $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention']; + + write_config(); + sync_suricata_package_config(); + + /* forces page to reload new settings */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_logs_mgmt.php"); + exit; + } +} + +$pgtitle = gettext("Suricata: Logs Management"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); + +/* Display Alert message, under form tag or no refresh */ +if ($input_errors) + print_input_errors($input_errors); + +?> + +<form action="suricata_logs_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Suricata Log Files During Package Uninstall"); ?></td> + <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes" + <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo " checked"; ?>/> + <?php echo gettext("Suricata log files will be removed when the Suricata package is uninstalled."); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Auto Log Management"); ?></td> + <td width="78%" class="vtable"><input name="enable_log_mgmt" id="enable_log_mgmt" type="checkbox" value="on" + <?php if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt']=="on") echo " checked"; ?> onClick="enable_change();"/> + <?php echo gettext("Enable automatic unattended management of Suricata logs using parameters specified below."); ?><br/> + <span class="red"><strong><?=gettext("Note: ") . "</strong></span>" . gettext("This must be be enabled in order to set Log Size and Retention Limits below.");?> + </td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Logs Directory Size Limit"); ?></td> +</tr> +<tr> +<?php $suricatalogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " . + "Limit"); ?><br/><br/><br/><br/><br/><br/><br/> + <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/> + <?php echo gettext("Available space is"); ?> <strong><?php echo $suricatalogCurrentDSKsize; ?> MB</strong></td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_on" value="on" + <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?> onClick="enable_change_dirSize();"/> + <strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</td> + </tr> + <tr> + <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_off" value="off" + <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?> onClick="enable_change_dirSize();"/> + <strong><?php echo gettext("Disable"); ?></strong> + <?php echo gettext("directory size limit"); ?><br/> + <br/><span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("this setting imposes a hard-limit on the combined log directory size of all Suricata interfaces. ") . + gettext("When the size limit set is reached, rotated logs for all interfaces will be removed, and any active logs pruned to zero-length.");?> + <br/><br/> + <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("NanoBSD " . + "should use no more than 10MB of space."); ?></td> + </tr> + </table> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?> + <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>"/> + <?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td> + </tr> + </table> + </td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Log Size and Retention Limits"); ?></td> +</tr> +<tr> + <td class="vncell" valign="top" width="22%"><?php echo gettext("Text Log Settings");?></td> + <td class="vtable" width="78%"> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <colgroup> + <col style="width: 15%;"> + <col style="width: 18%;"> + <col style="width: 20%;"> + <col> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?=gettext("Log Name");?></th> + <th class="listhdrr"><?=gettext("Max Size");?></th> + <th class="listhdrr"><?=gettext("Retention");?></th> + <th class="listhdrr"><?=gettext("Log Description");?></th> + </tr> + </thead> + <tbody> + <tr> + <td class="listbg">alerts</td> + <td class="listr" align="center"><select name="alert_log_limit_size" class="formselect" id="alert_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['alert_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="alert_log_retention" class="formselect" id="alert_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['alert_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Suricata alerts and event details");?></td> + </tr> + <tr> + <td class="listbg">files-json</td> + <td class="listr" align="center"><select name="files_json_log_limit_size" class="formselect" id="files_json_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['files_json_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="files_json_log_retention" class="formselect" id="files_json_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['files_json_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Captured files info in JSON format");?></td> + </tr> + <tr> + <td class="listbg">http</td> + <td class="listr" align="center"><select name="http_log_limit_size" class="formselect" id="http_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['http_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="http_log_retention" class="formselect" id="http_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['http_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Captured HTTP events and session info");?></td> + </tr> + <tr> + <td class="listbg">stats</td> + <td class="listr" align="center"><select name="stats_log_limit_size" class="formselect" id="stats_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['stats_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="stats_log_retention" class="formselect" id="stats_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['stats_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Suricata performance statistics");?></td> + </tr> + <tr> + <td class="listbg">tls</td> + <td class="listr" align="center"><select name="tls_log_limit_size" class="formselect" id="tls_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['tls_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="tls_log_retention" class="formselect" id="tls_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['tls_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("SMTP TLS handshake details");?></td> + </tr> + </tbody> + </table> + <br/><?=gettext("Settings will be ignored for any log in the list above not enabled on the Interface Settings tab. ") . + gettext("When a log reaches the Max Size limit, it will be rotated and tagged with a timestamp. The Retention period determines ") . + gettext("how long rotated logs are kept before they are automatically deleted.");?> + </td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td> + <td width="78%" class="vtable"> + <input name="unified2_log_limit" type="text" class="formfld unknown" + id="unified2_log_limit" size="10" value="<?=htmlspecialchars($pconfig['unified2_log_limit']);?>"/> + <?php echo gettext("Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/> + <?php echo gettext("This sets the maximum size for a unified2 log file before it is rotated and a new one created."); ?> + </td> +</tr> +<tr> + <td class="vncell" width="22%" valign="top"><?=gettext("Unified2 Archived Log Retention Period");?></td> + <td width="78%" class="vtable"><select name="u2_archive_log_retention" class="formselect" id="u2_archive_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['u2_archive_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> <?=gettext("Choose retention period for archived Barnyard2 binary log files. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/> + <?=gettext("When Barnyard2 output is enabled, Suricata writes event data to a binary format file that Barnyard2 reads and processes. ") . + gettext("When finished processing a file, Barnyard2 moves it to an archive folder. This setting determines how long files ") . + gettext("remain in the archive folder before they are automatically deleted.");?> + </td> +</tr> +<tr> + <td width="22%"></td> + <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/><br/> + <br/><span class="red"><strong><?php echo gettext("Note:");?></strong> + </span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td> +</tr> + </table> +</div><br/> +</td></tr> +</table> +</form> + +<script language="JavaScript"> +function enable_change() { + var endis = !(document.iform.enable_log_mgmt.checked); + document.iform.alert_log_limit_size.disabled = endis; + document.iform.alert_log_retention.disabled = endis; + document.iform.files_json_log_limit_size.disabled = endis; + document.iform.files_json_log_retention.disabled = endis; + document.iform.http_log_limit_size.disabled = endis; + document.iform.http_log_retention.disabled = endis; + document.iform.stats_log_limit_size.disabled = endis; + document.iform.stats_log_retention.disabled = endis; + document.iform.tls_log_limit_size.disabled = endis; + document.iform.tls_log_retention.disabled = endis; + document.iform.unified2_log_limit.disabled = endis; + document.iform.u2_archive_log_retention.disabled = endis; +} + +function enable_change_dirSize() { + var endis = !(document.getElementById('suricataloglimit_on').checked); + document.getElementById('suricataloglimitsize').disabled = endis; +} + +enable_change(); +enable_change_dirSize(); +</script> + +<?php include("fend.inc"); ?> + +</body> +</html> diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php new file mode 100644 index 00000000..c9360901 --- /dev/null +++ b/config/suricata/suricata_os_policy_engine.php @@ -0,0 +1,139 @@ +<?php +/* + * suricata_os_policy_engine.php + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/************************************************************************************** + This file contains code for adding/editing an existing Host OS Policy Engine. + It is included and injected inline as needed into the suricata_stream_flow.php + page to provide the edit functionality for Host OS Policy Engines. + + The following variables are assumed to exist and must be initialized + as necessary in order to utilize this page. + + $g --> system global variables array + $config --> global variable pointing to configuration information + $pengcfg --> array containing current Host OS Policy engine configuration + + Information is returned from this page via the following form fields: + + policy_name --> Unique Name for the Host OS Policy Engine + policy_bind_to --> Alias name representing "bind_to" IP address for engine + policy --> Operating system chosen for engine policy + select_alias --> Submit button for select alias operation + save_os_policy --> Submit button for save operation and exit + cancel_os_policy --> Submit button to cancel operation and exit + **************************************************************************************/ +?> + +<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" align="center" class="listtopic"><?php echo gettext("Suricata Target-Based Host OS Policy Engine Configuration"); ?></td> + </tr> + <tr> + <td valign="top" class="vncell"><?php echo gettext("Policy Name"); ?></td> + <td class="vtable"> + <input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25" + value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>/> + <?php if (htmlspecialchars($pengcfg['name']) <> "default") + echo gettext("Name or description for this engine. (Max 25 characters)"); + else + echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/> + <?php echo gettext("Unique name or description for this engine configuration. Default value is ") . + "<strong>" . gettext("default") . "</strong>"; ?>.<br/> + </td> + </tr> + <tr> + <td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td> + <td class="vtable"> + <?php if ($pengcfg['name'] <> "default") : ?> + <table width="95%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" + value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off"/> + <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> + <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases" + title="<?php echo gettext("Select an existing IP alias");?>"/></td> + </tr> + <tr> + <td class="vexpl" colspan="2"><?php echo gettext("This policy will apply for packets with destination addresses contained within this IP List.");?></td> + </tr> + </table> + <span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?> + + <?php else : ?> + <input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" + value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly> + <?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/> + <?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/> + <?php endif ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Target Policy"); ?> </td> + <td width="78%" class="vtable"> + <select name="policy" class="formselect" id="policy"> + <?php + $profile = array( 'BSD', 'BSD-Right', 'HPUX10', 'HPUX11', 'Irix', 'Linux', 'Mac-OS', 'Old-Linux', 'Old-Solaris', 'Solaris', 'Vista', 'Windows', 'Windows2k3' ); + foreach ($profile as $val): ?> + <option value="<?=strtolower($val);?>" + <?php if (strtolower($val) == $pengcfg['policy']) echo "selected"; ?>> + <?=gettext($val);?></option> + <?php endforeach; ?> + </select> <?php echo gettext("Choose the OS target policy appropriate for the protected hosts. The default is ") . + "<strong>" . gettext("BSD") . "</strong>"; ?>.<br/><br/> + <?php echo gettext("Available OS targets are BSD, BSD-Right, HPUX10, HPUX11, Irix, Linux, Mac-OS, Old-Linux, Old-Solaris, Solaris, Vista, 'Windows' and Windows2k3."); ?><br/> + </td> + </tr> + <tr> + <td width="22%" valign="bottom"> </td> + <td width="78%" valign="bottom"> + <input name="save_os_policy" id="save_os_policy" type="submit" class="formbtn" value=" Save " title="<?php echo + gettext("Save OS policy engine settings and return to Flow/Stream tab"); ?>"> + + <input name="cancel_os_policy" id="cancel_os_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo + gettext("Cancel changes and return to Flow/Stream tab"); ?>"></td> + </tr> +</table> +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> +<script type="text/javascript"> +//<![CDATA[ + var addressarray = <?= json_encode(get_alias_list(array("host", "network"))) ?>; + +function createAutoSuggest() { + <?php + echo "\tvar objAlias = new AutoSuggestControl(document.getElementById('policy_bind_to'), new StateSuggestions(addressarray));\n"; + ?> +} + +setTimeout("createAutoSuggest();", 500); +//]]> + +</script> + diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php new file mode 100644 index 00000000..4d5454d5 --- /dev/null +++ b/config/suricata/suricata_post_install.php @@ -0,0 +1,149 @@ +<?php +/* + * suricata_post_install.php + * + * Copyright (C) 2014 Bill Meeks + * part of pfSense + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/****************************************************************************/ +/* This module is called once during the Suricata package installation to */ +/* perform required post-installation setup. It should only be executed */ +/* from the Package Manager process via the custom-post-install hook in */ +/* the snort.xml package configuration file. */ +/****************************************************************************/ + +require_once("config.inc"); +require_once("functions.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $config, $g, $rebuild_rules, $pkg_interface, $suricata_gui_include; + +$suricatadir = SURICATADIR; +$rcdir = RCFILEPREFIX; + +// Hard kill any running Suricata process that may have been started by any +// of the pfSense scripts such as check_reload_status() or rc.start_packages +if(is_process_running("suricata")) { + killbyname("suricata"); + sleep(2); + // Delete any leftover suricata PID files in /var/run + unlink_if_exists("/var/run/suricata_*.pid"); +} +// Hard kill any running Barnyard2 processes +if(is_process_running("barnyard")) { + killbyname("barnyard2"); + sleep(2); + // Delete any leftover barnyard2 PID files in /var/run + unlink_if_exists("/var/run/barnyard2_*.pid"); +} + +// Set flag for post-install in progress +$g['suricata_postinstall'] = true; + +// Remove any previously installed script since we rebuild it +@unlink("{$rcdir}/suricata.sh"); + +// Create the top-tier log directory +safe_mkdir(SURICATALOGDIR); + +// remake saved settings +if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { + log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings...")); + update_status(gettext("Saved settings detected...")); + update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); + log_error(gettext("[Suricata] Downloading and updating configured rule types...")); + update_output_window(gettext("Please wait... downloading and updating configured rule types...")); + if ($pkg_interface <> "console") + $suricata_gui_include = true; + include('/usr/local/www/suricata/suricata_check_for_rule_updates.php'); + update_status(gettext("Generating suricata.yaml configuration file from saved settings...")); + $rebuild_rules = true; + + // Create the suricata.yaml files for each enabled interface + $suriconf = $config['installedpackages']['suricata']['rule']; + foreach ($suriconf as $value) { + $if_real = get_real_interface($value['interface']); + + // ## BETA pkg bug fix-up -- be sure default rules enabled ## + $rules = explode("||", $value['rulesets']); + foreach (array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" ) as $r){ + if (!in_array($r, $rules)) + $rules[] = $r; + } + natcasesort($rules); + $value['rulesets'] = implode("||", $rules); + write_config(); + // ## end of BETA pkg bug fix-up ## + + // create a suricata.yaml file for interface + suricata_generate_yaml($value); + + // create barnyard2.conf file for interface + if ($value['barnyard_enable'] == 'on') + suricata_generate_barnyard2_conf($value, $if_real); + } + + // create Suricata bootup file suricata.sh + suricata_create_rc(); + + // Set Log Limit, Block Hosts Time and Rules Update Time + suricata_loglimit_install_cron(); +// suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); + suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false); + + // Add the recurring jobs created above to crontab + configure_cron(); + + // Restore the Dashboard Widget if it was previously enabled and saved + if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget']) && !empty($config['widgets']['sequence'])) + $config['widgets']['sequence'] .= "," . $config['installedpackages']['suricata']['config'][0]['dashboard_widget']; + if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']) && !empty($config['widgets'])) + $config['widgets']['widget_suricata_display_lines'] = $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']; + + $rebuild_rules = false; + update_output_window(gettext("Finished rebuilding Suricata configuration files...")); + log_error(gettext("[Suricata] Finished rebuilding installation from saved settings...")); + + // Only try to start Suricata if not in reboot + if (!$g['booting']) { + update_status(gettext("Starting Suricata using rebuilt configuration...")); + update_output_window(gettext("Please wait... while Suricata is started...")); + log_error(gettext("[Suricata] Starting Suricata using rebuilt configuration...")); + start_service("suricata"); + update_output_window(gettext("Suricata has been started using the rebuilt configuration...")); + } +} + +// Update Suricata package version in configuration +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v0.3-BETA"; +write_config(); + +// Done with post-install, so clear flag +unset($g['suricata_postinstall']); +log_error(gettext("[Suricata] Package post-installation tasks completed...")); +return true; + +?> diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php new file mode 100644 index 00000000..5883ed8e --- /dev/null +++ b/config/suricata/suricata_rules.php @@ -0,0 +1,730 @@ +<?php +/* + * suricata_rules.php + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +$suricatadir = SURICATADIR; +$rules_map = array(); +$pconfig = array(); + +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); +$a_rule = &$config['installedpackages']['suricata']['rule']; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (is_null($id)) { + $id = 0; +} + +if (isset($id) && $a_rule[$id]) { + $pconfig['interface'] = $a_rule[$id]['interface']; + $pconfig['rulesets'] = $a_rule[$id]['rulesets']; + $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); +} + +function add_title_attribute($tag, $title) { + + /******************************** + * This function adds a "title" * + * attribute to the passed tag * + * and sets the value to the * + * value specified by "$title". * + ********************************/ + $result = ""; + if (empty($tag)) { + // If passed an empty element tag, then + // just create a <span> tag with title + $result = "<span title=\"" . $title . "\">"; + } + else { + // Find the ending ">" for the element tag + $pos = strpos($tag, ">"); + if ($pos !== false) { + // We found the ">" delimter, so add "title" + // attribute and close the element tag + $result = substr($tag, 0, $pos) . " title=\"" . $title . "\">"; + } + else { + // We did not find the ">" delimiter, so + // something is wrong, just return the + // tag "as-is" + $result = $tag; + } + } + return $result; +} + +/* convert fake interfaces to real */ +$if_real = get_real_interface($pconfig['interface']); +$suricata_uuid = $a_rule[$id]['uuid']; +$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}"; +$snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules']; +$emergingdownload = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; +$etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; +$categories = explode("||", $pconfig['rulesets']); + +// Add any previously saved rules files to the categories array +if (!empty($pconfig['rulesets'])) + $categories = explode("||", $pconfig['rulesets']); + +if ($_GET['openruleset']) + $currentruleset = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401); +elseif ($_POST['selectbox']) + $currentruleset = $_POST['selectbox']; +elseif ($_POST['openruleset']) + $currentruleset = $_POST['openruleset']; +else + $currentruleset = $categories[0]; + +if (empty($categories[0]) && ($currentruleset != "custom.rules") && ($currentruleset != "Auto-Flowbit Rules")) { + if (!empty($a_rule[$id]['ips_policy'])) + $currentruleset = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); + else + $currentruleset = "custom.rules"; +} + +/* One last sanity check -- if the rules directory is empty, default to loading custom rules */ +$tmp = glob("{$suricatadir}rules/*.rules"); +if (empty($tmp)) + $currentruleset = "custom.rules"; + +$ruledir = "{$suricatadir}rules"; +$rulefile = "{$ruledir}/{$currentruleset}"; +if ($currentruleset != 'custom.rules') { + // Read the current rules file into our rules map array. + // If it is the auto-flowbits file, set the full path. + if ($currentruleset == "Auto-Flowbit Rules") + $rulefile = "{$suricatacfgdir}/rules/" . FLOWBITS_FILENAME; + // Test for the special case of an IPS Policy file. + if (substr($currentruleset, 0, 10) == "IPS Policy") + $rules_map = suricata_load_vrt_policy($a_rule[$id]['ips_policy']); + elseif (!file_exists($rulefile)) + $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again."); + else + $rules_map = suricata_load_rules_map($rulefile); +} + +/* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ +$enablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_on']); +$disablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_off']); + +if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) { + + // Get the GID:SID tags embedded in the clicked rule icon. + $gid = $_POST['gid']; + $sid = $_POST['sid']; + + // See if the target SID is in our list of modified SIDs, + // and toggle it back to default if present; otherwise, + // add it to the appropriate modified SID list. + if (isset($enablesid[$gid][$sid])) + unset($enablesid[$gid][$sid]); + elseif (isset($disablesid[$gid][$sid])) + unset($disablesid[$gid][$sid]); + else { + if ($rules_map[$gid][$sid]['disabled'] == 1) + $enablesid[$gid][$sid] = "enablesid"; + else + $disablesid[$gid][$sid] = "disablesid"; + } + + // Write the updated enablesid and disablesid values to the config file. + $tmp = ""; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_rule[$id]['rule_sid_on'] = $tmp; + else + unset($a_rule[$id]['rule_sid_on']); + + $tmp = ""; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_rule[$id]['rule_sid_off'] = $tmp; + else + unset($a_rule[$id]['rule_sid_off']); + + /* Update the config.xml file. */ + write_config(); + + $anchor = "rule_{$gid}_{$sid}"; +} +elseif ($_POST['disable_all'] && !empty($rules_map)) { + + // Mark all rules in the currently selected category "disabled". + foreach (array_keys($rules_map) as $k1) { + foreach (array_keys($rules_map[$k1]) as $k2) { + if (isset($enablesid[$k1][$k2])) + unset($enablesid[$k1][$k2]); + $disablesid[$k1][$k2] = "disablesid"; + } + } + + // Write the updated enablesid and disablesid values to the config file. + $tmp = ""; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_rule[$id]['rule_sid_on'] = $tmp; + else + unset($a_rule[$id]['rule_sid_on']); + + $tmp = ""; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_rule[$id]['rule_sid_off'] = $tmp; + else + unset($a_rule[$id]['rule_sid_off']); + + write_config(); +} +elseif ($_POST['enable_all'] && !empty($rules_map)) { + + // Mark all rules in the currently selected category "enabled". + foreach (array_keys($rules_map) as $k1) { + foreach (array_keys($rules_map[$k1]) as $k2) { + if (isset($disablesid[$k1][$k2])) + unset($disablesid[$k1][$k2]); + $enablesid[$k1][$k2] = "enablesid"; + } + } + // Write the updated enablesid and disablesid values to the config file. + $tmp = ""; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_rule[$id]['rule_sid_on'] = $tmp; + else + unset($a_rule[$id]['rule_sid_on']); + + $tmp = ""; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_rule[$id]['rule_sid_off'] = $tmp; + else + unset($a_rule[$id]['rule_sid_off']); + + write_config(); +} +elseif ($_POST['resetcategory'] && !empty($rules_map)) { + + // Reset any modified SIDs in the current rule category to their defaults. + foreach (array_keys($rules_map) as $k1) { + foreach (array_keys($rules_map[$k1]) as $k2) { + if (isset($enablesid[$k1][$k2])) + unset($enablesid[$k1][$k2]); + if (isset($disablesid[$k1][$k2])) + unset($disablesid[$k1][$k2]); + } + } + + // Write the updated enablesid and disablesid values to the config file. + $tmp = ""; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_rule[$id]['rule_sid_on'] = $tmp; + else + unset($a_rule[$id]['rule_sid_on']); + + $tmp = ""; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_rule[$id]['rule_sid_off'] = $tmp; + else + unset($a_rule[$id]['rule_sid_off']); + + write_config(); +} +elseif ($_POST['resetall'] && !empty($rules_map)) { + + // Remove all modified SIDs from config.xml and save the changes. + unset($a_rule[$id]['rule_sid_on']); + unset($a_rule[$id]['rule_sid_off']); + + /* Update the config.xml file. */ + write_config(); +} +elseif ($_POST['clear']) { + unset($a_rule[$id]['customrules']); + write_config(); + $rebuild_rules = true; + suricata_generate_yaml($a_rule[$id]); + $rebuild_rules = false; + $pconfig['customrules'] = ''; +} +elseif ($_POST['cancel']) { + $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); +} +elseif ($_POST['save']) { + $pconfig['customrules'] = $_POST['customrules']; + if ($_POST['customrules']) + $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); + else + unset($a_rule[$id]['customrules']); + write_config(); + $rebuild_rules = true; + suricata_generate_yaml($a_rule[$id]); + $rebuild_rules = false; + /* Signal Suricata to "live reload" the rules */ + suricata_reload_config($a_rule[$id]); +} +elseif ($_POST['apply']) { + + /* Save new configuration */ + write_config(); + + /*************************************************/ + /* Update the suricata.yaml file and rebuild the */ + /* rules for this interface. */ + /*************************************************/ + $rebuild_rules = true; + suricata_generate_yaml($a_rule[$id]); + $rebuild_rules = false; + + /* Signal Suricata to "live reload" the rules */ + suricata_reload_config($a_rule[$id]); +} + +require_once("guiconfig.inc"); +include_once("head.inc"); + +$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset}"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("fbegin.inc"); +/* Display error or save messages if present */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} + +if ($savemsg) { + print_info_box($savemsg); +} + +?> + +<form action='/suricata/suricata_rules.php' method='post' name='iform' id='iform'> +<input type='hidden' name='id' id='id' value='<?=$id;?>'/> +<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/> +<input type='hidden' name='sid' id='sid' value=''/> +<input type='hidden' name='gid' id='gid' value=''/> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); + echo '</td></tr>'; + echo '<tr><td class="tabnavtbl">'; + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");; + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), true, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr><td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="4" cellspacing="0"> + <tr> + <td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td> + </tr> + <tr> + <td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong> + <select id="selectbox" name="selectbox" class="formselect" onChange="go();"> + <option value='custom.rules'>custom.rules</option> + <?php + $files = explode("||", $pconfig['rulesets']); + if ($a_rule[$id]['ips_policy_enable'] == 'on') + $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); + if ($a_rule[$id]['autoflowbitrules'] == 'on') + $files[] = "Auto-Flowbit Rules"; + natcasesort($files); + foreach ($files as $value) { + if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX) + continue; + if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX) + continue; + if ($etpro != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX) + continue; + if (empty($value)) + continue; + echo "<option value='{$value}' "; + if ($value == $currentruleset) + echo "selected"; + echo ">{$value}</option>\n"; + } + ?> + </select> <?php echo gettext("Select the rule category to view"); ?> + </td> + </tr> + + <?php if ($currentruleset == 'custom.rules'): ?> + <tr> + <td class="listtopic"><?php echo gettext("Defined Custom Rules"); ?></td> + </tr> + <tr> + <td valign="top" class="vtable"> + <textarea wrap="soft" cols="90" rows="40" name="customrules"><?=$pconfig['customrules'];?></textarea> + </td> + </tr> + <tr> + <td> + <input name="save" type="submit" class="formbtn" id="save" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/> + <input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel all changes made prior to last save"); ?>"/> + <input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/> + </td> + </tr> + <?php else: ?> + <tr> + <td class="listtopic"><?php echo gettext("Rule Signature ID (SID) Enable/Disable Overrides"); ?></td> + </tr> + <tr> + <td class="vncell"> + <table width="100%" align="center" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn" + title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/> + <span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . + gettext("When finished, click APPLY to send any SID enable/disable changes made on this tab to the running Suricata process."); ?></span></td> + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetcategory[]' + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' + onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' + title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?> + <?php echo gettext("Remove Enable/Disable changes in the current Category"); ?></td> + </tr> + <tr> + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetall[]' + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' + onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' + title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?> + <?php echo gettext("Remove all Enable/Disable changes in all Categories"); ?></td> + </tr> + <tr> + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='disable_all[]' + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' + onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' + title='" . gettext("Click to disable all rules in the selected category") . "'/>"?> + <?php echo gettext("Disable all rules in the current Category"); ?></td> + </tr> + <tr> + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='enable_all[]' + src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\" + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"' + onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus_mo.gif\"' border='0' + title='" . gettext("Click to enable all rules in the selected category") . "'/>"?> + <?php echo gettext("Enable all rules in the current Category"); ?></td> + </tr> + <tr> + <td class="vexpl" valign="middle"><a href="javascript: void(0)" + onclick="wopen('suricata_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" width="15" height="15" <?php + echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"' + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?> + title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a> + <?php echo gettext("View full file contents for the current Category"); ?></td> + </tr> + <?php if ($currentruleset == 'Auto-Flowbit Rules'): ?> + <tr> + <td colspan="3"> </td> + </tr> + <tr> + <td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" . + gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") . + "<a href='suricata_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" . + gettext("clicking here") . ".</a>";?></td> + </tr> + <?php endif;?> + </table> + </td> + </tr> + <tr> + <td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td> + </tr> + <tr> + <td> + <table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="14" align="left" valign="middle"> + <col width="6%" align="center" axis="number"> + <col width="9%" align="center" axis="number"> + <col width="52" align="center" axis="string"> + <col width="14%" align="center" axis="string"> + <col width="10%" align="center" axis="string"> + <col width="14%" align="center" axis="string"> + <col width="10%" align="center" axis="string"> + <col axis="string"> + </colgroup> + <thead> + <tr> + <th class="list"> </th> + <th class="listhdrr"><?php echo gettext("GID"); ?></th> + <th class="listhdrr"><?php echo gettext("SID"); ?></th> + <th class="listhdrr"><?php echo gettext("Proto"); ?></th> + <th class="listhdrr"><?php echo gettext("Source"); ?></th> + <th class="listhdrr"><?php echo gettext("SPort"); ?></th> + <th class="listhdrr"><?php echo gettext("Destination"); ?></th> + <th class="listhdrr"><?php echo gettext("DPort"); ?></th> + <th class="listhdrr"><?php echo gettext("Message"); ?></th> + </tr> + </thead> + <tbody> + + <?php + $counter = $enable_cnt = $disable_cnt = 0; + foreach ($rules_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + $sid = suricata_get_sid($v['rule']); + $gid = suricata_get_gid($v['rule']); + + if (isset($disablesid[$gid][$sid])) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_reject_d.gif"; + $disable_cnt++; + $title = gettext("Disabled by user. Click to toggle to default state"); + } + elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + $disable_cnt++; + $title = gettext("Disabled by default. Click to toggle to enabled state"); + } + elseif (isset($enablesid[$gid][$sid])) { + $textss = $textse = ""; + $iconb = "icon_reject.gif"; + $enable_cnt++; + $title = gettext("Enabled by user. Click to toggle to default state"); + } + else { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + $enable_cnt++; + $title = gettext("Enabled by default. Click to toggle to disabled state"); + } + + // Pick off the first section of the rule (prior to the start of the MSG field), + // and then use a REGX split to isolate the remaining fields into an array. + $tmp = substr($v['rule'], 0, strpos($v['rule'], "(")); + $tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp)); + $rule_content = preg_split('/[\s]+/', $tmp); + + // Create custom <span> tags for some of the fields so we can + // have a "title" attribute for tooltips to show the full string. + $srcspan = add_title_attribute($textss, $rule_content[2]); + $srcprtspan = add_title_attribute($textss, $rule_content[3]); + $dstspan = add_title_attribute($textss, $rule_content[5]); + $dstprtspan = add_title_attribute($textss, $rule_content[6]); + $protocol = $rule_content[1]; //protocol field + $source = $rule_content[2]; //source field + $source_port = $rule_content[3]; //source port field + $destination = $rule_content[5]; //destination field + $destination_port = $rule_content[6]; //destination port field + $message = suricata_get_msg($v['rule']); + $sid_tooltip = gettext("View the raw text for this rule"); + + echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} + <a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; + document.getElementById('gid').value='{$gid}';\" + src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}' name=\"toggle[]\"/></a>{$textse} + </td> + <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$gid}{$textse} + </td> + <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <a href=\"javascript: void(0)\" + onclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\" + title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a> + </td> + <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$protocol}{$textse} + </td> + <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$srcspan}{$source}</span> + </td> + <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$srcprtspan}{$source_port}</span> + </td> + <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$dstspan}{$destination}</span> + </td> + <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$dstprtspan}{$destination_port}</span> + </td> + <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$message}{$textse} + </td> + </tr>"; + $counter++; + } + } + unset($rulem, $v); ?> + </tbody> + </table> + </td> + </tr> + <tr> + <td> + <table width="100%" border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="16"></td> + <td class="vexpl" height="35" valign="top"> + <strong><?php echo gettext("--- Category Rules Summary ---") . "</strong><br/>" . + gettext("Total Rules: {$counter}") . " " . + gettext("Enabled: {$enable_cnt}") . " " . + gettext("Disabled: {$disable_cnt}"); ?></td> + </tr> + <tr> + <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" + width="11" height="11"></td> + <td><?php echo gettext("Rule default is Enabled"); ?></td> + </tr> + <tr> + <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule default is Disabled"); ?></td> + </tr> + <tr> + <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_reject.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule changed to Enabled by user"); ?></td> + </tr> + <tr> + <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_reject_d.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule changed to Disabled by user"); ?></td> + </tr> + </table> + </td> + </tr> + <?php endif;?> + </table> + </div> + </td> + </tr> +</table> +</form> +<script language="javascript" type="text/javascript"> +function go() +{ + var box = document.getElementById("selectbox"); + var ruleset = box.options[box.selectedIndex].value; + if (ruleset) + document.getElementById("openruleset").value = ruleset; + document.getElementById("iform").submit(); +} + +function wopen(url, name, w, h) +{ +// Fudge factors for window decoration space. +// In my tests these work well on all platforms & browsers. + w += 32; + h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); +} + +<?php if (!empty($anchor)): ?> + // Scroll the last enabled/disabled SID into view + window.location.hash = "<?=$anchor; ?>"; + window.scrollBy(0,-60); + +<?php endif;?> +</script> +<?php include("fend.inc"); ?> + +</body> +</html> diff --git a/config/suricata/suricata_rules_edit.php b/config/suricata/suricata_rules_edit.php new file mode 100644 index 00000000..b61c2f3a --- /dev/null +++ b/config/suricata/suricata_rules_edit.php @@ -0,0 +1,148 @@ +<?php +/* + * suricata_rules_edit.php + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +$flowbit_rules_file = FLOWBITS_FILENAME; +$suricatadir = SURICATADIR; + +if (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +// If we were not passed a valid index ID, close the pop-up and exit +if (is_null($id)) { + echo '<html><body link="#000000" vlink="#000000" alink="#000000">'; + echo '<script language="javascript" type="text/javascript">'; + echo 'window.close();</script>'; + echo '</body></html>'; + exit; +} + +if (!is_array($config['installedpackages']['suricata']['rule'])) { + $config['installedpackages']['suricata']['rule'] = array(); +} + +$a_rule = &$config['installedpackages']['suricata']['rule']; + +$if_real = get_real_interface($a_rule[$id]['interface']); +$suricata_uuid = $a_rule[$id]['uuid']; +$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/"; + +$file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401); +$contents = ''; +$wrap_flag = "off"; + +// Correct displayed file title if necessary +if ($file == "Auto-Flowbit Rules") + $displayfile = FLOWBITS_FILENAME; +else + $displayfile = $file; + +// Read the contents of the argument passed to us. +// It may be an IPS policy string, an individual SID, +// a standard rules file, or a complete file name. +// Test for the special case of an IPS Policy file. +if (substr($file, 0, 10) == "IPS Policy") { + $rules_map = suricata_load_vrt_policy(strtolower(trim(substr($file, strpos($file, "-")+1)))); + if (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { + $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; + $wrap_flag = "soft"; + } + else { + $contents = "# Suricata IPS Policy - " . ucfirst(trim(substr($file, strpos($file, "-")+1))) . "\n\n"; + foreach (array_keys($rules_map) as $k1) { + foreach (array_keys($rules_map[$k1]) as $k2) { + $contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n"; + $contents .= $rules_map[$k1][$k2]['rule'] . "\n"; + } + } + } + unset($rules_map); +} +// Is it a SID to load the rule text from? +elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { + // If flowbit rule, point to interface-specific file + if ($file == "Auto-Flowbit Rules") + $rules_map = suricata_load_rules_map("{$suricatacfgdir}rules/" . FLOWBITS_FILENAME); + else + $rules_map = suricata_load_rules_map("{$suricatadir}rules/{$file}"); + $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; + $wrap_flag = "soft"; +} +// Is it our special flowbit rules file? +elseif ($file == "Auto-Flowbit Rules") + $contents = file_get_contents("{$suricatacfgdir}rules/{$flowbit_rules_file}"); +// Is it a rules file in the ../rules/ directory? +elseif (file_exists("{$suricatadir}rules/{$file}")) + $contents = file_get_contents("{$suricatadir}rules/{$file}"); +// It is not something we can display, so exit. +else + $input_errors[] = gettext("Unable to open file: {$displayfile}"); + +$pgtitle = array(gettext("Suricata"), gettext("Rules File Viewer")); +?> + +<?php include("head.inc");?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php // include("fbegin.inc");?> + +<form action="suricata_rules_edit.php" method="post"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td class="tabcont"> + <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> + <tr> + <td class="pgtitle" colspan="2">Suricata: Rules Viewer</td> + </tr> + <tr> + <td width="20%"> + <input type="button" class="formbtn" value="Close" onclick="window.close()"/> + </td> + <td align="right"> + <b><?php echo gettext("Rules File: ") . '</b> ' . $displayfile; ?> + </td> + </tr> + <tr> + <td valign="top" class="label" colspan="2"> + <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea style="width:100%; height:100%;" wrap="<?=$wrap_flag?>" rows="33" cols="80" name="code2"><?=$contents;?></textarea> + </div> + </td> + </tr> + </table> + </td> +</tr> +</table> +</form> +<?php // include("fend.inc");?> +</body> +</html> diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php new file mode 100644 index 00000000..1907cbeb --- /dev/null +++ b/config/suricata/suricata_rules_flowbits.php @@ -0,0 +1,297 @@ +<?php +/* + * suricata_rules_flowbits.php + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +$suricatadir = SURICATADIR; +$flowbit_rules_file = FLOWBITS_FILENAME; +$rules_map = array(); +$supplist = array(); + +if (!is_array($config['installedpackages']['suricata']['rule'])) { + $config['installedpackages']['suricata']['rule'] = array(); +} +$a_nat = &$config['installedpackages']['suricata']['rule']; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (is_null($id)) { + header("Location: /suricata/suricata_interfaces.php"); + exit; +} + +// Set who called us so we can return to the correct page with +// the RETURN ('cancel') button. +if ($_POST['referrer']) + $referrer = $_POST['referrer']; +else + $referrer = $_SERVER['HTTP_REFERER']; + +// Make sure a rule index ID is appended to the return URL +if (strpos($referrer, "?id={$id}") === FALSE) + $referrer .= "?id={$id}"; + +// If RETURN button clicked, exit to original calling page +if ($_POST['cancel']) { + header("Location: {$referrer}"); + exit; +} + +$if_real = get_real_interface($a_nat[$id]['interface']); +$suricata_uuid = $a_nat[$id]['uuid']; + +/* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */ +if ($a_nat[$id]['autoflowbitrules'] == 'on') { + if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && + filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { + $rules_map = suricata_load_rules_map("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); + } + else + $savemsg = gettext("There are no flowbit-required rules necessary for the current enforcing rule set."); +} +else + $input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!"); + +if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) { + $descr = suricata_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']); + $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n"); + if (empty($descr)) + $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; + else + $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; + if (!is_array($config['installedpackages']['suricata']['suppress'])) + $config['installedpackages']['suricata']['suppress'] = array(); + if (!is_array($config['installedpackages']['suricata']['suppress']['item'])) + $config['installedpackages']['suricata']['suppress']['item'] = array(); + $a_suppress = &$config['installedpackages']['suricata']['suppress']['item']; + $found_list = false; + + if (empty($a_nat[$id]['suppresslistname']) || $a_nat[$id]['suppresslistname'] == 'default') { + $s_list = array(); + $s_list['uuid'] = uniqid(); + $s_list['name'] = $a_nat[$id]['interface'] . "suppress" . "_" . $s_list['uuid']; + $s_list['descr'] = "Auto-generated list for Alert suppression"; + $s_list['suppresspassthru'] = base64_encode($suppress); + $a_suppress[] = $s_list; + $a_nat[$id]['suppresslistname'] = $s_list['name']; + $found_list = true; + } else { + /* If we get here, a Suppress List is defined for the interface so see if we can find it */ + foreach ($a_suppress as $a_id => $alist) { + if ($alist['name'] == $a_nat[$id]['suppresslistname']) { + $found_list = true; + if (!empty($alist['suppresspassthru'])) { + $tmplist = base64_decode($alist['suppresspassthru']); + $tmplist .= "\n{$suppress}"; + $alist['suppresspassthru'] = base64_encode($tmplist); + $a_suppress[$a_id] = $alist; + } + else { + $alist['suppresspassthru'] = base64_encode($suppress); + $a_suppress[$a_id] = $alist; + } + } + } + } + if ($found_list) { + write_config(); + $rebuild_rules = false; + sync_suricata_package_config(); + suricata_reload_config($a_nat[$id]); + $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'."); + } + else { + /* We did not find the defined list, so notify the user with an error */ + $input_errors[] = gettext("Suppress List '{$a_nat[$id]['suppresslistname']}' is defined for this interface, but it could not be found!"); + } +} + +/* Load up an array with the current Suppression List GID,SID values */ +$supplist = suricata_load_suppress_sigs($a_nat[$id]); + +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); +$pgtitle = gettext("Suricata: Interface {$if_friendly} - Flowbit Rules"); +include_once("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" > + +<?php +include("fbegin.inc"); +if ($input_errors) print_input_errors($input_errors); +if ($savemsg) + print_info_box($savemsg); +?> +<form action="suricata_rules_flowbits.php" method="post" name="iform" id="iform"> +<input type="hidden" name="id" value="<?=$id;?>"/> +<input type="hidden" name="referrer" value="<?=$referrer;?>"/> +<input type="hidden" name="sid" id="sid" value=""/> +<input type="hidden" name="gid" id="gid" value=""/> +<div id="boxarea"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> +<td class="tabcont"> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td valign="middle" class="listtopic"><?php echo gettext("Auto-Generated Flowbit-Required Rules"); ?></td> + </tr> + <tr> + <td width="78%" class="vncell"> + <?php echo gettext("The rules listed below are required to be included in the rules set ") . + gettext("because they set flowbits that are checked and relied upon by rules in the enforcing rules set. ") . + gettext("If these dependent flowbits are not set, then some of your chosen rules may not fire. ") . + gettext("Enabling all the rules that set these dependent flowbits ensures your chosen rules fire as intended. ") . + gettext("Most flowbits rules contain the \"noalert\" keyword to prevent an alert from firing ") . + gettext("when the flowbit is detected. For those flowbit rules that do not contain the \"noalert\" option, click the ") . + gettext("icon displayed beside the Signature ID (SID) to add the alert to the Suppression List if desired."); ?></td> + </tr> + <tr> + <td valign="middle" class="listtopic"><?php echo gettext("Flowbit-Required Rules for {$if_friendly}"); ?></td> + </tr> + <tr> + <td width="78%" class="vncell"> + <table width="100%" border="0" cellspacing="2" cellpadding="0"> + <tr> + <td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus.gif" width='12' height='12' border='0'/></td> + <td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td> + <td rowspan="3" align="right"><input id="cancel" name="cancel" type="submit" class="formbtn" <?php + echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/> + <input name="id" type="hidden" value="<?=$id;?>" /></td> + </tr> + <tr> + <td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus_d.gif" width='12' height='12' border='0'/></td> + <td><span class="vexpl"><?php echo gettext("Alert has been Suppressed"); ?></span></td> + </tr> + <tr> + <td width="17px"> </td> + <td colspan="2" class="vexpl"><?php echo "<span class=\"red\"><strong>" . + gettext("Note: ") . "</strong></span>". gettext("the icon is only ") . + gettext("displayed for flowbit rules without the \"noalert\" option."); ?></td> + </tr> + </table> + </td> + </tr> + <tr> + <td> + <table id="myTable" width="100%" class="sortable" style="table-layout: fixed;" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="11%" axis="number"> + <col width="52" axis="string"> + <col width="14%" axis="string"> + <col width="14%" axis="string"> + <col width="24%" axis="string"> + <col axis="string"> + </colgroup> + <thead> + <tr> + <th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Destination"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Flowbits"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Message"); ?></th> + </tr> + <thead> + <tbody> + <?php + $count = 0; + foreach ($rules_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + $sid = suricata_get_sid($v['rule']); + $gid = suricata_get_gid($v['rule']); + + // Pick off the first section of the rule (prior to the start of the MSG field), + // and then use a REGX split to isolate the remaining fields into an array. + $tmp = substr($v['rule'], 0, strpos($v['rule'], "(")); + $tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp)); + $rule_content = preg_split('/[\s]+/', $tmp); + + $protocol = $rule_content[1]; //protocol + $source = $rule_content[2]; //source + $destination = $rule_content[5]; //destination + $message = suricata_get_msg($v['rule']); + $flowbits = implode("; ", suricata_get_flowbits($v['rule'])); + if (strstr($flowbits, "noalert")) + $supplink = ""; + else { + if (!isset($supplist[$gid][$sid])) { + $supplink = "<input type=\"image\" name=\"addsuppress[]\" onClick=\"document.getElementById('sid').value='{$sid}';"; + $supplink .= "document.getElementById('gid').value='{$gid}';\" "; + $supplink .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" "; + $supplink .= "width='12' height='12' border='0' title='"; + $supplink .= gettext("Click to add to Suppress List") . "'/>"; + } + else { + $supplink = "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\" "; + $supplink .= "width='12' height='12' border='0' title='"; + $supplink .= gettext("Alert has been suppressed") . "'/>"; + } + } + + // Use "echo" to write the table HTML row-by-row. + echo "<tr>" . + "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . + "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" . + "<td class=\"listr ellipsis\" nowrap style=\"text-align:center;\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" . + "<td class=\"listr ellipsis\" nowrap style=\"text-align:center;\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" . + "<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$flowbits}</td>" . + "<td class=\"listbg\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" . + "</tr>"; + $count++; + } + } + unset($rulem, $v); + ?> + </tbody> + </table> + </td> + </tr> + <?php if ($count > 20): ?> + <tr> + <td align="center" valign="middle"> + <input id="cancel" name="cancel" type="submit" class="formbtn" <?php + echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/> + </td> + </tr> + <?php endif; ?> +</table> +</td> +</tr> +</table> +</div> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php new file mode 100644 index 00000000..e607acc1 --- /dev/null +++ b/config/suricata/suricata_rulesets.php @@ -0,0 +1,586 @@ +<?php +/* + * suricata_rulesets.php + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +$suricatadir = SURICATADIR; +$flowbit_rules_file = FLOWBITS_FILENAME; + +// Array of default events rules for Suricata +$default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", + "smtp-events.rules", "stream-events.rules", "tls-events.rules" ); + +if (!is_array($config['installedpackages']['suricata']['rule'])) { + $config['installedpackages']['suricata']['rule'] = array(); +} +$a_nat = &$config['installedpackages']['suricata']['rule']; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); +if (is_null($id)) + $id = 0; + +if (isset($id) && $a_nat[$id]) { + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + $pconfig['autoflowbitrules'] = $a_nat[$id]['autoflowbitrules']; + $pconfig['ips_policy_enable'] = $a_nat[$id]['ips_policy_enable']; + $pconfig['ips_policy'] = $a_nat[$id]['ips_policy']; +} + +$if_real = get_real_interface($pconfig['interface']); +$suricata_uuid = $a_nat[$id]['uuid']; +$snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] == 'on' ? 'on' : 'off'; +$emergingdownload = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'] == 'on' ? 'on' : 'off'; +$etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'] == 'on' ? 'on' : 'off'; +$snortcommunitydownload = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] == 'on' ? 'on' : 'off'; + +$no_emerging_files = false; +$no_snort_files = false; + +/* Test rule categories currently downloaded to $SURICATADIR/rules and set appropriate flags */ +if ($emergingdownload == 'on') { + $test = glob("{$suricatadir}rules/" . ET_OPEN_FILE_PREFIX . "*.rules"); + $et_type = "ET Open"; +} +elseif ($etpro == 'on') { + $test = glob("{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "*.rules"); + $et_type = "ET Pro"; +} +else + $et_type = "Emerging Threats"; +if (empty($test)) + $no_emerging_files = true; +$test = glob("{$suricatadir}rules/" . VRT_FILE_PREFIX . "*.rules"); +if (empty($test)) + $no_snort_files = true; +if (!file_exists("{$suricatadir}rules/" . GPL_FILE_PREFIX . "community.rules")) + $no_community_files = true; + +if (($snortdownload != 'on') || ($a_nat[$id]['ips_policy_enable'] != 'on')) + $policy_select_disable = "disabled"; + +// If a Snort VRT policy is enabled and selected, remove all Snort VRT +// rules from the configured rule sets to allow automatic selection. +if ($a_nat[$id]['ips_policy_enable'] == 'on') { + if (isset($a_nat[$id]['ips_policy'])) { + $disable_vrt_rules = "disabled"; + $enabled_sets = explode("||", $a_nat[$id]['rulesets']); + + foreach ($enabled_sets as $k => $v) { + if (substr($v, 0, 6) == "suricata_") + unset($enabled_sets[$k]); + } + $a_nat[$id]['rulesets'] = implode("||", $enabled_sets); + } +} +else + $disable_vrt_rules = ""; + +if ($_POST["save"]) { + if ($_POST['ips_policy_enable'] == "on") { + $a_nat[$id]['ips_policy_enable'] = 'on'; + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { + $a_nat[$id]['ips_policy_enable'] = 'off'; + unset($a_nat[$id]['ips_policy']); + } + + // Always start with the default events and files rules + $enabled_items = implode("||", $default_rules); + if (is_array($_POST['toenable'])) + $enabled_items .= "||" . implode("||", $_POST['toenable']); + else + $enabled_items .= "||{$_POST['toenable']}"; + + $a_nat[$id]['rulesets'] = $enabled_items; + + if ($_POST['autoflowbits'] == "on") + $a_nat[$id]['autoflowbitrules'] = 'on'; + else { + $a_nat[$id]['autoflowbitrules'] = 'off'; + if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) + @unlink("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); + } + + write_config(); + + /*************************************************/ + /* Update the suricata.yaml file and rebuild the */ + /* rules for this interface. */ + /*************************************************/ + $rebuild_rules = true; + suricata_generate_yaml($a_nat[$id]); + $rebuild_rules = false; + + /* Signal Suricata to "live reload" the rules */ + suricata_reload_config($a_nat[$id]); +} +elseif ($_POST['unselectall']) { + // Remove all but the default events and files rules + $a_nat[$id]['rulesets'] = implode("||", $default_rules); + + if ($_POST['ips_policy_enable'] == "on") { + $a_nat[$id]['ips_policy_enable'] = 'on'; + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { + $a_nat[$id]['ips_policy_enable'] = 'off'; + unset($a_nat[$id]['ips_policy']); + } + + write_config(); + sync_suricata_package_config(); +} +elseif ($_POST['selectall']) { + // Start with the required default events and files rules + $rulesets = $default_rules; + + if ($_POST['ips_policy_enable'] == "on") { + $a_nat[$id]['ips_policy_enable'] = 'on'; + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { + $a_nat[$id]['ips_policy_enable'] = 'off'; + unset($a_nat[$id]['ips_policy']); + } + + if ($emergingdownload == 'on') { + $files = glob("{$suricatadir}rules/" . ET_OPEN_FILE_PREFIX . "*.rules"); + foreach ($files as $file) + $rulesets[] = basename($file); + } + elseif ($etpro == 'on') { + $files = glob("{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "*.rules"); + foreach ($files as $file) + $rulesets[] = basename($file); + } + + if ($snortcommunitydownload == 'on') { + $files = glob("{$suricatadir}rules/" . GPL_FILE_PREFIX . "community.rules"); + foreach ($files as $file) + $rulesets[] = basename($file); + } + + /* Include the Snort VRT rules only if enabled and no IPS policy is set */ + if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') { + $files = glob("{$suricatadir}rules/" . VRT_FILE_PREFIX . "*.rules"); + foreach ($files as $file) + $rulesets[] = basename($file); + } + + $a_nat[$id]['rulesets'] = implode("||", $rulesets); + + write_config(); + sync_suricata_package_config(); +} + +// See if we have any Auto-Flowbit rules and enable +// the VIEW button if we do. +if ($a_nat[$id]['autoflowbitrules'] == 'on') { + if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && + filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { + $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; + } + else + $btn_view_flowb_rules = " disabled"; +} +else + $btn_view_flowb_rules = " disabled"; + +$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); + +$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$pgtitle = gettext("Suricata IDS: Interface {$if_friendly} - Categories"); +include_once("head.inc"); +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include("fbegin.inc"); + +/* Display message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} + +if ($savemsg) { + print_info_box($savemsg); +} + +?> + +<form action="suricata_rulesets.php" method="post" name="iform" id="iform"> +<input type="hidden" name="id" id="id" value="<?=$id;?>" /> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); + echo '</td></tr>'; + echo '<tr><td class="tabnavtbl">'; + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), true, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> +<?php + $isrulesfolderempty = glob("{$suricatadir}rules/*.rules"); + $iscfgdirempty = array(); + if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules")) + $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"); ?> +<?php if (empty($isrulesfolderempty)): ?> + <tr> + <td class="vexpl"><br/> + <?php printf(gettext("# The rules directory is empty: %s%srules%s"), '<strong>',$suricatadir,'</strong>'); ?> <br/><br/> + <?php echo gettext("Please go to the ") . '<a href="suricata_download_updates.php"><strong>' . gettext("Updates") . + '</strong></a>' . gettext(" tab to download the rules configured on the ") . + '<a href="suricata_interfaces_global.php"><strong>' . gettext("Global") . + '</strong></a>' . gettext(" tab."); ?> + </td> + </tr> +<?php else: ?> + <tr> + <td> + <table width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr> + <td colspan="4" class="listtopic"><?php echo gettext("Automatic flowbit resolution"); ?><br/></td> + </tr> + <tr> + <td colspan="4" valign="center" class="listn"> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td width="15%" class="listn"><?php echo gettext("Resolve Flowbits"); ?></td> + <td width="85%"><input name="autoflowbits" id="autoflowbitrules" type="checkbox" value="on" + <?php if ($a_nat[$id]['autoflowbitrules'] == "on" || empty($a_nat[$id]['autoflowbitrules'])) echo "checked"; ?>/> + <span class="vexpl"><?php echo gettext("If checked, Suricata will auto-enable rules required for checked flowbits. "); + echo gettext("The Default is "); ?><strong><?php echo gettext("Checked."); ?></strong></span></td> + </tr> + <tr> + <td width="15%" class="vncell"> </td> + <td width="85%" class="vtable"> + <?php echo gettext("Suricata will examine the enabled rules in your chosen " . + "rule categories for checked flowbits. Any rules that set these dependent flowbits will " . + "be automatically enabled and added to the list of files in the interface rules directory."); ?><br/></td> + </tr> + <tr> + <td width="15%" class="listn"><?php echo gettext("Auto Flowbit Rules"); ?></td> + <td width="85%"><input type="button" class="formbtns" value="View" onclick="parent.location='suricata_rules_flowbits.php?id=<?=$id;?>'" <?php echo $btn_view_flowb_rules; ?>/> + <span class="vexpl"><?php echo gettext("Click to view auto-enabled rules required to satisfy flowbit dependencies"); ?></span></td> + </tr> + <tr> + <td width="15%"> </td> + <td width="85%"> + <?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . gettext("Auto-enabled rules generating unwanted alerts should have their GID:SID added to the Suppression List for the interface."); ?> + <br/></td> + </tr> + </table> + </td> + </tr> + + <?php if ($snortdownload == 'on'): ?> + <tr> + <td colspan="4" class="listtopic"><?php echo gettext("Snort IPS Policy selection"); ?><br/></td> + </tr> + <tr> + <td colspan="4" valign="center" class="listn"> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td width="15%" class="listn"><?php echo gettext("Use IPS Policy"); ?></td> + <td width="85%"><input name="ips_policy_enable" id="ips_policy_enable" type="checkbox" value="on" <?php if ($a_nat[$id]['ips_policy_enable'] == "on") echo "checked"; ?> + <?php if ($snortdownload != "on") echo "disabled" ?> onClick="enable_change()"/> <span class="vexpl"> + <?php echo gettext("If checked, Suricata will use rules from one of three pre-defined Snort IPS policies."); ?></span></td> + </tr> + <tr> + <td width="15%" class="vncell" id="ips_col1"> </td> + <td width="85%" class="vtable" id="ips_col2"> + <?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . gettext("You must be using the Snort VRT rules to use this option."); ?> + <?php echo gettext("Selecting this option disables manual selection of Snort VRT categories in the list below, " . + "although Emerging Threats categories may still be selected if enabled on the Global Settings tab. " . + "These will be added to the pre-defined Snort IPS policy rules from the Snort VRT."); ?><br/></td> + </tr> + <tr id="ips_row1"> + <td width="15%" class="listn"><?php echo gettext("IPS Policy Selection"); ?></td> + <td width="85%"><select name="ips_policy" class="formselect" <?=$policy_select_disable?> > + <option value="connectivity" <?php if ($pconfig['ips_policy'] == "connected") echo "selected"; ?>><?php echo gettext("Connectivity"); ?></option> + <option value="balanced" <?php if ($pconfig['ips_policy'] == "balanced") echo "selected"; ?>><?php echo gettext("Balanced"); ?></option> + <option value="security" <?php if ($pconfig['ips_policy'] == "security") echo "selected"; ?>><?php echo gettext("Security"); ?></option> + </select> + <span class="vexpl"><?php echo gettext("Snort IPS policies are: Connectivity, Balanced or Security."); ?></span></td> + </tr> + <tr id="ips_row2"> + <td width="15%"> </td> + <td width="85%"> + <?php echo gettext("Connectivity blocks most major threats with few or no false positives. " . + "Balanced is a good starter policy. It is speedy, has good base coverage level, and covers " . + "most threats of the day. It includes all rules in Connectivity." . + "Security is a stringent policy. It contains everything in the first two " . + "plus policy-type rules such as Flash in an Excel file."); ?><br/></td> + </tr> + </table> + </td> + </tr> + <?php endif; ?> + <tr> + <td colspan="4" class="listtopic"><?php echo gettext("Select the rulesets Suricata will load at startup"); ?><br/></td> + </tr> + <tr> + <td colspan="4"> + <table width=90% align="center" border="0" cellpadding="2" cellspacing="0"> + <tr height="45px"> + <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td> + <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td> + <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> + <td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td> + </tr> + </table> + </tr> + <?php if ($no_community_files) + $msg_community = "NOTE: Snort Community Rules have not been downloaded. Perform a Rules Update to enable them."; + else + $msg_community = "Snort GPLv2 Community Rules (VRT certified)"; + $community_rules_file = GPL_FILE_PREFIX . "community.rules"; + ?> + <?php if ($snortcommunitydownload == 'on'): ?> + <tr id="frheader"> + <td width="5%" class="listhdrr"><?php echo gettext("Enabled"); ?></td> + <td colspan="5" class="listhdrr"><?php echo gettext('Ruleset: Snort GPLv2 Community Rules');?></td> + </tr> + <?php if (in_array($community_rules_file, $enabled_rulesets_array)): ?> + <tr> + <td width="5" class="listr" align="center" valign="top"> + <input type="checkbox" name="toenable[]" value="<?=$community_rules_file;?>" checked="checked"/></td> + <td colspan="5" class="listr"><a href='suricata_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?php echo gettext("{$msg_community}"); ?></a></td> + </tr> + <?php else: ?> + <tr> + <td width="5" class="listr" align="center" valign="top"> + <input type="checkbox" name="toenable[]" value="<?=$community_rules_file;?>" <?php if ($snortcommunitydownload == 'off') echo "disabled"; ?>/></td> + <td colspan="5" class="listr"><?php echo gettext("{$msg_community}"); ?></td> + </tr> + <?php endif; ?> + <?php endif; ?> + + <?php if ($no_emerging_files && ($emergingdownload == 'on' || $etpro == 'on')) + $msg_emerging = "have not been downloaded."; + else + $msg_emerging = "are not enabled."; + if ($no_snort_files && $snortdownload == 'on') + $msg_snort = "have not been downloaded."; + else + $msg_snort = "are not enabled."; + ?> + <tr id="frheader"> + <?php if ($emergingdownload == 'on' && !$no_emerging_files): ?> + <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> + <td width="45%" class="listhdrr"><?php echo gettext('Ruleset: ET Open Rules');?></td> + <?php elseif ($etpro == 'on' && !$no_emerging_files): ?> + <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> + <td width="45%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td> + <?php else: ?> + <td colspan="2" align="center" width="50%" class="listhdrr"><?php echo gettext("{$et_type} rules {$msg_emerging}"); ?></td> + <?php endif; ?> + <?php if ($snortdownload == 'on' && !$no_snort_files): ?> + <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> + <td width="45%" class="listhdrr"><?php echo gettext('Ruleset: Snort VRT Rules');?></td> + <?php else: ?> + <td colspan="2" align="center" width="50%" class="listhdrr"><?php echo gettext("Snort VRT rules {$msg_snort}"); ?></td> + <?php endif; ?> + </tr> + <?php + $emergingrules = array(); + $snortrules = array(); + if (empty($isrulesfolderempty)) + $dh = opendir("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/"); + else + $dh = opendir("{$suricatadir}rules/"); + while (false !== ($filename = readdir($dh))) { + $filename = basename($filename); + if (substr($filename, -5) != "rules") + continue; + if (strstr($filename, ET_OPEN_FILE_PREFIX) && $emergingdownload == 'on') + $emergingrules[] = $filename; + else if (strstr($filename, ET_PRO_FILE_PREFIX) && $etpro == 'on') + $emergingrules[] = $filename; + else if (strstr($filename, VRT_FILE_PREFIX) && $snortdownload == 'on') { + $snortrules[] = $filename; + } + } + sort($emergingrules); + sort($snortrules); + $i = count($emergingrules); + if ($i < count($snortrules)) + $i = count($snortrules); + + for ($j = 0; $j < $i; $j++) { + echo "<tr>\n"; + if (!empty($emergingrules[$j])) { + $file = $emergingrules[$j]; + echo "<td width='5%' class='listr' align=\"center\" valign=\"top\">"; + if(is_array($enabled_rulesets_array)) { + if(in_array($file, $enabled_rulesets_array)) + $CHECKED = " checked=\"checked\""; + else + $CHECKED = ""; + } else + $CHECKED = ""; + echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; + echo "</td>\n"; + echo "<td class='listr' width='45%' >\n"; + if (empty($CHECKED)) + echo $file; + else + echo "<a href='suricata_rules.php?id={$id}&openruleset=" . urlencode($file) . "'>{$file}</a>\n"; + echo "</td>\n"; + } else + echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n"; + + if (!empty($snortrules[$j])) { + $file = $snortrules[$j]; + echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">"; + if(is_array($enabled_rulesets_array)) { + if (!empty($disable_vrt_rules)) + $CHECKED = $disable_vrt_rules; + elseif(in_array($file, $enabled_rulesets_array)) + $CHECKED = " checked=\"checked\""; + else + $CHECKED = ""; + } else + $CHECKED = ""; + echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + echo "</td>\n"; + echo "<td class='listr' width='45%' >\n"; + if (empty($CHECKED) || $CHECKED == "disabled") + echo $file; + else + echo "<a href='suricata_rules.php?id={$id}&openruleset=" . urlencode($file) . "'>{$file}</a>\n"; + echo "</td>\n"; + } else + echo "<td class='listbggrey' width='50%' colspan='2'><br/></td>\n"; + echo "</tr>\n"; + } + ?> + </table> + </td> +</tr> +<tr> +<td colspan="4" class="vexpl"> <br/></td> +</tr> + <tr> + <td colspan="4" align="center" valign="middle"> + <input value="Save" type="submit" name="save" id="save" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td> + </tr> +<?php endif; ?> +</table> +</div> +</td> +</tr> +</table> +</form> +<?php +include("fend.inc"); +?> + +<script language="javascript" type="text/javascript"> + +function wopen(url, name, w, h) +{ +// Fudge factors for window decoration space. +// In my tests these work well on all platforms & browsers. +w += 32; +h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); +} + +function enable_change() +{ + var endis = !(document.iform.ips_policy_enable.checked); + document.iform.ips_policy.disabled=endis; + + if (endis) { + document.getElementById("ips_row1").style.display="none"; + document.getElementById("ips_row2").style.display="none"; + document.getElementById("ips_col1").className="vexpl"; + document.getElementById("ips_col2").className="vexpl"; + } + else { + document.getElementById("ips_row1").style.display="table-row"; + document.getElementById("ips_row2").style.display="table-row"; + document.getElementById("ips_col1").className="vncell"; + document.getElementById("ips_col2").className="vtable"; + } + for (var i = 0; i < document.iform.elements.length; i++) { + if (document.iform.elements[i].type == 'checkbox') { + var str = document.iform.elements[i].value; + if (str.substr(0,6) == "snort_") + document.iform.elements[i].disabled = !(endis); + } + } +} + +// Set initial state of dynamic HTML form controls +enable_change(); + +</script> + +</body> +</html> diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php new file mode 100644 index 00000000..1b833276 --- /dev/null +++ b/config/suricata/suricata_suppress.php @@ -0,0 +1,218 @@ +<?php +/* + suricata_suppress.php + + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); +if (!is_array($config['installedpackages']['suricata']['suppress'])) + $config['installedpackages']['suricata']['suppress'] = array(); +if (!is_array($config['installedpackages']['suricata']['suppress']['item'])) + $config['installedpackages']['suricata']['suppress']['item'] = array(); +$a_suppress = &$config['installedpackages']['suricata']['suppress']['item']; +$id_gen = count($config['installedpackages']['suricata']['suppress']['item']); + +function suricata_suppresslist_used($supplist) { + + /****************************************************************/ + /* This function tests if the passed Suppress List is currently */ + /* assigned to an interface. It returns TRUE if the list is */ + /* in use. */ + /* */ + /* Returns: TRUE if list is in use, else FALSE */ + /****************************************************************/ + + global $config; + + $suricataconf = $config['installedpackages']['suricata']['rule']; + if (empty($suricataconf)) + return false; + foreach ($suricataconf as $value) { + if ($value['suppresslistname'] == $supplist) + return true; + } + return false; +} + +function suricata_find_suppresslist_interface($supplist) { + + /****************************************************************/ + /* This function finds the first (if more than one) interface */ + /* configured to use the passed Suppress List and returns the */ + /* index of the interface in the ['rule'] config array. */ + /* */ + /* Returns: index of interface in ['rule'] config array or */ + /* FALSE if no interface found. */ + /****************************************************************/ + + global $config; + $suricataconf = $config['installedpackages']['suricata']['rule']; + if (empty($suricataconf)) + return false; + foreach ($suricataconf as $rule => $value) { + if ($value['suppresslistname'] == $supplist) + return $rule; + } + return false; +} + +if ($_GET['act'] == "del") { + if ($a_suppress[$_GET['id']]) { + // make sure list is not being referenced by any Suricata-configured interface + if (suricata_suppresslist_used($a_suppress[$_GET['id']]['name'])) { + $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to an interface and cannot be removed!"); + } + else { + unset($a_suppress[$_GET['id']]); + write_config(); + header("Location: /suricata/suricata_suppress.php"); + exit; + } + } +} + +$pgtitle = gettext("Suricata: Suppression Lists"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); +if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} +if ($input_errors) { + print_input_errors($input_errors); +} + +?> + +<form action="/suricata/suricata_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); +?> +</td> +</tr> +<tr><td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <thead> + <tr> + <th width="30%" class="listhdrr"><?php echo gettext("Suppress List Name"); ?></th> + <th width="60%" class="listhdr"><?php echo gettext("Description"); ?></th> + <th width="10%" class="list"></th> + </tr> + </thead> + <tbody> + <?php $i = 0; foreach ($a_suppress as $list): ?> + <?php + if (suricata_suppresslist_used($list['name'])) { + $icon = "<img src=\"/themes/{$g['theme']}/images/icons/icon_frmfld_pwd.png\" " . + "width=\"16\" height=\"16\" border=\"0\" title=\"" . gettext("List is in use by an instance") . "\"/>"; + } + else + $icon = ""; + ?> + <tr> + <td height="20px" class="listlr" + ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?> <?=$icon;?></td> + <td height="20px" class="listbg" + ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> </font> + </td> + <td height="20px" valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a + href="suricata_suppress_edit.php?id=<?=$i;?>"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td> + <?php if (suricata_suppresslist_used($list['name'])) : ?> + <td><img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" + width="17" height="17" border="0" title="<?php echo gettext("Assigned Suppress Lists cannot be deleted");?>"/></td> + <td><a href="/suricata/suricata_interfaces_edit.php?id=<?=suricata_find_suppresslist_interface($list['name']);?>"> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_right.gif" + width="17" height="17" border="0" title="<?php echo gettext("Goto first instance associated with this Suppress List");?>"/></a> + </td> + <?php else : ?> + <td><a href="/suricata/suricata_suppress.php?act=del&id=<?=$i;?>" + onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" + width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td> + <td> </td> + <?php endif; ?> + </tr> + </table> + </td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="2"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a + href="suricata_suppress_edit.php?id=<?php echo $id_gen;?> "><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td> + </tr> + </table> + </td> + </tr> + </tbody> + </table> +</div> +</td></tr> +<tr> + <td colspan="3" width="100%"><br/><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> + <p><?php echo gettext("Here you can create event filtering and " . + "suppression for your Suricata package rules."); ?><br/><br/> + <?php echo gettext("Please note that you must restart a running Interface so that changes can " . + "take effect."); ?><br/><br/> + <?php echo gettext("You cannot delete a Suppress List that is currently assigned to a Suricata interface (instance).") . "<br/>" . + gettext("You must first unassign the Suppress List on the Interface Edit tab."); ?> + </p></span></td> +</tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php new file mode 100644 index 00000000..aad67a95 --- /dev/null +++ b/config/suricata/suricata_suppress_edit.php @@ -0,0 +1,216 @@ +<?php +/* + * suricata_suppress_edit.php + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + + +if (!is_array($config['installedpackages']['suricata'])) + $config['installedpackages']['suricata'] = array(); +$suricataglob = $config['installedpackages']['suricata']; + +if (!is_array($config['installedpackages']['suricata']['suppress'])) + $config['installedpackages']['suricata']['suppress'] = array(); +if (!is_array($config['installedpackages']['suricata']['suppress']['item'])) + $config['installedpackages']['suricata']['suppress']['item'] = array(); +$a_suppress = &$config['installedpackages']['suricata']['suppress']['item']; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +/* returns true if $name is a valid name for a whitelist file name or ip */ +function is_validwhitelistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\_\.\/]/", $name)) + return true; + + return false; +} + +if (isset($id) && $a_suppress[$id]) { + + /* old settings */ + $pconfig['name'] = $a_suppress[$id]['name']; + $pconfig['uuid'] = $a_suppress[$id]['uuid']; + $pconfig['descr'] = $a_suppress[$id]['descr']; + if (!empty($a_suppress[$id]['suppresspassthru'])) { + $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); + $pconfig['suppresspassthru'] = str_replace("​", "", $pconfig['suppresspassthru']); + } + if (empty($a_suppress[$id]['uuid'])) + $pconfig['uuid'] = uniqid(); +} + +if ($_POST['save']) { + unset($input_errors); + $pconfig = $_POST; + + $reqdfields = explode(" ", "name"); + $reqdfieldsn = array("Name"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultwhitelist") + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."; + + /* check for name conflicts */ + foreach ($a_suppress as $s_list) { + if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list)) + continue; + + if ($s_list['name'] == $_POST['name']) { + $input_errors[] = "A whitelist file name with this name already exists."; + break; + } + } + + + if (!$input_errors) { + $s_list = array(); + $s_list['name'] = $_POST['name']; + $s_list['uuid'] = uniqid(); + $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + if ($_POST['suppresspassthru']) { + $s_list['suppresspassthru'] = str_replace("​", "", $s_list['suppresspassthru']); + $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); + } + + if (isset($id) && $a_suppress[$id]) + $a_suppress[$id] = $s_list; + else + $a_suppress[] = $s_list; + + write_config(); + sync_suricata_package_config(); + + header("Location: /suricata/suricata_suppress.php"); + exit; + } +} + +$pgtitle = gettext("Suricata: Suppression List Edit - {$a_suppress[$id]['name']}"); +include_once("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include("fbegin.inc"); +if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} + +if ($input_errors) print_input_errors($input_errors); +if ($savemsg) + print_info_box($savemsg); + +?> +<form action="/suricata/suricata_suppress_edit.php" name="iform" id="iform" method="post"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr><td><div id="mainarea"> +<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> +<tr> + <td colspan="2" class="listtopic">Add the name and description of the file.</td> +</tr> +<tr> + <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Name"); ?></td> + <td width="78%" class="vtable"><input name="name" type="text" id="name" + class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> + <span class="vexpl"> <?php echo gettext("The list name may only consist of the " . + "characters \"a-z, A-Z, 0-9 and _\"."); ?> <span class="red"><?php echo gettext("Note:"); ?> </span> + <?php echo gettext("No Spaces or dashes."); ?> </span></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Description"); ?></td> + <td width="78%" class="vtable"><input name="descr" type="text" + class="formfld unknown" id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> + <span class="vexpl"> <?php echo gettext("You may enter a description here for your " . + "reference (not parsed)."); ?> </span></td> +</tr> +<tr> + <td colspan="2" align="center" height="30px"> + <font size="2"><span class="red"><strong><?php echo gettext("NOTE:"); ?></strong></span></font> + <font color='#000000'> <?php echo gettext("The threshold keyword " . + "is deprecated as of version 2.8.5. Use the event_filter keyword " . + "instead."); ?></font> + </td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Apply suppression or " . + "filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'."); ?></td> +</tr> +<tr> +<td colspan="2" valign="top" class="vncell"><b><?php echo gettext("Example 1;"); ?></b> + suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br/> + <b><?php echo gettext("Example 2;"); ?></b> event_filter gen_id 1, sig_id 1851, type limit, + track by_src, count 1, seconds 60<br/> + <b><?php echo gettext("Example 3;"); ?></b> rate_filter gen_id 135, sig_id 1, track by_src, + count 100, seconds 1, new_action log, timeout 10</td> +</tr> +<tr> + <td colspan="2" class="vtable"><textarea wrap="off" style="width:100%; height:100%;" + name="suppresspassthru" cols="90" rows="26" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> + </td> +</tr> +<tr> + <td colspan="2"><input id="save" name="save" type="submit" + class="formbtn" value="Save" /> <input id="cancelbutton" + name="cancelbutton" type="button" class="formbtn" value="Cancel" + onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"/> <?php endif; ?> + </td> +</tr> +</table> +</div> +</td></tr> +</table> +</form> +<?php include("fend.inc"); ?> +<script type="text/javascript"> +Rounded("div#redbox","all","#FFF","#E0E0E0","smooth"); +</script> +</body> +</html> diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php new file mode 100644 index 00000000..b8ea6097 --- /dev/null +++ b/config/suricata/suricata_uninstall.php @@ -0,0 +1,114 @@ +<?php +/* + suricata_uninstall.php + + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $config, $g; + +$suricatadir = SURICATADIR; +$suricatalogdir = SURICATALOGDIR; +$rcdir = RCFILEPREFIX; +$suricata_rules_upd_log = RULES_UPD_LOGFILE; + +log_error(gettext("[Suricata] Suricata package uninstall in progress...")); + +/* Make sure all active Suricata processes are terminated */ +/* Log a message only if a running process is detected */ +if (is_service_running("suricata")) + log_error(gettext("[Suricata] Suricata STOP for all interfaces...")); +killbyname("suricata"); +sleep(1); + +// Delete any leftover suricata PID files in /var/run +array_map('@unlink', glob("/var/run/suricata_*.pid")); + +/* Make sure all active Barnyard2 processes are terminated */ +/* Log a message only if a running process is detected */ +if (is_service_running("barnyard2")) + log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces...")); +killbyname("barnyard2"); +sleep(1); + +// Delete any leftover barnyard2 PID files in /var/run +array_map('@unlink', glob("/var/run/barnyard2_*.pid")); + +/* Remove the suricata user and group */ +mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true); + +/* Remove the Suricata cron jobs. */ +install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false); +install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false); + +/* See if we are to keep Suricata log files on uninstall */ +if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { + log_error(gettext("[Suricata] Clearing all Suricata-related log files...")); + @unlink("{$suricata_rules_upd_log}"); + mwexec("/bin/rm -rf {$suricatalogdir}"); +} + +/* Remove the Suricata GUI app directories */ +mwexec("/bin/rm -rf /usr/local/pkg/suricata"); +mwexec("/bin/rm -rf /usr/local/www/suricata"); + +/* Remove our associated Dashboard widget config and files. */ +/* If "save settings" is enabled, then save old widget */ +/* container settings so we can restore them later. */ +$widgets = $config['widgets']['sequence']; +if (!empty($widgets)) { + $widgetlist = explode(",", $widgets); + foreach ($widgetlist as $key => $widget) { + if (strstr($widget, "suricata_alerts-container")) { + if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { + $config['installedpackages']['suricata']['config'][0]['dashboard_widget'] = $widget; + if ($config['widgets']['widget_suricata_display_lines']) { + $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows'] = $config['widgets']['widget_suricata_display_lines']; + unset($config['widgets']['widget_suricata_display_lines']); + } + } + unset($widgetlist[$key]); + } + } + $config['widgets']['sequence'] = implode(",", $widgetlist); + write_config(); +} +@unlink("/usr/local/www/widgets/include/widget-suricata.inc"); +@unlink("/usr/local/www/widgets/widgets/suricata_alerts.widget.php"); +@unlink("/usr/local/www/widgets/javascript/suricata_alerts.js"); + +/* Keep this as a last step */ +if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] != 'on') { + log_error(gettext("Not saving settings... all Suricata configuration info and logs deleted...")); + unset($config['installedpackages']['suricata']); + unset($config['installedpackages']['suricatasync']); + @unlink("{$suricata_rules_upd_log}"); + mwexec("/bin/rm -rf {$suricatalogdir}"); + log_error(gettext("[Suricata] The package has been removed from this system...")); +} + +?> diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc new file mode 100644 index 00000000..07ada36e --- /dev/null +++ b/config/suricata/suricata_yaml_template.inc @@ -0,0 +1,301 @@ +<?php + +// This is the template used to generate the suricata.yaml +// configuration file for the interface. The contents of +// this file are written to the suricata.yaml file for +// the interface. Key parameters are provided by the +// included string variables. + + $suricata_conf_text = <<<EOD +%YAML 1.1 +--- + +max-pending-packets: {$max_pend_pkts} + +# Runmode the engine should use. +runmode: autofp + +# Specifies the kind of flow load balancer used by the flow pinned autofp mode. +autofp-scheduler: active-packets + +# Daemon working directory +daemon-directory: {$suricatacfgdir} + +default-packet-size: 1514 + +# The default logging directory. +default-log-dir: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} + +# Configure the type of alert (and other) logging. +outputs: + + # a line based alerts log similar to Snort's fast.log + - fast: + enabled: yes + filename: alerts.log + append: yes + filetype: regular + + # alert output for use with Barnyard2 + - unified2-alert: + enabled: {$barnyard2_enabled} + filename: unified2.alert + limit: {$unified2_log_limit} + sensor-id: {$unified2_sensor_id} + + - http-log: + enabled: {$http_log_enabled} + filename: http.log + append: {$http_log_append} + #extended: yes # enable this for extended logging information + #custom: yes # enabled the custom logging format (defined by customformat) + #customformat: "%{%D-%H:%M:%S}t.%z %{X-Forwarded-For}i %H %m %h %u %s %B %a:%p -> %A:%P" + filetype: regular + + - pcap-log: + enabled: {$pcap_log_enabled} + filename: log.pcap + limit: {$pcap_log_limit_size}mb + max-files: {$pcap_log_max_files} + mode: normal + + - tls-log: + enabled: {$tls_log_enabled} + filename: tls.log + extended: {$tls_log_extended} + certs-log-dir: certs + + - stats: + enabled: {$stats_log_enabled} + filename: stats.log + interval: {$stats_upd_interval} + append: {$stats_log_append} + + - syslog: + enabled: {$alert_syslog} + identity: suricata + facility: auth + level: Info + + - drop: + enabled: no + filename: drop.log + append: yes + filetype: regular + + - file-store: + enabled: {$file_store_enabled} + log-dir: files + force-magic: no + force-md5: no + waldo: file.waldo + + - file-log: + enabled: {$json_log_enabled} + filename: files-json.log + append: {$json_log_append} + filetype: regular + force-magic: {$json_log_magic} + force-md5: {$json_log_md5} + +# Magic file. The extension .mgc is added to the value here. +magic-file: {$suricatacfgdir}/magic + +# Specify a threshold config file +threshold-file: {$suricatacfgdir}/threshold.config + +detect-engine: + - profile: {$detect_eng_profile} + - sgh-mpm-context: {$sgh_mpm_ctx} + - inspection-recursion-limit: {$inspection_recursion_limit} + - rule-reload: true + - delayed-detect: yes + +# Suricata is multi-threaded. Here the threading can be influenced. +threading: + set-cpu-affinity: no + detect-thread-ratio: 1.5 + +mpm-algo: ac + +pattern-matcher: + - b2gc: + search-algo: B2gSearchBNDMq + hash-size: low + bf-size: medium + - b2gm: + search-algo: B2gSearchBNDMq + hash-size: low + bf-size: medium + - b2g: + search-algo: B2gSearchBNDMq + hash-size: low + bf-size: medium + - b3g: + search-algo: B3gSearchBNDMq + hash-size: low + bf-size: medium + - wumanber: + hash-size: low + bf-size: medium + +# Defrag settings: +defrag: + memcap: {$frag_memcap} + hash-size: {$frag_hash_size} + trackers: {$ip_max_trackers} + max-frags: {$ip_max_frags} + prealloc: yes + timeout: {$ip_frag_timeout} + +# Flow settings: +flow: + memcap: {$flow_memcap} + hash-size: {$flow_hash_size} + prealloc: {$flow_prealloc} + emergency-recovery: {$flow_emerg_recovery} + prune-flows: {$flow_prune} + +# Specific timeouts for flows. +flow-timeouts: + default: + new: 30 + established: 300 + closed: 0 + emergency-new: 10 + emergency-established: 100 + emergency-closed: 0 + tcp: + new: {$flow_tcp_new_timeout} + established: {$flow_tcp_established_timeout} + closed: {$flow_tcp_closed_timeout} + emergency-new: {$flow_tcp_emerg_new_timeout} + emergency-established: {$flow_tcp_emerg_established_timeout} + emergency-closed: {$flow_tcp_emerg_closed_timeout} + udp: + new: {$flow_udp_new_timeout} + established: {$flow_udp_established_timeout} + emergency-new: {$flow_udp_emerg_new_timeout} + emergency-established: {$flow_udp_emerg_established_timeout} + icmp: + new: {$flow_icmp_new_timeout} + established: {$flow_icmp_established_timeout} + emergency-new: {$flow_icmp_emerg_new_timeout} + emergency-established: {$flow_icmp_emerg_established_timeout} + +stream: + memcap: {$stream_memcap} + checksum-validation: no + inline: auto + max-sessions: {$stream_max_sessions} + prealloc-sessions: {$stream_prealloc_sessions} + midstream: {$stream_enable_midstream} + async-oneside: {$stream_enable_async} + +reassembly: + memcap: {$reassembly_memcap} + depth: {$reassembly_depth} + toserver-chunk-size: {$reassembly_to_server_chunk} + toclient-chunk-size: {$reassembly_to_client_chunk} + +# Host table is used by tagging and per host thresholding subsystems. +host: + hash-size: 4096 + prealloc: 1000 + memcap: 16777216 + +# Host specific policies for defragmentation and TCP stream reassembly. +host-os-policy: + {$host_os_policy} + +# Logging configuration. This is not about logging IDS alerts, but +# IDS output about what its doing, errors, etc. +logging: + + # This value is overriden by the SC_LOG_LEVEL env var. + default-log-level: info + default-log-format: "%t - <%d> -- " + + # Define your logging outputs. + outputs: + - console: + enabled: yes + - file: + enabled: yes + filename: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/suricata.log + - syslog: + enabled: {$suricata_use_syslog} + facility: auth + format: "[%i] <%d> -- " + +pcap: + - interface: {$if_real} + checksum-checks: auto + +# For FreeBSD ipfw(8) divert(4) support. +# ipfw add 100 divert 8000 ip from any to any +# +# The 8000 above should be the same number you passed on the command +# line, i.e. -d 8000 +# +#ipfw: + +default-rule-path: {$suricatacfgdir}/rules +rule-files: + - {$rules_files} + +classification-file: {$suricatacfgdir}/classification.config +reference-config-file: {$suricatacfgdir}/reference.config + +# Holds variables that would be used by the engine. +vars: + + # Holds the address group vars that would be passed in a Signature. + address-groups: + HOME_NET: "[{$home_net}]" + EXTERNAL_NET: "{$external_net}" + {$addr_vars} + + # Holds the port group vars that would be passed in a Signature. + port-groups: + {$port_vars} + +# Set the order of alerts bassed on actions +action-order: + - pass + - drop + - reject + - alert + +# IP Reputation +#reputation-categories-file: {$suricatacfgdir}/iprep/categories.txt +#default-reputation-path: {$suricatacfgdir}/iprep +#reputation-files: +# - reputation.list + +# Limit for the maximum number of asn1 frames to decode (default 256) +asn1-max-frames: {$asn1_max_frames} + +engine-analysis: + rules-fast-pattern: yes + rules: yes + +#recursion and match limits for PCRE where supported +pcre: + match-limit: 3500 + match-limit-recursion: 1500 + +########################################################################### +# Configure libhtp. +libhtp: + default-config: + {$http_hosts_default_policy} + + {$http_hosts_policy} + +coredump: + max-dump: unlimited + +EOD; + +?> diff --git a/config/suricata/widget-suricata.inc b/config/suricata/widget-suricata.inc new file mode 100644 index 00000000..48424588 --- /dev/null +++ b/config/suricata/widget-suricata.inc @@ -0,0 +1,8 @@ +<?php +require_once("config.inc"); + +//set variable for custom title +$suricata_alerts_title = "Suricata Alerts"; +$suricata_alerts_title_link = "suricata/suricata_alerts.php"; + +?> diff --git a/config/syslog-ng/syslog-ng.xml b/config/syslog-ng/syslog-ng.xml index dbdd4a8d..37df86ec 100644 --- a/config/syslog-ng/syslog-ng.xml +++ b/config/syslog-ng/syslog-ng.xml @@ -74,17 +74,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.inc</item> + <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/syslog-ng/syslog-ng_advanced.xml</item> + <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng_advanced.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/syslog-ng/syslog-ng_log_viewer.php</item> + <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng_log_viewer.php</item> </additional_files_needed> <fields> <field> diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml index 73974af0..23b0795b 100644 --- a/config/systempatches/systempatches.xml +++ b/config/systempatches/systempatches.xml @@ -52,22 +52,22 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/systempatches/system_patches.php</item> + <item>https://packages.pfsense.org/packages/config/systempatches/system_patches.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/systempatches/system_patches_edit.php</item> + <item>https://packages.pfsense.org/packages/config/systempatches/system_patches_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>755</chmod> - <item>http://www.pfsense.com/packages/config/systempatches/apply_patches.php</item> + <item>https://packages.pfsense.org/packages/config/systempatches/apply_patches.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.com/packages/config/systempatches/patches.inc</item> + <item>https://packages.pfsense.org/packages/config/systempatches/patches.inc</item> </additional_files_needed> <custom_php_install_command> patch_package_install(); diff --git a/config/test_package/test_package.xml b/config/test_package/test_package.xml index 192a2d54..3e268fee 100644 --- a/config/test_package/test_package.xml +++ b/config/test_package/test_package.xml @@ -90,47 +90,47 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort.inc</item> + <item>https://packages.pfsense.org/packages/config/snort/snort.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/snort2c</item> + <item>https://packages.pfsense.org/packages/config/snort/bin/snort2c</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_download_rules.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_rulesets.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_whitelist.xml</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_whitelist.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_blocked.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_check_for_rule_updates.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/pf/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item> + <item>https://packages.pfsense.org/packages/config/snort/snort_dynamic_ip_reload.php</item> </additional_files_needed> <fields> <field> diff --git a/config/tftp/tftp.xml b/config/tftp/tftp.xml index d6becc6d..18cf2e5a 100644 --- a/config/tftp/tftp.xml +++ b/config/tftp/tftp.xml @@ -67,12 +67,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/tftp/tftp.inc</item> + <item>https://packages.pfsense.org/packages/config/tftp/tftp.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/tftp/tftp_files.tmp</item> + <item>https://packages.pfsense.org/packages/config/tftp/tftp_files.tmp</item> </additional_files_needed> <custom_add_php_command> </custom_add_php_command> diff --git a/config/tftp2/tftp.xml b/config/tftp2/tftp.xml index 64f81acf..0a13548c 100644 --- a/config/tftp2/tftp.xml +++ b/config/tftp2/tftp.xml @@ -66,12 +66,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/tftp2/tftp.inc</item> + <item>https://packages.pfsense.org/packages/config/tftp2/tftp.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/tftp2/tftp_files.php</item> + <item>https://packages.pfsense.org/packages/config/tftp2/tftp_files.php</item> </additional_files_needed> <custom_php_install_command> tftp_install_command(); diff --git a/config/tinc/tinc.inc b/config/tinc/tinc.inc index 3280c414..bf4101d7 100644 --- a/config/tinc/tinc.inc +++ b/config/tinc/tinc.inc @@ -170,7 +170,7 @@ function tinc_deinstall() { { $realif = get_real_interface($ifs); if ($realif) - mwexec("/sbin/ifconfig {$realif} -group " . $a_ifgroups[$_GET['id']]['ifname']); + mwexec("/sbin/ifconfig {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname'])); } unset($a_ifgroups[$myid]); mwexec("/bin/rm -f /tmp/config.cache"); diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml index 90581513..f016dd41 100644 --- a/config/tinc/tinc.xml +++ b/config/tinc/tinc.xml @@ -42,7 +42,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>tinc</name> - <version>1.0.19</version> + <version>1.0.21 v1.1</version> <title>VPN: tinc</title> <!-- Menu is where this packages menu will appear --> <menu> @@ -62,27 +62,27 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/tinc/tinc.inc</item> + <item>https://packages.pfsense.org/packages/config/tinc/tinc.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/tinc/tinc_config.xml</item> + <item>https://packages.pfsense.org/packages/config/tinc/tinc_config.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/tinc/tinc_hosts.xml</item> + <item>https://packages.pfsense.org/packages/config/tinc/tinc_hosts.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/tinc/status_tinc.php</item> + <item>https://packages.pfsense.org/packages/config/tinc/status_tinc.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/tinc/pkg_tinc.inc</item> + <item>https://packages.pfsense.org/packages/config/tinc/pkg_tinc.inc</item> </additional_files_needed> <service> diff --git a/config/tinydns/tinydns.xml b/config/tinydns/tinydns.xml index 546980f1..fa80953c 100644 --- a/config/tinydns/tinydns.xml +++ b/config/tinydns/tinydns.xml @@ -95,62 +95,62 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns.inc</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/pf/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_xmlrpc_sync.php</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_xmlrpc_sync.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_domains.xml</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_domains.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_status.php</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_status.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_dhcp_filter.php</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_dhcp_filter.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_filter.php</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_filter.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_down.php</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_down.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_up.php</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_up.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_parse_logs.php</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_parse_logs.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_view_logs.php</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_view_logs.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/tinydns_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/wizards/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/tinydns/new_zone_wizard.xml</item> + <item>https://packages.pfsense.org/packages/config/tinydns/new_zone_wizard.xml</item> </additional_files_needed> <fields> <field> diff --git a/config/tinydns/tinydns_dhcp_filter.php b/config/tinydns/tinydns_dhcp_filter.php index c92abcf8..85f5f8e7 100644 --- a/config/tinydns/tinydns_dhcp_filter.php +++ b/config/tinydns/tinydns_dhcp_filter.php @@ -42,8 +42,8 @@ require("guiconfig.inc"); $pgtitle = "TinyDNS: DHCP Domains"; include("head.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; ?> diff --git a/config/tinydns/tinydns_status.php b/config/tinydns/tinydns_status.php index 3a4b8545..ba119da9 100644 --- a/config/tinydns/tinydns_status.php +++ b/config/tinydns/tinydns_status.php @@ -2,7 +2,7 @@ /* $Id$ */ /* tinydns_status.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -41,8 +41,8 @@ if(!$config['installedpackages']['tinydns']['config'][0]['ipaddress']) $pgtitle = "TinyDNS: Status"; include("head.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; ?> diff --git a/config/tinydns/tinydns_view_logs.php b/config/tinydns/tinydns_view_logs.php index 66fed993..57daa02e 100644 --- a/config/tinydns/tinydns_view_logs.php +++ b/config/tinydns/tinydns_view_logs.php @@ -2,7 +2,7 @@ /* $Id$ */ /* tinydns_view_logs.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -42,8 +42,8 @@ if($_REQUEST['getactivity']) { if(!$config['installedpackages']['tinydns']['config'][0]) Header("Location: /pkg_edit.php?xml=tinydns.xml&id=0"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "TinyDNS: View Logs"; diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index 6e55d577..342b1f2b 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -124,10 +124,8 @@ function unbound_rc_setup() { <?php require_once(\"/usr/local/pkg/unbound.inc\"); echo \"Starting and configuring Unbound...\"; - fetch_root_hints(); unbound_control(\"anchor_update\"); unbound_control(\"start\"); - unbound_control(\"forward\"); unbound_control(\"restore_cache\"); echo \"done.\\n\"; ?> @@ -164,37 +162,6 @@ function unbound_control($action) { $cache_dumpfile = "/var/tmp/unbound_cache"; switch ($action) { - case "forward": - /* Dont utilize forward cmd if Unbound is doing DNS queries directly - * XXX: We could make this an option to then make pfSense use Unbound - * as the recursive nameserver instead of upstream ones(?) - */ - if ($unbound_config['forwarding_mode'] == "on") { - // Get configured DNS servers and add them as forwarders - if (!isset($config['system']['dnsallowoverride'])) { - $ns = array_unique(get_nameservers()); - foreach($ns as $nameserver) { - if($nameserver) - $dns_servers .= " $nameserver"; - } - } else { - $ns = array_unique(get_dns_servers()); - foreach($ns as $nameserver) { - if($nameserver) - $dns_servers .= " $nameserver"; - } - } - - if(is_service_running("unbound")) { - unbound_ctl_exec("forward $dns_servers"); - } else { - unbound_control("start"); - sleep(1); - unbound_control("forward"); - } - } - break; - case "start": //Start unbound if($unbound_config['enable'] == "on") { @@ -206,7 +173,6 @@ function unbound_control($action) { mwexec("/bin/ln -s /var/run/unbound.pid /var/run/dnsmasq.pid"); } mwexec_bg("/usr/local/bin/unbound_monitor.sh"); - fetch_root_hints(); } break; @@ -456,7 +422,7 @@ function unbound_resync_config() { } // Private-address support for DNS Rebinding - if($unbound_config['private_address'] == "on") { + if ($unbound_config['private_address'] == "on") { $pvt_addr = <<<EOF # For DNS Rebinding prevention private-address: 10.0.0.0/8 @@ -475,26 +441,26 @@ EOF; //Setup optimization $optimization = unbound_optimization(); - $unbound_config = &$config['installedpackages']['unboundadvanced']['config'][0]; + $adv_config = &$config['installedpackages']['unboundadvanced']['config'][0]; // Setup Advanced options - $log_verbosity = (isset($unbound_config['unbound_verbosity'])) ? $unbound_config['unbound_verbosity'] : "1"; - $hide_id = ($unbound_config['hide_id'] == "on") ? "yes" : "no"; - $hide_version = ($unbound_config['hide_version'] == "on") ? "yes" : "no"; - $harden_glue = ($unbound_config['harden_glue'] == "on") ? "yes" : "no"; - $harden_dnssec_stripped = ($unbound_config['harden_dnssec_stripped'] == "on") ? "yes" : "no"; - $prefetch = ($unbound_config['prefetch'] == "on") ? "yes" : "no"; - $prefetch_key = ($unbound_config['prefetch_key'] == "on") ? "yes" : "no"; - $outgoing_num_tcp = (!empty($unbound_config['outgoing_num_tcp'])) ? $unbound_config['outgoing_num_tcp'] : "10"; - $incoming_num_tcp = (!empty($unbound_config['incoming_num_tcp'])) ? $unbound_config['incoming_num_tcp'] : "10"; - $edns_buffer_size = (!empty($unbound_config['edns_buffer_size'])) ? $unbound_config['edns_buffer_size'] : "4096"; - $num_queries_per_thread = (!empty($unbound_config['num_queries_per_thread'])) ? $unbound_config['num_queries_per_thread'] : "4096"; - $jostle_timeout = (!empty($unbound_config['jostle_timeout'])) ? $unbound_config['jostle_timeout'] : "200"; - $cache_max_ttl = (!empty($unbound_config['cache_max_ttl'])) ? $unbound_config['cache_max_ttl'] : "86400"; - $cache_min_ttl = (!empty($unbound_config['cache_min_ttl'])) ? $unbound_config['cache_min_ttl'] : "0"; - $infra_host_ttl = (!empty($unbound_config['infra_host_ttl'])) ? $unbound_config['infra_host_ttl'] : "900"; - $infra_lame_ttl = (!empty($unbound_config['infra_lame_ttl'])) ? $unbound_config['infra_lame_ttl'] : "900"; - $infra_cache_numhosts = (!empty($unbound_config['infra_cache_numhosts'])) ? $unbound_config['infra_cache_numhosts'] : "10000"; - $unwanted_reply_threshold = (!empty($unbound_config['unwanted_reply_threshold'])) ? $unbound_config['unwanted_reply_threshold'] : "0"; + $log_verbosity = (isset($adv_config['unbound_verbosity'])) ? $adv_config['unbound_verbosity'] : "1"; + $hide_id = ($adv_config['hide_id'] == "on") ? "yes" : "no"; + $hide_version = ($adv_config['hide_version'] == "on") ? "yes" : "no"; + $harden_glue = ($adv_config['harden_glue'] == "on") ? "yes" : "no"; + $harden_dnssec_stripped = ($adv_config['harden_dnssec_stripped'] == "on") ? "yes" : "no"; + $prefetch = ($adv_config['prefetch'] == "on") ? "yes" : "no"; + $prefetch_key = ($adv_config['prefetch_key'] == "on") ? "yes" : "no"; + $outgoing_num_tcp = isset($adv_config['outgoing_num_tcp']) ? $adv_config['outgoing_num_tcp'] : "10"; + $incoming_num_tcp = isset($adv_config['incoming_num_tcp']) ? $adv_config['incoming_num_tcp'] : "10"; + $edns_buffer_size = (!empty($adv_config['edns_buffer_size'])) ? $adv_config['edns_buffer_size'] : "4096"; + $num_queries_per_thread = (!empty($adv_config['num_queries_per_thread'])) ? $adv_config['num_queries_per_thread'] : "4096"; + $jostle_timeout = (!empty($adv_config['jostle_timeout'])) ? $adv_config['jostle_timeout'] : "200"; + $cache_max_ttl = (!empty($adv_config['cache_max_ttl'])) ? $adv_config['cache_max_ttl'] : "86400"; + $cache_min_ttl = (!empty($adv_config['cache_min_ttl'])) ? $adv_config['cache_min_ttl'] : "0"; + $infra_host_ttl = (!empty($adv_config['infra_host_ttl'])) ? $adv_config['infra_host_ttl'] : "900"; + $infra_lame_ttl = (!empty($adv_config['infra_lame_ttl'])) ? $adv_config['infra_lame_ttl'] : "900"; + $infra_cache_numhosts = (!empty($adv_config['infra_cache_numhosts'])) ? $adv_config['infra_cache_numhosts'] : "10000"; + $unwanted_reply_threshold = (!empty($adv_config['unwanted_reply_threshold'])) ? $adv_config['unwanted_reply_threshold'] : "0"; $unbound_conf = <<<EOD @@ -510,7 +476,6 @@ chroot: "" username: "unbound" directory: "{$unbound_base}/etc/unbound" pidfile: "{$g['varrun_path']}/unbound.pid" -root-hints: "root.hints" harden-referral-path: no prefetch: {$prefetch} prefetch-key: {$prefetch_key} @@ -527,7 +492,8 @@ unwanted-reply-threshold: {$unwanted_reply_threshold} num-queries-per-thread: {$num_queries_per_thread} jostle-timeout: {$jostle_timeout} infra-host-ttl: {$infra_host_ttl} -infra-lame-ttl: {$infra_lame_ttl} +prefetch: {$prefetch} +prefetch-key: {$prefetch_key} infra-cache-numhosts: {$infra_cache_numhosts} outgoing-num-tcp: {$outgoing_num_tcp} incoming-num-tcp: {$incoming_num_tcp} @@ -538,6 +504,9 @@ statistics-cumulative: {$cumulative_stats} cache-max-ttl: {$cache_max_ttl} cache-min-ttl: {$cache_min_ttl} harden-dnssec-stripped: {$harden_dnssec_stripped} +hide-identity: {$hide_id} +hide-version: {$hide_version} +harden-glue: {$harden_glue} {$optimization['number_threads']} {$optimization['msg_cache_slabs']} {$optimization['rrset_cache_slabs']} @@ -549,6 +518,7 @@ outgoing-range: 8192 {$optimization['so_rcvbuf']} {$optimization['so_sndbuf']} + # Interface IP(s) to bind to {$unbound_bind_interfaces} @@ -572,11 +542,38 @@ access-control: ::1 allow EOD; # Handle custom options - if(!empty($unbound_config['custom_options'])) { - $custom_options = explode(";", ($unbound_config['custom_options'])); - $unbound_conf .= "# Unbound Custom options\n"; - foreach ($custom_options as $ent) { + if (!empty($adv_config['custom_options'])) { + $custom_options = explode(";", ($adv_config['custom_options'])); + $unbound_conf .= "\n# Unbound Custom options\n"; + foreach ($custom_options as $ent) $unbound_conf .= $ent."\n"; + } + + // Set up forward-zones if configured + if ($unbound_config['forwarding_mode'] == "on") { + $dnsservers = array(); + if (isset($config['system']['dnsallowoverride'])) { + $ns = array_unique(get_nameservers()); + foreach($ns as $nameserver) { + if ($nameserver) + $dnsservers[] = $nameserver; + } + } else { + $ns = array_unique(get_dns_servers()); + foreach($ns as $nameserver) { + if ($nameserver) + $dnsservers[] = $nameserver; + } + } + + if (!empty($dnsservers)) { + $unbound_conf .=<<<EOD +forward-zone: + name: "." + +EOD; + foreach($dnsservers as $dnsserver) + $unbound_conf .= "\tforward-addr: $dnsserver\n"; } } @@ -622,7 +619,7 @@ function unbound_optimization() { // Set the number of threads equal to number of CPUs. // Use 1 (disable threading) if for some reason this sysctl fails. $numprocs = intval(trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d" " -f2`)); - if($numprocs > 1) { + if ($numprocs > 1) { $optimization['number_threads'] = "num-threads: {$numprocs}"; $optimize_num = pow(2,floor(log($numprocs,2))); } else { @@ -669,32 +666,6 @@ function unbound_optimization() { return $optimization; } -function fetch_root_hints() { - - $destination_file = UNBOUND_BASE . "/etc/unbound/root.hints"; - if (filesize($destination_file) == 0 ) { - conf_mount_rw(); - $fout = fopen($destination_file, "w"); - $url = "ftp://ftp.internic.net/domain/named.cache"; - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url); - curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '25'); - $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - $data = curl_exec($ch); - curl_close($ch); - - fwrite($fout, $data); - fclose($fout); - conf_mount_ro(); - - return ($http_code == 200) ? true : $http_code; - } else { - return false; - } -} - function unbound_validate($post, $type=null) { global $config, $input_errors; @@ -728,8 +699,6 @@ function unbound_validate($post, $type=null) { $input_errors[] = "You must enter a valid number in 'Minimum TTL for RRsets and messages'."; if(!is_numeric($post['infra_host_ttl'])) $input_errors[] = "You must enter a valid number in 'TTL for Host cache entries'."; - if(!is_numeric($post['infra_lame_ttl'])) - $input_errors[] = "You must enter a valid number in 'TTL for lame delegation'."; if(!is_numeric($post['infra_cache_numhosts'])) $input_errors[] = "You must enter a valid number in 'Number of Hosts to cache'."; @@ -746,19 +715,17 @@ function unbound_reconfigure() { $unbound_config = $config['installedpackages']['unbound']['config'][0]; if ($unbound_config['enable'] != "on") { - if(is_service_running("unbound")) + if (is_service_running("unbound")) unbound_control("termstop"); } else { - if(is_service_running("unbound")) { + if (is_service_running("unbound")) { unbound_control("dump_cache"); unbound_control("termstop"); } unbound_resync_config(); unbound_control("start"); - if(is_service_running("unbound")) { - unbound_control("forward"); + if (is_service_running("unbound")) unbound_control("restore_cache"); - } } } diff --git a/config/unbound/unbound.xml b/config/unbound/unbound.xml index 20f3d250..21f9455f 100644 --- a/config/unbound/unbound.xml +++ b/config/unbound/unbound.xml @@ -58,27 +58,27 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/unbound/unbound.inc</item> + <item>https://packages.pfsense.org/packages/config/unbound/unbound.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/unbound/unbound_status.php</item> + <item>https://packages.pfsense.org/packages/config/unbound/unbound_status.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/unbound/unbound_acls.php</item> + <item>https://packages.pfsense.org/packages/config/unbound/unbound_acls.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/unbound/unbound_advanced.xml</item> + <item>https://packages.pfsense.org/packages/config/unbound/unbound_advanced.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/unbound/unbound_monitor.sh</item> + <item>https://packages.pfsense.org/packages/config/unbound/unbound_monitor.sh</item> </additional_files_needed> <system_services> <dns/> diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php index 59738aab..aef1f3d1 100644 --- a/config/unbound/unbound_acls.php +++ b/config/unbound/unbound_acls.php @@ -2,7 +2,7 @@ /* $Id$ */ /* unbound_acls.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2011 Warren Baker <warren@decoy.co.za> All rights reserved. diff --git a/config/unbound/unbound_advanced.xml b/config/unbound/unbound_advanced.xml index 2da5b505..f9914a22 100644 --- a/config/unbound/unbound_advanced.xml +++ b/config/unbound/unbound_advanced.xml @@ -262,16 +262,7 @@ <field> <fielddescr>TTL for Host cache entries</fielddescr> <fieldname>infra_host_ttl</fieldname> - <description>Time to live for entries in the host cache. The host cache contains roundtrip timing and EDNS support information. The default is 900 seconds.</description> - <type>input</type> - <size>5</size> - <default_value>900</default_value> - <advancedfield/> - </field> - <field> - <fielddescr>TTL for lame delegation</fielddescr> - <fieldname>infra_lame_ttl</fieldname> - <description>Time to live for when a delegation is considered to be lame. The default is 900 seconds.</description> + <description>Time to live for entries in the host cache. The host cache contains roundtrip timing, lameness and EDNS support information. The default is 900 seconds.</description> <type>input</type> <size>5</size> <default_value>900</default_value> diff --git a/config/unbound/unbound_status.php b/config/unbound/unbound_status.php index d7371f29..8a362c2b 100644 --- a/config/unbound/unbound_status.php +++ b/config/unbound/unbound_status.php @@ -2,7 +2,7 @@ /* $Id$ */ /* unbound_status.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. diff --git a/config/urltables/urltables.xml b/config/urltables/urltables.xml index 16fe50c3..c9a9062b 100644 --- a/config/urltables/urltables.xml +++ b/config/urltables/urltables.xml @@ -52,12 +52,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/urltables/urltables.inc</item> + <item>https://packages.pfsense.org/packages/config/urltables/urltables.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/urltables/urltables.patch</item> + <item>https://packages.pfsense.org/packages/config/urltables/urltables.patch</item> </additional_files_needed> <custom_php_install_command> urltables_install(); diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 1895d214..2a986710 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -688,7 +688,7 @@ function varnish_sync_on_changes() { break; case "auto": if (is_array($config['hasync'])){ - $hasync=$config['hasync'][0]; + $hasync=$config['hasync']; $rs[0]['ipaddress']=$hasync['synchronizetoip']; $rs[0]['username']=$hasync['username']; $rs[0]['password']=$hasync['password']; diff --git a/config/varnish3/varnish.widget.php b/config/varnish3/varnish.widget.php index 35980db5..35723e95 100755 --- a/config/varnish3/varnish.widget.php +++ b/config/varnish3/varnish.widget.php @@ -2,7 +2,7 @@ /* Copyright 2011 Thomas Schaefer - Tomschaefer.org Copyright 2011 Marcello Coutinho - Part of pfSense widgets (www.pfsense.com) + Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/config/varnish3/varnish_backends.xml b/config/varnish3/varnish_backends.xml index 58216279..b2214772 100644 --- a/config/varnish3/varnish_backends.xml +++ b/config/varnish3/varnish_backends.xml @@ -48,47 +48,47 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish3/varnish_lb_directors.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish3/varnish_lb_directors.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish3/varnish_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish3/varnish_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish3/varnish_custom_vcl.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish3/varnish_custom_vcl.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish3/varnish.widget.php</item> + <item>https://packages.pfsense.org/packages/config/varnish3/varnish.widget.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish3/varnish.inc</item> + <item>https://packages.pfsense.org/packages/config/varnish3/varnish.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish3/varnish_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish3/varnish_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish3/varnish_view_config.php</item> + <item>https://packages.pfsense.org/packages/config/varnish3/varnish_view_config.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish3/varnishstat.php</item> + <item>https://packages.pfsense.org/packages/config/varnish3/varnishstat.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/varnish3/pkg_varnish.inc</item> + <item>https://packages.pfsense.org/packages/config/varnish3/pkg_varnish.inc</item> </additional_files_needed> <menu> <name>Varnish</name> diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml index 99a945d5..b2a19ac3 100644 --- a/config/varnish3/varnish_lb_directors.xml +++ b/config/varnish3/varnish_lb_directors.xml @@ -49,17 +49,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish_custom_vcl.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish_custom_vcl.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish.inc</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish.inc</item> </additional_files_needed> <menu> <name>Varnish </name> diff --git a/config/varnish3/varnish_view_config.php b/config/varnish3/varnish_view_config.php index 2e449b51..69a9fabb 100644 --- a/config/varnish3/varnish_view_config.php +++ b/config/varnish3/varnish_view_config.php @@ -1,7 +1,7 @@ <?php /* varnish_view_config.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -29,8 +29,8 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Varnish: View Configuration"; diff --git a/config/varnish3/varnishstat.php b/config/varnish3/varnishstat.php index 6374525a..10d9ceb9 100644 --- a/config/varnish3/varnishstat.php +++ b/config/varnish3/varnishstat.php @@ -1,7 +1,7 @@ <?php /* varnishstat_view_logs.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -36,8 +36,8 @@ if($_REQUEST['getactivity']) { exit; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Varnish: VarnishSTAT"; diff --git a/config/varnish64/varnish.widget.php b/config/varnish64/varnish.widget.php index 35980db5..35723e95 100755 --- a/config/varnish64/varnish.widget.php +++ b/config/varnish64/varnish.widget.php @@ -2,7 +2,7 @@ /* Copyright 2011 Thomas Schaefer - Tomschaefer.org Copyright 2011 Marcello Coutinho - Part of pfSense widgets (www.pfsense.com) + Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/config/varnish64/varnish_backends.xml b/config/varnish64/varnish_backends.xml index d6aaa261..fa549063 100644 --- a/config/varnish64/varnish_backends.xml +++ b/config/varnish64/varnish_backends.xml @@ -48,42 +48,42 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish_lb_directors.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish_lb_directors.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish_custom_vcl.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish_custom_vcl.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish.widget.php</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish.widget.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish.inc</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish_view_config.php</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish_view_config.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnishstat.php</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnishstat.php</item> </additional_files_needed> <menu> <name>Varnish</name> diff --git a/config/varnish64/varnish_lb_directors.xml b/config/varnish64/varnish_lb_directors.xml index 4c46414e..e7a442ab 100644 --- a/config/varnish64/varnish_lb_directors.xml +++ b/config/varnish64/varnish_lb_directors.xml @@ -49,17 +49,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish_settings.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish_custom_vcl.xml</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish_custom_vcl.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/varnish64/varnish.inc</item> + <item>https://packages.pfsense.org/packages/config/varnish64/varnish.inc</item> </additional_files_needed> <menu> <name>Varnish </name> diff --git a/config/varnish64/varnish_view_config.php b/config/varnish64/varnish_view_config.php index 2e449b51..69a9fabb 100644 --- a/config/varnish64/varnish_view_config.php +++ b/config/varnish64/varnish_view_config.php @@ -1,7 +1,7 @@ <?php /* varnish_view_config.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -29,8 +29,8 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Varnish: View Configuration"; diff --git a/config/varnish64/varnishstat.php b/config/varnish64/varnishstat.php index 6374525a..10d9ceb9 100644 --- a/config/varnish64/varnishstat.php +++ b/config/varnish64/varnishstat.php @@ -1,7 +1,7 @@ <?php /* varnishstat_view_logs.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -36,8 +36,8 @@ if($_REQUEST['getactivity']) { exit; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Varnish: VarnishSTAT"; diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc index 651b79b2..aa602fdd 100644 --- a/config/vhosts/vhosts.inc +++ b/config/vhosts/vhosts.inc @@ -736,31 +736,31 @@ function vhosts_install_command() { if(stristr(php_uname('r'), '7.2') == TRUE) { if (!file_exists('/usr/local/php5')) { chdir('/usr/local/'); - exec ("fetch http://files.pfsense.org/packages/7/vhosts/php5.tar.gz"); + exec ("fetch https://files.pfsense.org/packages/7/vhosts/php5.tar.gz"); exec("tar zxvf /usr/local/php5.tar.gz -C /usr/local/"); exec("rm /usr/local/php5.tar.gz"); } if (!file_exists('/usr/local/lib/libxml2.so.5')) { chdir('/usr/local/lib/'); - exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so.5"); + exec ("fetch https://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so.5"); } if (!file_exists('/usr/local/lib/libxml2.so')) { chdir('/usr/local/lib/'); - exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so"); + exec ("fetch https://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so"); } if (!file_exists('/usr/local/lib/libxml2.la')) { chdir('/usr/local/lib/'); - exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.la"); + exec ("fetch https://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.la"); } if (!file_exists('/usr/local/lib/libxml2.a')) { chdir('/usr/local/lib/'); - exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/lib/libxml2.a"); + exec ("fetch https://files.pfsense.org/packages/7/vhosts/usr.local.lib/lib/libxml2.a"); } } if(stristr(php_uname('r'), '8.1') == TRUE) { if (!file_exists('/usr/local/php5')) { chdir('/usr/local/'); - exec ("fetch http://files.pfsense.org/packages/8/vhosts/php5.tar.gz"); + exec ("fetch https://files.pfsense.org/packages/8/vhosts/php5.tar.gz"); exec("tar zxvf /usr/local/php5.tar.gz -C /usr/local/"); exec("rm /usr/local/php5.tar.gz"); } @@ -774,7 +774,7 @@ function vhosts_install_command() { unlink_if_exists("/tmp/vhosts_php_edit.tmp"); chdir('/tmp/'); - exec ("fetch http://www.pfsense.com/packages/config/vhosts/system_advanced_create_certs.tmp"); + exec ("fetch https://packages.pfsense.org/packages/config/vhosts/system_advanced_create_certs.tmp"); exec("cp /tmp/system_advanced_create_certs.tmp /usr/local/www/packages/vhosts/system_advanced_create_certs.php"); unlink_if_exists("/tmp/system_advanced_create_certs.tmp"); diff --git a/config/vhosts/vhosts.xml b/config/vhosts/vhosts.xml index 9bfb73e0..91c50079 100644 --- a/config/vhosts/vhosts.xml +++ b/config/vhosts/vhosts.xml @@ -73,22 +73,22 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/vhosts/vhosts.xml</item> + <item>https://packages.pfsense.org/packages/config/vhosts/vhosts.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/vhosts/vhosts.inc</item> + <item>https://packages.pfsense.org/packages/config/vhosts/vhosts.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/vhosts/vhosts_php.tmp</item> + <item>https://packages.pfsense.org/packages/config/vhosts/vhosts_php.tmp</item> </additional_files_needed> <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/vhosts/vhosts_php_edit.tmp</item> + <item>https://packages.pfsense.org/packages/config/vhosts/vhosts_php_edit.tmp</item> </additional_files_needed> <fields> <field> diff --git a/config/vhosts/vhosts_php.tmp b/config/vhosts/vhosts_php.tmp index 09b20ef7..d2777dc9 100644 --- a/config/vhosts/vhosts_php.tmp +++ b/config/vhosts/vhosts_php.tmp @@ -82,7 +82,7 @@ include("head.inc"); System -> Advanced -> Enable Secure Shell. Then SFTP can be used to access the files at /usr/local/vhosts. After adding or updating an entry make sure to restart the <a href='/status_services.php'>service</a> to apply the settings. <br /><br /> - For more information see: <a href='http://doc.pfsense.org/index.php/vhosts'>http://doc.pfsense.org/index.php/vhosts</a> + For more information see: <a href='https://doc.pfsense.org/index.php/vhosts'>https://doc.pfsense.org/index.php/vhosts</a> </p></td> </tr> </table> diff --git a/config/vnstat/vnstat.xml b/config/vnstat/vnstat.xml index 63a121a0..6e3ae3ac 100644 --- a/config/vnstat/vnstat.xml +++ b/config/vnstat/vnstat.xml @@ -20,12 +20,12 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat/vnstat.inc</item> + <item>https://packages.pfsense.org/packages/config/vnstat/vnstat.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://files.pfsense.org/packages/7/vnstat/vnstat_php_frontend-1.4.1.tar.gz</item> + <item>https://files.pfsense.org/packages/7/vnstat/vnstat_php_frontend-1.4.1.tar.gz</item> </additional_files_needed> <custom_php_resync_config_command></custom_php_resync_config_command> <custom_php_install_command>vnstat_install_config();</custom_php_install_command> diff --git a/config/vnstat2/vnstat2.inc b/config/vnstat2/vnstat2.inc index 54a15aa6..9a684aa1 100644 --- a/config/vnstat2/vnstat2.inc +++ b/config/vnstat2/vnstat2.inc @@ -2,17 +2,12 @@ function vnstat_install_deinstall() { conf_mount_rw(); global $config; -// Remove Vnstat package and files - exec("cd /var/db/pkg/ && pkg_delete `ls | grep vnstat`"); +// Remove Vnstat package and files exec("rm -d -R /usr/local/www/vnstat2"); exec("rm -d -R /usr/local/www/vnstati"); - exec("rm /usr/local/pkg/vnstat_php_frontend.xml"); - exec("rm /usr/local/pkg/vnstat2.sh"); - exec("rm /usr/local/etc/vnstat2.conf"); - exec("rm /usr/local/www/diag_vnstat.php"); - exec("rm /usr/local/www/diag_vnstat2.php"); - exec("rm /usr/local/www/vnstati.php"); - exec("rm /usr/local/www/vnstat2_img.php"); + exec("rm -d -R /usr/local/pkg/vnstat2"); + exec("rm /usr/local/etc/vnstat.conf"); + // Remove vnstat cron entry from config.xml vnstat2_install_cron(false); conf_mount_ro(); @@ -25,7 +20,7 @@ function vnstat2_install_cron($vnstat_cron_value) { return; $x=0; foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], "/usr/local/pkg/vnstat2.sh")) { + if(strstr($item['command'], "/usr/local/pkg/vnstat2/vnstat2.sh")) { $is_installed = true; break; } @@ -41,7 +36,7 @@ function vnstat2_install_cron($vnstat_cron_value) { $cron_item['month'] = "*"; $cron_item['wday'] = "*"; $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/pkg/vnstat2.sh"; + $cron_item['command'] = "/usr/local/pkg/vnstat2/vnstat2.sh"; $config['cron']['item'][] = $cron_item; write_config(); configure_cron(); @@ -70,10 +65,10 @@ function change_vnstat_conf(){ $no_vnstat_phpfrontend = $config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend']; if ($no_vnstat_phpfrontend == "on"){ vnstat_php_frontend(); - } + } else { exec("[ -d /usr/local/www/vnstat2 ] && rm -d -R /usr/local/www/vnstat2"); -} + } conf_mount_ro(); } @@ -149,16 +144,11 @@ function vnstat_install_config() { conf_mount_rw(); // Create vnstat database dir where it also will work for nanobsd // exec("[ -d /var/db/vnstat ] && mv /var/db/vnstat /conf/vnstat"); - exec("[ -d /usr/local/pkg/vnstat ] && mv /usr/local/pkg/vnstat /conf/vnstat"); + exec("[ -d /usr/local/pkg/vnstat2/vnstat ] && mv /usr/local/pkg/vnstat2/vnstat /conf/vnstat"); exec("[ ! -d /conf/vnstat ] && mkdir /conf/vnstat"); // Check for pbi install and arch type then create symlinks if (file_exists('/usr/pbi/vnstat-i386')) { exec("ln -s /usr/local/etc/vnstat.conf /usr/pbi/vnstat-i386/etc/vnstat.conf"); } if (file_exists('/usr/pbi/vnstat-amd64')) { exec("ln -s /usr/local/etc/vnstat.conf /usr/pbi/vnstat-amd64/etc/vnstat.conf"); } -// Copy files to web dir - exec("[ ! -f /usr/local/www/diag_vnstat2.php ] && cp /usr/local/pkg/diag_vnstat2.abc /usr/local/www/diag_vnstat2.php"); - exec("[ ! -f /usr/local/www/diag_vnstat.php ] && cp /usr/local/pkg/diag_vnstat.abc /usr/local/www/diag_vnstat.php"); - exec("[ ! -f /usr/local/www/vnstati.php ] && cp /usr/local/pkg/vnstati.abc /usr/local/www/vnstati.php"); - exec("[ ! -f /usr/local/www/vnstat2_img.php ] && cp /usr/local/pkg/vnstat2_img.abc /usr/local/www/vnstat2_img.php"); // Add MonthRotate value to config.xml and write /usr/local/etc/vnstat.conf $no_monthrotate = $config['installedpackages']['vnstat2']['config'][0]['monthrotate']; if ($no_monthrotate == ""){ @@ -197,10 +187,8 @@ function vnstat_install_config() { function vnstat_php_frontend(){ global $config; -// Unpack and move Vnstat frontend - exec("cd .."); - exec("tar -zxovf /usr/local/pkg/vnstat_php_frontend-1.5.1-updated.tar.gz"); - exec("mv vnstat_php_frontend-1.5.1-updated /usr/local/www/vnstat2"); +// Copy vnstat_php_frontend to www + exec("cp -a /usr/local/pkg/vnstat2/vnstat_php_frontend/. /usr/local/www/vnstat2/"); // Find information to be writing in config.php // $iface_list_array_items exec("ls /conf/vnstat/ | grep -v '\.'", $vnstat_nic_in); @@ -228,8 +216,8 @@ function vnstat_php_frontend(){ $iface_title_array = implode($iface_title_array_items2); // php in php static items // added to new items for the front end version 1.5.1 - $locale = "\$locale = 'en_US.UTF-8';"; - $language = "\$language = 'en';"; + $locale = "\$locale = 'en_US.UTF-8';"; + $language = "\$language = 'en';"; $vnstat_bin2 = "\$vnstat_bin = '/usr/local/bin/vnstat';"; $data_dir2 = "\$data_dir = './dumps';"; $graph_format2 ="\$graph_format='svg';"; diff --git a/config/vnstat2/vnstat2.sh b/config/vnstat2/vnstat2.sh index 05fb1136..54f30843 100644 --- a/config/vnstat2/vnstat2.sh +++ b/config/vnstat2/vnstat2.sh @@ -1,5 +1,6 @@ #!/bin/sh + /etc/rc.conf_mount_rw /usr/local/bin/vnstat -u sleep 0.2 diff --git a/config/vnstat2/vnstat2.xml b/config/vnstat2/vnstat2.xml index 6d8ba41a..ab07f004 100644 --- a/config/vnstat2/vnstat2.xml +++ b/config/vnstat2/vnstat2.xml @@ -10,9 +10,9 @@ <version>1.0</version> <title>Vnstat2</title> <aftersaveredirect>/pkg_edit.php?xml=vnstat2.xml&id=0</aftersaveredirect> - <include_file>/usr/local/pkg/vnstat2.inc</include_file> + <include_file>/usr/local/pkg/vnstat2/vnstat2.inc</include_file> <menu> - <name>vnstat2</name> + <name>Vnstat2</name> <tooltiptext></tooltiptext> <section>Status</section> <url>/pkg_edit.php?xml=vnstat2.xml&id=0</url> @@ -41,49 +41,159 @@ </tab> </tabs> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/pkg/vnstat2/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/vnstat2.inc</item> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://files.pfsense.org/packages/8/vnstat/vnstat_php_frontend-1.5.1-updated.tar.gz</item> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstati.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/vnstati.xml</item> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstatoutput.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/pkg/vnstat2/</prefix> <chmod>0744</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/vnstat2.sh</item> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.sh</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/vnstatoutput.xml</item> + <item>https://packages.pfsense.org/packages/config/vnstat2/www/diag_vnstat.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/bin/diag_vnstat.abc</item> + <item>https://packages.pfsense.org/packages/config/vnstat2/www/diag_vnstat2.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/bin/diag_vnstat2.abc</item> + <item>https://packages.pfsense.org/packages/config/vnstat2/www/vnstat2_img.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/bin/vnstat2_img.abc</item> + <item>https://packages.pfsense.org/packages/config/vnstat2/www/vnstati.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/lang/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/lang/cs.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/lang/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/lang/en.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/lang/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/lang/nl.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/dark/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/dark/style.css</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/dark/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/espresso/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/espresso/style.css</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/espresso/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/light/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/light/style.css</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/light/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/light/theme.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/pfSense/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/pfSense/style.css</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/pfSense/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/pfSense/theme.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/red/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/red/style.css</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/red/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/red/theme.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/config.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/COPYING</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/graph.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/graph_svg.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/index.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/localize.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/README</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/vera_copyright.txt</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/VeraBd.ttf</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/bin/vnstati.abc</item> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/vnstat.php</item> </additional_files_needed> <fields> <field> @@ -136,3 +246,4 @@ <custom_php_install_command>vnstat_install_config();</custom_php_install_command> <custom_php_deinstall_command>vnstat_install_deinstall();</custom_php_deinstall_command> </packagegui> + diff --git a/config/vnstat2/vnstat_php_frontend/COPYING b/config/vnstat2/vnstat_php_frontend/COPYING new file mode 100644 index 00000000..a17bdaff --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/COPYING @@ -0,0 +1,341 @@ +GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + <signature of Ty Coon>, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. + diff --git a/config/vnstat2/vnstat_php_frontend/README b/config/vnstat2/vnstat_php_frontend/README new file mode 100644 index 00000000..20053152 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/README @@ -0,0 +1,52 @@ +0. WHAT IS IT? + +This is a PHP frontend end to vnstat, a network traffic logger. +Since vnstat is console mode only I created this script to +make a 'nice' report of the data collected by vnstat. +For more information about vnstat check out http://humdi.net/vnstat/ +For updates to this script check http://www.sqweek.com + + +1. REQUIREMENTS + +- vnstat setup and collecting data +- webserver with PHP +- php-gd extension installed for PNG graphs + + +2. INSTALL + +Installation should be really straightforward: + +Put the files from this package somewhere inside the webroot of +your webserver. Then edit the few configuration options in config.php +to suit your situation and your good to go. The various options are +explained in config.php. + + +3. LICENSE + +vnstat PHP frontend 1.5.1 +Copyright (c)2006-2008 Bjorge Dijkstra (bjd@jooz.net) + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +NOTE: + The Truetype font file VeraBd.ttf is copyright by Bitstream Inc. + See vera_copyright.txt for more information. + + + diff --git a/config/vnstat2/vnstat_php_frontend/VeraBd.ttf b/config/vnstat2/vnstat_php_frontend/VeraBd.ttf Binary files differnew file mode 100644 index 00000000..51d6111d --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/VeraBd.ttf diff --git a/config/vnstat2/vnstat_php_frontend/config.php b/config/vnstat2/vnstat_php_frontend/config.php new file mode 100644 index 00000000..3a4cd51a --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/config.php @@ -0,0 +1,69 @@ +<?php + // + // vnStat PHP frontend (c)2006-2010 Bjorge Dijkstra (bjd@jooz.net) + // + // This program is free software; you can redistribute it and/or modify + // it under the terms of the GNU General Public License as published by + // the Free Software Foundation; either version 2 of the License, or + // (at your option) any later version. + // + // This program is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + // GNU General Public License for more details. + // + // You should have received a copy of the GNU General Public License + // along with this program; if not, write to the Free Software + // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + // + // + // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // for more information. + // + error_reporting(E_ALL | E_NOTICE); + + // + // configuration parameters + // + // edit these to reflect your particular situation + // + $locale = 'en_US.UTF-8'; + $language = 'en'; + + // list of network interfaces monitored by vnStat + $iface_list = array('em0', 'em1'); + + // + // optional names for interfaces + // if there's no name set for an interface then the interface identifier + // will be displayed instead + $iface_title['em0'] = 'WAN'; + $iface_title['em1'] = 'LAN'; + + // + // There are two possible sources for vnstat data. If the $vnstat_bin + // variable is set then vnstat is called directly from the PHP script + // to get the interface data. + // + // The other option is to periodically dump the vnstat interface data to + // a file (e.g. by a cronjob). In that case the $vnstat_bin variable + // must be cleared and set $data_dir to the location where the dumps + // are stored. Dumps must be named 'vnstat_dump_$iface'. + // + // You can generate vnstat dumps with the command: + // vnstat --dumpdb -i $iface > /path/to/data_dir/vnstat_dump_$iface + // + $vnstat_bin = '/usr/local/bin/vnstat'; + $data_dir = './dumps'; + + // graphics format to use: svg or png + $graph_format='svg'; + + // Font to use for PNG graphs + define('GRAPH_FONT',dirname(__FILE__).'/VeraBd.ttf'); + + // Font to use for SVG graphs + define('SVG_FONT', 'Verdana'); + + define('DEFAULT_COLORSCHEME', 'pfSense'); +?>
\ No newline at end of file diff --git a/config/vnstat2/vnstat_php_frontend/graph.php b/config/vnstat2/vnstat_php_frontend/graph.php new file mode 100644 index 00000000..fb00be67 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/graph.php @@ -0,0 +1,303 @@ +<?php + // + // vnStat PHP frontend (c)2006-2010 Bjorge Dijkstra (bjd@jooz.net) + // + // This program is free software; you can redistribute it and/or modify + // it under the terms of the GNU General Public License as published by + // the Free Software Foundation; either version 2 of the License, or + // (at your option) any later version. + // + // This program is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + // GNU General Public License for more details. + // + // You should have received a copy of the GNU General Public License + // along with this program; if not, write to the Free Software + // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + // + // + // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // for more information. + // + require 'config.php'; + require 'localize.php'; + require 'vnstat.php'; + + validate_input(); + + require "./themes/$style/theme.php"; + + function allocate_color($im, $colors) + { + return imagecolorallocatealpha($im, $colors[0], $colors[1], $colors[2], $colors[3]); + } + + function init_image() + { + global $im, $xlm, $xrm, $ytm, $ybm, $iw, $ih,$graph, $cl, $iface, $colorscheme, $style; + + if ($graph == 'none') + return; + + // + // image object + // + $xlm = 70; + $xrm = 20; + $ytm = 35; + $ybm = 60; + if ($graph == 'small') + { + $iw = 300 + $xrm + $xlm; + $ih = 100 + $ytm + $ybm; + } + else + { + $iw = 600 + $xrm + $xlm; + $ih = 200 + $ytm + $ybm; + } + + $im = imagecreatetruecolor($iw,$ih); + + // + // colors + // + $cs = $colorscheme; + $cl['image_background'] = allocate_color($im, $cs['image_background']); + $cl['background'] = allocate_color($im, $cs['graph_background']); + $cl['background_2'] = allocate_color($im, $cs['graph_background_2']); + $cl['grid_stipple_1'] = allocate_color($im, $cs['grid_stipple_1']); + $cl['grid_stipple_2'] = allocate_color($im, $cs['grid_stipple_2']); + $cl['text'] = allocate_color($im, $cs['text']); + $cl['border'] = allocate_color($im, $cs['border']); + $cl['rx'] = allocate_color($im, $cs['rx']); + $cl['rx_border'] = allocate_color($im, $cs['rx_border']); + $cl['tx'] = allocate_color($im, $cs['tx']); + $cl['tx_border'] = allocate_color($im, $cs['tx_border']); + + imagefilledrectangle($im,0,0,$iw,$ih,$cl['image_background']); + imagefilledrectangle($im,$xlm,$ytm,$iw-$xrm,$ih-$ybm, $cl['background']); + + $x_step = ($iw - $xlm - $xrm) / 12; + $depth = ($x_step / 8) + 4; + imagefilledpolygon($im, array($xlm, $ytm, $xlm, $ih - $ybm, $xlm - $depth, $ih - $ybm + $depth, $xlm - $depth, $ytm + $depth), 4, $cl['background_2']); + imagefilledpolygon($im, array($xlm, $ih - $ybm, $xlm - $depth, $ih - $ybm + $depth, $iw - $xrm - $depth, $ih - $ybm + $depth, $iw - $xrm, $ih - $ybm), 4, $cl['background_2']); + + // draw title + $text = T('Traffic data for')." $iface"; + $bbox = imagettfbbox(10, 0, GRAPH_FONT, $text); + $textwidth = $bbox[2] - $bbox[0]; + imagettftext($im, 10, 0, ($iw-$textwidth)/2, ($ytm/2), $cl['text'], GRAPH_FONT, $text); + + } + + function draw_border() + { + global $im,$cl,$iw,$ih; + + imageline($im, 0, 0,$iw-1, 0, $cl['border']); + imageline($im, 0,$ih-1,$iw-1,$ih-1, $cl['border']); + imageline($im, 0, 0, 0,$ih-1, $cl['border']); + imageline($im, $iw-1, 0,$iw-1,$ih-1, $cl['border']); + } + + function draw_grid($x_ticks, $y_ticks) + { + global $im, $cl, $iw, $ih, $xlm, $xrm, $ytm, $ybm; + $x_step = ($iw - $xlm - $xrm) / $x_ticks; + $y_step = ($ih - $ytm - $ybm) / $y_ticks; + + $depth = 10;//($x_step / 8) + 4; + + $ls = array($cl['grid_stipple_1'],$cl['grid_stipple_2']); + imagesetstyle($im, $ls); + for ($i=$xlm;$i<=($iw-$xrm); $i += $x_step) + { + imageline($im, $i, $ytm, $i, $ih - $ybm, IMG_COLOR_STYLED); + imageline($im, $i, $ih - $ybm, $i - $depth, $ih - $ybm + $depth, IMG_COLOR_STYLED); + } + for ($i=$ytm;$i<=($ih-$ybm); $i += $y_step) + { + imageline($im, $xlm, $i, $iw - $xrm, $i, IMG_COLOR_STYLED); + imageline($im, $xlm, $i, $xlm - $depth, $i + $depth, IMG_COLOR_STYLED); + } + imageline($im, $xlm, $ytm, $xlm, $ih - $ybm, $cl['border']); + imageline($im, $xlm, $ih - $ybm, $iw - $xrm, $ih - $ybm, $cl['border']); + } + + + function draw_data($data) + { + global $im,$cl,$iw,$ih,$xlm,$xrm,$ytm,$ybm; + + sort($data); + + $x_ticks = count($data); + $y_ticks = 10; + $y_scale = 1; + $prescale = 1; + $unit = 'K'; + $offset = 0; + $gr_h = $ih - $ytm - $ybm; + $x_step = ($iw - $xlm - $xrm) / $x_ticks; + $y_step = ($ih - $ytm - $ybm) / $y_ticks; + $bar_w = ($x_step / 2) ; + + // + // determine scale + // + $low = 99999999999; + $high = 0; + for ($i=0; $i<$x_ticks; $i++) + { + if ($data[$i]['rx'] < $low) + $low = $data[$i]['rx']; + if ($data[$i]['tx'] < $low) + $low = $data[$i]['tx']; + if ($data[$i]['rx'] > $high) + $high = $data[$i]['rx']; + if ($data[$i]['tx'] > $high) + $high = $data[$i]['tx']; + } + + while ($high > ($prescale * $y_scale * $y_ticks)) + { + $y_scale = $y_scale * 2; + if ($y_scale >= 1024) + { + $prescale = $prescale * 1024; + $y_scale = $y_scale / 1024; + if ($unit == 'K') + $unit = 'M'; + else if ($unit == 'M') + $unit = 'G'; + else if ($unit == 'G') + $unit = 'T'; + } + } + + draw_grid($x_ticks, $y_ticks); + + // + // graph scale factor (per pixel) + // + imagesetthickness($im, 1); + $sf = ($prescale * $y_scale * $y_ticks) / $gr_h; + + if ($data[0] == 'nodata') + { + $text = 'no data available'; + $bbox = imagettfbbox(10, 0, GRAPH_FONT, $text); + $textwidth = $bbox[2] - $bbox[0]; + imagettftext($im, 10, 0, ($iw-$textwidth)/2, $ytm + 80, $cl['text'], GRAPH_FONT, $text); + } + else + { + // + // draw bars + // + for ($i=0; $i<$x_ticks; $i++) + { + $x = $xlm + ($i * $x_step); + $y = $ytm + ($ih - $ytm - $ybm) - (($data[$i]['rx'] - $offset) / $sf); + + $depth = $x_step / 8; + $space = 0; + + $x1 = $x; + $y1 = $y; + $x2 = $x + $bar_w - $space; + $y2 = $ih - $ybm; + + imagefilledrectangle($im, $x1, $y1, $x2, $y2, $cl['rx']); + imagerectangle($im, $x1, $y1, $x2, $y2, $cl['rx_border']); + + imagefilledrectangle($im, $x1 - $depth, $y1 + $depth, $x2 -$depth, $y2 + $depth, $cl['rx']); + imagerectangle($im, $x1 - $depth, $y1 + $depth, $x2 - $depth, $y2 + $depth, $cl['rx_border']); + + imagefilledpolygon($im, array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth), 4, $cl['rx']); + imagepolygon($im, array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth), 4, $cl['rx_border']); + imagefilledpolygon($im, array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth), 4, $cl['rx']); + imagepolygon($im, array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth), 4, $cl['rx_border']); + + $y1 = $ytm + ($ih - $ytm - $ybm) - (($data[$i]['tx'] - $offset) / $sf); + $x1 = $x1 + $bar_w; + $x2 = $x2 + $bar_w; + + imagefilledrectangle($im, $x1, $y1, $x2, $y2, $cl['tx']); + imagerectangle($im, $x1, $y1, $x2, $y2, $cl['tx_border']); + + imagefilledrectangle($im, $x1 - $depth, $y1 + $depth, $x2 - $depth, $y2 + $depth, $cl['tx']); + imagerectangle($im, $x1 - $depth, $y1 + $depth, $x2 - $depth, $y2 + $depth, $cl['tx_border']); + + imagefilledpolygon($im, array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth), 4, $cl['tx']); + imagepolygon($im, array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth), 4, $cl['tx_border']); + imagefilledpolygon($im, array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth), 4, $cl['tx']); + imagepolygon($im, array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth), 4, $cl['tx_border']); + } + + // + // axis labels + // + for ($i=0; $i<=$y_ticks; $i++) + { + $label = ($i * $y_scale).$unit; + $bbox = imagettfbbox(8, 0, GRAPH_FONT, $label); + $textwidth = $bbox[2] - $bbox[0]; + imagettftext($im, 8, 0, $xlm - $textwidth - 16, ($ih - $ybm) - ($i * $y_step) + 8 + $depth, $cl['text'], GRAPH_FONT, $label); + } + + for ($i=0; $i<$x_ticks; $i++) + { + $label = $data[$i]['img_label']; + $bbox = imagettfbbox(9, 0, GRAPH_FONT, $label); + $textwidth = $bbox[2] - $bbox[0]; + imagettftext($im, 9, 0, $xlm + ($i * $x_step) + ($x_step / 2) - ($textwidth / 2) - $depth - 4, $ih - $ybm + 20 + $depth, $cl['text'], GRAPH_FONT, $label); + } + } + + draw_border(); + + + // + // legend + // + imagefilledrectangle($im, $xlm, $ih-$ybm+39, $xlm+8,$ih-$ybm+47,$cl['rx']); + imagerectangle($im, $xlm, $ih-$ybm+39, $xlm+8,$ih-$ybm+47,$cl['text']); + imagettftext($im, 8,0, $xlm+14, $ih-$ybm+48,$cl['text'], GRAPH_FONT,'bytes in'); + + imagefilledrectangle($im, $xlm+120 , $ih-$ybm+39, $xlm+128,$ih-$ybm+47,$cl['tx']); + imagerectangle($im, $xlm+120, $ih-$ybm+39, $xlm+128,$ih-$ybm+47,$cl['text']); + imagettftext($im, 8,0, $xlm+134, $ih-$ybm+48,$cl['text'], GRAPH_FONT,'bytes out'); + } + + function output_image() + { + global $page,$hour,$day,$month,$im,$iface; + + if ($page == 'summary') + return; + + init_image(); + + if ($page == 'h') + { + draw_data($hour); + } + else if ($page == 'd') + { + draw_data($day); + } + else if ($page == 'm') + { + draw_data($month); + } + + header('Content-type: image/png'); + imagepng($im); + } + + get_vnstat_data(); + output_image(); +?> diff --git a/config/vnstat2/vnstat_php_frontend/graph_svg.php b/config/vnstat2/vnstat_php_frontend/graph_svg.php new file mode 100644 index 00000000..8992ed12 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/graph_svg.php @@ -0,0 +1,362 @@ +<?php + // + // vnStat PHP frontend (c)2006-2010 Bjorge Dijkstra (bjd@jooz.net) + // + // This program is free software; you can redistribute it and/or modify + // it under the terms of the GNU General Public License as published by + // the Free Software Foundation; either version 2 of the License, or + // (at your option) any later version. + // + // This program is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + // GNU General Public License for more details. + // + // You should have received a copy of the GNU General Public License + // along with this program; if not, write to the Free Software + // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + // + // + // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // for more information. + // + require 'config.php'; + require 'localize.php'; + require 'vnstat.php'; + + validate_input(); + + require "./themes/$style/theme.php"; + + function svg_create($width, $height) + { + header('Content-type: image/svg+xml'); + print "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n"; + print "<svg width=\"$width\" height=\"$height\" version=\"1.2\" baseProfile=\"tiny\" xmlns=\"http://www.w3.org/2000/svg\">\n"; + print "<g style=\"shape-rendering: crispEdges\">\n"; + } + + function svg_end() + { + print "</g>\n"; + print "</svg>\n"; + } + + function svg_options($options) + { + foreach ($options as $key => $value) { + print "$key=\"$value\" "; + } + } + + function svg_group($options) + { + print "<g "; + svg_options($options); + print ">\n"; + } + + function svg_group_end() + { + print "</g>\n"; + } + + function svg_text($x, $y, $text, $options = array()) + { + printf("<text x=\"%F\" y=\"%F\" ", $x, $y); + svg_options($options); + print ">$text</text>\n"; + } + + function svg_line($x1, $y1, $x2, $y2, $options = array()) + { + printf("<line x1=\"%F\" y1=\"%F\" x2=\"%F\" y2=\"%F\" ", $x1, $y1, $x2, $y2); + svg_options($options); + print "/>\n"; + } + + function svg_rect($x, $y, $w, $h, $options = array()) + { + printf("<rect x=\"%F\" y=\"%F\" width=\"%F\" height=\"%F\" ", $x, $y, $w, $h); + svg_options($options); + print "/>\n"; + } + + function svg_poly($points, $options = array()) + { + print "<polygon points=\""; + for ($p = 0; $p < count($points); $p += 2) { + printf("%F,%F ", $points[$p], $points[$p+1]); + } + svg_options($options); + print "\"/>\n"; + } + + function allocate_color($colors) + { + $col['rgb'] = sprintf("#%02X%02X%02X", $colors[0], $colors[1], $colors[2]); + $col['opacity'] = sprintf("%F", (127 - $colors[3]) / 127); + return $col; + } + + function init_image() + { + global $xlm, $xrm, $ytm, $ybm, $iw, $ih,$graph, $cl, $iface, $colorscheme, $style; + + if ($graph == 'none') + return; + + // + // image object + // + $xlm = 70; + $xrm = 20; + $ytm = 35; + $ybm = 60; + if ($graph == 'small') + { + $iw = 300 + $xrm + $xlm; + $ih = 100 + $ytm + $ybm; + } + else + { + $iw = 600 + $xrm + $xlm; + $ih = 200 + $ytm + $ybm; + } + + svg_create($iw, $ih); + + // + // colors + // + $cs = $colorscheme; + $cl['image_background'] = allocate_color($cs['image_background']); + $cl['background'] = allocate_color($cs['graph_background']); + $cl['background_2'] = allocate_color($cs['graph_background_2']); + $cl['grid_stipple_1'] = allocate_color($cs['grid_stipple_1']); + $cl['grid_stipple_2'] = allocate_color($cs['grid_stipple_2']); + $cl['text'] = allocate_color($cs['text']); + $cl['border'] = allocate_color($cs['border']); + $cl['rx'] = allocate_color($cs['rx']); + $cl['rx_border'] = allocate_color($cs['rx_border']); + $cl['tx'] = allocate_color($cs['tx']); + $cl['tx_border'] = allocate_color($cs['tx_border']); + + svg_rect(0, 0, $iw, $ih, array( 'stroke' => 'none', 'stroke-width' => 0, 'fill' => $cl['image_background']['rgb']) ); + svg_rect($xlm, $ytm, $iw-$xrm-$xlm, $ih-$ybm-$ytm, array( 'stroke' => 'none', 'stroke-width' => 0, 'fill' => $cl['background']['rgb']) ); + + $depth = 12; + svg_group( array( 'stroke' => 'none', 'stroke-width' => 0, 'fill' => $cl['background_2']['rgb'], 'fill-opacity' => $cl['background_2']['opacity']) ); + svg_poly(array($xlm, $ytm, $xlm, $ih - $ybm, $xlm - $depth, $ih - $ybm + $depth, $xlm - $depth, $ytm + $depth)); + svg_poly(array($xlm, $ih - $ybm, $xlm - $depth, $ih - $ybm + $depth, $iw - $xrm - $depth, $ih - $ybm + $depth, $iw - $xrm, $ih - $ybm)); + svg_group_end(); + + // draw title + $text = T('Traffic data for')." $iface"; + svg_text($iw / 2, ($ytm / 2), $text, array( 'stroke' => $cl['text'], 'fill' => $cl['text']['rgb'],'stroke-width' => 0, 'font-family' => SVG_FONT, 'font-weight' => 'bold', 'text-anchor' => 'middle' )); + } + + function draw_border() + { + global $cl, $iw, $ih; + svg_rect(1, 1, $iw-2, $ih-2, array( 'stroke' => $cl['border']['rgb'], 'stroke-opacity' => $cl['border']['opacity'], 'stroke-width' => 1, 'fill' => 'none') ); + } + + function draw_grid($x_ticks, $y_ticks) + { + global $cl, $iw, $ih, $xlm, $xrm, $ytm, $ybm; + $x_step = ($iw - $xlm - $xrm) / $x_ticks; + $y_step = ($ih - $ytm - $ybm) / $y_ticks; + + $depth = 12; + + svg_group( array( 'stroke' => $cl['grid_stipple_1']['rgb'], 'stroke-opacity' => $cl['grid_stipple_1']['opacity'], 'stroke-width' => '1px', 'stroke-dasharray' => '1,1' ) ); + for ($i = $xlm; $i <= ($iw - $xrm); $i += $x_step) + { + svg_line($i, $ytm, $i, $ih-$ybm); + svg_line($i, $ih-$ybm, $i-$depth, $ih-$ybm+$depth); + } + for ($i = $ytm; $i <= ($ih - $ybm); $i += $y_step) + { + svg_line($xlm, $i, $iw - $xrm, $i); + svg_line($xlm, $i, $xlm - $depth, $i + $depth); + } + svg_group_end(); + + svg_group( array( 'stroke' => $cl['border']['rgb'], 'stroke-width' => '1px', 'stroke-opacity' => $cl['border']['opacity'] ) ); + svg_line($xlm, $ytm, $xlm, $ih - $ybm); + svg_line($xlm, $ih - $ybm, $iw - $xrm, $ih - $ybm); + svg_group_end(); + } + + + function draw_data($data) + { + global $cl,$iw,$ih,$xlm,$xrm,$ytm,$ybm; + + sort($data); + + $x_ticks = count($data); + $y_ticks = 10; + $y_scale = 1; + $prescale = 1; + $unit = 'K'; + $offset = 0; + $gr_h = $ih - $ytm - $ybm; + $x_step = ($iw - $xlm - $xrm) / $x_ticks; + $y_step = ($ih - $ytm - $ybm) / $y_ticks; + $bar_w = ($x_step / 2) ; + + // + // determine scale + // + $low = 99999999999; + $high = 0; + for ($i=0; $i<$x_ticks; $i++) + { + if ($data[$i]['rx'] < $low) + $low = $data[$i]['rx']; + if ($data[$i]['tx'] < $low) + $low = $data[$i]['tx']; + if ($data[$i]['rx'] > $high) + $high = $data[$i]['rx']; + if ($data[$i]['tx'] > $high) + $high = $data[$i]['tx']; + } + + while ($high > ($prescale * $y_scale * $y_ticks)) + { + $y_scale = $y_scale * 2; + if ($y_scale >= 1024) + { + $prescale = $prescale * 1024; + $y_scale = $y_scale / 1024; + if ($unit == 'K') + $unit = 'M'; + else if ($unit == 'M') + $unit = 'G'; + else if ($unit == 'G') + $unit = 'T'; + } + } + + draw_grid($x_ticks, $y_ticks); + + // + // graph scale factor (per pixel) + // + $sf = ($prescale * $y_scale * $y_ticks) / $gr_h; + + if ($data[0] == 'nodata') + { + $text = 'no data available'; + svg_text($iw/2, $ytm + 80, $text, array( 'stroke' => $cl['text']['rgb'], 'fill' => $cl['text']['rgb'], 'stroke-width' => 0, 'font-family' => SVG_FONT, 'font-size' => '16pt', 'text-anchor' => 'middle') ); + } + else + { + // + // draw bars + // + for ($i=0; $i<$x_ticks; $i++) + { + $x = $xlm + ($i * $x_step); + $y = $ytm + ($ih - $ytm - $ybm) - (($data[$i]['rx'] - $offset) / $sf); + + $depth = ($x_ticks < 20) ? 8 : 6; + $space = 0; + + $x1 = (int)$x; + $y1 = (int)$y; + $w = (int)($bar_w - $space); + $h = (int)($ih - $ybm - $y); + $x2 = (int)($x + $bar_w - $space); + $y2 = (int)($ih - $ybm); + + svg_group( array( 'stroke' => $cl['rx_border']['rgb'], 'stroke-opacity' => $cl['rx_border']['opacity'], + 'stroke-width' => 1, 'stroke-linejoin' => 'round', + 'fill' => $cl['rx']['rgb'], 'fill-opacity' => $cl['rx']['opacity'] ) ); + svg_rect($x1, $y1, $w, $h); + svg_rect($x1 - $depth, $y1 + $depth, $w, $h); + svg_poly(array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth)); + svg_poly(array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth)); + svg_group_end(); + + $y1 = (int)($ytm + ($ih - $ytm - $ybm) - (($data[$i]['tx'] - $offset) / $sf)); + $x1 = (int)($x1 + $bar_w); + $x2 = (int)($x2 + $bar_w); + $w = (int)($bar_w - $space); + $h = (int)($ih - $ybm - $y1 - 1); + + svg_group( array( 'stroke' => $cl['tx_border']['rgb'], 'stroke-opacity' => $cl['tx_border']['opacity'], + 'stroke-width' => 1, 'stroke-linejoin' => 'round', + 'fill' => $cl['tx']['rgb'], 'fill-opacity' => $cl['tx']['opacity'] ) ); + svg_rect($x1, $y1, $w, $h); + svg_rect($x1 - $depth, $y1 + $depth, $w, $h); + svg_poly(array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth)); + svg_poly(array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth)); + svg_group_end(); + } + + // + // axis labels + // + svg_group( array( 'fill' => $cl['text']['rgb'], 'fill-opacity' => $cl['text']['opacity'], 'stroke-width' => '0', 'font-family' => SVG_FONT, 'font-size' => '10pt', 'text-anchor' => 'end' ) ); + for ($i=0; $i<=$y_ticks; $i++) + { + $label = ($i * $y_scale).$unit; + $tx = $xlm - 16; + $ty = (int)(($ih - $ybm) - ($i * $y_step) + 8 + $depth); + svg_text($tx, $ty, $label); + } + svg_group_end(); + + svg_group( array( 'fill' => $cl['text']['rgb'], 'fill-opacity' => $cl['text']['opacity'], 'stroke-width' => '0', 'font-family' => SVG_FONT, 'font-size' => '10pt', 'text-anchor' => 'middle' ) ); + for ($i=0; $i<$x_ticks; $i++) + { + $label = $data[$i]['img_label']; + svg_text($xlm + ($i * $x_step) + ($x_step / 2) - $depth - 4, $ih - $ybm + 20 + $depth, $label); + } + svg_group_end(); + } + + draw_border(); + + + // + // legend + // + svg_rect($xlm, $ih-$ybm+39, 8, 8, array( 'stroke' => $cl['text']['rgb'], 'stroke-width' => 1, 'fill' => $cl['rx']['rgb']) ); + svg_text($xlm+14, $ih-$ybm+48, T('bytes in'), array( 'fill' => $cl['text']['rgb'], 'stroke-width' => 0, 'font-family' => SVG_FONT, 'font-size' => '8pt') ); + + svg_rect($xlm+120 , $ih-$ybm+39, 8, 8, array( 'stroke' => $cl['text']['rgb'], 'stroke-width' => 1, 'fill' => $cl['tx']['rgb']) ); + svg_text($xlm+134, $ih-$ybm+48, T('bytes out'), array( 'fill' => $cl['text']['rgb'], 'stroke-width' => 0, 'font-family' => SVG_FONT, 'font-size' => '8pt') ); + } + + function output_image() + { + global $page,$hour,$day,$month,$iface; + + if ($page == 'summary') + return; + + init_image(); + + if ($page == 'h') + { + draw_data($hour); + } + else if ($page == 'd') + { + draw_data($day); + } + else if ($page == 'm') + { + draw_data($month); + } + + svg_end(); + } + + get_vnstat_data(); + output_image(); +?> diff --git a/config/vnstat2/vnstat_php_frontend/index.php b/config/vnstat2/vnstat_php_frontend/index.php new file mode 100644 index 00000000..70c0427f --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/index.php @@ -0,0 +1,196 @@ +<?php + // + // vnStat PHP frontend (c)2006-2010 Bjorge Dijkstra (bjd@jooz.net) + // + // This program is free software; you can redistribute it and/or modify + // it under the terms of the GNU General Public License as published by + // the Free Software Foundation; either version 2 of the License, or + // (at your option) any later version. + // + // This program is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + // GNU General Public License for more details. + // + // You should have received a copy of the GNU General Public License + // along with this program; if not, write to the Free Software + // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + // + // + // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // for more information. + // + require 'config.php'; + require 'localize.php'; + require 'vnstat.php'; + + validate_input(); + + require "./themes/$style/theme.php"; + + function write_side_bar() + { + global $iface, $page, $graph, $script, $style; + global $iface_list, $iface_title; + global $page_list, $page_title; + + $p = "&graph=$graph&style=$style"; + + print "<ul class=\"iface\">\n"; + foreach ($iface_list as $if) + { + print "<li class=\"iface\">"; + if (isset($iface_title[$if])) + { + print $iface_title[$if]; + } + else + { + print $if; + } + print "<ul class=\"page\">\n"; + foreach ($page_list as $pg) + { + print "<li class=\"page\"><a href=\"$script?if=$if$p&page=$pg\">".$page_title[$pg]."</a></li>\n"; + } + print "</ul></li>\n"; + + } + print "</ul>\n"; + } + + + function kbytes_to_string($kb) + { + $units = array('TB','GB','MB','KB'); + $scale = 1024*1024*1024; + $ui = 0; + + while (($kb < $scale) && ($scale > 1)) + { + $ui++; + $scale = $scale / 1024; + } + return sprintf("%0.2f %s", ($kb/$scale),$units[$ui]); + } + + function write_summary() + { + global $summary,$top,$day,$hour,$month; + + $trx = $summary['totalrx']*1024+$summary['totalrxk']; + $ttx = $summary['totaltx']*1024+$summary['totaltxk']; + + // + // build array for write_data_table + // + $sum[0]['act'] = 1; + $sum[0]['label'] = T('This hour'); + $sum[0]['rx'] = $hour[0]['rx']; + $sum[0]['tx'] = $hour[0]['tx']; + + $sum[1]['act'] = 1; + $sum[1]['label'] = T('This day'); + $sum[1]['rx'] = $day[0]['rx']; + $sum[1]['tx'] = $day[0]['tx']; + + $sum[2]['act'] = 1; + $sum[2]['label'] = T('This month'); + $sum[2]['rx'] = $month[0]['rx']; + $sum[2]['tx'] = $month[0]['tx']; + + $sum[3]['act'] = 1; + $sum[3]['label'] = T('All time'); + $sum[3]['rx'] = $trx; + $sum[3]['tx'] = $ttx; + + write_data_table(T('Summary'), $sum); + print "<br/>\n"; + write_data_table(T('Top 10 days'), $top); + } + + + function write_data_table($caption, $tab) + { + print "<table width=\"100%\" cellspacing=\"0\">\n"; + print "<caption>$caption</caption>\n"; + print "<tr>"; + print "<th class=\"label\" style=\"width:120px;\"> </th>"; + print "<th class=\"label\">".T('In')."</th>"; + print "<th class=\"label\">".T('Out')."</th>"; + print "<th class=\"label\">".T('Total')."</th>"; + print "</tr>\n"; + + for ($i=0; $i<count($tab); $i++) + { + if ($tab[$i]['act'] == 1) + { + $t = $tab[$i]['label']; + $rx = kbytes_to_string($tab[$i]['rx']); + $tx = kbytes_to_string($tab[$i]['tx']); + $total = kbytes_to_string($tab[$i]['rx']+$tab[$i]['tx']); + $id = ($i & 1) ? 'odd' : 'even'; + print "<tr>"; + print "<td class=\"label_$id\">$t</td>"; + print "<td class=\"numeric_$id\">$rx</td>"; + print "<td class=\"numeric_$id\">$tx</td>"; + print "<td class=\"numeric_$id\">$total</td>"; + print "</tr>\n"; + } + } + print "</table>\n"; + } + + get_vnstat_data(); + + // + // html start + // + header('Content-type: text/html; charset=utf-8'); + print '<?xml version="1.0"?>'; +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> + <title>vnStat - PHP frontend</title> + <link rel="stylesheet" type="text/css" href="themes/<?php echo $style ?>/style.css"/> +</head> +<body> + +<div id="wrap"> + <div id="sidebar"><?php write_side_bar(); ?></div> + <div id="content"> + <div id="header"><?php print T('Traffic data for')." $iface_title[$iface] ($iface)";?></div> + <div id="main"> + <?php + $graph_params = "if=$iface&page=$page&style=$style"; + if ($page != 's') + if ($graph_format == 'svg') { + print "<object type=\"image/svg+xml\" width=\"692\" height=\"297\" data=\"graph_svg.php?$graph_params\"></object>\n"; + } else { + print "<img src=\"graph.php?$graph_params\" alt=\"graph\"/>\n"; + } + + if ($page == 's') + { + write_summary(); + } + else if ($page == 'h') + { + write_data_table(T('Last 24 hours'), $hour); + } + else if ($page == 'd') + { + write_data_table(T('Last 30 days'), $day); + } + else if ($page == 'm') + { + write_data_table(T('Last 12 months'), $month); + } + ?> + </div> + <div id="footer"><a href="http://www.sqweek.com/">vnStat PHP frontend</a> 1.5.1 - ©2006-2010 Bjorge Dijkstra (bjd _at_ jooz.net)</div> + </div> +</div> + +</body></html> diff --git a/config/vnstat2/vnstat_php_frontend/lang/cs.php b/config/vnstat2/vnstat_php_frontend/lang/cs.php new file mode 100644 index 00000000..e6955964 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/cs.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'shrnutÃ'; +$L['hours'] = 'hodiny'; +$L['days'] = 'dny'; +$L['months'] = 'mÄ›sÃce'; + +// main table headers +$L['Summary'] = 'ShrnutÃ'; +$L['Top 10 days'] = 'Nej 10 dnÃ'; +$L['Last 24 hours'] = 'PoslednÃch 24 hodin'; +$L['Last 30 days'] = 'PoslednÃch 30 dnÃ'; +$L['Last 12 months'] = 'PoslednÃch 12 mÄ›sÃců'; + +// traffic table columns +$L['In'] = 'StahovánÃ'; +$L['Out'] = 'OdesÃlánÃ'; +$L['Total'] = 'Celkem'; + +// summary rows +$L['This hour'] = 'Tato hodina'; +$L['This day'] = 'Tento den'; +$L['This month'] = 'Tento mÄ›sÃc'; +$L['All time'] = 'Za celou dobu'; + +// graph text +$L['Traffic data for'] = 'PÅ™ehled pro'; +$L['bytes in'] = 'bytů staženo'; +$L['bytes out'] = 'bytů odesláno'; + +// date formats +$L['datefmt_days'] = '%d. %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%k%p'; +$L['datefmt_hours_img'] = '%k'; +$L['datefmt_top'] = '%d. %B %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/en.php b/config/vnstat2/vnstat_php_frontend/lang/en.php new file mode 100644 index 00000000..b5e6cf0b --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/en.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'summary'; +$L['hours'] = 'hours'; +$L['days'] = 'days'; +$L['months'] = 'months'; + +// main table headers +$L['Summary'] = 'Summary'; +$L['Top 10 days'] = 'Top 10 days'; +$L['Last 24 hours'] = 'Last 24 hours'; +$L['Last 30 days'] = 'Last 30 days'; +$L['Last 12 months'] = 'Last 12 months'; + +// traffic table columns +$L['In'] = 'In'; +$L['Out'] = 'Out'; +$L['Total'] = 'Total'; + +// summary rows +$L['This hour'] = 'This hour'; +$L['This day'] = 'This day'; +$L['This month'] = 'This month'; +$L['All time'] = 'All time'; + +// graph text +$L['Traffic data for'] = 'Traffic data for'; +$L['bytes in'] = 'bytes in'; +$L['bytes out'] = 'bytes out'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%l%p'; +$L['datefmt_hours_img'] = '%l'; +$L['datefmt_top'] = '%d %B %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/nl.php b/config/vnstat2/vnstat_php_frontend/lang/nl.php new file mode 100644 index 00000000..76691e0a --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/nl.php @@ -0,0 +1,40 @@ +<?php + +// sidebar labels +$L['summary'] = 'samenvatting'; +$L['hours'] = 'uren'; +$L['days'] = 'dagen'; +$L['months'] = 'maanden'; + +// main table headers +$L['Summary'] = 'Samenvatting'; +$L['Top 10 days'] = 'Top 10 dagen'; +$L['Last 24 hours'] = 'Afgelopen 24 uur'; +$L['Last 30 days'] = 'Afgelopen 30 dagen'; +$L['Last 12 months'] = 'Afgelopen 12 maanden'; + +// traffic table columns +$L['In'] = 'In'; +$L['Out'] = 'Uit'; +$L['Total'] = 'Totaal'; + +// summary rows +$L['This hour'] = 'Dit uur'; +$L['This day'] = 'Deze dag'; +$L['This month'] = 'Deze maand'; +$L['All time'] = 'Altijd'; + +// graph text +$L['Traffic data for'] = 'Data verkeer voor'; +$L['bytes in'] = 'bytes in'; +$L['bytes out'] = 'bytes uit'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%H:%M'; +$L['datefmt_hours_img'] = '%H'; +$L['datefmt_top'] = '%d %B %Y'; + diff --git a/config/vnstat2/vnstat_php_frontend/localize.php b/config/vnstat2/vnstat_php_frontend/localize.php new file mode 100644 index 00000000..3695912f --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/localize.php @@ -0,0 +1,15 @@ +<?php + // setup locale and translation + setlocale(LC_ALL, $locale); + require "lang/$language.php"; + + function T($str) + { + global $L; + if (isset($L[$str])) + return $L[$str]; + else + return $str; + } + +?> diff --git a/config/vnstat2/vnstat_php_frontend/themes/dark/style.css b/config/vnstat2/vnstat_php_frontend/themes/dark/style.css new file mode 100644 index 00000000..8cf475fe --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/dark/style.css @@ -0,0 +1,21 @@ +* {margin:0; padding:0;} +body {background:#2f2f2f; font-family:Verdana; font-size:12px;} +#wrap {width: 960px; background:#242424; padding:10px; margin:0 auto; border:1px solid #474747;} +#sidebar {width: 160px; float: left; padding: 3px 4px; color: #fff; background-color: #2F2F2F; border:1px solid #474747; -moz-border-radius:8px;} +#sidebar ul.iface {} +#sidebar li.iface {list-style-type:none; color:#08BB08; text-transform:uppercase; padding-bottom:10px; text-align:center;} +#sidebar a{color:#aaa;} +#sidebar ul.page {} +#sidebar li.page {list-style-type:none; text-transform:none;} +#content {margin-left: 180px; width: 780px;} +#header {padding: 3px; color: #fff; background-color: #2F2F2F; text-align: center; border:1px solid #474747; font-size:14px; font-weight:bold; -moz-border-radius:8px;} +#footer {padding: 3px; color: #fff; background-color: #2F2F2F; text-align: center; border:1px solid #474747; font-size:11px; -moz-border-radius:8px; clear:both; margin-top:10px;} +#footer a {color:#fff;} +#main {padding: 10px 10px 10px 10px; color: #fff; background-color: #2F2F2F; text-align: center; border:1px solid #474747; -moz-border-radius:8px; margin-top:10px;} +#main td {padding:1px 0;} +#main td.numeric_odd {text-align: right; color: #fff; background:#474747;} +#main td.numeric_even {text-align: right; color: #fff; background:#242424;} +#main td.label_odd {color: #fff; background:#474747;} +#main td.label_even {color: #fff; background:#242424;} +#main th.label {color: #fff; padding:2px 0; border-bottom:1px solid #fff;} +#main caption {padding: 3px 0 4px 0; color:#08BB08; text-transform:uppercase;}
\ No newline at end of file diff --git a/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php b/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php new file mode 100644 index 00000000..6df45cb2 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php @@ -0,0 +1,16 @@ +<?php + // A dark colorscheme based on a contribution by Mart Visser + $colorscheme = array( + 'image_background' => array( 36, 36, 36, 0 ), + 'graph_background' => array( 220, 220, 230, 0 ), + 'graph_background_2' => array( 205, 205, 220, 0 ), + 'grid_stipple_1' => array( 140, 140, 140, 0 ), + 'grid_stipple_2' => array( 200, 200, 200, 0 ), + 'border' => array( 71, 71, 71, 0 ), + 'text' => array( 255, 255, 255,0 ), + 'rx' => array( 10, 180, 10, 50 ), + 'rx_border' => array( 0, 120, 0, 90 ), + 'tx' => array( 130, 130, 130, 50 ), + 'tx_border' => array( 60, 60, 60, 90 ) + ); +?> diff --git a/config/vnstat2/vnstat_php_frontend/themes/espresso/style.css b/config/vnstat2/vnstat_php_frontend/themes/espresso/style.css new file mode 100644 index 00000000..e5dff7f9 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/espresso/style.css @@ -0,0 +1,170 @@ +body +{ + background-color: #363330; + margin: 8px; + padding: 0; +} + +#content +{ + width: 898px; +} + +#sidebar +{ + position: absolute; + left: 8px; + top: 8px; + width: 160px; + border-right: 1px solid #D3CAAA; + border-collapse: collapse; + float: left; +} + +#sidebar ul.iface +{ + margin: 0px; + padding: 0px; + border-top: 1px dashed #D3CAAA; + background-color: #363330; + color: #D3CAAA; +} + +#sidebar li.iface +{ + list-style-type: none; + margin: 0px; + padding: 0px; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + border-bottom: 1px dashed #D3CAAA; +} + +#sidebar a +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; +} + +#sidebar ul.page +{ + margin: 0px; + padding: 0px; + border-top: 1px dashed #D3CAAA; +} + +#sidebar li.page +{ + list-style-type: none; + margin: 0px; + padding: 4px; + border: none; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.75em; + font-weight: normal; + text-align: right; + background-color: #413D39; + color: #D3CAAA; +} + + +#header +{ + width: 720px; + margin-left: 160px; + padding: 0px 8px 0px 8px; + border-width: 1px 1px 1px 1px; + border-style: dashed solid dashed solid; + border-color: #D3CAAA; + border-collapse: collapse; + background-color: #363330; + color: #D3CAAA; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + text-align: center; +} + +#footer +{ + width: 720px; + margin-left: 160px; + padding: 2px 8px 2px 8px; + border-width: 1px 1px 1px 1px; + border-style: solid; + border-color: #D3CAAA; + border-collapse: collapse; + background-color: #363330; + color: #D3CAAA; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.70em; + text-align: center; +} + +#main +{ + width: 720px; + margin-left: 160px; + padding: 8px 8px 8px 8px; + border-left: 1px solid #D3CAAA; + border-right: 1px solid #D3CAAA; + border-collapse: collapse; +} + +#main td +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.8em; +} + +#main td.numeric_odd +{ + text-align: right; + background-color: #756F68; + color: #D3CAAA; +} + +#main td.numeric_even +{ + text-align: right; + background-color: #544C4A; + color: #D3CAAA; +} + +#main td.label_odd +{ + background-color: #413D39; + color: #D3CAAA; +} + +#main td.label_even +{ + background-color: #5A514F; + color: #D3CAAA; +} + +#main th.label +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + background-color: #413D39; + color: #D3CAAA; +} + +#main caption +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1.25em; + font-weight: bold; + padding: 4px; + color: #D3CAAA; +} + +a +{ + text-decoration: none; + color: #D3CAAA; +} diff --git a/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php b/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php new file mode 100644 index 00000000..3c7818f5 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php @@ -0,0 +1,17 @@ +<?php + // A dark colorscheme based on a contribution by Márcio Bremm + // It is based also on Espresso (gtkrc theme) by Jesse L. Kay + $colorscheme = array( + 'image_background' => array( 065, 061, 057, 0 ), + 'graph_background' => array( 117, 111, 104, 30 ), + 'graph_background_2' => array( 128, 122, 102, 30 ), + 'grid_stipple_1' => array( 140, 140, 140, 0 ), + 'grid_stipple_2' => array( 200, 200, 200, 0 ), + 'border' => array( 211, 202, 170, 0 ), + 'text' => array( 211, 202, 170, 0 ), + 'rx' => array( 211, 202, 170, 50 ), + 'rx_border' => array( 80, 40, 40, 90 ), + 'tx' => array( 163, 156, 131, 50 ), + 'tx_border' => array( 60, 60, 60, 90 ) + ); +?> diff --git a/config/vnstat2/vnstat_php_frontend/themes/light/style.css b/config/vnstat2/vnstat_php_frontend/themes/light/style.css new file mode 100644 index 00000000..28503f1d --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/light/style.css @@ -0,0 +1,159 @@ +body +{ + margin: 0; + padding: 0; +} + +#wrap +{ + xwidth: 868px; +} + +#sidebar +{ + width: 160px; + border-right: 1px solid #99b; + border-collapse: collapse; + float: left; +} + +#sidebar ul.iface +{ + margin: 0; + padding: 0; + border-top: 1px solid #99b; + color: #000; + background-color: #eef; +} + +#sidebar li.iface +{ + margin: 0; + padding: 0; + list-style-type: none; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + xborder-top: 1px solid #99b; + border-bottom: 1px solid #99b; +} + +#sidebar a +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; +} + +#sidebar ul.page +{ + margin: 0; + padding: 0; + border-top: 1px solid #99b; +} + +#sidebar li.page +{ + margin: 0; + padding: 4px; + border: none; + list-style-type: none; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.75em; + font-weight: normal; + text-align: right; + color: #000; + background-color: #fff; +} + +#content +{ + margin-left: 160px; + width: 720px; +} + + +#header +{ + padding: 0px 8px 0px 8px; + border-width: 1px; + border-style: solid solid solid solid; + border-color: #99b; + border-collapse: collapse; + color: #000; + background-color: #eef; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + text-align: center; +} + +#footer +{ + padding: 2px 8px 2px 8px; + border: 1px solid #99b; + border-collapse: collapse; + color: #000; + background-color: #eef; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.65em; + font-weight: bold; + text-align: center; +} + +#main +{ + padding: 8px; + border-left: 1px solid #99b; + border-right: 1px solid #99b; + border-collapse: collapse; +} + +#main td +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.8em; +} + +#main td.numeric_odd +{ + text-align: right; + color: #000; + background-color: #eef; +} + +#main td.numeric_even +{ + text-align: right; + color: #000; + background-color: #fff; +} + +#main td.label_odd +{ + color: #000; + background-color: #dde; +} + +#main td.label_even +{ + color: #000; + background-color: #eee; +} + +#main th.label +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + color: #000; + background-color: #dde; +} + +#main caption +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1.25em; + font-weight: bold; + padding: 4px; +} diff --git a/config/vnstat2/vnstat_php_frontend/themes/light/theme.php b/config/vnstat2/vnstat_php_frontend/themes/light/theme.php new file mode 100644 index 00000000..2516c874 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/light/theme.php @@ -0,0 +1,15 @@ +<?php + $colorscheme = array( + 'image_background' => array( 255, 255, 255, 0 ), + 'graph_background' => array( 220, 220, 230, 0 ), + 'graph_background_2' => array( 205, 205, 220, 0 ), + 'grid_stipple_1' => array( 140, 140, 140, 0 ), + 'grid_stipple_2' => array( 200, 200, 200, 0 ), + 'border' => array( 0, 0, 0, 0 ), + 'text' => array( 0, 0, 0, 0 ), + 'rx' => array( 190, 190, 20, 50 ), + 'rx_border' => array( 40, 80, 40, 90 ), + 'tx' => array( 130, 160, 100, 50 ), + 'tx_border' => array( 80, 40, 40, 90 ) + ); +?> diff --git a/config/vnstat2/vnstat_php_frontend/themes/pfSense/style.css b/config/vnstat2/vnstat_php_frontend/themes/pfSense/style.css new file mode 100644 index 00000000..0136624d --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/pfSense/style.css @@ -0,0 +1,170 @@ +body +{ + background-color: #FFFFFF; + margin: 8px; + padding: 0; +} + +#content +{ + width: 898px; +} + +#sidebar +{ + position: absolute; + left: 8px; + top: 8px; + width: 160px; + border-right: 1px solid #990000; + border-collapse: collapse; + float: left; +} + +#sidebar ul.iface +{ + margin: 0px; + padding: 0px; + border-top: 1px dashed #990000; + background-color: #990000; + color: #FFFFFF; +} + +#sidebar li.iface +{ + list-style-type: none; + margin: 1px; + padding: 0px; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + border-bottom: 1px dashed #990000; +} + +#sidebar a +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; +} + +#sidebar ul.page +{ + margin: 0px; + padding: 0px; + border-top: 1px dashed #990000; +} + +#sidebar li.page +{ + list-style-type: none; + margin: 0px; + padding: 4px; + border: none; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.75em; + font-weight: normal; + text-align: right; + background-color: #BBBBBB; + color: #000000; +} + + +#header +{ + width: 720px; + margin-left: 160px; + padding: 0px 8px 0px 8px; + border-width: 1px 1px 1px 1px; + border-style: dashed solid dashed solid; + border-color: #990000; + border-collapse: collapse; + background-color: #990000; + color: #FFFFFF; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + text-align: center; +} + +#footer +{ + width: 720px; + margin-left: 160px; + padding: 2px 8px 2px 8px; + border-width: 1px 1px 1px 1px; + border-style: solid; + border-color: #82001D; + border-collapse: collapse; + background-color: #D2D2D2; + color: #82001D; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.70em; + text-align: center; +} + +#main +{ + width: 720px; + margin-left: 160px; + padding: 8px 8px 8px 8px; + border-left: 1px solid #82001D; + border-right: 1px solid #82001D; + border-collapse: collapse; +} + +#main td +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.8em; +} + +#main td.numeric_odd +{ + text-align: right; + background-color: #C9C9C9; + color: #82001D; +} + +#main td.numeric_even +{ + text-align: right; + background-color: #CFCFCF; + color: #82001D; +} + +#main td.label_odd +{ + background-color: #A6A6A6; + color: #82001D; +} + +#main td.label_even +{ + background-color: #C1C1C1; + color: #82001D; +} + +#main th.label +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + background-color: #A6A6A6; + color: #82001D; +} + +#main caption +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1.25em; + font-weight: bold; + padding: 4px; + color: #82001D; +} + +a +{ + text-decoration: none; + color: #000000; +} diff --git a/config/vnstat2/vnstat_php_frontend/themes/pfSense/theme.php b/config/vnstat2/vnstat_php_frontend/themes/pfSense/theme.php new file mode 100644 index 00000000..6489f842 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/pfSense/theme.php @@ -0,0 +1,17 @@ +<?php + // A red colorscheme based on a contribution by Perry Mason + // Updated by Bryan Paradis to fit with vnstat2_php_frontend-1.5.1 + $colorscheme = array( + 'image_background' => array( 240, 240, 240, 0 ), + 'graph_background' => array( 255, 255, 255, 0 ), + 'graph_background_2' => array( 255, 255, 255, 0 ), + 'grid_stipple_1' => array( 144, 0, 0, 0 ), + 'grid_stipple_2' => array( 144, 0, 0, 0 ), + 'border' => array( 0, 0, 0, 0 ), + 'text' => array( 0, 0, 0, 0 ), + 'rx' => array( 190, 20, 20, 50 ), + 'rx_border' => array( 80, 40, 40, 90 ), + 'tx' => array( 130, 130, 130, 50 ), + 'tx_border' => array( 60, 60, 60, 90 ) + ); +?>
\ No newline at end of file diff --git a/config/vnstat2/vnstat_php_frontend/themes/red/style.css b/config/vnstat2/vnstat_php_frontend/themes/red/style.css new file mode 100644 index 00000000..48ab8d55 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/red/style.css @@ -0,0 +1,170 @@ +body +{ + background-color: #D2D2D2; + margin: 8px; + padding: 0; +} + +#content +{ + width: 898px; +} + +#sidebar +{ + position: absolute; + left: 8px; + top: 8px; + width: 160px; + border-right: 1px solid #82001D; + border-collapse: collapse; + float: left; +} + +#sidebar ul.iface +{ + margin: 0px; + padding: 0px; + border-top: 1px dashed #82001D; + background-color: #D2D2D2; + color: #82001D; +} + +#sidebar li.iface +{ + list-style-type: none; + margin: 0px; + padding: 0px; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + border-bottom: 1px dashed #82001D; +} + +#sidebar a +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; +} + +#sidebar ul.page +{ + margin: 0px; + padding: 0px; + border-top: 1px dashed #82001D; +} + +#sidebar li.page +{ + list-style-type: none; + margin: 0px; + padding: 4px; + border: none; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.75em; + font-weight: normal; + text-align: right; + background-color: #C1C1C1; + color: #82001D; +} + + +#header +{ + width: 720px; + margin-left: 160px; + padding: 0px 8px 0px 8px; + border-width: 1px 1px 1px 1px; + border-style: dashed solid dashed solid; + border-color: #82001D; + border-collapse: collapse; + background-color: #D2D2D2; + color: #82001D; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + text-align: center; +} + +#footer +{ + width: 720px; + margin-left: 160px; + padding: 2px 8px 2px 8px; + border-width: 1px 1px 1px 1px; + border-style: solid; + border-color: #82001D; + border-collapse: collapse; + background-color: #D2D2D2; + color: #82001D; + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.70em; + text-align: center; +} + +#main +{ + width: 720px; + margin-left: 160px; + padding: 8px 8px 8px 8px; + border-left: 1px solid #82001D; + border-right: 1px solid #82001D; + border-collapse: collapse; +} + +#main td +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 0.8em; +} + +#main td.numeric_odd +{ + text-align: right; + background-color: #C9C9C9; + color: #82001D; +} + +#main td.numeric_even +{ + text-align: right; + background-color: #CFCFCF; + color: #82001D; +} + +#main td.label_odd +{ + background-color: #A6A6A6; + color: #82001D; +} + +#main td.label_even +{ + background-color: #C1C1C1; + color: #82001D; +} + +#main th.label +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1em; + font-weight: bold; + background-color: #A6A6A6; + color: #82001D; +} + +#main caption +{ + font-family: 'Trebuchet MS', Verdana, sans-serif; + font-size: 1.25em; + font-weight: bold; + padding: 4px; + color: #82001D; +} + +a +{ + text-decoration: none; + color: #A80022; +} diff --git a/config/vnstat2/vnstat_php_frontend/themes/red/theme.php b/config/vnstat2/vnstat_php_frontend/themes/red/theme.php new file mode 100644 index 00000000..2c9ba6f4 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/themes/red/theme.php @@ -0,0 +1,16 @@ +<?php + // A red colorscheme based on a contribution by Enrico Tröger + $colorscheme = array( + 'image_background' => array( 225, 225, 225, 0 ), + 'graph_background' => array( 220, 220, 230, 0 ), + 'graph_background_2' => array( 205, 205, 220, 0 ), + 'grid_stipple_1' => array( 140, 140, 140, 0 ), + 'grid_stipple_2' => array( 200, 200, 200, 0 ), + 'border' => array( 0, 0, 0, 0 ), + 'text' => array( 0, 0, 0, 0 ), + 'rx' => array( 190, 20, 20, 50 ), + 'rx_border' => array( 80, 40, 40, 90 ), + 'tx' => array( 130, 130, 130, 50 ), + 'tx_border' => array( 60, 60, 60, 90 ) + ); +?> diff --git a/config/vnstat2/vnstat_php_frontend/vera_copyright.txt b/config/vnstat2/vnstat_php_frontend/vera_copyright.txt new file mode 100644 index 00000000..e651be1c --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/vera_copyright.txt @@ -0,0 +1,124 @@ +Bitstream Vera Fonts Copyright + +The fonts have a generous copyright, allowing derivative works (as +long as "Bitstream" or "Vera" are not in the names), and full +redistribution (so long as they are not *sold* by themselves). They +can be be bundled, redistributed and sold with any software. + +The fonts are distributed under the following copyright: + +Copyright +========= + +Copyright (c) 2003 by Bitstream, Inc. All Rights Reserved. Bitstream +Vera is a trademark of Bitstream, Inc. + +Permission is hereby granted, free of charge, to any person obtaining +a copy of the fonts accompanying this license ("Fonts") and associated +documentation files (the "Font Software"), to reproduce and distribute +the Font Software, including without limitation the rights to use, +copy, merge, publish, distribute, and/or sell copies of the Font +Software, and to permit persons to whom the Font Software is furnished +to do so, subject to the following conditions: + +The above copyright and trademark notices and this permission notice +shall be included in all copies of one or more of the Font Software +typefaces. + +The Font Software may be modified, altered, or added to, and in +particular the designs of glyphs or characters in the Fonts may be +modified and additional glyphs or characters may be added to the +Fonts, only if the fonts are renamed to names not containing either +the words "Bitstream" or the word "Vera". + +This License becomes null and void to the extent applicable to Fonts +or Font Software that has been modified and is distributed under the +"Bitstream Vera" names. + +The Font Software may be sold as part of a larger software package but +no copy of one or more of the Font Software typefaces may be sold by +itself. + +THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT +OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL +BITSTREAM OR THE GNOME FOUNDATION BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, +OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO USE THE FONT +SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE. + +Except as contained in this notice, the names of Gnome, the Gnome +Foundation, and Bitstream Inc., shall not be used in advertising or +otherwise to promote the sale, use or other dealings in this Font +Software without prior written authorization from the Gnome Foundation +or Bitstream Inc., respectively. For further information, contact: +fonts at gnome dot org. + +Copyright FAQ +============= + + 1. I don't understand the resale restriction... What gives? + + Bitstream is giving away these fonts, but wishes to ensure its + competitors can't just drop the fonts as is into a font sale system + and sell them as is. It seems fair that if Bitstream can't make money + from the Bitstream Vera fonts, their competitors should not be able to + do so either. You can sell the fonts as part of any software package, + however. + + 2. I want to package these fonts separately for distribution and + sale as part of a larger software package or system. Can I do so? + + Yes. A RPM or Debian package is a "larger software package" to begin + with, and you aren't selling them independently by themselves. + See 1. above. + + 3. Are derivative works allowed? + Yes! + + 4. Can I change or add to the font(s)? + Yes, but you must change the name(s) of the font(s). + + 5. Under what terms are derivative works allowed? + + You must change the name(s) of the fonts. This is to ensure the + quality of the fonts, both to protect Bitstream and Gnome. We want to + ensure that if an application has opened a font specifically of these + names, it gets what it expects (though of course, using fontconfig, + substitutions could still could have occurred during font + opening). You must include the Bitstream copyright. Additional + copyrights can be added, as per copyright law. Happy Font Hacking! + + 6. If I have improvements for Bitstream Vera, is it possible they might get + adopted in future versions? + + Yes. The contract between the Gnome Foundation and Bitstream has + provisions for working with Bitstream to ensure quality additions to + the Bitstream Vera font family. Please contact us if you have such + additions. Note, that in general, we will want such additions for the + entire family, not just a single font, and that you'll have to keep + both Gnome and Jim Lyles, Vera's designer, happy! To make sense to add + glyphs to the font, they must be stylistically in keeping with Vera's + design. Vera cannot become a "ransom note" font. Jim Lyles will be + providing a document describing the design elements used in Vera, as a + guide and aid for people interested in contributing to Vera. + + 7. I want to sell a software package that uses these fonts: Can I do so? + + Sure. Bundle the fonts with your software and sell your software + with the fonts. That is the intent of the copyright. + + 8. If applications have built the names "Bitstream Vera" into them, + can I override this somehow to use fonts of my choosing? + + This depends on exact details of the software. Most open source + systems and software (e.g., Gnome, KDE, etc.) are now converting to + use fontconfig (see www.fontconfig.org) to handle font configuration, + selection and substitution; it has provisions for overriding font + names and subsituting alternatives. An example is provided by the + supplied local.conf file, which chooses the family Bitstream Vera for + "sans", "serif" and "monospace". Other software (e.g., the XFree86 + core server) has other mechanisms for font substitution. + diff --git a/config/vnstat2/vnstat_php_frontend/vnstat.php b/config/vnstat2/vnstat_php_frontend/vnstat.php new file mode 100644 index 00000000..9c7e211c --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/vnstat.php @@ -0,0 +1,211 @@ +<?php + // + // vnStat PHP frontend (c)2006-2010 Bjorge Dijkstra (bjd@jooz.net) + // + // This program is free software; you can redistribute it and/or modify + // it under the terms of the GNU General Public License as published by + // the Free Software Foundation; either version 2 of the License, or + // (at your option) any later version. + // + // This program is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + // GNU General Public License for more details. + // + // You should have received a copy of the GNU General Public License + // along with this program; if not, write to the Free Software + // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + // + // + // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // for more information. + // + + // + // Valid values for other parameters you can pass to the script. + // Input parameters will always be limited to one of the values listed here. + // If a parameter is not provided or invalid it will revert to the default, + // the first parameter in the list. + // + if (isset($_SERVER['PHP_SELF'])) + { + $script = $_SERVER['PHP_SELF']; + } + elseif (isset($_SERVER['SCRIPT_NAME'])) + { + $script = $_SERVER['SCRIPT_NAME']; + } + else + { + die('can\'t determine script name!'); + } + + $page_list = array('s','h','d','m'); + + $graph_list = array('large','small','none'); + + $page_title['s'] = T('summary'); + $page_title['h'] = T('hours'); + $page_title['d'] = T('days'); + $page_title['m'] = T('months'); + + + // + // functions + // + function validate_input() + { + global $page, $page_list; + global $iface, $iface_list; + global $graph, $graph_list; + global $colorscheme, $style; + // + // get interface data + // + $page = isset($_GET['page']) ? $_GET['page'] : ''; + $iface = isset($_GET['if']) ? $_GET['if'] : ''; + $graph = isset($_GET['graph']) ? $_GET['graph'] : ''; + $style = isset($_GET['style']) ? $_GET['style'] : ''; + + if (!in_array($page, $page_list)) + { + $page = $page_list[0]; + } + + if (!in_array($iface, $iface_list)) + { + $iface = $iface_list[0]; + } + + if (!in_array($graph, $graph_list)) + { + $graph = $graph_list[0]; + } + + $tp = "./themes/$style"; + if (!is_dir($tp) || !file_exists("$tp/theme.php")) + { + $style = DEFAULT_COLORSCHEME; + } + } + + + function get_vnstat_data() + { + global $iface, $vnstat_bin, $data_dir; + global $hour,$day,$month,$top,$summary; + + if (!isset($vnstat_bin) || $vnstat_bin == '') + { + if (file_exists("$data_dir/vnstat_dump_$iface")) + { + $vnstat_data = file("$data_dir/vnstat_dump_$iface"); + } + else + { + $vnstat_data = array(); + } + } + else + { + $fd = popen("$vnstat_bin --dumpdb -i $iface", "r"); + $buffer = ''; + while (!feof($fd)) { + $buffer .= fgets($fd); + } + $vnstat_data = explode("\n", $buffer); + pclose($fd); + } + + + $day = array(); + $hour = array(); + $month = array(); + $top = array(); + + // + // extract data + // + foreach($vnstat_data as $line) + { + $d = explode(';', trim($line)); + if ($d[0] == 'd') + { + $day[$d[1]]['time'] = $d[2]; + $day[$d[1]]['rx'] = $d[3] * 1024 + $d[5]; + $day[$d[1]]['tx'] = $d[4] * 1024 + $d[6]; + $day[$d[1]]['act'] = $d[7]; + if ($d[2] != 0) + { + $day[$d[1]]['label'] = strftime(T('datefmt_days'),$d[2]); + $day[$d[1]]['img_label'] = strftime(T('datefmt_days_img'), $d[2]); + } + else + { + $day[$d[1]]['label'] = ''; + $day[$d[1]]['img_label'] = ''; + } + } + else if ($d[0] == 'm') + { + $month[$d[1]]['time'] = $d[2]; + $month[$d[1]]['rx'] = $d[3] * 1024 + $d[5]; + $month[$d[1]]['tx'] = $d[4] * 1024 + $d[6]; + $month[$d[1]]['act'] = $d[7]; + if ($d[2] != 0) + { + $month[$d[1]]['label'] = strftime(T('datefmt_months'), $d[2]); + $month[$d[1]]['img_label'] = strftime(T('datefmt_months_img'), $d[2]); + } + else + { + $month[$d[1]]['label'] = ''; + $month[$d[1]]['img_label'] = ''; + } + } + else if ($d[0] == 'h') + { + $hour[$d[1]]['time'] = $d[2]; + $hour[$d[1]]['rx'] = $d[3]; + $hour[$d[1]]['tx'] = $d[4]; + $hour[$d[1]]['act'] = 1; + if ($d[2] != 0) + { + $st = $d[2] - ($d[2] % 3600); + $et = $st + 3600; + $hour[$d[1]]['label'] = strftime(T('datefmt_hours'), $st).' - '.strftime(T('datefmt_hours'), $et); + $hour[$d[1]]['img_label'] = strftime(T('datefmt_hours_img'), $d[2]); + } + else + { + $hour[$d[1]]['label'] = ''; + $hour[$d[1]]['img_label'] = ''; + } + } + else if ($d[0] == 't') + { + $top[$d[1]]['time'] = $d[2]; + $top[$d[1]]['rx'] = $d[3] * 1024 + $d[5]; + $top[$d[1]]['tx'] = $d[4] * 1024 + $d[6]; + $top[$d[1]]['act'] = $d[7]; + $top[$d[1]]['label'] = strftime(T('datefmt_top'), $d[2]); + $top[$d[1]]['img_label'] = ''; + } + else + { + $summary[$d[0]] = isset($d[1]) ? $d[1] : ''; + } + } + if (count($day) == 0) + $day[0] = 'nodata'; + rsort($day); + + if (count($month) == 0) + $month[0] = 'nodata'; + rsort($month); + + if (count($hour) == 0) + $hour[0] = 'nodata'; + rsort($hour); + } +?> diff --git a/config/vnstat2/vnstati.xml b/config/vnstat2/vnstati.xml index e2246ca0..7cd3f3be 100644 --- a/config/vnstat2/vnstati.xml +++ b/config/vnstat2/vnstati.xml @@ -10,7 +10,7 @@ <version>1.0</version> <title>Vnstat2</title> <aftersaveredirect>/vnstati.php</aftersaveredirect> - <include_file>/usr/local/pkg/vnstat2.inc</include_file> + <include_file>/usr/local/pkg/vnstat2/vnstat2.inc</include_file> <menu> <name>vnstat2</name> <tooltiptext></tooltiptext> @@ -54,3 +54,4 @@ <custom_php_install_command>vnstat_install_config();</custom_php_install_command> <custom_php_deinstall_command>vnstat_install_deinstall();</custom_php_deinstall_command> </packagegui> + diff --git a/config/vnstat2/vnstatoutput.xml b/config/vnstat2/vnstatoutput.xml index 4b410aaa..9d2e3d05 100644 --- a/config/vnstat2/vnstatoutput.xml +++ b/config/vnstat2/vnstatoutput.xml @@ -10,7 +10,7 @@ <version>1.0</version> <title>Vnstat2</title> <aftersaveredirect>/diag_vnstat2.php</aftersaveredirect> - <include_file>/usr/local/pkg/vnstat2.inc</include_file> + <include_file>/usr/local/pkg/vnstat2/vnstat2.inc</include_file> <menu> <name>vnstat2</name> <tooltiptext></tooltiptext> @@ -54,3 +54,4 @@ <custom_php_install_command>vnstat_install_config();</custom_php_install_command> <custom_php_deinstall_command>vnstat_install_deinstall();</custom_php_deinstall_command> </packagegui> + diff --git a/config/vnstat2/bin/diag_vnstat.abc b/config/vnstat2/www/diag_vnstat.php index afef3849..04e03911 100644 --- a/config/vnstat2/bin/diag_vnstat.abc +++ b/config/vnstat2/www/diag_vnstat.php @@ -41,7 +41,7 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); $pgtitle = gettext("Vnstat2 summary "); if($_REQUEST['getactivity']) { @@ -77,7 +77,7 @@ include("head.inc"); <div id='maincontent'> <?php include("fbegin.inc"); - if(strstr($pfSversion, "1.2")) + if ($pf_version < 2.0) echo "<p class=\"pgtitle\">{$pgtitle}</p>"; echo "<a href=$myurl/pkg_edit.php?xml=vnstatoutput.xml&id=0>Go Back</a><br />"; if($savemsg) { diff --git a/config/vnstat2/bin/diag_vnstat2.abc b/config/vnstat2/www/diag_vnstat2.php index ec19a0b2..e5ce1de5 100644 --- a/config/vnstat2/bin/diag_vnstat2.abc +++ b/config/vnstat2/www/diag_vnstat2.php @@ -43,7 +43,7 @@ global $config; $aaaa = $config['installedpackages']['vnstat2']['config'][0]['vnstat_interface2']; $bbbb = convert_real_interface_to_friendly_descr($aaaa); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); $pgtitle = gettext("Vnstat2 info for $bbbb ($aaaa)"); if($_REQUEST['getactivity']) { @@ -87,7 +87,7 @@ else <div id='maincontent'> <?php include("fbegin.inc"); - if(strstr($pfSversion, "1.2")) + if ($pf_version < 2.0) echo "<p class=\"pgtitle\">{$pgtitle}</p>"; echo "<a href=$myurl/pkg_edit.php?xml=vnstatoutput.xml&id=0>Go Back</a><br />"; if($savemsg) { diff --git a/config/vnstat2/bin/vnstat2_img.abc b/config/vnstat2/www/vnstat2_img.php index 85644309..85644309 100644 --- a/config/vnstat2/bin/vnstat2_img.abc +++ b/config/vnstat2/www/vnstat2_img.php diff --git a/config/vnstat2/bin/vnstati.abc b/config/vnstat2/www/vnstati.php index e5ddcd21..e5ddcd21 100644 --- a/config/vnstat2/bin/vnstati.abc +++ b/config/vnstat2/www/vnstati.php diff --git a/config/widescreen/bin/fbegin.inc_ b/config/widescreen/bin/fbegin.inc_ index a7a96e0f..73f26aaa 100644 --- a/config/widescreen/bin/fbegin.inc_ +++ b/config/widescreen/bin/fbegin.inc_ @@ -211,13 +211,13 @@ $diagnostics_menu = msort(array_merge($diagnostics_menu, return_ext_menu("Diagno if(! $g['disablehelpmenu']) { $help_menu = array(); $help_menu[] = array("About this Page", $helpurl); - $help_menu[] = array("User Forum", "http://www.pfsense.org/j.php?jumpto=forum"); - $help_menu[] = array("Documentation", "http://www.pfsense.org/j.php?jumpto=doc"); - $help_menu[] = array("Developers Wiki", "http://www.pfsense.org/j.php?jumpto=devwiki"); - $help_menu[] = array("Paid Support", "http://www.pfsense.org/j.php?jumpto=portal"); - $help_menu[] = array("pfSense Book", "http://www.pfsense.org/j.php?jumpto=book"); - $help_menu[] = array("Search portal", "http://www.pfsense.org/j.php?jumpto=searchportal"); - $help_menu[] = array("FreeBSD Handbook", "http://www.pfsense.org/j.php?jumpto=fbsdhandbook"); + $help_menu[] = array("User Forum", "https://www.pfsense.org/j.php?jumpto=forum"); + $help_menu[] = array("Documentation", "https://www.pfsense.org/j.php?jumpto=doc"); + $help_menu[] = array("Developers Wiki", "https://www.pfsense.org/j.php?jumpto=devwiki"); + $help_menu[] = array("Paid Support", "https://www.pfsense.org/j.php?jumpto=portal"); + $help_menu[] = array("pfSense Book", "https://www.pfsense.org/j.php?jumpto=book"); + $help_menu[] = array("Search portal", "https://www.pfsense.org/j.php?jumpto=searchportal"); + $help_menu[] = array("FreeBSD Handbook", "https://www.pfsense.org/j.php?jumpto=fbsdhandbook"); $help_menu = msort(array_merge($help_menu, return_ext_menu("Help")),0); } diff --git a/config/widescreen/widescreen.xml b/config/widescreen/widescreen.xml index 98dd9daa..0692b533 100644 --- a/config/widescreen/widescreen.xml +++ b/config/widescreen/widescreen.xml @@ -10,57 +10,57 @@ <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/widescreen.inc</item> + <item>https://packages.pfsense.org/packages/config/widescreen/widescreen.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/all.css_</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/all.css_</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/fbegin.inc_</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/fbegin.inc_</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/fend.inc_</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/fend.inc_</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/footer-left.png</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/footer-left.png</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/footer-middle.png</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/footer-middle.png</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/footer-right.png</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/footer-right.png</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/header-mid.png</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/header-mid.png</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/horiz-left.png</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/horiz-left.png</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/horiz-right.png</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/horiz-right.png</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/widescreen/</prefix> <chmod>644</chmod> - <item>http://www.pfsense.org/packages/config/widescreen/bin/index.php_</item> + <item>https://packages.pfsense.org/packages/config/widescreen/bin/index.php_</item> </additional_files_needed> <custom_php_install_command> widescreen_custom_php_install_command(); diff --git a/config/widget-antivirus/antivirus_status.widget.php b/config/widget-antivirus/antivirus_status.widget.php index c08ffeb8..6bca68a2 100644 --- a/config/widget-antivirus/antivirus_status.widget.php +++ b/config/widget-antivirus/antivirus_status.widget.php @@ -2,7 +2,7 @@ /* $Id: antivirus_statistics.widget.php Copyright (C) 2010 Serg Dvoriancev <dv_serg@mail.ru>. - Part of pfSense widgets (www.pfsense.com) + Part of pfSense widgets (www.pfsense.org) originally based on m0n0wall (http://m0n0.ch/wall) Copyright (C) 2004-2005 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net> diff --git a/config/widget-antivirus/widget-antivirus.xml b/config/widget-antivirus/widget-antivirus.xml index 90580769..468baf13 100644 --- a/config/widget-antivirus/widget-antivirus.xml +++ b/config/widget-antivirus/widget-antivirus.xml @@ -52,17 +52,17 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/widget-antivirus/widget-antivirus.inc</item> + <item>https://packages.pfsense.org/packages/config/widget-antivirus/widget-antivirus.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/include/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-antivirus/antivirus_status.inc</item> + <item>https://packages.pfsense.org/packages/config/widget-antivirus/antivirus_status.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-antivirus/antivirus_status.widget.php</item> + <item>https://packages.pfsense.org/packages/config/widget-antivirus/antivirus_status.widget.php</item> </additional_files_needed> <custom_php_deinstall_command> widget_antivirus_uninstall(); diff --git a/config/widget-havp/widget-havp.xml b/config/widget-havp/widget-havp.xml index cb127f36..f99d99de 100644 --- a/config/widget-havp/widget-havp.xml +++ b/config/widget-havp/widget-havp.xml @@ -52,32 +52,32 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/widget-havp/widget-havp.inc</item> + <item>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/includes/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc.php</item> + <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/helpers/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts_helper.php</item> + <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts_helper.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/include/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc</item> + <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.js</item> + <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.js</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.widget.php</item> + <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.widget.php</item> </additional_files_needed> <custom_php_deinstall_command> widget_havp_uninstall(); diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml index 1a371ca5..959f9529 100644 --- a/config/widget-snort/widget-snort.xml +++ b/config/widget-snort/widget-snort.xml @@ -52,17 +52,17 @@ <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.js</item> + <item>https://packages.pfsense.org/packages/config/widget-snort/snort_alerts.js</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php</item> + <item>https://packages.pfsense.org/packages/config/widget-snort/snort_alerts.widget.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/include/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item> + <item>https://packages.pfsense.org/packages/config/widget-snort/widget-snort.inc</item> </additional_files_needed> <custom_php_deinstall_command> widget_snort_uninstall(); diff --git a/config/xsl/package.xsl b/config/xsl/package.xsl index cc2a69be..947a9324 100644 --- a/config/xsl/package.xsl +++ b/config/xsl/package.xsl @@ -4,7 +4,8 @@ /* ========================================================================== */ /* package.xsl - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfsense.org) + Copyright (C) 2004-2014 Electric Sheep Fencing, LLC Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> All rights reserved. @@ -68,7 +69,6 @@ <meta name="DC.rights" content="All rights reserved" /> <meta http-equiv="Keywords" content="bsd license, altq, traffic shaping, packet, rule, Linux, OpenBSD, DragonFlyBSD, freebsd 5.3, vpn, stateful failover, carp, packet filter, m0n0wall, firewall" /> <style type="text/css"> - @import url('http://www.pfsense.com/assets/site/style.css'); </style> <script type="text/javascript" language="utf-8"> //<![CDATA[ @@ -148,16 +148,14 @@ <table style="width: 802px; text-align: left; margin-left: auto; margin-right: auto;" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> - <td style="background-image: url(http://www.pfsense.com/assets/images/header1.gif); width: 811px; text-align: left; vertical-align: bottom; background-color: transparent; height: 65px;"></td> </tr> <tr> - <td style="background-image: url(http://www.pfsense.com/assets/images/header2.gif); height: 25px; width: 802px;"> <font color="#ffffff"><span class="headers"></span></font> </td> </tr> <tr> <td> - <table style="background-image: url(http://www.pfsense.com/assets/images/horizontal.gif); text-align: left; width: 802px;" border="0" cellpadding="0" cellspacing="0"> + <table style="text-align: left; width: 802px;" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="width: 200px; text-align: center; vertical-align: top;"> @@ -168,7 +166,6 @@ </tr> <tr style="padding: 0px; margin: 0px;"> <td height="100%" align="left" valign="top" class="navigation" style="padding: 0px; margin: 0px;"> - <img src="http://www.pfsense.com/manager/media/images/_tx_.gif" alt="" height="4" /> <br /> <a href='#' id="infoa" onclick="toggleContentItem('info-div');">Info</a> <a href='#' id="licensea" onclick="toggleContentItem('license-div');">License</a> @@ -182,7 +179,6 @@ <a href='#' id="rsynca" onclick="toggleContentItem('rsync-div');">custom_php_resync_config_command</a> <a href='#' id="installa" onclick="toggleContentItem('install-div');">custom_php_install_command</a> <a href='#' id="deinstalla" onclick="toggleContentItem('deinstall-div');">custom_php_deinstall_command</a> - <img src="http://www.pfsense.com/manager/media/images/_tx_.gif" height="4" alt="" /> </td> </tr> </tbody> @@ -300,11 +296,8 @@ </td> </tr> <tr style="color: rgb(255, 255, 255);"> - <td style="background-image: url(http://www.pfsense.com/assets/images/footer.gif); width: 802px; height: 60px; text-align: center; vertical-align: middle;"> - pfSense is (C) Copyright 2004, 2005, 2006 Scott Ullrich. All Rights Reserved. + pfSense is Copyright 2004-2014 Electric Sheep Fencing LLC. All Rights Reserved. <br /> - MySQL: 0.0000 s, 0 request(s), PHP: 0.0052 s, total: 0.0052 s, document - retrieved from cache. </td> </tr> </tbody> diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index 3f8e84db..24b7bd01 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -41,13 +41,13 @@ <name>zabbixagent</name> <title>Services: Zabbix-2 Agent</title> <category>Monitoring</category> - <version>0.8_0</version> + <version>0.8_1</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Agent has been created/modified.</addedit_string> <delete_string>Zabbix Agent has been deleted.</delete_string> <restart_command>/usr/local/etc/rc.d/zabbix2_agentd.sh restart</restart_command> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zabbix2/zabbix2.inc</item> + <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index c857bec1..ebcb5bb0 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -41,13 +41,13 @@ <name>zabbixproxy</name> <title>Services: Zabbix-2 Proxy</title> <category>Monitoring</category> - <version>0.8_0</version> + <version>0.8_1</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> <delete_string>Zabbix Proxy has been deleted.</delete_string> <restart_command>/usr/local/etc/rc.d/zabbix2_proxy.sh restart</restart_command> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zabbix2/zabbix2.inc</item> + <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> @@ -129,6 +129,15 @@ <size>10</size> <required>true</required> </field> + <field> + <fielddescr>Advanced Parameters</fielddescr> + <fieldname>advancedparams</fieldname> + <encoding>base64</encoding> + <type>textarea</type> + <rows>5</rows> + <cols>50</cols> + <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Value has form, example: StartDiscoverers=10</description> + </field> </fields> <custom_php_install_command>sync_package_zabbix2();</custom_php_install_command> <custom_php_command_before_form></custom_php_command_before_form> diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2.inc index 92aad309..bf9c6606 100644 --- a/config/zabbix2/zabbix2.inc +++ b/config/zabbix2/zabbix2.inc @@ -193,6 +193,7 @@ function sync_package_zabbix2(){ $zbproxy_config = $config['installedpackages']['zabbixproxy']['config'][0]; if ($zbproxy_config['proxyenabled']=="on"){ $Mode=(is_numericint($zbproxy_config['proxymode'])?$zbproxy_config['proxymode'] : 0); + $AdvancedParams=base64_decode($zbproxy_config['advancedparams']); $zbproxy_conf_file = <<< EOF Server={$zbproxy_config['server']} @@ -206,6 +207,7 @@ FpingLocation=/usr/local/sbin/fping #there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin Fping6Location=/usr/local/sbin/fping6 ProxyMode={$Mode} +{$AdvancedParams} EOF; file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => ""))); diff --git a/config/zebedee/zebedee.xml b/config/zebedee/zebedee.xml index b56fa1a6..db7bfddf 100644 --- a/config/zebedee/zebedee.xml +++ b/config/zebedee/zebedee.xml @@ -62,52 +62,52 @@ <description>Tunneling Service</description> </service> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee.inc</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee_tunnels.xml</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_tunnels.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee_key_details.xml</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_key_details.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee_sync.xml</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_sync.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee_del_key.php</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_del_key.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee_get_key.php</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_get_key.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee_keys.php</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_keys.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee_log.php</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_log.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee_view_config.php</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_view_config.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/zebedee/zebedee.sh</item> + <item>https://packages.pfsense.org/packages/config/zebedee/zebedee.sh</item> <prefix>/usr/local/etc/rc.d/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/zebedee/zebedee_del_key.php b/config/zebedee/zebedee_del_key.php index e6cfa955..9b52bbd9 100644 --- a/config/zebedee/zebedee_del_key.php +++ b/config/zebedee/zebedee_del_key.php @@ -1,7 +1,7 @@ <?php /* zebedee_del_key.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2010 Marcello Coutinho Copyright (C) 2010 Jorge Lustosa @@ -32,8 +32,8 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $zebede_keys = $config['installedpackages']['zebedeekeys']['config'] ; diff --git a/config/zebedee/zebedee_keys.php b/config/zebedee/zebedee_keys.php index 14b39078..58adc79d 100644 --- a/config/zebedee/zebedee_keys.php +++ b/config/zebedee/zebedee_keys.php @@ -1,7 +1,7 @@ <?php /* zebedee_keys.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2010 Marcello Coutinho Copyright (C) 2010 Jorge Lustosa @@ -34,8 +34,8 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Zebedee Tunneling"; diff --git a/config/zebedee/zebedee_log.php b/config/zebedee/zebedee_log.php index e397ca08..4e7911c6 100644 --- a/config/zebedee/zebedee_log.php +++ b/config/zebedee/zebedee_log.php @@ -1,7 +1,7 @@ <?php /* varnishstat_view_logs.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -36,8 +36,8 @@ if($_REQUEST['getactivity']) { exit; } -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Zebedee: Logs"; diff --git a/config/zebedee/zebedee_view_config.php b/config/zebedee/zebedee_view_config.php index 78a0bca9..26e0f1ff 100644 --- a/config/zebedee/zebedee_view_config.php +++ b/config/zebedee/zebedee_view_config.php @@ -1,7 +1,7 @@ <?php /* varnish_view_config.php - part of pfSense (http://www.pfsense.com/) + part of pfSense (https://www.pfsense.org/) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -29,8 +29,8 @@ require("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version < 2.0) $one_two = true; $pgtitle = "Zebedee: View Configuration"; diff --git a/license.txt b/license.txt new file mode 100644 index 00000000..10834533 --- /dev/null +++ b/license.txt @@ -0,0 +1,51 @@ +/* ==================================================================== + * Copyright (c) 2004-2014 Electric Sheep Fencing, LLC. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense® software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ + diff --git a/pkg_config.10.xml b/pkg_config.10.xml index dd443fff..2fa245e8 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1,23 +1,23 @@ <?xml version="1.0" encoding="utf-8"?> <!-- pfSense packages --> <pfsensepkgs> -<copy_packages_to_host_ssh_port>222</copy_packages_to_host_ssh_port> +<copy_packages_to_host_ssh_port>22</copy_packages_to_host_ssh_port> <copy_packages_to_host_ssh>packagecopy@files.pfsense.org</copy_packages_to_host_ssh> <copy_packages_to_folder_ssh>/usr/local/www/files/packages/10/All/</copy_packages_to_folder_ssh> -<depends_on_package_base_url>http://files.pfsense.org/packages/10/All/</depends_on_package_base_url> +<depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url> <packages> <!-- <package> <name>someprogram</name> <internal_name>someprogram</internal_name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[Some cool program]]></descr> <website>http://www.example.org/someprogram</website> <category>Services</category> <version>0.99</version> <status>Beta</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/someprogram/someprogram.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/someprogram/someprogram.xml</config_file> <maintainer>me@example.com</maintainer> <configurationfile>someprogram.xml</configurationfile> <build_pbi> @@ -31,45 +31,47 @@ --> <package> <name>Asterisk</name> - <pkginfolink>http://forum.pfsense.org/index.php/topic,47210.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,47210.0.html</pkginfolink> <descr><![CDATA[Asterisk is an open source framework for building communications applications.<br />Asterisk turns an ordinary computer into a communications server.]]></descr> <website>http://www.asterisk.org/</website> <category>Services</category> <version>1.8 pkg v0.3.1</version> <status>Beta</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/asterisk/asterisk.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/asterisk/asterisk.xml</config_file> <depends_on_package_pbi>asterisk-1.8.25.0-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net/asterisk</build_port_path> + <build_pbi> + <port>net/asterisk</port> + </build_pbi> <maintainer>marcellocoutinho@gmail.com robreg@zsurob.hu</maintainer> <configurationfile>asterisk.xml</configurationfile> <after_install_info>Please visit the Asterisk tab on status menu.</after_install_info> </package> <package> <name>bind</name> - <!-- <pkginfolink>http://doc.pfsense.org/index.php/bind</pkginfolink> --> + <!-- <pkginfolink>https://doc.pfsense.org/index.php/bind</pkginfolink> --> <descr><![CDATA[The most widely used name server software]]></descr> <website>http://www.isc.org/downloads/BIND/</website> <category>Services</category> - <version>9.9.4 pkg v 0.3.2</version> + <version>9.9.5_5 pkg v 0.3.2</version> <status>RC</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/bind/bind.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/bind/bind.xml</config_file> <configurationfile>bind.xml</configurationfile> - <depends_on_package_pbi>bind-9.9.4-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>bind-9.9.5_5-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <custom_name>bind</custom_name> <port>dns/bind99</port> </build_pbi> - <build_options>OPTIONS_UNSET=IDN REPLACE_BASE FIXED_RRSET GSSAPI LARGE_FILE;OPTIONS_SET=IPV6 LINKS SSL THREADS XML DLZ_FILESYSTEM FILTER_AAAA SIGCHASE RRL</build_options> + <build_options>OPTIONS_UNSET_FORCE=IDN REPLACE_BASE FIXED_RRSET GSSAPI LARGE_FILE;OPTIONS_SET_FORCE=IPV6 LINKS SSL THREADS XML DLZ_FILESYSTEM FILTER_AAAA SIGCHASE RRL</build_options> </package> <package> <name>Filer</name> <website/> <descr>Allows you to create and overwrite files from the GUI.</descr> <category>File Management</category> - <pkginfolink>http://doc.pfsense.org/index.php/Filer_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/filer/filer.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/filer/filer.xml</config_file> <version>0.60</version> <status>Beta</status> <required_version>2.2</required_version> @@ -81,8 +83,8 @@ <website/> <descr>Block countries - This has been replaced by pfblocker. <u>This is a legacy app</u></descr> <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/countryblock/countryblock.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/countryblock/countryblock.xml</config_file> <version>0.2.4</version> <status>Beta</status> <required_version>2.2</required_version> @@ -93,13 +95,13 @@ <name>Strikeback</name> <descr>Detect port scans with iplog and strikeback</descr> <website></website> - <pkginfolink>http://forum.pfsense.org/index.php/topic,37225.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,37225.0.html</pkginfolink> <category>Services</category> <version>0.1</version> <status>BETA</status> <required_version>2.2</required_version> <maintainer>tom@tomschaefer.org</maintainer> - <config_file>http://www.pfsense.com/packages/config/strikeback/strikeback.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/strikeback/strikeback.xml</config_file> <configurationfile>strikeback.xml</configurationfile> <only_for_archs>i386</only_for_archs> </package> @@ -108,8 +110,8 @@ <website/> <descr>PHP File Manager</descr> <category>Diagnostics</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> - <config_file>http://pfsense.org/packages/config/filemgr/filemgr.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</config_file> <version>0.1.3</version> <status>Beta</status> <required_version>2.2</required_version> @@ -124,8 +126,8 @@ This package also Block countries and IP ranges.<br /> pfBlocker replaces Countryblock and IPblocklist.]]></descr> <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink> - <config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> <version>1.0.2</version> <status>Release</status> <required_version>2.2</required_version> @@ -136,80 +138,82 @@ <name>anyterm</name> <descr>Ajax Interactive Shell - Have you ever wanted SSH or telnet access to your system from an internet desert - from behind a strict firewall, from an internet cafe, or even from a mobile phone? Anyterm is a combination of a web page and a process that runs on your web server that provides this access. WARNING! We suggest using Stunnel in combination with this package!</descr> <website>http://anyterm.org/</website> - <pkginfolink>http://doc.pfsense.org/index.php/AnyTerm_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/AnyTerm_package</pkginfolink> <category>Diagnostics</category> <version>0.5</version> <status>BETA</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/anyterm/anyterm.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/anyterm/anyterm.xml</config_file> <configurationfile>anyterm.xml</configurationfile> </package> <package> <name>haproxy</name> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <descr><![CDATA[The Reliable, High Performance TCP/HTTP Load Balancer<br /> This package implements both TCP and HTTP balance features from Haproxy.<br /> Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.4.24 pkg v 1.2.4</version> + <version>1.4.24_1 pkg v 1.2.4</version> <status>Release</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy/haproxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/haproxy/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_pbi>haproxy-1.4.24-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net/haproxy</build_port_path> + <depends_on_package_pbi>haproxy-1.4.24_1-##ARCH##.pbi</depends_on_package_pbi> + <build_pbi> + <port>net/haproxy</port> + </build_pbi> </package> <package> <name>haproxy-full</name> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <descr><![CDATA[The Reliable, High Performance TCP/HTTP Load Balancer<br /> This package implements both TCP and HTTP balance features from Haproxy.<br /> (Legacy version)]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.4.24 pkg v 1.1</version> + <version>1.4.24_1 pkg v 1.1</version> <status>Release</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_pbi>haproxy-1.4.24-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>haproxy-1.4.24_1-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>haproxy-devel</name> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <descr><![CDATA[The Reliable, High Performance TCP/HTTP(s) Load Balancer<br /> This package implements TCP, HTTP and HTTPS balance features from Haproxy.<br /> Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5-dev21 pkg v 0.6.1</version> + <version>1.5-dev22 pkg v 0.7</version> <status>Release</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy-devel/haproxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_pbi>haproxy-devel-1.5-dev21-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>haproxy-devel-1.5-dev22-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>security/openssl</ports_before> <custom_name>haproxy-devel</custom_name> <port>/usr/ports/net/haproxy-devel</port> </build_pbi> - <build_options>WITH_OPENSSL_PORT=yes;OPTIONS_UNSET=PCRE DPCRE;OPTIONS_SET=OPENSSL SPCRE</build_options> + <build_options>WITH_OPENSSL_PORT=yes;OPTIONS_UNSET_FORCE=PCRE DPCRE;OPTIONS_SET_FORCE=OPENSSL SPCRE</build_options> </package> <package> <name>Apache with mod_security-dev</name> - <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr><![CDATA[ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.<br> It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br> In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> - <b>Backup your location config before updating form 0.2.x to 0.3 package version.</b>]]></descr> + <b>Backup your location config before updating from 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> <version>2.4.6 pkg v0.3</version> <status>ALPHA</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> - <depends_on_package_pbi>proxy_mod_security-2.2.23_3-##ARCH##.pbi git-1.8.1.3-##ARCH##.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> + <depends_on_package_pbi>proxy_mod_security-2.4.6_1-##ARCH##.pbi git-1.9.0-##ARCH##.pbi</depends_on_package_pbi> <configurationfile>apache_virtualhost.xml</configurationfile> <build_pbi> <custom_name>proxy_mod_security</custom_name> @@ -217,20 +221,20 @@ <port>www/apache24</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> - <build_options>apache24_UNSET=MPM_PREFORK;apache24_SET=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC</build_options> + <build_options>apache24_UNSET_FORCE=MPM_PREFORK;apache24_SET_FORCE=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET_FORCE=MLOGC</build_options> <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> </package> <package> <name>Proxy Server with mod_security</name> - <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> <version>0.1.3</version> <status>ALPHA</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security.xml</config_file> - <depends_on_package_pbi>proxy_mod_security-2.2.23_3-##ARCH##.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.xml</config_file> + <depends_on_package_pbi>proxy_mod_security-2.2.26-##ARCH##.pbi</depends_on_package_pbi> <configurationfile>apache_mod_security.xml</configurationfile> <build_pbi> <custom_name>proxy_mod_security</custom_name> @@ -238,23 +242,24 @@ <port>www/apache22-worker-mpm</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> - <build_options>OPTIONS_UNSET=BDB MYSQL PGSQL;OPTIONS_SET=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION</build_options> + <build_options>OPTIONS_UNSET_FORCE=BDB MYSQL PGSQL;OPTIONS_SET_FORCE=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET_FORCE=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET_FORCE=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION</build_options> <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> </package> <package> <name>Avahi</name> - <pkginfolink>http://doc.pfsense.org/index.php/Avahi_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Avahi_package</pkginfolink> <website>http://www.avahi.org/</website> <descr>Avahi is a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in Apple MacOS X (branded Rendezvous, Bonjour and sometimes Zeroconf) and is very convenient. Avahi is mainly based on Lennart Poettering's flexmdns mDNS implementation for Linux which has been discontinued in favour of Avahi.</descr> <category>Network Management</category> + <build_options>avahi_UNSET_FORCE=GTK;cairo_UNSET_FORCE=X11 XCB</build_options> <build_pbi> <port>net/avahi</port> </build_pbi> - <depends_on_package_pbi>avahi-0.6.29-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>avahi-0.6.31-##ARCH##.pbi</depends_on_package_pbi> <version>0.6.29 pkg v1.02</version> <status>ALPHA</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/avahi/avahi.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> <configurationfile>avahi.xml</configurationfile> <after_install_info>Please visit the Avahi settings tab and select which interfaces you do not wish Avahi to listen on and click save to start the service.</after_install_info> </package> @@ -272,51 +277,17 @@ <version>5.0.1 v2.3</version> <status>BETA</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/ntop2/ntop.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/ntop2/ntop.xml</config_file> <configurationfile>ntop.xml</configurationfile> <noembedded>true</noembedded> </package> <package> - <name>FreeSWITCH</name> - <website>http://www.freeswitch.org/</website> - <descr>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow. </descr> - <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/freeswitch/freeswitch.xml</config_file> - <depends_on_package_pbi>freeswitch-1.0.6_1-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net/freeswitch</build_port_path> - <version>0.8.3.6</version> - <status>Beta</status> - <required_version>2.2</required_version> - <maintainer>markjcrane@gmail.com</maintainer> - <configurationfile>freeswitch.xml</configurationfile> - <noembedded>true</noembedded> - <only_for_archs>i386</only_for_archs> - </package> - <package> - <name>FreeSWITCH Dev</name> - <internal_name>FreeSWITCH</internal_name> - <website>http://www.freeswitch.org/</website> - <descr>FreeSWITCH package development version.</descr> - <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/freeswitch_dev/freeswitch.xml</config_file> - <build_port_path>/usr/ports/net/freeswitch</build_port_path> - <version>0.9.7.26</version> - <status>Beta</status> - <required_version>2.2</required_version> - <maintainer>markjcrane@gmail.com</maintainer> - <configurationfile>freeswitch.xml</configurationfile> - <noembedded>true</noembedded> - <only_for_archs>i386</only_for_archs> - </package> - <package> <name>Notes</name> <website/> <descr>Track things you want to note for this system.</descr> <category>Status</category> <pkginfolink/> - <config_file>http://www.pfsense.com/packages/config/notes/notes.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/notes/notes.xml</config_file> <version>0.2.4</version> <status>Alpha</status> <required_version>2.2</required_version> @@ -329,7 +300,7 @@ <descr>Trivial File Transport Protocol is a very simple file transfer protocol. Often used with routers, voip phones and more.</descr> <category>Services</category> <pkginfolink/> - <config_file>http://www.pfsense.com/packages/config/tftp2/tftp.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/tftp2/tftp.xml</config_file> <version>2.0</version> <status>Stable</status> <required_version>2.2</required_version> @@ -340,8 +311,8 @@ <website/> <descr>PHP run as a service it can do anything PHP can do including but not limited to monitoring files, CPU, RAM, and send alerts to the syslog.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/PHPService</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/phpservice/phpservice.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PHPService</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</config_file> <version>0.4.1</version> <status>Beta</status> <required_version>2.2</required_version> @@ -354,7 +325,7 @@ <descr>Tool to Backup and Restore files and directories.</descr> <category>System</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/backup/backup.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/backup/backup.xml</config_file> <version>0.1.5</version> <status>Beta</status> <required_version>2.2</required_version> @@ -367,7 +338,7 @@ <descr>The cron utility is used to manage commands on a schedule.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/cron/cron.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/cron/cron.xml</config_file> <version>0.1.8</version> <status>Beta</status> <required_version>2.2</required_version> @@ -379,8 +350,8 @@ <website/> <descr>It is a web server package that can host HTML, Javascript, CSS, and PHP. It uses the lighttpd web server that is already installed. It uses PHP5 in FastCGI mode and has access to PHP Data Ojbects and PDO SQLite.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/vhosts</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/vhosts/vhosts.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/vhosts</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/vhosts/vhosts.xml</config_file> <version>0.7.4</version> <status>Stable</status> <required_version>2.2</required_version> @@ -389,19 +360,18 @@ </package> <package> <name>snort</name> - <pkginfolink></pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Setup_Snort_Package</pkginfolink> <website>http://www.snort.org</website> <descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr> <category>Security</category> - <depends_on_package_pbi>snort-2.9.5.5-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>snort-2.9.6.0-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <port>security/snort</port> <ports_after>security/barnyard2</ports_after> </build_pbi> - <!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. --> - <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_SET=TARGETBASED PERFPROFILE DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITH_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options> - <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.9.5.5 pkg v3.0.2</version> + <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP;snort_SET=TARGETBASED PERFPROFILE SOURCEFIRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;snort_UNSET=PULLEDPORK;perl_SET=THREADS;NOPORTDOCS=true</build_options> + <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> + <version>2.9.6.0 pkg v3.0.7</version> <required_version>2.2</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -412,9 +382,11 @@ <website>http://www.olsr.org/</website> <descr>The olsr.org OLSR daemon is an implementation of the Optimized Link State Routing protocol. OLSR is a routing protocol for mobile ad-hoc networks. The protocol is pro-active, table driven and utilizes a technique called multipoint relaying for message flooding.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/olsrd.xml</config_file> - <depends_on_package_pbi>olsrd-0.6.3-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net/olsrd</build_port_path> + <config_file>https://packages.pfsense.org/packages/config/olsrd.xml</config_file> + <depends_on_package_pbi>olsrd-0.6.5.2-##ARCH##.pbi</depends_on_package_pbi> + <build_pbi> + <port>net/olsrd</port> + </build_pbi> <version>1.0</version> <status>Stable</status> <required_version>2.2</required_version> @@ -422,10 +394,10 @@ </package> <package> <name>routed</name> - <website>http://www.pfsense.com/</website> + <website>https://packages.pfsense.org/</website> <descr>RIP v1 and v2 daemon.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/routed/routed.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/routed/routed.xml</config_file> <version>1.1</version> <status>Stable</status> <required_version>2.2</required_version> @@ -436,13 +408,15 @@ <website>http://www.openbsd.org/spamd/</website> <descr>Tarpits like spamd are fake SMTP servers, which accept connections but don't deliver mail. Instead, they keep the connections open and reply very slowly. If the peer is patient enough to actually complete the SMTP dialogue (which will take ten minutes or more), the tarpit returns a 'temporary error' code (4xx), which indicates that the mail could not be delivered successfully and that the sender should keep the mail in their queue and retry again later.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/spamd/spamd.xml</config_file> - <depends_on_package_pbi>spamd-4.9.1-##ARCH##.pbi</depends_on_package_pbi> - <version>4.9.1</version> + <config_file>https://packages.pfsense.org/packages/config/spamd/spamd.xml</config_file> + <depends_on_package_pbi>spamd-4.9.1_1-##ARCH##.pbi</depends_on_package_pbi> + <version>4.9.1_1 v1.1</version> <status>Beta</status> <required_version>2.2</required_version> <configurationfile>spamd.xml</configurationfile> - <build_port_path>/usr/ports/mail/spamd</build_port_path> + <build_pbi> + <port>mail/spamd</port> + </build_pbi> <logging> <facilityname>spamd</facilityname> <logfilename>spamd.log</logfilename> @@ -455,14 +429,16 @@ It can do first and second line antispam combat before sending incoming mail to local mail servers.<br /> Postfix can also detect zombies, check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]></descr> <category>Services</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/postfix/postfix.xml</config_file> - <depends_on_package_pbi>postfix-2.10.2-##ARCH##.pbi</depends_on_package_pbi> + <pkginfolink>https://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/postfix/postfix.xml</config_file> + <depends_on_package_pbi>postfix-2.11.0-##ARCH##.pbi</depends_on_package_pbi> <version>2.10.2 pkg v.2.3.7</version> <status>Release</status> <required_version>2.2</required_version> <configurationfile>postfix.xml</configurationfile> - <build_port_path>/usr/ports/mail/postfix</build_port_path> + <build_pbi> + <port>mail/postfix</port> + </build_pbi> <build_options>WITH_PCRE=true;WITH_SPF=true;WITH_SASL2=true;WITH_TLS=true</build_options> </package> <package> @@ -474,16 +450,19 @@ For all non-commercial it's free, without cost.<br /> For all commercial use visit dansguardian website to get a licence.]]></descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/dansguardian/dansguardian.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,43786.0.html</pkginfolink> - <depends_on_package_pbi>dansguardian-2.12.0.3-##ARCH##.pbi</depends_on_package_pbi> - <version>2.12.0.3 pkg v.0.1.8</version> + <config_file>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,43786.0.html</pkginfolink> + <depends_on_package_pbi>dansguardian-2.12.0.3_2-##ARCH##.pbi</depends_on_package_pbi> + <version>2.12.0.3_2 pkg v.0.1.8</version> <status>beta</status> <required_version>2.2</required_version> <configurationfile>dansguardian.xml</configurationfile> - <build_port_path>/usr/ports/www/dansguardian-devel</build_port_path> - <build_port_path>/usr/ports/security/ca_root_nss</build_port_path> - <build_options>dansguardian-devel_UNSET=APACHE;dansguardian-devel_SET=TRICKLE CLAMD ICAP NTLM SSL</build_options> + <build_pbi> + <custom_name>dansguardian</custom_name> + <ports_before>security/ca_root_nss</ports_before> + <port>www/dansguardian-devel</port> + </build_pbi> + <build_options>dansguardian-devel_UNSET_FORCE=APACHE;dansguardian-devel_SET_FORCE=TRICKLE CLAMD ICAP NTLM SSL</build_options> <!-- NOTE: Distfile must be fetched manually from http://dansguardian.org/downloads/2/Alpha/dansguardian-2.12.0.0.tar.gz --> </package> <package> @@ -493,10 +472,10 @@ <descr><![CDATA[MailScanner is an e-mail security and anti-spam package for e-mail gateway systems.<br /> This is a level3 mail scanning tool with high CPU load.]]></descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/mailscanner/mailscanner.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,43687.0.html</pkginfolink> - <depends_on_package_pbi>mailscanner-4.84.5_3-##ARCH##.pbi</depends_on_package_pbi> - <version>4.84.5_3 pkg v.0.2.4</version> + <config_file>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,43687.0.html</pkginfolink> + <depends_on_package_pbi>mailscanner-4.84.6-##ARCH##.pbi</depends_on_package_pbi> + <version>4.84.6 pkg v.0.2.4</version> <status>beta</status> <required_version>2.2</required_version> <configurationfile>mailscanner.xml</configurationfile> @@ -504,17 +483,19 @@ <ports_before>mail/pyzor mail/p5-Mail-SPF net/p5-IP-Country mail/dcc-dccd</ports_before> <port>mail/mailscanner</port> </build_pbi> - <build_options>mailscanner_UNSET=BDC CLAMAVMODULE;mailscanner_SET=SPAMASSASSIN CLAMAV;p5-Mail-SpamAssassin_SET=DCC</build_options> + <build_options>mailscanner_UNSET_FORCE=BDC CLAMAVMODULE;mailscanner_SET_FORCE=SPAMASSASSIN CLAMAV;p5-Mail-SpamAssassin_SET_FORCE=DCC</build_options> </package> <package> <name>siproxd</name> <website>http://siproxd.sourceforge.net/</website> <descr>Proxy for handling NAT of multiple SIP devices to a single public IP.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/siproxd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/siproxd.xml</config_file> <depends_on_package_pbi>siproxd-0.8.0-##ARCH##.pbi</depends_on_package_pbi> - <pkginfolink>http://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> - <build_port_path>/usr/ports/net/siproxd</build_port_path> + <pkginfolink>https://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> + <build_pbi> + <port>net/siproxd</port> + </build_pbi> <version>0.8.0_2</version> <status>Beta</status> <required_version>2.2</required_version> @@ -524,35 +505,18 @@ <name>OpenBGPD</name> <descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.</descr> <category>NET</category> - <config_file>http://www.pfsense.com/packages/config/openbgpd/openbgpd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.xml</config_file> <build_pbi> <port>net/openbgpd</port> </build_pbi> <version>0.9.1</version> <status>STABLE</status> - <pkginfolink>http://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>2.2</required_version> <configurationfile>openbgpd.xml</configurationfile> <depends_on_package_pbi>openbgpd-5.2.20121209-##ARCH##.pbi</depends_on_package_pbi> </package> <package> - <name>OpenOSPFD</name> - <descr>This package is now considered deprecated. Please use the Quagga OSPF instead. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.</descr> - <maintainer>cmb@pfsense.org</maintainer> - <version>0.5.2</version> - <category>Routing</category> - <status>DEPRECATED</status> - <depends_on_package_pbi>openospfd-4.6-##ARCH##.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/openospfd/openospfd.xml</config_file> - <build_pbi> - <ports_before>devel/libevent</ports_before> - <port>net/openospfd</port> - </build_pbi> - <pkginfolink></pkginfolink> - <required_version>2.2</required_version> - <configurationfile>openospfd.xml</configurationfile> - </package> - <package> <name>Lightsquid</name> <descr>High perfomance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.</descr> <website>http://lightsquid.sf.net/</website> @@ -567,7 +531,7 @@ <build_options>WITHOUT_DEBUGGING=true;WITHOUT_GDBM=true;WITHOUT_PERL_MALLOC=true;WITH_PERL_64BITINT=true;WITHOUT_THREADS=true;WITHOUT_MULTIPLICITY=true;WITHOUT_SUIDPERL=true;WITHOUT_SITECUSTOMIZE=true;WITH_USE_PERL=true;WITH_GDSUPPORT=true</build_options> <status>RC1</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/lightsquid/lightsquid.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/lightsquid/lightsquid.xml</config_file> <pkginfolink></pkginfolink> <configurationfile>lightsquid.xml</configurationfile> <noembedded>true</noembedded> @@ -578,15 +542,17 @@ <descr><![CDATA[Sarg - Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet.<br /> Sarg provides many informations about Proxy(squid,squidguard or dansguardian) users activities: times, bytes, sites, etc...]]></descr> <category>Network Report</category> - <config_file>http://www.pfsense.com/packages/config/sarg/sarg.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,47765.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/sarg/sarg.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,47765.0.html</pkginfolink> <depends_on_package_pbi>sarg-2.3.6_2-##ARCH##.pbi</depends_on_package_pbi> <version>2.3.6_2 pkg v.0.6.3</version> <status>Release</status> <required_version>2.2</required_version> <configurationfile>sarg.xml</configurationfile> - <build_port_path>/usr/ports/www/sarg</build_port_path> - <build_options>sarg_UNSET=PHP</build_options> + <build_pbi> + <port>www/sarg</port> + </build_pbi> + <build_options>sarg_UNSET_FORCE=PHP</build_options> <after_install_info>Please visit sarg settings on Status Menu to configure sarg.</after_install_info> </package> <package> @@ -597,66 +563,54 @@ If it receives one with MAC-IP pair, which is not listed in 'ethers' file, it will send ARP reply with configured fake address.<br /> This will prevent not permitted host to work properly in local ethernet segment.]]></descr> <category>Security</category> - <config_file>http://www.pfsense.com/packages/config/ipguard/ipguard.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,49917.msg263664.html#msg263664</pkginfolink> - <depends_on_package_pbi>ipguard-1.04-##ARCH##.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/ipguard/ipguard.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,49917.msg263664.html#msg263664</pkginfolink> + <depends_on_package_pbi>ipguard-1.04_1-##ARCH##.pbi</depends_on_package_pbi> <version>1.0.4 pkg v.0.1</version> <status>beta</status> <required_version>2.2</required_version> <configurationfile>ipguard.xml</configurationfile> - <build_port_path>/usr/ports/security/ipguard</build_port_path> + <build_pbi> + <port>security/ipguard</port> + </build_pbi> <after_install_info>Please visit ipguard settings on the Firewall Menu to configure.</after_install_info> </package> <package> - <name>Varnish</name> - <descr><![CDATA[Varnish is a state-of-the-art, high-performance HTTP accelerator.<br /> - It uses the advanced features in FreeBSD 6/7/8 to achieve its high performance.]]></descr> - <website>http://varnish-cache.org</website> - <pkginfolink>http://doc.pfsense.org/index.php/Varnish_package</pkginfolink> - <category>Services</category> - <version>2.1.5 pkg v.1.0</version> - <status>Release</status> - <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/varnish64/varnish_backends.xml</config_file> - <configurationfile>varnish_backends.xml</configurationfile> - <depends_on_package_pbi>varnish-2.1.5_2-##ARCH##.pbi gcc-4.2.5.20090325_5-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/www/varnish2</build_port_path> - <build_port_path>/usr/ports/lang/gcc42</build_port_path> - </package> - <package> <name>Varnish3</name> <internal_name>varnish</internal_name> <descr><![CDATA[Varnish is a state-of-the-art, high-performance HTTP accelerator.<br /> It uses the advanced features in FreeBSD 6/7/8 to achieve its high performance.<br /> Version 3 includes streaming support]]></descr> <website>http://varnish-cache.org</website> - <pkginfolink>http://doc.pfsense.org/index.php/Varnish_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Varnish_package</pkginfolink> <category>Services</category> - <version>3.0.4 pkg v.0.2.1</version> + <version>3.0.5_2 pkg v.0.2.1</version> <status>RC</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/varnish3/varnish_backends.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/varnish3/varnish_backends.xml</config_file> <configurationfile>varnish_backends.xml</configurationfile> - <depends_on_package_pbi>varnish-3.0.4-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>varnish-3.0.5_2-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>lang/gcc</ports_before> <port>www/varnish</port> </build_pbi> - <build_options>gcc_UNSET=JAVA</build_options> + <build_options>gcc_UNSET_FORCE=JAVA</build_options> </package> <package> <name>vnstat2</name> <website>http://humdi.net/vnstat/</website> <descr>Vnstat is a console-based network traffic monitor<br />The vnstat PHP frontend and vnstati adds a more user friendly way of displaying traffic usage.</descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> <category>Network Management</category> - <depends_on_package_pbi>vnstat-1.11_1-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net/vnstat</build_port_path> + <depends_on_package_pbi>vnstat-1.11_5-##ARCH##.pbi</depends_on_package_pbi> + <build_pbi> + <port>net/vnstat</port> + </build_pbi> <version>1.10_2</version> <status>Stable</status> <required_version>2.2</required_version> <maintainer>crazypark2@yahoo.dk</maintainer> - <config_file>http://www.pfsense.com/packages/config/vnstat2/vnstat2.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.xml</config_file> <configurationfile>vnstat2.xml</configurationfile> <after_install_info></after_install_info> </package> @@ -669,8 +623,10 @@ <status>Beta</status> <required_version>2.2</required_version> <depends_on_package_pbi>mbmon-205_6-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/sysutils/mbmon</build_port_path> - <config_file>http://www.pfsense.com/packages/config/phpsysinfo/phpsysinfo.xml</config_file> + <build_pbi> + <port>sysutils/mbmon</port> + </build_pbi> + <config_file>https://packages.pfsense.org/packages/config/phpsysinfo/phpsysinfo.xml</config_file> <configurationfile>phpsysinfo.xml</configurationfile> <noembedded>true</noembedded> </package> @@ -681,17 +637,16 @@ <category>Services</category> <version>1.0.6.18</version> <status>Beta</status> - <pkginfolink>http://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/tinydns/tinydns.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/tinydns/tinydns.xml</config_file> <configurationfile>tinydns.xml</configurationfile> - <depends_on_package_pbi>djbdns-1.05_14-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>djbdns-1.05_15-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>sysutils/ucspi-tcp sysutils/daemontools</ports_before> <port>dns/djbdns</port> </build_pbi> <build_options>WITH_IPV6=true;WITH_SRV=true;WITHOUT_DUMPCACHE=true;WITHOUT_IGNOREIP=true;WITHOUT_JUMBO=true;WITHOUT_MAN=true;WITHOUT_PERSISTENT_MMAP=true</build_options> - <supportedbybsdperimeter>YES</supportedbybsdperimeter> </package> <package> <name>Open-VM-Tools</name> @@ -700,14 +655,14 @@ <category>Services</category> <version>8.7.0.3046 (build-425873)</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> <required_version>2.2</required_version> - <config_file>http://www.pfsense.org/packages/config/open-vm-tools_2/open-vm-tools.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/open-vm-tools_2/open-vm-tools.xml</config_file> <configurationfile>open-vm-tools.xml</configurationfile> <build_pbi> <port>emulators/open-vm-tools-nox11</port> </build_pbi> - <depends_on_package_pbi>open-vm-tools-nox11-425873_2-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>open-vm-tools-1280544_4-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>AutoConfigBackup</name> @@ -715,11 +670,11 @@ <descr>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org</descr> <website>https://portal.pfsense.org</website> <category>Services</category> - <version>1.20</version> + <version>1.23</version> <status>Stable</status> <required_version>2.2</required_version> - <pkginfolink>http://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup.xml</config_file> <configurationfile>autoconfigbackup.xml</configurationfile> </package> <package> @@ -727,58 +682,50 @@ <descr>Broadcasts a who-has ARP packet on the network and prints answers. </descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> <category>Services</category> - <version>2.09.1</version> + <version>2.13 v1.1</version> <status>Stable</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/arping/arping.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/arping/arping.xml</config_file> <configurationfile>arping.xml</configurationfile> - <depends_on_package_pbi>arping-2.09_1-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net/arping</build_port_path> - <pkginfolink>http://doc.pfsense.org/index.php/Arping</pkginfolink> + <depends_on_package_pbi>arping-2.13-##ARCH##.pbi</depends_on_package_pbi> + <build_pbi> + <port>net/arping</port> + </build_pbi> + <pkginfolink>https://doc.pfsense.org/index.php/Arping</pkginfolink> </package> <package> <name>nmap</name> <maintainer>jimp@pfsense.org</maintainer> <descr>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</descr> <category>Security</category> - <depends_on_package_pbi>nmap-6.25_1-##ARCH##.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/nmap/nmap.xml</config_file> - <version>nmap-6.25_1 pkg v1.2</version> + <depends_on_package_pbi>nmap-6.40_2-##ARCH##.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> + <version>nmap-6.40_2 pkg v1.2</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Nmap_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> <required_version>2.2</required_version> <configurationfile>nmap.xml</configurationfile> - <build_port_path>/usr/ports/security/nmap</build_port_path> + <build_pbi> + <port>security/nmap</port> + </build_pbi> </package> <package> <name>imspector</name> <descr>IMSpector is an Instant Messenger transparent proxy with logging capabilities. Currently it supports MSN, AIM, ICQ, Yahoo and IRC to different degrees.</descr> <website>http://www.imspector.org/</website> <category>Network Management</category> - <maintainer>billm@pfsense.org</maintainer> - <version>0.9-4</version> - <required_version>2.2</required_version> - <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/imspector/imspector.xml</config_file> - <configurationfile>imspector.xml</configurationfile> - <depends_on_package_pbi>imspector-0.9-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net-im/imspector</build_port_path> - </package> - <package> - <name>imspector-dev</name> - <internal_name>imspector</internal_name> - <descr>IMSpector is an Instant Messenger transparent proxy with logging capabilities. Currently it supports MSN, AIM, ICQ, Yahoo and IRC to different degrees.</descr> - <website>http://www.imspector.org/</website> - <category>Network Management</category> <maintainer>marcellocoutinho@gmail.com</maintainer> - <version>20111108 pkg v 0.3.1</version> + <version>20111108_1 pkg v 0.3.1</version> <required_version>2.2</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/imspector-dev/imspector.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/imspector/imspector.xml</config_file> <configurationfile>imspector.xml</configurationfile> - <depends_on_package_pbi>imspector-20111108-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>imspector-20111108_1-##ARCH##.pbi</depends_on_package_pbi> + <build_options>imspector_SET_FORCE=PLUGINS;imspector_UNSET_FORCE=IPFW</build_options> + <build_pbi> + <port>net-im/imspector</port> + </build_pbi> </package> <package> <name>nut</name> @@ -789,11 +736,13 @@ <status>BETA</status> <required_version>2.2</required_version> <maintainer>rswagoner@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/nut/nut.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/nut/nut.xml</config_file> <configurationfile>nut.xml</configurationfile> <depends_on_package_pbi>nut-2.6.5_1-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/sysutils/nut</build_port_path> - <pkginfolink>http://doc.pfsense.org/index.php/Nut_package</pkginfolink> + <build_pbi> + <port>sysutils/nut</port> + </build_pbi> + <pkginfolink>https://doc.pfsense.org/index.php/Nut_package</pkginfolink> </package> <package> <name>diag_new_states</name> @@ -804,68 +753,57 @@ <maintainer>ptaylor@addressplus.net</maintainer> <required_version>2.2</required_version> <status>BETA</status> - <config_file>http://www.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</config_file> - <configurationfile>http://www.pfsense.com/packages/config/diag_states_pt/diag_new_states.xml</configurationfile> + <config_file>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</config_file> + <configurationfile>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</configurationfile> </package> <package> <name>darkstat</name> <website>http://dmr.ath.cx/net/darkstat/</website> <descr>darkstat is a network statistics gatherer. It's a packet sniffer that runs as a background process on a cable/DSL router, gathers all sorts of statistics about network usage, and serves them over HTTP.</descr> <category>Network Management</category> - <depends_on_package_pbi>darkstat-3.0.715-##ARCH##.pbi</depends_on_package_pbi> - <version>3.0.714</version> + <depends_on_package_pbi>darkstat-3.0.718-##ARCH##.pbi</depends_on_package_pbi> + <version>3.0.718</version> <status>Stable</status> <required_version>2.2</required_version> <maintainer>sullrich+pfsp@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/darkstat/darkstat.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/darkstat/darkstat.xml</config_file> <configurationfile>darkstat.xml</configurationfile> - <build_port_path>/usr/ports/net-mgmt/darkstat</build_port_path> + <build_pbi> + <port>net-mgmt/darkstat</port> + </build_pbi> </package> <package> <name>pfflowd</name> <website>http://www.mindrot.org/pfflowd.html</website> <descr>pfflowd converts OpenBSD PF status messages (sent via the pfsync interface) to Cisco NetFlow datagrams. These datagrams may be sent (via UDP) to a host of one's choice. Utilising the OpenBSD stateful packet filter infrastructure means that flow tracking is very fast and accurate.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/pfflowd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/pfflowd.xml</config_file> <depends_on_package_pbi>pfflowd-0.8-##ARCH##.pbi</depends_on_package_pbi> <version>0.8.3</version> <status>Stable</status> <required_version>2.2</required_version> <configurationfile>pfflowd.xml</configurationfile> <maintainer></maintainer> - <build_port_path>/usr/ports/net/pfflowd-0.8</build_port_path> + <build_pbi> + <custom_name>pfflowd</custom_name> + <port>net/pfflowd-0.8</port> + </build_pbi> </package> <package> <name>widentd</name> <descr>RFC1413 auth/identd daemon with fixed fake reply</descr> <website>http://www.webweaving.org/widentd</website> <category>Services</category> - <depends_on_package_pbi>widentd-1.03_1-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>widentd-1.03_2-##ARCH##.pbi</depends_on_package_pbi> <version>1.03_1</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Widentd_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Widentd_package</pkginfolink> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/widentd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widentd.xml</config_file> <configurationfile>widentd.xml</configurationfile> - <build_port_path>/usr/ports/net/widentd</build_port_path> - </package> - <package> - <name>freeradius</name> - <website>http://www.freeradius.org/</website> - <descr>A free implementation of the RADIUS protocol.</descr> - <category>System</category> - <version>1.1.8 pkg v1.0.5</version> - <status>Beta</status> - <required_version>2.2</required_version> - <maintainer>none</maintainer> - <depends_on_package_pbi>freeradius-1.1.8_5-##ARCH##.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/freeradius.xml</config_file> - <configurationfile>freeradius.xml</configurationfile> <build_pbi> - <ports_before>devel/libltdl</ports_before> - <port>net/freeradius</port> + <port>net/widentd</port> </build_pbi> - <after_install_info>Please visit Services: freeRADIUS</after_install_info> </package> <package> <name>freeradius2</name> @@ -874,14 +812,14 @@ Support: MySQL, PostgreSQL, LDAP, Kerberos<br /> FreeRADIUS and FreeRADIUS2 settings are not compatible so don't use them together or try to update<br /> On pfSense docs there is a how-to which could help you on porting users.]]></descr> - <pkginfolink>http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <category>System</category> <version>2.1.12_1/2.2.0 pkg v1.6.7_2</version> <status>RC1</status> <required_version>2.2</required_version> <maintainer>nachtfalkeaw@web.de</maintainer> - <depends_on_package_pbi>freeradius-2.2.0-##ARCH##.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/freeradius2/freeradius.xml</config_file> + <depends_on_package_pbi>freeradius-2.2.4_2-##ARCH##.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/freeradius2/freeradius.xml</config_file> <configurationfile>freeradius.xml</configurationfile> <after_install_info>Please visit Services: FreeRADIUS</after_install_info> <!-- Try to use the new PBI build syntax here, it may help it pick up the right libs inside the single PBI rather than using multiple. --> @@ -889,18 +827,18 @@ <ports_before>security/krb5</ports_before> <port>net/freeradius2</port> </build_pbi> - <build_options>freeradius_SET=KERBEROS MYSQL PGSQL PERL PYTHON LDAP</build_options> + <build_options>freeradius_SET_FORCE=KERBEROS MYSQL PGSQL PERL PYTHON LDAP</build_options> </package> <package> <name>bandwidthd</name> <website>http://bandwidthd.sourceforge.net/</website> <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> <category>System</category> - <version>2.0.1_5 pkg v.0.3</version> + <version>2.0.1_6 pkg v.0.3</version> <status>BETA</status> <required_version>2.2</required_version> - <depends_on_package_pbi>bandwidthd-2.0.1_5-##ARCH##.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/bandwidthd/bandwidthd.xml</config_file> + <depends_on_package_pbi>bandwidthd-2.0.1_6-##ARCH##.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/bandwidthd/bandwidthd.xml</config_file> <configurationfile>bandwidthd.xml</configurationfile> <build_pbi> <ports_before>net/libpcap databases/postgresql91-client graphics/gd</ports_before> @@ -913,14 +851,16 @@ <website>http://www.stunnel.org/</website> <descr>An SSL encryption wrapper between remote client and local or remote servers. </descr> <category>Network Management</category> - <depends_on_package_pbi>stunnel-4.54-##ARCH##.pbi</depends_on_package_pbi> - <version>4.43.0</version> + <depends_on_package_pbi>stunnel-5.00-##ARCH##.pbi</depends_on_package_pbi> + <version>5.00.0</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/stunnel.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/stunnel.xml</config_file> <configurationfile>stunnel.xml</configurationfile> - <build_port_path>/usr/ports/security/stunnel</build_port_path> + <build_pbi> + <port>security/stunnel</port> + </build_pbi> <build_options>WITHOUT_FORK=true;WITH_PTHREAD=true;WITHOUT_UCONTEXT=true;WITHOUT_IPV6=true;WITH_LIBWRAP=true;WITHOUT_SSL_PORT=true</build_options> </package> <package> @@ -928,27 +868,31 @@ <website>http://dast.nlanr.net/Projects/Iperf/</website> <descr>Iperf is a tool for testing network throughput, loss, and jitter.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/iperf.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/iperf.xml</config_file> <depends_on_package_pbi>iperf-2.0.5-##ARCH##.pbi</depends_on_package_pbi> <version>2.0.5</version> <status>Beta</status> - <pkginfolink>http://doc.pfsense.org/index.php/Iperf_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Iperf_package</pkginfolink> <required_version>2.2</required_version> <configurationfile>iperf.xml</configurationfile> - <build_port_path>/usr/ports/benchmarks/iperf</build_port_path> + <build_pbi> + <port>benchmarks/iperf</port> + </build_pbi> </package> <package> <name>netio</name> <website>http://freshmeat.net/projects/netio/</website> <descr>This is a network benchmark for DOS, OS/2 2.x, Windows NT/2000 and Unix. It measures the net throughput of a network via NetBIOS and/or TCP/IP protocols (Unix and DOS only support TCP/IP) using various different packet sizes.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/netio.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/netio.xml</config_file> <depends_on_package_pbi>netio-1.26-##ARCH##.pbi</depends_on_package_pbi> <version>1.26</version> <required_version>2.2</required_version> <status>ALPHA</status> <configurationfile>netio.xml</configurationfile> - <build_port_path>/usr/ports/benchmarks/netio</build_port_path> + <build_pbi> + <port>benchmarks/netio</port> + </build_pbi> </package> <package> <name>mtr-nox11</name> @@ -956,14 +900,16 @@ <descr>Enhanced traceroute replacement</descr> <website>http://www.bitwizard.nl/mtr/</website> <category>Network Management</category> - <depends_on_package_pbi>mtr-0.82_1-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>mtr-0.85_1-##ARCH##.pbi</depends_on_package_pbi> <version>0.82</version> <status>Stable</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/mtr-nox11.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/mtr-nox11.xml</config_file> <configurationfile>mtr-nox11.xml</configurationfile> - <build_port_path>/usr/ports/net/mtr</build_port_path> - <build_options>mtr_UNSET=X11</build_options> + <build_pbi> + <port>net/mtr</port> + </build_pbi> + <build_options>mtr_UNSET_FORCE=X11</build_options> </package> <package> <name>squid</name> @@ -974,14 +920,14 @@ <status>Stable</status> <required_version>2.2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> - <depends_on_package_pbi>squid-2.7.9_3-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>squid-2.7.9_4-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>www/libwww</ports_before> <port>www/squid</port> <ports_after>www/squid_radius_auth</ports_after> </build_pbi> - <build_options>squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> - <config_file>http://www.pfsense.org/packages/config/squid/squid.xml</config_file> + <build_options>squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET_FORCE=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>https://packages.pfsense.org/packages/config/squid/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> </package> <package> @@ -990,7 +936,7 @@ <descr><![CDATA[High performance web proxy cache.<br /> It combines squid as a proxy server with it's capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> It includes an Exchange-Web-Access (OWA) Assistant.]]></descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> <version>3.1.20 pkg 2.0.6</version> @@ -1002,9 +948,9 @@ <port>www/squid31</port> <ports_after>www/squid_radius_auth</ports_after> </build_pbi> - <build_options>c-icap_UNSET=IPV6;squid_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <build_options>c-icap_UNSET_FORCE=IPV6;squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET_FORCE=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> <!--<build_options>WITH_SQUID_KERB_AUTH=true;WITH_SQUID_LDAP_AUTH=true;WITH_SQUID_NIS_AUTH=true;WITH_SQUID_SASL_AUTH=true;WITH_SQUID_IPV6=true;WITH_SQUID_DELAY_POOLS=true;WITH_SQUID_SNMP=true;WITH_SQUID_SSL=true;WITH_SQUID_SSL_CRTD=true;WITH_SQUID_PINGER=true;WITHOUT_SQUID_DNS_HELPER=true;WITH_SQUID_HTCP=true;WITH_SQUID_VIA_DB=true;WITH_SQUID_CACHE_DIGESTS=true;WITHOUT_SQUID_WCCP=true;WITH_SQUID_WCCPV2=true;WITHOUT_SQUID_STRICT_HTTP=true;WITH_SQUID_IDENT=true;WITH_SQUID_REFERER_LOG=true;WITH_SQUID_USERAGENT_LOG=true;WITH_SQUID_ARP_ACL=true;WITH_SQUID_IPFW=true;WITH_SQUID_PF=true;WITHOUT_SQUID_IPFILTER=true;WITH_SQUID_FOLLOW_XFF=true;WITHOUT_SQUID_ECAP=true;WITHOUT_SQUID_ICAP=true;WITHOUT_SQUID_ESI=true;WITH_SQUID_AUFS=true;WITHOUT_SQUID_COSS=true;WITHOUT_SQUID_KQUEUE=true;WITH_SQUID_LARGEFILE=true;WITHOUT_SQUID_STACKTRACES=true;WITHOUT_SQUID_DEBUG=true</build_options>--> - <config_file>http://www.pfsense.org/packages/config/squid3/31/squid.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/squid3/31/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.1.22_1-##ARCH##.pbi</depends_on_package_pbi> </package> @@ -1014,10 +960,10 @@ <descr><![CDATA[High performance web proxy cache.<br /> It combines squid as a proxy server with it's capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> It includes an Exchange-Web-Access (OWA) Assistant, ssl filtering and antivirus integration via i-cap]]></descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.10 pkg 2.2</version> + <version>3.3.10 pkg 2.2.2</version> <status>beta</status> <required_version>2.2</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1026,10 +972,10 @@ <port>www/squid33</port> <ports_after>www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules</ports_after> </build_pbi> - <build_options>c-icap_UNSET=IPV6;squid_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> - <config_file>http://www.pfsense.org/packages/config/squid3/33/squid.xml</config_file> + <build_options>c-icap_UNSET_FORCE=IPV6;squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid_SET_FORCE=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <config_file>https://packages.pfsense.org/packages/config/squid3/33/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> - <depends_on_package_pbi>squid-3.3.10-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>squid-3.3.11-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>LCDproc</name> @@ -1041,10 +987,12 @@ <required_version>2.2</required_version> <maintainer>seth.mos@dds.nl</maintainer> <depends_on_package_pbi>lcdproc-0.5.6-##ARCH##.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/lcdproc/lcdproc.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/lcdproc/lcdproc.xml</config_file> <configurationfile>lcdproc.xml</configurationfile> - <build_port_path>/usr/ports/sysutils/lcdproc</build_port_path> - <build_options>lcdproc_SET=USB</build_options> + <build_pbi> + <port>sysutils/lcdproc</port> + </build_pbi> + <build_options>lcdproc_SET_FORCE=USB</build_options> </package> <package> <name>LCDproc-dev</name> @@ -1056,12 +1004,14 @@ <status>BETA</status> <required_version>2.2</required_version> <maintainer>michele@nt2.it</maintainer> - <pkginfolink>http://forum.pfsense.org/index.php/topic,44034.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,44034.0.html</pkginfolink> <depends_on_package_pbi>lcdproc-0.5.6-##ARCH##.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc.xml</config_file> <configurationfile>lcdproc.xml</configurationfile> - <build_port_path>/usr/ports/sysutils/lcdproc</build_port_path> - <build_options>WITH_USB=true</build_options> + <build_pbi> + <port>sysutils/lcdproc</port> + </build_pbi> + <build_options>lcdproc_SET_FORCE=USB</build_options> <after_install_info>Please set the service options in Services-LCDproc before running the service.</after_install_info> </package> <package> @@ -1069,12 +1019,14 @@ <descr>Arpwatch monitors ethernet/ip address pairings. It also logs certain changes to syslog.</descr> <website>http://www-nrg.ee.lbl.gov/</website> <category>Security</category> - <depends_on_package_pbi>arpwatch-2.1.a15_6-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net-mgmt/arpwatch</build_port_path> - <version>2.1.a15_6 pkg v1.1.1</version> + <depends_on_package_pbi>arpwatch-2.1.a15_8-##ARCH##.pbi</depends_on_package_pbi> + <build_pbi> + <port>net-mgmt/arpwatch</port> + </build_pbi> + <version>2.1.a15_8 pkg v1.1.2</version> <status>ALPHA</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/arpwatch.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/arpwatch.xml</config_file> <configurationfile>arpwatch.xml</configurationfile> <logging> <facilityname>arpwatch</facilityname> @@ -1090,13 +1042,13 @@ <version>1.4_4 pkg v.1.9.5</version> <status>Beta</status> <required_version>2.2</required_version> - <depends_on_package_pbi>squidguard-1.4_4-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>squidguard-1.4_7-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>databases/db41 security/cyrus-sasl2</ports_before> <port>www/squidguard</port> </build_pbi> - <build_options>squidGuard_UNSET=SQUID32 SQUID33;squidGuard_SET=SAMPLE_BL SASL LDAP SQUID27;squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> - <config_file>http://www.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> + <build_options>squidGuard_UNSET_FORCE=SQUID32 SQUID33;squidGuard_SET_FORCE=SAMPLE_BL SASL LDAP SQUID27;squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET_FORCE=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>https://packages.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> @@ -1114,8 +1066,8 @@ <port>www/squidguard-devel</port> <custom_name>squidguard-devel</custom_name> </build_pbi> - <build_options>squidGuard-devel_UNSET=SQUID32 SQUID33;squidGuard-devel_SET=LDAP STRIPNT SQUID27;squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> - <config_file>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard.xml</config_file> + <build_options>squidGuard-devel_UNSET_FORCE=SQUID32 SQUID33;squidGuard-devel_SET_FORCE=LDAP STRIPNT SQUID27;squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET_FORCE=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> @@ -1133,55 +1085,21 @@ <port>www/squidguard</port> <custom_name>squidguard-squid3</custom_name> </build_pbi> - <build_options>OPTIONS_SET=FETCH LDAP;squidGuard_UNSET=SQUID27;squidGuard_SET=SAMPLE_BL SASL SQUID33;c-icap_UNSET=IPV6 squid_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> - <config_file>http://www.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> + <build_options>OPTIONS_SET_FORCE=FETCH LDAP;squidGuard_UNSET_FORCE=SQUID27;squidGuard_SET_FORCE=SAMPLE_BL SASL SQUID33;c-icap_UNSET_FORCE=IPV6 squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET_FORCE=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <config_file>https://packages.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> - <name>Zabbix Agent</name> - <descr>Monitoring agent.</descr> - <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/zabbix-agent/zabbix-agent.xml</config_file> - <version>1.8.10,2 pkg v1.1</version> - <status>FINAL</status> - <required_version>2.2</required_version> - <configurationfile>zabbix-agent.xml</configurationfile> - <maintainer>remco.verhoef@redfive.biz</maintainer> - <build_pbi> - <custom_name>zabbix-agent</custom_name> - <port>net-mgmt/zabbix-agent</port> - </build_pbi> - <build_options>ca_root_nss_UNSET=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET=MYSQL</build_options> - <depends_on_package_pbi>zabbix-agent-1.8.13-##ARCH##.pbi</depends_on_package_pbi> - </package> - <package> - <name>Zabbix Proxy</name> - <descr>Monitoring agent proxy.</descr> - <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/zabbix-proxy/zabbix-proxy.xml</config_file> - <version>1.8.8,2 pkg v1.1</version> - <status>FINAL</status> - <required_version>2.2</required_version> - <configurationfile>zabbix-proxy.xml</configurationfile> - <maintainer>cmb@pfsense.org</maintainer> - <build_pbi> - <custom_name>zabbix-proxy</custom_name> - <port>net-mgmt/zabbix-proxy</port> - </build_pbi> - <build_options>ca_root_nss_UNSET=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET=MYSQL</build_options> - <depends_on_package_pbi>zabbix-proxy-1.8.13-##ARCH##.pbi</depends_on_package_pbi> - </package> - <package> <name>OpenVPN Client Export Utility</name> <descr>Allows a pre-configured OpenVPN Windows Client or Mac OSX's Viscosity configuration bundle to be exported directly from pfSense.</descr> <category>Security</category> - <depends_on_package_pbi>zip-3.0-##ARCH##.pbi p7zip-9.20.1-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>zip-3.0-##ARCH##.pbi p7zip-9.20.1_2-##ARCH##.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.4</version> + <version>1.2.9</version> <status>RELEASE</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> <configurationfile>openvpn-client-export.xml</configurationfile> </package> <package> @@ -1191,12 +1109,14 @@ <descr>Antivirus: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone. And File Scanner for local files.</descr> <category>Network Management</category> <depends_on_package_pbi>havp-0.91_1-##ARCH##.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/www/havp</build_port_path> + <build_pbi> + <port>www/havp</port> + </build_pbi> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> <version>0.91_1 pkg v1.01</version> <status>BETA</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> <configurationfile>havp.xml</configurationfile> <maintainer>dv_serg@mail.ru</maintainer> <after_install_info>Please check the HAVP settings.</after_install_info> @@ -1209,8 +1129,8 @@ <version>0.51</version> <required_version>2.2</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/jailctl.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/jailctl.xml</config_file> <configurationfile>jailctl.xml</configurationfile> <maintainer>ltning-jailctl@anduin.net</maintainer> </package> @@ -1222,8 +1142,8 @@ <version>0.2</version> <required_version>2.2</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/jail_template.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/jail_template.xml</config_file> <configurationfile>jail_template.xml</configurationfile> <maintainer>ltning-jailctl@anduin.net</maintainer> </package> @@ -1235,10 +1155,10 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.2</required_version> - <config_file>http://www.pfsense.org/packages/config/blinkled8/blinkled.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/blinkled8/blinkled.xml</config_file> <configurationfile>blinkled.xml</configurationfile> - <pkginfolink>http://doc.pfsense.org/index.php/BlinkLED_Package</pkginfolink> - <website>http://doc.pfsense.org/index.php/BlinkLED_Package</website> + <pkginfolink>https://doc.pfsense.org/index.php/BlinkLED_Package</pkginfolink> + <website>https://doc.pfsense.org/index.php/BlinkLED_Package</website> <build_pbi> <port>sysutils/blinkled</port> </build_pbi> @@ -1252,24 +1172,14 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.2</required_version> - <config_file>http://www.pfsense.org/packages/config/gwled/gwled.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/gwled/gwled.xml</config_file> <configurationfile>gwled.xml</configurationfile> </package> <package> - <name>Dashboard Widget: Snort</name> - <descr>Dashboard widget for Snort.</descr> - <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file> - <version>0.3.7</version> - <status>BETA</status> - <required_version>2.2</required_version> - <configurationfile>widget-snort.xml</configurationfile> - </package> - <package> <name>Dashboard Widget: HAVP</name> <descr>Dashboard widget for HAVP alerts.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-havp/widget-havp.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>2.2</required_version> @@ -1279,7 +1189,7 @@ <name>Dashboard Widget: Antivirus Status</name> <descr>Dashboard widget for HAVP status.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-antivirus/widget-antivirus.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widget-antivirus/widget-antivirus.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>2.2</required_version> @@ -1293,41 +1203,16 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.2</required_version> - <config_file>http://www.pfsense.org/packages/config/rrd-summary/rrd-summary.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/rrd-summary/rrd-summary.xml</config_file> <configurationfile>rrd-summary.xml</configurationfile> </package> <package> - <name>Unbound</name> - <descr>Unbound is a validating, recursive, and caching DNS resolver. This package is a drop in replacement for Services: DNS Forwarder and also supports DNSSEC extensions. Once installed please configure the Unbound service by visiting Services: Unbound DNS.</descr> - <website>http://www.unbound.net/</website> - <category>Services</category> - <version>1.4.21_1</version> - <status>Alpha</status> - <maintainer>warren@decoy.co.za</maintainer> - <required_version>2.2</required_version> - <pkginfolink>http://doc.pfsense.org/index.php/Unbound_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/unbound/unbound.xml</config_file> - <configurationfile>unbound.xml</configurationfile> - <build_pbi> - <ports_before>dns/ldns textproc/expat2 devel/libevent2</ports_before> - <port>dns/unbound</port> - </build_pbi> - <depends_on_package_pbi>unbound-1.4.21_1-##ARCH##.pbi</depends_on_package_pbi> - <build_options>unbound_UNSET=GOST ECDSA;unbound_SET=LIBEVENT20 THREADS</build_options> - <logging> - <facilityname>unbound</facilityname> - <logfilename>unbound.log</logfilename> - <logtab>Unbound</logtab> - </logging> - <after_install_info>Please visit Services: Unbound DNS to configure the Unbound DNS service. Remember you will need to disable Services: DNS Forwarder before starting Unbound. Also note if your DHCP server makes use of pfSense as the DNS server, then you will now need to add the IP address of the respective interface to the DNS servers field, in the DHCP server configuration page.</after_install_info> - </package> - <package> <name>Shellcmd</name> <website/> <descr>The shellcmd utility is used to manage commands on system startup.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/shellcmd/shellcmd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</config_file> <version>0.5</version> <status>Beta</status> <required_version>2.2</required_version> @@ -1339,14 +1224,14 @@ <website>http://wiki.nagios.org/index.php/Howtos:nrpe_nsca</website> <descr>NRPE is an addon for Nagios that allows you to execute plugins on remote Linux/Unix hosts. This is useful if you need to monitor local resources/attributes like disk usage, CPU load, memory usage, etc. on a remote host.</descr> <category>Services</category> - <depends_on_package_pbi>nrpe-2.13_2-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>nrpe-2.15_1-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>net-mgmt/nagios-plugins</ports_before> - <port>net-mgmt/nrpe2</port> + <port>net-mgmt/nrpe</port> </build_pbi> - <build_options>nrpe2_SET=SSL;nrpe2_UNSET=ARGS</build_options> - <config_file>http://www.pfsense.com/packages/config/nrpe2/nrpe2.xml</config_file> - <version>2.12_3 v2.2</version> + <build_options>nrpe_SET_FORCE=SSL;nrpe_UNSET_FORCE=ARGS</build_options> + <config_file>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.xml</config_file> + <version>2.15_1 v2.2</version> <status>Beta</status> <required_version>2.2</required_version> <maintainer>erik@erikkristensen.com</maintainer> @@ -1357,12 +1242,13 @@ <website>https://github.com/sileht/check_mk/blob/master/doc/README</website> <descr><![CDATA[The basic idea of check_mk is to fetch "all" information about a target host at once.<br>For each host to be monitored check_mk is called by Nagios only once per time period.]]></descr> <category>Services</category> + <depends_on_package_pbi>muse-0.2-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>sysutils/ipmitool devel/libstatgrab</ports_before> <port>sysutils/muse</port> </build_pbi> <build_options></build_options> - <config_file>http://www.pfsense.com/packages/config/checkmk-agent/checkmk.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.xml</config_file> <version>v0.1</version> <status>RC1</status> <required_version>2.2</required_version> @@ -1377,7 +1263,7 @@ <version>1.0</version> <status>Beta</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/sshdcond/sshdcond.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.xml</config_file> <maintainer>namezero@afim.info</maintainer> <configurationfile>sshdcond.xml</configurationfile> </package> @@ -1385,10 +1271,10 @@ <name>mailreport</name> <descr>Allows you to setup periodic e-mail reports containing command output, log file contents, and RRD graphs.</descr> <category>Network Management</category> - <version>2.0.7</version> + <version>2.0.9</version> <status>Stable</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/mailreport/mailreport.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/mailreport/mailreport.xml</config_file> <configurationfile>mailreport.xml</configurationfile> </package> <package> @@ -1403,9 +1289,11 @@ <maintainer>jorgelustosa@gmail.com marcellocoutinho@gmail.com</maintainer> <required_version>2.2</required_version> <depends_on_package_pbi>zebedee-2.5.3-##ARCH##.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/zebedee/zebedee.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/zebedee/zebedee.xml</config_file> <configurationfile>zebedee.xml</configurationfile> - <build_port_path>/usr/ports/security/zebedee</build_port_path> + <build_pbi> + <port>security/zebedee</port> + </build_pbi> </package> <package> <name>Quagga OSPF</name> @@ -1415,8 +1303,10 @@ <category>Routing</category> <status>BETA</status> <depends_on_package_pbi>quagga-0.99.22.3-##ARCH##.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd.xml</config_file> - <build_port_path>/usr/ports/net/quagga</build_port_path> + <config_file>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd.xml</config_file> + <build_pbi> + <port>net/quagga</port> + </build_pbi> <pkginfolink></pkginfolink> <required_version>2.2</required_version> <configurationfile>quagga_ospfd.xml</configurationfile> @@ -1428,7 +1318,7 @@ <version>1.0</version> <category>System</category> <status>RELEASE</status> - <config_file>http://www.pfsense.com/packages/config/systempatches/systempatches.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/systempatches/systempatches.xml</config_file> <pkginfolink></pkginfolink> <required_version>2.2</required_version> <configurationfile>systempatches.xml</configurationfile> @@ -1442,7 +1332,7 @@ <version>5.2.12_3 pkg v 1.0.1</version> <status>Stable</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/bacula-client/bacula-client.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> <depends_on_package_pbi>bacula-5.2.12_3-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <port>sysutils/bacula-client</port> @@ -1454,13 +1344,13 @@ <package> <!-- This does not exist yet, this is here to trigger a PBI build --> <name>urlsnarf</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[HTTP URL Sniffer (console/shell only)]]></descr> <category>Services</category> <version>2.3_4</version> <status>Beta</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/urlsnarf/urlsnarf.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/urlsnarf/urlsnarf.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>urlsnarf.xml</configurationfile> <build_pbi> @@ -1472,13 +1362,13 @@ <package> <!-- This does not exist yet, this is here to trigger a PBI build --> <name>iftop</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[Realtime interface monitor (console/shell only)]]></descr> <category>Services</category> <version>0.17</version> <status>Beta</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/iftop/iftop.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/iftop/iftop.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>iftop.xml</configurationfile> <build_pbi> @@ -1489,36 +1379,36 @@ <package> <!-- This does not exist yet, this is here to trigger a pkg build --> <name>git</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[GIT Source Code Management (console/shell only)]]></descr> <category>Services</category> - <version>1.8.1.3</version> + <version>1.9.0</version> <status>Beta</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/git/git.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/git/git.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>git.xml</configurationfile> - <build_options>git_UNSET=GITWEB GUI HTMLDOCS CVS P4 SVN;git_SET=CONTRIB CURL ETCSHELLS ICONV NLS PERL</build_options> + <build_options>git_UNSET_FORCE=GITWEB GUI HTMLDOCS CVS P4 SVN;git_SET_FORCE=CONTRIB CURL ETCSHELLS ICONV NLS PERL</build_options> <build_pbi> <port>devel/git</port> </build_pbi> - <depends_on_package_pbi>git-1.8.1.3-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>git-1.9.0-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>tinc</name> <website>http://www.tinc-vpn.org/</website> <descr>tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private mesh network between hosts on the Internet.</descr> <category>Network Management</category> - <depends_on_package_pbi>tinc-1.0.21-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>tinc-1.0.22-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <port>security/tinc</port> </build_pbi> <build_options></build_options> - <version>1.0.21</version> + <version>1.0.22 v1.1</version> <status>ALPHA</status> - <pkginfolink>http://doc.pfsense.org/index.php/tinc_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/tinc_package</pkginfolink> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/tinc/tinc.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/tinc/tinc.xml</config_file> <configurationfile>tinc.xml</configurationfile> <logging> <facilityname>tinc</facilityname> @@ -1531,25 +1421,25 @@ <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> <category>Services</category> - <version>3.3.7_4</version> + <version>3.4.7_1</version> <status>ALPHA</status> <required_version>2.2</required_version> - <depends_on_package_pbi>syslog-ng-3.3.7_4-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>syslog-ng-3.4.7_1-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>sysutils/logrotate</ports_before> <port>sysutils/syslog-ng</port> </build_pbi> <build_options></build_options> <maintainer>laleger@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.xml</config_file> <configurationfile>syslog-ng.xml</configurationfile> </package> <package> <name>Zabbix-2 Agent</name> <descr>Monitoring agent.</descr> <category>Services</category> - <config_file>http://www.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> - <version>zabbix2-agent-2.2.1 pkg v0.8_0</version> + <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> + <version>zabbix2-agent-2.2.2 pkg v0.8_1</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>zabbix2-agent.xml</configurationfile> @@ -1558,14 +1448,14 @@ <custom_name>zabbix22-agent</custom_name> <port>net-mgmt/zabbix22-agent</port> </build_pbi> - <depends_on_package_pbi>zabbix22-agent-2.2.1-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>zabbix22-agent-2.2.2-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>Zabbix-2 Proxy</name> <descr>Monitoring agent proxy.</descr> <category>Services</category> - <config_file>http://www.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> - <version>zabbix2-proxy-2.2.1 pkg v0.8_0</version> + <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> + <version>zabbix2-proxy-2.2.2 pkg v0.8_1</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>zabbix2-proxy.xml</configurationfile> @@ -1575,50 +1465,50 @@ <port>net-mgmt/zabbix22-proxy</port> </build_pbi> <build_options>OPTIONS_SET+= SQLITE IPV6;OPTIONS_UNSET+= MYSQL JABBER GSSAPI</build_options> - <depends_on_package_pbi>zabbix22-proxy-2.2.1-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>zabbix22-proxy-2.2.2-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> <name>ipmitool</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[IPMI Tools for local/remote data retrieval and control (Console only, no GUI)]]></descr> <category>Services</category> - <version>1.8.12</version> + <version>1.8.12_5</version> <status>Beta</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/ipmitool/ipmitool.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/ipmitool/ipmitool.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>ipmitool.xml</configurationfile> <build_pbi> <port>sysutils/ipmitool</port> </build_pbi> - <build_options>ipmitool_SET=FREEIPMI;freeipmi_UNSET=DOCS DEBUG IOPERM</build_options> - <depends_on_package_pbi>ipmitool-1.8.12_3-##ARCH##.pbi</depends_on_package_pbi> + <build_options>ipmitool_SET_FORCE=FREEIPMI;freeipmi_UNSET_FORCE=DOCS DEBUG IOPERM</build_options> + <depends_on_package_pbi>ipmitool-1.8.12_5-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>sudo</name> - <pkginfolink>http://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> <version>0.2</version> <status>Beta</status> <required_version>2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/sudo/sudo.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>sudo.xml</configurationfile> <build_pbi> <port>security/sudo</port> </build_pbi> - <depends_on_package_pbi>sudo-1.8.6p8-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>sudo-1.8.10p2-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>Service Watchdog</name> <descr>Monitors for stopped services and restarts them.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.4</version> + <version>1.6</version> <category>Services</category> - <status>BETA</status> - <config_file>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.xml</config_file> + <status>Release</status> + <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> <pkginfolink></pkginfolink> <required_version>2.2</required_version> <configurationfile>servicewatchdog.xml</configurationfile> @@ -1628,7 +1518,7 @@ <website>http://code.google.com/p/softflowd/</website> <descr>Softflowd is flow-based network traffic analyser capable of Cisco NetFlow data export. Softflowd semi-statefully tracks traffic flows recorded by listening on a network interface or by reading a packet capture file. These flows may be reported via NetFlow to a collecting host or summarised within softflowd itself. Softflowd supports Netflow versions 1, 5 and 9 and is fully IPv6-capable - it can track IPv6 flows and send export datagrams via IPv6. It also supports export to multicast groups, allowing for redundant flow collectors.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/softflowd/softflowd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> <depends_on_package_pbi>softflowd-0.9.8_2-##ARCH##.pbi</depends_on_package_pbi> <version>0.9.8</version> <status>Beta</status> @@ -1643,8 +1533,8 @@ <name>Apcupsd</name> <descr>Set of programs for controlling APC UPS.</descr> <category>Services</category> - <config_file>http://www.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>apcupsd-3.14.10_1 pkg v0.1</version> + <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> + <version>apcupsd-3.14.10_1 pkg v0.3</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>apcupsd.xml</configurationfile> @@ -1653,8 +1543,41 @@ <custom_name>apcupsd</custom_name> <port>sysutils/apcupsd</port> </build_pbi> - <build_options>apcupsd_SET=APCSMART_DRV APCDUMB_DRV PCNET_DRV USB TCP_WRAPPERS SNMP_DRV;apcupsd_UNSET=CLIENT_ONLY CGI SNMP_DRV_OLD TEST_DRV GAPCMON DOCS</build_options> + <build_options>apcupsd_SET_FORCE=APCSMART_DRV APCDUMB_DRV PCNET_DRV USB TCP_WRAPPERS SNMP_DRV;apcupsd_UNSET_FORCE=CLIENT_ONLY CGI SNMP_DRV_OLD TEST_DRV GAPCMON DOCS</build_options> <depends_on_package_pbi>apcupsd-3.14.10_1-##ARCH##.pbi</depends_on_package_pbi> </package> + <package> + <name>LADVD</name> + <descr>Send and decode link layer advertisements</descr> + <website>https://code.google.com/p/ladvd/</website> + <category>Network Management</category> + <version>1.0.4</version> + <status>BETA</status> + <depends_on_package_pbi>ladvd-1.0.4-##ARCH##.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/ladvd/ladvd.xml</config_file> + <build_pbi> + <port>net/ladvd</port> + </build_pbi> + <pkginfolink></pkginfolink> + <required_version>2.2</required_version> + <configurationfile>ladvd.xml</configurationfile> + </package> + <package> + <name>suricata</name> + <website>http://suricata-ids.org/</website> + <descr><![CDATA[Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.]]></descr> + <category>Security</category> + <version>1.4.6 pkg v0.3</version> + <status>BETA</status> + <required_version>2.2</required_version> + <config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file> + <configurationfile>suricata.xml</configurationfile> + <build_pbi> + <port>security/suricata</port> + <ports_after>security/barnyard2</ports_after> + </build_pbi> + <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;suricata_SET=IPFW PORTS_PCAP TESTS;suricata_UNSET=PRELUDE</build_options> + <depends_on_package_pbi>suricata-1.4.6-##ARCH##.pbi</depends_on_package_pbi> + </package> </packages> </pfsensepkgs> diff --git a/pkg_config.7.xml b/pkg_config.7.xml index b8a5397b..f3fce773 100644 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -7,8 +7,8 @@ <website/> <descr>Allows you to create and overwrite files from the GUI.</descr> <category>File Management</category> - <pkginfolink>http://doc.pfsense.org/index.php/Filer_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/filer/filer.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/filer/filer.xml</config_file> <version>0.60</version> <status>Beta</status> <required_version>1.2.3</required_version> @@ -20,8 +20,8 @@ <website/> <descr>PHP File Manager</descr> <category>Diagnostics</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> - <config_file>http://pfsense.org/packages/config/filemgr/filemgr.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/filemgr/filemgr.xml</config_file> <version>0.1.3</version> <status>Beta</status> <required_version>1.2.2</required_version> @@ -33,8 +33,8 @@ <website/> <descr>Block countries</descr> <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> - <config_file>http://pfsense.org/packages/config/countryblock/countryblock.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/countryblock/countryblock.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.2.4</version> <status>Beta</status> @@ -47,8 +47,8 @@ <website/> <descr>IP-Blocklist is the new PeerBlock. IP lists are used to add deny/allow rules to the firewall for in & out traffic.</descr> <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> - <config_file>http://pfsense.org/packages/config/ipblocklist/7/ipblocklist.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.3.4</version> <status>Beta</status> @@ -60,16 +60,16 @@ <name>anyterm</name> <descr>Ajax Interactive Shell - Have you ever wanted SSH or telnet access to your system from an internet desert - from behind a strict firewall, from an internet cafe, or even from a mobile phone? Anyterm is a combination of a web page and a process that runs on your web server that provides this access. WARNING! We suggest using Stunnel in combination with this package!</descr> <website>http://anyterm.org/</website> - <pkginfolink>http://doc.pfsense.org/index.php/AnyTerm_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/AnyTerm_package</pkginfolink> <category>Diagnostics</category> <version>0.5</version> <status>BETA</status> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.com/packages/config/anyterm/anyterm.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/anyterm/anyterm.xml</config_file> <configurationfile>anyterm.xml</configurationfile> </package> <package> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <name>haproxy</name> <descr>The Reliable, High Performance TCP/HTTP Load Balancer</descr> <website>http://haproxy.1wt.eu/</website> @@ -77,11 +77,11 @@ <version>0.32</version> <status>BETA</status> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy/haproxy.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/haproxy/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> </package> <package> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <name>haproxy-stable</name> <descr>The Reliable, High Performance TCP/HTTP Load Balancer</descr> <website>http://haproxy.1wt.eu/</website> @@ -89,19 +89,19 @@ <version>0.30</version> <status>BETA</status> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy-stable/haproxy.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/haproxy-stable/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> </package> <package> <name>Proxy Server with mod_security</name> - <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> <version>0.1.2</version> <status>ALPHA</status> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>mod_security-2.5.9.tbz</depends_on_package> <depends_on_package>apache-2.2.11_7.tbz</depends_on_package> @@ -116,7 +116,7 @@ <website>http://www.pureftpd.org/</website> <descr>*DO NOT RUN THIS ON A FIREWALL. USE A DEDICATED MACHINE!* Pure FTPd Server is a fast, production quality, standards-conformant FTP server based on Troll-FTPd. It has no known vulnerabilities, is trivial to set up, and is especially designed for modern kernels. Features include PAM support, IPv6, chroot()ed home directories, virtual domains, built-in 'ls', FXP protocol, anti-warez system, bandwidth throttling, restricted ports for passive downloads, an LDAP backend, XML output, and more.</descr> <category>FTP</category> - <config_file>http://www.pfsense.com/packages/config/pure-ftpd.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/pure-ftpd.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>pure-ftpd-1.0.20_3.tbz</depends_on_package> <version>1.0.21</version> @@ -130,7 +130,7 @@ </package> <package> <name>Avahi</name> - <pkginfolink>http://doc.pfsense.org/index.php/Avahi_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Avahi_package</pkginfolink> <website>http://www.avahi.org/</website> <descr>Avahi is a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in Apple MacOS X (branded Rendezvous, Bonjour and sometimes Zeroconf) and is very convenient. Avahi is mainly based on Lennart Poettering's flexmdns mDNS implementation for Linux which has been discontinued in favour of Avahi.</descr> <category>Network Management</category> @@ -138,7 +138,7 @@ <version>0.6.25_2</version> <status>ALPHA</status> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.com/packages/config/avahi/avahi.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> <configurationfile>avahi.xml</configurationfile> <after_install_info>Please visit the Avahi settings tab and select which interfaces you do not wish Avahi to listen on and click save to start the service.</after_install_info> </package> @@ -154,7 +154,7 @@ <version>3.3.8</version> <status>BETA</status> <required_version>1.2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/ntop/ntop.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/ntop/ntop.xml</config_file> <configurationfile>ntop.xml</configurationfile> <noembedded>true</noembedded> </package> @@ -166,8 +166,8 @@ <version>1.0</version> <required_version>1.0</required_version> <status>RELEASE</status> - <pkginfolink>http://doc.pfsense.org/index.php/Pubkey_package</pkginfolink> - <config_file>http://www.pfsense.org/packages/config/pubkey.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/Pubkey_package</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/pubkey.xml</config_file> <configurationfile>pubkey.xml</configurationfile> <after_install_info>The pfSense release key has been updated.</after_install_info> </package> @@ -175,7 +175,7 @@ <name>Dashboard</name> <descr>Adds pfSense dashboard that will be included with 2.0. WARNING! Cannot be deinstalled.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/dashboard/dashboard.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/dashboard/dashboard.xml</config_file> <version>0.8.8</version> <status>BETA</status> <required_version>1.2</required_version> @@ -186,7 +186,7 @@ <name>Dashboard Widget: Snort</name> <descr>Dashboard widget for Snort.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/widget-snort/widget-snort.xml</config_file> <version>0.3</version> <status>BETA</status> <required_version>1.2</required_version> @@ -196,7 +196,7 @@ <name>Dashboard Widget: HAVP</name> <descr>Dashboard widget for HAVP alerts.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-havp/widget-havp.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/widget-havp/widget-havp.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2</required_version> @@ -206,7 +206,7 @@ <name>Dashboard Widget: Antivirus Status</name> <descr>Dashboard widget for HAVP status.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-antivirus/widget-antivirus.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/widget-antivirus/widget-antivirus.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2</required_version> @@ -217,8 +217,8 @@ <website>http://www.freeswitch.org/</website> <descr>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow. pfSense 1.2.3 or higher is recommended.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/freeswitch/freeswitch.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/freeswitch/freeswitch.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.9.6</version> <status>Beta</status> @@ -232,8 +232,8 @@ <website>http://www.freeswitch.org/</website> <descr>FreeSWITCH package development version.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/freeswitch_dev/freeswitch.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/freeswitch_dev/freeswitch.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.9.7.26</version> <status>Beta</status> @@ -248,7 +248,7 @@ <descr>Track things you want to note for this system.</descr> <category>Status</category> <pkginfolink/> - <config_file>http://www.pfsense.com/packages/config/notes/notes.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/notes/notes.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.2.4</version> <status>Stable</status> @@ -262,7 +262,7 @@ <descr>Trivial File Transport Protocol is a very simple file transfer protocol. Often used with routers, voip phones and more.</descr> <category>Services</category> <pkginfolink/> - <config_file>http://www.pfsense.com/packages/config/tftp/tftp.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/tftp/tftp.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>1.0.7</version> <status>Stable</status> @@ -275,8 +275,8 @@ <website/> <descr>PHP run as a service it can do anything PHP can do including but not limited to monitoring files, CPU, RAM, and send alerts to the syslog.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/PHPService</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/phpservice/phpservice.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PHPService</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/phpservice/phpservice.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.4.1</version> <status>Beta</status> @@ -290,7 +290,7 @@ <descr>Tool to Backup and Restore files and directories.</descr> <category>System</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/backup/backup.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/backup/backup.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.1.7</version> <status>Stable</status> @@ -304,7 +304,7 @@ <descr>The cron utility is used to manage commands on a schedule.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/cron/cron.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/cron/cron.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.2.2</version> <status>Beta</status> @@ -318,7 +318,7 @@ <descr>The shellcmd utility is used to manage commands on system startup.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/shellcmd/shellcmd.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.5</version> <status>Beta</status> @@ -332,7 +332,7 @@ <descr>DenyHosts analyzes logs for SSH login attempts and blocks offending IP addresses.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/denyhosts/denyhosts.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/denyhosts/denyhosts.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.5.1</version> <status>Beta</status> @@ -346,7 +346,7 @@ <descr>DNS Blacklist uses dnsmasq entries to block domain names by category.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/dnsblacklist/dnsblacklist.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/dnsblacklist/dnsblacklist.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.2.4</version> <status>Beta</status> @@ -359,8 +359,8 @@ <website/> <descr>It is a web server package that can host HTML, Javascript, CSS, and PHP. It uses the lighttpd web server that is already installed. It uses PHP5 in FastCGI mode and has access to PHP Data Ojbects and PDO SQLite.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/vhosts</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/vhosts/vhosts.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/vhosts</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/vhosts/vhosts.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <version>0.7.4</version> <status>Stable</status> @@ -370,7 +370,7 @@ </package> <package> <name>snort-old</name> - <pkginfolink>http://forum.pfsense.org/index.php/topic,16847.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,16847.0.html</pkginfolink> <website>http://www.snort.org</website> <descr>WARNING: This is the old snort package. A few current snort.org rules are not supported in this package. This package will not be supported in Pfsense 2.0.</descr> <category>Security</category> @@ -380,7 +380,7 @@ <depends_on_package>perl-5.8.9_3.tbz</depends_on_package> <depends_on_package>mysql-client-5.1.34.tbz</depends_on_package> <depends_on_package>snort-2.8.4.1_1.tbz</depends_on_package> - <config_file>http://www.pfsense.com/packages/config/snort-old/snort.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/snort-old/snort.xml</config_file> <version>2.8.4.1_5 pkg v.1.8</version> <required_version>1.2.3</required_version> <status>legacy</status> @@ -389,15 +389,15 @@ </package> <package> <name>snort</name> - <pkginfolink>http://forum.pfsense.org/index.php/topic,16847.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,16847.0.html</pkginfolink> <website>http://www.snort.org</website> <descr>Used by fortune 500 companies and governments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr> <category>Security</category> - <depends_on_package_base_url>http://www.pfsense.com/packages/config/snort/bin/7.3.x86/</depends_on_package_base_url> + <depends_on_package_base_url>http://packages.pfsense.org/packages/config/snort/bin/7.3.x86/</depends_on_package_base_url> <depends_on_package>pcre-8.10.tbz</depends_on_package> <depends_on_package>mysql-client-5.1.50_1.tbz</depends_on_package> <depends_on_package>snort-2.8.6.1.tbz</depends_on_package> - <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/snort/snort.xml</config_file> <version>2.8.6.1 pkg v. 1.35</version> <required_version>1.2.3</required_version> <status>Stable</status> @@ -409,10 +409,10 @@ <website>http://siproxd.sourceforge.net/</website> <descr>Proxy for handling NAT of multiple SIP devices to a single public IP.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/siproxd.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/siproxd.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>siproxd-0.8.0.tbz</depends_on_package> - <pkginfolink>http://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> <version>0.8.0_2</version> <status>Beta</status> <required_version>1.2.1</required_version> @@ -422,7 +422,7 @@ <name>OpenBGPD</name> <descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.</descr> <category>NET</category> - <config_file>http://www.pfsense.com/packages/config/openbgpd/openbgpd.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/openbgpd/openbgpd.xml</config_file> <version>0.4.2</version> <status>STABLE</status> <required_version>1.3</required_version> @@ -442,7 +442,7 @@ <depends_on_package>perl-5.8.8_1.tbz</depends_on_package> <status>Beta1</status> <required_version>1.2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/lightsquid/lightsquid.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/lightsquid/lightsquid.xml</config_file> <configurationfile>lightsquid.xml</configurationfile> <noembedded>true</noembedded> </package> @@ -450,7 +450,7 @@ <name>vnstat</name> <website>http://humdi.net/vnstat/</website> <descr>A console-based network traffic monitor + vnstat PHP frontend</descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> <category>Network Management</category> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>vnstat-1.6_3.tbz</depends_on_package> @@ -458,7 +458,7 @@ <status>Stable</status> <required_version>1.2.3</required_version> <maintainer>crazypark2@yahoo.dk</maintainer> - <config_file>http://www.pfsense.com/packages/config/vnstat/vnstat.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/vnstat/vnstat.xml</config_file> <configurationfile>vnstat.xml</configurationfile> <after_install_info></after_install_info> </package> @@ -472,7 +472,7 @@ <required_version>1.0</required_version> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>mbmon-205_4.tbz</depends_on_package> - <config_file>http://www.pfsense.com/packages/config/phpsysinfo/phpsysinfo.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/phpsysinfo/phpsysinfo.xml</config_file> <configurationfile>phpsysinfo.xml</configurationfile> <noembedded>true</noembedded> </package> @@ -486,7 +486,7 @@ <required_version>1.2.3</required_version> <maximum_version>1.2.3</maximum_version> <maintainer>crazypark2@yahoo.dk</maintainer> - <config_file>http://www.pfsense.com/packages/config/Fit123/fit123.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/Fit123/fit123.xml</config_file> <configurationfile>fit123.xml</configurationfile> </package> <package> @@ -496,9 +496,9 @@ <category>Services</category> <version>1.0.6.14</version> <status>Beta</status> - <pkginfolink>http://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> <required_version>1.2</required_version> - <config_file>http://www.pfsense.com/packages/config/tinydns/tinydns.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/tinydns/tinydns.xml</config_file> <configurationfile>tinydns.xml</configurationfile> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>ucspi-tcp-0.88_2.tbz</depends_on_package> @@ -512,9 +512,9 @@ <category>Services</category> <version>167859</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> <required_version>1.2.1</required_version> - <config_file>http://www.pfsense.org/packages/config/open-vm-tools/open-vm-tools.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/open-vm-tools/open-vm-tools.xml</config_file> <configurationfile>open-vm-tools.xml</configurationfile> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>open-vm-tools-nox11-253928.tbz</depends_on_package> @@ -528,15 +528,15 @@ </package> <package> <name>AutoConfigBackup</name> - <maintainer>portal@bsdperimeter.com</maintainer> + <maintainer>portal@pfsense.org</maintainer> <descr>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org</descr> <website>https://portal.pfsense.org</website> <category>Services</category> <version>1.20</version> <status>Stable</status> <required_version>1.2</required_version> - <pkginfolink>http://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup.xml</config_file> <configurationfile>autoconfigbackup.xml</configurationfile> </package> <package> @@ -546,9 +546,9 @@ <category>Services</category> <version>2.06.1</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Arping_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Arping_package</pkginfolink> <required_version>1.0.1</required_version> - <config_file>http://www.pfsense.com/packages/config/arping/arping.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/arping/arping.xml</config_file> <configurationfile>arping.xml</configurationfile> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>arping-2.06.tbz</depends_on_package> @@ -560,10 +560,10 @@ <category>Security</category> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>nmap-4.76.tbz</depends_on_package> - <config_file>http://www.pfsense.com/packages/config/nmap/nmap.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> <version>4.76</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Nmap_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> <required_version>1.2.1</required_version> <configurationfile>nmap.xml</configurationfile> </package> @@ -577,7 +577,7 @@ <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>openospfd-4.6.tbz</depends_on_package> <depends_on_package>libevent-1.4.14b_2.tbz</depends_on_package> - <config_file>http://www.pfsense.com/packages/config/openospfd/openospfd.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/openospfd/openospfd.xml</config_file> <pkginfolink></pkginfolink> <required_version>1.2.1</required_version> <configurationfile>openospfd.xml</configurationfile> @@ -591,8 +591,8 @@ <version>0.8-9</version> <required_version>1.2.1</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/imspector/imspector.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/imspector/imspector.xml</config_file> <configurationfile>imspector.xml</configurationfile> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>imspector-0.8.tbz</depends_on_package> @@ -609,11 +609,11 @@ <status>BETA</status> <required_version>1.2.1</required_version> <maintainer>rswagoner@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/nut/nut.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/nut/nut.xml</config_file> <configurationfile>nut.xml</configurationfile> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>nut-2.2.2.tbz</depends_on_package> - <pkginfolink>http://doc.pfsense.org/index.php/Nut_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Nut_package</pkginfolink> </package> <package> <name>diag_new_states</name> @@ -624,8 +624,8 @@ <maintainer>ptaylor@addressplus.net</maintainer> <required_version>1.2.1</required_version> <status>BETA</status> - <config_file>http://www.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</config_file> - <configurationfile>http://www.pfsense.com/packages/config/diag_states_pt/diag_new_states.xml</configurationfile> + <config_file>http://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</config_file> + <configurationfile>http://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</configurationfile> </package> <package> <name>darkstat</name> @@ -639,7 +639,7 @@ <status>Stable</status> <required_version>1.2.1</required_version> <maintainer>sullrich+pfsp@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/darkstat/darkstat.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/darkstat/darkstat.xml</config_file> <configurationfile>darkstat.xml</configurationfile> </package> <package> @@ -647,7 +647,7 @@ <website>http://www.mindrot.org/pfflowd.html</website> <descr>pfflowd converts OpenBSD PF status messages (sent via the pfsync interface) to Cisco NetFlow datagrams. These datagrams may be sent (via UDP) to a host of one's choice. Utilising the OpenBSD stateful packet filter infrastructure means that flow tracking is very fast and accurate.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/pfflowd.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/pfflowd.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>pfflowd-0.8.tbz</depends_on_package> <version>0.8.2</version> @@ -665,9 +665,9 @@ <depends_on_package>widentd-1.03_1.tbz</depends_on_package> <version>1.03_1</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Widentd_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Widentd_package</pkginfolink> <required_version>1.2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/widentd.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/widentd.xml</config_file> <configurationfile>widentd.xml</configurationfile> </package> <package> @@ -682,7 +682,7 @@ <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>freeradius-1.1.7_3.tbz</depends_on_package> <depends_on_package>libltdl-1.5.26.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/freeradius.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/freeradius.xml</config_file> <configurationfile>freeradius.xml</configurationfile> </package> <package> @@ -696,7 +696,7 @@ <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>bandwidthd-2.0.1_1.tbz</depends_on_package> <depends_on_package>libiconv-1.11_1.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/bandwidthd/bandwidthd.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/bandwidthd/bandwidthd.xml</config_file> <configurationfile>bandwidthd.xml</configurationfile> <noembedded>true</noembedded> </package> @@ -709,9 +709,9 @@ <depends_on_package>stunnel-4.25.tbz</depends_on_package> <version>4.30.2</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> <required_version>1.2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/stunnel.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/stunnel.xml</config_file> <configurationfile>stunnel.xml</configurationfile> </package> <package> @@ -719,12 +719,12 @@ <website>http://dast.nlanr.net/Projects/Iperf/</website> <descr>Iperf is a tool for testing network throughput, loss, and jitter.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/iperf.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/iperf.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>iperf-2.0.4.tbz</depends_on_package> <version>2.0.2_1</version> <status>Beta</status> - <pkginfolink>http://doc.pfsense.org/index.php/Iperf_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Iperf_package</pkginfolink> <required_version>1.2.1</required_version> <configurationfile>iperf.xml</configurationfile> </package> @@ -733,7 +733,7 @@ <website>http://freshmeat.net/projects/netio/</website> <descr>This is a network benchmark for DOS, OS/2 2.x, Windows NT/2000 and Unix. It measures the net throughput of a network via NetBIOS and/or TCP/IP protocols (Unix and DOS only support TCP/IP) using various different packet sizes.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/netio.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/netio.xml</config_file> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All</depends_on_package_base_url> <depends_on_package>netio-1.26.tbz</depends_on_package> <version>1.26</version> @@ -752,7 +752,7 @@ <version>0.65_2</version> <status>Stable</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/mtr-nox11.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/mtr-nox11.xml</config_file> <configurationfile>mtr-nox11.xml</configurationfile> </package> <package> @@ -768,7 +768,7 @@ <depends_on_package>squid-2.7.9.tbz</depends_on_package> <depends_on_package>squid_radius_auth-1.10.tbz</depends_on_package> <depends_on_package>openldap-sasl-client-2.4.25_1.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/squid/squid.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/squid/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> </package> <package> @@ -782,7 +782,7 @@ <maintainer>seth.mos@dds.nl</maintainer> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>lcdproc-0.5.2_2.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/lcdproc/lcdproc.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/lcdproc/lcdproc.xml</config_file> <configurationfile>lcdproc.xml</configurationfile> </package> <package> @@ -795,7 +795,7 @@ <version>2.1.a13</version> <status>ALPHA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/arpwatch.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/arpwatch.xml</config_file> <configurationfile>arpwatch.xml</configurationfile> <logging> <facilityname>arpwatch</facilityname> @@ -813,14 +813,14 @@ <required_version>1.1</required_version> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>squidGuard-1.4_3.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> <name>Zabbix Agent</name> <descr>Monitoring agent.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/zabbix-agent/zabbix-agent.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/zabbix-agent/zabbix-agent.xml</config_file> <version>1.8.2_2</version> <status>FINAL</status> <required_version>1.2.3</required_version> @@ -833,7 +833,7 @@ <name>Zabbix Proxy</name> <descr>Monitoring agent proxy.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/zabbix-proxy/zabbix-proxy.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/zabbix-proxy/zabbix-proxy.xml</config_file> <version>1.8.3,2_1</version> <status>FINAL</status> <required_version>1.2.3</required_version> @@ -851,7 +851,7 @@ <version>0.1</version> <status>BETA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> <configurationfile>openvpn-client-export.xml</configurationfile> </package> <package> @@ -865,7 +865,7 @@ <version>0.91</version> <status>BETA</status> <required_version>1.2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/havp/havp.xml</config_file> <configurationfile>havp.xml</configurationfile> <maintainer>dv_serg@mail.ru</maintainer> <after_install_info>Please check the HAVP settings.</after_install_info> @@ -876,7 +876,7 @@ <name>onatproto</name> <descr>Patch to add Protocol options to Manual Outbound NAT. WARNING! Cannot be uninstalled.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/onatproto/onatproto.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/onatproto/onatproto.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2.1</required_version> @@ -890,8 +890,8 @@ <version>0.51</version> <required_version>1.2.3</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/jailctl.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/jailctl.xml</config_file> <configurationfile>jailctl.xml</configurationfile> <maintainer>ltning-jailctl@anduin.net</maintainer> <noembedded>true</noembedded> @@ -904,8 +904,8 @@ <version>0.2</version> <required_version>1.2.3</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/jail_template.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/jail_template.xml</config_file> <configurationfile>jail_template.xml</configurationfile> <maintainer>ltning-jailctl@anduin.net</maintainer> <noembedded>true</noembedded> @@ -917,8 +917,8 @@ <version>0.1</version> <required_version>1.2.2</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/IGMPproxy</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/igmpproxy/igmpproxy.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/IGMPproxy</pkginfolink> + <config_file>http://packages.pfsense.org/packages/config/igmpproxy/igmpproxy.xml</config_file> <configurationfile>igmpproxy.xml</configurationfile> <maintainer>eri@pfsense.org</maintainer> </package> @@ -932,7 +932,7 @@ <depends_on_package>nagios-plugins-1.4.13,1.tbz</depends_on_package> <depends_on_package>libiconv-1.11_1.tbz</depends_on_package> <depends_on_package>gettext-0.17_1.tbz</depends_on_package> - <config_file>http://www.pfsense.com/packages/config/nrpe2/nrpe2.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/nrpe2/nrpe2.xml</config_file> <version>2.11</version> <status>Beta</status> <required_version>1.2</required_version> @@ -949,7 +949,7 @@ <status>STABLE</status> <required_version>1.2</required_version> <maximum_version>1.2.9</maximum_version> - <config_file>http://www.pfsense.com/packages/config/ovpnenhance/ovpnenhance.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/ovpnenhance/ovpnenhance.xml</config_file> <configurationfile>ovpnenhance.xml</configurationfile> </package> <package> @@ -960,9 +960,9 @@ <status>BETA</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.2</required_version> - <depends_on_package_base_url>http://files.pfsense.com/packages/7/All/</depends_on_package_base_url> + <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>rate-0.9.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/rate/rate.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/rate/rate.xml</config_file> <configurationfile>rate.xml</configurationfile> </package> <package> @@ -973,7 +973,7 @@ <status>So Alpha it's Omega</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.org/packages/config/blinkled/blinkled.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/blinkled/blinkled.xml</config_file> <configurationfile>blinkled.xml</configurationfile> </package> <package> @@ -984,7 +984,7 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.org/packages/config/openvpn-status/openvpn-status.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/openvpn-status/openvpn-status.xml</config_file> <configurationfile>openvpn-status.xml</configurationfile> </package> <package> @@ -995,14 +995,14 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.org/packages/config/states-summary/states-summary.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/states-summary/states-summary.xml</config_file> <configurationfile>states-summary.xml</configurationfile> </package> <package> <name>IP Range Aliases</name> <descr>Patch to add IP Range support to Network Aliases. WARNING! Cannot be uninstalled. Probably does not play nice with URL Table patch.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/iprangealiases/iprangealiases.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/iprangealiases/iprangealiases.xml</config_file> <version>0.2</version> <status>BETA</status> <required_version>1.2.3</required_version> @@ -1012,7 +1012,7 @@ <name>URL Table Aliases</name> <descr>Patch to add URL Table alias support to pull a list of CIDRs/IPs from a file by URL into a persist table. WARNING! Cannot be uninstalled. Probably does not play nice with IP Range Aliases patch. This is NOT a way to add an alias for host URLs.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/urltables/urltables.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/urltables/urltables.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2.3</required_version> @@ -1022,7 +1022,7 @@ <name>dnsmasq EDNS size increase</name> <descr>Patch to increase dnsmasq EDNS size to 4096 if needed. WARNING! Cannot be uninstalled.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/dnsmasq-edns/dnsmasq-edns.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/dnsmasq-edns/dnsmasq-edns.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2.3</required_version> @@ -1032,7 +1032,7 @@ <name>Packet Capture Fix</name> <descr>Patch to fix packet capture on 1.2.3 embedded (NanoBSD)</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/packetcapturefix/packetcapturefix.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/packetcapturefix/packetcapturefix.xml</config_file> <version>0.2</version> <status>BETA</status> <required_version>1.2.3</required_version> @@ -1046,14 +1046,14 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.org/packages/config/rrd-summary/rrd-summary.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/rrd-summary/rrd-summary.xml</config_file> <configurationfile>rrd-summary.xml</configurationfile> </package> <package> <name>Patch rc to leave filter_dirty</name> <descr>Patch to stop /etc/rc from removing /tmp/filter_dirty on boot. Fixes boot issues with some packages on certain platforms.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/patch_rc_filter_dirty/patch_rc_filter_dirty.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/patch_rc_filter_dirty/patch_rc_filter_dirty.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2.3</required_version> @@ -1065,7 +1065,7 @@ <category>Diagnostics</category> <depends_on_package_base_url>http://ftp-archive.freebsd.org/mirror/FreeBSD-Archive/ports/i386/packages-7.2-release/All/</depends_on_package_base_url> <depends_on_package>libxml2-2.7.3.tbz</depends_on_package> - <config_file>http://www.pfsense.com/packages/config/pre2upgrade/pre2upgrade.xml</config_file> + <config_file>http://packages.pfsense.org/packages/config/pre2upgrade/pre2upgrade.xml</config_file> <version>1.0</version> <status>Stable</status> <required_version>1.2</required_version> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 0e40dfb2..fa44d673 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!-- pfSense packages --> <pfsensepkgs> -<copy_packages_to_host_ssh_port>222</copy_packages_to_host_ssh_port> +<copy_packages_to_host_ssh_port>22</copy_packages_to_host_ssh_port> <copy_packages_to_host_ssh>packagecopy@files.pfsense.org</copy_packages_to_host_ssh> <copy_packages_to_folder_ssh>/usr/local/www/files/packages/8/All/</copy_packages_to_folder_ssh> <packages> @@ -9,14 +9,14 @@ <package> <name>someprogram</name> <internal_name>someprogram</internal_name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[Some cool program]]></descr> <website>http://www.example.org/someprogram</website> <category>Services</category> <version>0.99</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/someprogram/someprogram.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/someprogram/someprogram.xml</config_file> <maintainer>me@example.com</maintainer> <configurationfile>someprogram.xml</configurationfile> <build_pbi> @@ -24,24 +24,24 @@ <port>net/someprogram</port> <ports_after>www/somethingelsetoputinthepbi www/somethingelse</ports_after> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>someprogram-0.99-i386.pbi</depends_on_package_pbi> </package> --> <package> <name>Asterisk</name> - <pkginfolink>http://forum.pfsense.org/index.php/topic,47210.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,47210.0.html</pkginfolink> <descr><![CDATA[Asterisk is an open source framework for building communications applications.<br />Asterisk turns an ordinary computer into a communications server.]]></descr> <website>http://www.asterisk.org/</website> <category>Services</category> - <version>1.8 pkg v0.3.1</version> + <version>1.8 pkg v0.3.2</version> <status>Beta</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/asterisk/asterisk.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/asterisk/asterisk.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>asterisk18-1.8.25.0.tbz</depends_on_package> <depends_on_package>openldap-client-2.4.38.tbz</depends_on_package> - <depends_on_package_pbi>asterisk-1.8.25.0-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>asterisk-1.8.26.1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/asterisk</build_port_path> <maintainer>marcellocoutinho@gmail.com robreg@zsurob.hu</maintainer> <configurationfile>asterisk.xml</configurationfile> @@ -49,31 +49,31 @@ </package> <package> <name>bind</name> - <!-- <pkginfolink>http://doc.pfsense.org/index.php/bind</pkginfolink> --> + <!-- <pkginfolink>https://doc.pfsense.org/index.php/bind</pkginfolink> --> <descr><![CDATA[The most widely used name server software]]></descr> <website>http://www.isc.org/downloads/BIND/</website> <category>Services</category> - <version>9.9.4 pkg v 0.3.2</version> + <version>9.9.5 pkg v 0.3.2</version> <status>RC</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/bind/bind.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/bind/bind.xml</config_file> <configurationfile>bind.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>bind-9.9.4-i386.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>bind-9.9.5_8-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/dns/bind99</build_port_path> <build_pbi> <custom_name>bind</custom_name> <port>dns/bind99</port> </build_pbi> - <build_options>OPTIONS_UNSET=IDN REPLACE_BASE FIXED_RRSET GSSAPI LARGE_FILE;OPTIONS_SET=IPV6 LINKS SSL THREADS XML DLZ_FILESYSTEM FILTER_AAAA SIGCHASE RRL</build_options> + <build_options>OPTIONS_UNSET_FORCE=IDN REPLACE_BASE FIXED_RRSET GSSAPI LARGE_FILE;OPTIONS_SET=IPV6 LINKS SSL THREADS XML DLZ_FILESYSTEM FILTER_AAAA SIGCHASE RRL</build_options> </package> <package> <name>Filer</name> <website/> <descr>Allows you to create and overwrite files from the GUI.</descr> <category>File Management</category> - <pkginfolink>http://doc.pfsense.org/index.php/Filer_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/filer/filer.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/filer/filer.xml</config_file> <version>0.60</version> <status>Beta</status> <required_version>2.0</required_version> @@ -85,9 +85,9 @@ <website/> <descr>Block countries - This has been replaced by pfblocker. <u>This is a legacy app</u></descr> <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/countryblock/countryblock.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <pkginfolink>https://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/countryblock/countryblock.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <version>0.2.4</version> <status>Beta</status> <required_version>1.2.2</required_version> @@ -98,13 +98,13 @@ <name>Strikeback</name> <descr>Detect port scans with iplog and strikeback</descr> <website></website> - <pkginfolink>http://forum.pfsense.org/index.php/topic,37225.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,37225.0.html</pkginfolink> <category>Services</category> <version>0.1</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>tom@tomschaefer.org</maintainer> - <config_file>http://www.pfsense.com/packages/config/strikeback/strikeback.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/strikeback/strikeback.xml</config_file> <configurationfile>strikeback.xml</configurationfile> </package> <package> @@ -112,8 +112,8 @@ <website/> <descr>PHP File Manager</descr> <category>Diagnostics</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> - <config_file>http://pfsense.org/packages/config/filemgr/filemgr.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</config_file> <version>0.1.3</version> <status>Beta</status> <required_version>2.0</required_version> @@ -128,9 +128,9 @@ This package also Block countries and IP ranges.<br /> pfBlocker replaces Countryblock and IPblocklist.]]></descr> <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink> - <config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <pkginfolink>https://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <version>1.0.2</version> <status>Release</status> <required_version>2.0</required_version> @@ -141,17 +141,17 @@ <name>anyterm</name> <descr>Ajax Interactive Shell - Have you ever wanted SSH or telnet access to your system from an internet desert - from behind a strict firewall, from an internet cafe, or even from a mobile phone? Anyterm is a combination of a web page and a process that runs on your web server that provides this access. WARNING! We suggest using Stunnel in combination with this package!</descr> <website>http://anyterm.org/</website> - <pkginfolink>http://doc.pfsense.org/index.php/AnyTerm_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/AnyTerm_package</pkginfolink> <category>Diagnostics</category> <version>0.5</version> <status>BETA</status> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.com/packages/config/anyterm/anyterm.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/anyterm/anyterm.xml</config_file> <configurationfile>anyterm.xml</configurationfile> </package> <package> <name>haproxy</name> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <descr><![CDATA[The Reliable, High Performance TCP/HTTP Load Balancer<br /> This package implements both TCP and HTTP balance features from Haproxy.<br /> Supports acl's for smart backend switching.]]></descr> @@ -160,16 +160,16 @@ <version>1.4.24 pkg v 1.2.4</version> <status>Release</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy/haproxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/haproxy/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>haproxy-1.4.24.tbz</depends_on_package> <depends_on_package_pbi>haproxy-1.4.24-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/haproxy</build_port_path> </package> <package> <name>haproxy-full</name> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <descr><![CDATA[The Reliable, High Performance TCP/HTTP Load Balancer<br /> This package implements both TCP and HTTP balance features from Haproxy.<br /> (Legacy version)]]></descr> @@ -178,57 +178,57 @@ <version>1.4.24 pkg v 1.1</version> <status>Release</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>haproxy-1.4.24.tbz</depends_on_package> <depends_on_package_pbi>haproxy-1.4.24-i386.pbi</depends_on_package_pbi> </package> <package> <name>haproxy-devel</name> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <descr><![CDATA[The Reliable, High Performance TCP/HTTP(s) Load Balancer<br /> This package implements TCP, HTTP and HTTPS balance features from Haproxy.<br /> Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5-dev21 pkg v 0.6.1</version> + <version>1.5-dev22 pkg v 0.8</version> <status>Release</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy-devel/haproxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package>haproxy-1.4.21.tbz</depends_on_package> - <depends_on_package_pbi>haproxy-devel-1.5-dev21-i386.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package>haproxy-1.4.22.tbz</depends_on_package> + <depends_on_package_pbi>haproxy-devel-1.5-dev22-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/haproxy-devel</build_port_path> <build_pbi> <ports_before>security/openssl</ports_before> <custom_name>haproxy-devel</custom_name> <port>/usr/ports/net/haproxy-devel</port> </build_pbi> - <build_options>WITH_OPENSSL_PORT=yes;OPTIONS_UNSET=PCRE DPCRE;OPTIONS_SET=OPENSSL SPCRE</build_options> + <build_options>WITH_OPENSSL_PORT=yes;OPTIONS_UNSET_FORCE=PCRE DPCRE;OPTIONS_SET=OPENSSL SPCRE</build_options> </package> <package> <name>Apache with mod_security-dev</name> - <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr><![CDATA[ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.<br> It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br> In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> - <b>Backup your location config before updating form 0.2.x to 0.3 package version.</b>]]></descr> + <b>Backup your location config before updating from 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> - <version>2.4.6 pkg v0.3</version> + <version>2.4.9_1 pkg v0.3</version> <status>ALPHA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>db42-4.2.52_5.tbz</depends_on_package> <depends_on_package>gdbm-1.9.1.tbz</depends_on_package> <depends_on_package>apr-ipv6-devrandom-gdbm-db42-1.4.5.1.3.12_1.tbz</depends_on_package> <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.2.23_3-i386.pbi git-1.8.1.3-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.4.9_1-i386.pbi git-1.9.0_1-i386.pbi</depends_on_package_pbi> <configurationfile>apache_virtualhost.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -254,27 +254,27 @@ <port>www/apache24</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> - <build_options>apache24_UNSET=MPM_PREFORK;apache24_SET=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC</build_options> + <build_options>apache24_UNSET_FORCE=MPM_PREFORK;apache24_SET=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC</build_options> <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> </package> <package> <name>Proxy Server with mod_security</name> - <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.1.3</version> + <version>0.1.4</version> <status>ALPHA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>db42-4.2.52_5.tbz</depends_on_package> <depends_on_package>gdbm-1.9.1.tbz</depends_on_package> <depends_on_package>apr-ipv6-devrandom-gdbm-db42-1.4.5.1.3.12_1.tbz</depends_on_package> <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.2.23_3-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.2.27-i386.pbi</depends_on_package_pbi> <configurationfile>apache_mod_security.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -300,7 +300,7 @@ <port>www/apache22-worker-mpm</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> - <build_options>OPTIONS_UNSET=BDB MYSQL PGSQL;OPTIONS_SET=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION</build_options> + <build_options>OPTIONS_UNSET_FORCE=BDB MYSQL PGSQL;OPTIONS_SET=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET_FORCE=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION</build_options> <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> </package> <package> @@ -308,8 +308,8 @@ <website>http://www.pureftpd.org/</website> <descr>*DO NOT RUN THIS ON A FIREWALL. USE A DEDICATED MACHINE!* Pure FTPd Server is a fast, production quality, standards-conformant FTP server based on Troll-FTPd. It has no known vulnerabilities, is trivial to set up, and is especially designed for modern kernels. Features include PAM support, IPv6, chroot()ed home directories, virtual domains, built-in 'ls', FXP protocol, anti-warez system, bandwidth throttling, restricted ports for passive downloads, an LDAP backend, XML output, and more.</descr> <category>FTP</category> - <config_file>http://www.pfsense.com/packages/config/pure-ftpd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/pure-ftpd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>pure-ftpd-1.0.35.tbz</depends_on_package> <depends_on_package_pbi>pure-ftpd-1.0.36-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/ftp/pure-ftpd</build_port_path> @@ -326,22 +326,23 @@ </package> <package> <name>Avahi</name> - <pkginfolink>http://doc.pfsense.org/index.php/Avahi_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Avahi_package</pkginfolink> <website>http://www.avahi.org/</website> <descr>Avahi is a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in Apple MacOS X (branded Rendezvous, Bonjour and sometimes Zeroconf) and is very convenient. Avahi is mainly based on Lennart Poettering's flexmdns mDNS implementation for Linux which has been discontinued in favour of Avahi.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <build_port_path>/usr/ports/net/avahi</build_port_path> <build_port_path>/usr/ports/net/avahi-app</build_port_path> + <build_options>avahi_UNSET_FORCE=GTK;cairo_SET_FORCE=X11 XCB</build_options> <build_pbi> <port>net/avahi</port> </build_pbi> <depends_on_package>avahi-app-0.6.29_1.tbz</depends_on_package> - <depends_on_package_pbi>avahi-0.6.29-i386.pbi</depends_on_package_pbi> - <version>0.6.29 pkg v1.02</version> + <depends_on_package_pbi>avahi-0.6.31-i386.pbi</depends_on_package_pbi> + <version>0.6.31 pkg v1.02</version> <status>ALPHA</status> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.com/packages/config/avahi/avahi.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> <configurationfile>avahi.xml</configurationfile> <after_install_info>Please visit the Avahi settings tab and select which interfaces you do not wish Avahi to listen on and click save to start the service.</after_install_info> </package> @@ -350,7 +351,7 @@ <website>http://www.ntop.org/</website> <descr>ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>ntop-5.0.1-i386.pbi</depends_on_package_pbi> <depends_on_package>rrdtool-1.2.30_2.tbz</depends_on_package> <depends_on_package>gdbm-1.9.1.tbz</depends_on_package> @@ -372,10 +373,10 @@ <port>net/ntop</port> </build_pbi> <build_options>WITH_PCAP_PORT=true;WITH_XMLDUMP=true;WITHOUT_JUMBO_FRAMES=true;WITH_MAKO=true;WITHOUT_DEJAVU=true;WITH_JSON=true;WITH_MMAP=true;WITHOUT_PERL_MODULE=true;WITHOUT_PYTHON_MODULE=true;WITHOUT_RUBY_MODULE=true;WITHOUT_EXAMPLES=true;WITHOUT_FPECTL=true;WITH_IPV6=true;WITH_NLS=true;WITHOUT_PTH=true;WITH_PYMALLOC=true;WITHOUT_SEM=true;WITH_THREADS=true;WITHOUT_UCS2=true;WITH_UCS4=true;WITH_FONTCONFIG=true;WITH_ICONV=true;WITHOUT_XPM=true;WITHOUT_DAG=true;WITHOUT_DIGCOLA=true;WITHOUT_IPSEPCOLA=true;WITHOUT_PANGOCAIRO=true;WITHOUT_GTK=true;WITHOUT_XCB=true</build_options> - <version>5.0.1 v2.3</version> + <version>5.0.1 v2.4</version> <status>BETA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/ntop2/ntop.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/ntop2/ntop.xml</config_file> <configurationfile>ntop.xml</configurationfile> <noembedded>true</noembedded> </package> @@ -384,9 +385,9 @@ <website>http://www.freeswitch.org/</website> <descr>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow. </descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/freeswitch/freeswitch.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <pkginfolink>https://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/freeswitch/freeswitch.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>freeswitch-1.0.6_1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/freeswitch</build_port_path> <version>0.8.3.6</version> @@ -402,9 +403,9 @@ <website>http://www.freeswitch.org/</website> <descr>FreeSWITCH package development version.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/freeswitch_dev/freeswitch.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <pkginfolink>https://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/freeswitch_dev/freeswitch.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <build_port_path>/usr/ports/net/freeswitch</build_port_path> <version>0.9.7.26</version> <status>Beta</status> @@ -419,8 +420,8 @@ <descr>Track things you want to note for this system.</descr> <category>Status</category> <pkginfolink/> - <config_file>http://www.pfsense.com/packages/config/notes/notes.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/notes/notes.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <version>0.2.4</version> <status>Alpha</status> <required_version>1.2.1</required_version> @@ -433,8 +434,8 @@ <descr>Trivial File Transport Protocol is a very simple file transfer protocol. Often used with routers, voip phones and more.</descr> <category>Services</category> <pkginfolink/> - <config_file>http://www.pfsense.com/packages/config/tftp2/tftp.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/tftp2/tftp.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <version>2.0</version> <status>Stable</status> <required_version>2.0</required_version> @@ -445,9 +446,9 @@ <website/> <descr>PHP run as a service it can do anything PHP can do including but not limited to monitoring files, CPU, RAM, and send alerts to the syslog.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/PHPService</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/phpservice/phpservice.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <pkginfolink>https://doc.pfsense.org/index.php/PHPService</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <version>0.4.1</version> <status>Beta</status> <required_version>1.2.1</required_version> @@ -460,8 +461,8 @@ <descr>Tool to Backup and Restore files and directories.</descr> <category>System</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/backup/backup.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/backup/backup.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <version>0.1.5</version> <status>Beta</status> <required_version>1.2</required_version> @@ -474,8 +475,8 @@ <descr>The cron utility is used to manage commands on a schedule.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/cron/cron.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/cron/cron.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <version>0.1.8</version> <status>Beta</status> <required_version>1.2</required_version> @@ -487,9 +488,9 @@ <website/> <descr>It is a web server package that can host HTML, Javascript, CSS, and PHP. It uses the lighttpd web server that is already installed. It uses PHP5 in FastCGI mode and has access to PHP Data Ojbects and PDO SQLite.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/vhosts</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/vhosts/vhosts.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <pkginfolink>https://doc.pfsense.org/index.php/vhosts</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/vhosts/vhosts.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <version>0.7.4</version> <status>Stable</status> <required_version>1.2.3</required_version> @@ -498,19 +499,19 @@ </package> <package> <name>snort</name> - <pkginfolink></pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Setup_Snort_Package</pkginfolink> <website>http://www.snort.org</website> <descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr> <category>Security</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package>mysql-client-5.5.34.tbz</depends_on_package> - <depends_on_package>barnyard2-1.12.tbz</depends_on_package> - <depends_on_package>libnet11-1.1.6,1.tbz</depends_on_package> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package>mysql55-client-5.5.35.tbz</depends_on_package> + <depends_on_package>barnyard2-1.13.tbz</depends_on_package> + <depends_on_package>libnet-1.1.6_1,1.tbz </depends_on_package> <depends_on_package>libdnet-1.11_3.tbz</depends_on_package> - <depends_on_package>libpcap-1.4.0.tbz</depends_on_package> + <depends_on_package>libpcap-1.5.2.tbz</depends_on_package> <depends_on_package>daq-2.0.1.tbz</depends_on_package> - <depends_on_package>snort-2.9.5.5.tbz</depends_on_package> - <depends_on_package_pbi>snort-2.9.5.5-i386.pbi</depends_on_package_pbi> + <depends_on_package>snort-2.9.6.0.tbz</depends_on_package> + <depends_on_package_pbi>snort-2.9.6.0-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/devel/pcre</build_port_path> <build_port_path>/usr/ports/net/daq</build_port_path> <build_port_path>/usr/ports/net/libnet</build_port_path> @@ -522,10 +523,9 @@ <port>security/snort</port> <ports_after>security/barnyard2</ports_after> </build_pbi> - <!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. --> - <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_SET=TARGETBASED PERFPROFILE DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITH_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options> - <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.9.5.5 pkg v3.0.2</version> + <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET=TARGETBASED PERFPROFILE SOURCEFIRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;snort_UNSET=PULLEDPORK;perl_SET=THREADS;NOPORTDOCS=true</build_options> + <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> + <version>2.9.6.0 pkg v3.0.7</version> <required_version>2.0</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -536,8 +536,8 @@ <website>http://www.olsr.org/</website> <descr>The olsr.org OLSR daemon is an implementation of the Optimized Link State Routing protocol. OLSR is a routing protocol for mobile ad-hoc networks. The protocol is pro-active, table driven and utilizes a technique called multipoint relaying for message flooding.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/olsrd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/olsrd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>olsrd-0.6.2.tbz</depends_on_package> <depends_on_package_pbi>olsrd-0.6.3-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/olsrd</build_port_path> @@ -548,10 +548,10 @@ </package> <package> <name>routed</name> - <website>http://www.pfsense.com/</website> + <website>https://packages.pfsense.org/</website> <descr>RIP v1 and v2 daemon.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/routed/routed.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/routed/routed.xml</config_file> <version>1.1</version> <status>Stable</status> <required_version>2.1</required_version> @@ -562,11 +562,11 @@ <website>http://www.openbsd.org/spamd/</website> <descr>Tarpits like spamd are fake SMTP servers, which accept connections but don't deliver mail. Instead, they keep the connections open and reply very slowly. If the peer is patient enough to actually complete the SMTP dialogue (which will take ten minutes or more), the tarpit returns a 'temporary error' code (4xx), which indicates that the mail could not be delivered successfully and that the sender should keep the mail in their queue and retry again later.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/spamd/spamd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/spamd/spamd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>spamd-4.9.1.tbz</depends_on_package> <depends_on_package_pbi>spamd-4.9.1-i386.pbi</depends_on_package_pbi> - <version>4.9.1</version> + <version>4.9.1 v1.1</version> <status>Beta</status> <required_version>1.2.1</required_version> <configurationfile>spamd.xml</configurationfile> @@ -583,9 +583,9 @@ It can do first and second line antispam combat before sending incoming mail to local mail servers.<br /> Postfix can also detect zombies, check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]></descr> <category>Services</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/postfix/postfix.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <pkginfolink>https://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/postfix/postfix.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>postfix-2.10.2,1.tbz</depends_on_package> <depends_on_package>perl5-5.16.3_4.tbz</depends_on_package> <depends_on_package_pbi>postfix-2.10.2-i386.pbi</depends_on_package_pbi> @@ -605,19 +605,19 @@ For all non-commercial it's free, without cost.<br /> For all commercial use visit dansguardian website to get a licence.]]></descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/dansguardian/dansguardian.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,43786.0.html</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,43786.0.html</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>dansguardian-2.12.0.3.tbz</depends_on_package> <depends_on_package>ca_root_nss-3.14.1.tbz</depends_on_package> - <depends_on_package_pbi>dansguardian-2.12.0.3-i386.pbi</depends_on_package_pbi> - <version>2.12.0.3 pkg v.0.1.8</version> + <depends_on_package_pbi>dansguardian-2.12.0.3_2-i386.pbi</depends_on_package_pbi> + <version>2.12.0.3_2 pkg v.0.1.8</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>dansguardian.xml</configurationfile> <build_port_path>/usr/ports/www/dansguardian-devel</build_port_path> <build_port_path>/usr/ports/security/ca_root_nss</build_port_path> - <build_options>dansguardian-devel_UNSET=APACHE;dansguardian-devel_SET=TRICKLE CLAMD ICAP NTLM SSL</build_options> + <build_options>dansguardian-devel_UNSET_FORCE=APACHE;dansguardian-devel_SET=TRICKLE CLAMD ICAP NTLM SSL</build_options> <!-- NOTE: Distfile must be fetched manually from http://dansguardian.org/downloads/2/Alpha/dansguardian-2.12.0.0.tar.gz --> </package> <package> @@ -627,17 +627,17 @@ <descr><![CDATA[MailScanner is an e-mail security and anti-spam package for e-mail gateway systems.<br /> This is a level3 mail scanning tool with high CPU load.]]></descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/mailscanner/mailscanner.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,43687.0.html</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,43687.0.html</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>dcc-dccd-1.3.141.tbz</depends_on_package> <depends_on_package>perl5-5.16.3_4.tbz</depends_on_package> <depends_on_package>pyzor-0.5.0_3.tbz</depends_on_package> <depends_on_package>p5-Mail-SPF-2.9.0_1.tbz</depends_on_package> <depends_on_package>p5-IP-Country-2.28.tbz</depends_on_package> <depends_on_package>MailScanner-4.84.5_3.tbz</depends_on_package> - <depends_on_package_pbi>mailscanner-4.84.5_3-i386.pbi</depends_on_package_pbi> - <version>4.84.5_3 pkg v.0.2.4</version> + <depends_on_package_pbi>mailscanner-4.84.6-i386.pbi</depends_on_package_pbi> + <version>4.84.6 pkg v.0.2.4</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>mailscanner.xml</configurationfile> @@ -650,18 +650,18 @@ <ports_before>mail/pyzor mail/p5-Mail-SPF net/p5-IP-Country mail/dcc-dccd</ports_before> <port>mail/mailscanner</port> </build_pbi> - <build_options>mailscanner_UNSET=BDC CLAMAVMODULE;mailscanner_SET=SPAMASSASSIN CLAMAV;p5-Mail-SpamAssassin_SET=DCC</build_options> + <build_options>mailscanner_UNSET_FORCE=BDC CLAMAVMODULE;mailscanner_SET=SPAMASSASSIN CLAMAV;p5-Mail-SpamAssassin_SET=DCC</build_options> </package> <package> <name>siproxd</name> <website>http://siproxd.sourceforge.net/</website> <descr>Proxy for handling NAT of multiple SIP devices to a single public IP.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/siproxd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/siproxd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>siproxd-0.8.0.tbz</depends_on_package> <depends_on_package_pbi>siproxd-0.8.0-i386.pbi</depends_on_package_pbi> - <pkginfolink>http://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> <build_port_path>/usr/ports/net/siproxd</build_port_path> <version>0.8.0_2</version> <status>Beta</status> @@ -672,17 +672,17 @@ <name>OpenBGPD</name> <descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.</descr> <category>NET</category> - <config_file>http://www.pfsense.com/packages/config/openbgpd/openbgpd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.xml</config_file> <build_port_path>/usr/ports/net/openbgpd</build_port_path> <build_pbi> <port>net/openbgpd</port> </build_pbi> <version>0.9.1</version> <status>STABLE</status> - <pkginfolink>http://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>1.3</required_version> <configurationfile>openbgpd.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>openbgpd-5.2.20121209.tbz</depends_on_package> <depends_on_package_pbi>openbgpd-5.2.20121209-i386.pbi</depends_on_package_pbi> </package> @@ -693,10 +693,10 @@ <version>0.5.2</version> <category>Routing</category> <status>DEPRECATED</status> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>openospfd-4.6.tbz</depends_on_package> <depends_on_package_pbi>openospfd-4.6-i386.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/openospfd/openospfd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openospfd/openospfd.xml</config_file> <build_port_path>/usr/ports/net/openospfd</build_port_path> <build_port_path>/usr/ports/devel/libevent</build_port_path> <build_pbi> @@ -715,7 +715,7 @@ <category>Network Report</category> <version>1.8.2 pkg v.2.33</version> <maintainer>dv_serg@mail.ru</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>lightsquid-1.8_2.tbz</depends_on_package> <depends_on_package>perl-5.14.2_2.tbz</depends_on_package> <depends_on_package_pbi>lightsquid-1.8_2-i386.pbi</depends_on_package_pbi> @@ -727,7 +727,7 @@ <build_options>WITHOUT_DEBUGGING=true;WITHOUT_GDBM=true;WITHOUT_PERL_MALLOC=true;WITH_PERL_64BITINT=true;WITHOUT_THREADS=true;WITHOUT_MULTIPLICITY=true;WITHOUT_SUIDPERL=true;WITHOUT_SITECUSTOMIZE=true;WITH_USE_PERL=true;WITH_GDSUPPORT=true</build_options> <status>RC1</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/lightsquid/lightsquid.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/lightsquid/lightsquid.xml</config_file> <pkginfolink></pkginfolink> <configurationfile>lightsquid.xml</configurationfile> <noembedded>true</noembedded> @@ -738,9 +738,9 @@ <descr><![CDATA[Sarg - Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet.<br /> Sarg provides many informations about Proxy(squid,squidguard or dansguardian) users activities: times, bytes, sites, etc...]]></descr> <category>Network Report</category> - <config_file>http://www.pfsense.com/packages/config/sarg/sarg.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,47765.0.html</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/sarg/sarg.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,47765.0.html</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>sarg-2.3.6_2.tbz</depends_on_package> <depends_on_package>gd-2.0.35_8,1.tbz</depends_on_package> <depends_on_package_pbi>sarg-2.3.6_2-i386.pbi</depends_on_package_pbi> @@ -749,7 +749,7 @@ <required_version>2.0</required_version> <configurationfile>sarg.xml</configurationfile> <build_port_path>/usr/ports/www/sarg</build_port_path> - <build_options>sarg_UNSET=PHP</build_options> + <build_options>sarg_UNSET_FORCE=PHP</build_options> <after_install_info>Please visit sarg settings on Status Menu to configure sarg.</after_install_info> </package> <package> @@ -760,9 +760,9 @@ If it receives one with MAC-IP pair, which is not listed in 'ethers' file, it will send ARP reply with configured fake address.<br /> This will prevent not permitted host to work properly in local ethernet segment.]]></descr> <category>Security</category> - <config_file>http://www.pfsense.com/packages/config/ipguard/ipguard.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,49917.msg263664.html#msg263664</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/ipguard/ipguard.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,49917.msg263664.html#msg263664</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>ipguard-1.04.tbz</depends_on_package> <depends_on_package_pbi>ipguard-1.04-i386.pbi</depends_on_package_pbi> <version>1.0.4 pkg v.0.1</version> @@ -777,14 +777,14 @@ <descr><![CDATA[Varnish is a state-of-the-art, high-performance HTTP accelerator.<br /> It uses the advanced features in FreeBSD 6/7/8 to achieve its high performance.]]></descr> <website>http://varnish-cache.org</website> - <pkginfolink>http://doc.pfsense.org/index.php/Varnish_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Varnish_package</pkginfolink> <category>Services</category> <version>2.1.5 pkg v.1.0</version> <status>Release</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/varnish64/varnish_backends.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/varnish64/varnish_backends.xml</config_file> <configurationfile>varnish_backends.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>varnish-2.1.5_2-i386.pbi gcc-4.2.5.20090325_5-i386.pbi</depends_on_package_pbi> <depends_on_package>varnish-2.1.5.tbz</depends_on_package> <depends_on_package>gcc-4.2.5.20090325_5.tbz</depends_on_package> @@ -798,14 +798,14 @@ It uses the advanced features in FreeBSD 6/7/8 to achieve its high performance.<br /> Version 3 includes streaming support]]></descr> <website>http://varnish-cache.org</website> - <pkginfolink>http://doc.pfsense.org/index.php/Varnish_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Varnish_package</pkginfolink> <category>Services</category> <version>3.0.4 pkg v.0.2.1</version> <status>RC</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/varnish3/varnish_backends.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/varnish3/varnish_backends.xml</config_file> <configurationfile>varnish_backends.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>varnish-3.0.4-i386.pbi</depends_on_package_pbi> <depends_on_package>varnish-3.0.2.tbz</depends_on_package> <depends_on_package>pcre-8.21_1.tbz</depends_on_package> @@ -813,7 +813,7 @@ <ports_before>lang/gcc</ports_before> <port>www/varnish</port> </build_pbi> - <build_options>gcc_UNSET=JAVA</build_options> + <build_options>gcc_UNSET_FORCE=JAVA</build_options> <build_port_path>/usr/ports/www/varnish</build_port_path> <build_port_path>/usr/ports/lang/gcc42</build_port_path> </package> @@ -821,17 +821,17 @@ <name>vnstat2</name> <website>http://humdi.net/vnstat/</website> <descr>Vnstat is a console-based network traffic monitor<br />The vnstat PHP frontend and vnstati adds a more user friendly way of displaying traffic usage.</descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>vnstat-1.11.tbz</depends_on_package> <depends_on_package_pbi>vnstat-1.11_1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/vnstat</build_port_path> - <version>1.10_2</version> + <version>1.11_1</version> <status>Stable</status> <required_version>2.0</required_version> - <maintainer>crazypark2@yahoo.dk</maintainer> - <config_file>http://www.pfsense.com/packages/config/vnstat2/vnstat2.xml</config_file> + <maintainer>bryan.paradis@gmail.com</maintainer> + <config_file>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.xml</config_file> <configurationfile>vnstat2.xml</configurationfile> <after_install_info></after_install_info> </package> @@ -843,11 +843,11 @@ <version>2.5.4</version> <status>Beta</status> <required_version>1.0</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>mbmon-205_5.tbz</depends_on_package> <depends_on_package_pbi>mbmon-205_6-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/sysutils/mbmon</build_port_path> - <config_file>http://www.pfsense.com/packages/config/phpsysinfo/phpsysinfo.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/phpsysinfo/phpsysinfo.xml</config_file> <configurationfile>phpsysinfo.xml</configurationfile> <noembedded>true</noembedded> </package> @@ -858,11 +858,11 @@ <category>Services</category> <version>1.0.6.18</version> <status>Beta</status> - <pkginfolink>http://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/tinydns/tinydns.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/tinydns/tinydns.xml</config_file> <configurationfile>tinydns.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>ucspi-tcp-0.88_2.tbz</depends_on_package> <depends_on_package>daemontools-0.76_16.tbz</depends_on_package> <depends_on_package>djbdns-ipv6-1.05.b23_13.tbz</depends_on_package> @@ -875,7 +875,6 @@ <port>dns/djbdns</port> </build_pbi> <build_options>WITH_IPV6=true;WITH_SRV=true;WITHOUT_DUMPCACHE=true;WITHOUT_IGNOREIP=true;WITHOUT_JUMBO=true;WITHOUT_MAN=true;WITHOUT_PERSISTENT_MMAP=true</build_options> - <supportedbybsdperimeter>YES</supportedbybsdperimeter> </package> <package> <name>Open-VM-Tools</name> @@ -884,11 +883,11 @@ <category>Services</category> <version>8.7.0.3046 (build-425873)</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> <required_version>2.0</required_version> - <config_file>http://www.pfsense.org/packages/config/open-vm-tools_2/open-vm-tools.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/open-vm-tools_2/open-vm-tools.xml</config_file> <configurationfile>open-vm-tools.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <build_port_path>/usr/ports/emulators/open-vm-tools-nox11/</build_port_path> <depends_on_package>open-vm-tools-nox11-425873_3,1.tbz</depends_on_package> <depends_on_package>icu-50.1.2.tbz</depends_on_package> @@ -918,15 +917,15 @@ </package> <package> <name>AutoConfigBackup</name> - <maintainer>portal@bsdperimeter.com</maintainer> + <maintainer>portal@pfsense.org</maintainer> <descr>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org</descr> <website>https://portal.pfsense.org</website> <category>Services</category> - <version>1.20</version> + <version>1.23</version> <status>Stable</status> <required_version>1.2</required_version> - <pkginfolink>http://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup.xml</config_file> <configurationfile>autoconfigbackup.xml</configurationfile> </package> <package> @@ -934,30 +933,30 @@ <descr>Broadcasts a who-has ARP packet on the network and prints answers. </descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> <category>Services</category> - <version>2.09.1</version> + <version>2.09.1 v1.1</version> <status>Stable</status> <required_version>1.0.1</required_version> - <config_file>http://www.pfsense.com/packages/config/arping/arping.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/arping/arping.xml</config_file> <configurationfile>arping.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>arping-2.09_1.tbz</depends_on_package> <depends_on_package_pbi>arping-2.09_1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/arping</build_port_path> - <pkginfolink>http://doc.pfsense.org/index.php/Arping</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Arping</pkginfolink> </package> <package> <name>nmap</name> <maintainer>jimp@pfsense.org</maintainer> <descr>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</descr> <category>Security</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>lua-5.1.5_4.tbz</depends_on_package> <depends_on_package>nmap-6.25_1.tbz</depends_on_package> - <depends_on_package_pbi>nmap-6.25_1-i386.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/nmap/nmap.xml</config_file> - <version>nmap-6.25_1 pkg v1.2</version> + <depends_on_package_pbi>nmap-6.40_2-i386.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> + <version>nmap-6.40_2 pkg v1.2</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Nmap_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> <required_version>2.0</required_version> <configurationfile>nmap.xml</configurationfile> <build_port_path>/usr/ports/security/nmap</build_port_path> @@ -968,32 +967,14 @@ <descr>IMSpector is an Instant Messenger transparent proxy with logging capabilities. Currently it supports MSN, AIM, ICQ, Yahoo and IRC to different degrees.</descr> <website>http://www.imspector.org/</website> <category>Network Management</category> - <maintainer>billm@pfsense.org</maintainer> - <version>0.9-4</version> - <required_version>2.0</required_version> - <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/imspector/imspector.xml</config_file> - <configurationfile>imspector.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package>sqlite3-3.7.12.1.tbz</depends_on_package> - <depends_on_package>imspector-0.9.tbz</depends_on_package> - <depends_on_package_pbi>imspector-0.9-i386.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net-im/imspector</build_port_path> - </package> - <package> - <name>imspector-dev</name> - <internal_name>imspector</internal_name> - <descr>IMSpector is an Instant Messenger transparent proxy with logging capabilities. Currently it supports MSN, AIM, ICQ, Yahoo and IRC to different degrees.</descr> - <website>http://www.imspector.org/</website> - <category>Network Management</category> <maintainer>marcellocoutinho@gmail.com</maintainer> <version>20111108 pkg v 0.3.1</version> <required_version>2.0</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/imspector-dev/imspector.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/imspector/imspector.xml</config_file> <configurationfile>imspector.xml</configurationfile> + <build_options>imspector_SET_FORCE=PLUGINS;imspector_UNSET_FORCE=IPFW</build_options> <depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/8/All/</depends_on_package_base_url> <depends_on_package>mysql-client-5.5.19.tbz</depends_on_package> <depends_on_package>imspector-20111108.tbz</depends_on_package> @@ -1004,17 +985,17 @@ <descr>Network UPS Tools</descr> <website>http://www.networkupstools.org/</website> <category>Network Management</category> - <version>2.6.4 pkg 2.0</version> + <version>2.6.5_1 pkg 2.0</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>rswagoner@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/nut/nut.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/nut/nut.xml</config_file> <configurationfile>nut.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>nut-2.6.4.tbz</depends_on_package> <depends_on_package_pbi>nut-2.6.5_1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/sysutils/nut</build_port_path> - <pkginfolink>http://doc.pfsense.org/index.php/Nut_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Nut_package</pkginfolink> </package> <package> <name>diag_new_states</name> @@ -1025,22 +1006,22 @@ <maintainer>ptaylor@addressplus.net</maintainer> <required_version>1.2.1</required_version> <status>BETA</status> - <config_file>http://www.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</config_file> - <configurationfile>http://www.pfsense.com/packages/config/diag_states_pt/diag_new_states.xml</configurationfile> + <config_file>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</config_file> + <configurationfile>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</configurationfile> </package> <package> <name>darkstat</name> <website>http://dmr.ath.cx/net/darkstat/</website> <descr>darkstat is a network statistics gatherer. It's a packet sniffer that runs as a background process on a cable/DSL router, gathers all sorts of statistics about network usage, and serves them over HTTP.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>darkstat-3.0.714.tbz</depends_on_package> <depends_on_package_pbi>darkstat-3.0.715-i386.pbi</depends_on_package_pbi> <version>3.0.714</version> <status>Stable</status> <required_version>1.2.1</required_version> <maintainer>sullrich+pfsp@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/darkstat/darkstat.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/darkstat/darkstat.xml</config_file> <configurationfile>darkstat.xml</configurationfile> <build_port_path>/usr/ports/net-mgmt/darkstat</build_port_path> </package> @@ -1049,8 +1030,8 @@ <website>http://www.mindrot.org/pfflowd.html</website> <descr>pfflowd converts OpenBSD PF status messages (sent via the pfsync interface) to Cisco NetFlow datagrams. These datagrams may be sent (via UDP) to a host of one's choice. Utilising the OpenBSD stateful packet filter infrastructure means that flow tracking is very fast and accurate.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/pfflowd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/pfflowd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>pfflowd-0.8.tbz</depends_on_package> <depends_on_package_pbi>pfflowd-0.8-i386.pbi</depends_on_package_pbi> <version>0.8.3</version> @@ -1065,14 +1046,14 @@ <descr>RFC1413 auth/identd daemon with fixed fake reply</descr> <website>http://www.webweaving.org/widentd</website> <category>Services</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>widentd-1.03_1.tbz</depends_on_package> <depends_on_package_pbi>widentd-1.03_1-i386.pbi</depends_on_package_pbi> <version>1.03_1</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Widentd_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Widentd_package</pkginfolink> <required_version>1.2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/widentd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widentd.xml</config_file> <configurationfile>widentd.xml</configurationfile> <build_port_path>/usr/ports/net/widentd</build_port_path> </package> @@ -1085,11 +1066,11 @@ <status>Beta</status> <required_version>2.0</required_version> <maintainer>none</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>freeradius-1.1.8_4.tbz</depends_on_package> <depends_on_package>libltdl-2.4_1.tbz</depends_on_package> <depends_on_package_pbi>freeradius-1.1.8_5-i386.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/freeradius.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/freeradius.xml</config_file> <configurationfile>freeradius.xml</configurationfile> <build_port_path>/usr/ports/net/freeradius</build_port_path> <build_port_path>/usr/ports/devel/libltdl</build_port_path> @@ -1106,19 +1087,19 @@ Support: MySQL, PostgreSQL, LDAP, Kerberos<br /> FreeRADIUS and FreeRADIUS2 settings are not compatible so don't use them together or try to update<br /> On pfSense docs there is a how-to which could help you on porting users.]]></descr> - <pkginfolink>http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <category>System</category> - <version>2.1.12_1/2.2.0 pkg v1.6.7_2</version> + <version>2.1.12_1/2.2.4_1 pkg v1.6.7_2</version> <status>RC1</status> <required_version>2.0</required_version> <maintainer>nachtfalkeaw@web.de</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>freeradius-2.1.12_1.tbz</depends_on_package> - <depends_on_package_pbi>freeradius-2.2.0-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>freeradius-2.2.4_1-i386.pbi</depends_on_package_pbi> <depends_on_package>mysql-client-5.1.63.tbz</depends_on_package> <depends_on_package>postgresql-client-8.4.12.tbz</depends_on_package> <depends_on_package>openldap-sasl-client-2.4.23.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/freeradius2/freeradius.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/freeradius2/freeradius.xml</config_file> <configurationfile>freeradius.xml</configurationfile> <after_install_info>Please visit Services: FreeRADIUS</after_install_info> <!-- Try to use the new PBI build syntax here, it may help it pick up the right libs inside the single PBI rather than using multiple. --> @@ -1136,12 +1117,12 @@ <version>2.0.1_5 pkg v.0.3</version> <status>BETA</status> <required_version>1.2.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>bandwidthd-2.0.1_5.tbz</depends_on_package> <depends_on_package>libpcap-1.1.1.tbz</depends_on_package> <depends_on_package>postgresql-client-8.4.12.tbz</depends_on_package> <depends_on_package_pbi>bandwidthd-2.0.1_5-i386.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/bandwidthd/bandwidthd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/bandwidthd/bandwidthd.xml</config_file> <configurationfile>bandwidthd.xml</configurationfile> <build_port_path>/usr/ports/net/libpcap</build_port_path> <build_port_path>/usr/ports/databases/postgresql84-client</build_port_path> @@ -1157,14 +1138,14 @@ <website>http://www.stunnel.org/</website> <descr>An SSL encryption wrapper between remote client and local or remote servers. </descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>stunnel-4.43.tbz</depends_on_package> <depends_on_package_pbi>stunnel-4.54-i386.pbi</depends_on_package_pbi> <version>4.43.0</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> <required_version>1.2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/stunnel.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/stunnel.xml</config_file> <configurationfile>stunnel.xml</configurationfile> <build_port_path>/usr/ports/security/stunnel</build_port_path> <build_options>WITHOUT_FORK=true;WITH_PTHREAD=true;WITHOUT_UCONTEXT=true;WITHOUT_IPV6=true;WITH_LIBWRAP=true;WITHOUT_SSL_PORT=true</build_options> @@ -1174,13 +1155,13 @@ <website>http://dast.nlanr.net/Projects/Iperf/</website> <descr>Iperf is a tool for testing network throughput, loss, and jitter.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/iperf.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/iperf.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>iperf-2.0.5.tbz</depends_on_package> <depends_on_package_pbi>iperf-2.0.5-i386.pbi</depends_on_package_pbi> <version>2.0.5</version> <status>Beta</status> - <pkginfolink>http://doc.pfsense.org/index.php/Iperf_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Iperf_package</pkginfolink> <required_version>1.2.1</required_version> <configurationfile>iperf.xml</configurationfile> <build_port_path>/usr/ports/benchmarks/iperf</build_port_path> @@ -1190,8 +1171,8 @@ <website>http://freshmeat.net/projects/netio/</website> <descr>This is a network benchmark for DOS, OS/2 2.x, Windows NT/2000 and Unix. It measures the net throughput of a network via NetBIOS and/or TCP/IP protocols (Unix and DOS only support TCP/IP) using various different packet sizes.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/netio.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/netio.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All</depends_on_package_base_url> <depends_on_package>netio-1.26.tbz</depends_on_package> <depends_on_package_pbi>netio-1.26-i386.pbi</depends_on_package_pbi> <version>1.26</version> @@ -1206,16 +1187,16 @@ <descr>Enhanced traceroute replacement</descr> <website>http://www.bitwizard.nl/mtr/</website> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>mtr-nox11-0.82.tbz</depends_on_package> - <depends_on_package_pbi>mtr-0.82_1-i386.pbi</depends_on_package_pbi> - <version>0.82</version> + <depends_on_package_pbi>mtr-0.85_1-i386.pbi</depends_on_package_pbi> + <version>0.85_1</version> <status>Stable</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/mtr-nox11.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/mtr-nox11.xml</config_file> <configurationfile>mtr-nox11.xml</configurationfile> <build_port_path>/usr/ports/net/mtr</build_port_path> - <build_options>mtr_UNSET=X11</build_options> + <build_options>mtr_UNSET_FORCE=X11</build_options> </package> <package> <name>squid</name> @@ -1226,7 +1207,7 @@ <status>Stable</status> <required_version>2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>squid-2.7.9_3.tbz</depends_on_package> <depends_on_package>squid_radius_auth-1.10.tbz</depends_on_package> <depends_on_package>libwww-5.4.0_4.tbz</depends_on_package> @@ -1239,8 +1220,8 @@ <port>www/squid</port> <ports_after>www/squid_radius_auth</ports_after> </build_pbi> - <build_options>squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> - <config_file>http://www.pfsense.org/packages/config/squid/squid.xml</config_file> + <build_options>squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>https://packages.pfsense.org/packages/config/squid/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> </package> <package> @@ -1249,14 +1230,14 @@ <descr><![CDATA[High performance web proxy cache.<br /> It combines squid as a proxy server with it's capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> It includes an Exchange-Web-Access (OWA) Assistant.]]></descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> <version>3.1.20 pkg 2.0.6</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>squid-3.1.20.tbz</depends_on_package> <depends_on_package>libwww-5.4.0_4.tbz</depends_on_package> <build_pbi> @@ -1264,9 +1245,9 @@ <port>www/squid31</port> <ports_after>www/squid_radius_auth</ports_after> </build_pbi> - <build_options>c-icap_UNSET=IPV6;squid_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <build_options>c-icap_UNSET_FORCE=IPV6;squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> <!--<build_options>WITH_SQUID_KERB_AUTH=true;WITH_SQUID_LDAP_AUTH=true;WITH_SQUID_NIS_AUTH=true;WITH_SQUID_SASL_AUTH=true;WITH_SQUID_IPV6=true;WITH_SQUID_DELAY_POOLS=true;WITH_SQUID_SNMP=true;WITH_SQUID_SSL=true;WITH_SQUID_SSL_CRTD=true;WITH_SQUID_PINGER=true;WITHOUT_SQUID_DNS_HELPER=true;WITH_SQUID_HTCP=true;WITH_SQUID_VIA_DB=true;WITH_SQUID_CACHE_DIGESTS=true;WITHOUT_SQUID_WCCP=true;WITH_SQUID_WCCPV2=true;WITHOUT_SQUID_STRICT_HTTP=true;WITH_SQUID_IDENT=true;WITH_SQUID_REFERER_LOG=true;WITH_SQUID_USERAGENT_LOG=true;WITH_SQUID_ARP_ACL=true;WITH_SQUID_IPFW=true;WITH_SQUID_PF=true;WITHOUT_SQUID_IPFILTER=true;WITH_SQUID_FOLLOW_XFF=true;WITHOUT_SQUID_ECAP=true;WITHOUT_SQUID_ICAP=true;WITHOUT_SQUID_ESI=true;WITH_SQUID_AUFS=true;WITHOUT_SQUID_COSS=true;WITHOUT_SQUID_KQUEUE=true;WITH_SQUID_LARGEFILE=true;WITHOUT_SQUID_STACKTRACES=true;WITHOUT_SQUID_DEBUG=true</build_options>--> - <config_file>http://www.pfsense.org/packages/config/squid3/31/squid.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/squid3/31/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.1.22_1-i386.pbi</depends_on_package_pbi> </package> @@ -1276,14 +1257,14 @@ <descr><![CDATA[High performance web proxy cache.<br /> It combines squid as a proxy server with it's capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> It includes an Exchange-Web-Access (OWA) Assistant, ssl filtering and antivirus integration via i-cap]]></descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.10 pkg 2.2</version> + <version>3.3.10 pkg 2.2.2</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>squid-3.3.5.tbz</depends_on_package> <depends_on_package>libltdl-2.4.2.tbz</depends_on_package> <depends_on_package>libwww-5.4.0_4.tbz</depends_on_package> @@ -1296,8 +1277,8 @@ <port>www/squid33</port> <ports_after>www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules</ports_after> </build_pbi> - <build_options>c-icap_UNSET=IPV6;squid_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> - <config_file>http://www.pfsense.org/packages/config/squid3/33/squid.xml</config_file> + <build_options>c-icap_UNSET_FORCE=IPV6;squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <config_file>https://packages.pfsense.org/packages/config/squid3/33/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.3.10-i386.pbi</depends_on_package_pbi> </package> @@ -1310,10 +1291,10 @@ <status>BETA</status> <required_version>1.2.1</required_version> <maintainer>seth.mos@dds.nl</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>lcdproc-0.5.5.tbz</depends_on_package> <depends_on_package_pbi>lcdproc-0.5.6-i386.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/lcdproc/lcdproc.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/lcdproc/lcdproc.xml</config_file> <configurationfile>lcdproc.xml</configurationfile> <build_port_path>/usr/ports/sysutils/lcdproc</build_port_path> <build_options>lcdproc_SET=USB</build_options> @@ -1328,11 +1309,11 @@ <status>BETA</status> <required_version>2.0</required_version> <maintainer>michele@nt2.it</maintainer> - <pkginfolink>http://forum.pfsense.org/index.php/topic,44034.0.html</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <pkginfolink>https://forum.pfsense.org/index.php/topic,44034.0.html</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>lcdproc-0.5.6.tbz</depends_on_package> <depends_on_package_pbi>lcdproc-0.5.6-i386.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc.xml</config_file> <configurationfile>lcdproc.xml</configurationfile> <build_port_path>/usr/ports/sysutils/lcdproc</build_port_path> <build_options>WITH_USB=true</build_options> @@ -1343,14 +1324,14 @@ <descr>Arpwatch monitors ethernet/ip address pairings. It also logs certain changes to syslog.</descr> <website>http://www-nrg.ee.lbl.gov/</website> <category>Security</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>arpwatch-2.1.a15_6.tbz</depends_on_package> <depends_on_package_pbi>arpwatch-2.1.a15_6-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net-mgmt/arpwatch</build_port_path> - <version>2.1.a15_6 pkg v1.1.1</version> + <version>2.1.a15_6 pkg v1.1.2</version> <status>ALPHA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/arpwatch.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/arpwatch.xml</config_file> <configurationfile>arpwatch.xml</configurationfile> <logging> <facilityname>arpwatch</facilityname> @@ -1366,7 +1347,7 @@ <version>1.4_4 pkg v.1.9.5</version> <status>Beta</status> <required_version>1.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>squidGuard-1.4_4.tbz</depends_on_package> <depends_on_package>db41-4.1.25_4.tbz</depends_on_package> <depends_on_package>cyrus-sasl-2.1.26_2.tbz</depends_on_package> @@ -1378,8 +1359,8 @@ <ports_before>databases/db41 security/cyrus-sasl2</ports_before> <port>www/squidguard</port> </build_pbi> - <build_options>squidGuard_UNSET=SQUID32 SQUID33;squidGuard_SET=SAMPLE_BL SASL LDAP SQUID27;squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> - <config_file>http://www.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> + <build_options>squidGuard_UNSET_FORCE=SQUID32 SQUID33;squidGuard_SET=SAMPLE_BL SASL LDAP SQUID27;squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>https://packages.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> @@ -1388,18 +1369,18 @@ <website>http://www.squidGuard.org/</website> <maintainer>gugabsd@mundounix.com.br</maintainer> <category>Network Management</category> - <version>1.5_1 beta</version> + <version>1.5_2 beta</version> <status>Beta</status> <required_version>2.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>squidguard-devel-1.5_1-i386.pbi</depends_on_package_pbi> <build_pbi> <ports_before>databases/db46</ports_before> <port>www/squidguard-devel</port> <custom_name>squidguard-devel</custom_name> </build_pbi> - <build_options>squidGuard-devel_UNSET=SQUID32 SQUID33;squidGuard-devel_SET=LDAP STRIPNT SQUID27;squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> - <config_file>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard.xml</config_file> + <build_options>squidGuard-devel_UNSET_FORCE=SQUID32 SQUID33;squidGuard-devel_SET=LDAP STRIPNT SQUID27;squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> @@ -1411,22 +1392,22 @@ <version>1.4_4 pkg v.1.9.5</version> <status>Experimental</status> <required_version>2.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>squidguard-squid3-1.4_4-i386.pbi</depends_on_package_pbi> <build_pbi> <ports_before>www/squid33 databases/db41 security/cyrus-sasl2</ports_before> <port>www/squidguard</port> <custom_name>squidguard-squid3</custom_name> </build_pbi> - <build_options>OPTIONS_SET=FETCH LDAP;squidGuard_UNSET=SQUID27;squidGuard_SET=SAMPLE_BL SASL SQUID33;c-icap_UNSET=IPV6 squid_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> - <config_file>http://www.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> + <build_options>OPTIONS_SET=FETCH LDAP;squidGuard_UNSET_FORCE=SQUID27;squidGuard_SET=SAMPLE_BL SASL SQUID33;c-icap_UNSET_FORCE=IPV6 squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <config_file>https://packages.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> <name>Zabbix Agent</name> <descr>Monitoring agent.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/zabbix-agent/zabbix-agent.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/zabbix-agent/zabbix-agent.xml</config_file> <version>1.8.10,2 pkg v1.1</version> <status>FINAL</status> <required_version>1.2.3</required_version> @@ -1437,8 +1418,8 @@ <custom_name>zabbix-agent</custom_name> <port>net-mgmt/zabbix-agent</port> </build_pbi> - <build_options>ca_root_nss_UNSET=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET=MYSQL</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <build_options>ca_root_nss_UNSET_FORCE=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET_FORCE=MYSQL</build_options> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>zabbix-agent-1.8.10,2.tbz</depends_on_package> <depends_on_package_pbi>zabbix-agent-1.8.13-i386.pbi</depends_on_package_pbi> </package> @@ -1446,7 +1427,7 @@ <name>Zabbix Proxy</name> <descr>Monitoring agent proxy.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/zabbix-proxy/zabbix-proxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/zabbix-proxy/zabbix-proxy.xml</config_file> <version>1.8.8,2 pkg v1.1</version> <status>FINAL</status> <required_version>1.2.3</required_version> @@ -1457,8 +1438,8 @@ <custom_name>zabbix-proxy</custom_name> <port>net-mgmt/zabbix-proxy</port> </build_pbi> - <build_options>ca_root_nss_UNSET=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET=MYSQL</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <build_options>ca_root_nss_UNSET_FORCE=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET_FORCE=MYSQL</build_options> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>zabbix-proxy-1.8.8,2.tbz</depends_on_package> <depends_on_package_pbi>zabbix-proxy-1.8.13-i386.pbi</depends_on_package_pbi> </package> @@ -1466,16 +1447,16 @@ <name>OpenVPN Client Export Utility</name> <descr>Allows a pre-configured OpenVPN Windows Client or Mac OSX's Viscosity configuration bundle to be exported directly from pfSense.</descr> <category>Security</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>p7zip-9.20.1.tbz</depends_on_package> <depends_on_package>zip-3.0.tbz</depends_on_package> <depends_on_package_pbi>zip-3.0-i386.pbi p7zip-9.20.1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.4</version> + <version>1.2.9</version> <status>RELEASE</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> <configurationfile>openvpn-client-export.xml</configurationfile> </package> <package> @@ -1484,7 +1465,7 @@ <website>http://www.server-side.de/</website> <descr>Antivirus: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone. And File Scanner for local files.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>havp-0.91_1.tbz</depends_on_package> <depends_on_package_pbi>havp-0.91_1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/havp</build_port_path> @@ -1492,7 +1473,7 @@ <version>0.91_1 pkg v1.01</version> <status>BETA</status> <required_version>1.2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> <configurationfile>havp.xml</configurationfile> <maintainer>dv_serg@mail.ru</maintainer> <after_install_info>Please check the HAVP settings.</after_install_info> @@ -1505,8 +1486,8 @@ <version>0.51</version> <required_version>1.2.3</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/jailctl.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/jailctl.xml</config_file> <configurationfile>jailctl.xml</configurationfile> <maintainer>ltning-jailctl@anduin.net</maintainer> </package> @@ -1518,8 +1499,8 @@ <version>0.2</version> <required_version>1.2.3</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/jail_template.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/jail_template.xml</config_file> <configurationfile>jail_template.xml</configurationfile> <maintainer>ltning-jailctl@anduin.net</maintainer> </package> @@ -1531,15 +1512,15 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.org/packages/config/blinkled8/blinkled.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/blinkled8/blinkled.xml</config_file> <configurationfile>blinkled.xml</configurationfile> - <pkginfolink>http://doc.pfsense.org/index.php/BlinkLED_Package</pkginfolink> - <website>http://doc.pfsense.org/index.php/BlinkLED_Package</website> + <pkginfolink>https://doc.pfsense.org/index.php/BlinkLED_Package</pkginfolink> + <website>https://doc.pfsense.org/index.php/BlinkLED_Package</website> <build_port_path>/usr/ports/sysutils/blinkled</build_port_path> <build_pbi> <port>sysutils/blinkled</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>blinkled-0.1.tbz</depends_on_package> <depends_on_package_pbi>blinkled-0.1-i386.pbi</depends_on_package_pbi> </package> @@ -1551,24 +1532,14 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.0</required_version> - <config_file>http://www.pfsense.org/packages/config/gwled/gwled.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/gwled/gwled.xml</config_file> <configurationfile>gwled.xml</configurationfile> </package> <package> - <name>Dashboard Widget: Snort</name> - <descr>Dashboard widget for Snort.</descr> - <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file> - <version>0.3.7</version> - <status>BETA</status> - <required_version>1.2</required_version> - <configurationfile>widget-snort.xml</configurationfile> - </package> - <package> <name>Dashboard Widget: HAVP</name> <descr>Dashboard widget for HAVP alerts.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-havp/widget-havp.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2</required_version> @@ -1578,7 +1549,7 @@ <name>Dashboard Widget: Antivirus Status</name> <descr>Dashboard widget for HAVP status.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-antivirus/widget-antivirus.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widget-antivirus/widget-antivirus.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2</required_version> @@ -1592,7 +1563,7 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.org/packages/config/rrd-summary/rrd-summary.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/rrd-summary/rrd-summary.xml</config_file> <configurationfile>rrd-summary.xml</configurationfile> </package> <package> @@ -1600,18 +1571,18 @@ <descr>Unbound is a validating, recursive, and caching DNS resolver. This package is a drop in replacement for Services: DNS Forwarder and also supports DNSSEC extensions. Once installed please configure the Unbound service by visiting Services: Unbound DNS.</descr> <website>http://www.unbound.net/</website> <category>Services</category> - <version>1.4.21_1</version> + <version>1.4.22</version> <status>Alpha</status> <maintainer>warren@decoy.co.za</maintainer> <required_version>2.0</required_version> - <pkginfolink>http://doc.pfsense.org/index.php/Unbound_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/unbound/unbound.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/Unbound_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/unbound/unbound.xml</config_file> <configurationfile>unbound.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package>unbound-1.4.21_1.tbz</depends_on_package> - <depends_on_package>ldns-1.6.16.tbz</depends_on_package> - <depends_on_package>expat-2.0.1_2.tbz</depends_on_package> - <depends_on_package>libevent-1.4.14b_2.tbz</depends_on_package> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package>unbound-1.4.22.tbz</depends_on_package> + <depends_on_package>ldns-1.6.17.tbz</depends_on_package> + <depends_on_package>expat-2.1.0.tbz</depends_on_package> + <depends_on_package>libevent2-2.0.21.tbz</depends_on_package> <build_port_path>/usr/ports/dns/unbound/</build_port_path> <build_port_path>/usr/ports/dns/ldns</build_port_path> <build_port_path>/usr/ports/textproc/expat2</build_port_path> @@ -1620,8 +1591,8 @@ <ports_before>dns/ldns textproc/expat2 devel/libevent2</ports_before> <port>dns/unbound</port> </build_pbi> - <depends_on_package_pbi>unbound-1.4.21_1-i386.pbi</depends_on_package_pbi> - <build_options>unbound_UNSET=GOST ECDSA;unbound_SET=LIBEVENT20 THREADS</build_options> + <depends_on_package_pbi>unbound-1.4.22-i386.pbi</depends_on_package_pbi> + <build_options>unbound_UNSET_FORCE=GOST ECDSA;unbound_SET=LIBEVENT20 THREADS</build_options> <logging> <facilityname>unbound</facilityname> <logfilename>unbound.log</logfilename> @@ -1635,7 +1606,7 @@ <descr>The shellcmd utility is used to manage commands on system startup.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/shellcmd/shellcmd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</config_file> <version>0.5</version> <status>Beta</status> <required_version>1.2</required_version> @@ -1652,7 +1623,7 @@ <status>BETA</status> <required_version>2.0</required_version> <maintainer>ey@tm-k.com</maintainer> - <config_file>http://www.pfsense.org/packages/config/widescreen/widescreen.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widescreen/widescreen.xml</config_file> <configurationfile>widescreen.xml</configurationfile> <!-- Disabling on 2.0.2 and 2.1 since it overwrites the menu --> <maximum_version>2.0.1</maximum_version> @@ -1662,18 +1633,18 @@ <website>http://wiki.nagios.org/index.php/Howtos:nrpe_nsca</website> <descr>NRPE is an addon for Nagios that allows you to execute plugins on remote Linux/Unix hosts. This is useful if you need to monitor local resources/attributes like disk usage, CPU load, memory usage, etc. on a remote host.</descr> <category>Services</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>nrpe-2.12_3.tbz</depends_on_package> <depends_on_package>nagios-plugins-1.4.15_1,1.tbz</depends_on_package> <depends_on_package_pbi>nrpe-2.13_2-i386.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net-mgmt/nrpe2</build_port_path> + <build_port_path>/usr/ports/net-mgmt/nrpe</build_port_path> <build_port_path>/usr/ports/net-mgmt/nagios-plugins</build_port_path> <build_pbi> <ports_before>net-mgmt/nagios-plugins</ports_before> - <port>net-mgmt/nrpe2</port> + <port>net-mgmt/nrpe</port> </build_pbi> - <build_options>nrpe2_SET=SSL;nrpe2_UNSET=ARGS</build_options> - <config_file>http://www.pfsense.com/packages/config/nrpe2/nrpe2.xml</config_file> + <build_options>nrpe_SET=SSL;nrpe_UNSET_FORCE=ARGS</build_options> + <config_file>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.xml</config_file> <version>2.12_3 v2.2</version> <status>Beta</status> <required_version>1.2</required_version> @@ -1685,7 +1656,7 @@ <website>https://github.com/sileht/check_mk/blob/master/doc/README</website> <descr><![CDATA[The basic idea of check_mk is to fetch "all" information about a target host at once.<br>For each host to be monitored check_mk is called by Nagios only once per time period.]]></descr> <category>Services</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <build_port_path>/usr/ports/sysutils/muse</build_port_path> <build_port_path>/usr/ports/sysutils/ipmitool</build_port_path> <build_port_path>devel/libstatgrab</build_port_path> @@ -1694,7 +1665,7 @@ <port>sysutils/muse</port> </build_pbi> <build_options></build_options> - <config_file>http://www.pfsense.com/packages/config/checkmk-agent/checkmk.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.xml</config_file> <version>v0.1</version> <status>RC1</status> <required_version>2.0</required_version> @@ -1709,7 +1680,7 @@ <version>1.0</version> <status>Beta</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/sshdcond/sshdcond.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.xml</config_file> <maintainer>namezero@afim.info</maintainer> <configurationfile>sshdcond.xml</configurationfile> </package> @@ -1717,10 +1688,10 @@ <name>mailreport</name> <descr>Allows you to setup periodic e-mail reports containing command output, log file contents, and RRD graphs.</descr> <category>Network Management</category> - <version>2.0.7</version> + <version>2.0.9</version> <status>Stable</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/mailreport/mailreport.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/mailreport/mailreport.xml</config_file> <configurationfile>mailreport.xml</configurationfile> </package> <package> @@ -1729,15 +1700,15 @@ This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.]]> </descr> <category>Services</category> - <version>1.0</version> + <version>1.1</version> <status>BETA</status> <website>www.winton.org.uk/zebedee/</website> <maintainer>jorgelustosa@gmail.com marcellocoutinho@gmail.com</maintainer> <required_version>2.0</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>zebedee-2.5.3.tbz</depends_on_package> <depends_on_package_pbi>zebedee-2.5.3-i386.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/zebedee/zebedee.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/zebedee/zebedee.xml</config_file> <configurationfile>zebedee.xml</configurationfile> <build_port_path>/usr/ports/security/zebedee</build_port_path> </package> @@ -1745,7 +1716,7 @@ <name>OpenVPN tap Bridging Fix</name> <descr>Patch to fix OpenVPN tap bridging on 2.0.x. WARNING! Cannot be uninstalled.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml</config_file> <version>0.4</version> <status>BETA</status> <required_version>2.0</required_version> @@ -1758,10 +1729,10 @@ <version>0.99.22.3 v0.6.1</version> <category>Routing</category> <status>BETA</status> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>quagga-0.99.22.3.tbz</depends_on_package> <depends_on_package_pbi>quagga-0.99.22.3-i386.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd.xml</config_file> <build_port_path>/usr/ports/net/quagga</build_port_path> <pkginfolink></pkginfolink> <required_version>2.0</required_version> @@ -1774,7 +1745,7 @@ <version>1.0</version> <category>System</category> <status>RELEASE</status> - <config_file>http://www.pfsense.com/packages/config/systempatches/systempatches.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/systempatches/systempatches.xml</config_file> <pkginfolink></pkginfolink> <required_version>2.0</required_version> <configurationfile>systempatches.xml</configurationfile> @@ -1785,11 +1756,11 @@ <descr><![CDATA[Bacula is a set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds.]]></descr> <website>http://www.bacula.org/</website> <category>Services</category> - <version>5.2.12_3 pkg v 1.0.1</version> + <version>5.2.12_3 pkg v 1.0.2</version> <status>Stable</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/bacula-client/bacula-client.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>bacula-client-5.2.12_3.tbz</depends_on_package> <depends_on_package_pbi>bacula-5.2.12_3-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/sysutils/bacula-client</build_port_path> @@ -1803,76 +1774,76 @@ <package> <!-- This does not exist yet, this is here to trigger a PBI build --> <name>urlsnarf</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[HTTP URL Sniffer (console/shell only)]]></descr> <category>Services</category> <version>2.3_4</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/urlsnarf/urlsnarf.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/urlsnarf/urlsnarf.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>urlsnarf.xml</configurationfile> <build_pbi> <ports_before>net/libnet10</ports_before> <port>security/dsniff</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>dsniff-2.3_4-i386.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> <name>iftop</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[Realtime interface monitor (console/shell only)]]></descr> <category>Services</category> <version>0.17</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/iftop/iftop.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/iftop/iftop.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>iftop.xml</configurationfile> <build_pbi> <port>net-mgmt/iftop</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>iftop-0.17-i386.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a pkg build --> <name>git</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[GIT Source Code Management (console/shell only)]]></descr> <category>Services</category> - <version>1.8.1.3</version> + <version>1.9.0_1</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/git/git.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/git/git.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>git.xml</configurationfile> - <build_options>git_UNSET=GITWEB GUI HTMLDOCS CVS P4 SVN;git_SET=CONTRIB CURL ETCSHELLS ICONV NLS PERL</build_options> + <build_options>git_UNSET_FORCE=GITWEB GUI HTMLDOCS CVS P4 SVN;git_SET=CONTRIB CURL ETCSHELLS ICONV NLS PERL</build_options> <build_port_path>/usr/ports/devel/git</build_port_path> <build_pbi> <port>devel/git</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>git-1.8.1.3-i386.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>git-1.9.0_1-i386.pbi</depends_on_package_pbi> </package> <package> <name>tinc</name> <website>http://www.tinc-vpn.org/</website> <descr>tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private mesh network between hosts on the Internet.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>tinc-1.0.21-i386.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>tinc-1.0.23-i386.pbi</depends_on_package_pbi> <build_pbi> <port>security/tinc</port> </build_pbi> <build_options></build_options> - <version>1.0.21</version> + <version>1.0.23 v1.1</version> <status>ALPHA</status> - <pkginfolink>http://doc.pfsense.org/index.php/tinc_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/tinc_package</pkginfolink> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/tinc/tinc.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/tinc/tinc.xml</config_file> <configurationfile>tinc.xml</configurationfile> <logging> <facilityname>tinc</facilityname> @@ -1885,26 +1856,26 @@ <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> <category>Services</category> - <version>3.3.7_4</version> + <version>3.5.4.1</version> <status>ALPHA</status> <required_version>2.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>syslog-ng-3.3.7_4-i386.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>syslog-ng-3.5.4.1-i386.pbi</depends_on_package_pbi> <build_pbi> <ports_before>sysutils/logrotate</ports_before> <port>sysutils/syslog-ng</port> </build_pbi> <build_options></build_options> <maintainer>laleger@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.xml</config_file> <configurationfile>syslog-ng.xml</configurationfile> </package> <package> <name>Zabbix-2 Agent</name> <descr>Monitoring agent.</descr> <category>Services</category> - <config_file>http://www.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> - <version>zabbix2-agent-2.2.1 pkg v0.8_0</version> + <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> + <version>zabbix2-agent-2.2.2 pkg v0.8_2</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-agent.xml</configurationfile> @@ -1914,16 +1885,16 @@ <custom_name>zabbix22-agent</custom_name> <port>net-mgmt/zabbix22-agent</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package>zabbix22-agent-2.2.1.tbz</depends_on_package> - <depends_on_package_pbi>zabbix22-agent-2.2.1-i386.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package>zabbix22-agent-2.2.2.tbz</depends_on_package> + <depends_on_package_pbi>zabbix22-agent-2.2.2-i386.pbi</depends_on_package_pbi> </package> <package> <name>Zabbix-2 Proxy</name> <descr>Monitoring agent proxy.</descr> <category>Services</category> - <config_file>http://www.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> - <version>zabbix2-proxy-2.2.1 pkg v0.8_0</version> + <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> + <version>zabbix2-proxy-2.2.2 pkg v0.8_2</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-proxy.xml</configurationfile> @@ -1934,45 +1905,45 @@ <port>net-mgmt/zabbix22-proxy</port> </build_pbi> <build_options>OPTIONS_SET+= SQLITE IPV6;OPTIONS_UNSET+= MYSQL JABBER GSSAPI</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package>zabbix22-proxy-2.2.1.tbz</depends_on_package> - <depends_on_package_pbi>zabbix22-proxy-2.2.1-i386.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package>zabbix22-proxy-2.2.2.tbz</depends_on_package> + <depends_on_package_pbi>zabbix22-proxy-2.2.2-i386.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> <name>ipmitool</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[IPMI Tools for local/remote data retrieval and control (Console only, no GUI)]]></descr> <category>Services</category> - <version>1.8.12</version> + <version>1.8.12_5</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/ipmitool/ipmitool.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/ipmitool/ipmitool.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>ipmitool.xml</configurationfile> <build_pbi> <port>sysutils/ipmitool</port> </build_pbi> - <build_options>ipmitool_SET=FREEIPMI;freeipmi_UNSET=DOCS DEBUG IOPERM</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>ipmitool-1.8.12_3-i386.pbi</depends_on_package_pbi> + <build_options>ipmitool_SET=FREEIPMI;freeipmi_UNSET_FORCE=DOCS DEBUG IOPERM</build_options> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>ipmitool-1.8.12_5-i386.pbi</depends_on_package_pbi> </package> <package> <name>sudo</name> - <pkginfolink>http://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> <version>0.2</version> <status>Beta</status> <required_version>2.0.2</required_version> - <config_file>http://www.pfsense.com/packages/config/sudo/sudo.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>sudo.xml</configurationfile> <build_pbi> <port>security/sudo</port> </build_pbi> <build_port_path>/usr/ports/security/sudo</build_port_path> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>sudo-1.8.6.p8.tbz</depends_on_package> <depends_on_package_pbi>sudo-1.8.6p8-i386.pbi</depends_on_package_pbi> </package> @@ -1980,10 +1951,10 @@ <name>Service Watchdog</name> <descr>Monitors for stopped services and restarts them.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.4</version> + <version>1.6</version> <category>Services</category> - <status>BETA</status> - <config_file>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.xml</config_file> + <status>Release</status> + <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> <pkginfolink></pkginfolink> <required_version>2.1</required_version> <configurationfile>servicewatchdog.xml</configurationfile> @@ -1993,8 +1964,8 @@ <website>http://code.google.com/p/softflowd/</website> <descr>Softflowd is flow-based network traffic analyser capable of Cisco NetFlow data export. Softflowd semi-statefully tracks traffic flows recorded by listening on a network interface or by reading a packet capture file. These flows may be reported via NetFlow to a collecting host or summarised within softflowd itself. Softflowd supports Netflow versions 1, 5 and 9 and is fully IPv6-capable - it can track IPv6 flows and send export datagrams via IPv6. It also supports export to multicast groups, allowing for redundant flow collectors.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/softflowd/softflowd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>softflowd-0.9.8_2-i386.pbi</depends_on_package_pbi> <version>0.9.8</version> <status>Beta</status> @@ -2009,8 +1980,8 @@ <name>Apcupsd</name> <descr>Set of programs for controlling APC UPS.</descr> <category>Services</category> - <config_file>http://www.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>apcupsd-3.14.10_1 pkg v0.1</version> + <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> + <version>apcupsd-3.14.10_1 pkg v0.3</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>apcupsd.xml</configurationfile> @@ -2020,10 +1991,44 @@ <custom_name>apcupsd</custom_name> <port>sysutils/apcupsd</port> </build_pbi> - <build_options>apcupsd_SET=APCSMART_DRV APCDUMB_DRV PCNET_DRV USB TCP_WRAPPERS SNMP_DRV;apcupsd_UNSET=CLIENT_ONLY CGI SNMP_DRV_OLD TEST_DRV GAPCMON DOCS</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <build_options>apcupsd_SET=APCSMART_DRV APCDUMB_DRV PCNET_DRV USB TCP_WRAPPERS SNMP_DRV;apcupsd_UNSET_FORCE=CLIENT_ONLY CGI SNMP_DRV_OLD TEST_DRV GAPCMON DOCS</build_options> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>apcupsd-3.14.10_1.tbz</depends_on_package> <depends_on_package_pbi>apcupsd-3.14.10_1-i386.pbi</depends_on_package_pbi> </package> + <package> + <name>LADVD</name> + <descr>Send and decode link layer advertisements</descr> + <website>https://code.google.com/p/ladvd/</website> + <category>Network Management</category> + <version>1.0.4</version> + <status>BETA</status> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>ladvd-1.0.4-i386.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/ladvd/ladvd.xml</config_file> + <build_port_path>/usr/ports/net/ladvd</build_port_path> + <pkginfolink></pkginfolink> + <required_version>2.1</required_version> + <configurationfile>ladvd.xml</configurationfile> + </package> + <package> + <name>suricata</name> + <website>http://suricata-ids.org/</website> + <descr><![CDATA[Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.]]></descr> + <category>Security</category> + <version>1.4.6 pkg v0.3</version> + <status>BETA</status> + <required_version>2.1</required_version> + <config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file> + <configurationfile>suricata.xml</configurationfile> + <build_pbi> + <port>security/suricata</port> + <ports_after>security/barnyard2</ports_after> + </build_pbi> + <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;suricata_SET=IPFW PORTS_PCAP TESTS;suricata_UNSET=PRELUDE</build_options> + <build_port_path>/usr/ports/security/suricata</build_port_path> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>suricata-1.4.6-i386.pbi</depends_on_package_pbi> + </package> </packages> </pfsensepkgs> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 6454a58e..f283c712 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!-- pfSense packages --> <pfsensepkgs> -<copy_packages_to_host_ssh_port>222</copy_packages_to_host_ssh_port> +<copy_packages_to_host_ssh_port>22</copy_packages_to_host_ssh_port> <copy_packages_to_host_ssh>packagecopy@files.pfsense.org</copy_packages_to_host_ssh> <copy_packages_to_folder_ssh>/usr/local/www/files/packages/amd64/8/All/</copy_packages_to_folder_ssh> <packages> @@ -9,14 +9,14 @@ <package> <name>someprogram</name> <internal_name>someprogram</internal_name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[Some cool program]]></descr> <website>http://www.example.org/someprogram</website> <category>Services</category> <version>0.99</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/someprogram/someprogram.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/someprogram/someprogram.xml</config_file> <maintainer>me@example.com</maintainer> <configurationfile>someprogram.xml</configurationfile> <build_pbi> @@ -24,24 +24,24 @@ <port>net/someprogram</port> <ports_after>www/somethingelsetoputinthepbi www/somethingelse</ports_after> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>someprogram-0.99-amd64.pbi</depends_on_package_pbi> </package> --> <package> <name>Asterisk</name> - <pkginfolink>http://forum.pfsense.org/index.php/topic,47210.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,47210.0.html</pkginfolink> <descr><![CDATA[Asterisk is an open source framework for building communications applications.<br />Asterisk turns an ordinary computer into a communications server.]]></descr> <website>http://www.asterisk.org/</website> <category>Services</category> - <version>1.8 pkg v0.3.1</version> + <version>1.8 pkg v0.3.2</version> <status>Beta</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/asterisk/asterisk.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/asterisk/asterisk.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>asterisk18-1.8.25.0.tbz</depends_on_package> <depends_on_package>openldap-client-2.4.38.tbz</depends_on_package> - <depends_on_package_pbi>asterisk-1.8.25.0-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>asterisk-1.8.26.1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/asterisk</build_port_path> <maintainer>marcellocoutinho@gmail.com robreg@zsurob.hu</maintainer> <configurationfile>asterisk.xml</configurationfile> @@ -49,31 +49,31 @@ </package> <package> <name>bind</name> - <!-- <pkginfolink>http://doc.pfsense.org/index.php/bind</pkginfolink> --> + <!-- <pkginfolink>https://doc.pfsense.org/index.php/bind</pkginfolink> --> <descr><![CDATA[The most widely used name server software]]></descr> <website>http://www.isc.org/downloads/BIND/</website> <category>Services</category> - <version>9.9.4 pkg v 0.3.2</version> + <version>9.9.5 pkg v 0.3.2</version> <status>RC</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/bind/bind.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/bind/bind.xml</config_file> <configurationfile>bind.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>bind-9.9.4-amd64.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>bind-9.9.5_8-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/dns/bind99</build_port_path> <build_pbi> <custom_name>bind</custom_name> <port>dns/bind99</port> </build_pbi> - <build_options>OPTIONS_UNSET=IDN REPLACE_BASE FIXED_RRSET GSSAPI;OPTIONS_SET=IPV6 LINKS SSL THREADS XML DLZ_FILESYSTEM FILTER_AAAA SIGCHASE RRL LARGE_FILE</build_options> + <build_options>OPTIONS_UNSET_FORCE=IDN REPLACE_BASE FIXED_RRSET GSSAPI;OPTIONS_SET=IPV6 LINKS SSL THREADS XML DLZ_FILESYSTEM FILTER_AAAA SIGCHASE RRL LARGE_FILE</build_options> </package> <package> <name>Filer</name> <website/> <descr>Allows you to create and overwrite files from the GUI.</descr> <category>File Management</category> - <pkginfolink>http://doc.pfsense.org/index.php/Filer_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/filer/filer.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/filer/filer.xml</config_file> <version>0.60</version> <status>Beta</status> <required_version>2.0</required_version> @@ -85,9 +85,9 @@ <website/> <descr>Block countries - This has been replaced by pfblocker. <u>This is a legacy app</u></descr> <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/countryblock/countryblock.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <pkginfolink>https://forum.pfsense.org/index.php/topic,25732.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/countryblock/countryblock.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <version>0.2.4</version> <status>Beta</status> <required_version>1.2.2</required_version> @@ -99,8 +99,8 @@ <website/> <descr>PHP File Manager</descr> <category>Diagnostics</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> - <config_file>http://pfsense.org/packages/config/filemgr/filemgr.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</config_file> <version>0.1.3</version> <status>Beta</status> <required_version>2.0</required_version> @@ -115,9 +115,9 @@ This package also Block countries and IP ranges.<br /> pfBlocker replaces Countryblock and IPblocklist.]]></descr> <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink> - <config_file>http://pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <pkginfolink>https://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <version>1.0.2</version> <status>Release</status> <required_version>2.0</required_version> @@ -128,17 +128,17 @@ <name>anyterm</name> <descr>Ajax Interactive Shell - Have you ever wanted SSH or telnet access to your system from an internet desert - from behind a strict firewall, from an internet cafe, or even from a mobile phone? Anyterm is a combination of a web page and a process that runs on your web server that provides this access. WARNING! We suggest using Stunnel in combination with this package!</descr> <website>http://anyterm.org/</website> - <pkginfolink>http://doc.pfsense.org/index.php/AnyTerm_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/AnyTerm_package</pkginfolink> <category>Diagnostics</category> <version>0.5</version> <status>BETA</status> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.com/packages/config/anyterm/anyterm.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/anyterm/anyterm.xml</config_file> <configurationfile>anyterm.xml</configurationfile> </package> <package> <name>haproxy</name> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <descr><![CDATA[The Reliable, High Performance TCP/HTTP Load Balancer<br /> This package implements both TCP and HTTP balance features from Haproxy.<br /> Supports acl's for smart backend switching.]]></descr> @@ -147,16 +147,16 @@ <version>1.4.24 pkg v 1.2.4</version> <status>Release</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy/haproxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/haproxy/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>haproxy-1.4.24.tbz</depends_on_package> <depends_on_package_pbi>haproxy-1.4.24-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/haproxy</build_port_path> </package> <package> <name>haproxy-full</name> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <descr><![CDATA[The Reliable, High Performance TCP/HTTP Load Balancer<br /> This package implements both TCP and HTTP balance features from Haproxy.<br /> (Legacy version)]]></descr> @@ -165,57 +165,57 @@ <version>1.4.24 pkg v 1.1</version> <status>Release</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>haproxy-1.4.24.tbz</depends_on_package> <depends_on_package_pbi>haproxy-1.4.24-amd64.pbi</depends_on_package_pbi> </package> <package> <name>haproxy-devel</name> - <pkginfolink>http://doc.pfsense.org/index.php/haproxy_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/haproxy_package</pkginfolink> <descr><![CDATA[The Reliable, High Performance TCP/HTTP(s) Load Balancer<br /> This package implements TCP, HTTP and HTTPS balance features from Haproxy.<br /> Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5-dev21 pkg v 0.6.1</version> + <version>1.5-dev22 pkg v 0.8</version> <status>Release</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/haproxy-devel/haproxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package>haproxy-1.4.21.tbz</depends_on_package> - <depends_on_package_pbi>haproxy-devel-1.5-dev21-amd64.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package>haproxy-1.4.22.tbz</depends_on_package> + <depends_on_package_pbi>haproxy-devel-1.5-dev22-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/haproxy-devel</build_port_path> <build_pbi> <ports_before>security/openssl</ports_before> <custom_name>haproxy-devel</custom_name> <port>/usr/ports/net/haproxy-devel</port> </build_pbi> - <build_options>WITH_OPENSSL_PORT=yes;OPTIONS_UNSET=PCRE DPCRE;OPTIONS_SET=OPENSSL SPCRE</build_options> + <build_options>WITH_OPENSSL_PORT=yes;OPTIONS_UNSET_FORCE=PCRE DPCRE;OPTIONS_SET=OPENSSL SPCRE</build_options> </package> <package> <name>Apache with mod_security-dev</name> - <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr><![CDATA[ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.<br> It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br> In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> - <b>Backup your location config before updating form 0.2.x to 0.3 package version.</b>]]></descr> + <b>Backup your location config before updating from 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> - <version>2.4.6 pkg v0.3</version> + <version>2.4.9_1 pkg v0.3</version> <status>ALPHA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>db42-4.2.52_5.tbz</depends_on_package> <depends_on_package>gdbm-1.9.1.tbz</depends_on_package> <depends_on_package>apr-ipv6-devrandom-gdbm-db42-1.4.5.1.3.12_1.tbz</depends_on_package> <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.2.23_3-amd64.pbi git-1.8.1.3-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.4.9_1-amd64.pbi git-1.9.0_1-amd64.pbi</depends_on_package_pbi> <configurationfile>apache_virtualhost.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -241,27 +241,27 @@ <port>www/apache24</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> - <build_options>apache24_UNSET=MPM_PREFORK;apache24_SET=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC</build_options> + <build_options>apache24_UNSET_FORCE=MPM_PREFORK;apache24_SET=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET=MLOGC</build_options> <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> </package> <package> <name>Proxy Server with mod_security</name> - <pkginfolink>http://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.1.3</version> + <version>0.1.4</version> <status>ALPHA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>db42-4.2.52_5.tbz</depends_on_package> <depends_on_package>gdbm-1.9.1.tbz</depends_on_package> <depends_on_package>apr-ipv6-devrandom-gdbm-db42-1.4.5.1.3.12_1.tbz</depends_on_package> <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.2.23_3-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.2.27-amd64.pbi</depends_on_package_pbi> <configurationfile>apache_mod_security.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -287,7 +287,7 @@ <port>www/apache22-worker-mpm</port> <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> - <build_options>OPTIONS_UNSET=BDB MYSQL PGSQL;OPTIONS_SET=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION</build_options> + <build_options>OPTIONS_UNSET_FORCE=BDB MYSQL PGSQL;OPTIONS_SET=SQLITE THREADS IPV6 SSL;WITH_MPM=worker;apache22-worker-mpm_UNSET_FORCE=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION</build_options> <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> </package> <package> @@ -295,8 +295,8 @@ <website>http://www.pureftpd.org/</website> <descr>*DO NOT RUN THIS ON A FIREWALL. USE A DEDICATED MACHINE!* Pure FTPd Server is a fast, production quality, standards-conformant FTP server based on Troll-FTPd. It has no known vulnerabilities, is trivial to set up, and is especially designed for modern kernels. Features include PAM support, IPv6, chroot()ed home directories, virtual domains, built-in 'ls', FXP protocol, anti-warez system, bandwidth throttling, restricted ports for passive downloads, an LDAP backend, XML output, and more.</descr> <category>FTP</category> - <config_file>http://www.pfsense.com/packages/config/pure-ftpd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/pure-ftpd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>pure-ftpd-1.0.35.tbz</depends_on_package> <depends_on_package_pbi>pure-ftpd-1.0.36-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/ftp/pure-ftpd</build_port_path> @@ -313,22 +313,23 @@ </package> <package> <name>Avahi</name> - <pkginfolink>http://doc.pfsense.org/index.php/Avahi_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Avahi_package</pkginfolink> <website>http://www.avahi.org/</website> <descr>Avahi is a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in Apple MacOS X (branded Rendezvous, Bonjour and sometimes Zeroconf) and is very convenient. Avahi is mainly based on Lennart Poettering's flexmdns mDNS implementation for Linux which has been discontinued in favour of Avahi.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <build_port_path>/usr/ports/net/avahi</build_port_path> <build_port_path>/usr/ports/net/avahi-app</build_port_path> + <build_options>avahi_UNSET_FORCE=GTK;cairo_SET_FORCE=X11 XCB</build_options> <build_pbi> <port>net/avahi</port> </build_pbi> <depends_on_package>avahi-0.6.29.tbz</depends_on_package> - <depends_on_package_pbi>avahi-0.6.29-amd64.pbi</depends_on_package_pbi> - <version>0.6.29 pkg v1.02</version> + <depends_on_package_pbi>avahi-0.6.31-amd64.pbi</depends_on_package_pbi> + <version>0.6.31 pkg v1.02</version> <status>ALPHA</status> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.com/packages/config/avahi/avahi.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> <configurationfile>avahi.xml</configurationfile> <after_install_info>Please visit the Avahi settings tab and select which interfaces you do not wish Avahi to listen on and click save to start the service.</after_install_info> </package> @@ -337,7 +338,7 @@ <website>http://www.ntop.org/</website> <descr>ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>ntop-5.0.1-amd64.pbi</depends_on_package_pbi> <depends_on_package>rrdtool-1.2.30_2.tbz</depends_on_package> <depends_on_package>gdbm-1.9.1.tbz</depends_on_package> @@ -359,10 +360,10 @@ <port>net/ntop</port> </build_pbi> <build_options>WITH_PCAP_PORT=true;WITH_XMLDUMP=true;WITHOUT_JUMBO_FRAMES=true;WITH_MAKO=true;WITHOUT_DEJAVU=true;WITH_JSON=true;WITH_MMAP=true;WITHOUT_PERL_MODULE=true;WITHOUT_PYTHON_MODULE=true;WITHOUT_RUBY_MODULE=true;WITHOUT_EXAMPLES=true;WITHOUT_FPECTL=true;WITH_IPV6=true;WITH_NLS=true;WITHOUT_PTH=true;WITH_PYMALLOC=true;WITHOUT_SEM=true;WITH_THREADS=true;WITHOUT_UCS2=true;WITH_UCS4=true;WITH_FONTCONFIG=true;WITH_ICONV=true;WITHOUT_XPM=true;WITHOUT_DAG=true;WITHOUT_DIGCOLA=true;WITHOUT_IPSEPCOLA=true;WITHOUT_PANGOCAIRO=true;WITHOUT_GTK=true;WITHOUT_XCB=true</build_options> - <version>5.0.1 v2.3</version> + <version>5.0.1 v2.4</version> <status>BETA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/ntop2/ntop.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/ntop2/ntop.xml</config_file> <configurationfile>ntop.xml</configurationfile> <noembedded>true</noembedded> </package> @@ -371,9 +372,9 @@ <website>http://www.freeswitch.org/</website> <descr>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow. </descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/freeswitch/freeswitch.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <pkginfolink>https://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/freeswitch/freeswitch.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>freeswitch-1.0.6_1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/freeswitch</build_port_path> <version>0.8.3.6</version> @@ -389,9 +390,9 @@ <website>http://www.freeswitch.org/</website> <descr>FreeSWITCH package development version.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/freeswitch_dev/freeswitch.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <pkginfolink>https://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/freeswitch_dev/freeswitch.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <build_port_path>/usr/ports/net/freeswitch</build_port_path> <version>0.9.7.26</version> <status>Beta</status> @@ -406,8 +407,8 @@ <descr>Track things you want to note for this system.</descr> <category>Status</category> <pkginfolink/> - <config_file>http://www.pfsense.com/packages/config/notes/notes.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/notes/notes.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <version>0.2.4</version> <status>Alpha</status> <required_version>1.2.1</required_version> @@ -420,8 +421,8 @@ <descr>Trivial File Transport Protocol is a very simple file transfer protocol. Often used with routers, voip phones and more.</descr> <category>Services</category> <pkginfolink/> - <config_file>http://www.pfsense.com/packages/config/tftp2/tftp.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/tftp2/tftp.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <version>2.0</version> <status>Stable</status> <required_version>2.0</required_version> @@ -432,9 +433,9 @@ <website/> <descr>PHP run as a service it can do anything PHP can do including but not limited to monitoring files, CPU, RAM, and send alerts to the syslog.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/PHPService</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/phpservice/phpservice.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <pkginfolink>https://doc.pfsense.org/index.php/PHPService</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <version>0.4.1</version> <status>Beta</status> <required_version>1.2.1</required_version> @@ -447,8 +448,8 @@ <descr>Tool to Backup and Restore files and directories.</descr> <category>System</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/backup/backup.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/backup/backup.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <version>0.1.5</version> <status>Beta</status> <required_version>1.2</required_version> @@ -461,8 +462,8 @@ <descr>The cron utility is used to manage commands on a schedule.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/cron/cron.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/cron/cron.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <version>0.1.8</version> <status>Beta</status> <required_version>1.2</required_version> @@ -474,9 +475,9 @@ <website/> <descr>It is a web server package that can host HTML, Javascript, CSS, and PHP. It uses the lighttpd web server that is already installed. It uses PHP5 in FastCGI mode and has access to PHP Data Ojbects and PDO SQLite.</descr> <category>Services</category> - <pkginfolink>http://doc.pfsense.org/index.php/vhosts</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/vhosts/vhosts.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <pkginfolink>https://doc.pfsense.org/index.php/vhosts</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/vhosts/vhosts.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <version>0.7.4</version> <status>Stable</status> <required_version>1.2.3</required_version> @@ -485,19 +486,19 @@ </package> <package> <name>snort</name> - <pkginfolink></pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Setup_Snort_Package</pkginfolink> <website>http://www.snort.org</website> <descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr> <category>Security</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package>mysql-client-5.5.34.tbz</depends_on_package> - <depends_on_package>barnyard2-1.12.tbz</depends_on_package> - <depends_on_package>libnet11-1.1.6,1.tbz</depends_on_package> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package>mysql55-client-5.5.35.tbz</depends_on_package> + <depends_on_package>barnyard2-1.13.tbz</depends_on_package> + <depends_on_package>libnet-1.1.6_1,1.tbz </depends_on_package> <depends_on_package>libdnet-1.11_3.tbz</depends_on_package> - <depends_on_package>libpcap-1.4.0.tbz</depends_on_package> + <depends_on_package>libpcap-1.5.2.tbz</depends_on_package> <depends_on_package>daq-2.0.1.tbz</depends_on_package> - <depends_on_package>snort-2.9.5.5.tbz</depends_on_package> - <depends_on_package_pbi>snort-2.9.5.5-amd64.pbi</depends_on_package_pbi> + <depends_on_package>snort-2.9.6.0.tbz</depends_on_package> + <depends_on_package_pbi>snort-2.9.6.0-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/devel/pcre</build_port_path> <build_port_path>/usr/ports/net/daq</build_port_path> <build_port_path>/usr/ports/net/libnet</build_port_path> @@ -509,10 +510,9 @@ <port>security/snort</port> <ports_after>security/barnyard2</ports_after> </build_pbi> - <!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. --> - <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_SET=TARGETBASED PERFPROFILE DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITH_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options> - <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.9.5.5 pkg v3.0.2</version> + <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP;snort_SET=TARGETBASED PERFPROFILE SOURCEFIRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;snort_UNSET=PULLEDPORK;perl_SET=THREADS;NOPORTDOCS=true</build_options> + <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> + <version>2.9.6.0 pkg v3.0.7</version> <required_version>2.0</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -523,8 +523,8 @@ <website>http://www.olsr.org/</website> <descr>The olsr.org OLSR daemon is an implementation of the Optimized Link State Routing protocol. OLSR is a routing protocol for mobile ad-hoc networks. The protocol is pro-active, table driven and utilizes a technique called multipoint relaying for message flooding.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/olsrd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/olsrd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>olsrd-0.6.2.tbz</depends_on_package> <depends_on_package_pbi>olsrd-0.6.3-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/olsrd</build_port_path> @@ -535,10 +535,10 @@ </package> <package> <name>routed</name> - <website>http://www.pfsense.com/</website> + <website>https://packages.pfsense.org/</website> <descr>RIP v1 and v2 daemon.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/routed/routed.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/routed/routed.xml</config_file> <version>1.1</version> <status>Stable</status> <required_version>2.1</required_version> @@ -549,11 +549,11 @@ <website>http://www.openbsd.org/spamd/</website> <descr>Tarpits like spamd are fake SMTP servers, which accept connections but don't deliver mail. Instead, they keep the connections open and reply very slowly. If the peer is patient enough to actually complete the SMTP dialogue (which will take ten minutes or more), the tarpit returns a 'temporary error' code (4xx), which indicates that the mail could not be delivered successfully and that the sender should keep the mail in their queue and retry again later.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/spamd/spamd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/spamd/spamd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>spamd-4.9.1.tbz</depends_on_package> <depends_on_package_pbi>spamd-4.9.1-amd64.pbi</depends_on_package_pbi> - <version>4.8.0</version> + <version>4.9.1 v1.1</version> <status>Beta</status> <required_version>1.2.1</required_version> <configurationfile>spamd.xml</configurationfile> @@ -570,9 +570,9 @@ It can do first and second line antispam combat before sending incoming mail to local mail servers.<br /> Postfix can also detect zombies, check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]></descr> <category>Services</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/postfix/postfix.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <pkginfolink>https://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/postfix/postfix.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>postfix-2.10.2,1.tbz</depends_on_package> <depends_on_package>perl5-5.16.3_4.tbz</depends_on_package> <depends_on_package_pbi>postfix-2.10.2-amd64.pbi</depends_on_package_pbi> @@ -592,19 +592,19 @@ For all non-commercial it's free, without cost.<br /> For all commercial use visit dansguardian website to get a licence.]]></descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/dansguardian/dansguardian.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,43786.0.html</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,43786.0.html</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>dansguardian-2.12.0.3.tbz</depends_on_package> <depends_on_package>ca_root_nss-3.14.1.tbz</depends_on_package> - <depends_on_package_pbi>dansguardian-2.12.0.3-amd64.pbi</depends_on_package_pbi> - <version>2.12.0.3 pkg v.0.1.8</version> + <depends_on_package_pbi>dansguardian-2.12.0.3_2-amd64.pbi</depends_on_package_pbi> + <version>2.12.0.3_2 pkg v.0.1.8</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>dansguardian.xml</configurationfile> <build_port_path>/usr/ports/www/dansguardian-devel</build_port_path> <build_port_path>/usr/ports/security/ca_root_nss</build_port_path> - <build_options>dansguardian-devel_UNSET=APACHE;dansguardian-devel_SET=TRICKLE CLAMD ICAP NTLM SSL</build_options> + <build_options>dansguardian-devel_UNSET_FORCE=APACHE;dansguardian-devel_SET=TRICKLE CLAMD ICAP NTLM SSL</build_options> <!-- NOTE: Distfile must be fetched manually from http://dansguardian.org/downloads/2/Alpha/dansguardian-2.12.0.0.tar.gz --> </package> <package> @@ -614,17 +614,17 @@ <descr><![CDATA[MailScanner is an e-mail security and anti-spam package for e-mail gateway systems.<br /> This is a level3 mail scanning tool with high CPU load.]]></descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/mailscanner/mailscanner.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,43687.0.html</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,43687.0.html</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>dcc-dccd-1.3.141.tbz</depends_on_package> <depends_on_package>perl5-5.16.3_4.tbz</depends_on_package> <depends_on_package>pyzor-0.5.0_3.tbz</depends_on_package> <depends_on_package>p5-Mail-SPF-2.9.0_1.tbz</depends_on_package> <depends_on_package>p5-IP-Country-2.28.tbz</depends_on_package> <depends_on_package>MailScanner-4.84.5_3.tbz</depends_on_package> - <depends_on_package_pbi>mailscanner-4.84.5_3-amd64.pbi</depends_on_package_pbi> - <version>4.84.5_3 pkg v.0.2.4</version> + <depends_on_package_pbi>mailscanner-4.84.6-amd64.pbi</depends_on_package_pbi> + <version>4.84.6 pkg v.0.2.4</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>mailscanner.xml</configurationfile> @@ -637,18 +637,18 @@ <ports_before>mail/pyzor mail/p5-Mail-SPF net/p5-IP-Country mail/dcc-dccd</ports_before> <port>mail/mailscanner</port> </build_pbi> - <build_options>mailscanner_UNSET=BDC CLAMAVMODULE;mailscanner_SET=SPAMASSASSIN CLAMAV;p5-Mail-SpamAssassin_SET=DCC</build_options> + <build_options>mailscanner_UNSET_FORCE=BDC CLAMAVMODULE;mailscanner_SET=SPAMASSASSIN CLAMAV;p5-Mail-SpamAssassin_SET=DCC</build_options> </package> <package> <name>siproxd</name> <website>http://siproxd.sourceforge.net/</website> <descr>Proxy for handling NAT of multiple SIP devices to a single public IP.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/siproxd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/siproxd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>siproxd-0.8.0.tbz</depends_on_package> <depends_on_package_pbi>siproxd-0.8.0-amd64.pbi</depends_on_package_pbi> - <pkginfolink>http://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> <build_port_path>/usr/ports/net/siproxd</build_port_path> <version>0.8.0_2</version> <status>Beta</status> @@ -659,17 +659,17 @@ <name>OpenBGPD</name> <descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.</descr> <category>NET</category> - <config_file>http://www.pfsense.com/packages/config/openbgpd/openbgpd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.xml</config_file> <build_port_path>/usr/ports/net/openbgpd</build_port_path> <build_pbi> <port>net/openbgpd</port> </build_pbi> <version>0.9.1</version> <status>STABLE</status> - <pkginfolink>http://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>1.3</required_version> <configurationfile>openbgpd.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>openbgpd-5.2.20121209.tbz</depends_on_package> <depends_on_package_pbi>openbgpd-5.2.20121209-amd64.pbi</depends_on_package_pbi> </package> @@ -680,10 +680,10 @@ <version>0.5.2</version> <category>Routing</category> <status>DEPRECATED</status> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>openospfd-4.6.tbz</depends_on_package> <depends_on_package_pbi>openospfd-4.6-amd64.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/openospfd/openospfd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openospfd/openospfd.xml</config_file> <build_port_path>/usr/ports/net/openospfd</build_port_path> <build_port_path>/usr/ports/devel/libevent</build_port_path> <build_pbi> @@ -702,7 +702,7 @@ <category>Network Report</category> <version>1.8.2 pkg v.2.33</version> <maintainer>dv_serg@mail.ru</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>lightsquid-1.8_2.tbz</depends_on_package> <depends_on_package>perl-5.14.2_2.tbz</depends_on_package> <depends_on_package_pbi>lightsquid-1.8_2-amd64.pbi</depends_on_package_pbi> @@ -714,7 +714,7 @@ <build_options>WITHOUT_DEBUGGING=true;WITHOUT_GDBM=true;WITHOUT_PERL_MALLOC=true;WITH_PERL_64BITINT=true;WITHOUT_THREADS=true;WITHOUT_MULTIPLICITY=true;WITHOUT_SUIDPERL=true;WITHOUT_SITECUSTOMIZE=true;WITH_USE_PERL=true;WITH_GDSUPPORT=true</build_options> <status>RC1</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/lightsquid/lightsquid.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/lightsquid/lightsquid.xml</config_file> <pkginfolink></pkginfolink> <configurationfile>lightsquid.xml</configurationfile> <noembedded>true</noembedded> @@ -725,9 +725,9 @@ <descr><![CDATA[Sarg - Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet.<br /> Sarg provides many informations about Proxy(squid,squidguard or dansguardian) users activities: times, bytes, sites, etc...]]></descr> <category>Network Report</category> - <config_file>http://www.pfsense.com/packages/config/sarg/sarg.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,47765.0.html</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/sarg/sarg.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,47765.0.html</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>sarg-2.3.6_2.tbz</depends_on_package> <depends_on_package>gd-2.0.35_8,1.tbz</depends_on_package> <depends_on_package_pbi>sarg-2.3.6_2-amd64.pbi</depends_on_package_pbi> @@ -736,7 +736,7 @@ <required_version>2.0</required_version> <configurationfile>sarg.xml</configurationfile> <build_port_path>/usr/ports/www/sarg</build_port_path> - <build_options>sarg_UNSET=PHP</build_options> + <build_options>sarg_UNSET_FORCE=PHP</build_options> <after_install_info>Please visit sarg settings on Status Menu to configure sarg.</after_install_info> </package> <package> @@ -747,9 +747,9 @@ If it receives one with MAC-IP pair, which is not listed in 'ethers' file, it will send ARP reply with configured fake address.<br /> This will prevent not permitted host to work properly in local ethernet segment.]]></descr> <category>Security</category> - <config_file>http://www.pfsense.com/packages/config/ipguard/ipguard.xml</config_file> - <pkginfolink>http://forum.pfsense.org/index.php/topic,49917.msg263664.html#msg263664</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/ipguard/ipguard.xml</config_file> + <pkginfolink>https://forum.pfsense.org/index.php/topic,49917.msg263664.html#msg263664</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>ipguard-1.04.tbz</depends_on_package> <depends_on_package_pbi>ipguard-1.04-amd64.pbi</depends_on_package_pbi> <version>1.0.4 pkg v.0.1</version> @@ -764,14 +764,14 @@ <descr><![CDATA[Varnish is a state-of-the-art, high-performance HTTP accelerator.<br /> It uses the advanced features in FreeBSD 6/7/8 to achieve its high performance.]]></descr> <website>http://varnish-cache.org</website> - <pkginfolink>http://doc.pfsense.org/index.php/Varnish_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Varnish_package</pkginfolink> <category>Services</category> <version>2.1.5 pkg v.1.0</version> <status>Release</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/varnish64/varnish_backends.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/varnish64/varnish_backends.xml</config_file> <configurationfile>varnish_backends.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>varnish-2.1.5_2-amd64.pbi gcc-4.2.5.20090325_5-amd64.pbi</depends_on_package_pbi> <depends_on_package>varnish-2.1.5.tbz</depends_on_package> <depends_on_package>gcc-4.2.5.20090325_5.tbz</depends_on_package> @@ -785,14 +785,14 @@ It uses the advanced features in FreeBSD 6/7/8 to achieve its high performance.<br /> Version 3 includes streaming support]]></descr> <website>http://varnish-cache.org</website> - <pkginfolink>http://doc.pfsense.org/index.php/Varnish_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Varnish_package</pkginfolink> <category>Services</category> <version>3.0.4 pkg v.0.2.1</version> <status>RC</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/varnish3/varnish_backends.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/varnish3/varnish_backends.xml</config_file> <configurationfile>varnish_backends.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>varnish-3.0.4-amd64.pbi</depends_on_package_pbi> <depends_on_package>varnish-3.0.2.tbz</depends_on_package> <depends_on_package>pcre-8.21_1.tbz</depends_on_package> @@ -800,7 +800,7 @@ <ports_before>lang/gcc</ports_before> <port>www/varnish</port> </build_pbi> - <build_options>gcc_UNSET=JAVA</build_options> + <build_options>gcc_UNSET_FORCE=JAVA</build_options> <build_port_path>/usr/ports/www/varnish</build_port_path> <build_port_path>/usr/ports/lang/gcc42</build_port_path> </package> @@ -808,17 +808,17 @@ <name>vnstat2</name> <website>http://humdi.net/vnstat/</website> <descr>Vnstat is a console-based network traffic monitor<br />The vnstat PHP frontend and vnstati adds a more user friendly way of displaying traffic usage.</descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>vnstat-1.11.tbz</depends_on_package> <depends_on_package_pbi>vnstat-1.11_1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/vnstat</build_port_path> - <version>1.10_2</version> + <version>1.11_1</version> <status>Stable</status> <required_version>2.0</required_version> - <maintainer>crazypark2@yahoo.dk</maintainer> - <config_file>http://www.pfsense.com/packages/config/vnstat2/vnstat2.xml</config_file> + <maintainer>bryan.paradis@gmail.com</maintainer> + <config_file>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.xml</config_file> <configurationfile>vnstat2.xml</configurationfile> <after_install_info></after_install_info> </package> @@ -830,11 +830,11 @@ <version>2.5.4</version> <status>Beta</status> <required_version>1.0</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>mbmon-205_5.tbz</depends_on_package> <depends_on_package_pbi>mbmon-205_6-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/sysutils/mbmon</build_port_path> - <config_file>http://www.pfsense.com/packages/config/phpsysinfo/phpsysinfo.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/phpsysinfo/phpsysinfo.xml</config_file> <configurationfile>phpsysinfo.xml</configurationfile> <noembedded>true</noembedded> </package> @@ -845,11 +845,11 @@ <category>Services</category> <version>1.0.6.18</version> <status>Beta</status> - <pkginfolink>http://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/tinydns/tinydns.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/tinydns/tinydns.xml</config_file> <configurationfile>tinydns.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>ucspi-tcp-0.88_2.tbz</depends_on_package> <depends_on_package>daemontools-0.76_16.tbz</depends_on_package> <depends_on_package>djbdns-ipv6-1.05.b23_13.tbz</depends_on_package> @@ -862,7 +862,6 @@ <port>dns/djbdns</port> </build_pbi> <build_options>WITH_IPV6=true;WITH_SRV=true;WITHOUT_DUMPCACHE=true;WITHOUT_IGNOREIP=true;WITHOUT_JUMBO=true;WITHOUT_MAN=true;WITHOUT_PERSISTENT_MMAP=true</build_options> - <supportedbybsdperimeter>YES</supportedbybsdperimeter> </package> <package> <name>Open-VM-Tools</name> @@ -871,11 +870,11 @@ <category>Services</category> <version>8.7.0.3046 (build-425873)</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> <required_version>2.0</required_version> - <config_file>http://www.pfsense.org/packages/config/open-vm-tools_2/open-vm-tools.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/open-vm-tools_2/open-vm-tools.xml</config_file> <configurationfile>open-vm-tools.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <build_port_path>/usr/ports/emulators/open-vm-tools-nox11/</build_port_path> <depends_on_package>open-vm-tools-nox11-425873_3,1.tbz</depends_on_package> <depends_on_package>icu-50.1.2.tbz</depends_on_package> @@ -905,15 +904,15 @@ </package> <package> <name>AutoConfigBackup</name> - <maintainer>portal@bsdperimeter.com</maintainer> + <maintainer>portal@pfsense.org</maintainer> <descr>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org</descr> <website>https://portal.pfsense.org</website> <category>Services</category> - <version>1.20</version> + <version>1.23</version> <status>Stable</status> <required_version>1.2</required_version> - <pkginfolink>http://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup.xml</config_file> <configurationfile>autoconfigbackup.xml</configurationfile> </package> <package> @@ -921,30 +920,30 @@ <descr>Broadcasts a who-has ARP packet on the network and prints answers. </descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> <category>Services</category> - <version>2.09.1</version> + <version>2.09.1 v1.1</version> <status>Stable</status> <required_version>1.0.1</required_version> - <config_file>http://www.pfsense.com/packages/config/arping/arping.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/arping/arping.xml</config_file> <configurationfile>arping.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>arping-2.09_1.tbz</depends_on_package> <depends_on_package_pbi>arping-2.09_1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/arping</build_port_path> - <pkginfolink>http://doc.pfsense.org/index.php/Arping</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Arping</pkginfolink> </package> <package> <name>nmap</name> <maintainer>jimp@pfsense.org</maintainer> <descr>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</descr> <category>Security</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>lua-5.1.5_4.tbz</depends_on_package> <depends_on_package>nmap-6.25_1.tbz</depends_on_package> - <depends_on_package_pbi>nmap-6.25_1-amd64.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/nmap/nmap.xml</config_file> - <version>nmap-6.25_1 pkg v1.2</version> + <depends_on_package_pbi>nmap-6.40_2-amd64.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> + <version>nmap-6.40_2 pkg v1.2</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Nmap_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> <required_version>2.0</required_version> <configurationfile>nmap.xml</configurationfile> <build_port_path>/usr/ports/security/nmap</build_port_path> @@ -955,32 +954,14 @@ <descr>IMSpector is an Instant Messenger transparent proxy with logging capabilities. Currently it supports MSN, AIM, ICQ, Yahoo and IRC to different degrees.</descr> <website>http://www.imspector.org/</website> <category>Network Management</category> - <maintainer>billm@pfsense.org</maintainer> - <version>0.9-4</version> - <required_version>2.0</required_version> - <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/imspector/imspector.xml</config_file> - <configurationfile>imspector.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package>sqlite3-3.7.12.1.tbz</depends_on_package> - <depends_on_package>imspector-0.9.tbz</depends_on_package> - <depends_on_package_pbi>imspector-0.9-amd64.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net-im/imspector</build_port_path> - </package> - <package> - <name>imspector-dev</name> - <internal_name>imspector</internal_name> - <descr>IMSpector is an Instant Messenger transparent proxy with logging capabilities. Currently it supports MSN, AIM, ICQ, Yahoo and IRC to different degrees.</descr> - <website>http://www.imspector.org/</website> - <category>Network Management</category> <maintainer>marcellocoutinho@gmail.com</maintainer> <version>20111108 pkg v 0.3.1</version> <required_version>2.0</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/imspector-dev/imspector.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/IMSpector_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/imspector/imspector.xml</config_file> <configurationfile>imspector.xml</configurationfile> + <build_options>imspector_SET_FORCE=PLUGINS;imspector_UNSET_FORCE=IPFW</build_options> <depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>mysql-client-5.5.19.tbz</depends_on_package> <depends_on_package>imspector-20111108.tbz</depends_on_package> @@ -991,17 +972,17 @@ <descr>Network UPS Tools</descr> <website>http://www.networkupstools.org/</website> <category>Network Management</category> - <version>2.6.4 pkg 2.0</version> + <version>2.6.5_1 pkg 2.0</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>rswagoner@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/nut/nut.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/nut/nut.xml</config_file> <configurationfile>nut.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>nut-2.6.4.tbz</depends_on_package> <depends_on_package_pbi>nut-2.6.5_1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/sysutils/nut</build_port_path> - <pkginfolink>http://doc.pfsense.org/index.php/Nut_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Nut_package</pkginfolink> </package> <package> <name>diag_new_states</name> @@ -1012,22 +993,22 @@ <maintainer>ptaylor@addressplus.net</maintainer> <required_version>1.2.1</required_version> <status>BETA</status> - <config_file>http://www.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</config_file> - <configurationfile>http://www.pfsense.com/packages/config/diag_states_pt/diag_new_states.xml</configurationfile> + <config_file>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</config_file> + <configurationfile>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</configurationfile> </package> <package> <name>darkstat</name> <website>http://dmr.ath.cx/net/darkstat/</website> <descr>darkstat is a network statistics gatherer. It's a packet sniffer that runs as a background process on a cable/DSL router, gathers all sorts of statistics about network usage, and serves them over HTTP.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>darkstat-3.0.714.tbz</depends_on_package> <depends_on_package_pbi>darkstat-3.0.715-amd64.pbi</depends_on_package_pbi> <version>3.0.714</version> <status>Stable</status> <required_version>1.2.1</required_version> <maintainer>sullrich+pfsp@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/darkstat/darkstat.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/darkstat/darkstat.xml</config_file> <configurationfile>darkstat.xml</configurationfile> <build_port_path>/usr/ports/net-mgmt/darkstat</build_port_path> </package> @@ -1036,8 +1017,8 @@ <website>http://www.mindrot.org/pfflowd.html</website> <descr>pfflowd converts OpenBSD PF status messages (sent via the pfsync interface) to Cisco NetFlow datagrams. These datagrams may be sent (via UDP) to a host of one's choice. Utilising the OpenBSD stateful packet filter infrastructure means that flow tracking is very fast and accurate.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/pfflowd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/pfflowd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>pfflowd-0.8.tbz</depends_on_package> <depends_on_package_pbi>pfflowd-0.8-amd64.pbi</depends_on_package_pbi> <version>0.8.3</version> @@ -1052,14 +1033,14 @@ <descr>RFC1413 auth/identd daemon with fixed fake reply</descr> <website>http://www.webweaving.org/widentd</website> <category>Services</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>widentd-1.03_1.tbz</depends_on_package> <depends_on_package_pbi>widentd-1.03_1-amd64.pbi</depends_on_package_pbi> <version>1.03_1</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Widentd_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Widentd_package</pkginfolink> <required_version>1.2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/widentd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widentd.xml</config_file> <configurationfile>widentd.xml</configurationfile> <build_port_path>/usr/ports/net/widentd</build_port_path> </package> @@ -1072,11 +1053,11 @@ <status>Beta</status> <required_version>2.0</required_version> <maintainer>none</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>freeradius-1.1.8_4.tbz</depends_on_package> <depends_on_package>libltdl-2.4_1.tbz</depends_on_package> <depends_on_package_pbi>freeradius-1.1.8_5-amd64.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/freeradius.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/freeradius.xml</config_file> <configurationfile>freeradius.xml</configurationfile> <build_port_path>/usr/ports/net/freeradius</build_port_path> <build_port_path>/usr/ports/devel/libltdl</build_port_path> @@ -1093,19 +1074,19 @@ Support: MySQL, PostgreSQL, LDAP, Kerberos<br /> FreeRADIUS and FreeRADIUS2 settings are not compatible so don't use them together or try to update<br /> On pfSense docs there is a how-to which could help you on porting users.]]></descr> - <pkginfolink>http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <category>System</category> - <version>2.1.12_1/2.2.0 pkg v1.6.7_2</version> + <version>2.1.12_1/2.2.4_1 pkg v1.6.7_2</version> <status>RC1</status> <required_version>2.0</required_version> <maintainer>nachtfalkeaw@web.de</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>freeradius-2.1.12_1.tbz</depends_on_package> - <depends_on_package_pbi>freeradius-2.2.0-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>freeradius-2.2.4_1-amd64.pbi</depends_on_package_pbi> <depends_on_package>mysql-client-5.1.63.tbz</depends_on_package> <depends_on_package>postgresql-client-9.0.8.tbz</depends_on_package> <depends_on_package>openldap-sasl-client-2.4.31_1.tbz</depends_on_package> - <config_file>http://www.pfsense.org/packages/config/freeradius2/freeradius.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/freeradius2/freeradius.xml</config_file> <configurationfile>freeradius.xml</configurationfile> <after_install_info>Please visit Services: FreeRADIUS</after_install_info> <!-- Try to use the new PBI build syntax here, it may help it pick up the right libs inside the single PBI rather than using multiple. --> @@ -1123,12 +1104,12 @@ <version>2.0.1_5 pkg v.0.3</version> <status>BETA</status> <required_version>1.2.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>bandwidthd-2.0.1_5.tbz</depends_on_package> <depends_on_package>libpcap-1.1.1.tbz</depends_on_package> <depends_on_package>postgresql-client-8.4.12.tbz</depends_on_package> <depends_on_package_pbi>bandwidthd-2.0.1_5-amd64.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/bandwidthd/bandwidthd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/bandwidthd/bandwidthd.xml</config_file> <configurationfile>bandwidthd.xml</configurationfile> <build_port_path>/usr/ports/net/libpcap</build_port_path> <build_port_path>/usr/ports/databases/postgresql84-client</build_port_path> @@ -1144,14 +1125,14 @@ <website>http://www.stunnel.org/</website> <descr>An SSL encryption wrapper between remote client and local or remote servers. </descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>stunnel-4.43.tbz</depends_on_package> <depends_on_package_pbi>stunnel-4.54-amd64.pbi</depends_on_package_pbi> <version>4.43</version> <status>Stable</status> - <pkginfolink>http://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> <required_version>1.2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/stunnel.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/stunnel.xml</config_file> <configurationfile>stunnel.xml</configurationfile> <build_port_path>/usr/ports/security/stunnel</build_port_path> <build_options>WITHOUT_FORK=true;WITH_PTHREAD=true;WITHOUT_UCONTEXT=true;WITHOUT_IPV6=true;WITH_LIBWRAP=true;WITHOUT_SSL_PORT=true</build_options> @@ -1161,13 +1142,13 @@ <website>http://dast.nlanr.net/Projects/Iperf/</website> <descr>Iperf is a tool for testing network throughput, loss, and jitter.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/iperf.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/iperf.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>iperf-2.0.5.tbz</depends_on_package> <depends_on_package_pbi>iperf-2.0.5-amd64.pbi</depends_on_package_pbi> <version>2.0.5</version> <status>Beta</status> - <pkginfolink>http://doc.pfsense.org/index.php/Iperf_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Iperf_package</pkginfolink> <required_version>1.2.1</required_version> <configurationfile>iperf.xml</configurationfile> <build_port_path>/usr/ports/benchmarks/iperf</build_port_path> @@ -1177,8 +1158,8 @@ <website>http://freshmeat.net/projects/netio/</website> <descr>This is a network benchmark for DOS, OS/2 2.x, Windows NT/2000 and Unix. It measures the net throughput of a network via NetBIOS and/or TCP/IP protocols (Unix and DOS only support TCP/IP) using various different packet sizes.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/netio.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/netio.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All</depends_on_package_base_url> <depends_on_package>netio-1.26.tbz</depends_on_package> <depends_on_package_pbi>netio-1.26-amd64.pbi</depends_on_package_pbi> <version>1.26</version> @@ -1193,16 +1174,16 @@ <descr>Enhanced traceroute replacement</descr> <website>http://www.bitwizard.nl/mtr/</website> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>mtr-nox11-0.82.tbz</depends_on_package> - <depends_on_package_pbi>mtr-0.82_1-amd64.pbi</depends_on_package_pbi> - <version>0.82</version> + <depends_on_package_pbi>mtr-0.85_1-amd64.pbi</depends_on_package_pbi> + <version>0.85_1</version> <status>Stable</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/mtr-nox11.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/mtr-nox11.xml</config_file> <configurationfile>mtr-nox11.xml</configurationfile> <build_port_path>/usr/ports/net/mtr</build_port_path> - <build_options>mtr_UNSET=X11</build_options> + <build_options>mtr_UNSET_FORCE=X11</build_options> </package> <package> <name>squid</name> @@ -1213,7 +1194,7 @@ <status>Stable</status> <required_version>2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>squid-2.7.9_3.tbz</depends_on_package> <depends_on_package>squid_radius_auth-1.10.tbz</depends_on_package> <depends_on_package>libwww-5.4.0_4.tbz</depends_on_package> @@ -1226,8 +1207,8 @@ <port>www/squid</port> <ports_after>www/squid_radius_auth</ports_after> </build_pbi> - <build_options>squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> - <config_file>http://www.pfsense.org/packages/config/squid/squid.xml</config_file> + <build_options>squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>https://packages.pfsense.org/packages/config/squid/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> </package> <package> @@ -1236,14 +1217,14 @@ <descr><![CDATA[High performance web proxy cache.<br /> It combines squid as a proxy server with it's capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> It includes an Exchange-Web-Access (OWA) Assistant.]]></descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> <version>3.1.20 pkg 2.0.6</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>squid-3.1.20.tbz</depends_on_package> <depends_on_package>libwww-5.4.0_4.tbz</depends_on_package> <build_pbi> @@ -1251,9 +1232,9 @@ <port>www/squid31</port> <ports_after>www/squid_radius_auth</ports_after> </build_pbi> - <build_options>c-icap_UNSET=IPV6;squid_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <build_options>c-icap_UNSET_FORCE=IPV6;squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> <!--<build_options>WITH_SQUID_KERB_AUTH=true;WITH_SQUID_LDAP_AUTH=true;WITH_SQUID_NIS_AUTH=true;WITH_SQUID_SASL_AUTH=true;WITH_SQUID_IPV6=true;WITH_SQUID_DELAY_POOLS=true;WITH_SQUID_SNMP=true;WITH_SQUID_SSL=true;WITH_SQUID_SSL_CRTD=true;WITH_SQUID_PINGER=true;WITHOUT_SQUID_DNS_HELPER=true;WITH_SQUID_HTCP=true;WITH_SQUID_VIA_DB=true;WITH_SQUID_CACHE_DIGESTS=true;WITHOUT_SQUID_WCCP=true;WITH_SQUID_WCCPV2=true;WITHOUT_SQUID_STRICT_HTTP=true;WITH_SQUID_IDENT=true;WITH_SQUID_REFERER_LOG=true;WITH_SQUID_USERAGENT_LOG=true;WITH_SQUID_ARP_ACL=true;WITH_SQUID_IPFW=true;WITH_SQUID_PF=true;WITHOUT_SQUID_IPFILTER=true;WITH_SQUID_FOLLOW_XFF=true;WITHOUT_SQUID_ECAP=true;WITHOUT_SQUID_ICAP=true;WITHOUT_SQUID_ESI=true;WITH_SQUID_AUFS=true;WITHOUT_SQUID_COSS=true;WITHOUT_SQUID_KQUEUE=true;WITH_SQUID_LARGEFILE=true;WITHOUT_SQUID_STACKTRACES=true;WITHOUT_SQUID_DEBUG=true</build_options>--> - <config_file>http://www.pfsense.org/packages/config/squid3/31/squid.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/squid3/31/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.1.22_1-amd64.pbi</depends_on_package_pbi> </package> @@ -1263,14 +1244,14 @@ <descr><![CDATA[High performance web proxy cache.<br /> It combines squid as a proxy server with it's capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> It includes an Exchange-Web-Access (OWA) Assistant, ssl filtering and antivirus integration via i-cap]]></descr> - <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> + <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.10 pkg 2.2</version> + <version>3.3.10 pkg 2.2.2</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>squid-3.3.5.tbz</depends_on_package> <depends_on_package>libltdl-2.4.2.tbz</depends_on_package> <depends_on_package>libwww-5.4.0_4.tbz</depends_on_package> @@ -1283,8 +1264,8 @@ <port>www/squid33</port> <ports_after>www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules</ports_after> </build_pbi> - <build_options>c-icap_UNSET=IPV6;squid_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> - <config_file>http://www.pfsense.org/packages/config/squid3/33/squid.xml</config_file> + <build_options>c-icap_UNSET_FORCE=IPV6;squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <config_file>https://packages.pfsense.org/packages/config/squid3/33/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.3.10-amd64.pbi</depends_on_package_pbi> </package> @@ -1297,10 +1278,10 @@ <status>BETA</status> <required_version>1.2.1</required_version> <maintainer>seth.mos@dds.nl</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>lcdproc-0.5.5.tbz</depends_on_package> <depends_on_package_pbi>lcdproc-0.5.6-amd64.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/lcdproc/lcdproc.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/lcdproc/lcdproc.xml</config_file> <configurationfile>lcdproc.xml</configurationfile> <build_port_path>/usr/ports/sysutils/lcdproc</build_port_path> <build_options>lcdproc_SET=USB</build_options> @@ -1315,11 +1296,11 @@ <status>BETA</status> <required_version>2.0</required_version> <maintainer>michele@nt2.it</maintainer> - <pkginfolink>http://forum.pfsense.org/index.php/topic,44034.0.html</pkginfolink> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <pkginfolink>https://forum.pfsense.org/index.php/topic,44034.0.html</pkginfolink> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>lcdproc-0.5.6.tbz</depends_on_package> <depends_on_package_pbi>lcdproc-0.5.6-amd64.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc.xml</config_file> <configurationfile>lcdproc.xml</configurationfile> <build_port_path>/usr/ports/sysutils/lcdproc</build_port_path> <build_options>WITH_USB=true</build_options> @@ -1330,14 +1311,14 @@ <descr>Arpwatch monitors ethernet/ip address pairings. It also logs certain changes to syslog.</descr> <website>http://www-nrg.ee.lbl.gov/</website> <category>Security</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>arpwatch-2.1.a15_6.tbz</depends_on_package> <depends_on_package_pbi>arpwatch-2.1.a15_6-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net-mgmt/arpwatch</build_port_path> - <version>2.1.a15_6 pkg v1.1.1</version> + <version>2.1.a15_6 pkg v1.1.2</version> <status>ALPHA</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/arpwatch.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/arpwatch.xml</config_file> <configurationfile>arpwatch.xml</configurationfile> <logging> <facilityname>arpwatch</facilityname> @@ -1353,7 +1334,7 @@ <version>1.4_4 pkg v.1.9.5</version> <status>Beta</status> <required_version>1.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>squidGuard-1.4_4.tbz</depends_on_package> <depends_on_package>db41-4.1.25_4.tbz</depends_on_package> <depends_on_package>cyrus-sasl-2.1.26_2.tbz</depends_on_package> @@ -1365,8 +1346,8 @@ <ports_before>databases/db41 security/cyrus-sasl2</ports_before> <port>www/squidguard</port> </build_pbi> - <build_options>squidGuard_UNSET=SQUID32 SQUID33;squidGuard_SET=SAMPLE_BL SASL LDAP SQUID27;squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> - <config_file>http://www.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> + <build_options>squidGuard_UNSET_FORCE=SQUID32 SQUID33;squidGuard_SET=SAMPLE_BL SASL LDAP SQUID27;squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>https://packages.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> @@ -1375,18 +1356,18 @@ <website>http://www.squidGuard.org/</website> <maintainer>gugabsd@mundounix.com.br</maintainer> <category>Network Management</category> - <version>1.5_1 beta</version> + <version>1.5_2 beta</version> <status>Beta</status> <required_version>2.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>squidguard-devel-1.5_1-amd64.pbi</depends_on_package_pbi> <build_pbi> <ports_before>databases/db46</ports_before> <port>www/squidguard-devel</port> <custom_name>squidguard-devel</custom_name> </build_pbi> - <build_options>squidGuard-devel_UNSET=SQUID32 SQUID33;squidGuard-devel_SET=LDAP STRIPNT SQUID27;squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> - <config_file>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard.xml</config_file> + <build_options>squidGuard-devel_UNSET_FORCE=SQUID32 SQUID33;squidGuard-devel_SET=LDAP STRIPNT SQUID27;squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> @@ -1398,22 +1379,22 @@ <version>1.4_4 pkg v.1.9.5</version> <status>Experimental</status> <required_version>2.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>squidguard-squid3-1.4_4-amd64.pbi</depends_on_package_pbi> <build_pbi> <ports_before>www/squid33 databases/db41 security/cyrus-sasl2</ports_before> <port>www/squidguard</port> <custom_name>squidguard-squid3</custom_name> </build_pbi> - <build_options>OPTIONS_SET=FETCH LDAP;squidGuard_UNSET=SQUID27;squidGuard_SET=SAMPLE_BL SASL SQUID33;c-icap_UNSET=IPV6 squid_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> - <config_file>http://www.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> + <build_options>OPTIONS_SET=FETCH LDAP;squidGuard_UNSET_FORCE=SQUID27;squidGuard_SET=SAMPLE_BL SASL SQUID33;c-icap_UNSET_FORCE=IPV6 squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <config_file>https://packages.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> <configurationfile>squidguard.xml</configurationfile> </package> <package> <name>Zabbix Agent</name> <descr>Monitoring agent.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/zabbix-agent/zabbix-agent.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/zabbix-agent/zabbix-agent.xml</config_file> <version>1.8.10,2 pkg v1.1</version> <status>FINAL</status> <required_version>1.2.3</required_version> @@ -1424,8 +1405,8 @@ <custom_name>zabbix-agent</custom_name> <port>net-mgmt/zabbix-agent</port> </build_pbi> - <build_options>ca_root_nss_UNSET=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET=MYSQL</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <build_options>ca_root_nss_UNSET_FORCE=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET_FORCE=MYSQL</build_options> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>zabbix-agent-1.8.10,2.tbz</depends_on_package> <depends_on_package_pbi>zabbix-agent-1.8.13-amd64.pbi</depends_on_package_pbi> </package> @@ -1433,7 +1414,7 @@ <name>Zabbix Proxy</name> <descr>Monitoring agent proxy.</descr> <category>Services</category> - <config_file>http://www.pfsense.com/packages/config/zabbix-proxy/zabbix-proxy.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/zabbix-proxy/zabbix-proxy.xml</config_file> <version>1.8.8,2 pkg v1.1</version> <status>FINAL</status> <required_version>1.2.3</required_version> @@ -1444,8 +1425,8 @@ <custom_name>zabbix-proxy</custom_name> <port>net-mgmt/zabbix-proxy</port> </build_pbi> - <build_options>ca_root_nss_UNSET=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET=MYSQL</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <build_options>ca_root_nss_UNSET_FORCE=ETCSYMLINK;zabbix22_SET=LDAP SSH SQLITE;zabbix22_UNSET_FORCE=MYSQL</build_options> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>zabbix-proxy-1.8.8,2.tbz</depends_on_package> <depends_on_package_pbi>zabbix-proxy-1.8.13-amd64.pbi</depends_on_package_pbi> </package> @@ -1453,16 +1434,16 @@ <name>OpenVPN Client Export Utility</name> <descr>Allows a pre-configured OpenVPN Windows Client or Mac OSX's Viscosity configuration bundle to be exported directly from pfSense.</descr> <category>Security</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>p7zip-9.20.1.tbz</depends_on_package> <depends_on_package>zip-3.0.tbz</depends_on_package> <depends_on_package_pbi>zip-3.0-amd64.pbi p7zip-9.20.1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.4</version> + <version>1.2.9</version> <status>RELEASE</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> <configurationfile>openvpn-client-export.xml</configurationfile> </package> <package> @@ -1471,7 +1452,7 @@ <website>http://www.server-side.de/</website> <descr>Antivirus: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone. And File Scanner for local files.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>havp-0.91_1.tbz</depends_on_package> <depends_on_package_pbi>havp-0.91_1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/havp</build_port_path> @@ -1479,7 +1460,7 @@ <version>0.91_1 pkg v1.01</version> <status>BETA</status> <required_version>1.2.2</required_version> - <config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> <configurationfile>havp.xml</configurationfile> <maintainer>dv_serg@mail.ru</maintainer> <after_install_info>Please check the HAVP settings.</after_install_info> @@ -1492,8 +1473,8 @@ <version>0.51</version> <required_version>1.2.3</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/jailctl.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/jailctl.xml</config_file> <configurationfile>jailctl.xml</configurationfile> <maintainer>ltning-jailctl@anduin.net</maintainer> </package> @@ -1505,8 +1486,8 @@ <version>0.2</version> <required_version>1.2.3</required_version> <status>BETA</status> - <pkginfolink>http://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/jail_template.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/jail_template.xml</config_file> <configurationfile>jail_template.xml</configurationfile> <maintainer>ltning-jailctl@anduin.net</maintainer> </package> @@ -1518,15 +1499,15 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.org/packages/config/blinkled8/blinkled.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/blinkled8/blinkled.xml</config_file> <configurationfile>blinkled.xml</configurationfile> - <pkginfolink>http://doc.pfsense.org/index.php/BlinkLED_Package</pkginfolink> - <website>http://doc.pfsense.org/index.php/BlinkLED_Package</website> + <pkginfolink>https://doc.pfsense.org/index.php/BlinkLED_Package</pkginfolink> + <website>https://doc.pfsense.org/index.php/BlinkLED_Package</website> <build_port_path>/usr/ports/sysutils/blinkled</build_port_path> <build_pbi> <port>sysutils/blinkled</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>blinkled-0.1.tbz</depends_on_package> <depends_on_package_pbi>blinkled-0.1-amd64.pbi</depends_on_package_pbi> </package> @@ -1538,24 +1519,14 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.0</required_version> - <config_file>http://www.pfsense.org/packages/config/gwled/gwled.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/gwled/gwled.xml</config_file> <configurationfile>gwled.xml</configurationfile> </package> <package> - <name>Dashboard Widget: Snort</name> - <descr>Dashboard widget for Snort.</descr> - <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file> - <version>0.3.7</version> - <status>BETA</status> - <required_version>1.2</required_version> - <configurationfile>widget-snort.xml</configurationfile> - </package> - <package> <name>Dashboard Widget: HAVP</name> <descr>Dashboard widget for HAVP alerts.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-havp/widget-havp.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2</required_version> @@ -1565,7 +1536,7 @@ <name>Dashboard Widget: Antivirus Status</name> <descr>Dashboard widget for HAVP status.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/widget-antivirus/widget-antivirus.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widget-antivirus/widget-antivirus.xml</config_file> <version>0.1</version> <status>BETA</status> <required_version>1.2</required_version> @@ -1579,7 +1550,7 @@ <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> - <config_file>http://www.pfsense.org/packages/config/rrd-summary/rrd-summary.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/rrd-summary/rrd-summary.xml</config_file> <configurationfile>rrd-summary.xml</configurationfile> </package> <package> @@ -1587,18 +1558,18 @@ <descr>Unbound is a validating, recursive, and caching DNS resolver. This package is a drop in replacement for Services: DNS Forwarder and also supports DNSSEC extensions. Once installed please configure the Unbound service by visiting Services: Unbound DNS.</descr> <website>http://www.unbound.net/</website> <category>Services</category> - <version>1.4.21_1</version> + <version>1.4.22</version> <status>Alpha</status> <maintainer>warren@decoy.co.za</maintainer> <required_version>2.0</required_version> - <pkginfolink>http://doc.pfsense.org/index.php/Unbound_package</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/unbound/unbound.xml</config_file> + <pkginfolink>https://doc.pfsense.org/index.php/Unbound_package</pkginfolink> + <config_file>https://packages.pfsense.org/packages/config/unbound/unbound.xml</config_file> <configurationfile>unbound.xml</configurationfile> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package>unbound-1.4.21_1.tbz</depends_on_package> - <depends_on_package>ldns-1.6.16.tbz</depends_on_package> - <depends_on_package>expat-2.0.1_2.tbz</depends_on_package> - <depends_on_package>libevent-1.4.14b_2.tbz</depends_on_package> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package>unbound-1.4.22.tbz</depends_on_package> + <depends_on_package>ldns-1.6.17.tbz</depends_on_package> + <depends_on_package>expat-2.1.0.tbz</depends_on_package> + <depends_on_package>libevent2-2.0.21.tbz</depends_on_package> <build_port_path>/usr/ports/dns/unbound/</build_port_path> <build_port_path>/usr/ports/dns/ldns</build_port_path> <build_port_path>/usr/ports/textproc/expat2</build_port_path> @@ -1607,8 +1578,8 @@ <ports_before>dns/ldns textproc/expat2 devel/libevent2</ports_before> <port>dns/unbound</port> </build_pbi> - <depends_on_package_pbi>unbound-1.4.21_1-amd64.pbi</depends_on_package_pbi> - <build_options>unbound_UNSET=GOST ECDSA;unbound_SET=LIBEVENT20 THREADS</build_options> + <depends_on_package_pbi>unbound-1.4.22-amd64.pbi</depends_on_package_pbi> + <build_options>unbound_UNSET_FORCE=GOST ECDSA;unbound_SET=LIBEVENT20 THREADS</build_options> <logging> <facilityname>unbound</facilityname> <logfilename>unbound.log</logfilename> @@ -1622,7 +1593,7 @@ <descr>The shellcmd utility is used to manage commands on system startup.</descr> <category>Services</category> <pkginfolink></pkginfolink> - <config_file>http://www.pfsense.com/packages/config/shellcmd/shellcmd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</config_file> <version>0.5</version> <status>Beta</status> <required_version>1.2</required_version> @@ -1639,7 +1610,7 @@ <status>BETA</status> <required_version>2.0</required_version> <maintainer>ey@tm-k.com</maintainer> - <config_file>http://www.pfsense.org/packages/config/widescreen/widescreen.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/widescreen/widescreen.xml</config_file> <configurationfile>widescreen.xml</configurationfile> <!-- Disabling on 2.0.2 and 2.1 since it overwrites the menu --> <maximum_version>2.0.1</maximum_version> @@ -1649,18 +1620,18 @@ <website>http://wiki.nagios.org/index.php/Howtos:nrpe_nsca</website> <descr>NRPE is an addon for Nagios that allows you to execute plugins on remote Linux/Unix hosts. This is useful if you need to monitor local resources/attributes like disk usage, CPU load, memory usage, etc. on a remote host.</descr> <category>Services</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>nrpe-2.12_3.tbz</depends_on_package> <depends_on_package>nagios-plugins-1.4.15_1,1.tbz</depends_on_package> <depends_on_package_pbi>nrpe-2.13_2-amd64.pbi</depends_on_package_pbi> - <build_port_path>/usr/ports/net-mgmt/nrpe2</build_port_path> + <build_port_path>/usr/ports/net-mgmt/nrpe</build_port_path> <build_port_path>/usr/ports/net-mgmt/nagios-plugins</build_port_path> <build_pbi> <ports_before>net-mgmt/nagios-plugins</ports_before> - <port>net-mgmt/nrpe2</port> + <port>net-mgmt/nrpe</port> </build_pbi> - <build_options>nrpe2_SET=SSL;nrpe2_UNSET=ARGS</build_options> - <config_file>http://www.pfsense.com/packages/config/nrpe2/nrpe2.xml</config_file> + <build_options>nrpe_SET=SSL;nrpe_UNSET_FORCE=ARGS</build_options> + <config_file>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.xml</config_file> <version>2.12_3 v2.2</version> <status>Beta</status> <required_version>1.2</required_version> @@ -1672,7 +1643,7 @@ <website>https://github.com/sileht/check_mk/blob/master/doc/README</website> <descr><![CDATA[The basic idea of check_mk is to fetch "all" information about a target host at once.<br>For each host to be monitored check_mk is called by Nagios only once per time period.]]></descr> <category>Services</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <build_port_path>/usr/ports/sysutils/muse</build_port_path> <build_port_path>/usr/ports/sysutils/ipmitool</build_port_path> <build_port_path>devel/libstatgrab</build_port_path> @@ -1681,7 +1652,7 @@ <port>sysutils/muse</port> </build_pbi> <build_options></build_options> - <config_file>http://www.pfsense.com/packages/config/checkmk-agent/checkmk.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.xml</config_file> <version>v0.1</version> <status>RC1</status> <required_version>2.0</required_version> @@ -1696,7 +1667,7 @@ <version>1.0</version> <status>Beta</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/sshdcond/sshdcond.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.xml</config_file> <maintainer>namezero@afim.info</maintainer> <configurationfile>sshdcond.xml</configurationfile> </package> @@ -1704,10 +1675,10 @@ <name>mailreport</name> <descr>Allows you to setup periodic e-mail reports containing command output, log file contents, and RRD graphs.</descr> <category>Network Management</category> - <version>2.0.7</version> + <version>2.0.9</version> <status>Stable</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/mailreport/mailreport.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/mailreport/mailreport.xml</config_file> <configurationfile>mailreport.xml</configurationfile> </package> <package> @@ -1716,15 +1687,15 @@ This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.]]> </descr> <category>Services</category> - <version>1.0</version> + <version>1.1</version> <status>BETA</status> <website>www.winton.org.uk/zebedee/</website> <maintainer>jorgelustosa@gmail.com marcellocoutinho@gmail.com</maintainer> <required_version>2.0</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>zebedee-2.5.3.tbz</depends_on_package> <depends_on_package_pbi>zebedee-2.5.3-amd64.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/zebedee/zebedee.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/zebedee/zebedee.xml</config_file> <configurationfile>zebedee.xml</configurationfile> <build_port_path>/usr/ports/security/zebedee</build_port_path> </package> @@ -1732,7 +1703,7 @@ <name>OpenVPN tap Bridging Fix</name> <descr>Patch to fix OpenVPN tap bridging on 2.0.x. WARNING! Cannot be uninstalled.</descr> <category>System</category> - <config_file>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml</config_file> <version>0.4</version> <status>BETA</status> <required_version>2.0</required_version> @@ -1745,10 +1716,10 @@ <version>0.99.22.3 v0.6.1</version> <category>Routing</category> <status>BETA</status> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>quagga-0.99.22.3.tbz</depends_on_package> <depends_on_package_pbi>quagga-0.99.22.3-amd64.pbi</depends_on_package_pbi> - <config_file>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd.xml</config_file> <build_port_path>/usr/ports/net/quagga</build_port_path> <pkginfolink></pkginfolink> <required_version>2.0</required_version> @@ -1761,7 +1732,7 @@ <version>1.0</version> <category>System</category> <status>RELEASE</status> - <config_file>http://www.pfsense.com/packages/config/systempatches/systempatches.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/systempatches/systempatches.xml</config_file> <pkginfolink></pkginfolink> <required_version>2.0</required_version> <configurationfile>systempatches.xml</configurationfile> @@ -1772,11 +1743,11 @@ <descr><![CDATA[Bacula is a set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds.]]></descr> <website>http://www.bacula.org/</website> <category>Services</category> - <version>5.2.12_3 pkg v 1.0.1</version> + <version>5.2.12_3 pkg v 1.0.2</version> <status>Stable</status> <required_version>2.0</required_version> - <config_file>http://www.pfsense.com/packages/config/bacula-client/bacula-client.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>bacula-client-5.2.12_3.tbz</depends_on_package> <depends_on_package_pbi>bacula-5.2.12_3-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/sysutils/bacula-client</build_port_path> @@ -1790,76 +1761,76 @@ <package> <!-- This does not exist yet, this is here to trigger a PBI build --> <name>urlsnarf</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[HTTP URL Sniffer (console/shell only)]]></descr> <category>Services</category> <version>2.3_4</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/urlsnarf/urlsnarf.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/urlsnarf/urlsnarf.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>urlsnarf.xml</configurationfile> <build_pbi> <ports_before>net/libnet10</ports_before> <port>security/dsniff</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>dsniff-2.3_4-amd64.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> <name>iftop</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[Realtime interface monitor (console/shell only)]]></descr> <category>Services</category> <version>0.17</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/iftop/iftop.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/iftop/iftop.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>iftop.xml</configurationfile> <build_pbi> <port>net-mgmt/iftop</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>iftop-0.17-amd64.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a pkg build --> <name>git</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[GIT Source Code Management (console/shell only)]]></descr> <category>Services</category> - <version>1.8.1.3</version> + <version>1.9.0_1</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/git/git.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/git/git.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>git.xml</configurationfile> - <build_options>git_UNSET=GITWEB GUI HTMLDOCS CVS P4 SVN;git_SET=CONTRIB CURL ETCSHELLS ICONV NLS PERL</build_options> + <build_options>git_UNSET_FORCE=GITWEB GUI HTMLDOCS CVS P4 SVN;git_SET=CONTRIB CURL ETCSHELLS ICONV NLS PERL</build_options> <build_port_path>/usr/ports/devel/git</build_port_path> <build_pbi> <port>devel/git</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>git-1.8.1.3-amd64.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>git-1.9.0_1-amd64.pbi</depends_on_package_pbi> </package> <package> <name>tinc</name> <website>http://www.tinc-vpn.org/</website> <descr>tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private mesh network between hosts on the Internet.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>tinc-1.0.21-amd64.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>tinc-1.0.23-amd64.pbi</depends_on_package_pbi> <build_pbi> <port>security/tinc</port> </build_pbi> <build_options></build_options> - <version>1.0.21</version> + <version>1.0.23 v1.1</version> <status>ALPHA</status> - <pkginfolink>http://doc.pfsense.org/index.php/tinc_package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/tinc_package</pkginfolink> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/tinc/tinc.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/tinc/tinc.xml</config_file> <configurationfile>tinc.xml</configurationfile> <logging> <facilityname>tinc</facilityname> @@ -1872,26 +1843,26 @@ <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> <category>Services</category> - <version>3.3.7_4</version> + <version>3.5.4.1</version> <status>ALPHA</status> <required_version>2.1</required_version> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>syslog-ng-3.3.7_4-amd64.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>syslog-ng-3.5.4.1-amd64.pbi</depends_on_package_pbi> <build_pbi> <ports_before>sysutils/logrotate</ports_before> <port>sysutils/syslog-ng</port> </build_pbi> <build_options></build_options> <maintainer>laleger@gmail.com</maintainer> - <config_file>http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.xml</config_file> <configurationfile>syslog-ng.xml</configurationfile> </package> <package> <name>Zabbix-2 Agent</name> <descr>Monitoring agent.</descr> <category>Services</category> - <config_file>http://www.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> - <version>zabbix2-agent-2.2.1 pkg v0.8_0</version> + <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> + <version>zabbix2-agent-2.2.2 pkg v0.8_2</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-agent.xml</configurationfile> @@ -1901,16 +1872,16 @@ <custom_name>zabbix22-agent</custom_name> <port>net-mgmt/zabbix22-agent</port> </build_pbi> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package>zabbix22-agent-2.2.1.tbz</depends_on_package> - <depends_on_package_pbi>zabbix22-agent-2.2.1-amd64.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package>zabbix22-agent-2.2.2.tbz</depends_on_package> + <depends_on_package_pbi>zabbix22-agent-2.2.2-amd64.pbi</depends_on_package_pbi> </package> <package> <name>Zabbix-2 Proxy</name> <descr>Monitoring agent proxy.</descr> <category>Services</category> - <config_file>http://www.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> - <version>zabbix2-proxy-2.2.1 pkg v0.8_0</version> + <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> + <version>zabbix2-proxy-2.2.2 pkg v0.8_2</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-proxy.xml</configurationfile> @@ -1921,45 +1892,45 @@ <port>net-mgmt/zabbix22-proxy</port> </build_pbi> <build_options>OPTIONS_SET+= SQLITE IPV6;OPTIONS_UNSET+= MYSQL JABBER GSSAPI</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package>zabbix22-proxy-2.2.1.tbz</depends_on_package> - <depends_on_package_pbi>zabbix22-proxy-2.2.1-amd64.pbi</depends_on_package_pbi> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package>zabbix22-proxy-2.2.2.tbz</depends_on_package> + <depends_on_package_pbi>zabbix22-proxy-2.2.2-amd64.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> <name>ipmitool</name> - <pkginfolink>http://forum.pfsense.org/</pkginfolink> + <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[IPMI Tools for local/remote data retrieval and control (Console only, no GUI)]]></descr> <category>Services</category> - <version>1.8.12</version> + <version>1.8.12_5</version> <status>Beta</status> <required_version>2.1</required_version> - <config_file>http://www.pfsense.com/packages/config/ipmitool/ipmitool.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/ipmitool/ipmitool.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>ipmitool.xml</configurationfile> <build_pbi> <port>sysutils/ipmitool</port> </build_pbi> - <build_options>ipmitool_SET=FREEIPMI;freeipmi_UNSET=DOCS DEBUG IOPERM</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>ipmitool-1.8.12_3-amd64.pbi</depends_on_package_pbi> + <build_options>ipmitool_SET=FREEIPMI;freeipmi_UNSET_FORCE=DOCS DEBUG IOPERM</build_options> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>ipmitool-1.8.12_5-amd64.pbi</depends_on_package_pbi> </package> <package> <name>sudo</name> - <pkginfolink>http://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> + <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> <version>0.2</version> <status>Beta</status> <required_version>2.0.2</required_version> - <config_file>http://www.pfsense.com/packages/config/sudo/sudo.xml</config_file> + <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> <configurationfile>sudo.xml</configurationfile> <build_pbi> <port>security/sudo</port> </build_pbi> <build_port_path>/usr/ports/security/sudo</build_port_path> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>sudo-1.8.6.p8.tbz</depends_on_package> <depends_on_package_pbi>sudo-1.8.6p8-amd64.pbi</depends_on_package_pbi> </package> @@ -1967,10 +1938,10 @@ <name>Service Watchdog</name> <descr>Monitors for stopped services and restarts them.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.4</version> + <version>1.6</version> <category>Services</category> - <status>BETA</status> - <config_file>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.xml</config_file> + <status>Release</status> + <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> <pkginfolink></pkginfolink> <required_version>2.1</required_version> <configurationfile>servicewatchdog.xml</configurationfile> @@ -1980,8 +1951,8 @@ <website>http://code.google.com/p/softflowd/</website> <descr>Softflowd is flow-based network traffic analyser capable of Cisco NetFlow data export. Softflowd semi-statefully tracks traffic flows recorded by listening on a network interface or by reading a packet capture file. These flows may be reported via NetFlow to a collecting host or summarised within softflowd itself. Softflowd supports Netflow versions 1, 5 and 9 and is fully IPv6-capable - it can track IPv6 flows and send export datagrams via IPv6. It also supports export to multicast groups, allowing for redundant flow collectors.</descr> <category>Network Management</category> - <config_file>http://www.pfsense.com/packages/config/softflowd/softflowd.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>softflowd-0.9.8_2-amd64.pbi</depends_on_package_pbi> <version>0.9.8</version> <status>Beta</status> @@ -1996,8 +1967,8 @@ <name>Apcupsd</name> <descr>Set of programs for controlling APC UPS.</descr> <category>Services</category> - <config_file>http://www.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>apcupsd-3.14.10_1 pkg v0.1</version> + <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> + <version>apcupsd-3.14.10_1 pkg v0.3</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>apcupsd.xml</configurationfile> @@ -2007,10 +1978,44 @@ <custom_name>apcupsd</custom_name> <port>sysutils/apcupsd</port> </build_pbi> - <build_options>apcupsd_SET=APCSMART_DRV APCDUMB_DRV PCNET_DRV USB TCP_WRAPPERS SNMP_DRV;apcupsd_UNSET=CLIENT_ONLY CGI SNMP_DRV_OLD TEST_DRV GAPCMON DOCS</build_options> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <build_options>apcupsd_SET=APCSMART_DRV APCDUMB_DRV PCNET_DRV USB TCP_WRAPPERS SNMP_DRV;apcupsd_UNSET_FORCE=CLIENT_ONLY CGI SNMP_DRV_OLD TEST_DRV GAPCMON DOCS</build_options> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>apcupsd-3.14.10_1.tbz</depends_on_package> <depends_on_package_pbi>apcupsd-3.14.10_1-amd64.pbi</depends_on_package_pbi> </package> + <package> + <name>LADVD</name> + <descr>Send and decode link layer advertisements</descr> + <website>https://code.google.com/p/ladvd/</website> + <category>Network Management</category> + <version>1.0.4</version> + <status>BETA</status> + <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>ladvd-1.0.4-amd64.pbi</depends_on_package_pbi> + <config_file>https://packages.pfsense.org/packages/config/ladvd/ladvd.xml</config_file> + <build_port_path>/usr/ports/net/ladvd</build_port_path> + <pkginfolink></pkginfolink> + <required_version>2.1</required_version> + <configurationfile>ladvd.xml</configurationfile> + </package> + <package> + <name>suricata</name> + <website>http://suricata-ids.org/</website> + <descr><![CDATA[Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.]]></descr> + <category>Security</category> + <version>1.4.6 pkg v0.3</version> + <status>BETA</status> + <required_version>2.1</required_version> + <config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file> + <configurationfile>suricata.xml</configurationfile> + <build_pbi> + <port>security/suricata</port> + <ports_after>security/barnyard2</ports_after> + </build_pbi> + <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;suricata_SET=IPFW PORTS_PCAP TESTS;suricata_UNSET=PRELUDE</build_options> + <build_port_path>/usr/ports/security/suricata</build_port_path> + <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>suricata-1.4.6-amd64.pbi</depends_on_package_pbi> + </package> </packages> </pfsensepkgs> diff --git a/pkg_config.xsl b/pkg_config.xsl index d5df5626..bbe9864d 100644 --- a/pkg_config.xsl +++ b/pkg_config.xsl @@ -5,7 +5,7 @@ <html> <head> <title>pfSense Open Source Firewall Distribution - Packages</title> - <link rel="shortcut icon" href="http://www.pfsense.org/images/favicon.ico"/> + <link rel="shortcut icon" href="https://www.pfsense.org/images/favicon.ico"/> <link rel="stylesheet" href="templates/modular_plazza/css/template_css.css" type="text/css"/> <link rel="stylesheet" href="templates/modular_plazza/css/sfish.css" type="text/css"/> |
